Re: [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
From: Casey Schaufler
Date: Thu Nov 30 2023 - 11:15:33 EST
On 11/30/2023 12:30 AM, Petr Tesarik wrote:
> Hi all,
>
> On 11/30/2023 1:41 AM, Casey Schaufler wrote:
>> ...
>> It would be nice if the solution directly addresses the problem.
>> EVM needs to be after the LSMs that use xattrs, not after all LSMs.
>> I suggested LSM_ORDER_REALLY_LAST in part to identify the notion as
>> unattractive.
> Excuse me to chime in, but do we really need the ordering in code?
tl;dr - Yes.
> FWIW
> the linker guarantees that objects appear in the order they are seen
> during the link (unless --sort-section overrides that default, but this
> option is not used in the kernel). Since *.a archive files are used in
> kbuild, I have also verified that their use does not break the
> assumption; they are always created from scratch.
>
> In short, to enforce an ordering, you can simply list the corresponding
> object files in that order in the Makefile. Of course, add a big fat
> warning comment, so people understand the order is not arbitrary.
Not everyone builds custom kernels.
>
> Just my two eurocents,
> Petr T
>
>