From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v2 0/2] ima/evm: Ensure digest to verify is in linear mapping area
Date: Thu, 1 Dec 2022 11:06:23 +0100 [thread overview]
Message-ID: <20221201100625.916781-1-roberto.sassu@huaweicloud.com> (raw)
From: Roberto Sassu <roberto.sassu@huawei.com>
As sg_set_buf() requires the buffer for a crypto operation to be in the
linear mapping area, so that it is always in adjacent pages, ensure that
this requirement is met for IMA/EVM.
Currently, evm_verify_hmac() and xattr_verify() put the evm_digest and
ima_max_digest_data structures in the stack. As normally the stack is in
the linear mapping area, passing them to sg_set_buf() would not be a
problem.
However, if CONFIG_VMAP_STACK is enabled, these structures will reside in
the vmalloc area instead. If CONFIG_DEBUG_SG is enabled, the kernel will
panic:
[ 467.077359] kernel BUG at include/linux/scatterlist.h:163!
[ 467.077939] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[...]
[ 467.095225] Call Trace:
[ 467.096088] <TASK>
[ 467.096928] ? rcu_read_lock_held_common+0xe/0x50
[ 467.097569] ? rcu_read_lock_sched_held+0x13/0x70
[ 467.098123] ? trace_hardirqs_on+0x2c/0xd0
[ 467.098647] ? public_key_verify_signature+0x470/0x470
[ 467.099237] asymmetric_verify+0x14c/0x300
[ 467.099869] evm_verify_hmac+0x245/0x360
[ 467.100391] evm_inode_setattr+0x43/0x190
To overcome this problem, dynamically allocate the structures with
kmalloc() if CONFIG_VMAP_STACK is enabled, so that they are placed in the
linear mapping area, and use them instead of the in-stack counterparts.
A test report is available here:
https://github.com/robertosassu/ima-evm-utils/actions/runs/3590837109/jobs/6045608579
which contains the following test (include tests for EVM portable
signatures and IMA verity signatures):
https://github.com/robertosassu/ima-evm-utils/commit/41cf11d299e9fc2d13a60dce4b275c2675d9cc23
Changelog:
v1:
- Dynamically allocate the data structures in IMA and EVM, when necessary,
instead of always making a copy in asymmetric_verify() (suggested by
Mimi)
Roberto Sassu (2):
evm: Alloc evm_digest in evm_verify_hmac() if CONFIG_VMAP_STACK=y
ima: Alloc ima_max_digest_data in xattr_verify() if
CONFIG_VMAP_STACK=y
security/integrity/evm/evm_main.c | 26 +++++++++++++++++++++-----
security/integrity/ima/ima_appraise.c | 19 ++++++++++++++++---
2 files changed, 37 insertions(+), 8 deletions(-)
--
2.25.1
next reply other threads:[~2022-12-01 10:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-01 10:06 Roberto Sassu [this message]
2022-12-01 10:06 ` [PATCH v2 1/2] evm: Alloc evm_digest in evm_verify_hmac() if CONFIG_VMAP_STACK=y Roberto Sassu
2022-12-01 18:53 ` Eric Biggers
2022-12-01 19:08 ` Mimi Zohar
2022-12-01 19:12 ` Eric Biggers
2022-12-02 7:58 ` Roberto Sassu
2022-12-02 18:49 ` Eric Biggers
2022-12-05 8:22 ` Roberto Sassu
2022-12-08 1:26 ` Mimi Zohar
2022-12-08 8:32 ` Roberto Sassu
2022-12-01 10:06 ` [PATCH v2 2/2] ima: Alloc ima_max_digest_data in xattr_verify() " Roberto Sassu
2022-12-01 18:55 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221201100625.916781-1-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).