mbox series

[v3,0/2] ima/evm fixes for v5.2

Message ID 20190606112620.26488-1-roberto.sassu@huawei.com (mailing list archive)
Headers show
Series ima/evm fixes for v5.2 | expand

Message

Roberto Sassu June 6, 2019, 11:26 a.m. UTC
Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
EVM status'. However, I realized that this patch cannot be accepted alone
because IMA-Appraisal would deny access to new files created during the
boot. With the current behavior, those files are accessible because they
have a valid security.ima (not protected by EVM) created after the first
write.

A solution for this problem is to initialize EVM very early with a random
key. Access to created files will be granted, even with the strict
appraisal, because after the first write those files will have both
security.ima and security.evm (HMAC calculated with the random key).

Strict appraisal will work only if it is done with signatures until the
persistent HMAC key is loaded.


Roberto Sassu (2):
  evm: add option to set a random HMAC key at early boot
  ima: add enforce-evm and log-evm modes to strictly check EVM status

 .../admin-guide/kernel-parameters.txt         | 11 ++--
 security/integrity/evm/evm.h                  | 10 +++-
 security/integrity/evm/evm_crypto.c           | 57 ++++++++++++++++---
 security/integrity/evm/evm_main.c             | 41 ++++++++++---
 security/integrity/ima/ima_appraise.c         |  8 +++
 security/integrity/integrity.h                |  1 +
 6 files changed, 106 insertions(+), 22 deletions(-)

Comments

Roberto Sassu June 6, 2019, 11:43 a.m. UTC | #1
On 6/6/2019 1:26 PM, Roberto Sassu wrote:
> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> EVM status'. However, I realized that this patch cannot be accepted alone
> because IMA-Appraisal would deny access to new files created during the
> boot. With the current behavior, those files are accessible because they
> have a valid security.ima (not protected by EVM) created after the first
> write.
> 
> A solution for this problem is to initialize EVM very early with a random
> key. Access to created files will be granted, even with the strict
> appraisal, because after the first write those files will have both
> security.ima and security.evm (HMAC calculated with the random key).
> 
> Strict appraisal will work only if it is done with signatures until the
> persistent HMAC key is loaded.

Changelog

v2:
- remove patch 1/3 (evm: check hash algorithm passed to init_desc());
   already accepted
- remove patch 3/3 (ima: show rules with IMA_INMASK correctly);
   already accepted
- add new patch (evm: add option to set a random HMAC key at early boot)
- patch 2/3: modify patch description

v1:
- remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file
   attributes cannot be set if the signature is portable and immutable
- patch 3/4: add __ro_after_init to ima_appraise_req_evm variable
   declaration
- patch 3/4: remove ima_appraise_req_evm kernel option and introduce
   'enforce-evm' and 'log-evm' as possible values for ima_appraise=
- remove patch 4/4 (ima: only audit failed appraisal verifications)
- add new patch (ima: show rules with IMA_INMASK correctly)


> Roberto Sassu (2):
>    evm: add option to set a random HMAC key at early boot
>    ima: add enforce-evm and log-evm modes to strictly check EVM status
> 
>   .../admin-guide/kernel-parameters.txt         | 11 ++--
>   security/integrity/evm/evm.h                  | 10 +++-
>   security/integrity/evm/evm_crypto.c           | 57 ++++++++++++++++---
>   security/integrity/evm/evm_main.c             | 41 ++++++++++---
>   security/integrity/ima/ima_appraise.c         |  8 +++
>   security/integrity/integrity.h                |  1 +
>   6 files changed, 106 insertions(+), 22 deletions(-)
>
Mimi Zohar June 6, 2019, 2:49 p.m. UTC | #2
On Thu, 2019-06-06 at 13:43 +0200, Roberto Sassu wrote:
> On 6/6/2019 1:26 PM, Roberto Sassu wrote:
> > Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> > EVM status'. However, I realized that this patch cannot be accepted alone
> > because IMA-Appraisal would deny access to new files created during the
> > boot. With the current behavior, those files are accessible because they
> > have a valid security.ima (not protected by EVM) created after the first
> > write.
> > 
> > A solution for this problem is to initialize EVM very early with a random
> > key. Access to created files will be granted, even with the strict
> > appraisal, because after the first write those files will have both
> > security.ima and security.evm (HMAC calculated with the random key).
> > 
> > Strict appraisal will work only if it is done with signatures until the
> > persistent HMAC key is loaded.
> 
> Changelog
> 
> v2:
> - remove patch 1/3 (evm: check hash algorithm passed to init_desc());
>    already accepted
> - remove patch 3/3 (ima: show rules with IMA_INMASK correctly);
>    already accepted
> - add new patch (evm: add option to set a random HMAC key at early boot)
> - patch 2/3: modify patch description

Roberto, as I tried explaining previously, this feature is not a
simple bug fix.  These patches, if upstreamed, will be upstreamed the
normal way, during an open window.  Whether they are classified as a
bug fix has yet to be decided.

Please stop Cc'ing stable.  If I don't Cc stable before sending the pull request, then Greg and Sasha have been really good about deciding which patches should be backported.  (Please refer to the comment on "Cc'ing stable" in section "5) Select the recipients for your patch" in Documentation/process/submitting-patches.rst.)

I'll review these patches, but in the future please use an appropriate patch set cover letter title in the subject line.

thanks,

Mimi


> 
> v1:
> - remove patch 2/4 (evm: reset status in evm_inode_post_setattr()); file
>    attributes cannot be set if the signature is portable and immutable
> - patch 3/4: add __ro_after_init to ima_appraise_req_evm variable
>    declaration
> - patch 3/4: remove ima_appraise_req_evm kernel option and introduce
>    'enforce-evm' and 'log-evm' as possible values for ima_appraise=
> - remove patch 4/4 (ima: only audit failed appraisal verifications)
> - add new patch (ima: show rules with IMA_INMASK correctly)
> 
> 
> > Roberto Sassu (2):
> >    evm: add option to set a random HMAC key at early boot
> >    ima: add enforce-evm and log-evm modes to strictly check EVM status
> > 
> >   .../admin-guide/kernel-parameters.txt         | 11 ++--
> >   security/integrity/evm/evm.h                  | 10 +++-
> >   security/integrity/evm/evm_crypto.c           | 57 ++++++++++++++++---
> >   security/integrity/evm/evm_main.c             | 41 ++++++++++---
> >   security/integrity/ima/ima_appraise.c         |  8 +++
> >   security/integrity/integrity.h                |  1 +
> >   6 files changed, 106 insertions(+), 22 deletions(-)
> > 
>
Roberto Sassu June 6, 2019, 3:22 p.m. UTC | #3
On 6/6/2019 4:49 PM, Mimi Zohar wrote:
> On Thu, 2019-06-06 at 13:43 +0200, Roberto Sassu wrote:
>> On 6/6/2019 1:26 PM, Roberto Sassu wrote:
>>> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
>>> EVM status'. However, I realized that this patch cannot be accepted alone
>>> because IMA-Appraisal would deny access to new files created during the
>>> boot. With the current behavior, those files are accessible because they
>>> have a valid security.ima (not protected by EVM) created after the first
>>> write.
>>>
>>> A solution for this problem is to initialize EVM very early with a random
>>> key. Access to created files will be granted, even with the strict
>>> appraisal, because after the first write those files will have both
>>> security.ima and security.evm (HMAC calculated with the random key).
>>>
>>> Strict appraisal will work only if it is done with signatures until the
>>> persistent HMAC key is loaded.
>>
>> Changelog
>>
>> v2:
>> - remove patch 1/3 (evm: check hash algorithm passed to init_desc());
>>     already accepted
>> - remove patch 3/3 (ima: show rules with IMA_INMASK correctly);
>>     already accepted
>> - add new patch (evm: add option to set a random HMAC key at early boot)
>> - patch 2/3: modify patch description
> 
> Roberto, as I tried explaining previously, this feature is not a
> simple bug fix.  These patches, if upstreamed, will be upstreamed the
> normal way, during an open window.  Whether they are classified as a
> bug fix has yet to be decided.

Sorry, I understood that I can claim that there is a bug. I provided a
motivation in patch 2/2.


> Please stop Cc'ing stable.  If I don't Cc stable before sending the pull request, then Greg and Sasha have been really good about deciding which patches should be backported.  (Please refer to the comment on "Cc'ing stable" in section "5) Select the recipients for your patch" in Documentation/process/submitting-patches.rst.)
> 
> I'll review these patches, but in the future please use an appropriate patch set cover letter title in the subject line.

Ok.

Thanks

Roberto
Janne Karhunen June 12, 2019, 11:28 a.m. UTC | #4
On Thu, Jun 6, 2019 at 3:27 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:
>
> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> EVM status'. However, I realized that this patch cannot be accepted alone
> because IMA-Appraisal would deny access to new files created during the
> boot.

The early initialization logic seems to have been changing, the
original one as I have understood it:
- before initialization
  - allow reading anything without security.ima
  - deny reading anything with security.ima
  - allow all writes
- after initialization
  - deny reading|writing anything without security.ima
  - deny reading|writing anything invalid
  - allow everything else

The logic is pretty handy as it even creates additional layer of
security around the early initialization files as they become
unreadable after use.

Now, if we initialize the system with a random key like in your patch,
this logic is to change quite drastically? It sounds to me the
userland may actually break, all the userland initialization files in
the existing ima configurations that do not use digsigs would become
unreadable given that the random key is put in? Remember, those files
can be protected via other means (most commonly signed ramdisk).


--
Janne
Roberto Sassu June 12, 2019, 1:11 p.m. UTC | #5
On 6/12/2019 1:28 PM, Janne Karhunen wrote:
> On Thu, Jun 6, 2019 at 3:27 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:
>>
>> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
>> EVM status'. However, I realized that this patch cannot be accepted alone
>> because IMA-Appraisal would deny access to new files created during the
>> boot.
> 
> The early initialization logic seems to have been changing, the
> original one as I have understood it:
> - before initialization
>    - allow reading anything without security.ima
>    - deny reading anything with security.ima

These two should be probably inverted: deny..., allow...


>    - allow all writes

Allow writing anything with security.ima
Allow writing new files


> - after initialization
>    - deny reading|writing anything without security.ima
>    - deny reading|writing anything invalid
>    - allow everything else
> 
> The logic is pretty handy as it even creates additional layer of
> security around the early initialization files as they become
> unreadable after use.

What if they should be legitimately used after the HMAC key is unsealed
and before switching to the persistent root file system?


> Now, if we initialize the system with a random key like in your patch,
> this logic is to change quite drastically? It sounds to me the
> userland may actually break, all the userland initialization files in
> the existing ima configurations that do not use digsigs would become
> unreadable given that the random key is put in? Remember, those files
> can be protected via other means (most commonly signed ramdisk).

No, the first patch is about adding the ability to verify files created
during each boot. For any other file, EVM returns INTEGRITY_UNKNOWN as
before. The second patch changes the behavior, as INTEGRITY_UNKNOWN is
considered as an error for the enforce-evm appraisal mode. The second
patch aims at making the system more secure, as no file would be
accessible unless it is verified.

It is true that configurations without digsigs won't work anymore but
the alternative is accepting any file until the HMAC key is unsealed.

Signing the ramdisk is for sure a possibility, but IMA would be
sufficient to provide integrity protection as it checks any file in the
ram disk.

Unfortunately I found an issue in patch 1/2. These changes should be
applied:

--
diff --git a/security/integrity/evm/evm_main.c 
b/security/integrity/evm/evm_main.c
index faa4a02a3139..f4af595678fe 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -310,10 +310,14 @@ EXPORT_SYMBOL_GPL(evm_verifyxattr);
  static enum integrity_status evm_verify_current_integrity(struct 
dentry *dentry)
  {
         struct inode *inode = d_backing_inode(dentry);
+       int rc;

         if (!evm_key_loaded() || !S_ISREG(inode->i_mode) || evm_fixmode)
                 return 0;
-       return evm_verify_hmac(dentry, NULL, NULL, 0, NULL);
+       rc = evm_verify_hmac(dentry, NULL, NULL, 0, NULL);
+       if (rc == INTEGRITY_UNKNOWN && !evm_persistent_key_loaded())
+               return 0;
+       return rc;
  }

  /*
--

Roberto
Janne Karhunen June 12, 2019, 1:38 p.m. UTC | #6
On Wed, Jun 12, 2019 at 4:11 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:

> > - after initialization
> >    - deny reading|writing anything without security.ima
> >    - deny reading|writing anything invalid
> >    - allow everything else
> >
> > The logic is pretty handy as it even creates additional layer of
> > security around the early initialization files as they become
> > unreadable after use.
>
> What if they should be legitimately used after the HMAC key is unsealed
> and before switching to the persistent root file system?

Any examples? Log files and such are mostly 'one way' and should
probably be whitelisted in the policy?


> > Now, if we initialize the system with a random key like in your patch,
> > this logic is to change quite drastically? It sounds to me the
> > userland may actually break, all the userland initialization files in
> > the existing ima configurations that do not use digsigs would become
> > unreadable given that the random key is put in? Remember, those files
> > can be protected via other means (most commonly signed ramdisk).
>
> No, the first patch is about adding the ability to verify files created
> during each boot. For any other file, EVM returns INTEGRITY_UNKNOWN as
> before. The second patch changes the behavior, as INTEGRITY_UNKNOWN is
> considered as an error for the enforce-evm appraisal mode. The second
> patch aims at making the system more secure, as no file would be
> accessible unless it is verified.
>
> It is true that configurations without digsigs won't work anymore but
> the alternative is accepting any file until the HMAC key is unsealed.

That's a pretty big change for the userland IMHO. Quite a few
configurations out there will break, including mine I believe, so I
hope there is a solid reason asking people to change their stuff. I'm
fine holding off all writing until it is safe to do so for now..


--
Janne
Roberto Sassu June 12, 2019, 4:33 p.m. UTC | #7
On 6/12/2019 3:38 PM, Janne Karhunen wrote:
> On Wed, Jun 12, 2019 at 4:11 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> 
>>> - after initialization
>>>     - deny reading|writing anything without security.ima
>>>     - deny reading|writing anything invalid
>>>     - allow everything else
>>>
>>> The logic is pretty handy as it even creates additional layer of
>>> security around the early initialization files as they become
>>> unreadable after use.
>>
>> What if they should be legitimately used after the HMAC key is unsealed
>> and before switching to the persistent root file system?
> 
> Any examples? Log files and such are mostly 'one way' and should
> probably be whitelisted in the policy?

I checked better when the random key would be used to verify files
created during the boot. If we consider rootfs only, basically it would
be used for dracut-state.sh.

Before I was using a rule to measure digest lists in tmpfs. I had many
errors due to the fact that appraisal denied access to files in /run.
The default policy does not appraise files in tmpfs, and also for digest
lists it is not necessary (now I use: measure/appraise fsname=rootfs).


>>> Now, if we initialize the system with a random key like in your patch,
>>> this logic is to change quite drastically? It sounds to me the
>>> userland may actually break, all the userland initialization files in
>>> the existing ima configurations that do not use digsigs would become
>>> unreadable given that the random key is put in? Remember, those files
>>> can be protected via other means (most commonly signed ramdisk).
>>
>> No, the first patch is about adding the ability to verify files created
>> during each boot. For any other file, EVM returns INTEGRITY_UNKNOWN as
>> before. The second patch changes the behavior, as INTEGRITY_UNKNOWN is
>> considered as an error for the enforce-evm appraisal mode. The second
>> patch aims at making the system more secure, as no file would be
>> accessible unless it is verified.
>>
>> It is true that configurations without digsigs won't work anymore but
>> the alternative is accepting any file until the HMAC key is unsealed.
> 
> That's a pretty big change for the userland IMHO. Quite a few
> configurations out there will break, including mine I believe, so I
> hope there is a solid reason asking people to change their stuff. I'm
> fine holding off all writing until it is safe to do so for now..

The goal of appraisal is to allow access only to files with a valid
signature or HMAC. With the current behavior, that cannot be guaranteed.

Unfortunately, dracut-state.sh is created very early. It could be
possible to unseal the key before, but this probably means modifying
systemd.

Roberto
Janne Karhunen June 13, 2019, 6:01 a.m. UTC | #8
On Wed, Jun 12, 2019 at 7:33 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:

> > That's a pretty big change for the userland IMHO. Quite a few
> > configurations out there will break, including mine I believe, so I
> > hope there is a solid reason asking people to change their stuff. I'm
> > fine holding off all writing until it is safe to do so for now..
>
> The goal of appraisal is to allow access only to files with a valid
> signature or HMAC. With the current behavior, that cannot be guaranteed.
>
> Unfortunately, dracut-state.sh is created very early. It could be
> possible to unseal the key before, but this probably means modifying
> systemd.

Ok, I see the use case. Now, if you pull a urandom key that early on
during the boot, the state of the system entropy is at all time low,
and you are not really protecting against any sort of offline attack
since the file is created during that boot cycle. Is there really use
for using such key? Wouldn't it be possible to create a new config
option, say IMA_ALLOW_EARLY_WRITERS, that would hold the NEW_FILE flag
until the persistent key becomes available? In other words, it would
start the measuring at the point when the key becomes online?


--
Janne
Roberto Sassu June 13, 2019, 6:57 a.m. UTC | #9
On 6/13/2019 8:01 AM, Janne Karhunen wrote:
> On Wed, Jun 12, 2019 at 7:33 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> 
>>> That's a pretty big change for the userland IMHO. Quite a few
>>> configurations out there will break, including mine I believe, so I
>>> hope there is a solid reason asking people to change their stuff. I'm
>>> fine holding off all writing until it is safe to do so for now..
>>
>> The goal of appraisal is to allow access only to files with a valid
>> signature or HMAC. With the current behavior, that cannot be guaranteed.
>>
>> Unfortunately, dracut-state.sh is created very early. It could be
>> possible to unseal the key before, but this probably means modifying
>> systemd.
> 
> Ok, I see the use case. Now, if you pull a urandom key that early on
> during the boot, the state of the system entropy is at all time low,
> and you are not really protecting against any sort of offline attack
> since the file is created during that boot cycle. Is there really use
> for using such key? Wouldn't it be possible to create a new config
> option, say IMA_ALLOW_EARLY_WRITERS, that would hold the NEW_FILE flag
> until the persistent key becomes available? In other words, it would
> start the measuring at the point when the key becomes online?

I also thought about similar solutions. Another is for example to keep
the appraisal flags at file close, if security.ima is successfully
added to the file.

Initializing EVM with a key is not a trivial change, but it seemed
better to me as it does not introduce exceptions in the IMA behavior.

Roberto
Janne Karhunen June 13, 2019, 7:39 a.m. UTC | #10
On Thu, Jun 13, 2019 at 9:57 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:

> > Ok, I see the use case. Now, if you pull a urandom key that early on
> > during the boot, the state of the system entropy is at all time low,
> > and you are not really protecting against any sort of offline attack
> > since the file is created during that boot cycle. Is there really use
> > for using such key? Wouldn't it be possible to create a new config
> > option, say IMA_ALLOW_EARLY_WRITERS, that would hold the NEW_FILE flag
> > until the persistent key becomes available? In other words, it would
> > start the measuring at the point when the key becomes online?
>
> I also thought about similar solutions. Another is for example to keep
> the appraisal flags at file close, if security.ima is successfully
> added to the file.
>
> Initializing EVM with a key is not a trivial change, but it seemed
> better to me as it does not introduce exceptions in the IMA behavior.

Would the appraise actually need any changes, just keep the
IMA_NEW_FILE in ima_check_last_writer()? Of course it's not that easy
(it never is) as the iint could go away and things like that, but with
some tweaks?


--
Janne
Roberto Sassu June 13, 2019, 7:50 a.m. UTC | #11
On 6/13/2019 9:39 AM, Janne Karhunen wrote:
> On Thu, Jun 13, 2019 at 9:57 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> 
>>> Ok, I see the use case. Now, if you pull a urandom key that early on
>>> during the boot, the state of the system entropy is at all time low,
>>> and you are not really protecting against any sort of offline attack
>>> since the file is created during that boot cycle. Is there really use
>>> for using such key? Wouldn't it be possible to create a new config
>>> option, say IMA_ALLOW_EARLY_WRITERS, that would hold the NEW_FILE flag
>>> until the persistent key becomes available? In other words, it would
>>> start the measuring at the point when the key becomes online?
>>
>> I also thought about similar solutions. Another is for example to keep
>> the appraisal flags at file close, if security.ima is successfully
>> added to the file.
>>
>> Initializing EVM with a key is not a trivial change, but it seemed
>> better to me as it does not introduce exceptions in the IMA behavior.
> 
> Would the appraise actually need any changes, just keep the
> IMA_NEW_FILE in ima_check_last_writer()? Of course it's not that easy
> (it never is) as the iint could go away and things like that, but with
> some tweaks?

I think the problem would be that the code that sets the status to
INTEGRITY_PASS is not executed, because the file gets security.ima after
the first write.

Roberto
Janne Karhunen June 13, 2019, 8:04 a.m. UTC | #12
On Thu, Jun 13, 2019 at 10:50 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:

> > Would the appraise actually need any changes, just keep the
> > IMA_NEW_FILE in ima_check_last_writer()? Of course it's not that easy
> > (it never is) as the iint could go away and things like that, but with
> > some tweaks?
>
> I think the problem would be that the code that sets the status to
> INTEGRITY_PASS is not executed, because the file gets security.ima after
> the first write.

We have a patchset coming shortly that starts tracking the inode
changes as we go, so first time we fix it is when the file is created
before it has any content (!);

diff --git a/security/integrity/ima/ima_appraise.c
b/security/integrity/ima/ima_appraise.c
index 5fb7127bbe68..da4f0afe0348 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -236,8 +236,10 @@ int ima_appraise_measurement(enum ima_hooks func,
                        iint->flags |= IMA_NEW_FILE;
                if ((iint->flags & IMA_NEW_FILE) &&
                    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
-                    (inode->i_size == 0)))
+                    (inode->i_size == 0))) {
+                       ima_fix_xattr(dentry, iint);
                        status = INTEGRITY_PASS;
+               }
                goto out;
        }



--
Janne
Roberto Sassu June 13, 2019, 8:51 a.m. UTC | #13
On 6/13/2019 10:04 AM, Janne Karhunen wrote:
> On Thu, Jun 13, 2019 at 10:50 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> 
>>> Would the appraise actually need any changes, just keep the
>>> IMA_NEW_FILE in ima_check_last_writer()? Of course it's not that easy
>>> (it never is) as the iint could go away and things like that, but with
>>> some tweaks?
>>
>> I think the problem would be that the code that sets the status to
>> INTEGRITY_PASS is not executed, because the file gets security.ima after
>> the first write.
> 
> We have a patchset coming shortly that starts tracking the inode
> changes as we go, so first time we fix it is when the file is created
> before it has any content (!);
> 
> diff --git a/security/integrity/ima/ima_appraise.c
> b/security/integrity/ima/ima_appraise.c
> index 5fb7127bbe68..da4f0afe0348 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -236,8 +236,10 @@ int ima_appraise_measurement(enum ima_hooks func,
>                          iint->flags |= IMA_NEW_FILE;
>                  if ((iint->flags & IMA_NEW_FILE) &&
>                      (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
> -                    (inode->i_size == 0)))
> +                    (inode->i_size == 0))) {
> +                       ima_fix_xattr(dentry, iint);
>                          status = INTEGRITY_PASS;

Some time ago I developed this patch:

http://kernsec.org/pipermail/linux-security-module-archive/2017-November/004569.html

Since the appraisal flags are not cleared, ima_appraise_measurement() is
not executed again and the problem with EVM does not arise.

Roberto