Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2984838pxm; Mon, 28 Feb 2022 09:44:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJz+TdcN0G4zee1mEsjlMxDaCOvY0quA+aACdTRfUraayfSwKaH+85XC+x+cCp5OBs2tvevD X-Received: by 2002:a05:6402:358c:b0:412:e44e:f62c with SMTP id y12-20020a056402358c00b00412e44ef62cmr20442566edc.206.1646070291426; Mon, 28 Feb 2022 09:44:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646070291; cv=none; d=google.com; s=arc-20160816; b=Czv870oXZk3mTp0HU0GzbE6+vLghJHTWf8hXTPRPCNrf66mEDIdutI0gYUwBmj86sI We81uypNy2fTTqyRcBqNLy5uI9/DdlzYnM4A5lTW5sqtBqejMIihjICVO/dn94C38odr q2/ikmMov2u30JhFO+UeiwLJXYn4Yb6gNPMKZk7/7u9moHFHzbocEh/lo6p+mDY52F+E dJXwR0Puegmvicu5oApMA7bXC6bktfTkDqPs+F6w33EKIiTNPzss1eemO8Dreutch0tH qu4jLdwpmVTibi6gVbU//iYTmigji3kpM2PTcLzRyBdfQBkvye0pMjSE0ZRDNSfno2zw mAvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=CTDN8RZUPUuP8F+u+9VEaIHWUJd1d/j/SNjzUzHMsL0=; b=D8AkUkqUcc8fmHDVPahAYD5Hmfu6zmd2XcHBSIsnbZsMkHLjgY6IqvAEDaVMr7Qa39 ZV/9iWmCP3ueFaMvBArwuDRCRN3aqMnWz4vcyMdXhPdcWin2fJACXeKKs5XErFP4VsKv Vst3/vI1DHc8aM4iYmYs/SkLDsDMh3i6T/IwM3ObBgfkuoDIXTcIO5inFCsnkKfomEs4 4TbT520A5w3KdYyICnQ8J7yyCKrTShlpAbzbfhPCFiHReroasOJPVLTbWhYafpxHyZWt Lb99TUcmMSKUmDdrd5yR6nPpDeipYcHCgfF4qvzzF0XRMN7NW1KWMzVuadOn8H+zQoCc De0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qITNstVx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o28-20020a05640219bc00b00412e5ea2339si7344986edz.356.2022.02.28.09.44.29; Mon, 28 Feb 2022 09:44:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qITNstVx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238020AbiB1Qte (ORCPT + 99 others); Mon, 28 Feb 2022 11:49:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237790AbiB1Qtc (ORCPT ); Mon, 28 Feb 2022 11:49:32 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1696C23BC4; Mon, 28 Feb 2022 08:48:53 -0800 (PST) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 21SG8Y43024567; Mon, 28 Feb 2022 16:48:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=CTDN8RZUPUuP8F+u+9VEaIHWUJd1d/j/SNjzUzHMsL0=; b=qITNstVxkqf0oZQv+I0q/cOEGAQJ1X//k4iU46EaRRWuYjSACMj9cDV2MLVzuOJlAHqZ as7wAQqm8fXNl95IUsJIIc0sIN2LgogUANyHOXeN55odEg/Q08niQOAw7P64i/MHpVZR G66D5h8sEFHZ3BRK0D7VYTx6PaB2l4dwUU+GITeqz3eL4EokQoVp9P1uvIjMP8N7yRJA M6MHrR01Ho/jQ7xlve4AvS1bjur2TP3jA/vA/BVXsPb5lBkwNF78PndobNRUftWr9IY4 liA6wLrQPXzgrllaW36TEMIninMNy3JODjBuK+KPR+oxdE0YZL8Dymw16BcgFaFix0LO jw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3eh0tq2cuh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Feb 2022 16:48:40 +0000 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 21SG9YNE026749; Mon, 28 Feb 2022 16:48:39 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 3eh0tq2cu3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Feb 2022 16:48:39 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 21SGlL6h012770; Mon, 28 Feb 2022 16:48:38 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma04ams.nl.ibm.com with ESMTP id 3egbj1442b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 28 Feb 2022 16:48:37 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 21SGmZaf52298016 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 28 Feb 2022 16:48:35 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7DCD311C04C; Mon, 28 Feb 2022 16:48:35 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1691811C052; Mon, 28 Feb 2022 16:48:34 +0000 (GMT) Received: from sig-9-65-90-138.ibm.com (unknown [9.65.90.138]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 28 Feb 2022 16:48:33 +0000 (GMT) Message-ID: Subject: Re: [PATCH 2/2] integrity: double check iint_cache was initialized From: Mimi Zohar To: Petr Vorel Cc: Casey Schaufler , dvyukov@google.com, ebiggers@kernel.org, jmorris@namei.org, keescook@chromium.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, serge@hallyn.com Date: Mon, 28 Feb 2022 11:48:33 -0500 In-Reply-To: References: <20210322154207.6802-2-zohar@linux.ibm.com> <20220224142025.2587-1-pvorel@suse.cz> <418628ea-f524-05a1-8bfc-a688fa2d625d@schaufler-ca.com> <9405bcfc-78bd-8e7f-41d4-b919221f73e4@schaufler-ca.com> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-18.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: QHE7bNUj7o1HHzUF2JUErdToGUpWyC_p X-Proofpoint-GUID: Ahd4gYdJDBnigI7MtH2YBbiq5XUX9GfC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-02-28_07,2022-02-26_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=955 bulkscore=0 clxscore=1011 adultscore=0 lowpriorityscore=0 suspectscore=0 phishscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202280087 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2022-02-28 at 14:44 +0100, Petr Vorel wrote: > Hi Mimi, all, > > > Hi Petr, Casey, > > > On Thu, 2022-02-24 at 10:51 -0800, Casey Schaufler wrote: > > > On 2/24/2022 9:42 AM, Petr Vorel wrote: > > > > It was always my expectation, which appears to have been poorly > > > communicated, that "making integrity an LSM" meant using the LSM > > > hook infrastructure. Just adding "integrity" to lsm= doesn't make > > > it an LSM to my mind. > > > Agreed. The actual commit that introduced the change was 3d6e5f6dcf65 > > ("LSM: Convert security_initcall() into DEFINE_LSM()"). > I wonder whether we can improve things now. I'm not sure it is possible to revert the change. Perhaps the simplest solution would be to move integrity off the security hook. It just needs to be initialized before EVM and IMA. thanks, Mimi