git.baikalelectronics.ru Git - kernel.git/commit

author	Tushar Sugandhi <tusharsu@linux.microsoft.com>
	Tue, 13 Jul 2021 00:48:59 +0000 (17:48 -0700)
committer	Mike Snitzer <snitzer@redhat.com>
	Tue, 10 Aug 2021 17:34:22 +0000 (13:34 -0400)
commit	c5bdfd57d0d37634af1c6f46e8495619d5a0623f
tree	420b60941fd8693df9b2a177efb33dbb4df7babf	tree \| snapshot
parent	68a583646476294107e40ba31ef71376366d1c77	commit \| diff

dm ima: measure data on device resume

A given block device can load a table multiple times, with different
input parameters, before eventually resuming it.  Further, a device may
be suspended and then resumed.  The device may never resume after a
table-load.  Because of the above valid scenarios for a given device,
it is important to measure and log the device resume event using IMA.

Also, if the table is large, measuring it in clear-text each time the
device changes state, will unnecessarily increase the size of IMA log.
Since the table clear-text is already measured during table-load event,
measuring the hash during resume should be sufficient to validate the
table contents.

Measure the device parameters, and hash of the active table, when the
device is resumed.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

drivers/md/dm-ima.c		diff \| blob \| history
drivers/md/dm-ima.h		diff \| blob \| history
drivers/md/dm-ioctl.c		diff \| blob \| history