linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Roberto Sassu <roberto.sassu@huawei.com>,
	zohar@linux.ibm.com, paul@paul-moore.com
Cc: stephen.smalley.work@gmail.com, prsriva02@gmail.com,
	tusharsu@linux.microsoft.com, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, selinux@vger.kernel.org
Subject: Re: [PATCH 3/3] ima: Add digest parameter to the functions to measure a buffer
Date: Wed, 30 Jun 2021 07:56:24 -0700	[thread overview]
Message-ID: <e34639b4-145a-05a0-5ab4-ea51f9093e90@linux.microsoft.com> (raw)
In-Reply-To: <20210630141635.2862222-4-roberto.sassu@huawei.com>

On 6/30/2021 7:16 AM, Roberto Sassu wrote:

Hi Roberto,

> This patch adds the 'digest' parameter to ima_measure_critical_data() and
> process_buffer_measurement(), so that callers can get the digest of the
> passed buffer.
> 
> These functions calculate the digest even if there is no suitable rule in
> the IMA policy and, in this case, they simply return 1 before generating a
> new measurement entry.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
>   include/linux/ima.h                          |  4 +--
>   security/integrity/ima/ima.h                 |  2 +-
>   security/integrity/ima/ima_appraise.c        |  2 +-
>   security/integrity/ima/ima_asymmetric_keys.c |  2 +-
>   security/integrity/ima/ima_init.c            |  2 +-
>   security/integrity/ima/ima_main.c            | 31 +++++++++++++-------
>   security/integrity/ima/ima_queue_keys.c      |  2 +-
>   security/selinux/ima.c                       |  4 +--
>   8 files changed, 30 insertions(+), 19 deletions(-)
> 

>   
> +	if (digest)
> +		memcpy(digest, iint.ima_hash->digest,
> +		       hash_digest_size[ima_hash_algo]);

I think the caller should also pass the size of the buffer allocated to 
receive the calculated digest. And, here copy only up to that many bytes 
so we don't accidentally cause buffer overrun.

  -lakshmi

> +
> +	if (!ima_policy_flag || (func && !(action & IMA_MEASURE)))
> +		return 1;
> +
>   	ret = ima_alloc_init_template(&event_data, &entry, template);
>   	if (ret < 0) {
>   		audit_cause = "alloc_entry";
> @@ -966,7 +975,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
>   	ret = process_buffer_measurement(file_mnt_user_ns(f.file),
>   					 file_inode(f.file), buf, size,
>   					 "kexec-cmdline", KEXEC_CMDLINE, 0,
> -					 NULL, false);
> +					 NULL, false, NULL);
>   	fdput(f);
>   }
>   
> @@ -977,26 +986,28 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
>    * @buf: pointer to buffer data
>    * @buf_len: length of buffer data (in bytes)
>    * @hash: measure buffer data hash
> + * @digest: buffer digest will be written to
>    *
>    * Measure data critical to the integrity of the kernel into the IMA log
>    * and extend the pcr.  Examples of critical data could be various data
>    * structures, policies, and states stored in kernel memory that can
>    * impact the integrity of the system.
>    *
> - * Returns 0 if the buffer has been successfully measured, a negative value
> - * otherwise.
> + * Returns 0 if the buffer has been successfully measured, 1 if the digest
> + * has been written to the passed location but not added to a measurement entry,
> + * a negative value otherwise.
>    */
>   int ima_measure_critical_data(const char *event_label,
>   			      const char *event_name,
>   			      const void *buf, size_t buf_len,
> -			      bool hash)
> +			      bool hash, u8 *digest)
>   {
>   	if (!event_name || !event_label || !buf || !buf_len)
>   		return -ENOPARAM;
>   
>   	return process_buffer_measurement(&init_user_ns, NULL, buf, buf_len,
>   					  event_name, CRITICAL_DATA, 0,
> -					  event_label, hash);
> +					  event_label, hash, digest);
>   }
>   
>   static int __init init_ima(void)
> diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
> index e3047ce64f39..ac00a4778a91 100644
> --- a/security/integrity/ima/ima_queue_keys.c
> +++ b/security/integrity/ima/ima_queue_keys.c
> @@ -166,7 +166,7 @@ void ima_process_queued_keys(void)
>   							 entry->keyring_name,
>   							 KEY_CHECK, 0,
>   							 entry->keyring_name,
> -							 false);
> +							 false, NULL);
>   		list_del(&entry->list);
>   		ima_free_key_entry(entry);
>   	}
> diff --git a/security/selinux/ima.c b/security/selinux/ima.c
> index 4db9fa211638..96bd7ead8081 100644
> --- a/security/selinux/ima.c
> +++ b/security/selinux/ima.c
> @@ -88,7 +88,7 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
>   
>   	measure_rc = ima_measure_critical_data("selinux", "selinux-state",
>   					       state_str, strlen(state_str),
> -					       false);
> +					       false, NULL);
>   
>   	kfree(state_str);
>   
> @@ -105,7 +105,7 @@ void selinux_ima_measure_state_locked(struct selinux_state *state)
>   	}
>   
>   	measure_rc = ima_measure_critical_data("selinux", "selinux-policy-hash",
> -					       policy, policy_len, true);
> +					       policy, policy_len, true, NULL);
>   
>   	vfree(policy);
>   }
> 

  reply	other threads:[~2021-06-30 14:54 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-30 14:16 [PATCH 0/3] ima: Provide more info about buffer measurement Roberto Sassu
2021-06-30 14:16 ` [PATCH 1/3] ima: Introduce ima_get_current_hash_algo() Roberto Sassu
2021-06-30 14:16 ` [PATCH 2/3] ima: Return int in the functions to measure a buffer Roberto Sassu
2021-06-30 14:16 ` [PATCH 3/3] ima: Add digest parameter to " Roberto Sassu
2021-06-30 14:56   ` Lakshmi Ramasubramanian [this message]
2021-06-30 15:09     ` Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e34639b4-145a-05a0-5ab4-ea51f9093e90@linux.microsoft.com \
    --to=nramas@linux.microsoft.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=prsriva02@gmail.com \
    --cc=roberto.sassu@huawei.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=tusharsu@linux.microsoft.com \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH 3/3] ima: Add digest parameter to the functions to measure a buffer' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).