| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Nov 2019 12:21:56 -0800
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: Mimi Zohar <zohar@...ux.ibm.com>, dhowells@...hat.com,
matthewgarrett@...gle.com, sashal@...nel.org,
jamorris@...ux.microsoft.com, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 1/3] IMA: Add KEY_CHECK func to measure keys
On 11/13/2019 12:14 PM, Mimi Zohar wrote:
>> @@ -655,6 +655,13 @@ void process_buffer_measurement(const void *buf, int size,
>> int action = 0;
>> u32 secid;
>>
>> + /*
>> + * If IMA is not yet initialized or IMA policy is empty
>> + * then there is no need to measure.
>> + */
>> + if (!ima_policy_flag)
>> + return;
>> +
>
> This addition has nothing to do with defining a new IMA hook and
> should be a separate patch. This can be posted independently of this
> patch set.
>
> Mimi
I'll move this change to a different patch,
but it has to be either part of this patch set or the above change alone
needs to be taken before this patch set for the following reason:
The IMA hook gets called early in the boot process (for example, when
builtin_trusted_keys are added). If the above check is not there,
ima_get_action() is called and causes kernel panic (since IMA is not yet
initialized).
thanks,
-lakshmi
Powered by blists - more mailing lists