diff options
| author | Roberto Sassu <roberto.sassu@huawei.com> | 2026-06-05 20:22:35 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2026-06-08 18:43:34 +0300 |
| commit | fcb0318a29696c13c9f8af0109855793a34371e6 (patch) | |
| tree | 44373174242d262b046d1cd519ddec4292c8ca91 /include/linux/panic.h | |
| parent | c26d9d9246cc66e3472a2bbd186152d0572d7aab (diff) | |
| download | linux-fcb0318a29696c13c9f8af0109855793a34371e6.tar.xz | |
ima: Support staging and deleting N measurements records
Add support for sending a value N between 1 and ULONG_MAX to the IMA
original measurement interface. This value represents the number of
measurements that should be deleted from the current measurements list. In
this case, measurements are staged in an internal non-user visible list,
and immediately deleted.
This staging method allows the remote attestation agents to easily separate
the measurements that were verified (staged and deleted) from those that
weren't due to the race between taking a TPM quote and reading the
measurements list.
In order to minimize the locking time of ima_extend_list_mutex, deleting
N records is realized by doing a lockless walk in the current measurements
list to determine the N-th entry to cut, to cut the current measurements
list under the lock, and by deleting the excess records after releasing the
lock.
Flushing the hash table is not supported for N records, since it would
require removing the N records one by one from the hash table under the
ima_extend_list_mutex lock, which would increase the locking time.
Link: https://github.com/linux-integrity/linux/issues/1
Co-developed-by: Steven Chen <chenste@linux.microsoft.com>
Signed-off-by: Steven Chen <chenste@linux.microsoft.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include/linux/panic.h')
0 files changed, 0 insertions, 0 deletions