From: Tushar Sugandhi <tusharsu@linux.microsoft.com> To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com Cc: zohar@linux.ibm.com, linux-integrity@vger.kernel.org, nramas@linux.microsoft.com, tusharsu@linux.microsoft.com Subject: [PATCH 5/7] dm: measure data on device rename Date: Mon, 12 Jul 2021 17:49:02 -0700 [thread overview] Message-ID: <20210713004904.8808-6-tusharsu@linux.microsoft.com> (raw) In-Reply-To: <20210713004904.8808-1-tusharsu@linux.microsoft.com> A given block device is identified by it's name and UUID. However, both these parameters can be renamed. For an external attestation service to correctly attest a given device, it needs to keep track of these rename events. Update the device data with the new values for IMA measurements. Measure both old and new device name/UUID parameters in the same IMA measurement event, so that the old and the new values can be connected later. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> --- drivers/md/dm-ima.c | 49 +++++++++++++++++++++++++++++++++++++++++++ drivers/md/dm-ima.h | 1 + drivers/md/dm-ioctl.c | 3 +++ 3 files changed, 53 insertions(+) diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c index b1e1cf6bb4e7..36f99848825a 100644 --- a/drivers/md/dm-ima.c +++ b/drivers/md/dm-ima.c @@ -664,12 +664,61 @@ void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) kfree(device_table_data); } +/* + * Measure IMA data on device rename. + */ +void dm_ima_measure_on_device_rename(struct mapped_device *md) +{ + char *old_device_data = NULL, *new_device_data = NULL, *combined_device_data = NULL; + char *new_dev_name = NULL, *new_dev_uuid = NULL, *capacity_str = NULL; + bool noio = true; + int r; + + if (dm_ima_alloc_and_copy_device_data(md, &new_device_data, + md->ima.active_table.num_targets, noio)) + return; + + if (dm_ima_alloc_and_copy_name_uuid(md, &new_dev_name, &new_dev_uuid, noio)) + goto error; + + combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, GFP_KERNEL, noio); + if (!combined_device_data) + goto error; + + r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); + if (r) + goto error; + + old_device_data = md->ima.active_table.device_metadata; + + md->ima.active_table.device_metadata = new_device_data; + md->ima.active_table.device_metadata_len = strlen(new_device_data); + + scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2, "%snew_name=%s,new_uuid=%s;%s", + old_device_data, new_dev_name, new_dev_uuid, capacity_str); + + dm_ima_measure_data("device_rename", combined_device_data, strlen(combined_device_data), + noio); + + goto exit; + +error: + kfree(new_device_data); +exit: + kfree(capacity_str); + kfree(combined_device_data); + kfree(old_device_data); + kfree(new_dev_name); + kfree(new_dev_uuid); +} + #else void dm_ima_reset_data(struct mapped_device *md) {} void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags) {} void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap) {} void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all) {} void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) {} +void dm_ima_measure_on_device_rename(struct mapped_device *md) {} #endif MODULE_AUTHOR("Tushar Sugandhi <tusharsu@linux.microsoft.com>"); MODULE_DESCRIPTION("Enables IMA measurements for DM targets"); diff --git a/drivers/md/dm-ima.h b/drivers/md/dm-ima.h index a17ae953dc67..b1cf014d538d 100644 --- a/drivers/md/dm-ima.h +++ b/drivers/md/dm-ima.h @@ -51,5 +51,6 @@ void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_fl void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap); void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all); void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map); +void dm_ima_measure_on_device_rename(struct mapped_device *md); #endif /*DM_IMA_H*/ diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index b07c19037c7c..e45f6c6ef84a 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -485,6 +485,9 @@ static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, param->flags |= DM_UEVENT_GENERATED_FLAG; md = hc->md; + + dm_ima_measure_on_device_rename(md); + up_write(&_hash_lock); kfree(old_name); -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com> To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com Cc: tusharsu@linux.microsoft.com, nramas@linux.microsoft.com, linux-integrity@vger.kernel.org, zohar@linux.ibm.com Subject: [dm-devel] [PATCH 5/7] dm: measure data on device rename Date: Mon, 12 Jul 2021 17:49:02 -0700 [thread overview] Message-ID: <20210713004904.8808-6-tusharsu@linux.microsoft.com> (raw) In-Reply-To: <20210713004904.8808-1-tusharsu@linux.microsoft.com> A given block device is identified by it's name and UUID. However, both these parameters can be renamed. For an external attestation service to correctly attest a given device, it needs to keep track of these rename events. Update the device data with the new values for IMA measurements. Measure both old and new device name/UUID parameters in the same IMA measurement event, so that the old and the new values can be connected later. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> --- drivers/md/dm-ima.c | 49 +++++++++++++++++++++++++++++++++++++++++++ drivers/md/dm-ima.h | 1 + drivers/md/dm-ioctl.c | 3 +++ 3 files changed, 53 insertions(+) diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c index b1e1cf6bb4e7..36f99848825a 100644 --- a/drivers/md/dm-ima.c +++ b/drivers/md/dm-ima.c @@ -664,12 +664,61 @@ void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) kfree(device_table_data); } +/* + * Measure IMA data on device rename. + */ +void dm_ima_measure_on_device_rename(struct mapped_device *md) +{ + char *old_device_data = NULL, *new_device_data = NULL, *combined_device_data = NULL; + char *new_dev_name = NULL, *new_dev_uuid = NULL, *capacity_str = NULL; + bool noio = true; + int r; + + if (dm_ima_alloc_and_copy_device_data(md, &new_device_data, + md->ima.active_table.num_targets, noio)) + return; + + if (dm_ima_alloc_and_copy_name_uuid(md, &new_dev_name, &new_dev_uuid, noio)) + goto error; + + combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, GFP_KERNEL, noio); + if (!combined_device_data) + goto error; + + r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); + if (r) + goto error; + + old_device_data = md->ima.active_table.device_metadata; + + md->ima.active_table.device_metadata = new_device_data; + md->ima.active_table.device_metadata_len = strlen(new_device_data); + + scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2, "%snew_name=%s,new_uuid=%s;%s", + old_device_data, new_dev_name, new_dev_uuid, capacity_str); + + dm_ima_measure_data("device_rename", combined_device_data, strlen(combined_device_data), + noio); + + goto exit; + +error: + kfree(new_device_data); +exit: + kfree(capacity_str); + kfree(combined_device_data); + kfree(old_device_data); + kfree(new_dev_name); + kfree(new_dev_uuid); +} + #else void dm_ima_reset_data(struct mapped_device *md) {} void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags) {} void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap) {} void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all) {} void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) {} +void dm_ima_measure_on_device_rename(struct mapped_device *md) {} #endif MODULE_AUTHOR("Tushar Sugandhi <tusharsu@linux.microsoft.com>"); MODULE_DESCRIPTION("Enables IMA measurements for DM targets"); diff --git a/drivers/md/dm-ima.h b/drivers/md/dm-ima.h index a17ae953dc67..b1cf014d538d 100644 --- a/drivers/md/dm-ima.h +++ b/drivers/md/dm-ima.h @@ -51,5 +51,6 @@ void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_fl void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap); void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all); void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map); +void dm_ima_measure_on_device_rename(struct mapped_device *md); #endif /*DM_IMA_H*/ diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index b07c19037c7c..e45f6c6ef84a 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -485,6 +485,9 @@ static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, param->flags |= DM_UEVENT_GENERATED_FLAG; md = hc->md; + + dm_ima_measure_on_device_rename(md); + up_write(&_hash_lock); kfree(old_name); -- 2.25.1 -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2021-07-13 0:49 UTC|newest] Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-07-13 0:48 [PATCH 0/7] device mapper target measurements using IMA Tushar Sugandhi 2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:48 ` [PATCH 1/7] dm: measure data on table load Tushar Sugandhi 2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi 2021-07-21 2:12 ` Mimi Zohar 2021-07-21 2:12 ` [dm-devel] " Mimi Zohar 2021-07-21 15:42 ` Mike Snitzer 2021-07-21 15:42 ` [dm-devel] " Mike Snitzer 2021-07-21 16:07 ` Mimi Zohar 2021-07-21 16:07 ` [dm-devel] " Mimi Zohar 2021-07-21 21:17 ` Mimi Zohar 2021-07-21 21:17 ` [dm-devel] " Mimi Zohar 2021-07-29 19:58 ` Tushar Sugandhi 2021-07-29 19:58 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:48 ` [PATCH 2/7] dm: measure data on device resume Tushar Sugandhi 2021-07-13 0:48 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:49 ` [PATCH 3/7] dm: measure data on device remove Tushar Sugandhi 2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:49 ` [PATCH 4/7] dm: measure data on table clear Tushar Sugandhi 2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:49 ` Tushar Sugandhi [this message] 2021-07-13 0:49 ` [dm-devel] [PATCH 5/7] dm: measure data on device rename Tushar Sugandhi 2021-07-13 0:49 ` [PATCH 6/7] dm: update target specific status functions to measure data Tushar Sugandhi 2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi 2021-07-13 1:06 ` Alasdair G Kergon 2021-07-13 1:06 ` [dm-devel] " Alasdair G Kergon 2021-07-14 20:23 ` Tushar Sugandhi 2021-07-14 20:23 ` [dm-devel] " Tushar Sugandhi 2021-07-13 0:49 ` [PATCH 7/7] dm: add documentation for IMA measurement support Tushar Sugandhi 2021-07-13 0:49 ` [dm-devel] " Tushar Sugandhi 2021-07-21 2:33 ` Mimi Zohar 2021-07-21 2:33 ` [dm-devel] " Mimi Zohar 2021-07-24 7:25 ` Tushar Sugandhi 2021-07-24 7:25 ` [dm-devel] " Tushar Sugandhi 2021-07-26 16:33 ` Mimi Zohar 2021-07-26 16:33 ` [dm-devel] " Mimi Zohar 2021-07-26 18:28 ` Tushar Sugandhi 2021-07-26 18:28 ` [dm-devel] " Tushar Sugandhi 2021-07-14 11:32 ` [dm-devel] [PATCH 0/7] device mapper target measurements using IMA Thore Sommer 2021-07-14 11:32 ` Thore Sommer 2021-07-14 20:20 ` Tushar Sugandhi 2021-07-14 20:20 ` Tushar Sugandhi 2021-07-27 10:18 ` Thore Sommer 2021-07-27 10:18 ` Thore Sommer 2021-07-27 20:33 ` Alasdair G Kergon 2021-07-27 20:33 ` Alasdair G Kergon 2021-07-28 3:10 ` Tushar Sugandhi 2021-07-28 3:10 ` Tushar Sugandhi 2021-07-28 17:14 ` Thore Sommer 2021-07-28 17:14 ` Thore Sommer 2021-07-29 17:32 ` Tushar Sugandhi 2021-07-29 17:32 ` Tushar Sugandhi 2021-07-28 17:34 ` Thore Sommer 2021-07-28 17:34 ` Thore Sommer 2021-07-28 21:33 ` Alasdair G Kergon 2021-07-28 21:33 ` Alasdair G Kergon 2021-08-02 10:45 ` Thore Sommer 2021-08-02 10:45 ` Thore Sommer 2021-07-29 19:24 ` Tushar Sugandhi 2021-07-29 19:24 ` Tushar Sugandhi 2021-08-02 10:38 ` Thore Sommer 2021-08-02 10:38 ` Thore Sommer 2021-07-20 21:27 ` Mike Snitzer 2021-07-20 21:27 ` [dm-devel] " Mike Snitzer 2021-07-24 6:57 ` Tushar Sugandhi
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210713004904.8808-6-tusharsu@linux.microsoft.com \ --to=tusharsu@linux.microsoft.com \ --cc=agk@redhat.com \ --cc=dm-devel@redhat.com \ --cc=linux-integrity@vger.kernel.org \ --cc=nramas@linux.microsoft.com \ --cc=snitzer@redhat.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.