UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers/md
History
Tushar Sugandhi 91ccbbac17 dm ima: measure data on table load 
DM configures a block device with various target specific attributes
passed to it as a table.  DM loads the table, and calls each target’s
respective constructors with the attributes as input parameters.
Some of these attributes are critical to ensure the device meets
certain security bar.  Thus, IMA should measure these attributes, to
ensure they are not tampered with, during the lifetime of the device.
So that the external services can have high confidence in the
configuration of the block-devices on a given system.

Some devices may have large tables.  And a given device may change its
state (table-load, suspend, resume, rename, remove, table-clear etc.)
many times.  Measuring these attributes each time when the device
changes its state will significantly increase the size of the IMA logs.
Further, once configured, these attributes are not expected to change
unless a new table is loaded, or a device is removed and recreated.
Therefore the clear-text of the attributes should only be measured
during table load, and the hash of the active/inactive table should be
measured for the remaining device state changes.

Export IMA function ima_measure_critical_data() to allow measurement
of DM device parameters, as well as target specific attributes, during
table load.  Compute the hash of the inactive table and store it for
measurements during future state change.  If a load is called multiple
times, update the inactive table hash with the hash of the latest
populated table.  So that the correct inactive table hash is measured
when the device transitions to different states like resume, remove,
rename, etc.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com> # leak fix
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
 		2021-08-10 13:32:40 -04:00
..
bcache block: make the block holder code optional 2021-08-09 11:50:42 -06:00
persistent-data dm btree remove: assign new_root only when removal succeeds 2021-06-25 15:25:24 -04:00
Kconfig block: make the block holder code optional 2021-08-09 11:50:42 -06:00
Makefile dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm-bio-prison-v1.c dm bio prison: replace spin_lock_irqsave with spin_lock_irq 2019-11-05 14:53:03 -05:00
dm-bio-prison-v1.h
dm-bio-prison-v2.c dm bio prison v2: use true/false for bool variable 2020-01-07 12:07:08 -05:00
dm-bio-prison-v2.h
dm-bio-record.h block: store a block_device pointer in struct bio 2021-01-24 18:17:20 -07:00
dm-bufio.c dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size 2021-03-04 14:53:54 -05:00
dm-builtin.c
dm-cache-background-tracker.c
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c dm: use bdev_read_only to check if a device is read-only 2021-01-24 18:15:57 -07:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c dm io tracker: factor out IO tracker 2021-06-25 15:28:59 -04:00
dm-clone-metadata.c dm clone metadata: remove unused function 2021-04-19 13:20:31 -04:00
dm-clone-metadata.h dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions() 2020-03-27 14:42:51 -04:00
dm-clone-target.c dm-clone: use blkdev_issue_flush in commit_metadata 2021-01-27 09:51:48 -07:00
dm-core.h dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm-crypt.c dm crypt: Fix zoned block device support 2021-06-04 12:07:38 -04:00
dm-delay.c block: rename generic_make_request to submit_bio_noacct 2020-07-01 07:27:24 -06:00
dm-dust.c dm dust: remove h from printk format specifier 2021-02-03 10:10:04 -05:00
dm-ebs-target.c dm ebs: fix a few typos 2021-03-26 14:53:42 -04:00
dm-era-target.c dm space maps: improve performance with inc/dec on ranges of blocks 2021-06-04 12:07:22 -04:00
dm-exception-store.c
dm-exception-store.h - Improve DM snapshot target's scalability by using finer grained 2019-05-16 15:55:48 -07:00
dm-flakey.c dm: Introduce dm_report_zones() 2021-06-04 12:07:32 -04:00
dm-ima.c dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm-ima.h dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm-init.c dm init: Set file local variable static 2020-08-04 15:51:28 -04:00
dm-integrity.c dm integrity: fix sparse warnings 2021-05-13 14:53:49 -04:00
dm-io-tracker.h dm writecache: make writeback pause configurable 2021-06-28 16:30:13 -04:00
dm-io.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
dm-ioctl.c dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm-kcopyd.c dm writecache: have ssd writeback wait if the kcopyd workqueue is busy 2021-06-15 15:42:03 -04:00
dm-linear.c dm: Introduce dm_report_zones() 2021-06-04 12:07:32 -04:00
dm-log-userspace-base.c
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
dm-log.c
dm-mpath.c dm: use dm_table_get_device_name() where appropriate in targets 2020-09-29 16:33:08 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h dm mpath: pass IO start time to path selector 2020-05-15 10:29:36 -04:00
dm-ps-historical-service-time.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-io-affinity.c dm ps io affinity: remove redundant continue statement 2021-06-25 15:25:22 -04:00
dm-ps-queue-length.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-round-robin.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-service-time.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-raid.c dm raid: remove unnecessary discard limits for raid0 and raid10 2021-04-30 14:38:37 -04:00
dm-raid1.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-region-hash.c
dm-rq.c dm: delay registering the gendisk 2021-08-09 11:50:43 -06:00
dm-rq.h
dm-snap-persistent.c dm: replace dm_vcalloc() 2021-04-19 13:13:26 -04:00
dm-snap-transient.c
dm-snap.c dm snapshot: properly fix a crash when an origin has no snapshots 2021-05-25 16:19:58 -04:00
dm-stats.c dm: replace zero-length array with flexible-array 2020-05-20 17:09:44 -04:00
dm-stats.h
dm-stripe.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-switch.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-sysfs.c
dm-table.c block: pass a gendisk to blk_queue_update_readahead 2021-08-09 11:52:28 -06:00
dm-target.c dm mpath: fix missing call of path selector type->end_io 2019-04-25 15:38:52 -04:00
dm-thin-metadata.c dm space maps: improve performance with inc/dec on ranges of blocks 2021-06-04 12:07:22 -04:00
dm-thin-metadata.h dm thin metadata: Add support for a pre-commit callback 2019-12-05 17:05:24 -05:00
dm-thin.c dm thin: remove needless request_queue NULL pointer check 2021-03-26 14:53:42 -04:00
dm-uevent.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
dm-uevent.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
dm-unstripe.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-verity-fec.c dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-fec.h dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-target.c dm verity: allow only one error handling mode 2021-03-26 14:53:41 -04:00
dm-verity-verify-sig.c dm verity: fix require_signatures module_param permissions 2021-05-25 16:14:05 -04:00
dm-verity-verify-sig.h dm verity: Fix compilation warning 2020-08-04 15:48:13 -04:00
dm-verity.h dm verity: add "panic_on_corruption" error handling mode 2020-07-13 11:47:33 -04:00
dm-writecache.c dm writecache: add event counters 2021-08-10 13:27:49 -04:00
dm-zero.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-zone.c dm zone: fix dm_revalidate_zones() memory allocation 2021-06-25 15:25:23 -04:00
dm-zoned-metadata.c dm zoned: check zone capacity 2021-06-04 12:07:28 -04:00
dm-zoned-reclaim.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-zoned-target.c dm table: Fix zoned model check and zone sectors check 2021-03-22 12:32:31 -04:00
dm-zoned.h dm zoned: select reclaim zone based on device index 2020-06-05 14:59:53 -04:00
dm.c dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
dm.h dm: introduce zone append emulation 2021-06-04 12:07:37 -04:00
md-autodetect.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
md-bitmap.c md: Constify attribute_group structs 2021-06-14 22:32:07 -07:00
md-bitmap.h
md-cluster.c for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
md-cluster.h
md-faulty.c md: mark some personalities as deprecated 2021-06-14 22:32:07 -07:00
md-linear.c md: mark some personalities as deprecated 2021-06-14 22:32:07 -07:00
md-linear.h md/raid1: Replace zero-length array with flexible-array 2020-05-13 12:02:23 -07:00
md-multipath.c md: mark some personalities as deprecated 2021-06-14 22:32:07 -07:00
md-multipath.h
md.c for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00
md.h for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00
raid0.c md: add io accounting for raid0 and raid5 2021-06-14 22:32:06 -07:00
raid0.h md/raid0: avoid RAID0 data corruption due to layout confusion. 2019-09-13 13:10:05 -07:00
raid1-10.c md: raid1-10: Unify r{1,10}bio_pool_free 2019-06-15 01:37:35 -06:00
raid1.c md/raid1: enable io accounting 2021-06-14 22:32:07 -07:00
raid1.h md/raid1: enable io accounting 2021-06-14 22:32:07 -07:00
raid5-cache.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5-log.h raid5: set write hint for PPL 2019-03-12 10:15:18 -07:00
raid5-ppl.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5.c for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00
raid5.h md/raid5: let multiple devices of stripe_head share page 2020-09-24 16:44:44 -07:00
raid10.c md/raid10: enable io accounting 2021-06-14 22:32:07 -07:00
raid10.h md/raid10: enable io accounting 2021-06-14 22:32:07 -07:00