Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp326072pxu;
        Wed, 25 Nov 2020 04:20:35 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyqpbAQVnoLawYLq9M4fh/h67wEQdOrBOr5OgO/4LR1+DrGq96LI3jAYIbWoSxmpQTbmPvB
X-Received: by 2002:a05:6402:2363:: with SMTP id a3mr3111341eda.388.1606306835063;
        Wed, 25 Nov 2020 04:20:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606306835; cv=none;
        d=google.com; s=arc-20160816;
        b=di2DqAfyu2mZ4mScsJt9COrco94H4jqL304Xoj8jxmtaN8SCELHGOe3vkDJIXep0LF
         TM7ncGmsxm/s8TSQBxZ2uEWWwI1AoXAR67Fzj8S8hfF1BAH4GV0KOrQH53h7nNHayhwU
         kU8Yu9kPVgxmfsihNBabrt4bVb9pI+aD67X0fiXUEBdWT3KI1WnwUhVryNJQPIjJYTn2
         k6CS1Nl8ZNA1F4sCtC8wA95Vbm2tZ4iyJ1veANaYowdz/4DIW0tTOMLrB1qXLceQJXPB
         I4//rt2k6Xsfd0a0zZvWmw+jyj379qdyWaYBalPMCL5g3tiEbwmhiHLPE71dycPldKl7
         Ii8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=sUI+qbVTaLHoPuZ41GWJniqxM4YdCx2+aUSgrq1r8jc=;
        b=OG1jy3wRVAURvuq6gFwc/M56eJ6uesVbEuvCOAibkcfJKBXDHBXuSRTa9rTrVyJk+r
         slHasQvaVAEhOCBvL9HCuo9imScifhxm030OQpidhQtVfV7vWaUrw57MoS3c3LwXBeeA
         GymJknL875Jqn6oHXWZeE6oQx6vX8Lcg7Eo5u1qx2h1Yp1vItG8iynHxH8x7TS25rzsV
         pYSXvuovh7oa7lRx3+xPLFPtaML6dIxEDpfE/A7toGAyMD0qGk8FcbF4JQFlik3slbd3
         9eZ0fLl7BHBZLDNd6NKYty6M5T2u66nERjGnbFGECh8FXx2wV8VM2jV4RhrFYcOjJuVJ
         fkZQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e8si970498edc.196.2020.11.25.04.20.11;
        Wed, 25 Nov 2020 04:20:35 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728996AbgKYMRa (ORCPT <rfc822;wxiaokuan@gmail.com> + 99 others);
        Wed, 25 Nov 2020 07:17:30 -0500
Received: from www62.your-server.de ([213.133.104.62]:55572 "EHLO
        www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726009AbgKYMR3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Nov 2020 07:17:29 -0500
Received: from sslproxy06.your-server.de ([78.46.172.3])
        by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
        (Exim 4.92.3)
        (envelope-from <daniel@iogearbox.net>)
        id 1khtjg-0000rR-7u; Wed, 25 Nov 2020 13:17:24 +0100
Received: from [85.7.101.30] (helo=pc-9.home)
        by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <daniel@iogearbox.net>)
        id 1khtjf-000F3v-WF; Wed, 25 Nov 2020 13:17:24 +0100
Subject: Re: [PATCH bpf-next v3 1/3] ima: Implement ima_inode_hash
To:     KP Singh <kpsingh@chromium.org>, Yonghong Song <yhs@fb.com>
Cc:     James Morris <jmorris@namei.org>,
        open list <linux-kernel@vger.kernel.org>,
        bpf <bpf@vger.kernel.org>,
        Linux Security Module list 
        <linux-security-module@vger.kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Florent Revest <revest@chromium.org>,
        Brendan Jackman <jackmanb@chromium.org>,
        Mimi Zohar <zohar@linux.ibm.com>
References: <20201124151210.1081188-1-kpsingh@chromium.org>
 <20201124151210.1081188-2-kpsingh@chromium.org>
 <3b6f7023-e1fe-b79b-fa06-b8edcce530de@fb.com>
 <CACYkzJ51imU+_iNR3zG2pzqvVoewSE+NCTJo_V5ZGYJOej-B-g@mail.gmail.com>
From:   Daniel Borkmann <daniel@iogearbox.net>
Message-ID: <0a627bb2-b356-0141-5e5a-b82d56d0de70@iogearbox.net>
Date:   Wed, 25 Nov 2020 13:17:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CACYkzJ51imU+_iNR3zG2pzqvVoewSE+NCTJo_V5ZGYJOej-B-g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: daniel@iogearbox.net
X-Virus-Scanned: Clear (ClamAV 0.102.4/25998/Tue Nov 24 14:16:50 2020)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/25/20 1:04 PM, KP Singh wrote:
> On Tue, Nov 24, 2020 at 6:35 PM Yonghong Song <yhs@fb.com> wrote:
>> On 11/24/20 7:12 AM, KP Singh wrote:
>>> From: KP Singh <kpsingh@google.com>
>>>
>>> This is in preparation to add a helper for BPF LSM programs to use
>>> IMA hashes when attached to LSM hooks. There are LSM hooks like
>>> inode_unlink which do not have a struct file * argument and cannot
>>> use the existing ima_file_hash API.
>>>
>>> An inode based API is, therefore, useful in LSM based detections like an
>>> executable trying to delete itself which rely on the inode_unlink LSM
>>> hook.
>>>
>>> Moreover, the ima_file_hash function does nothing with the struct file
>>> pointer apart from calling file_inode on it and converting it to an
>>> inode.
>>>
>>> Signed-off-by: KP Singh <kpsingh@google.com>
>>
>> There is no change for this patch compared to previous version,
>> so you can carry my Ack.
>>
>> Acked-by: Yonghong Song <yhs@fb.com>
> 
> I am guessing:
> 
> *  We need an Ack from Mimi/James.

Yes.

> * As regards to which tree, I guess bpf-next would be better since the
> BPF helper and the selftest depends on it

Yep, bpf-next is my preference as otherwise we're running into unnecessary
merge conflicts.

Thanks,
Daniel