dm ima: update dm target attributes for ima measurements
Certain DM targets ('integrity', 'multipath', 'verity') need to update the way their attributes are recorded in the ima log, so that the attestation servers can interpret the data correctly and decide if the devices meet the attestation requirements. For instance, the "mode=%c" attribute in the 'integrity' target is measured twice, the 'verity' target is missing the attribute "root_hash_sig_key_desc=%s", and the 'multipath' target needs to index the attributes properly. Update 'integrity' target to remove the duplicate measurement of the attribute "mode=%c". Add "root_hash_sig_key_desc=%s" attribute for the 'verity' target. Index various attributes in 'multipath' target. Also, add "nr_priority_groups=%u" attribute to 'multipath' target to record the number of priority groups. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Suggested-by: Thore Sommer <public@thson.de> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
This commit is contained in:
parent
f1cd6cb24b
commit
33ace4ca12
@ -3328,7 +3328,6 @@ static void dm_integrity_status(struct dm_target *ti, status_type_t type,
|
||||
DMEMIT(",journal_sectors=%u", ic->initial_sectors - SB_SECTORS);
|
||||
DMEMIT(",interleave_sectors=%u", 1U << ic->sb->log2_interleave_sectors);
|
||||
DMEMIT(",buffer_sectors=%u", 1U << ic->log2_buffer_sectors);
|
||||
DMEMIT(",mode=%c", ic->mode);
|
||||
DMEMIT(";");
|
||||
break;
|
||||
}
|
||||
|
@ -1790,7 +1790,7 @@ static void multipath_resume(struct dm_target *ti)
|
||||
static void multipath_status(struct dm_target *ti, status_type_t type,
|
||||
unsigned status_flags, char *result, unsigned maxlen)
|
||||
{
|
||||
int sz = 0;
|
||||
int sz = 0, pg_counter, pgpath_counter;
|
||||
unsigned long flags;
|
||||
struct multipath *m = ti->private;
|
||||
struct priority_group *pg;
|
||||
@ -1906,7 +1906,12 @@ static void multipath_status(struct dm_target *ti, status_type_t type,
|
||||
break;
|
||||
|
||||
case STATUSTYPE_IMA:
|
||||
sz = 0; /*reset the result pointer*/
|
||||
|
||||
DMEMIT_TARGET_NAME_VERSION(ti->type);
|
||||
DMEMIT(",nr_priority_groups=%u", m->nr_priority_groups);
|
||||
|
||||
pg_counter = 0;
|
||||
list_for_each_entry(pg, &m->priority_groups, list) {
|
||||
if (pg->bypassed)
|
||||
state = 'D'; /* Disabled */
|
||||
@ -1914,21 +1919,26 @@ static void multipath_status(struct dm_target *ti, status_type_t type,
|
||||
state = 'A'; /* Currently Active */
|
||||
else
|
||||
state = 'E'; /* Enabled */
|
||||
DMEMIT(",pg_state=%c", state);
|
||||
DMEMIT(",nr_pgpaths=%u", pg->nr_pgpaths);
|
||||
DMEMIT(",path_selector_name=%s", pg->ps.type->name);
|
||||
DMEMIT(",pg_state_%d=%c", pg_counter, state);
|
||||
DMEMIT(",nr_pgpaths_%d=%u", pg_counter, pg->nr_pgpaths);
|
||||
DMEMIT(",path_selector_name_%d=%s", pg_counter, pg->ps.type->name);
|
||||
|
||||
pgpath_counter = 0;
|
||||
list_for_each_entry(p, &pg->pgpaths, list) {
|
||||
DMEMIT(",path_name=%s,is_active=%c,fail_count=%u",
|
||||
p->path.dev->name, p->is_active ? 'A' : 'F',
|
||||
p->fail_count);
|
||||
DMEMIT(",path_name_%d_%d=%s,is_active_%d_%d=%c,fail_count_%d_%d=%u",
|
||||
pg_counter, pgpath_counter, p->path.dev->name,
|
||||
pg_counter, pgpath_counter, p->is_active ? 'A' : 'F',
|
||||
pg_counter, pgpath_counter, p->fail_count);
|
||||
if (pg->ps.type->status) {
|
||||
DMEMIT(",path_selector_status=");
|
||||
DMEMIT(",path_selector_status_%d_%d=",
|
||||
pg_counter, pgpath_counter);
|
||||
sz += pg->ps.type->status(&pg->ps, &p->path,
|
||||
type, result + sz,
|
||||
maxlen - sz);
|
||||
}
|
||||
pgpath_counter++;
|
||||
}
|
||||
pg_counter++;
|
||||
}
|
||||
DMEMIT(";");
|
||||
break;
|
||||
|
@ -794,6 +794,8 @@ static void verity_status(struct dm_target *ti, status_type_t type,
|
||||
|
||||
DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n');
|
||||
DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n');
|
||||
if (v->signature_key_desc)
|
||||
DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc);
|
||||
|
||||
if (v->mode != DM_VERITY_MODE_EIO) {
|
||||
DMEMIT(",verity_mode=");
|
||||
|
Loading…
Reference in New Issue
Block a user