Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753178AbYJaTsq (ORCPT ); Fri, 31 Oct 2008 15:48:46 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752186AbYJaTsi (ORCPT ); Fri, 31 Oct 2008 15:48:38 -0400 Received: from e36.co.us.ibm.com ([32.97.110.154]:34997 "EHLO e36.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752129AbYJaTsh (ORCPT ); Fri, 31 Oct 2008 15:48:37 -0400 Subject: Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM) From: Mimi Zohar To: Dave Hansen Cc: Christoph Hellwig , linux-kernel@vger.kernel.org, James Morris , David Safford , Serge Hallyn , Mimi Zohar In-Reply-To: <1225471902.12673.415.camel@nimitz> References: <7c05f813215804a30d03821fd8e251b250d0e000.1223869200.git.zohar@localhost.localdomain> <20081014132823.GA18474@infradead.org> <1225471902.12673.415.camel@nimitz> Content-Type: text/plain Date: Fri, 31 Oct 2008 15:48:34 -0400 Message-Id: <1225482514.21941.54.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9) Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2117 Lines: 57 On Fri, 2008-10-31 at 09:51 -0700, Dave Hansen wrote: > On Tue, 2008-10-14 at 09:28 -0400, Christoph Hellwig wrote: > > > --- a/include/linux/fs.h > > > +++ b/include/linux/fs.h > > > @@ -683,6 +683,9 @@ struct inode { > > > #ifdef CONFIG_SECURITY > > > void *i_security; > > > #endif > > > +#ifdef CONFIG_INTEGRITY > > > + void *i_integrity; > > > +#endif > > > > Sorry, but as said before bloating the inode for this is not an option. > > Please use something like the MRU approach I suggested in the last > > review round. I am working on using a radix tree to store the i_integrity information, as Christoph suggested. Initially the measurements were awful, but after fixing the locking and removing an unnecessary sychronize_rcu, I'm not seeing a major performance hit. > Why don't we just have a 'void *i_lots_of_bloat field', and let the > security folks stick whatever they want in it? They can trade their > i_security space for a new one. I know we want to conceptually separate > security from integrity, so let's separate it: > > struct i_bloat_inodes { > #ifdef CONFIG_SECURITY > void *i_security; > #endif > #ifdef CONFIG_INTEGRITY > void *i_integrity; > #endif > }; I'm not sure that the LSM people would be too happy. If using the radix tree does not pan out, then we will have to look into this option. > By the way, if there's no TPM hardware, why would I want i_integrity > anyway? > -- Dave The integrity framework is for collecting, appraising, and storing integrity information. Integrity measurements today are mainly file measurements, but the framework allows for other types of integrity measurements. Some types of integrity measurements, might only require collecting and appraising, but not storing, so a TPM would not be required. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/