Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757050AbYKTVWg (ORCPT ); Thu, 20 Nov 2008 16:22:36 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755061AbYKTVW1 (ORCPT ); Thu, 20 Nov 2008 16:22:27 -0500 Received: from e2.ny.us.ibm.com ([32.97.182.142]:49166 "EHLO e2.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752743AbYKTVW0 (ORCPT ); Thu, 20 Nov 2008 16:22:26 -0500 Subject: Re: [PATCH 3/4] integrity: IMA as an integrity service provider From: Dave Hansen To: Mimi Zohar Cc: linux-kernel@vger.kernel.org, Andrew Morton , James Morris , Christoph Hellwig , Al Viro , David Safford , Serge Hallyn , Mimi Zohar , Christoph Hellwig In-Reply-To: <342f87b65eae2369d96501d8d4935d6be0f46678.1227137423.git.zohar@linux.vnet.ibm.com> References: <342f87b65eae2369d96501d8d4935d6be0f46678.1227137423.git.zohar@linux.vnet.ibm.com> Content-Type: text/plain Date: Thu, 20 Nov 2008 13:22:21 -0800 Message-Id: <1227216141.11607.22.camel@nimitz> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1494 Lines: 38 On Thu, 2008-11-20 at 11:43 -0500, Mimi Zohar wrote: > > + /* Invalidate PCR, if a measured file is already open for read > */ > + if ((mask == MAY_WRITE) || (mask == MAY_APPEND)) { > + int mask_sav = data->mask; > + int rc; > + > + data->mask = MAY_READ; > + rc = ima_must_measure(&idata); > + if (!rc) { > + if (atomic_read(&(data->dentry->d_count)) - 1 > > + atomic_read(&(inode->i_writecount))) > + ima_add_violation(inode, data->filename, > + "invalid_pcr", "ToMToU"); > + } > + data->mask = mask_sav; > + goto out; > + } Following up on Christoph's comment... I'm worried that this calculation isn't very precise. The calculation that you're trying to come up with here is the number of opens (d_count) vs. the number of writers (i_writecount). When they don't match, you know that the new open is the first write, and you must 'invalidate the PCR'? There are a number of things that elevate d_count, and it is a lot more than just an open() that can do it. Is that OK? -- Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/