LKML Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v4 0/3] IMA: improve log messages
@ 2020-02-15  1:47 Tushar Sugandhi
  2020-02-15  1:47 ` [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima Tushar Sugandhi
                   ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-15  1:47 UTC (permalink / raw)
  To: zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

The log messages from IMA subsystem should be consistent for better
diagnosability and discoverability.

This patch set improves the logging by removing duplicate log formatting
macros, adding a consistent prefix to the log messages, and adding new 
log messages where necessary.

Tushar Sugandhi (3):
  add log prefix
  add log message to process_buffer_measurement failure conditions
  add module name prefix to log statements

 security/integrity/digsig.c                  | 2 --
 security/integrity/digsig_asymmetric.c       | 2 --
 security/integrity/evm/evm_crypto.c          | 2 --
 security/integrity/evm/evm_main.c            | 2 --
 security/integrity/evm/evm_secfs.c           | 2 --
 security/integrity/ima/Makefile              | 6 +++---
 security/integrity/ima/ima_asymmetric_keys.c | 2 --
 security/integrity/ima/ima_crypto.c          | 2 --
 security/integrity/ima/ima_fs.c              | 2 --
 security/integrity/ima/ima_init.c            | 2 --
 security/integrity/ima/ima_kexec.c           | 1 -
 security/integrity/ima/ima_main.c            | 5 +++--
 security/integrity/ima/ima_policy.c          | 2 --
 security/integrity/ima/ima_queue.c           | 2 --
 security/integrity/ima/ima_queue_keys.c      | 2 --
 security/integrity/ima/ima_template.c        | 2 --
 security/integrity/ima/ima_template_lib.c    | 2 --
 security/integrity/integrity.h               | 6 ++++++
 18 files changed, 12 insertions(+), 34 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima
  2020-02-15  1:47 [PATCH v4 0/3] IMA: improve log messages Tushar Sugandhi
@ 2020-02-15  1:47 ` Tushar Sugandhi
  2020-02-18 19:25   ` Tushar Sugandhi
  2020-02-15  1:47 ` [PATCH v4 2/3] IMA: Add log statements for failure conditions Tushar Sugandhi
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-15  1:47 UTC (permalink / raw)
  To: zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

The kbuild Makefile specifies object files for vmlinux in the $(obj-y)
lists. These lists depend on the kernel configuration[1].

The kbuild Makefile for IMA combines the object files for IMA into a
single object file namely ima.o. All the object files for IMA should be
combined into ima.o. But certain object files are being added to their
own $(obj-y). This results in the log messages from those modules getting
prefixed with their respective base file name, instead of "ima". This is
inconsistent with the log messages from the IMA modules that are combined
into ima.o.

This change fixes the above issue.

[1] Documentation\kbuild\makefiles.rst 

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
---
 security/integrity/ima/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile
index 064a256f8725..67dabca670e2 100644
--- a/security/integrity/ima/Makefile
+++ b/security/integrity/ima/Makefile
@@ -11,6 +11,6 @@ ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
 ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
 ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
 ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
-obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
-obj-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
-obj-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
+ima-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
+ima-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
+ima-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
-- 
2.17.1


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH v4 2/3]  IMA: Add log statements for failure conditions
  2020-02-15  1:47 [PATCH v4 0/3] IMA: improve log messages Tushar Sugandhi
  2020-02-15  1:47 ` [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima Tushar Sugandhi
@ 2020-02-15  1:47 ` Tushar Sugandhi
  2020-02-16 12:42   ` Mimi Zohar
  2020-02-15  1:47 ` [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions Tushar Sugandhi
  2020-02-16 12:40 ` [PATCH v4 0/3] IMA: improve log messages Mimi Zohar
  3 siblings, 1 reply; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-15  1:47 UTC (permalink / raw)
  To: zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

process_buffer_measurement() does not have log messages for failure
conditions.

This change adds a log statement in the above function. 

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Joe Perches <joe@perches.com>
---
 security/integrity/ima/ima_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9fe949c6a530..aac1c44fb11b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -757,6 +757,9 @@ void process_buffer_measurement(const void *buf, int size,
 		ima_free_template_entry(entry);
 
 out:
+	if (ret < 0)
+		pr_devel("%s: failed, result: %d\n", __func__, ret);
+
 	return;
 }
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions
  2020-02-15  1:47 [PATCH v4 0/3] IMA: improve log messages Tushar Sugandhi
  2020-02-15  1:47 ` [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima Tushar Sugandhi
  2020-02-15  1:47 ` [PATCH v4 2/3] IMA: Add log statements for failure conditions Tushar Sugandhi
@ 2020-02-15  1:47 ` Tushar Sugandhi
  2020-02-16 12:40   ` Mimi Zohar
  2020-02-16 12:40 ` [PATCH v4 0/3] IMA: improve log messages Mimi Zohar
  3 siblings, 1 reply; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-15  1:47 UTC (permalink / raw)
  To: zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

The #define for formatting log messages, pr_fmt, is duplicated in the
files under security/integrity.

This change moves the definition to security/integrity/integrity.h and
removes the duplicate definitions in the other files under
security/integrity.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Joe Perches <joe@perches.com>
Suggested-by: Shuah Khan <skhan@linuxfoundation.org>
---
 security/integrity/digsig.c                  | 2 --
 security/integrity/digsig_asymmetric.c       | 2 --
 security/integrity/evm/evm_crypto.c          | 2 --
 security/integrity/evm/evm_main.c            | 2 --
 security/integrity/evm/evm_secfs.c           | 2 --
 security/integrity/ima/ima_asymmetric_keys.c | 2 --
 security/integrity/ima/ima_crypto.c          | 2 --
 security/integrity/ima/ima_fs.c              | 2 --
 security/integrity/ima/ima_init.c            | 2 --
 security/integrity/ima/ima_kexec.c           | 1 -
 security/integrity/ima/ima_main.c            | 2 --
 security/integrity/ima/ima_policy.c          | 2 --
 security/integrity/ima/ima_queue.c           | 2 --
 security/integrity/ima/ima_queue_keys.c      | 2 --
 security/integrity/ima/ima_template.c        | 2 --
 security/integrity/ima/ima_template_lib.c    | 2 --
 security/integrity/integrity.h               | 6 ++++++
 17 files changed, 6 insertions(+), 31 deletions(-)

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index ea1aae3d07b3..e9cbadade74b 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -6,8 +6,6 @@
  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/err.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 55aec161d0e1..4e0d6778277e 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -6,8 +6,6 @@
  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/err.h>
 #include <linux/ratelimit.h>
 #include <linux/key-type.h>
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index d485f6fc908e..35682852ddea 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -10,8 +10,6 @@
  *	 Using root's kernel master key (kmk), calculate the HMAC
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/export.h>
 #include <linux/crypto.h>
 #include <linux/xattr.h>
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index f9a81b187fae..d361d7fdafc4 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -11,8 +11,6 @@
  *	evm_inode_removexattr, and evm_verifyxattr
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/init.h>
 #include <linux/crypto.h>
 #include <linux/audit.h>
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index c11c1f7b3ddd..39ad1038d45d 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -10,8 +10,6 @@
  *	- Get the key and enable EVM
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/audit.h>
 #include <linux/uaccess.h>
 #include <linux/init.h>
diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index 7678f0e3e84d..aaae80c4e376 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -9,8 +9,6 @@
  *       create or update.
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <keys/asymmetric-type.h>
 #include "ima.h"
 
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 7967a6904851..423c84f95a14 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -10,8 +10,6 @@
  *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/kernel.h>
 #include <linux/moduleparam.h>
 #include <linux/ratelimit.h>
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 2000e8df0301..a71e822a6e92 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -12,8 +12,6 @@
  *	current measurement list and IMA statistics
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/fcntl.h>
 #include <linux/slab.h>
 #include <linux/init.h>
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 195cb4079b2b..567468188a61 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -11,8 +11,6 @@
  *             initialization and cleanup functions
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/init.h>
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 9e94eca48b89..121de3e04af2 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -6,7 +6,6 @@
  * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
  * Mimi Zohar <zohar@linux.vnet.ibm.com>
  */
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
 #include <linux/seq_file.h>
 #include <linux/vmalloc.h>
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index aac1c44fb11b..9d0abedeae77 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -15,8 +15,6 @@
  *	and ima_file_check.
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/module.h>
 #include <linux/file.h>
 #include <linux/binfmts.h>
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 453427048999..c334e0dc6083 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -7,8 +7,6 @@
  *	- initialize default measure policy rules
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/init.h>
 #include <linux/list.h>
 #include <linux/fs.h>
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 1ce8b1701566..8753212ddb18 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -15,8 +15,6 @@
  *       ever removed or changed during the boot-cycle.
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/rculist.h>
 #include <linux/slab.h>
 #include "ima.h"
diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
index c87c72299191..cb3e3f501593 100644
--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -8,8 +8,6 @@
  *       Enables deferred processing of keys
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/workqueue.h>
 #include <keys/asymmetric-type.h>
 #include "ima.h"
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 6aa6408603e3..062d9ad49afb 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -9,8 +9,6 @@
  *      Helpers to manage template descriptors.
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include <linux/rculist.h>
 #include "ima.h"
 #include "ima_template_lib.h"
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 32ae05d88257..9cd1e50f3ccc 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -9,8 +9,6 @@
  *      Library of supported template fields.
  */
 
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
 #include "ima_template_lib.h"
 
 static bool ima_template_hash_algo_allowed(u8 algo)
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 73fc286834d7..298b73794d8b 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -6,6 +6,12 @@
  * Mimi Zohar <zohar@us.ibm.com>
  */
 
+#ifdef pr_fmt
+#undef pr_fmt
+#endif
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/types.h>
 #include <linux/integrity.h>
 #include <crypto/sha.h>
-- 
2.17.1


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 0/3] IMA: improve log messages
  2020-02-15  1:47 [PATCH v4 0/3] IMA: improve log messages Tushar Sugandhi
                   ` (2 preceding siblings ...)
  2020-02-15  1:47 ` [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions Tushar Sugandhi
@ 2020-02-16 12:40 ` Mimi Zohar
  2020-02-18 19:15   ` Tushar Sugandhi
  3 siblings, 1 reply; 10+ messages in thread
From: Mimi Zohar @ 2020-02-16 12:40 UTC (permalink / raw)
  To: Tushar Sugandhi, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

On Fri, 2020-02-14 at 17:47 -0800, Tushar Sugandhi wrote:
> The log messages from IMA subsystem should be consistent for better
> diagnosability and discoverability.

The change isn't limited to IMA.  I would change "IMA" to "integrity"
in the Subject line and in this patch description.

> This patch set improves the logging by removing duplicate log formatting
> macros, adding a consistent prefix to the log messages, and adding new 
> log messages where necessary.

Much better!

thanks,

Mimi


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions
  2020-02-15  1:47 ` [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions Tushar Sugandhi
@ 2020-02-16 12:40   ` Mimi Zohar
  0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2020-02-16 12:40 UTC (permalink / raw)
  To: Tushar Sugandhi, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

On Fri, 2020-02-14 at 17:47 -0800, Tushar Sugandhi wrote:
> The #define for formatting log messages, pr_fmt, is duplicated in the
> files under security/integrity.
> 
> This change moves the definition to security/integrity/integrity.h and
> removes the duplicate definitions in the other files under
> security/integrity.

A number of files under security/integrity, "pr_fmt" was not defined.
 As a result of this patch, messages in those files did change.
 Please include in this patch description a list of the updated
messages.  This includes messages in iint.c and under integrity/evm.

thanks,

Mimi

> 
> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Suggested-by: Joe Perches <joe@perches.com>
> Suggested-by: Shuah Khan <skhan@linuxfoundation.org>
> ---
>  security/integrity/digsig.c                  | 2 --
>  security/integrity/digsig_asymmetric.c       | 2 --
>  security/integrity/evm/evm_crypto.c          | 2 --
>  security/integrity/evm/evm_main.c            | 2 --
>  security/integrity/evm/evm_secfs.c           | 2 --
>  security/integrity/ima/ima_asymmetric_keys.c | 2 --
>  security/integrity/ima/ima_crypto.c          | 2 --
>  security/integrity/ima/ima_fs.c              | 2 --
>  security/integrity/ima/ima_init.c            | 2 --
>  security/integrity/ima/ima_kexec.c           | 1 -
>  security/integrity/ima/ima_main.c            | 2 --
>  security/integrity/ima/ima_policy.c          | 2 --
>  security/integrity/ima/ima_queue.c           | 2 --
>  security/integrity/ima/ima_queue_keys.c      | 2 --
>  security/integrity/ima/ima_template.c        | 2 --
>  security/integrity/ima/ima_template_lib.c    | 2 --
>  security/integrity/integrity.h               | 6 ++++++
>  17 files changed, 6 insertions(+), 31 deletions(-)
> 
> diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> index ea1aae3d07b3..e9cbadade74b 100644
> --- a/security/integrity/digsig.c
> +++ b/security/integrity/digsig.c
> @@ -6,8 +6,6 @@
>   * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/err.h>
>  #include <linux/sched.h>
>  #include <linux/slab.h>
> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
> index 55aec161d0e1..4e0d6778277e 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -6,8 +6,6 @@
>   * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/err.h>
>  #include <linux/ratelimit.h>
>  #include <linux/key-type.h>
> diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> index d485f6fc908e..35682852ddea 100644
> --- a/security/integrity/evm/evm_crypto.c
> +++ b/security/integrity/evm/evm_crypto.c
> @@ -10,8 +10,6 @@
>   *	 Using root's kernel master key (kmk), calculate the HMAC
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/export.h>
>  #include <linux/crypto.h>
>  #include <linux/xattr.h>
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index f9a81b187fae..d361d7fdafc4 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -11,8 +11,6 @@
>   *	evm_inode_removexattr, and evm_verifyxattr
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/init.h>
>  #include <linux/crypto.h>
>  #include <linux/audit.h>
> diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
> index c11c1f7b3ddd..39ad1038d45d 100644
> --- a/security/integrity/evm/evm_secfs.c
> +++ b/security/integrity/evm/evm_secfs.c
> @@ -10,8 +10,6 @@
>   *	- Get the key and enable EVM
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/audit.h>
>  #include <linux/uaccess.h>
>  #include <linux/init.h>
> diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
> index 7678f0e3e84d..aaae80c4e376 100644
> --- a/security/integrity/ima/ima_asymmetric_keys.c
> +++ b/security/integrity/ima/ima_asymmetric_keys.c
> @@ -9,8 +9,6 @@
>   *       create or update.
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <keys/asymmetric-type.h>
>  #include "ima.h"
>  
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index 7967a6904851..423c84f95a14 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -10,8 +10,6 @@
>   *	Calculates md5/sha1 file hash, template hash, boot-aggreate hash
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/kernel.h>
>  #include <linux/moduleparam.h>
>  #include <linux/ratelimit.h>
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index 2000e8df0301..a71e822a6e92 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -12,8 +12,6 @@
>   *	current measurement list and IMA statistics
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/fcntl.h>
>  #include <linux/slab.h>
>  #include <linux/init.h>
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 195cb4079b2b..567468188a61 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -11,8 +11,6 @@
>   *             initialization and cleanup functions
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/init.h>
>  #include <linux/scatterlist.h>
>  #include <linux/slab.h>
> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> index 9e94eca48b89..121de3e04af2 100644
> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -6,7 +6,6 @@
>   * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
>   * Mimi Zohar <zohar@linux.vnet.ibm.com>
>   */
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>  
>  #include <linux/seq_file.h>
>  #include <linux/vmalloc.h>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index aac1c44fb11b..9d0abedeae77 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -15,8 +15,6 @@
>   *	and ima_file_check.
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/module.h>
>  #include <linux/file.h>
>  #include <linux/binfmts.h>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 453427048999..c334e0dc6083 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -7,8 +7,6 @@
>   *	- initialize default measure policy rules
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/init.h>
>  #include <linux/list.h>
>  #include <linux/fs.h>
> diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
> index 1ce8b1701566..8753212ddb18 100644
> --- a/security/integrity/ima/ima_queue.c
> +++ b/security/integrity/ima/ima_queue.c
> @@ -15,8 +15,6 @@
>   *       ever removed or changed during the boot-cycle.
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/rculist.h>
>  #include <linux/slab.h>
>  #include "ima.h"
> diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
> index c87c72299191..cb3e3f501593 100644
> --- a/security/integrity/ima/ima_queue_keys.c
> +++ b/security/integrity/ima/ima_queue_keys.c
> @@ -8,8 +8,6 @@
>   *       Enables deferred processing of keys
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/workqueue.h>
>  #include <keys/asymmetric-type.h>
>  #include "ima.h"
> diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
> index 6aa6408603e3..062d9ad49afb 100644
> --- a/security/integrity/ima/ima_template.c
> +++ b/security/integrity/ima/ima_template.c
> @@ -9,8 +9,6 @@
>   *      Helpers to manage template descriptors.
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include <linux/rculist.h>
>  #include "ima.h"
>  #include "ima_template_lib.h"
> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> index 32ae05d88257..9cd1e50f3ccc 100644
> --- a/security/integrity/ima/ima_template_lib.c
> +++ b/security/integrity/ima/ima_template_lib.c
> @@ -9,8 +9,6 @@
>   *      Library of supported template fields.
>   */
>  
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
>  #include "ima_template_lib.h"
>  
>  static bool ima_template_hash_algo_allowed(u8 algo)
> diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
> index 73fc286834d7..298b73794d8b 100644
> --- a/security/integrity/integrity.h
> +++ b/security/integrity/integrity.h
> @@ -6,6 +6,12 @@
>   * Mimi Zohar <zohar@us.ibm.com>
>   */
>  
> +#ifdef pr_fmt
> +#undef pr_fmt
> +#endif
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
>  #include <linux/types.h>
>  #include <linux/integrity.h>
>  #include <crypto/sha.h>


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 2/3]  IMA: Add log statements for failure conditions
  2020-02-15  1:47 ` [PATCH v4 2/3] IMA: Add log statements for failure conditions Tushar Sugandhi
@ 2020-02-16 12:42   ` Mimi Zohar
  0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2020-02-16 12:42 UTC (permalink / raw)
  To: Tushar Sugandhi, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

On Fri, 2020-02-14 at 17:47 -0800, Tushar Sugandhi wrote:
> process_buffer_measurement() does not have log messages for failure
> conditions.
> 
> This change adds a log statement in the above function. 
> 
> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Suggested-by: Joe Perches <joe@perches.com>

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

> ---
>  security/integrity/ima/ima_main.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 9fe949c6a530..aac1c44fb11b 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -757,6 +757,9 @@ void process_buffer_measurement(const void *buf, int size,
>  		ima_free_template_entry(entry);
>  
>  out:
> +	if (ret < 0)
> +		pr_devel("%s: failed, result: %d\n", __func__, ret);
> +
>  	return;
>  }
>  


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 0/3] IMA: improve log messages
  2020-02-16 12:40 ` [PATCH v4 0/3] IMA: improve log messages Mimi Zohar
@ 2020-02-18 19:15   ` Tushar Sugandhi
  0 siblings, 0 replies; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-18 19:15 UTC (permalink / raw)
  To: Mimi Zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel



On 2020-02-16 4:40 a.m., Mimi Zohar wrote:
> On Fri, 2020-02-14 at 17:47 -0800, Tushar Sugandhi wrote:
>> The log messages from IMA subsystem should be consistent for better
>> diagnosability and discoverability.
> 
> The change isn't limited to IMA.  I would change "IMA" to "integrity"
> in the Subject line and in this patch description.
> 
Will do.
>> This patch set improves the logging by removing duplicate log formatting
>> macros, adding a consistent prefix to the log messages, and adding new
>> log messages where necessary.
> 
> Much better!
> 
> thanks,
> 
> Mimi
> 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima
  2020-02-15  1:47 ` [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima Tushar Sugandhi
@ 2020-02-18 19:25   ` Tushar Sugandhi
  2020-02-18 19:37     ` Mimi Zohar
  0 siblings, 1 reply; 10+ messages in thread
From: Tushar Sugandhi @ 2020-02-18 19:25 UTC (permalink / raw)
  To: zohar, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

Hi Mimi,

On 2020-02-14 5:47 p.m., Tushar Sugandhi wrote:
> The kbuild Makefile specifies object files for vmlinux in the $(obj-y)
> lists. These lists depend on the kernel configuration[1].
> 
> The kbuild Makefile for IMA combines the object files for IMA into a
> single object file namely ima.o. All the object files for IMA should be
> combined into ima.o. But certain object files are being added to their
> own $(obj-y). This results in the log messages from those modules getting
> prefixed with their respective base file name, instead of "ima". This is
> inconsistent with the log messages from the IMA modules that are combined
> into ima.o.
> 
> This change fixes the above issue.
> 
> [1] Documentation\kbuild\makefiles.rst
> 
Is there any feedback on this patch description?
I can address it in the next iteration.

Thanks,
Tushar

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima
  2020-02-18 19:25   ` Tushar Sugandhi
@ 2020-02-18 19:37     ` Mimi Zohar
  0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2020-02-18 19:37 UTC (permalink / raw)
  To: Tushar Sugandhi, joe, skhan, linux-integrity; +Cc: sashal, nramas, linux-kernel

On Tue, 2020-02-18 at 11:25 -0800, Tushar Sugandhi wrote:
> Hi Mimi,
> 
> On 2020-02-14 5:47 p.m., Tushar Sugandhi wrote:
> > The kbuild Makefile specifies object files for vmlinux in the $(obj-y)
> > lists. These lists depend on the kernel configuration[1].
> > 
> > The kbuild Makefile for IMA combines the object files for IMA into a
> > single object file namely ima.o. All the object files for IMA should be
> > combined into ima.o. But certain object files are being added to their
> > own $(obj-y). This results in the log messages from those modules getting
> > prefixed with their respective base file name, instead of "ima". This is
> > inconsistent with the log messages from the IMA modules that are combined
> > into ima.o.
> > 
> > This change fixes the above issue.
> > 
> > [1] Documentation\kbuild\makefiles.rst
> > 
> Is there any feedback on this patch description?
> I can address it in the next iteration.

No, it looks good to me.

Mimi


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, back to index

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-15  1:47 [PATCH v4 0/3] IMA: improve log messages Tushar Sugandhi
2020-02-15  1:47 ` [PATCH v4 1/3] IMA: Update KBUILD_MODNAME for IMA files to ima Tushar Sugandhi
2020-02-18 19:25   ` Tushar Sugandhi
2020-02-18 19:37     ` Mimi Zohar
2020-02-15  1:47 ` [PATCH v4 2/3] IMA: Add log statements for failure conditions Tushar Sugandhi
2020-02-16 12:42   ` Mimi Zohar
2020-02-15  1:47 ` [PATCH v4 3/3] IMA: Remove duplicate pr_fmt definitions Tushar Sugandhi
2020-02-16 12:40   ` Mimi Zohar
2020-02-16 12:40 ` [PATCH v4 0/3] IMA: improve log messages Mimi Zohar
2020-02-18 19:15   ` Tushar Sugandhi

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git