By default the linux integrity subsystem measures a file only when a file is being closed. While this certainly provides low overhead as the re-measurements are never done, it also makes sure the system has zero means to recover from a crash or a power outage when operating in 'appraise' mode. This patch series adds two new IMA api functions to retrigger the measurements as the files change. Synchronous variant should be invoked from less performance sensitive locations such as sync|msync|truncate where the user is expecting some latency, and the asynchronous variant can be called from performance sensitive locations such as direct write or mmio. Asynchronous variant is mostly 'out of the way' on write hot paths, each file write is only checking that we have a cmwq work entry pending to re-calculate the file measurement later on. Re-measurement latencies are build time tunables and the latencies are automatically raised for very large files. While this does not provide absolutely perfect tolerance to system resets, for most reasonable embedded system workloads it can be tuned to achieve really high measurement accurancy with the measurements being accurate 99.9%+ of the day. Janne Karhunen (5): integrity: keep the integrity state of open files up to date integrity: update the file measurement on truncate integrity: update the file measurement on write integrity: measure the file on sync integrity: measure the file on msync fs/namei.c | 5 +- fs/open.c | 3 + fs/read_write.c | 11 ++- fs/sync.c | 3 + include/linux/ima.h | 12 +++ mm/msync.c | 7 ++ security/integrity/ima/Kconfig | 20 +++++ security/integrity/ima/ima_appraise.c | 6 +- security/integrity/ima/ima_main.c | 103 +++++++++++++++++++++++++- security/integrity/integrity.h | 6 ++ 10 files changed, 171 insertions(+), 5 deletions(-) -- 2.17.1
