On Thu, 2020-07-30 at 06:50 +0000, Roberto Sassu wrote: > > From: Denis Efremov [mailto:efremov@xxxxxxxxx] > > Sent: Wednesday, July 29, 2020 11:59 PM > > > > > > > > On 7/28/20 6:43 PM, Roberto Sassu wrote: > > > > From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux- > > > > integrity- > > > > owner@xxxxxxxxxxxxxxx] On Behalf Of Denis Efremov > > > > Sent: Tuesday, July 28, 2020 12:32 PM > > > > Hi, > > > > > > > > I've started to add integrity interfaces descriptions to > > > > syzkaller > > > > (https://github.com/google/syzkaller/pull/1970). > > > > > > > > I've got a question, if you don't mind: > > > > > > > > If I write 2 to /sys/kernel/security/integrity/evm/evm before > > > > loading > > keys, > > > > subsequent fs operations will fail with -ENOKEY. > > > > > > > > $ echo 2 > /sys/kernel/security/integrity/evm/evm > > > > $ touch test.txt > > Looks good. Mimi, could you please take this patch, and if > possible, the others in the patch set? Just needing to finish up the ima-evm-utils release and finish reviewing Kees' " Introduce partial kernel_read_file() support" patchset. Will circle back around to EVM shortly. In the meantime, could you take a look at the syzbot "possible deadlock in process_measurement" report. According to Amir Goldstein, this isn't a lock order inversion. It just needs to be properly annotated. thanks, Mimi
