From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-ima-devel@lists.sourceforge.net,
Dave Young <dyoung@redhat.com>,
kexec@lists.infradead.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org,
Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
Subject: [PATCH 6/7] ima: store the builtin/custom template definitions in a list
Date: Thu, 4 Aug 2016 08:24:34 -0400 [thread overview]
Message-ID: <1470313475-20090-7-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1470313475-20090-1-git-send-email-zohar@linux.vnet.ibm.com>
The builtin and single custom templates are currently stored in an
array. In preparation for being able to restore a measurement list
containing multiple builtin/custom templates, this patch stores the
builtin and custom templates as a linked list. This will permit
defining more than one custom template per boot.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_main.c | 1 +
security/integrity/ima/ima_template.c | 37 +++++++++++++++++++++++++++--------
3 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index f972296..9d7fdd5 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -81,6 +81,7 @@ struct ima_template_field {
/* IMA template descriptor definition */
struct ima_template_desc {
+ struct list_head list;
char *name;
char *fmt;
int num_fields;
@@ -135,6 +136,7 @@ int ima_restore_measurement_list(loff_t bufsize, void *buf);
int ima_measurements_show(struct seq_file *m, void *v);
unsigned long ima_get_binary_runtime_size(void);
int ima_init_template(void);
+void ima_init_template_list(void);
/*
* used to protect h_table and sha_table
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 596ef61..592f318 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -418,6 +418,7 @@ static int __init init_ima(void)
{
int error;
+ ima_init_template_list();
hash_setup(CONFIG_IMA_DEFAULT_HASH);
error = ima_init();
if (!error) {
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index c6510f0..b7bcb62 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -15,16 +15,20 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/rculist.h>
#include "ima.h"
#include "ima_template_lib.h"
-static struct ima_template_desc defined_templates[] = {
+static struct ima_template_desc builtin_templates[] = {
{.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
{.name = "ima-ng", .fmt = "d-ng|n-ng"},
{.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
{.name = "", .fmt = ""}, /* placeholder for a custom format */
};
+static LIST_HEAD(defined_templates);
+spinlock_t template_list;
+
static struct ima_template_field supported_fields[] = {
{.field_id = "d", .field_init = ima_eventdigest_init,
.field_show = ima_show_template_digest},
@@ -80,7 +84,7 @@ __setup("ima_template=", ima_template_setup);
static int __init ima_template_fmt_setup(char *str)
{
- int num_templates = ARRAY_SIZE(defined_templates);
+ int num_templates = ARRAY_SIZE(builtin_templates);
if (ima_template)
return 1;
@@ -91,20 +95,24 @@ static int __init ima_template_fmt_setup(char *str)
return 1;
}
- defined_templates[num_templates - 1].fmt = str;
- ima_template = defined_templates + num_templates - 1;
+ builtin_templates[num_templates - 1].fmt = str;
+ ima_template = builtin_templates + num_templates - 1;
+
return 1;
}
__setup("ima_template_fmt=", ima_template_fmt_setup);
static struct ima_template_desc *lookup_template_desc(const char *name)
{
- int i;
+ struct ima_template_desc *template_desc;
- for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
- if (strcmp(defined_templates[i].name, name) == 0)
- return defined_templates + i;
+ rcu_read_lock();
+ list_for_each_entry_rcu(template_desc, &defined_templates, list) {
+ if ((strcmp(template_desc->name, name) == 0) ||
+ (strcmp(template_desc->fmt, name) == 0))
+ return template_desc;
}
+ rcu_read_unlock();
return NULL;
}
@@ -190,6 +198,19 @@ struct ima_template_desc *ima_template_desc_current(void)
return ima_template;
}
+void __init ima_init_template_list(void)
+{
+ int i;
+
+ spin_lock(&template_list);
+ for (i = 0; i < ARRAY_SIZE(builtin_templates); i++) {
+ list_add_tail_rcu(&builtin_templates[i].list,
+ &defined_templates);
+ }
+ spin_unlock(&template_list);
+ synchronize_rcu();
+}
+
int __init ima_init_template(void)
{
struct ima_template_desc *template = ima_template_desc_current();
--
2.1.0
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org,
Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
linux-ima-devel@lists.sourceforge.net,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dave Young <dyoung@redhat.com>
Subject: [PATCH 6/7] ima: store the builtin/custom template definitions in a list
Date: Thu, 4 Aug 2016 08:24:34 -0400 [thread overview]
Message-ID: <1470313475-20090-7-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1470313475-20090-1-git-send-email-zohar@linux.vnet.ibm.com>
The builtin and single custom templates are currently stored in an
array. In preparation for being able to restore a measurement list
containing multiple builtin/custom templates, this patch stores the
builtin and custom templates as a linked list. This will permit
defining more than one custom template per boot.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_main.c | 1 +
security/integrity/ima/ima_template.c | 37 +++++++++++++++++++++++++++--------
3 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index f972296..9d7fdd5 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -81,6 +81,7 @@ struct ima_template_field {
/* IMA template descriptor definition */
struct ima_template_desc {
+ struct list_head list;
char *name;
char *fmt;
int num_fields;
@@ -135,6 +136,7 @@ int ima_restore_measurement_list(loff_t bufsize, void *buf);
int ima_measurements_show(struct seq_file *m, void *v);
unsigned long ima_get_binary_runtime_size(void);
int ima_init_template(void);
+void ima_init_template_list(void);
/*
* used to protect h_table and sha_table
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 596ef61..592f318 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -418,6 +418,7 @@ static int __init init_ima(void)
{
int error;
+ ima_init_template_list();
hash_setup(CONFIG_IMA_DEFAULT_HASH);
error = ima_init();
if (!error) {
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index c6510f0..b7bcb62 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -15,16 +15,20 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/rculist.h>
#include "ima.h"
#include "ima_template_lib.h"
-static struct ima_template_desc defined_templates[] = {
+static struct ima_template_desc builtin_templates[] = {
{.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
{.name = "ima-ng", .fmt = "d-ng|n-ng"},
{.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
{.name = "", .fmt = ""}, /* placeholder for a custom format */
};
+static LIST_HEAD(defined_templates);
+spinlock_t template_list;
+
static struct ima_template_field supported_fields[] = {
{.field_id = "d", .field_init = ima_eventdigest_init,
.field_show = ima_show_template_digest},
@@ -80,7 +84,7 @@ __setup("ima_template=", ima_template_setup);
static int __init ima_template_fmt_setup(char *str)
{
- int num_templates = ARRAY_SIZE(defined_templates);
+ int num_templates = ARRAY_SIZE(builtin_templates);
if (ima_template)
return 1;
@@ -91,20 +95,24 @@ static int __init ima_template_fmt_setup(char *str)
return 1;
}
- defined_templates[num_templates - 1].fmt = str;
- ima_template = defined_templates + num_templates - 1;
+ builtin_templates[num_templates - 1].fmt = str;
+ ima_template = builtin_templates + num_templates - 1;
+
return 1;
}
__setup("ima_template_fmt=", ima_template_fmt_setup);
static struct ima_template_desc *lookup_template_desc(const char *name)
{
- int i;
+ struct ima_template_desc *template_desc;
- for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
- if (strcmp(defined_templates[i].name, name) == 0)
- return defined_templates + i;
+ rcu_read_lock();
+ list_for_each_entry_rcu(template_desc, &defined_templates, list) {
+ if ((strcmp(template_desc->name, name) == 0) ||
+ (strcmp(template_desc->fmt, name) == 0))
+ return template_desc;
}
+ rcu_read_unlock();
return NULL;
}
@@ -190,6 +198,19 @@ struct ima_template_desc *ima_template_desc_current(void)
return ima_template;
}
+void __init ima_init_template_list(void)
+{
+ int i;
+
+ spin_lock(&template_list);
+ for (i = 0; i < ARRAY_SIZE(builtin_templates); i++) {
+ list_add_tail_rcu(&builtin_templates[i].list,
+ &defined_templates);
+ }
+ spin_unlock(&template_list);
+ synchronize_rcu();
+}
+
int __init ima_init_template(void)
{
struct ima_template_desc *template = ima_template_desc_current();
--
2.1.0
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2016-08-04 15:31 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-04 12:24 [PATCH 0/7] ima: carry the measurement list across kexec Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-04 12:24 ` [PATCH 1/7] ima: on soft reboot, restore the measurement list Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-05 8:44 ` Petko Manolov
2016-08-05 8:44 ` Petko Manolov
2016-08-05 13:34 ` Mimi Zohar
2016-08-05 13:34 ` Mimi Zohar
2016-08-05 15:56 ` Petko Manolov
2016-08-05 15:56 ` Petko Manolov
2016-08-09 10:59 ` Michael Ellerman
2016-08-09 10:59 ` Michael Ellerman
2016-08-09 13:01 ` Mimi Zohar
2016-08-09 13:01 ` Mimi Zohar
2016-08-09 13:19 ` Thiago Jung Bauermann
2016-08-09 13:19 ` Thiago Jung Bauermann
2016-08-09 13:35 ` David Laight
2016-08-09 13:35 ` David Laight
2016-08-09 13:35 ` David Laight
2016-08-09 14:02 ` Mimi Zohar
2016-08-09 14:02 ` Mimi Zohar
2016-08-09 14:02 ` Mimi Zohar
2016-08-09 13:55 ` Mimi Zohar
2016-08-09 13:55 ` Mimi Zohar
2016-08-09 14:06 ` Mimi Zohar
2016-08-09 14:06 ` Mimi Zohar
2016-08-09 23:13 ` Samuel Mendoza-Jonas
2016-08-09 23:13 ` Samuel Mendoza-Jonas
2016-08-10 3:41 ` Michael Ellerman
2016-08-10 3:41 ` Michael Ellerman
2016-08-10 5:05 ` Thiago Jung Bauermann
2016-08-10 5:05 ` Thiago Jung Bauermann
2016-08-10 9:52 ` Michael Ellerman
2016-08-10 9:52 ` Michael Ellerman
2016-08-10 12:54 ` Mimi Zohar
2016-08-10 12:54 ` Mimi Zohar
2016-08-10 14:32 ` [Linux-ima-devel] " Petko Manolov
2016-08-10 14:32 ` Petko Manolov
2016-08-10 14:40 ` David Laight
2016-08-10 14:40 ` David Laight
2016-08-10 14:40 ` David Laight
2016-08-10 15:48 ` Petko Manolov
2016-08-10 15:48 ` Petko Manolov
2016-08-10 15:48 ` Petko Manolov
2016-08-04 12:24 ` [PATCH 2/7] ima: permit duplicate measurement list entries Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-04 12:24 ` [PATCH 3/7] ima: maintain memory size needed for serializing the measurement list Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-04 12:24 ` [PATCH 4/7] ima: serialize the binary_runtime_measurements Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-04 12:24 ` [PATCH 5/7] ima: on soft reboot, save the measurement list Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar [this message]
2016-08-04 12:24 ` [PATCH 6/7] ima: store the builtin/custom template definitions in a list Mimi Zohar
2016-08-04 12:24 ` [PATCH 7/7] ima: support restoring multiple template formats Mimi Zohar
2016-08-04 12:24 ` Mimi Zohar
2016-08-09 5:19 ` [PATCH 0/7] ima: carry the measurement list across kexec Balbir Singh
2016-08-09 5:19 ` Balbir Singh
2016-08-09 12:36 ` Mimi Zohar
2016-08-09 12:36 ` Mimi Zohar
2016-08-11 7:38 ` Balbir Singh
2016-08-11 7:38 ` Balbir Singh
2016-08-11 11:25 ` Mimi Zohar
2016-08-11 11:25 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1470313475-20090-7-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=bauerman@linux.vnet.ibm.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.