[PATCH linux dev-6.1 0/5] Backports to support OpenBMC with IMA

Stefan Berger stefanb at linux.ibm.com
Mon Sep 11 22:49:34 AEST 2023 

On 9/11/23 04:04, Joel Stanley wrote:
> On Tue, 5 Sept 2023 at 13:14, Stefan Berger <stefanb at linux.ibm.com> wrote:
>> This series of patches are backports from recent extensions to core Linux
>> filesystem code (support for STATX_CHANGE_COOKIE) and subsequent fixes
>> to IMA and overlayfs so that IMA can be used by OpenBMC configured with
>> overlayfs. Overlayfs is for example used by the p10bmc build.
>>
>> The patches in this series have been cherry-picked from upstream Linux
>> using the following commands:
>>
>> git cherry-pick 131f4fd2c25a # 3 consecutive patches of longer series
>> git cherry-pick a3bb710383cb
>> git cherry-pick a1175d6b1bda
>> git cherry-pick db1d1e8b9867 # IMA: use vfs_getattr_nosec ...
>> git cherry-pick 18b44bc5a672 # ovl: Always reevaluate ...
> This is great. My only concern with backporting a bunch of upstream
> changes is we miss out on subsequent upstream fixes that modify this
> code.
>
> The intent is to move to v6.5 shortly. Do you mind if we wait for
> that, and ensure the 6.5 tree has your changes (I assume the delta
> will be smaller)?

I can wait. 6.5.2 seems to have all these changes. (The first commit 
above seems wrong and should be c5bc1b3ff35ae321d018.)

Regards,

    Stefan

>
> Cheers,
>
> Joel
>
>> Regards,
>>     Stefan
>>
>> Eric Snowberg (1):
>>    ovl: Always reevaluate the file signature for IMA
>>
>> Jeff Layton (4):
>>    fs: uninline inode_query_iversion
>>    fs: clarify when the i_version counter must be updated
>>    vfs: plumb i_version handling into struct kstat
>>    IMA: use vfs_getattr_nosec to get the i_version
>>
>>   fs/libfs.c                        | 36 +++++++++++++++++++
>>   fs/overlayfs/super.c              |  2 +-
>>   fs/stat.c                         | 17 +++++++--
>>   include/linux/iversion.h          | 60 ++++++++++++-------------------
>>   include/linux/stat.h              |  9 +++++
>>   security/integrity/ima/ima_api.c  |  9 +++--
>>   security/integrity/ima/ima_main.c | 12 ++++---
>>   7 files changed, 97 insertions(+), 48 deletions(-)
>>
>> --
>> 2.40.1
>>

More information about the openbmc mailing list