On Wed, 2020-02-12 at 15:52 -0700, Shuah Khan wrote: > On 2/12/20 8:26 AM, James Bottomley wrote: > > On Wed, 2020-02-12 at 09:29 -0500, Mimi Zohar wrote: > >> On Tue, 2020-02-11 at 15:14 -0800, Tushar Sugandhi wrote: > >>> The #define for formatting log messages, pr_fmt, is duplicated in > >>> the > >>> files under security/integrity. > >>> > >>> This change moves the definition to security/integrity/integrity.h > >>> and > >>> removes the duplicate definitions in the other files under > >>> security/integrity. Also, it adds KBUILD_MODNAME and > >>> KBUILD_BASENAME prefix > >>> to the log messages. > >>> > >>> Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx> > >>> Reviewed-by: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> > >>> Suggested-by: Joe Perches <joe@xxxxxxxxxxx> > >>> Suggested-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> > >> > >> <snip> > >> > >>> diff --git a/security/integrity/integrity.h > >>> b/security/integrity/integrity.h > >>> index 73fc286834d7..b1bb4d2263be 100644 > >>> --- a/security/integrity/integrity.h > >>> +++ b/security/integrity/integrity.h > >>> @@ -6,6 +6,12 @@ > >>> * Mimi Zohar <zohar@xxxxxxxxxx> > >>> */ > >>> > >>> +#ifdef pr_fmt > >>> +#undef pr_fmt > >>> +#endif > >>> + > >>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " KBUILD_BASENAME ": " fmt > >>> + > >>> #include <linux/types.h> > >>> #include <linux/integrity.h> > >>> #include <crypto/sha.h> > >> > >> Joe, Shuah, including the pr_fmt() in integrity/integrity.h not only > >> affects the integrity directory but everything below it. Adding > >> KBUILD_BASENAME to pr_fmt() modifies all of the existing IMA and EVM > >> kernel messages. Is that ok or should there be a separate pr_fmt() > >> for the subdirectories? > > > > > Log messages are often consumed by log monitors, which mostly use > > pattern matching to find messages they're interested in, so you have to > > take some care when changing the messages the kernel spits out and you > > have to make sure any change gets well notified so the distributions > > can warn about it. > > > > For this one, can we see a "before" and "after" message so we know > > what's happening? > > > > Mimi and James, > > My suggestion was based on thinking that simplifying this by removing > duplicate defines. Some messages are missing modules names, adding > module name to them does change the messages. > > If using one pr_fmt for all modules changes the world and makes it > difficult for log monitors, I would say it isn't a good change. > > I will leave this totally up to Mimi to decide. Feel free to throw > out my suggestion if it leads more trouble than help. :) Thanks, Shuah. Tushar, I don't see any need for changing the existing IMA/EVM messages. Either remove the KBUILD_BASENAME from the format or limit the new format to the integrity directory. thanks, Mimi
