From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-integrity-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34496C433EF
	for <linux-integrity@archiver.kernel.org>; Fri, 20 May 2022 14:26:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238648AbiETO0Y (ORCPT
        <rfc822;linux-integrity@archiver.kernel.org>);
        Fri, 20 May 2022 10:26:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34918 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237079AbiETO0V (ORCPT
        <rfc822;linux-integrity@vger.kernel.org>);
        Fri, 20 May 2022 10:26:21 -0400
Received: from mo4-p01-ob.smtp.rzone.de (mo4-p01-ob.smtp.rzone.de [85.215.255.52])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A8ED35244
        for <linux-integrity@vger.kernel.org>; Fri, 20 May 2022 07:26:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1653056778;
    s=strato-dkim-0002; d=thson.de;
    h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=TKVzWMWh/iK70Mm9HetHCSrG8L7/6BKdS9Anokzny/s=;
    b=sEW0jEtBXG3OqN+uMNTOB97hIMvy3knmi2GY2oad5jFf1+MNODw8gHu/8rR+gAQMZZ
    fnnlp5ZbSTO8AaNRUAwk00HcUDXymRyBLKXs9bno5NsdvE1Ix52sjfb6Q/zNq/QiSS7E
    5rNtfqRnWlCzZWksrFGAv2iqrdGrOIPjfLxIZsd1ro0g+m1gNUNkNSrddG10SDydBUjn
    J+Jri+zRazE2DmWFsSrJ0Nt0IQX0BuRUKRAqm1Wui3IeEY+ioa8AVgowRlmXNA2KBX2A
    Ygeqk3YUGHZ6DTqTx/4b/7mNexn+UjuA6jjGKTc5IlMcKWJIQZoamveOJwtOAUwWFDDL
    pDXg==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":PHkGeUmrW+uCZmxs998QJRUX30nOwJd7nOD9sw/xoauycprg5uef7cgCEpy7sPc="
X-RZG-CLASS-ID: mo00
Received: from USER-PC.fritz.box
    by smtp.strato.de (RZmta 47.42.2 DYNA|AUTH)
    with ESMTPSA id Y03eaey4KEQHQD6
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
    Fri, 20 May 2022 16:26:17 +0200 (CEST)
From:   Thore Sommer <public@thson.de>
To:     dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com,
        nramas@linux.microsoft.com
Cc:     linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de>
Subject: [PATCH 2/3] dm verity: add support for IMA target update event
Date:   Fri, 20 May 2022 16:26:04 +0200
Message-Id: <20220520142605.270625-3-public@thson.de>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220520142605.270625-1-public@thson.de>
References: <20220520142605.270625-1-public@thson.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

On first corruption the verity targets triggers a "dm_target_update" event.
This allows other systems to detect the corruption via IMA instead of
manually querying the table. The corruption cannot be detected using the
other IMA measurements because "dm_table_load" only measures the table
content during target creation. Using the new "dm_target_update" remeasures
the target table entries during runtime.

The event is only triggered if the target was not corrupted before because
verity_handle_err(..) is still called when the target is corrupted and the
IMA log should only contain an entry when the table changed.

Signed-off-by: Thore Sommer <public@thson.de>
---
 - v1: rewrite check to not use an extra variable

 drivers/md/dm-verity-target.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 80133aae0db3..5133c2274057 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -16,6 +16,7 @@
 #include "dm-verity.h"
 #include "dm-verity-fec.h"
 #include "dm-verity-verify-sig.h"
+#include "dm-ima.h"
 #include <linux/module.h>
 #include <linux/reboot.h>
 #include <linux/scatterlist.h>
@@ -219,8 +220,13 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
 	const char *type_str = "";
 	struct mapped_device *md = dm_table_get_md(v->ti->table);
 
-	/* Corruption should be visible in device status in all modes */
-	v->hash_failed = 1;
+	/* Only change and measure change if not already corrupted */
+	if (!v->hash_failed) {
+		/* Corruption should be visible in device status in all modes */
+		v->hash_failed = 1;
+		/* After the state has changed remeasure target table */
+		dm_ima_measure_on_target_update(v->ti);
+	}
 
 	if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS)
 		goto out;
-- 
2.36.0


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dm-devel-bounces@redhat.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id DC9C7C433EF
	for <dm-devel@archiver.kernel.org>; Fri, 20 May 2022 14:26:34 +0000 (UTC)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-584-YkEQ6rtOOVKgvuOrBxeR1w-1; Fri, 20 May 2022 10:26:32 -0400
X-MC-Unique: YkEQ6rtOOVKgvuOrBxeR1w-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A51C0100B8CB;
	Fri, 20 May 2022 14:26:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 93F3E1121319;
	Fri, 20 May 2022 14:26:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 728E4194705A;
	Fri, 20 May 2022 14:26:30 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
 [10.11.54.6])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 493F0194975B
 for <dm-devel@listman.corp.redhat.com>; Fri, 20 May 2022 14:26:27 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 3B5E82166B2F; Fri, 20 May 2022 14:26:27 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 377662166B25
 for <dm-devel@redhat.com>; Fri, 20 May 2022 14:26:27 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1C6E180A0B9
 for <dm-devel@redhat.com>; Fri, 20 May 2022 14:26:27 +0000 (UTC)
Received: from mo4-p01-ob.smtp.rzone.de (mo4-p01-ob.smtp.rzone.de
 [85.215.255.53]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-172-ZxpMs9HcNU-fvalJmycC1w-1; Fri, 20 May 2022 10:26:25 -0400
X-MC-Unique: ZxpMs9HcNU-fvalJmycC1w-1
X-RZG-AUTH: ":PHkGeUmrW+uCZmxs998QJRUX30nOwJd7nOD9sw/xoauycprg5uef7cgCEpy7sPc="
X-RZG-CLASS-ID: mo00
Received: from USER-PC.fritz.box by smtp.strato.de (RZmta 47.42.2 DYNA|AUTH)
 with ESMTPSA id Y03eaey4KEQHQD6
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
 (Client did not present a certificate);
 Fri, 20 May 2022 16:26:17 +0200 (CEST)
From: Thore Sommer <public@thson.de>
To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com,
 nramas@linux.microsoft.com
Date: Fri, 20 May 2022 16:26:04 +0200
Message-Id: <20220520142605.270625-3-public@thson.de>
In-Reply-To: <20220520142605.270625-1-public@thson.de>
References: <20220520142605.270625-1-public@thson.de>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
Subject: [dm-devel] [PATCH 2/3] dm verity: add support for IMA target update
 event
X-BeenThere: dm-devel@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: device-mapper development <dm-devel.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/dm-devel>,
 <mailto:dm-devel-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/dm-devel/>
List-Post: <mailto:dm-devel@redhat.com>
List-Help: <mailto:dm-devel-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/dm-devel>,
 <mailto:dm-devel-request@redhat.com?subject=subscribe>
Cc: linux-integrity@vger.kernel.org, Thore Sommer <public@thson.de>
Errors-To: dm-devel-bounces@redhat.com
Sender: "dm-devel" <dm-devel-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On first corruption the verity targets triggers a "dm_target_update" event.
This allows other systems to detect the corruption via IMA instead of
manually querying the table. The corruption cannot be detected using the
other IMA measurements because "dm_table_load" only measures the table
content during target creation. Using the new "dm_target_update" remeasures
the target table entries during runtime.

The event is only triggered if the target was not corrupted before because
verity_handle_err(..) is still called when the target is corrupted and the
IMA log should only contain an entry when the table changed.

Signed-off-by: Thore Sommer <public@thson.de>
---
 - v1: rewrite check to not use an extra variable

 drivers/md/dm-verity-target.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 80133aae0db3..5133c2274057 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -16,6 +16,7 @@
 #include "dm-verity.h"
 #include "dm-verity-fec.h"
 #include "dm-verity-verify-sig.h"
+#include "dm-ima.h"
 #include <linux/module.h>
 #include <linux/reboot.h>
 #include <linux/scatterlist.h>
@@ -219,8 +220,13 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
 	const char *type_str = "";
 	struct mapped_device *md = dm_table_get_md(v->ti->table);
 
-	/* Corruption should be visible in device status in all modes */
-	v->hash_failed = 1;
+	/* Only change and measure change if not already corrupted */
+	if (!v->hash_failed) {
+		/* Corruption should be visible in device status in all modes */
+		v->hash_failed = 1;
+		/* After the state has changed remeasure target table */
+		dm_ima_measure_on_target_update(v->ti);
+	}
 
 	if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS)
 		goto out;
-- 
2.36.0

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel