linux_dsm_epyc7002/Documentation
Mimi Zohar f9b2a735bd ima: audit log files opened with O_DIRECT flag
Files are measured or appraised based on the IMA policy.  When a
file, in policy, is opened with the O_DIRECT flag, a deadlock
occurs.

The first attempt at resolving this lockdep temporarily removed the
O_DIRECT flag and restored it, after calculating the hash.  The
second attempt introduced the O_DIRECT_HAVELOCK flag. Based on this
flag, do_blockdev_direct_IO() would skip taking the i_mutex a second
time.  The third attempt, by Dmitry Kasatkin, resolves the i_mutex
locking issue, by re-introducing the IMA mutex, but uncovered
another problem.  Reading a file with O_DIRECT flag set, writes
directly to userspace pages.  A second patch allocates a user-space
like memory.  This works for all IMA hooks, except ima_file_free(),
which is called on __fput() to recalculate the file hash.

Until this last issue is addressed, do not 'collect' the
measurement for measuring, appraising, or auditing files opened
with the O_DIRECT flag set.  Based on policy, permit or deny file
access.  This patch defines a new IMA policy rule option named
'permit_directio'.  Policy rules could be defined, based on LSM
or other criteria, to permit specific applications to open files
with the O_DIRECT flag set.

Changelog v1:
- permit or deny file access based IMA policy rules

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Cc: <stable@vger.kernel.org>
2014-06-03 14:21:50 -05:00
..
ABI ima: audit log files opened with O_DIRECT flag 2014-06-03 14:21:50 -05:00
accounting
acpi ACPI and power management updates for 3.14-rc1 2014-01-24 15:51:02 -08:00
aoe
arm Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
arm64
auxdisplay
backlight
blackfin Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
block Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
blockdev zram: remove old private project comment 2014-01-30 16:56:55 -08:00
bus-devices
cdrom
cgroups Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-01-31 09:31:14 -08:00
connector
console
cpu-freq
cpuidle
cris
crypto
development-process
device-mapper dm thin: fix Documentation for held metadata root feature 2014-03-06 14:23:35 -05:00
devicetree net: micrel : ks8851-ml: add vdd-supply support 2014-03-24 00:36:47 -04:00
DocBook Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-01-31 09:31:14 -08:00
driver-model Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-01-22 21:21:55 -08:00
dvb [media] update Michael Krufky's email address 2014-02-04 06:34:21 -02:00
early-userspace
EDID
extcon
fault-injection
fb Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
filesystems Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
firmware_class
fmc
frv
gpio
hid
hwmon Update Jean Delvare's e-mail address 2014-01-29 20:40:08 +01:00
i2c Documentation: i2c: mention ACPI method for instantiating devices 2014-02-15 19:46:34 +01:00
i2o
ia64
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband
input
ioctl s390/hypfs: add interface for diagnose 0x304 2014-01-24 09:40:59 +01:00
isdn
ja_JP
kbuild
kdump
ko_KR
laptops Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
make
memory-devices
metag
mic
mips
misc-devices Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2014-01-29 18:56:27 -08:00
mmc
mn10300
mtd
namespaces
netlabel
networking netlink: fix setsockopt in mmap examples in documentation 2014-03-20 14:11:38 -04:00
nfc
parisc
PCI PCI/MSI: Add pci_enable_msi_exact() and pci_enable_msix_exact() 2014-02-13 10:48:02 -07:00
pcmcia
power Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
powerpc
pps
prctl
pti
ptp ptp: Allow selecting trigger/event index in testptp 2014-02-04 20:26:46 -08:00
rapidio
RCU Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
s390 Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
scheduler Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
scsi Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
security Smack: adds smackfs/ptrace interface 2014-04-11 14:34:35 -07:00
serial Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
sh
sound
spi spi: Fixes for v3.14 2014-02-12 09:11:24 -08:00
sysctl Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-31 08:59:46 -08:00
target
thermal
timers Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
tpm
trace Documentation/trace/postprocess/trace-vmscan-postprocess.pl: fix the traceevent regex 2014-01-23 16:36:52 -08:00
usb
vDSO
video4linux
virtual Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
vm Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
w1 Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
watchdog
wimax
x86 Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
xtensa
zh_CN Documentation:Update Documentation/zh_CN/arm64/memory.txt 2014-02-07 15:24:31 -08:00
.gitignore
00-INDEX Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
applying-patches.txt
assoc_array.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes
circular-buffers.txt
clk.txt
coccinelle.txt
CodingStyle
cpu-hotplug.txt Documentation/cpu-hotplug.txt: fix a typo in example code 2014-01-23 16:37:01 -08:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt
digsig.txt
DMA-API-HOWTO.txt
DMA-API.txt
DMA-attributes.txt
dma-buf-sharing.txt
DMA-ISA-LPC.txt
dmaengine.txt
dmatest.txt
dontdiff
dynamic-debug-howto.txt dynamic-debug-howto.txt: update since new wildcard support 2014-01-23 16:36:55 -08:00
edac.txt
efi-stub.txt
eisa.txt
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
highuid.txt
HOWTO
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt Documentation/kernel-parameters.txt: fix memmap= language 2014-02-06 13:48:51 -08:00
kernel-per-CPU-kthreads.txt
kmemcheck.txt
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt
Makefile
ManagementStyle
md.txt
media-framework.txt
memory-barriers.txt
memory-hotplug.txt
module-signing.txt
mono.txt
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt drivers: phy: Add support for optional phys 2014-02-05 05:48:43 +00:00
pi-futex.txt
pinctrl.txt
pnp.txt
preempt-locking.txt
printk-formats.txt vsprintf: add %pad extension for dma_addr_t use 2014-01-23 16:36:56 -08:00
pwm.txt
ramoops.txt
rbtree.txt
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rt-mutex-design.txt
rt-mutex.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt
static-keys.txt
SubmitChecklist
SubmittingDrivers
SubmittingPatches
svga.txt
sysfs-rules.txt
sysrq.txt
this_cpu_ops.txt
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
ww-mutex-design.txt
xz.txt
zorro.txt