Re: [PATCH 1/3] ima: keep the integrity state of open files up to date

[PATCH 1/3] ima: keep the integrity state of open files up to date · Janne Karhunen <hidden> · 2019-09-02
[PATCH 2/3] ima: update the file measurement on truncate · Janne Karhunen <hidden> · 2019-09-02
Re: [PATCH 2/3] ima: update the file measurement on truncate · Mimi Zohar <zohar@linux.ibm.com> · 2019-09-08
[PATCH 3/3] ima: update the file measurement on writes · Janne Karhunen <hidden> · 2019-09-02
Re: [PATCH 3/3] ima: update the file measurement on writes · Mimi Zohar <zohar@linux.ibm.com> · 2019-09-08
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · kbuild test robot <hidden> · 2019-09-02
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · kbuild test robot <hidden> · 2019-09-02
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Mimi Zohar <zohar@linux.ibm.com> · 2019-09-08
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Eric Biggers <ebiggers@kernel.org> · 2019-09-09
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Janne Karhunen <hidden> · 2019-09-10
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Eric Biggers <ebiggers@kernel.org> · 2019-09-15
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Janne Karhunen <hidden> · 2019-09-16
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Eric Biggers <ebiggers@kernel.org> · 2019-09-17
Re: [PATCH 1/3] ima: keep the integrity state of open files up to date · Janne Karhunen <hidden> · 2019-09-17

From: Janne Karhunen <hidden>
Date: 2019-09-10 07:05:09
Also in: linux-integrity, linux-mm

On Tue, Sep 10, 2019 at 12:39 AM Eric Biggers [off-list ref] wrote:

quoted

Core file operations (open, close, sync, msync, truncate) are
now allowed to update the measurement immediately. In order
to maintain sufficient write performance for writes, add a
latency tunable delayed work workqueue for computing the
measurements.

This still doesn't make it crash-safe.  So why is it okay?

If Android is the load, this makes it crash safe 99% of the time and
that is considerably better than 0% of the time.

That said, we have now a patch draft forming up that pushes the update
to the ext4 journal. With this patch on top we should reach the
magical 100% given data=journal mount. One step at a time.


--
Janne

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help