| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Feb 2020 18:46:13 -0800
From: Joe Perches <joe@...ches.com>
To: Mimi Zohar <zohar@...ux.ibm.com>,
Tushar Sugandhi <tusharsu@...ux.microsoft.com>,
linux-integrity@...r.kernel.org
Cc: sashal@...nel.org, nramas@...ux.microsoft.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] IMA: Add log statements for failure conditions.
On Sun, 2020-02-09 at 07:57 -0500, Mimi Zohar wrote:
> Hi Tushar,
>
> On Fri, 2020-02-07 at 11:53 -0800, Tushar Sugandhi wrote:
> > process_buffer_measurement() and ima_alloc_key_entry()
> > functions do not have log messages for failure conditions.
> >
> > This change adds log statements in the above functions.
> >
> > Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> > Reviewed-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
>
> The two patches you posted are related. Please group them as a patch
> set, making this patch 2/2.
>
> In addition, as Shuah Khan suggested for the security/integrity/
> directory, "there is an opportunity here to add #define pr_fmt(fmt)
> KBUILD_MODNAME ": " fmt to integrity.h and get rid of duplicate
> defines." With Joe Perches patch (waiting for it to be re-posted),
> are all the pr_fmt definitions needed in each file in the
> integrity/ima directory?
btw Tushar and Lakshmi:
I am not formally submitting a patch here.
I was just making suggestions and please do
with it as you think appropriate.
and welcome, cheers, Joe
> > ---
> > security/integrity/ima/ima_main.c | 4 ++++
> > security/integrity/ima/ima_queue_keys.c | 2 ++
> > 2 files changed, 6 insertions(+)
> >
> > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> > index 9fe949c6a530..afab796fb765 100644
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@ -757,6 +757,10 @@ void process_buffer_measurement(const void *buf, int size,
> > ima_free_template_entry(entry);
> >
> > out:
> > + if (ret < 0)
> > + pr_err("Process buffer measurement failed, result: %d\n",
> > + ret);
>
> There's no reason to split the statement like this. The joined line
> is less than 80 characters.
>
> > +
> > return;
> > }
> >
> > diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
> > index c87c72299191..2cc52f17ea81 100644
> > --- a/security/integrity/ima/ima_queue_keys.c
> > +++ b/security/integrity/ima/ima_queue_keys.c
> > @@ -90,6 +90,8 @@ static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring,
> >
> > out:
> > if (rc) {
> > + pr_err("Key entry allocation failed, result: %d\n",
> > + rc);
>
> ditto
>
> > ima_free_key_entry(entry);
> > entry = NULL;
> > }
>
> thanks,
>
> Mimi
>
Powered by blists - more mailing lists