Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/5] integrity: improve ima measurement accuracy
@ 2019-05-13 12:53 Janne Karhunen
  2019-05-13 12:53 ` [PATCH 1/5] integrity: keep the integrity state of open files up to date Janne Karhunen
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Janne Karhunen @ 2019-05-13 12:53 UTC (permalink / raw)
  To: linux-integrity, linux-security-module, zohar; +Cc: Janne Karhunen

By default the linux integrity subsystem measures a file only
when a file is being closed. While this certainly provides
low overhead as the re-measurements are never done, it also
makes sure the system has zero means to recover from a crash
or a power outage when operating in 'appraise' mode. 

This patch series adds two new IMA api functions to retrigger
the measurements as the files change. Synchronous variant
should be invoked from less performance sensitive locations
such as sync|msync|truncate where the user is expecting some
latency, and the asynchronous variant can be called from
performance sensitive locations such as direct write or mmio.

Asynchronous variant is mostly 'out of the way' on write hot
paths, each file write is only checking that we have a cmwq
work entry pending to re-calculate the file measurement later
on. Re-measurement latencies are build time tunables and the
latencies are automatically raised for very large files.

While this does not provide absolutely perfect tolerance to
system resets, for most reasonable embedded system workloads
it can be tuned to achieve really high measurement accurancy
with the measurements being accurate 99.9%+ of the day.

Janne Karhunen (5):
  integrity: keep the integrity state of open files up to date
  integrity: update the file measurement on truncate
  integrity: update the file measurement on write
  integrity: measure the file on sync
  integrity: measure the file on msync

 fs/namei.c                            |   5 +-
 fs/open.c                             |   3 +
 fs/read_write.c                       |  11 ++-
 fs/sync.c                             |   3 +
 include/linux/ima.h                   |  12 +++
 mm/msync.c                            |   7 ++
 security/integrity/ima/Kconfig        |  20 +++++
 security/integrity/ima/ima_appraise.c |   6 +-
 security/integrity/ima/ima_main.c     | 103 +++++++++++++++++++++++++-
 security/integrity/integrity.h        |   6 ++
 10 files changed, 171 insertions(+), 5 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-13 12:53 [PATCH 0/5] integrity: improve ima measurement accuracy Janne Karhunen
2019-05-13 12:53 ` [PATCH 1/5] integrity: keep the integrity state of open files up to date Janne Karhunen
2019-05-13 12:53 ` [PATCH 2/5] integrity: update the file measurement on truncate Janne Karhunen
2019-05-13 12:53 ` [PATCH 3/5] integrity: update the file measurement on write Janne Karhunen
2019-05-13 12:53 ` [PATCH 4/5] integrity: measure the file on sync Janne Karhunen
2019-05-13 12:53 ` [PATCH 5/5] integrity: measure the file on msync Janne Karhunen

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox