From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: Mimi Zohar <zohar@linux.ibm.com>, Dmitry Vyukov <dvyukov@google.com>
Cc: linux-integrity@vger.kernel.org, James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Eric Biggers <ebiggers@kernel.org>
Subject: Re: [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Date: Tue, 23 Mar 2021 23:01:31 +0900 [thread overview]
Message-ID: <8a8763a7-eeeb-3578-d50c-c15919fbe1f9@i-love.sakura.ne.jp> (raw)
In-Reply-To: <cde00350-2a18-1759-d53b-2e7489b6cc0e@i-love.sakura.ne.jp>
On 2021/03/23 22:37, Tetsuo Handa wrote:
> On 2021/03/23 21:09, Mimi Zohar wrote:
>> Please take a look at the newer version of this patch. Do you want to
>> add any tags?
>
> Oh, I didn't know that you already posted the newer version.
>
>> diff --git a/security/integrity/iint.c b/security/integrity/iint.c
>> index 1d20003243c3..0ba01847e836 100644
>> --- a/security/integrity/iint.c
>> +++ b/security/integrity/iint.c
>> @@ -98,6 +98,14 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
>> struct rb_node *node, *parent = NULL;
>> struct integrity_iint_cache *iint, *test_iint;
>>
>> + /*
>> + * The integrity's "iint_cache" is initialized at security_init(),
>> + * unless it is not included in the ordered list of LSMs enabled
>> + * on the boot command line.
>> + */
>> + if (!iint_cache)
>> + panic("%s: lsm=integrity required.\n", __func__);
>> +
>
> This looks strange. If "lsm=" parameter must include "integrity",
> it implies that nobody is allowed to disable "integrity" at boot.
> Then, why not unconditionally call integrity_iintcache_init() by
> not counting on DEFINE_LSM(integrity) declaration?
Or, I think below one is also possible.
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index 1d20003243c3..37afc5168891 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -19,6 +19,7 @@
#include <linux/uaccess.h>
#include <linux/security.h>
#include <linux/lsm_hooks.h>
+#include <linux/sched/mm.h>
#include "integrity.h"
static struct rb_root integrity_iint_tree = RB_ROOT;
@@ -85,6 +86,20 @@ static void iint_free(struct integrity_iint_cache *iint)
kmem_cache_free(iint_cache, iint);
}
+static void init_once(void *foo)
+{
+ struct integrity_iint_cache *iint = foo;
+
+ memset(iint, 0, sizeof(*iint));
+ iint->ima_file_status = INTEGRITY_UNKNOWN;
+ iint->ima_mmap_status = INTEGRITY_UNKNOWN;
+ iint->ima_bprm_status = INTEGRITY_UNKNOWN;
+ iint->ima_read_status = INTEGRITY_UNKNOWN;
+ iint->ima_creds_status = INTEGRITY_UNKNOWN;
+ iint->evm_status = INTEGRITY_UNKNOWN;
+ mutex_init(&iint->mutex);
+}
+
/**
* integrity_inode_get - find or allocate an iint associated with an inode
* @inode: pointer to the inode
@@ -102,6 +117,18 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
if (iint)
return iint;
+ if (!iint_cache) {
+ static DEFINE_MUTEX(lock);
+ unsigned int flags = memalloc_nofs_save();
+
+ mutex_lock(&lock);
+ if (!iint_cache)
+ iint_cache = kmem_cache_create("iint_cache",
+ sizeof(struct integrity_iint_cache),
+ 0, SLAB_PANIC, init_once);
+ mutex_unlock(&lock);
+ memalloc_nofs_restore(flags);
+ }
iint = kmem_cache_alloc(iint_cache, GFP_NOFS);
if (!iint)
return NULL;
@@ -150,25 +177,8 @@ void integrity_inode_free(struct inode *inode)
iint_free(iint);
}
-static void init_once(void *foo)
-{
- struct integrity_iint_cache *iint = foo;
-
- memset(iint, 0, sizeof(*iint));
- iint->ima_file_status = INTEGRITY_UNKNOWN;
- iint->ima_mmap_status = INTEGRITY_UNKNOWN;
- iint->ima_bprm_status = INTEGRITY_UNKNOWN;
- iint->ima_read_status = INTEGRITY_UNKNOWN;
- iint->ima_creds_status = INTEGRITY_UNKNOWN;
- iint->evm_status = INTEGRITY_UNKNOWN;
- mutex_init(&iint->mutex);
-}
-
static int __init integrity_iintcache_init(void)
{
- iint_cache =
- kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache),
- 0, SLAB_PANIC, init_once);
return 0;
}
DEFINE_LSM(integrity) = {
next prev parent reply other threads:[~2021-03-23 14:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 20:03 [RFC PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded Mimi Zohar
2021-03-19 20:03 ` [RFC PATCH 2/2] integrity: double check iint_cache was initialized Mimi Zohar
2021-03-22 7:10 ` Tetsuo Handa
2021-03-22 7:53 ` Dmitry Vyukov
2021-03-23 1:46 ` Tetsuo Handa
2021-03-23 12:09 ` Mimi Zohar
2021-03-23 13:37 ` Tetsuo Handa
2021-03-23 14:01 ` Tetsuo Handa [this message]
2021-03-23 14:47 ` Mimi Zohar
2021-03-23 15:14 ` Tetsuo Handa
2021-03-23 16:13 ` Mimi Zohar
2021-03-24 10:10 ` Tetsuo Handa
2021-03-24 11:10 ` Mimi Zohar
2021-03-24 11:20 ` Tetsuo Handa
2021-03-24 11:37 ` Dmitry Vyukov
2021-03-24 11:49 ` Mimi Zohar
2021-03-24 11:58 ` Dmitry Vyukov
2021-03-24 12:17 ` Mimi Zohar
2021-03-24 15:56 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a8763a7-eeeb-3578-d50c-c15919fbe1f9@i-love.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=dvyukov@google.com \
--cc=ebiggers@kernel.org \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).