lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  4 Jun 2020 09:32:43 -0700
From:   Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To:     zohar@...ux.ibm.com, linux-integrity@...r.kernel.org
Cc:     tusharsu@...ux.microsoft.com, linux-kernel@...r.kernel.org
Subject: [PATCH] IMA: Add log statements for failure conditions

The final log statement in process_buffer_measurement() for failure
condition is at debug level. This does not log the message unless
the system log level is raised which would significantly increase
the messages in the system log. Change this log message to error level,
and add eventname and ima_hooks enum to the message for better triaging
failures in the function.

ima_alloc_key_entry() does not log a message for failure condition.
Add an error message for failure condition in this function.

Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
---
 security/integrity/ima/ima_main.c       | 3 ++-
 security/integrity/ima/ima_queue_keys.c | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9d0abedeae77..3b371f31597b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -756,7 +756,8 @@ void process_buffer_measurement(const void *buf, int size,
 
 out:
 	if (ret < 0)
-		pr_devel("%s: failed, result: %d\n", __func__, ret);
+		pr_err("%s failed. eventname: %s, func: %d, result: %d\n",
+		       __func__, eventname, func, ret);
 
 	return;
 }
diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
index cb3e3f501593..e51d0eb08d8a 100644
--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -88,6 +88,8 @@ static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring,
 
 out:
 	if (rc) {
+		pr_err("%s failed. keyring: %s, result: %d\n",
+		       __func__, keyring->description, rc);
 		ima_free_key_entry(entry);
 		entry = NULL;
 	}
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ