[PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

Casey Schaufler casey at schaufler-ca.com
Fri Dec 1 18:54:54 UTC 2023


On 11/30/2023 5:05 PM, Dr. Greg wrote:
> A suggestion has been made in this thread that there needs to be broad
> thinking on this issue, and by extension, other tough problems.  On
> that note, we would be interested in any thoughts regarding the notion
> of a long term solution for this issue being the migration of EVM to a
> BPF based implementation?
>
> There appears to be consensus that the BPF LSM will always go last, a
> BPF implementation would seem to address the EVM ordering issue.
>
> In a larger context, there have been suggestions in other LSM threads
> that BPF is the future for doing LSM's.  Coincident with that has come
> some disagreement about whether or not BPF embodies sufficient
> functionality for this role.
>
> The EVM codebase is reasonably modest with a very limited footprint of
> hooks that it handles.  A BPF implementation on this scale would seem
> to go a long ways in placing BPF sufficiency concerns to rest.
>
> Thoughts/issues?

Converting EVM to BPF looks like a 5 to 10 year process. Creating a
EVM design description to work from, building all the support functions
required, then getting sufficient reviews and testing isn't going to be
a walk in the park. That leaves out the issue of distribution of the
EVM-BPF programs. Consider how the rush to convert kernel internals to
Rust is progressing. EVM isn't huge, but it isn't trivial, either. Tetsuo
had a good hard look at converting TOMOYO to BPF, and concluded that it
wasn't practical. TOMOYO is considerably less complicated than EVM.




More information about the Linux-security-module-archive mailing list