Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data

[PATCH v9 0/8] IMA: support for measuring kernel integrity critical data · Tushar Sugandhi <hidden> · 2020-12-12
[PATCH v9 4/8] IMA: add policy rule to measure critical data · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data · Tyler Hicks <hidden> · 2020-12-12
Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data · Tushar Sugandhi <hidden> · 2020-12-13
Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data · Tushar Sugandhi <hidden> · 2021-01-05
[PATCH v9 1/8] IMA: generalize keyring specific measurement constructs · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 1/8] IMA: generalize keyring specific measurement constructs · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 1/8] IMA: generalize keyring specific measurement constructs · Tushar Sugandhi <hidden> · 2021-01-05
[PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data · Tushar Sugandhi <hidden> · 2021-01-05
Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data · Mimi Zohar <zohar@linux.ibm.com> · 2021-01-05
Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data · Tushar Sugandhi <hidden> · 2021-01-05
[PATCH v9 6/8] IMA: extend critical data hook to limit the measurement based on a label · Tushar Sugandhi <hidden> · 2020-12-12
[PATCH v9 5/8] IMA: limit critical data measurement based on a label · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label · Tyler Hicks <hidden> · 2020-12-12
Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label · Tushar Sugandhi <hidden> · 2020-12-13
Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label · Tushar Sugandhi <hidden> · 2021-01-05
[PATCH v9 2/8] IMA: add support to measure buffer data hash · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 2/8] IMA: add support to measure buffer data hash · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 2/8] IMA: add support to measure buffer data hash · Tushar Sugandhi <hidden> · 2021-01-05
Re: [PATCH v9 2/8] IMA: add support to measure buffer data hash · Tushar Sugandhi <hidden> · 2021-01-06
[PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook · Paul Moore <paul@paul-moore.com> · 2020-12-23
Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook · Lakshmi Ramasubramanian <hidden> · 2021-01-04
Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook · Paul Moore <paul@paul-moore.com> · 2021-01-05
Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook · Lakshmi Ramasubramanian <hidden> · 2021-01-05
[PATCH v9 7/8] IMA: define a builtin critical data measurement policy · Tushar Sugandhi <hidden> · 2020-12-12
Re: [PATCH v9 7/8] IMA: define a builtin critical data measurement policy · Mimi Zohar <zohar@linux.ibm.com> · 2020-12-24
Re: [PATCH v9 7/8] IMA: define a builtin critical data measurement policy · Tushar Sugandhi <hidden> · 2021-01-05

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-01-05 20:17:50
Also in: dm-devel, linux-security-module, lkml, selinux

On Tue, 2021-01-05 at 12:01 -0800, Tushar Sugandhi wrote:

quoted

data. However, various data structures, policies, and states

Here and everywhere else, there are two blanks after a period.

I checked this patch file in multiple text editors, but couldn’t find
any instance of period followed by two spaces. I will double check again 
all the patches for multiple spaces, and remove them if any.

There should be two blanks after a period, not one blank.

<snip>

quoted

+ *
+ * Measure the kernel subsystem data, critical to the integrity of the kernel,
+ * into the IMA log and extend the @pcr.
+ *
+ * Use @event_name to describe the state/buffer data change.
+ * Examples of critical data (@buf) could be various data structures,
+ * policies, and states stored in kernel memory that can impact the integrity
+ * of the system.
+ *
+ * If @measure_buf_hash is set to true - measure hash of the buffer data,
+ * else measure the buffer data itself.
+ * @measure_buf_hash can be used to save space, if the data being measured
+ * is too large.
+ *
+ * The data (@buf) can only be measured, not appraised.

The "/**" is the start of kernel-doc.  Have you seen anywhere else in

My impression was the hooks in ima_main.c e.g. ima_file_free()
ima_file_mmap() required the double-asterisk ("/**"), and internal
functions like ima_rdwr_violation_check() require a single-asterisk
("/*")

kernel-doc.rst suggest the double-asterisk ("/**") for function comment
as well.

Function documentation
----------------------

The general format of a function and function-like macro kernel-doc 
comment is::

   /**
    * function_name() - Brief description of function.

Please let me know if you still want me to remove the double-asterisk
("/**") here.

Yes, of course this needs to be kernel-doc and requires "/**"

quoted

the kernel using the @<variable name> in the longer function
description?  Have you seen this style of longer   function
description?  Refer to Documentation/doc-guide/kernel-doc.rst and other
code for examples.

Thanks. I will remove the prefix "@" from <variable name> in the longer 
function description.

Removing the @<variable name> isn't sufficient.  Please look at other
examples of longer function definitions before reposting.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help