Re: [PATCH v6 1/3] IMA: Add KEY_CHECK func to measure keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2019-11-13 at 12:21 -0800, Lakshmi Ramasubramanian wrote:
> On 11/13/2019 12:14 PM, Mimi Zohar wrote:
> 
> >> @@ -655,6 +655,13 @@ void process_buffer_measurement(const void *buf, int size,
> >>   	int action = 0;
> >>   	u32 secid;
> >>   
> >> +	/*
> >> +	 * If IMA is not yet initialized or IMA policy is empty
> >> +	 * then there is no need to measure.
> >> +	 */
> >> +	if (!ima_policy_flag)
> >> +		return;
> >> +
> > 
> > This addition has nothing to do with defining a new IMA hook and
> > should be a separate patch.  This can be posted independently of this
> > patch set.
> > 
> > Mimi
> 
> I'll move this change to a different patch,
> but it has to be either part of this patch set or the above change alone 
> needs to be taken before this patch set for the following reason:
> 
> The IMA hook gets called early in the boot process (for example, when 
> builtin_trusted_keys are added). If the above check is not there, 
> ima_get_action() is called and causes kernel panic (since IMA is not yet 
> initialized).

It will be upstreamed prior to this patch set.
 
Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux