[PATCH linux dev-6.1 0/5] Backports to support OpenBMC with IMA
Joel Stanley
joel at jms.id.au
Mon Sep 11 18:04:22 AEST 2023
On Tue, 5 Sept 2023 at 13:14, Stefan Berger <stefanb at linux.ibm.com> wrote:
>
> This series of patches are backports from recent extensions to core Linux
> filesystem code (support for STATX_CHANGE_COOKIE) and subsequent fixes
> to IMA and overlayfs so that IMA can be used by OpenBMC configured with
> overlayfs. Overlayfs is for example used by the p10bmc build.
>
> The patches in this series have been cherry-picked from upstream Linux
> using the following commands:
>
> git cherry-pick 131f4fd2c25a # 3 consecutive patches of longer series
> git cherry-pick a3bb710383cb
> git cherry-pick a1175d6b1bda
> git cherry-pick db1d1e8b9867 # IMA: use vfs_getattr_nosec ...
> git cherry-pick 18b44bc5a672 # ovl: Always reevaluate ...
This is great. My only concern with backporting a bunch of upstream
changes is we miss out on subsequent upstream fixes that modify this
code.
The intent is to move to v6.5 shortly. Do you mind if we wait for
that, and ensure the 6.5 tree has your changes (I assume the delta
will be smaller)?
Cheers,
Joel
>
> Regards,
> Stefan
>
> Eric Snowberg (1):
> ovl: Always reevaluate the file signature for IMA
>
> Jeff Layton (4):
> fs: uninline inode_query_iversion
> fs: clarify when the i_version counter must be updated
> vfs: plumb i_version handling into struct kstat
> IMA: use vfs_getattr_nosec to get the i_version
>
> fs/libfs.c | 36 +++++++++++++++++++
> fs/overlayfs/super.c | 2 +-
> fs/stat.c | 17 +++++++--
> include/linux/iversion.h | 60 ++++++++++++-------------------
> include/linux/stat.h | 9 +++++
> security/integrity/ima/ima_api.c | 9 +++--
> security/integrity/ima/ima_main.c | 12 ++++---
> 7 files changed, 97 insertions(+), 48 deletions(-)
>
> --
> 2.40.1
>
More information about the openbmc
mailing list