linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 0/3] ima: Provide more info about buffer measurement
@ 2021-07-05  9:09 Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo() Roberto Sassu
                   ` (2 more replies)
  0 siblings, 3 replies; 11+ messages in thread
From: Roberto Sassu @ 2021-07-05  9:09 UTC (permalink / raw)
  To: zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux,
	Roberto Sassu

This patch set provides more information about buffer measurement.

First, it introduces the new function ima_get_current_hash_algo(), to
obtain the algorithm used to calculate the buffer digest (patch 1).

Second, it changes the type of return value of ima_measure_critical_data()
and process_buffer_measurement() from void to int, to signal to the callers
whether or not the buffer has been measured, or just the digest has been
calculated and written to the supplied location (patch 2).

Lastly, it adds two new parameters to the functions above ('digest' and
'digest_len'), so that those functions can write the buffer digest to the
location supplied by the callers (patch 3).

This patch set replaces the patch 'ima: Add digest, algo, measured
parameters to ima_measure_critical_data()' in:

https://lore.kernel.org/linux-integrity/20210625165614.2284243-1-roberto.sassu@huawei.com/

Changelog

v2:
- remove assignments of ima_measure_critical_data() and
  process_buffer_measurement() return values (suggested by Lakshmi)

v1:
- add digest_len parameter to ima_measure_critical_data() and
  process_buffer_measurement() (suggested by Lakshmi)
- fix doc formatting issues

Huawei Digest Lists patch set:
- introduce ima_get_current_hash_algo() (suggested by Mimi)
- remove algo and measured parameters from ima_measure_critical_data() and
  process_buffer_measurement() (suggested by Mimi)
- return an integer from ima_measure_critical_data() and
  process_buffer_measurement() (suggested by Mimi)
- correctly check when process_buffer_measurement() should return earlier

Roberto Sassu (3):
  ima: Introduce ima_get_current_hash_algo()
  ima: Return int in the functions to measure a buffer
  ima: Add digest and digest_len params to the functions to measure a
    buffer

 include/linux/ima.h                          | 23 +++++--
 security/integrity/ima/ima.h                 | 10 +--
 security/integrity/ima/ima_appraise.c        |  2 +-
 security/integrity/ima/ima_asymmetric_keys.c |  2 +-
 security/integrity/ima/ima_init.c            |  3 +-
 security/integrity/ima/ima_main.c            | 67 ++++++++++++++------
 security/integrity/ima/ima_queue_keys.c      |  2 +-
 security/selinux/ima.c                       |  6 +-
 8 files changed, 78 insertions(+), 37 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo()
  2021-07-05  9:09 [PATCH v3 0/3] ima: Provide more info about buffer measurement Roberto Sassu
@ 2021-07-05  9:09 ` Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
  2 siblings, 0 replies; 11+ messages in thread
From: Roberto Sassu @ 2021-07-05  9:09 UTC (permalink / raw)
  To: zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux,
	Roberto Sassu

This patch introduces the new function ima_get_current_hash_algo(), that
callers in the other kernel subsystems might use to obtain the hash
algorithm selected by IMA.

Its primary use will be to determine which algorithm has been used to
calculate the digest written by ima_measure_critical_data() to the location
passed as a new parameter (in a subsequent patch).

Since the hash algorithm does not change after the IMA setup phase, there
is no risk of races (obtaining a digest calculated with a different
algorithm than the one returned).

Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 include/linux/ima.h               | 7 +++++++
 security/integrity/ima/ima_main.c | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 61d5723ec303..81e830d01ced 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -11,9 +11,11 @@
 #include <linux/fs.h>
 #include <linux/security.h>
 #include <linux/kexec.h>
+#include <crypto/hash_info.h>
 struct linux_binprm;
 
 #ifdef CONFIG_IMA
+extern enum hash_algo ima_get_current_hash_algo(void);
 extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
@@ -64,6 +66,11 @@ static inline const char * const *arch_get_ima_policy(void)
 #endif
 
 #else
+static inline enum hash_algo ima_get_current_hash_algo(void)
+{
+	return HASH_ALGO__LAST;
+}
+
 static inline int ima_bprm_check(struct linux_binprm *bprm)
 {
 	return 0;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 287b90509006..8ef1fa357e0c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -76,6 +76,11 @@ static int __init hash_setup(char *str)
 }
 __setup("ima_hash=", hash_setup);
 
+enum hash_algo ima_get_current_hash_algo(void)
+{
+	return ima_hash_algo;
+}
+
 /* Prevent mmap'ing a file execute that is already mmap'ed write */
 static int mmap_violation_check(enum ima_hooks func, struct file *file,
 				char **pathbuf, const char **pathname,
-- 
2.25.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH v3 2/3] ima: Return int in the functions to measure a buffer
  2021-07-05  9:09 [PATCH v3 0/3] ima: Provide more info about buffer measurement Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo() Roberto Sassu
@ 2021-07-05  9:09 ` Roberto Sassu
  2021-07-06 19:21   ` Lakshmi Ramasubramanian
  2021-07-19 20:28   ` Mimi Zohar
  2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
  2 siblings, 2 replies; 11+ messages in thread
From: Roberto Sassu @ 2021-07-05  9:09 UTC (permalink / raw)
  To: zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux,
	Roberto Sassu

ima_measure_critical_data() and process_buffer_measurement() currently
don't return a result. A caller wouldn't be able to know whether those
functions were executed successfully.

This patch modifies the return type from void to int, and returns 0 if the
buffer has been successfully measured, a negative value otherwise.

Also, this patch does not modify the behavior of existing callers by
processing the returned value. For those, the return value is ignored.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 include/linux/ima.h               | 15 +++++++-----
 security/integrity/ima/ima.h      | 10 ++++----
 security/integrity/ima/ima_main.c | 40 ++++++++++++++++++-------------
 3 files changed, 37 insertions(+), 28 deletions(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 81e830d01ced..60492263aa64 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -35,10 +35,10 @@ extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
-extern void ima_measure_critical_data(const char *event_label,
-				      const char *event_name,
-				      const void *buf, size_t buf_len,
-				      bool hash);
+extern int ima_measure_critical_data(const char *event_label,
+				     const char *event_name,
+				     const void *buf, size_t buf_len,
+				     bool hash);
 
 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
 extern void ima_appraise_parse_cmdline(void);
@@ -144,10 +144,13 @@ static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size
 
 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
 
-static inline void ima_measure_critical_data(const char *event_label,
+static inline int ima_measure_critical_data(const char *event_label,
 					     const char *event_name,
 					     const void *buf, size_t buf_len,
-					     bool hash) {}
+					     bool hash)
+{
+	return -ENOENT;
+}
 
 #endif /* CONFIG_IMA */
 
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index f0e448ed1f9f..03db221324c3 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -264,11 +264,11 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, const struct modsig *modsig, int pcr,
 			   struct ima_template_desc *template_desc);
-void process_buffer_measurement(struct user_namespace *mnt_userns,
-				struct inode *inode, const void *buf, int size,
-				const char *eventname, enum ima_hooks func,
-				int pcr, const char *func_data,
-				bool buf_hash);
+int process_buffer_measurement(struct user_namespace *mnt_userns,
+			       struct inode *inode, const void *buf, int size,
+			       const char *eventname, enum ima_hooks func,
+			       int pcr, const char *func_data,
+			       bool buf_hash);
 void ima_audit_measurement(struct integrity_iint_cache *iint,
 			   const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 8ef1fa357e0c..b512c06d8ee1 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -827,7 +827,7 @@ int ima_post_load_data(char *buf, loff_t size,
 	return 0;
 }
 
-/*
+/**
  * process_buffer_measurement - Measure the buffer or the buffer data hash
  * @mnt_userns:	user namespace of the mount the inode was found from
  * @inode: inode associated with the object being measured (NULL for KEY_CHECK)
@@ -840,12 +840,15 @@ int ima_post_load_data(char *buf, loff_t size,
  * @buf_hash: measure buffer data hash
  *
  * Based on policy, either the buffer data or buffer data hash is measured
+ *
+ * Return: 0 if the buffer has been successfully measured, a negative value
+ * otherwise.
  */
-void process_buffer_measurement(struct user_namespace *mnt_userns,
-				struct inode *inode, const void *buf, int size,
-				const char *eventname, enum ima_hooks func,
-				int pcr, const char *func_data,
-				bool buf_hash)
+int process_buffer_measurement(struct user_namespace *mnt_userns,
+			       struct inode *inode, const void *buf, int size,
+			       const char *eventname, enum ima_hooks func,
+			       int pcr, const char *func_data,
+			       bool buf_hash)
 {
 	int ret = 0;
 	const char *audit_cause = "ENOMEM";
@@ -867,7 +870,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
 	u32 secid;
 
 	if (!ima_policy_flag)
-		return;
+		return -ENOENT;
 
 	template = ima_template_desc_buf();
 	if (!template) {
@@ -889,7 +892,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
 					secid, 0, func, &pcr, &template,
 					func_data);
 		if (!(action & IMA_MEASURE))
-			return;
+			return -ENOENT;
 	}
 
 	if (!pcr)
@@ -937,7 +940,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
 					func_measure_str(func),
 					audit_cause, ret, 0, ret);
 
-	return;
+	return ret;
 }
 
 /**
@@ -977,18 +980,21 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
  * and extend the pcr.  Examples of critical data could be various data
  * structures, policies, and states stored in kernel memory that can
  * impact the integrity of the system.
+ *
+ * Return: 0 if the buffer has been successfully measured, a negative value
+ * otherwise.
  */
-void ima_measure_critical_data(const char *event_label,
-			       const char *event_name,
-			       const void *buf, size_t buf_len,
-			       bool hash)
+int ima_measure_critical_data(const char *event_label,
+			      const char *event_name,
+			      const void *buf, size_t buf_len,
+			      bool hash)
 {
 	if (!event_name || !event_label || !buf || !buf_len)
-		return;
+		return -ENOPARAM;
 
-	process_buffer_measurement(&init_user_ns, NULL, buf, buf_len, event_name,
-				   CRITICAL_DATA, 0, event_label,
-				   hash);
+	return process_buffer_measurement(&init_user_ns, NULL, buf, buf_len,
+					  event_name, CRITICAL_DATA, 0,
+					  event_label, hash);
 }
 
 static int __init init_ima(void)
-- 
2.25.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [PATCH v3 3/3] ima: Add digest and digest_len params to the functions to measure a buffer
  2021-07-05  9:09 [PATCH v3 0/3] ima: Provide more info about buffer measurement Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo() Roberto Sassu
  2021-07-05  9:09 ` [PATCH v3 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
@ 2021-07-05  9:09 ` Roberto Sassu
  2021-07-06 19:24   ` Lakshmi Ramasubramanian
                     ` (2 more replies)
  2 siblings, 3 replies; 11+ messages in thread
From: Roberto Sassu @ 2021-07-05  9:09 UTC (permalink / raw)
  To: zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux,
	Roberto Sassu

This patch adds the 'digest' and 'digest_len' parameters to
ima_measure_critical_data() and process_buffer_measurement(), so that
callers can get the digest of the passed buffer.

These functions calculate the digest even if there is no suitable rule in
the IMA policy and, in this case, they simply return 1 before generating a
new measurement entry.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 include/linux/ima.h                          |  5 +--
 security/integrity/ima/ima.h                 |  2 +-
 security/integrity/ima/ima_appraise.c        |  2 +-
 security/integrity/ima/ima_asymmetric_keys.c |  2 +-
 security/integrity/ima/ima_init.c            |  3 +-
 security/integrity/ima/ima_main.c            | 36 ++++++++++++++------
 security/integrity/ima/ima_queue_keys.c      |  2 +-
 security/selinux/ima.c                       |  6 ++--
 8 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index 60492263aa64..b6ab66a546ae 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -38,7 +38,7 @@ extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
 extern int ima_measure_critical_data(const char *event_label,
 				     const char *event_name,
 				     const void *buf, size_t buf_len,
-				     bool hash);
+				     bool hash, u8 *digest, size_t digest_len);
 
 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
 extern void ima_appraise_parse_cmdline(void);
@@ -147,7 +147,8 @@ static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {
 static inline int ima_measure_critical_data(const char *event_label,
 					     const char *event_name,
 					     const void *buf, size_t buf_len,
-					     bool hash)
+					     bool hash, u8 *digest,
+					     size_t digest_len)
 {
 	return -ENOENT;
 }
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 03db221324c3..2f4c20b16ad7 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -268,7 +268,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 			       struct inode *inode, const void *buf, int size,
 			       const char *eventname, enum ima_hooks func,
 			       int pcr, const char *func_data,
-			       bool buf_hash);
+			       bool buf_hash, u8 *digest, size_t digest_len);
 void ima_audit_measurement(struct integrity_iint_cache *iint,
 			   const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index ef9dcfce45d4..63bec42c353f 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -357,7 +357,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,
 		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
 			process_buffer_measurement(&init_user_ns, NULL, digest, digestsize,
 						   "blacklisted-hash", NONE,
-						   pcr, NULL, false);
+						   pcr, NULL, false, NULL, 0);
 	}
 
 	return rc;
diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index c985418698a4..f6aa0b47a772 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -62,5 +62,5 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key,
 	 */
 	process_buffer_measurement(&init_user_ns, NULL, payload, payload_len,
 				   keyring->description, KEY_CHECK, 0,
-				   keyring->description, false);
+				   keyring->description, false, NULL, 0);
 }
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 5076a7d9d23e..b26fa67476b4 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -154,7 +154,8 @@ int __init ima_init(void)
 	ima_init_key_queue();
 
 	ima_measure_critical_data("kernel_info", "kernel_version",
-				  UTS_RELEASE, strlen(UTS_RELEASE), false);
+				  UTS_RELEASE, strlen(UTS_RELEASE), false,
+				  NULL, 0);
 
 	return rc;
 }
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index b512c06d8ee1..360266da5a10 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -838,17 +838,20 @@ int ima_post_load_data(char *buf, loff_t size,
  * @pcr: pcr to extend the measurement
  * @func_data: func specific data, may be NULL
  * @buf_hash: measure buffer data hash
+ * @digest: buffer digest will be written to
+ * @digest_len: buffer length
  *
  * Based on policy, either the buffer data or buffer data hash is measured
  *
- * Return: 0 if the buffer has been successfully measured, a negative value
- * otherwise.
+ * Return: 0 if the buffer has been successfully measured, 1 if the digest
+ * has been written to the passed location but not added to a measurement entry,
+ * a negative value otherwise.
  */
 int process_buffer_measurement(struct user_namespace *mnt_userns,
 			       struct inode *inode, const void *buf, int size,
 			       const char *eventname, enum ima_hooks func,
 			       int pcr, const char *func_data,
-			       bool buf_hash)
+			       bool buf_hash, u8 *digest, size_t digest_len)
 {
 	int ret = 0;
 	const char *audit_cause = "ENOMEM";
@@ -869,7 +872,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 	int action = 0;
 	u32 secid;
 
-	if (!ima_policy_flag)
+	if (digest && digest_len < digest_hash_len)
+		return -EINVAL;
+
+	if (!ima_policy_flag && !digest)
 		return -ENOENT;
 
 	template = ima_template_desc_buf();
@@ -891,7 +897,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 		action = ima_get_action(mnt_userns, inode, current_cred(),
 					secid, 0, func, &pcr, &template,
 					func_data);
-		if (!(action & IMA_MEASURE))
+		if (!(action & IMA_MEASURE) && !digest)
 			return -ENOENT;
 	}
 
@@ -922,6 +928,12 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
 		event_data.buf_len = digest_hash_len;
 	}
 
+	if (digest)
+		memcpy(digest, iint.ima_hash->digest, digest_hash_len);
+
+	if (!ima_policy_flag || (func && !(action & IMA_MEASURE)))
+		return 1;
+
 	ret = ima_alloc_init_template(&event_data, &entry, template);
 	if (ret < 0) {
 		audit_cause = "alloc_entry";
@@ -964,7 +976,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
 
 	process_buffer_measurement(file_mnt_user_ns(f.file), file_inode(f.file),
 				   buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0,
-				   NULL, false);
+				   NULL, false, NULL, 0);
 	fdput(f);
 }
 
@@ -975,26 +987,30 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
  * @buf: pointer to buffer data
  * @buf_len: length of buffer data (in bytes)
  * @hash: measure buffer data hash
+ * @digest: buffer digest will be written to
+ * @digest_len: buffer length
  *
  * Measure data critical to the integrity of the kernel into the IMA log
  * and extend the pcr.  Examples of critical data could be various data
  * structures, policies, and states stored in kernel memory that can
  * impact the integrity of the system.
  *
- * Return: 0 if the buffer has been successfully measured, a negative value
- * otherwise.
+ * Return: 0 if the buffer has been successfully measured, 1 if the digest
+ * has been written to the passed location but not added to a measurement entry,
+ * a negative value otherwise.
  */
 int ima_measure_critical_data(const char *event_label,
 			      const char *event_name,
 			      const void *buf, size_t buf_len,
-			      bool hash)
+			      bool hash, u8 *digest, size_t digest_len)
 {
 	if (!event_name || !event_label || !buf || !buf_len)
 		return -ENOPARAM;
 
 	return process_buffer_measurement(&init_user_ns, NULL, buf, buf_len,
 					  event_name, CRITICAL_DATA, 0,
-					  event_label, hash);
+					  event_label, hash, digest,
+					  digest_len);
 }
 
 static int __init init_ima(void)
diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
index 979ef6c71f3d..93056c03bf5a 100644
--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -165,7 +165,7 @@ void ima_process_queued_keys(void)
 						   entry->keyring_name,
 						   KEY_CHECK, 0,
 						   entry->keyring_name,
-						   false);
+						   false, NULL, 0);
 		list_del(&entry->list);
 		ima_free_key_entry(entry);
 	}
diff --git a/security/selinux/ima.c b/security/selinux/ima.c
index 34d421861bfc..727c4e43219d 100644
--- a/security/selinux/ima.c
+++ b/security/selinux/ima.c
@@ -86,7 +86,8 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
 	}
 
 	ima_measure_critical_data("selinux", "selinux-state",
-				  state_str, strlen(state_str), false);
+				  state_str, strlen(state_str), false,
+				  NULL, 0);
 
 	kfree(state_str);
 
@@ -103,7 +104,8 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
 	}
 
 	ima_measure_critical_data("selinux", "selinux-policy-hash",
-				  policy, policy_len, true);
+				  policy, policy_len, true,
+				  NULL, 0);
 
 	vfree(policy);
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 2/3] ima: Return int in the functions to measure a buffer
  2021-07-05  9:09 ` [PATCH v3 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
@ 2021-07-06 19:21   ` Lakshmi Ramasubramanian
  2021-07-19 20:28   ` Mimi Zohar
  1 sibling, 0 replies; 11+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-07-06 19:21 UTC (permalink / raw)
  To: Roberto Sassu, zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, linux-integrity,
	linux-security-module, linux-kernel, selinux

On 7/5/2021 2:09 AM, Roberto Sassu wrote:
> ima_measure_critical_data() and process_buffer_measurement() currently
> don't return a result. A caller wouldn't be able to know whether those
> functions were executed successfully.
> 
> This patch modifies the return type from void to int, and returns 0 if the
> buffer has been successfully measured, a negative value otherwise.
> 
> Also, this patch does not modify the behavior of existing callers by
> processing the returned value. For those, the return value is ignored.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
>   include/linux/ima.h               | 15 +++++++-----
>   security/integrity/ima/ima.h      | 10 ++++----
>   security/integrity/ima/ima_main.c | 40 ++++++++++++++++++-------------
>   3 files changed, 37 insertions(+), 28 deletions(-)

Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>

  -lakshmi

> 
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index 81e830d01ced..60492263aa64 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -35,10 +35,10 @@ extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
>   extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
>   extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
>   extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
> -extern void ima_measure_critical_data(const char *event_label,
> -				      const char *event_name,
> -				      const void *buf, size_t buf_len,
> -				      bool hash);
> +extern int ima_measure_critical_data(const char *event_label,
> +				     const char *event_name,
> +				     const void *buf, size_t buf_len,
> +				     bool hash);
>   
>   #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
>   extern void ima_appraise_parse_cmdline(void);
> @@ -144,10 +144,13 @@ static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size
>   
>   static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
>   
> -static inline void ima_measure_critical_data(const char *event_label,
> +static inline int ima_measure_critical_data(const char *event_label,
>   					     const char *event_name,
>   					     const void *buf, size_t buf_len,
> -					     bool hash) {}
> +					     bool hash)
> +{
> +	return -ENOENT;
> +}
>   
>   #endif /* CONFIG_IMA */
>   
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index f0e448ed1f9f..03db221324c3 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -264,11 +264,11 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
>   			   struct evm_ima_xattr_data *xattr_value,
>   			   int xattr_len, const struct modsig *modsig, int pcr,
>   			   struct ima_template_desc *template_desc);
> -void process_buffer_measurement(struct user_namespace *mnt_userns,
> -				struct inode *inode, const void *buf, int size,
> -				const char *eventname, enum ima_hooks func,
> -				int pcr, const char *func_data,
> -				bool buf_hash);
> +int process_buffer_measurement(struct user_namespace *mnt_userns,
> +			       struct inode *inode, const void *buf, int size,
> +			       const char *eventname, enum ima_hooks func,
> +			       int pcr, const char *func_data,
> +			       bool buf_hash);
>   void ima_audit_measurement(struct integrity_iint_cache *iint,
>   			   const unsigned char *filename);
>   int ima_alloc_init_template(struct ima_event_data *event_data,
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 8ef1fa357e0c..b512c06d8ee1 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -827,7 +827,7 @@ int ima_post_load_data(char *buf, loff_t size,
>   	return 0;
>   }
>   
> -/*
> +/**
>    * process_buffer_measurement - Measure the buffer or the buffer data hash
>    * @mnt_userns:	user namespace of the mount the inode was found from
>    * @inode: inode associated with the object being measured (NULL for KEY_CHECK)
> @@ -840,12 +840,15 @@ int ima_post_load_data(char *buf, loff_t size,
>    * @buf_hash: measure buffer data hash
>    *
>    * Based on policy, either the buffer data or buffer data hash is measured
> + *
> + * Return: 0 if the buffer has been successfully measured, a negative value
> + * otherwise.
>    */
> -void process_buffer_measurement(struct user_namespace *mnt_userns,
> -				struct inode *inode, const void *buf, int size,
> -				const char *eventname, enum ima_hooks func,
> -				int pcr, const char *func_data,
> -				bool buf_hash)
> +int process_buffer_measurement(struct user_namespace *mnt_userns,
> +			       struct inode *inode, const void *buf, int size,
> +			       const char *eventname, enum ima_hooks func,
> +			       int pcr, const char *func_data,
> +			       bool buf_hash)
>   {
>   	int ret = 0;
>   	const char *audit_cause = "ENOMEM";
> @@ -867,7 +870,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
>   	u32 secid;
>   
>   	if (!ima_policy_flag)
> -		return;
> +		return -ENOENT;
>   
>   	template = ima_template_desc_buf();
>   	if (!template) {
> @@ -889,7 +892,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
>   					secid, 0, func, &pcr, &template,
>   					func_data);
>   		if (!(action & IMA_MEASURE))
> -			return;
> +			return -ENOENT;
>   	}
>   
>   	if (!pcr)
> @@ -937,7 +940,7 @@ void process_buffer_measurement(struct user_namespace *mnt_userns,
>   					func_measure_str(func),
>   					audit_cause, ret, 0, ret);
>   
> -	return;
> +	return ret;
>   }
>   
>   /**
> @@ -977,18 +980,21 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
>    * and extend the pcr.  Examples of critical data could be various data
>    * structures, policies, and states stored in kernel memory that can
>    * impact the integrity of the system.
> + *
> + * Return: 0 if the buffer has been successfully measured, a negative value
> + * otherwise.
>    */
> -void ima_measure_critical_data(const char *event_label,
> -			       const char *event_name,
> -			       const void *buf, size_t buf_len,
> -			       bool hash)
> +int ima_measure_critical_data(const char *event_label,
> +			      const char *event_name,
> +			      const void *buf, size_t buf_len,
> +			      bool hash)
>   {
>   	if (!event_name || !event_label || !buf || !buf_len)
> -		return;
> +		return -ENOPARAM;
>   
> -	process_buffer_measurement(&init_user_ns, NULL, buf, buf_len, event_name,
> -				   CRITICAL_DATA, 0, event_label,
> -				   hash);
> +	return process_buffer_measurement(&init_user_ns, NULL, buf, buf_len,
> +					  event_name, CRITICAL_DATA, 0,
> +					  event_label, hash);
>   }
>   
>   static int __init init_ima(void)
> 

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 3/3] ima: Add digest and digest_len params to the functions to measure a buffer
  2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
@ 2021-07-06 19:24   ` Lakshmi Ramasubramanian
  2021-07-13  2:40   ` Paul Moore
  2021-07-19 20:59   ` Mimi Zohar
  2 siblings, 0 replies; 11+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-07-06 19:24 UTC (permalink / raw)
  To: Roberto Sassu, zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, linux-integrity,
	linux-security-module, linux-kernel, selinux

On 7/5/2021 2:09 AM, Roberto Sassu wrote:
> This patch adds the 'digest' and 'digest_len' parameters to
> ima_measure_critical_data() and process_buffer_measurement(), so that
> callers can get the digest of the passed buffer.
> 
> These functions calculate the digest even if there is no suitable rule in
> the IMA policy and, in this case, they simply return 1 before generating a
> new measurement entry.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
>   include/linux/ima.h                          |  5 +--
>   security/integrity/ima/ima.h                 |  2 +-
>   security/integrity/ima/ima_appraise.c        |  2 +-
>   security/integrity/ima/ima_asymmetric_keys.c |  2 +-
>   security/integrity/ima/ima_init.c            |  3 +-
>   security/integrity/ima/ima_main.c            | 36 ++++++++++++++------
>   security/integrity/ima/ima_queue_keys.c      |  2 +-
>   security/selinux/ima.c                       |  6 ++--
>   8 files changed, 39 insertions(+), 19 deletions(-)

Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>

  -lakshmi

> 
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index 60492263aa64..b6ab66a546ae 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -38,7 +38,7 @@ extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
>   extern int ima_measure_critical_data(const char *event_label,
>   				     const char *event_name,
>   				     const void *buf, size_t buf_len,
> -				     bool hash);
> +				     bool hash, u8 *digest, size_t digest_len);
>   
>   #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
>   extern void ima_appraise_parse_cmdline(void);
> @@ -147,7 +147,8 @@ static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {
>   static inline int ima_measure_critical_data(const char *event_label,
>   					     const char *event_name,
>   					     const void *buf, size_t buf_len,
> -					     bool hash)
> +					     bool hash, u8 *digest,
> +					     size_t digest_len)
>   {
>   	return -ENOENT;
>   }
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 03db221324c3..2f4c20b16ad7 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -268,7 +268,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
>   			       struct inode *inode, const void *buf, int size,
>   			       const char *eventname, enum ima_hooks func,
>   			       int pcr, const char *func_data,
> -			       bool buf_hash);
> +			       bool buf_hash, u8 *digest, size_t digest_len);
>   void ima_audit_measurement(struct integrity_iint_cache *iint,
>   			   const unsigned char *filename);
>   int ima_alloc_init_template(struct ima_event_data *event_data,
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index ef9dcfce45d4..63bec42c353f 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -357,7 +357,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,
>   		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
>   			process_buffer_measurement(&init_user_ns, NULL, digest, digestsize,
>   						   "blacklisted-hash", NONE,
> -						   pcr, NULL, false);
> +						   pcr, NULL, false, NULL, 0);
>   	}
>   
>   	return rc;
> diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
> index c985418698a4..f6aa0b47a772 100644
> --- a/security/integrity/ima/ima_asymmetric_keys.c
> +++ b/security/integrity/ima/ima_asymmetric_keys.c
> @@ -62,5 +62,5 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key,
>   	 */
>   	process_buffer_measurement(&init_user_ns, NULL, payload, payload_len,
>   				   keyring->description, KEY_CHECK, 0,
> -				   keyring->description, false);
> +				   keyring->description, false, NULL, 0);
>   }
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 5076a7d9d23e..b26fa67476b4 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -154,7 +154,8 @@ int __init ima_init(void)
>   	ima_init_key_queue();
>   
>   	ima_measure_critical_data("kernel_info", "kernel_version",
> -				  UTS_RELEASE, strlen(UTS_RELEASE), false);
> +				  UTS_RELEASE, strlen(UTS_RELEASE), false,
> +				  NULL, 0);
>   
>   	return rc;
>   }
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index b512c06d8ee1..360266da5a10 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -838,17 +838,20 @@ int ima_post_load_data(char *buf, loff_t size,
>    * @pcr: pcr to extend the measurement
>    * @func_data: func specific data, may be NULL
>    * @buf_hash: measure buffer data hash
> + * @digest: buffer digest will be written to
> + * @digest_len: buffer length
>    *
>    * Based on policy, either the buffer data or buffer data hash is measured
>    *
> - * Return: 0 if the buffer has been successfully measured, a negative value
> - * otherwise.
> + * Return: 0 if the buffer has been successfully measured, 1 if the digest
> + * has been written to the passed location but not added to a measurement entry,
> + * a negative value otherwise.
>    */
>   int process_buffer_measurement(struct user_namespace *mnt_userns,
>   			       struct inode *inode, const void *buf, int size,
>   			       const char *eventname, enum ima_hooks func,
>   			       int pcr, const char *func_data,
> -			       bool buf_hash)
> +			       bool buf_hash, u8 *digest, size_t digest_len)
>   {
>   	int ret = 0;
>   	const char *audit_cause = "ENOMEM";
> @@ -869,7 +872,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
>   	int action = 0;
>   	u32 secid;
>   
> -	if (!ima_policy_flag)
> +	if (digest && digest_len < digest_hash_len)
> +		return -EINVAL;
> +
> +	if (!ima_policy_flag && !digest)
>   		return -ENOENT;
>   
>   	template = ima_template_desc_buf();
> @@ -891,7 +897,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
>   		action = ima_get_action(mnt_userns, inode, current_cred(),
>   					secid, 0, func, &pcr, &template,
>   					func_data);
> -		if (!(action & IMA_MEASURE))
> +		if (!(action & IMA_MEASURE) && !digest)
>   			return -ENOENT;
>   	}
>   
> @@ -922,6 +928,12 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
>   		event_data.buf_len = digest_hash_len;
>   	}
>   
> +	if (digest)
> +		memcpy(digest, iint.ima_hash->digest, digest_hash_len);
> +
> +	if (!ima_policy_flag || (func && !(action & IMA_MEASURE)))
> +		return 1;
> +
>   	ret = ima_alloc_init_template(&event_data, &entry, template);
>   	if (ret < 0) {
>   		audit_cause = "alloc_entry";
> @@ -964,7 +976,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
>   
>   	process_buffer_measurement(file_mnt_user_ns(f.file), file_inode(f.file),
>   				   buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0,
> -				   NULL, false);
> +				   NULL, false, NULL, 0);
>   	fdput(f);
>   }
>   
> @@ -975,26 +987,30 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
>    * @buf: pointer to buffer data
>    * @buf_len: length of buffer data (in bytes)
>    * @hash: measure buffer data hash
> + * @digest: buffer digest will be written to
> + * @digest_len: buffer length
>    *
>    * Measure data critical to the integrity of the kernel into the IMA log
>    * and extend the pcr.  Examples of critical data could be various data
>    * structures, policies, and states stored in kernel memory that can
>    * impact the integrity of the system.
>    *
> - * Return: 0 if the buffer has been successfully measured, a negative value
> - * otherwise.
> + * Return: 0 if the buffer has been successfully measured, 1 if the digest
> + * has been written to the passed location but not added to a measurement entry,
> + * a negative value otherwise.
>    */
>   int ima_measure_critical_data(const char *event_label,
>   			      const char *event_name,
>   			      const void *buf, size_t buf_len,
> -			      bool hash)
> +			      bool hash, u8 *digest, size_t digest_len)
>   {
>   	if (!event_name || !event_label || !buf || !buf_len)
>   		return -ENOPARAM;
>   
>   	return process_buffer_measurement(&init_user_ns, NULL, buf, buf_len,
>   					  event_name, CRITICAL_DATA, 0,
> -					  event_label, hash);
> +					  event_label, hash, digest,
> +					  digest_len);
>   }
>   
>   static int __init init_ima(void)
> diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
> index 979ef6c71f3d..93056c03bf5a 100644
> --- a/security/integrity/ima/ima_queue_keys.c
> +++ b/security/integrity/ima/ima_queue_keys.c
> @@ -165,7 +165,7 @@ void ima_process_queued_keys(void)
>   						   entry->keyring_name,
>   						   KEY_CHECK, 0,
>   						   entry->keyring_name,
> -						   false);
> +						   false, NULL, 0);
>   		list_del(&entry->list);
>   		ima_free_key_entry(entry);
>   	}
> diff --git a/security/selinux/ima.c b/security/selinux/ima.c
> index 34d421861bfc..727c4e43219d 100644
> --- a/security/selinux/ima.c
> +++ b/security/selinux/ima.c
> @@ -86,7 +86,8 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
>   	}
>   
>   	ima_measure_critical_data("selinux", "selinux-state",
> -				  state_str, strlen(state_str), false);
> +				  state_str, strlen(state_str), false,
> +				  NULL, 0);
>   
>   	kfree(state_str);
>   
> @@ -103,7 +104,8 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
>   	}
>   
>   	ima_measure_critical_data("selinux", "selinux-policy-hash",
> -				  policy, policy_len, true);
> +				  policy, policy_len, true,
> +				  NULL, 0);
>   
>   	vfree(policy);
>   }
> 

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 3/3] ima: Add digest and digest_len params to the functions to measure a buffer
  2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
  2021-07-06 19:24   ` Lakshmi Ramasubramanian
@ 2021-07-13  2:40   ` Paul Moore
  2021-07-19 20:59   ` Mimi Zohar
  2 siblings, 0 replies; 11+ messages in thread
From: Paul Moore @ 2021-07-13  2:40 UTC (permalink / raw)
  To: Roberto Sassu
  Cc: zohar, Stephen Smalley, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux

On Mon, Jul 5, 2021 at 5:09 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
>
> This patch adds the 'digest' and 'digest_len' parameters to
> ima_measure_critical_data() and process_buffer_measurement(), so that
> callers can get the digest of the passed buffer.
>
> These functions calculate the digest even if there is no suitable rule in
> the IMA policy and, in this case, they simply return 1 before generating a
> new measurement entry.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
>  include/linux/ima.h                          |  5 +--
>  security/integrity/ima/ima.h                 |  2 +-
>  security/integrity/ima/ima_appraise.c        |  2 +-
>  security/integrity/ima/ima_asymmetric_keys.c |  2 +-
>  security/integrity/ima/ima_init.c            |  3 +-
>  security/integrity/ima/ima_main.c            | 36 ++++++++++++++------
>  security/integrity/ima/ima_queue_keys.c      |  2 +-
>  security/selinux/ima.c                       |  6 ++--
>  8 files changed, 39 insertions(+), 19 deletions(-)

The SELinux changes are trivial and fall into that
cross-subsystem-ACK-not-really-necessary category, but why not :)

For the SELinux bits:
Acked-by: Paul Moore <paul@paul-moore.com>

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 2/3] ima: Return int in the functions to measure a buffer
  2021-07-05  9:09 ` [PATCH v3 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
  2021-07-06 19:21   ` Lakshmi Ramasubramanian
@ 2021-07-19 20:28   ` Mimi Zohar
  2021-07-20 12:38     ` Roberto Sassu
  1 sibling, 1 reply; 11+ messages in thread
From: Mimi Zohar @ 2021-07-19 20:28 UTC (permalink / raw)
  To: Roberto Sassu, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux

Hi Roberto,

On Mon, 2021-07-05 at 11:09 +0200, Roberto Sassu wrote:
> ima_measure_critical_data() and process_buffer_measurement() currently
> don't return a result. A caller wouldn't be able to know whether those
> functions were executed successfully.

Missing is an explanation as to why these functions aren't currently
returning a result.   The LSM/IMA hooks only return a negative result
for failure to appraise a file's integrity, not measure a file.  Only
failure to appraise a file's integrity results in preventing the file
from being read/executed/mmaped.  Other failures are only audited.

> 
> This patch modifies the return type from void to int, and returns 0 if the
> buffer has been successfully measured, a negative value otherwise.

Needed here is an explanation as to why ima_measure_critical_data() is
special.

> 
> Also, this patch does not modify the behavior of existing callers by
> processing the returned value. For those, the return value is ignored.

I agree that the existing behavior shouldn't change, but will this
result in the bots complaining?

thanks,

Mimi


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 3/3] ima: Add digest and digest_len params to the functions to measure a buffer
  2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
  2021-07-06 19:24   ` Lakshmi Ramasubramanian
  2021-07-13  2:40   ` Paul Moore
@ 2021-07-19 20:59   ` Mimi Zohar
  2 siblings, 0 replies; 11+ messages in thread
From: Mimi Zohar @ 2021-07-19 20:59 UTC (permalink / raw)
  To: Roberto Sassu, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux

Hi Roberto,

On Mon, 2021-07-05 at 11:09 +0200, Roberto Sassu wrote:
> This patch adds the 'digest' and 'digest_len' parameters to
> ima_measure_critical_data() and process_buffer_measurement(), so that
> callers can get the digest of the passed buffer.
> 
> These functions calculate the digest even if there is no suitable rule in
> the IMA policy and, in this case, they simply return 1 before generating a
> new measurement entry.

I agree ima_measure_critical_data() is special.  Both this patch
description and 1/3 describe "what", not "why".  Please provide the
motivation for these changes at least in the cover letter, if not in
the patch description.

thanks,

Mimi


^ permalink raw reply	[flat|nested] 11+ messages in thread

* RE: [PATCH v3 2/3] ima: Return int in the functions to measure a buffer
  2021-07-19 20:28   ` Mimi Zohar
@ 2021-07-20 12:38     ` Roberto Sassu
  2021-07-20 13:01       ` Mimi Zohar
  0 siblings, 1 reply; 11+ messages in thread
From: Roberto Sassu @ 2021-07-20 12:38 UTC (permalink / raw)
  To: Mimi Zohar, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux

> From: Mimi Zohar [mailto:zohar@linux.ibm.com]
> Sent: Monday, July 19, 2021 10:28 PM
> Hi Roberto,
> 
> On Mon, 2021-07-05 at 11:09 +0200, Roberto Sassu wrote:
> > ima_measure_critical_data() and process_buffer_measurement() currently
> > don't return a result. A caller wouldn't be able to know whether those
> > functions were executed successfully.
> 
> Missing is an explanation as to why these functions aren't currently
> returning a result.   The LSM/IMA hooks only return a negative result
> for failure to appraise a file's integrity, not measure a file.  Only
> failure to appraise a file's integrity results in preventing the file
> from being read/executed/mmaped.  Other failures are only audited.

Hi Mimi

ok, will add it.

> > This patch modifies the return type from void to int, and returns 0 if the
> > buffer has been successfully measured, a negative value otherwise.
> 
> Needed here is an explanation as to why ima_measure_critical_data() is
> special.

We don't want to unnecessarily calculate the digest twice.

> > Also, this patch does not modify the behavior of existing callers by
> > processing the returned value. For those, the return value is ignored.
> 
> I agree that the existing behavior shouldn't change, but will this
> result in the bots complaining?

If I remember correctly, I didn't get any error even with W=1.

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

> thanks,
> 
> Mimi


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH v3 2/3] ima: Return int in the functions to measure a buffer
  2021-07-20 12:38     ` Roberto Sassu
@ 2021-07-20 13:01       ` Mimi Zohar
  0 siblings, 0 replies; 11+ messages in thread
From: Mimi Zohar @ 2021-07-20 13:01 UTC (permalink / raw)
  To: Roberto Sassu, paul
  Cc: stephen.smalley.work, prsriva02, tusharsu, nramas,
	linux-integrity, linux-security-module, linux-kernel, selinux

On Tue, 2021-07-20 at 12:38 +0000, Roberto Sassu wrote:
> > > This patch modifies the return type from void to int, and returns 0 if the
> > > buffer has been successfully measured, a negative value otherwise.
> > 
> > Needed here is an explanation as to why ima_measure_critical_data() is
> > special.
> 
> We don't want to unnecessarily calculate the digest twice.

That's what the "iint" cache is for.  .  This needs more a of an
explaintion as to why  ima_measure_critical_data() is special.

thanks,

Mimi


^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2021-07-20 13:02 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-05  9:09 [PATCH v3 0/3] ima: Provide more info about buffer measurement Roberto Sassu
2021-07-05  9:09 ` [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo() Roberto Sassu
2021-07-05  9:09 ` [PATCH v3 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
2021-07-06 19:21   ` Lakshmi Ramasubramanian
2021-07-19 20:28   ` Mimi Zohar
2021-07-20 12:38     ` Roberto Sassu
2021-07-20 13:01       ` Mimi Zohar
2021-07-05  9:09 ` [PATCH v3 3/3] ima: Add digest and digest_len params to " Roberto Sassu
2021-07-06 19:24   ` Lakshmi Ramasubramanian
2021-07-13  2:40   ` Paul Moore
2021-07-19 20:59   ` Mimi Zohar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).