All of lore.kernel.org
 help / color / mirror / Atom feed
From: Matthias Kaehlcke <mka@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: Alasdair Kergon <agk@redhat.com>,
	Mike Snitzer <snitzer@kernel.org>,
	James Morris <jmorris@namei.org>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	dm-devel@redhat.com, linux-kernel@vger.kernel.org,
	linux-raid@vger.kernel.org, Song Liu <song@kernel.org>,
	Douglas Anderson <dianders@chromium.org>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 1/3] dm: Add verity helpers for LoadPin
Date: Mon, 16 May 2022 11:51:54 -0700	[thread overview]
Message-ID: <YoKdSrjVf/tHGoa5@google.com> (raw)
In-Reply-To: <02028CEA-5704-4A51-8CAD-BEE53CEF7CCA@chromium.org>

On Fri, May 13, 2022 at 03:15:53PM -0700, Kees Cook wrote:
> 
> 
> On May 4, 2022 12:54:17 PM PDT, Matthias Kaehlcke <mka@chromium.org> wrote:
> >LoadPin limits loading of kernel modules, firmware and certain
> >other files to a 'pinned' file system (typically a read-only
> >rootfs). To provide more flexibility LoadPin is being extended
> >to also allow loading these files from trusted dm-verity
> >devices. For that purpose LoadPin can be provided with a list
> >of verity root digests that it should consider as trusted.
> >
> >Add a bunch of helpers to allow LoadPin to check whether a DM
> >device is a trusted verity device. The new functions broadly
> >fall in two categories: those that need access to verity
> >internals (like the root digest), and the 'glue' between
> >LoadPin and verity. The new file dm-verity-loadpin.c contains
> >the glue functions.
> >
> >Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > [...]
> >diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> >new file mode 100644
> >index 000000000000..972ca93a2231
> >--- /dev/null
> >+++ b/drivers/md/dm-verity-loadpin.c
> >@@ -0,0 +1,80 @@
> >+// SPDX-License-Identifier: GPL-2.0-only
> >+
> >+#include <linux/list.h>
> >+#include <linux/kernel.h>
> >+#include <linux/dm-verity-loadpin.h>
> >+
> >+#include "dm.h"
> >+#include "dm-verity.h"
> >+
> >+static struct list_head *trusted_root_digests;
> 
> Does this need to exist in two places? (i.e. why can't dm and loadpin share
> this instead of needing dm_verity_loadpin_set_trusted_digests()?)

We could share it. Probably it should then be defined here, since this is
the first patch of the series, we could add an extern declaration to
dm-verity-loadpin.h.

> >+
> >+/*
> >+ * Sets the root digests of verity devices which LoadPin considers as trusted.
> >+ *
> >+ * This function must only be called once.
> >+ */
> >+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> >+{
> >+	if (!trusted_root_digests)
> >+		trusted_root_digests = digests;
> >+	else
> >+		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> >+}
> >+
> >+static bool is_trusted_verity_target(struct dm_target *ti)
> >+{
> >+	u8 *root_digest;
> >+	unsigned int digest_size;
> >+	struct trusted_root_digest *trd;
> >+	bool trusted = false;
> >+
> >+	if (!dm_is_verity_target(ti))
> >+		return false;
> >+
> >+	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> >+		return false;
> >+
> >+	list_for_each_entry(trd, trusted_root_digests, node) {
> >+		if ((trd->len == digest_size) &&
> >+		    !memcmp(trd->data, root_digest, digest_size)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> >+
> >+	kfree(root_digest);
> >+
> >+	return trusted;
> >+}
> >+
> >+/*
> >+ * Determines whether a mapped device is a verity device that is trusted
> >+ * by LoadPin.
> >+ */
> >+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> >+{
> >+	int srcu_idx;
> >+	struct dm_table *table;
> >+	unsigned int num_targets;
> >+	bool trusted = false;
> >+	int i;
> >+
> >+	if (!trusted_root_digests || list_empty(trusted_root_digests))
> >+		return false;
> >+
> >+	table = dm_get_live_table(md, &srcu_idx);
> >+	num_targets = dm_table_get_num_targets(table);
> >+	for (i = 0; i < num_targets; i++) {
> >+		struct dm_target *ti = dm_table_get_target(table, i);
> >+
> >+		if (is_trusted_verity_target(ti)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> 
> Pardon my lack of dm vocabulary, but what is "target" vs "table" here?
> I was only thinking of "whole device", so I must not understand what this is
> examining.

'targets' are different types of DM mappings like 'linear' or 'verity'. A
device mapper table contains has one or more targets that define the mapping
of the blocks of the mapped device.

Having spelled that out I realize that the above check is wrong. It would
consider a device like this trusted:

0 10000000 linear 8:1
10000000 10001000 verity <params>

In the above case only a small part of the DM device would be backed by verity.

I think we want a table with a single entry that is a verity target.

> > [...]
> >diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> >new file mode 100644
> >index 000000000000..12a86911d05a
> >--- /dev/null
> >+++ b/include/linux/dm-verity-loadpin.h
> >@@ -0,0 +1,27 @@
> >+/* SPDX-License-Identifier: GPL-2.0 */
> >+
> >+#ifndef __LINUX_DM_VERITY_LOADPIN_H
> >+#define __LINUX_DM_VERITY_LOADPIN_H
> >+
> >+#include <linux/list.h>
> >+
> >+struct mapped_device;
> >+
> >+struct trusted_root_digest {
> >+	u8 *data;
> >+	unsigned int len;
> >+	struct list_head node;
> >+};
> 
> To avoid the double-alloc in patch 2 (and save 1 pointer size of memory), this could just be:
> 
> struct trusted_root_digest {
> 	struct list_head node;
> 	unsigned int len;
> 	u8 data[];
> };

Looks good to me, will change

> Otherwise, looks good to me!

Excellent, thanks for the review!

WARNING: multiple messages have this Message-ID
From: Matthias Kaehlcke <mka@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-security-module@vger.kernel.org,
	Douglas Anderson <dianders@chromium.org>,
	Mike Snitzer <snitzer@kernel.org>,
	linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
	linux-raid@vger.kernel.org, Song Liu <song@kernel.org>,
	dm-devel@redhat.com, Alasdair Kergon <agk@redhat.com>,
	"Serge E . Hallyn" <serge@hallyn.com>
Subject: Re: [dm-devel] [PATCH v3 1/3] dm: Add verity helpers for LoadPin
Date: Mon, 16 May 2022 11:51:54 -0700	[thread overview]
Message-ID: <YoKdSrjVf/tHGoa5@google.com> (raw)
In-Reply-To: <02028CEA-5704-4A51-8CAD-BEE53CEF7CCA@chromium.org>

On Fri, May 13, 2022 at 03:15:53PM -0700, Kees Cook wrote:
> 
> 
> On May 4, 2022 12:54:17 PM PDT, Matthias Kaehlcke <mka@chromium.org> wrote:
> >LoadPin limits loading of kernel modules, firmware and certain
> >other files to a 'pinned' file system (typically a read-only
> >rootfs). To provide more flexibility LoadPin is being extended
> >to also allow loading these files from trusted dm-verity
> >devices. For that purpose LoadPin can be provided with a list
> >of verity root digests that it should consider as trusted.
> >
> >Add a bunch of helpers to allow LoadPin to check whether a DM
> >device is a trusted verity device. The new functions broadly
> >fall in two categories: those that need access to verity
> >internals (like the root digest), and the 'glue' between
> >LoadPin and verity. The new file dm-verity-loadpin.c contains
> >the glue functions.
> >
> >Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > [...]
> >diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> >new file mode 100644
> >index 000000000000..972ca93a2231
> >--- /dev/null
> >+++ b/drivers/md/dm-verity-loadpin.c
> >@@ -0,0 +1,80 @@
> >+// SPDX-License-Identifier: GPL-2.0-only
> >+
> >+#include <linux/list.h>
> >+#include <linux/kernel.h>
> >+#include <linux/dm-verity-loadpin.h>
> >+
> >+#include "dm.h"
> >+#include "dm-verity.h"
> >+
> >+static struct list_head *trusted_root_digests;
> 
> Does this need to exist in two places? (i.e. why can't dm and loadpin share
> this instead of needing dm_verity_loadpin_set_trusted_digests()?)

We could share it. Probably it should then be defined here, since this is
the first patch of the series, we could add an extern declaration to
dm-verity-loadpin.h.

> >+
> >+/*
> >+ * Sets the root digests of verity devices which LoadPin considers as trusted.
> >+ *
> >+ * This function must only be called once.
> >+ */
> >+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> >+{
> >+	if (!trusted_root_digests)
> >+		trusted_root_digests = digests;
> >+	else
> >+		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> >+}
> >+
> >+static bool is_trusted_verity_target(struct dm_target *ti)
> >+{
> >+	u8 *root_digest;
> >+	unsigned int digest_size;
> >+	struct trusted_root_digest *trd;
> >+	bool trusted = false;
> >+
> >+	if (!dm_is_verity_target(ti))
> >+		return false;
> >+
> >+	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> >+		return false;
> >+
> >+	list_for_each_entry(trd, trusted_root_digests, node) {
> >+		if ((trd->len == digest_size) &&
> >+		    !memcmp(trd->data, root_digest, digest_size)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> >+
> >+	kfree(root_digest);
> >+
> >+	return trusted;
> >+}
> >+
> >+/*
> >+ * Determines whether a mapped device is a verity device that is trusted
> >+ * by LoadPin.
> >+ */
> >+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> >+{
> >+	int srcu_idx;
> >+	struct dm_table *table;
> >+	unsigned int num_targets;
> >+	bool trusted = false;
> >+	int i;
> >+
> >+	if (!trusted_root_digests || list_empty(trusted_root_digests))
> >+		return false;
> >+
> >+	table = dm_get_live_table(md, &srcu_idx);
> >+	num_targets = dm_table_get_num_targets(table);
> >+	for (i = 0; i < num_targets; i++) {
> >+		struct dm_target *ti = dm_table_get_target(table, i);
> >+
> >+		if (is_trusted_verity_target(ti)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> 
> Pardon my lack of dm vocabulary, but what is "target" vs "table" here?
> I was only thinking of "whole device", so I must not understand what this is
> examining.

'targets' are different types of DM mappings like 'linear' or 'verity'. A
device mapper table contains has one or more targets that define the mapping
of the blocks of the mapped device.

Having spelled that out I realize that the above check is wrong. It would
consider a device like this trusted:

0 10000000 linear 8:1
10000000 10001000 verity <params>

In the above case only a small part of the DM device would be backed by verity.

I think we want a table with a single entry that is a verity target.

> > [...]
> >diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> >new file mode 100644
> >index 000000000000..12a86911d05a
> >--- /dev/null
> >+++ b/include/linux/dm-verity-loadpin.h
> >@@ -0,0 +1,27 @@
> >+/* SPDX-License-Identifier: GPL-2.0 */
> >+
> >+#ifndef __LINUX_DM_VERITY_LOADPIN_H
> >+#define __LINUX_DM_VERITY_LOADPIN_H
> >+
> >+#include <linux/list.h>
> >+
> >+struct mapped_device;
> >+
> >+struct trusted_root_digest {
> >+	u8 *data;
> >+	unsigned int len;
> >+	struct list_head node;
> >+};
> 
> To avoid the double-alloc in patch 2 (and save 1 pointer size of memory), this could just be:
> 
> struct trusted_root_digest {
> 	struct list_head node;
> 	unsigned int len;
> 	u8 data[];
> };

Looks good to me, will change

> Otherwise, looks good to me!

Excellent, thanks for the review!

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel


  reply	other threads:[~2022-05-16 18:52 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-04 19:54 [PATCH v3 0/3] LoadPin: Enable loading from trusted dm-verity devices Matthias Kaehlcke
2022-05-04 19:54 ` [dm-devel] " Matthias Kaehlcke
2022-05-04 19:54 ` [PATCH v3 1/3] dm: Add verity helpers for LoadPin Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke
2022-05-11 20:54   ` Matthias Kaehlcke
2022-05-11 20:54     ` [dm-devel] " Matthias Kaehlcke
2022-05-12 17:19     ` Mike Snitzer
2022-05-12 17:19       ` [dm-devel] " Mike Snitzer
2022-05-12 18:14       ` Matthias Kaehlcke
2022-05-12 18:14         ` [dm-devel] " Matthias Kaehlcke
2022-05-12 20:44       ` Matthias Kaehlcke
2022-05-12 20:44         ` [dm-devel] " Matthias Kaehlcke
2022-05-13 16:29         ` Mike Snitzer
2022-05-13 16:29           ` [dm-devel] " Mike Snitzer
2022-05-13 16:53           ` Matthias Kaehlcke
2022-05-13 16:53             ` Matthias Kaehlcke
2022-05-13 22:15   ` Kees Cook
2022-05-13 22:15     ` [dm-devel] " Kees Cook
2022-05-16 18:51     ` Matthias Kaehlcke [this message]
2022-05-16 18:51       ` Matthias Kaehlcke
2022-05-17  3:38       ` Kees Cook
2022-05-17  3:38         ` [dm-devel] " Kees Cook
2022-05-04 19:54 ` [PATCH v3 2/3] LoadPin: Enable loading from trusted dm-verity devices Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke
2022-05-04 22:26   ` kernel test robot
2022-05-04 22:26     ` [dm-devel] " kernel test robot
2022-05-13 16:32   ` Mike Snitzer
2022-05-13 16:32     ` [dm-devel] " Mike Snitzer
2022-05-13 17:01     ` Matthias Kaehlcke
2022-05-13 17:01       ` [dm-devel] " Matthias Kaehlcke
2022-05-13 18:26     ` Kees Cook
2022-05-13 18:26       ` [dm-devel] " Kees Cook
2022-05-13 22:36   ` Kees Cook
2022-05-13 22:36     ` [dm-devel] " Kees Cook
2022-05-16 18:17     ` Matthias Kaehlcke
2022-05-16 18:17       ` [dm-devel] " Matthias Kaehlcke
2022-05-17  3:44       ` Kees Cook
2022-05-17  3:44         ` [dm-devel] " Kees Cook
2022-05-17 19:28         ` Matthias Kaehlcke
2022-05-17 19:28           ` [dm-devel] " Matthias Kaehlcke
2022-05-04 19:54 ` [PATCH v3 3/3] dm: verity-loadpin: Use CONFIG_SECURITY_LOADPIN_VERITY for conditional compilation Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YoKdSrjVf/tHGoa5@google.com \
    --to=mka@chromium.org \
    --cc=agk@redhat.com \
    --cc=dianders@chromium.org \
    --cc=dm-devel@redhat.com \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=snitzer@kernel.org \
    --cc=song@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.