Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

No, this advice is wronger than wrong. If you set panic_on_warn you get to keep the pieces.

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

Hi Greg, On Mon, Apr 15, 2024 at 07:21:37AM +0200, Greg KH wrote: > On Sun, Apr 14, 2024 at 10:48:35PM +0300, Laurent Pinchart wrote: > > On Sun, Apr 14, 2024 at 12:08:50PM -0500, Alex Elder wrote: > > > Several times recently Greg KH has admonished that variants of WARN() > > > should not be used

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

On Mon, Apr 15, 2024 at 11:25:29AM +0300, Laurent Pinchart wrote: > Hi Greg, > > On Mon, Apr 15, 2024 at 07:21:37AM +0200, Greg KH wrote: > > On Sun, Apr 14, 2024 at 10:48:35PM +0300, Laurent Pinchart wrote: > > > On Sun, Apr 14, 2024 at 12:08:50PM -0500, Alex Elder wrote: > > > > Several times re

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

On Mon, Apr 15, 2024 at 01:07:41AM -0700, Christoph Hellwig wrote: > No, this advice is wronger than wrong. If you set panic_on_warn you > get to keep the pieces. > But don't add new WARN() calls please, just properly clean up and handle the error. And any WARN() that userspace can trigger en

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

On Mon, Apr 15, 2024 at 10:33:42AM +0200, Greg KH wrote: > On Mon, Apr 15, 2024 at 11:25:29AM +0300, Laurent Pinchart wrote: > > On Mon, Apr 15, 2024 at 07:21:37AM +0200, Greg KH wrote: > > > On Sun, Apr 14, 2024 at 10:48:35PM +0300, Laurent Pinchart wrote: > > > > On Sun, Apr 14, 2024 at 12:08:50P

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

On Mon, Apr 15, 2024 at 10:35:21AM +0200, Greg KH wrote: > On Mon, Apr 15, 2024 at 01:07:41AM -0700, Christoph Hellwig wrote: > > No, this advice is wronger than wrong. If you set panic_on_warn you > > get to keep the pieces. > > > > But don't add new WARN() calls please, just properly clean u

[RFC][PATCH v2 0/9] ima: Integrate with digest_cache LSM

From: Roberto Sassu One of the IMA shortcomings over the years has been the availability of reference digest values for appraisal. Recently, the situation improved and some Linux distributions are including file signatures. The digest_cache LSM takes a different approach. Instead of requiring Li

[RFC][PATCH v2 1/9] ima: Introduce hook DIGEST_LIST_CHECK

From: Roberto Sassu Introduce a new hook to check the integrity of digest lists. The new hook is invoked during a kernel read with file type READING_DIGEST LIST, which is done by the digest_cache LSM when it is populating a digest cache with a digest list. Signed-off-by: Roberto Sassu --- Doc

[RFC][PATCH v2 2/9] ima: Nest iint mutex for DIGEST_LIST_CHECK hook

From: Roberto Sassu Invoking digest_cache_get() inside the iint->mutex critical region can cause deadlocks due to the fact that IMA can be recursively invoked for reading the digest list. The deadlock would occur if the digest_cache LSM attempts to read the same inode that is already locked by IM

[RFC][PATCH v2 3/9] ima: Add digest_cache policy keyword

From: Roberto Sassu Add the 'digest_cache=' policy keyword, to enable the usage of digest caches for specific IMA actions and purpose. At the moment, it accepts only 'data' as value, as digest caches can be used only for measurement and appraisal of file data. In the future, it might be possible

[RFC][PATCH v2 4/9] ima: Add digest_cache_measure/appraise boot-time built-in policies

From: Roberto Sassu Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in the kernel command line to add the following rule at the beginning of the IMA policy, before other rules: measure func=DIGEST_LIST_CHECK pcr=12 which will measure digest lists into PCR 12 (or the value

[RFC][PATCH v2 5/9] ima: Modify existing boot-time built-in policies with digest cache policies

From: Roberto Sassu Setting the boot-time built-in policies 'digest_cache_measure' and 'digest_cache_appraise' is not sufficient to use the digest_cache LSM to measure and appraise files, since their effect is only to measure and appraise digest lists. Modify existing measurement rules if the 'd

[RFC][PATCH v2 6/9] ima: Store allowed usage in digest cache based on integrity metadata flags

From: Roberto Sassu The digest_cache LSM allows integrity providers to record how the digest list being used to populate the digest cache was verified. Integrity providers can register a kernel_post_read_file LSM hook implementation, and call digest_cache_verif_set() providing the result of the

[RFC][PATCH v2 7/9] ima: Use digest caches for measurement

From: Roberto Sassu Introduce a new measurement style using digest caches, which can be performed exclusively on non-standard PCRs, to avoid ambiguity. While a measurement on the standard PCR means that a file was accessed and had the measured data, a measurement with the digest cache means only

[RFC][PATCH v2 8/9] ima: Use digest caches for appraisal

From: Roberto Sassu Similarly to measurement, enable the new appraisal style too using digest caches. Instead of verifying individual file signatures, verify the signature of lists of digests and search calculated file digests in those lists. The benefits are that signed lists of digests alread

[RFC][PATCH v2 9/9] ima: Register to the digest_cache LSM notifier and process events

From: Roberto Sassu A digest cache used for measurement/appraisal might change over the time (due to file modification, directory changes). When that happens, IMA should invalidate the cached integrity result for affected inodes and evaluate those inodes again. Implement ima_digest_cache_change(

Re: [PATCH] Documentation: coding-style: don't encourage WARN*()

On Mon, Apr 15, 2024 at 10:35:21AM +0200, Greg KH wrote: > On Mon, Apr 15, 2024 at 01:07:41AM -0700, Christoph Hellwig wrote: > > No, this advice is wronger than wrong. If you set panic_on_warn you > > get to keep the pieces. > > > > But don't add new WARN() calls please, just properly clean u