From: Thore Sommer <public@thson.de> To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com, nramas@linux.microsoft.com Cc: linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de> Subject: [PATCH 2/3] dm verity: add support for IMA target update event Date: Fri, 20 May 2022 16:26:04 +0200 [thread overview] Message-ID: <20220520142605.270625-3-public@thson.de> (raw) In-Reply-To: <20220520142605.270625-1-public@thson.de> On first corruption the verity targets triggers a "dm_target_update" event. This allows other systems to detect the corruption via IMA instead of manually querying the table. The corruption cannot be detected using the other IMA measurements because "dm_table_load" only measures the table content during target creation. Using the new "dm_target_update" remeasures the target table entries during runtime. The event is only triggered if the target was not corrupted before because verity_handle_err(..) is still called when the target is corrupted and the IMA log should only contain an entry when the table changed. Signed-off-by: Thore Sommer <public@thson.de> --- - v1: rewrite check to not use an extra variable drivers/md/dm-verity-target.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 80133aae0db3..5133c2274057 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -16,6 +16,7 @@ #include "dm-verity.h" #include "dm-verity-fec.h" #include "dm-verity-verify-sig.h" +#include "dm-ima.h" #include <linux/module.h> #include <linux/reboot.h> #include <linux/scatterlist.h> @@ -219,8 +220,13 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, const char *type_str = ""; struct mapped_device *md = dm_table_get_md(v->ti->table); - /* Corruption should be visible in device status in all modes */ - v->hash_failed = 1; + /* Only change and measure change if not already corrupted */ + if (!v->hash_failed) { + /* Corruption should be visible in device status in all modes */ + v->hash_failed = 1; + /* After the state has changed remeasure target table */ + dm_ima_measure_on_target_update(v->ti); + } if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) goto out; -- 2.36.0
WARNING: multiple messages have this Message-ID (diff)
From: Thore Sommer <public@thson.de> To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com, nramas@linux.microsoft.com Cc: linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de> Subject: [dm-devel] [PATCH 2/3] dm verity: add support for IMA target update event Date: Fri, 20 May 2022 16:26:04 +0200 [thread overview] Message-ID: <20220520142605.270625-3-public@thson.de> (raw) In-Reply-To: <20220520142605.270625-1-public@thson.de> On first corruption the verity targets triggers a "dm_target_update" event. This allows other systems to detect the corruption via IMA instead of manually querying the table. The corruption cannot be detected using the other IMA measurements because "dm_table_load" only measures the table content during target creation. Using the new "dm_target_update" remeasures the target table entries during runtime. The event is only triggered if the target was not corrupted before because verity_handle_err(..) is still called when the target is corrupted and the IMA log should only contain an entry when the table changed. Signed-off-by: Thore Sommer <public@thson.de> --- - v1: rewrite check to not use an extra variable drivers/md/dm-verity-target.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 80133aae0db3..5133c2274057 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -16,6 +16,7 @@ #include "dm-verity.h" #include "dm-verity-fec.h" #include "dm-verity-verify-sig.h" +#include "dm-ima.h" #include <linux/module.h> #include <linux/reboot.h> #include <linux/scatterlist.h> @@ -219,8 +220,13 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, const char *type_str = ""; struct mapped_device *md = dm_table_get_md(v->ti->table); - /* Corruption should be visible in device status in all modes */ - v->hash_failed = 1; + /* Only change and measure change if not already corrupted */ + if (!v->hash_failed) { + /* Corruption should be visible in device status in all modes */ + v->hash_failed = 1; + /* After the state has changed remeasure target table */ + dm_ima_measure_on_target_update(v->ti); + } if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) goto out; -- 2.36.0 -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2022-05-20 14:26 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-20 14:26 [PATCH 0/3] dm ima: allow targets to remeasure their state Thore Sommer 2022-05-20 14:26 ` [dm-devel] " Thore Sommer 2022-05-20 14:26 ` [PATCH 1/3] dm ima: allow targets to remeasure their table entry Thore Sommer 2022-05-20 14:26 ` [dm-devel] " Thore Sommer 2022-05-20 14:26 ` Thore Sommer [this message] 2022-05-20 14:26 ` [dm-devel] [PATCH 2/3] dm verity: add support for IMA target update event Thore Sommer 2022-05-20 14:26 ` [PATCH 3/3] dm ima: add documentation " Thore Sommer 2022-05-20 14:26 ` [dm-devel] " Thore Sommer
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220520142605.270625-3-public@thson.de \ --to=public@thson.de \ --cc=agk@redhat.com \ --cc=dm-devel@redhat.com \ --cc=linux-integrity@vger.kernel.org \ --cc=nramas@linux.microsoft.com \ --cc=snitzer@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.