Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3566517ybl; Fri, 20 Dec 2019 11:28:48 -0800 (PST) X-Google-Smtp-Source: APXvYqxPRS01oA8+EfN/mY9Vhb/2eQa7UVB4qbA/p3cpEL0G1QO4vfI0lNtl0pDwD5T4V2uD1n25 X-Received: by 2002:a9d:6d81:: with SMTP id x1mr17406480otp.9.1576870127980; Fri, 20 Dec 2019 11:28:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576870127; cv=none; d=google.com; s=arc-20160816; b=QTZm7Gm2k24vFkcQb5pyvHOiYarG9zzDR+wI/bLXAk18sFw4sshf2qqz/yYBoe4tsQ b+nRCgA3wiFDnKHYpcRs/sonqX6Uw+Awfd5tbiKjpgUEZwqo27vMp7IHxq9hYi7sBeH5 +6w0uF9vjQ09zEN6WBjLx2WKlWrZ5bpyhJRal5WSoV8o+xRxV32Jd1OY5YedlRs7idhg 7VdKQVLGzmS65CqT0gBfwOE2t0tHT3bu7FuW0RAMU1CKvuoR26KswPlRDg2y+RqAReFA nNO1YGa7ZdVOwYWU0vhZoeZdFC7mXs7OISS1zlPgJnI8FmwrlCKVc+Ykgq6MNOVygG4G vzAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=As6dpOsf+0riwLRnC5ZjUILruPScY2eVZszSrSI5Cd8=; b=ar4M6RF0SuyTcYZ9Ih+jzjK5ZrGSnWfuvM9E+M74DY4LHZxwJvuemfuOSYvK54bX6t /yC4BR3Yu0SE+KDiNtOQ5LJfUlDu+fTHGVSn7A9bvSZtswe+PvLHv0o9uAhcRqFkt+xU bVEYC0gp4bzT9iQy/vycZPhO8vtSYd/WVdHlwbo+yekrctgxbr7T4M+wIUGrixv0TgMf 9JsMMzACLE/+sfX5JQVuTMfp9t5hMo/DmAfThTR3Bb+gukjZdEwWg8GACiDIG8ekUOSD V0SyqsasLuWiW+CJ12Xa8M8/XquWY2OFxlYbIuT41byY7oFPn6bcJBKeX/sCy9zlE/lf TW6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kUGvvJ6d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si2336648otf.42.2019.12.20.11.28.36; Fri, 20 Dec 2019 11:28:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kUGvvJ6d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727522AbfLTTYj (ORCPT + 99 others); Fri, 20 Dec 2019 14:24:39 -0500 Received: from linux.microsoft.com ([13.77.154.182]:42402 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727452AbfLTTYi (ORCPT ); Fri, 20 Dec 2019 14:24:38 -0500 Received: from [10.137.112.111] (unknown [131.107.147.111]) by linux.microsoft.com (Postfix) with ESMTPSA id A28A920106BA; Fri, 20 Dec 2019 11:24:37 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A28A920106BA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1576869877; bh=As6dpOsf+0riwLRnC5ZjUILruPScY2eVZszSrSI5Cd8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=kUGvvJ6dcrzmRg6yQIHWK+vkBOmQrWBPnG/GWsAmjA6mV1Tj8vVloSBeRF/K83DHQ RaliTuE8jI443Po8PE5bFR4GpYgcK1xUl/C+RQvU0TkmtoNexZaFDTYQ2vF/qTKuPN 6ETCl70BWHtQixoh+of6InLkDFDepaCvIVdvi0sI= Subject: Re: [PATCH v5 0/2] IMA: Deferred measurement of keys To: Mimi Zohar , James.Bottomley@HansenPartnership.com, linux-integrity@vger.kernel.org Cc: eric.snowberg@oracle.com, dhowells@redhat.com, mathew.j.martineau@linux.intel.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org References: <20191218164434.2877-1-nramas@linux.microsoft.com> <1576868506.5241.65.camel@linux.ibm.com> From: Lakshmi Ramasubramanian Message-ID: <589b893b-52e4-783c-0f32-608ed1cfd7f9@linux.microsoft.com> Date: Fri, 20 Dec 2019 11:25:02 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <1576868506.5241.65.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/20/2019 11:01 AM, Mimi Zohar wrote: Hi Mimi, >> If the kernel is built with both CONFIG_IMA and >> CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE enabled then the IMA policy >> must be applied as a custom policy. Not providing a custom policy >> in the above configuration would result in asymmeteric keys being queued >> until a custom policy is loaded. This is by design. > > I didn't notice the "This is by design" here, referring to the memory > never being freed.  "This is by design" was suppose to refer to > requiring a custom policy for measuring keys. > > For now, these two patches are queued in the next-integrity-testing > branch, but I would appreciate your addressing not freeing the memory > associated with the keys, if a custom policy is not loaded. > > Please note that I truncated the 2/2 patch description, as it repeats > the existing verification example in commit ("2b60c0ecedf8 IMA: Read > keyrings= option from the IMA policy"). > > thanks, > > Mimi > Sure - I am fine with truncating the 2/2 patch description. Thanks for doing that. Regarding "Freeing the queued keys if custom policy is not loaded": Shall I create a new patch set to address that and have that be reviewed independent of this patch set? Like you'd suggested earlier, we can wait for a certain time, after IMA is initialized, and free the queue if a custom policy was not loaded. Please let me know. thanks, -lakshmi