From: Eric Biggers <ebiggers@kernel.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org,
Stefan Berger <stefanb@linux.ibm.com>,
linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 3/8] fs-verity: define a function to return the integrity protected file digest
Date: Wed, 23 Feb 2022 17:26:17 -0800 [thread overview]
Message-ID: <YhbeuQpGuDxEmi9o@sol.localdomain> (raw)
In-Reply-To: <f322ae351dde71b92d7d4037d78190c7338ca710.camel@linux.ibm.com>
On Wed, Feb 23, 2022 at 08:21:01PM -0500, Mimi Zohar wrote:
> On Wed, 2022-02-23 at 15:59 -0800, Eric Biggers wrote:
> > On Fri, Feb 11, 2022 at 04:43:05PM -0500, Mimi Zohar wrote:
> > > +/**
> > > + * fsverity_get_digest() - get a verity file's digest
> > > + * @inode: inode to get digest of
> > > + * @digest: (out) pointer to the digest
> > > + * @alg: (out) pointer to the hash algorithm enumeration
> > > + *
> > > + * Return the file hash algorithm and digest of an fsverity protected file.
> > > + *
> > > + * Return: 0 on success, -errno on failure
> > > + */
> > > +int fsverity_get_digest(struct inode *inode,
> > > + u8 digest[FS_VERITY_MAX_DIGEST_SIZE],
> > > + enum hash_algo *alg)
> > > +{
> > > + const struct fsverity_info *vi;
> > > + const struct fsverity_hash_alg *hash_alg;
> > > + int i;
> > > +
> > > + vi = fsverity_get_info(inode);
> > > + if (!vi)
> > > + return -ENODATA; /* not a verity file */
> >
> > Sorry for the slow reviews; I'm taking a look again now. One question about
> > something I missed earlier: is the file guaranteed to have been opened before
> > this is called? fsverity_get_info() only returns a non-NULL value if the file
> > has been opened at least once since the inode has been loaded into memory. If
> > the inode has just been loaded into memory without being opened, for example due
> > to a call to stat(), then fsverity_get_info() will return NULL.
> >
> > If the file is guaranteed to have been opened, then the code is fine, but the
> > comment for fsverity_get_digest() perhaps should be updated to mention this
> > assumption, given that it takes a struct inode rather than a struct file.
> >
> > If the file is *not* guaranteed to have been opened, then it would be necessary
> > to make fsverity_get_digest() call ensure_verity_info() to set up the
> > fsverity_info.
>
> Yes, fsverity_get_digest() is called as a result of a syscall - open,
> execve, mmap, etc.
> Refer to the LSM hooks security_bprm_check() and security_mmap_file().
> ima_file_check() is called directly in do_open().
stat() is a syscall too, so the question is not whether this is being called as
a result of a syscall, but rather whether it's only being called while the file
is open (or at least previously opened). Is the answer to that "yes"?
- Eric
next prev parent reply other threads:[~2022-02-24 1:36 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-11 21:43 [PATCH v5 0/8] ima: support fs-verity digests and signatures Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 1/8] ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS Mimi Zohar
2022-02-14 20:03 ` Stefan Berger
2022-02-15 18:11 ` Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 2/8] ima: define ima_max_digest_data struct without a flexible array variable Mimi Zohar
2022-02-14 20:13 ` Stefan Berger
2022-02-11 21:43 ` [PATCH v5 3/8] fs-verity: define a function to return the integrity protected file digest Mimi Zohar
2022-02-23 23:59 ` Eric Biggers
2022-02-24 1:21 ` Mimi Zohar
2022-02-24 1:26 ` Eric Biggers [this message]
2022-02-24 1:27 ` Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 4/8] ima: define a new template field 'd-type' and a new template 'ima-ngv2' Mimi Zohar
2022-02-14 20:38 ` Stefan Berger
2022-02-24 0:32 ` Eric Biggers
2022-02-24 16:16 ` Mimi Zohar
2022-02-24 18:46 ` Eric Biggers
2022-02-25 20:01 ` Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 5/8] ima: permit fsverity's file digests in the IMA measurement list Mimi Zohar
2022-02-24 0:40 ` Eric Biggers
2022-03-17 15:58 ` Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 6/8] ima: define signature version 3 Mimi Zohar
2022-02-24 0:50 ` Eric Biggers
2022-02-11 21:43 ` [PATCH v5 7/8] ima: support fs-verity file digest based version 3 signatures Mimi Zohar
2022-02-24 1:24 ` Eric Biggers
2022-03-17 15:46 ` Mimi Zohar
2022-02-11 21:43 ` [PATCH v5 8/8] fsverity: update the documentation Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YhbeuQpGuDxEmi9o@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.