linux/drivers
Tushar Sugandhi 91ccbbac17 dm ima: measure data on table load
DM configures a block device with various target specific attributes
passed to it as a table.  DM loads the table, and calls each target’s
respective constructors with the attributes as input parameters.
Some of these attributes are critical to ensure the device meets
certain security bar.  Thus, IMA should measure these attributes, to
ensure they are not tampered with, during the lifetime of the device.
So that the external services can have high confidence in the
configuration of the block-devices on a given system.

Some devices may have large tables.  And a given device may change its
state (table-load, suspend, resume, rename, remove, table-clear etc.)
many times.  Measuring these attributes each time when the device
changes its state will significantly increase the size of the IMA logs.
Further, once configured, these attributes are not expected to change
unless a new table is loaded, or a device is removed and recreated.
Therefore the clear-text of the attributes should only be measured
during table load, and the hash of the active/inactive table should be
measured for the remaining device state changes.

Export IMA function ima_measure_critical_data() to allow measurement
of DM device parameters, as well as target specific attributes, during
table load.  Compute the hash of the inactive table and store it for
measurements during future state change.  If a load is called multiple
times, update the inactive table hash with the hash of the latest
populated table.  So that the correct inactive table hash is measured
when the device transitions to different states like resume, remove,
rename, etc.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com> # leak fix
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2021-08-10 13:32:40 -04:00
..
accessibility TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
acpi Merge branches 'acpi-resources' and 'acpi-dptf' 2021-07-30 20:26:38 +02:00
amba
android
ata libata-5.14-2021-07-30 2021-07-30 10:56:47 -07:00
atm Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
auxdisplay
base driver core: Prevent warning when removing a device link from unregistered consumer 2021-07-21 17:28:42 +02:00
bcma
block block: move the bdi from the request_queue to the gendisk 2021-08-09 11:53:23 -06:00
bluetooth TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
bus bus: mhi: pci_generic: Fix inbound IPCR channel 2021-07-21 13:16:18 +02:00
cdrom block: remove REQ_OP_SCSI_{IN,OUT} 2021-06-30 15:34:19 -06:00
char powerpc/powernv: Fix fall-through warning for Clang 2021-07-13 19:21:41 -05:00
clk dt-bindings: clock: r9a07g044-cpg: Update clock/reset definitions 2021-07-12 10:52:03 +02:00
clocksource This round has a diffstat dominated by Qualcomm clk drivers. Honestly though 2021-07-01 13:26:16 -07:00
comedi Staging / IIO driver patches for 5.14-rc1 2021-07-05 14:01:53 -07:00
connector
counter
cpufreq cpufreq: Fix fall-through warning for Clang 2021-07-13 11:53:07 -05:00
cpuidle - Add support for the Qcom MSM8226 (Bartosz Dudziak) 2021-06-30 14:56:51 +02:00
crypto ARM: SoC changes for 5.14 2021-07-10 09:22:44 -07:00
cxl
dax fs: remove noop_set_page_dirty() 2021-06-29 10:53:48 -07:00
dca
devfreq PM / devfreq: passive: Fix get_target_freq when not using required-opp 2021-06-24 10:37:35 +09:00
dio
dma dmaengine: mpc512x: Fix fall-through warning for Clang 2021-07-14 11:05:55 -05:00
dma-buf Short summary of fixes pull: 2021-07-13 15:15:17 +02:00
edac EDAC/igen6: fix core dependency AGAIN 2021-07-15 11:59:59 -07:00
eisa
extcon Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
firewire Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
firmware A set of EFI fixes: 2021-07-25 10:04:27 -07:00
fpga fpga: machxo2-spi: Address warning about unused variable 2021-06-24 15:45:11 +02:00
fsi
gnss
gpio - Core Frameworks 2021-07-05 12:10:34 -07:00
gpu Merge tag 'amd-drm-fixes-5.14-2021-07-28' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes 2021-07-29 17:20:29 +10:00
greybus
hid HID: ft260: fix device removal due to USB disconnect 2021-07-29 12:38:32 +02:00
hsi
hv Drivers: hv: vmbus: Fix duplicate CPU assignments within a device 2021-07-19 09:26:31 +00:00
hwmon Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
hwspinlock
hwtracing Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
i2c i2c: mpc: Poll for MCF 2021-07-20 22:32:01 +02:00
i3c I3C for 5.14 2021-07-10 11:53:06 -07:00
idle
iio Staging / IIO driver patches for 5.14-rc1 2021-07-05 14:01:53 -07:00
infiniband RDMA/irdma: Change returned type of irdma_setup_virt_qp to void 2021-07-15 15:14:11 -03:00
input This pull request contains the following changes for UML: 2021-07-09 10:19:13 -07:00
interconnect interconnect changes for 5.14 2021-06-22 22:03:25 +02:00
iommu fallthrough fixes for Clang for 5.14-rc2 2021-07-15 13:57:31 -07:00
ipack TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
irqchip irqchip fixes for 5.14, take #1 2021-07-09 15:35:13 +02:00
isdn TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
leds This contains quite a lot of fixes, with more fixes in my inbox that 2021-07-03 11:57:42 -07:00
lightnvm
macintosh
mailbox mbox: add polarfire soc system controller mailbox 2021-06-26 12:06:48 -05:00
mcb mcb: Use DEFINE_RES_MEM() helper macro and fix the end address 2021-06-24 15:56:25 +02:00
md dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
media ACPI fixes for 5.14-rc3 2021-07-23 11:08:06 -07:00
memory
memstick for-5.14/block-2021-06-29 2021-06-30 12:12:56 -07:00
message scsi: message: mptfc: Switch from pci_ to dma_ API 2021-06-22 23:00:01 -04:00
mfd Driver core changes for 5.14-rc1 2021-07-05 13:51:41 -07:00
misc Merge tag 'at24-fixes-for-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux into i2c/for-current 2021-07-20 22:28:56 +02:00
mmc MMC core: 2021-07-22 09:51:38 -07:00
most
mtd mtd: cfi_util: Fix unreachable code issue 2021-07-12 11:15:28 -05:00
mux
net can: esd_usb2: fix memory leak 2021-07-30 08:47:34 +02:00
nfc nfc: nfcsim: fix use after free during module unload 2021-07-28 10:20:16 +01:00
ntb
nubus
nvdimm cxl for 5.14 2021-07-04 11:55:13 -07:00
nvme block: pass a gendisk to blk_queue_update_readahead 2021-08-09 11:52:28 -06:00
nvmem Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
of Devicetree updates for v5.14: 2021-07-03 10:54:08 -07:00
opp
parisc kernel.h: split out panic and oops helpers 2021-07-01 11:06:04 -07:00
parport
pci PCI: Fix fall-through warning for Clang 2021-07-13 13:59:12 -05:00
pcmcia
perf
phy USB / Thunderbolt patches for 5.14-rc1 2021-07-05 14:16:22 -07:00
pinctrl This is the bulk of pin control changes for the v5.14 kernel: 2021-07-01 16:57:14 -07:00
platform platform/x86: gigabyte-wmi: add support for B550 Aorus Elite V2 2021-07-28 12:05:33 +02:00
pnp Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
power power: supply: Fix fall-through warnings for Clang 2021-07-13 14:50:47 -05:00
powercap
pps
ps3
ptp ptp: Relocate lookup cookie to correct block. 2021-07-08 12:33:10 -07:00
pwm pwm: ep93xx: Ensure configuring period and duty_cycle isn't wrongly skipped 2021-07-08 16:09:30 +02:00
rapidio
ras
regulator regulator: Fixes for v5.14 2021-07-21 12:37:49 -07:00
remoteproc remoteproc updates for v5.14 2021-07-07 10:50:03 -07:00
reset ARM: Drivers for 5.14 2021-07-10 09:46:20 -07:00
rpmsg rpmsg: core: Add driver_data for rpmsg_device_id 2021-06-18 13:13:40 -07:00
rtc RTC for 5.14 2021-07-10 16:19:10 -07:00
s390 SCSI fixes on 20210717 2021-07-17 13:09:23 -07:00
sbus
scsi scsi: fas216: Fix fall-through warning for Clang 2021-07-29 12:51:16 -05:00
sh
siox siox: Simplify error handling via dev_err_probe() 2021-06-24 15:46:34 +02:00
slimbus
soc ARM: Drivers for 5.14 2021-07-10 09:46:20 -07:00
soundwire Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
spi spi: Fixes for v5.14 2021-07-21 12:41:41 -07:00
spmi spmi: hisi-spmi-controller: move driver from staging 2021-06-25 10:02:05 +02:00
ssb
staging TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
target scsi: target: Fix NULL dereference on XCOPY completion 2021-07-20 23:18:22 -04:00
tc
tee fallthrough fixes for Clang for 5.14-rc1 2021-06-28 20:03:38 -07:00
thermal - Add rk3568 sensor support (Finley Xiao) 2021-07-10 11:43:25 -07:00
thunderbolt USB / Thunderbolt patches for 5.14-rc1 2021-07-05 14:16:22 -07:00
tty This pull request contains the following changes for UML: 2021-07-09 10:19:13 -07:00
uio
usb USB fixes for 5.14-rc3 2021-07-23 10:09:27 -07:00
vdpa vp_vdpa: allow set vq state to initial state after reset 2021-07-08 07:49:02 -04:00
vfio VFIO update for v5.14-rc1 2021-07-03 11:49:33 -07:00
vhost vdpa: support packed virtqueue for set/get_vq_state() 2021-07-08 07:49:01 -04:00
video drm fixes for 5.14-rc2 2021-07-16 11:14:54 -07:00
virt nitro_enclaves: Set Bus Master for the NE PCI device 2021-06-24 15:48:27 +02:00
virtio virtio,vhost,vdpa: features, fixes 2021-07-09 11:06:29 -07:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.14-rc1 tag 2021-07-07 12:57:46 -07:00
xen xen: branch for v5.14-rc1 2021-07-07 11:07:13 -07:00
zorro
Kconfig
Makefile hyperv-next for 5.14 2021-06-29 11:21:35 -07:00