From: Christian Brauner <brauner@kernel.org>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: linux-integrity@vger.kernel.org, zohar@linux.ibm.com,
serge@hallyn.com, christian.brauner@ubuntu.com,
containers@lists.linux.dev, dmitry.kasatkin@gmail.com,
ebiederm@xmission.com, krzysztof.struczynski@huawei.com,
roberto.sassu@huawei.com, mpeters@redhat.com, lhinds@redhat.com,
lsturman@redhat.com, puiterwi@redhat.com, jejb@linux.ibm.com,
jamjoom@us.ibm.com, linux-kernel@vger.kernel.org,
paul@paul-moore.com, rgb@redhat.com,
linux-security-module@vger.kernel.org, jmorris@namei.org,
Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [PATCH v9 08/23] ima: Move measurement list related variables into ima_namespace
Date: Wed, 26 Jan 2022 10:21:59 +0100 [thread overview]
Message-ID: <20220126092159.4rgclr5s3jli7aqy@wittgenstein> (raw)
In-Reply-To: <20220125224645.79319-9-stefanb@linux.vnet.ibm.com>
On Tue, Jan 25, 2022 at 05:46:30PM -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
>
> Move measurement list related variables into the ima_namespace. This way
> a front-end like securityfs can show the measurement list inside an IMA
> namespace.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> security/integrity/ima/ima.h | 5 +++--
> security/integrity/ima/ima_fs.c | 6 ++++--
> security/integrity/ima/ima_init_ima_ns.c | 5 +++++
> security/integrity/ima/ima_kexec.c | 12 ++++++-----
> security/integrity/ima/ima_queue.c | 27 +++++++++++-------------
> 5 files changed, 31 insertions(+), 24 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 340a59174670..45706836a77b 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -106,7 +106,6 @@ struct ima_queue_entry {
> struct list_head later; /* place in ima_measurements list */
> struct ima_template_entry *entry;
> };
> -extern struct list_head ima_measurements; /* list of all measurements */
>
> /* Some details preceding the binary serialized measurement list */
> struct ima_kexec_hdr {
> @@ -136,6 +135,8 @@ struct ima_namespace {
> struct ima_rule_entry *arch_policy_entry;
>
> struct ima_h_table ima_htable;
> + struct list_head ima_measurements; /* list of all measurements */
> + unsigned long binary_runtime_size; /* used by init_ima_ns */
> } __randomize_layout;
Moving this into struct imans seems sane to me but I'm not going to ack
it because I don't have enough knowledge to guarantee that this code
will only run for init_ima_ns. I'll leave that to Mimi.
> extern struct ima_namespace init_ima_ns;
>
> @@ -186,7 +187,7 @@ int ima_restore_measurement_entry(struct ima_namespace *ns,
> int ima_restore_measurement_list(struct ima_namespace *ns,
> loff_t bufsize, void *buf);
> int ima_measurements_show(struct seq_file *m, void *v);
> -unsigned long ima_get_binary_runtime_size(void);
> +unsigned long ima_get_binary_runtime_size(struct ima_namespace *ns);
> int ima_init_template(void);
> void ima_init_template_list(void);
> int __init ima_init_digests(void);
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index 9b4dce57c1a6..b2f088dd8572 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -80,12 +80,13 @@ static const struct file_operations ima_measurements_count_ops = {
> /* returns pointer to hlist_node */
> static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
> {
> + struct ima_namespace *ns = &init_ima_ns;
> loff_t l = *pos;
> struct ima_queue_entry *qe;
>
> /* we need a lock since pos could point beyond last element */
> rcu_read_lock();
> - list_for_each_entry_rcu(qe, &ima_measurements, later) {
> + list_for_each_entry_rcu(qe, &ns->ima_measurements, later) {
> if (!l--) {
> rcu_read_unlock();
> return qe;
> @@ -97,6 +98,7 @@ static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
>
> static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
> {
> + struct ima_namespace *ns = &init_ima_ns;
> struct ima_queue_entry *qe = v;
>
> /* lock protects when reading beyond last element
> @@ -107,7 +109,7 @@ static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
> rcu_read_unlock();
> (*pos)++;
>
> - return (&qe->later == &ima_measurements) ? NULL : qe;
> + return (&qe->later == &ns->ima_measurements) ? NULL : qe;
> }
>
> static void ima_measurements_stop(struct seq_file *m, void *v)
> diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c
> index 1945fa8cfc4d..a7477072c587 100644
> --- a/security/integrity/ima/ima_init_ima_ns.c
> +++ b/security/integrity/ima/ima_init_ima_ns.c
> @@ -20,6 +20,11 @@ static int ima_init_namespace(struct ima_namespace *ns)
> atomic_long_set(&ns->ima_htable.len, 0);
> atomic_long_set(&ns->ima_htable.violations, 0);
> memset(&ns->ima_htable.queue, 0, sizeof(ns->ima_htable.queue));
> + INIT_LIST_HEAD(&ns->ima_measurements);
> + if (IS_ENABLED(CONFIG_IMA_KEXEC) && ns == &init_ima_ns)
> + ns->binary_runtime_size = 0;
> + else
> + ns->binary_runtime_size = ULONG_MAX;
>
> return 0;
> }
> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> index f3ef8a0df992..e83b18492f46 100644
> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -15,7 +15,8 @@
> #include "ima.h"
>
> #ifdef CONFIG_IMA_KEXEC
> -static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
> +static int ima_dump_measurement_list(struct ima_namespace *ns,
> + unsigned long *buffer_size, void **buffer,
> unsigned long segment_size)
> {
> struct ima_queue_entry *qe;
> @@ -36,7 +37,7 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
>
> memset(&khdr, 0, sizeof(khdr));
> khdr.version = 1;
> - list_for_each_entry_rcu(qe, &ima_measurements, later) {
> + list_for_each_entry_rcu(qe, &ns->ima_measurements, later) {
> if (file.count < file.size) {
> khdr.count++;
> ima_measurements_show(&file, qe);
> @@ -84,6 +85,7 @@ void ima_add_kexec_buffer(struct kimage *image)
> struct kexec_buf kbuf = { .image = image, .buf_align = PAGE_SIZE,
> .buf_min = 0, .buf_max = ULONG_MAX,
> .top_down = true };
> + struct ima_namespace *ns = &init_ima_ns;
> unsigned long binary_runtime_size;
>
> /* use more understandable variable names than defined in kbuf */
> @@ -96,11 +98,11 @@ void ima_add_kexec_buffer(struct kimage *image)
> * Reserve an extra half page of memory for additional measurements
> * added during the kexec load.
> */
> - binary_runtime_size = ima_get_binary_runtime_size();
> + binary_runtime_size = ima_get_binary_runtime_size(ns);
> if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE)
> kexec_segment_size = ULONG_MAX;
> else
> - kexec_segment_size = ALIGN(ima_get_binary_runtime_size() +
> + kexec_segment_size = ALIGN(ima_get_binary_runtime_size(ns) +
> PAGE_SIZE / 2, PAGE_SIZE);
> if ((kexec_segment_size == ULONG_MAX) ||
> ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) {
> @@ -108,7 +110,7 @@ void ima_add_kexec_buffer(struct kimage *image)
> return;
> }
>
> - ima_dump_measurement_list(&kexec_buffer_size, &kexec_buffer,
> + ima_dump_measurement_list(ns, &kexec_buffer_size, &kexec_buffer,
> kexec_segment_size);
> if (!kexec_buffer) {
> pr_err("Not enough memory for the kexec measurement buffer.\n");
> diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
> index 43961d5cd2ef..0355c2b0932c 100644
> --- a/security/integrity/ima/ima_queue.c
> +++ b/security/integrity/ima/ima_queue.c
> @@ -24,13 +24,6 @@
> /* pre-allocated array of tpm_digest structures to extend a PCR */
> static struct tpm_digest *digests;
>
> -LIST_HEAD(ima_measurements); /* list of all measurements */
> -#ifdef CONFIG_IMA_KEXEC
> -static unsigned long binary_runtime_size;
> -#else
> -static unsigned long binary_runtime_size = ULONG_MAX;
> -#endif
> -
> /* mutex protects atomicity of extending measurement list
> * and extending the TPM PCR aggregate. Since tpm_extend can take
> * long (and the tpm driver uses a mutex), we can't use the spinlock.
> @@ -100,7 +93,7 @@ static int ima_add_digest_entry(struct ima_namespace *ns,
> qe->entry = entry;
>
> INIT_LIST_HEAD(&qe->later);
> - list_add_tail_rcu(&qe->later, &ima_measurements);
> + list_add_tail_rcu(&qe->later, &ns->ima_measurements);
>
> atomic_long_inc(&ns->ima_htable.len);
> if (update_htable) {
> @@ -110,12 +103,14 @@ static int ima_add_digest_entry(struct ima_namespace *ns,
> INIT_HLIST_NODE(&qe->hnext);
> }
>
> - if (binary_runtime_size != ULONG_MAX) {
> + if (ns->binary_runtime_size != ULONG_MAX) {
> int size;
>
> size = get_binary_runtime_size(entry);
> - binary_runtime_size = (binary_runtime_size < ULONG_MAX - size) ?
> - binary_runtime_size + size : ULONG_MAX;
> + ns->binary_runtime_size =
> + (ns->binary_runtime_size < ULONG_MAX - size)
> + ? ns->binary_runtime_size + size
> + : ULONG_MAX;
> }
> return 0;
> }
> @@ -123,14 +118,16 @@ static int ima_add_digest_entry(struct ima_namespace *ns,
> /*
> * Return the amount of memory required for serializing the
> * entire binary_runtime_measurement list, including the ima_kexec_hdr
> - * structure.
> + * structure. Carrying the measurement list across kexec is limited
> + * to init_ima_ns.
> */
> -unsigned long ima_get_binary_runtime_size(void)
> +unsigned long ima_get_binary_runtime_size(struct ima_namespace *ns)
> {
> - if (binary_runtime_size >= (ULONG_MAX - sizeof(struct ima_kexec_hdr)))
> + if (ns->binary_runtime_size >=
> + (ULONG_MAX - sizeof(struct ima_kexec_hdr)))
> return ULONG_MAX;
> else
> - return binary_runtime_size + sizeof(struct ima_kexec_hdr);
> + return ns->binary_runtime_size + sizeof(struct ima_kexec_hdr);
> }
>
> static int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr)
> --
> 2.31.1
>
>
next prev parent reply other threads:[~2022-01-26 9:22 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-25 22:46 [PATCH v9 00/23] ima: Namespace IMA with audit support in IMA-ns Stefan Berger
2022-01-25 22:46 ` [PATCH v9 01/23] ima: Remove ima_policy file before directory Stefan Berger
2022-01-26 8:30 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 02/23] ima: Do not print policy rule with inactive LSM labels Stefan Berger
2022-01-26 8:38 ` Christian Brauner
2022-01-27 14:12 ` Mimi Zohar
2022-01-25 22:46 ` [PATCH v9 03/23] securityfs: rework dentry creation Stefan Berger
2022-01-25 22:46 ` [PATCH v9 04/23] securityfs: Extend securityfs with namespacing support Stefan Berger
2022-01-27 16:53 ` Mimi Zohar
2022-01-31 22:28 ` Stefan Berger
2022-01-31 23:43 ` Mimi Zohar
2022-01-25 22:46 ` [PATCH v9 05/23] ima: Define ima_namespace struct and start moving variables into it Stefan Berger
2022-01-26 8:47 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 06/23] ima: Move arch_policy_entry into ima_namespace Stefan Berger
2022-01-26 9:11 ` Christian Brauner
2022-01-27 19:42 ` Mimi Zohar
2022-01-25 22:46 ` [PATCH v9 07/23] ima: Move ima_htable " Stefan Berger
2022-01-26 9:16 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 08/23] ima: Move measurement list related variables " Stefan Berger
2022-01-26 9:21 ` Christian Brauner [this message]
2022-01-26 22:23 ` Stefan Berger
2022-01-27 21:48 ` Mimi Zohar
2022-01-28 14:06 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 09/23] ima: Move some IMA policy and filesystem " Stefan Berger
2022-01-26 9:23 ` Christian Brauner
2022-01-27 22:30 ` Mimi Zohar
2022-01-28 15:44 ` Stefan Berger
2022-01-28 16:03 ` Mimi Zohar
2022-01-25 22:46 ` [PATCH v9 10/23] ima: Move IMA securityfs files into ima_namespace or onto stack Stefan Berger
2022-01-26 9:40 ` Christian Brauner
2022-01-27 17:02 ` Stefan Berger
2022-01-28 3:13 ` Mimi Zohar
2022-01-25 22:46 ` [PATCH v9 11/23] ima: Move ima_lsm_policy_notifier into ima_namespace Stefan Berger
2022-01-26 13:05 ` Christian Brauner
2022-01-26 21:54 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 12/23] ima: Define mac_admin_ns_capable() as a wrapper for ns_capable() Stefan Berger
2022-01-26 13:43 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 13/23] ima: Only accept AUDIT rules for non-init_ima_ns namespaces for now Stefan Berger
2022-01-26 13:44 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 14/23] userns: Add pointer to ima_namespace to user_namespace Stefan Berger
2022-01-26 14:46 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 15/23] ima: Implement hierarchical processing of file accesses Stefan Berger
2022-01-26 12:39 ` Christian Brauner
2022-01-26 22:05 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 16/23] ima: Implement ima_free_policy_rules() for freeing of an ima_namespace Stefan Berger
2022-01-28 14:02 ` Mimi Zohar
2022-01-31 18:56 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 17/23] ima: Add functions for creating and " Stefan Berger
2022-01-26 13:56 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 18/23] integrity/ima: Define ns_status for storing namespaced iint data Stefan Berger
2022-01-25 22:46 ` [PATCH v9 19/23] ima: Namespace audit status flags Stefan Berger
2022-01-25 22:46 ` [PATCH v9 20/23] ima: Setup securityfs for IMA namespace Stefan Berger
2022-01-26 14:03 ` Christian Brauner
2022-01-25 22:46 ` [PATCH v9 21/23] ima: Introduce securityfs file to activate an " Stefan Berger
2022-01-26 14:31 ` Christian Brauner
2022-01-27 15:24 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 22/23] ima: Show owning user namespace's uid and gid when displaying policy Stefan Berger
2022-01-26 14:43 ` Christian Brauner
2022-01-26 14:43 ` Christian Brauner
2022-01-26 23:13 ` Stefan Berger
2022-01-25 22:46 ` [PATCH v9 23/23] ima: Enable IMA namespaces Stefan Berger
2022-01-26 14:57 ` Christian Brauner
2022-01-26 13:19 ` [PATCH v9 00/23] ima: Namespace IMA with audit support in IMA-ns Christian Brauner
2022-01-28 18:34 ` Stefan Berger
2022-01-26 16:52 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220126092159.4rgclr5s3jli7aqy@wittgenstein \
--to=brauner@kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux.dev \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiederm@xmission.com \
--cc=jamjoom@us.ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=krzysztof.struczynski@huawei.com \
--cc=lhinds@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lsturman@redhat.com \
--cc=mpeters@redhat.com \
--cc=paul@paul-moore.com \
--cc=puiterwi@redhat.com \
--cc=rgb@redhat.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).