From patchwork Wed Apr 24 00:15:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10913899 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0BF561515 for ; Wed, 24 Apr 2019 00:15:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E64E028A05 for ; Wed, 24 Apr 2019 00:15:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA57E28A07; Wed, 24 Apr 2019 00:15:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 30A3828A05 for ; Wed, 24 Apr 2019 00:15:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728729AbfDXAPv (ORCPT ); Tue, 23 Apr 2019 20:15:51 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:37329 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728491AbfDXAPv (ORCPT ); Tue, 23 Apr 2019 20:15:51 -0400 Received: by mail-pf1-f195.google.com with SMTP id 8so8323616pfr.4; Tue, 23 Apr 2019 17:15:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=WvABMMiydtEeyibegfEfLEBkYjxrs2E70YFNAbmjJWA=; b=UDyq2LLnZU67+ol2bp9mcy8RjYR/YckUBEeC6S10ZrFjGOHswpDSzqgPmz7Vzy0njj SEqGT+e5w8JLKUz9eRklHZYvjpX+jcrlLXwOGaZ05qexWzRqnRNbi6CBNYCpIG1dY9TK Uu78rkOOrCZRL14dUKK7cOUNY+g/P/ElYndALSwI7RQUCeK9BZGPWw3TqkibnMY7Z30f XpYcklIsuPOGyIro48aWYmM6Tv7qiVjxV7KMSRPCpMLQ9ZW5e4N19cxG2fMnmyU3kj81 DC2SMkxIMuw1kNO7SLjXtpwRwdbwJbBFTaDtkMslT9kDecSYdrnrvyQ1+0GrZBDZYDww baWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=WvABMMiydtEeyibegfEfLEBkYjxrs2E70YFNAbmjJWA=; b=kxCHbqGP/SwcfW8vhrjlFEZKOjPQFB9rut5S8kSkdBNFcEmloZrhBTSCuJpOZoMo/D RTBtO25PpF5aj16pgkRhaOtFuJhYqa7m/7IOBD0r+9OMamNHey5wCeu/Ss8smlZPquXD 9EhMpsbG0oUOte5cAdVWUGfqAyNQDBROOfqyJ8yY8eVtcO8r13jrjJZiRwdk0GpaRKj6 U+5iSJUtO/DyoCx84wLGUdkGZukgfRJ/Eez4q3VXMyhgFVt1eDIhtqArN6SbD3lCHMR0 pYrIGTEueS1ho8Plgj0i79lP5cc+gjfVi0aVUCNt0yEQ5aJfkWmBDMaWCOioWVwp2VCc ITsg== X-Gm-Message-State: APjAAAVrkwtsTeD+VRuACAnY6j0hhKToo6WU6EwLh2vVEPrQDS8l8x75 Qqw3wZdG+v244eYJbzs6b5j0LAgbhhE= X-Google-Smtp-Source: APXvYqwMsYg2CAQETYDPHGk7fwWkj3NyV/c1b40mN77K4XNTrSaAUiBrb0Em+r2bhYCo6JfLHKLdzw== X-Received: by 2002:aa7:8392:: with SMTP id u18mr30845138pfm.217.1556064950019; Tue, 23 Apr 2019 17:15:50 -0700 (PDT) Received: from prsriva-linux.corp.microsoft.com ([2001:4898:80e8:1:d4f:4d24:45fa:d461]) by smtp.gmail.com with ESMTPSA id n21sm58955712pfb.42.2019.04.23.17.15.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 17:15:49 -0700 (PDT) From: Prakhar Srivastava X-Google-Original-From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com, Prakhar Srivastava , Prakhar Srivastava Subject: [PATCH v2 1/5 RFC] added ima hook for buffer, being enabled as a policy Date: Tue, 23 Apr 2019 17:15:40 -0700 Message-Id: <20190424001544.7188-1-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Prakhar Srivastava Signed-off-by: Prakhar Srivastava --- Currently for soft reboot(kexec_file_load) the kernel file and signature is measured by IMA. The cmdline args used to load the kernel is not measured. The boot aggregate that gets calculated will have no change since the EFI loader has not been triggered. Adding the kexec cmdline args measure and kernel version will add some attestable criteria. This adds a new ima hook ima_buffer_check and a policy entry BUFFER_CHECK. This enables buffer has measurements into ima log Documentation/ABI/testing/ima_policy | 1 + include/linux/ima.h | 13 +++- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 95 ++++++++++++++++++++++++++++ security/integrity/ima/ima_policy.c | 14 +++- 5 files changed, 122 insertions(+), 2 deletions(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index bb0f9a135e21..676088c7ab26 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -28,6 +28,7 @@ Description: base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] + [BUFFER_CHECK] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value diff --git a/include/linux/ima.h b/include/linux/ima.h index 7f6952f8d6aa..733d0cb9dedc 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -14,6 +14,12 @@ #include struct linux_binprm; +enum __buffer_id { + KERNEL_VERSION, + KEXEC_CMDLINE, + MAX_BUFFER_ID = KEXEC_CMDLINE +} buffer_id; + #ifdef CONFIG_IMA extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask, int opened); @@ -23,7 +29,7 @@ extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); - +extern void ima_buffer_check(const void *buff, int size, enum buffer_id id); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); #endif @@ -65,6 +71,11 @@ static inline void ima_post_path_mknod(struct dentry *dentry) return; } +static inline void ima_buffer_check(const void *buff, int size, + enum buffer_id id) +{ + return; +} #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index b563fbd4d122..b71f2f6f7421 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -181,6 +181,7 @@ enum ima_hooks { FIRMWARE_CHECK, KEXEC_KERNEL_CHECK, KEXEC_INITRAMFS_CHECK, + BUFFER_CHECK, POLICY_CHECK, MAX_CHECK }; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2aebb7984437..6408cadaadbb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -155,6 +155,84 @@ void ima_file_free(struct file *file) ima_check_last_writer(iint, inode, file); } +/* + * process_buffer_measurement - Measure the buffer passed to ima log. + * (Instead of using the file hash the buffer hash is used). + * @buff - The buffer that needs to be added to the log + * @size - size of buffer(in bytes) + * @id - buffer id, this is differentiator for the various buffers + * that can be measured. + * + * The buffer passed is added to the ima logs. + * If the sig template is used, then the sig field contains the buffer. + * + * On success return 0. + * On error cases surface errors from ima calls. + */ +static int process_buffer_measurement(const void *buff, int size, + enum buffer_id id) +{ + int ret = -EINVAL; + struct ima_template_entry *entry = NULL; + struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; + struct ima_event_data event_data = {iint, NULL, NULL, + NULL, 0, NULL}; + struct { + struct ima_digest_data hdr; + char digest[IMA_MAX_DIGEST_SIZE]; + } hash; + char *name = NULL; + int violation = 0; + int pcr = CONFIG_IMA_MEASURE_PCR_IDX; + + if (!buff || size == 0) + goto err_out; + + if (ima_get_action(NULL, 0, BUFFER_CHECK, &pcr) != IMA_MEASURE) + goto err_out; + + switch (buffer_id) { + case KERNEL_VERSION: + name = "Kernel-version"; + break; + case KEXEC_CMDLINE: + name = "Kexec-cmdline"; + break; + default: + goto err_out; + } + + memset(iint, 0, sizeof(*iint)); + memset(&hash, 0, sizeof(hash)); + + event_data.filename = name; + + iint->ima_hash = &hash.hdr; + iint->ima_hash->algo = ima_hash_algo; + iint->ima_hash->length = hash_digest_size[ima_hash_algo]; + + ret = ima_calc_buffer_hash(buff, size, iint->ima_hash); + if (ret < 0) + goto err_out; + + ret = ima_alloc_init_template(&event_data, &entry); + if (ret < 0) + goto err_out; + + ret = ima_store_template(entry, violation, NULL, + buff, pcr); + if (ret < 0) { + ima_free_template_entry(entry); + goto err_out; + } + + return 0; + +err_out: + pr_err("Error in adding buffer measure: %d\n", ret); + return ret; +} + static int process_measurement(struct file *file, char *buf, loff_t size, int mask, enum ima_hooks func, int opened) { @@ -370,6 +448,23 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id) return 0; } +/** + * ima_buffer_check - based on policy, collect & store buffer measurement + * @buf: pointer to buffer + * @size: size of buffer + * @buffer_id: caller identifier + * + * Buffers can only be measured, not appraised. The buffer identifier + * is used as the measurement list entry name (eg. boot_cmdline). + */ +void ima_buffer_check(const void *buf, int size, enum buffer_id id) +{ + if (buf && size != 0) + process_buffer_measurement(buf, size, id); + + return; +} + static int read_idmap[READING_MAX_ID] = { [READING_FIRMWARE] = FIRMWARE_CHECK, [READING_MODULE] = MODULE_CHECK, diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3ab1067db624..cefe1a188f31 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -231,6 +231,12 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, const struct cred *cred = current_cred(); int i; + // Incase of BUFFER_CHECK, Inode is NULL + if (!inode) { + if ((rule->flags & IMA_FUNC) && (rule->func == func)) + return true; + return false; + } if ((rule->flags & IMA_FUNC) && (rule->func != func && func != POST_SETATTR)) return false; @@ -665,6 +671,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK") == 0) entry->func = KEXEC_INITRAMFS_CHECK; + else if (strcmp(args[0].from, "BUFFER_CHECK") == 0) + entry->func = BUFFER_CHECK; else if (strcmp(args[0].from, "POLICY_CHECK") == 0) entry->func = POLICY_CHECK; else @@ -944,7 +952,7 @@ enum { func_file = 0, func_mmap, func_bprm, func_module, func_firmware, func_post, func_kexec_kernel, func_kexec_initramfs, - func_policy + func_buffer, func_policy }; static char *func_tokens[] = { @@ -956,6 +964,7 @@ static char *func_tokens[] = { "POST_SETATTR", "KEXEC_KERNEL_CHECK", "KEXEC_INITRAMFS_CHECK", + "BUFFER_CHECK", "POLICY_CHECK" }; @@ -1027,6 +1036,9 @@ static void policy_func_show(struct seq_file *m, enum ima_hooks func) case KEXEC_INITRAMFS_CHECK: seq_printf(m, pt(Opt_func), ft(func_kexec_initramfs)); break; + case BUFFER_CHECK: + seq_printf(m, pt(Opt_func), ft(func_buffer)); + break; case POLICY_CHECK: seq_printf(m, pt(Opt_func), ft(func_policy)); break; From patchwork Wed Apr 24 00:15:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10913905 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3A4831575 for ; Wed, 24 Apr 2019 00:16:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 29EE328A06 for ; Wed, 24 Apr 2019 00:16:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E4C128A0A; Wed, 24 Apr 2019 00:16:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2ED0828A06 for ; Wed, 24 Apr 2019 00:16:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728891AbfDXAPx (ORCPT ); Tue, 23 Apr 2019 20:15:53 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:43091 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728491AbfDXAPx (ORCPT ); Tue, 23 Apr 2019 20:15:53 -0400 Received: by mail-pg1-f193.google.com with SMTP id z9so8412423pgu.10; Tue, 23 Apr 2019 17:15:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=eMFDUMGPg9svBemR3kNl+I7JDj7h3EAZp1KY9ojzIcE=; b=o6Fdj1SPgi+eXEq1ib+71TFCRMP/rcoYTOs1SHskRny3hmk+hkXOGsPKWNZD8jfzYU wUM/VdrYoeaZDBH8I9iqcw4A/tyztgdo12t2HU8Ndeqk0X9X7ngi8nOLT/9IZJluSyLs s9OQNqEVPag1TslmuI9uY5AEkxgJmCoPQ2SfdVoRe5izC38F8puXb1enDC3P4ZWBr5Dp KUQSMW2RMG4J9k4IS8TSRg03mYO2cPgsG6gmzCRt+AQ0qGQe0XirlvUo3CaGYftKvkdM qHo2MVLYhME8f440E97AWndHMJrPKGAhY+tb+Cq5H9yzpbsWJ1ZXkvIdFYBtOdPmHWa5 lb8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=eMFDUMGPg9svBemR3kNl+I7JDj7h3EAZp1KY9ojzIcE=; b=rsB7AslGOoFqeocz9ToHTJD9gpsSxWfmqNP01uxnlFK59GRBOgVBnjCaS1rVK4h8Gi SHLhJfxGwHgLZtj+wZxhLrnviN4OQT1CnrLgWo1g8ueoVQagBLW9AGf3ZsRywOU2fH5j qdMo9oQUdpVRsFV2qqLqdgnGY55me7Ofg1QeYF/RwDDhcNLP1u+Tm8VTVMre/7XnAC8K ABQhmFSE2DZJSHExBIY8sTH9UlALMKk2TCCh7Cgf5qRIl3NGHSMQR1+MaRuXVd2khQHz RfZtdV2exIeG5CfIr/qgiEkzdkD3UMueH5KnDUB4beX1TdfzqJtW+ulWKLRYGo4zDObB b00w== X-Gm-Message-State: APjAAAW32+7pS4wd1g7rczlTeneBaGPqmHdfWOPxDnbHCP8nGFnUh+id sXnwA5GAAxEhOqAa3ds07eLV7iJIGcw= X-Google-Smtp-Source: APXvYqy1bNoZGx8sP7Z+BPVOANoq+nz6VMTqNCVT7kPnm99i7zy06sIvTeqVIZ1QcGXwL8SSPB/kIA== X-Received: by 2002:aa7:8c9a:: with SMTP id p26mr30645895pfd.251.1556064951592; Tue, 23 Apr 2019 17:15:51 -0700 (PDT) Received: from prsriva-linux.corp.microsoft.com ([2001:4898:80e8:1:d4f:4d24:45fa:d461]) by smtp.gmail.com with ESMTPSA id n21sm58955712pfb.42.2019.04.23.17.15.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 17:15:50 -0700 (PDT) From: Prakhar Srivastava X-Google-Original-From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com, Prakhar Srivastava , Prakhar Srivastava Subject: [PATCH v2 2/5 RFC] use event name instead of enum to make the call generic Date: Tue, 23 Apr 2019 17:15:41 -0700 Message-Id: <20190424001544.7188-2-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190424001544.7188-1-prsriva02@gmail.com> References: <20190424001544.7188-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Prakhar Srivastava Signed-off-by: Prakhar Srivastava --- Currently for soft reboot(kexec_file_load) the kernel file and signature is measured by IMA. The cmdline args used to load the kernel is not measured. The boot aggregate that gets calculated will have no change since the EFI loader has not been triggered. Adding the kexec cmdline args measure and kernel version will add some attestable criteria. remove enums to control type of buffers entries, instead pass the event name to be used. include/linux/ima.h | 10 ++-------- kernel/kexec_file.c | 3 +++ security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_main.c | 30 ++++++++++-------------------- 4 files changed, 16 insertions(+), 29 deletions(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index 733d0cb9dedc..5e41507c57e5 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -14,12 +14,6 @@ #include struct linux_binprm; -enum __buffer_id { - KERNEL_VERSION, - KEXEC_CMDLINE, - MAX_BUFFER_ID = KEXEC_CMDLINE -} buffer_id; - #ifdef CONFIG_IMA extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask, int opened); @@ -29,7 +23,7 @@ extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); -extern void ima_buffer_check(const void *buff, int size, enum buffer_id id); +extern void ima_buffer_check(const void *buff, int size, char *eventname); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); #endif @@ -72,7 +66,7 @@ static inline void ima_post_path_mknod(struct dentry *dentry) } static inline void ima_buffer_check(const void *buff, int size, - enum buffer_id id) + char *eventname) { return; } diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index b118735fea9d..2a5234eb4b28 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -182,6 +182,9 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, ret = -EINVAL; goto out; } + + ima_buffer_check(image->cmdline_buf, cmdline_len - 1, + "kexec_cmdline"); } /* Call arch image load handlers */ diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index b71f2f6f7421..fcade3c103ed 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -181,8 +181,8 @@ enum ima_hooks { FIRMWARE_CHECK, KEXEC_KERNEL_CHECK, KEXEC_INITRAMFS_CHECK, - BUFFER_CHECK, POLICY_CHECK, + BUFFER_CHECK, MAX_CHECK }; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6408cadaadbb..da82c705a5ed 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -160,8 +160,7 @@ void ima_file_free(struct file *file) * (Instead of using the file hash the buffer hash is used). * @buff - The buffer that needs to be added to the log * @size - size of buffer(in bytes) - * @id - buffer id, this is differentiator for the various buffers - * that can be measured. + * @id - eventname, event name to be used for buffer measurement. * * The buffer passed is added to the ima logs. * If the sig template is used, then the sig field contains the buffer. @@ -170,7 +169,7 @@ void ima_file_free(struct file *file) * On error cases surface errors from ima calls. */ static int process_buffer_measurement(const void *buff, int size, - enum buffer_id id) + char *eventname) { int ret = -EINVAL; struct ima_template_entry *entry = NULL; @@ -185,23 +184,13 @@ static int process_buffer_measurement(const void *buff, int size, int violation = 0; int pcr = CONFIG_IMA_MEASURE_PCR_IDX; - if (!buff || size == 0) + if (!buff || size == 0 || !eventname) goto err_out; if (ima_get_action(NULL, 0, BUFFER_CHECK, &pcr) != IMA_MEASURE) goto err_out; - switch (buffer_id) { - case KERNEL_VERSION: - name = "Kernel-version"; - break; - case KEXEC_CMDLINE: - name = "Kexec-cmdline"; - break; - default: - goto err_out; - } - + name = eventname; memset(iint, 0, sizeof(*iint)); memset(&hash, 0, sizeof(hash)); @@ -452,15 +441,16 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id) * ima_buffer_check - based on policy, collect & store buffer measurement * @buf: pointer to buffer * @size: size of buffer - * @buffer_id: caller identifier + * @eventname: caller identifier * * Buffers can only be measured, not appraised. The buffer identifier - * is used as the measurement list entry name (eg. boot_cmdline). + * is used as the measurement list entry name (eg. boot_cmdline, + * kernel_version). */ -void ima_buffer_check(const void *buf, int size, enum buffer_id id) +void ima_buffer_check(const void *buf, int size, char *eventname) { - if (buf && size != 0) - process_buffer_measurement(buf, size, id); + if (buf && size != 0 && eventname) + process_buffer_measurement(buf, size, eventname); return; } From patchwork Wed Apr 24 00:15:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10913907 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F4B81515 for ; Wed, 24 Apr 2019 00:16:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F38B28A06 for ; Wed, 24 Apr 2019 00:16:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 73BDD28A0A; Wed, 24 Apr 2019 00:16:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E9E5428A06 for ; Wed, 24 Apr 2019 00:16:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728948AbfDXAQJ (ORCPT ); Tue, 23 Apr 2019 20:16:09 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:45043 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728899AbfDXAPy (ORCPT ); Tue, 23 Apr 2019 20:15:54 -0400 Received: by mail-pg1-f194.google.com with SMTP id z16so3807877pgv.11; Tue, 23 Apr 2019 17:15:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=89tWsU/OT5SYrbjwn65xtN7OxFoXBZMgUvk/yoALgYk=; b=iWQhd5l06krXIiYuNCaoAfu33B+mMY6XiKj/UqyC5QO9cxDIdEptfEsXgyBCCTi+3K v5gPSSeZQkcCAZ5kYBtN564PrmPc/Fle0qag/MGw9r04/gL4RfpJd1P7IuoKyoXwtX/3 DSaVKRcnMdfJGI6N+4LXOroRgyLEv0PywkZSW/IB5poFnaoWrvExUv4b1NM5KpEbbBKD Ec2SA5dTUeXb29Ti+OS5Xvzv+8GjmzaGPIbhXTldnYiw/AXrevqDKoDJ1/2WsVM00FJL OHWoBJpKItxBfPm2w5rgOvEDc2ur/PedQeEfL+LX1I2G1i1fmFIRxIB57o+htk0VL049 t5yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=89tWsU/OT5SYrbjwn65xtN7OxFoXBZMgUvk/yoALgYk=; b=kFFhcgm6HJdnuFOAyGMvuPKoVlII+bwqBYz4jVlg9H7Ci8pH3xDW6TUZ8CosvDbqlU 3YpDZ8bolUkL11KPJRD92eP+QqF+9AV0PxtwIw3oX9D+HI16ln8kOu7UFiC22y59MS5N 5Ti7r+lPXfjMIW/C9kJMw8Nb6MAHkg/8witGVHbqZxbzSNbJUJGRe1WMb0d9wp2l4dxv tDjmJ2CNeILQK85xqJt4r/w/a8XkHv2WVEOfLxFMWVZvYqKDSLEL5eYf2FSpRfwZSweT WH01bKEj3Gm+OljDIHalvPQGLMpzlO8E3G3w+eEhcmEyZk5aRVTyo60zkx44NQskRxq1 gisg== X-Gm-Message-State: APjAAAUBeoEEg7bw3OzLEQpDRgxQZrPmKkS9w+i7o2kbN60FmK9M8SbF HaEPhEII2WWi+f2Y08csSWs9KsIqG3s= X-Google-Smtp-Source: APXvYqxyyq3ENNshaZc9kqkGoEhF0igoLz3AtTGKletUoYM2tNx41PFEbisTnOOBusmkrIWloxz+9w== X-Received: by 2002:aa7:8208:: with SMTP id k8mr29977580pfi.69.1556064953277; Tue, 23 Apr 2019 17:15:53 -0700 (PDT) Received: from prsriva-linux.corp.microsoft.com ([2001:4898:80e8:1:d4f:4d24:45fa:d461]) by smtp.gmail.com with ESMTPSA id n21sm58955712pfb.42.2019.04.23.17.15.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 17:15:51 -0700 (PDT) From: Prakhar Srivastava X-Google-Original-From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com, Prakhar Srivastava , Prakhar Srivastava Subject: [PATCH v2 3/5 RFC] since cmdline args can be same for multiple kexec, log entry hash will collide. Prepend the kernel file name to the cmdline args to distinguish between cmdline args passed to subsequent kexec calls Date: Tue, 23 Apr 2019 17:15:42 -0700 Message-Id: <20190424001544.7188-3-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190424001544.7188-1-prsriva02@gmail.com> References: <20190424001544.7188-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Prakhar Srivastava Signed-off-by: Prakhar Srivastava --- Currently for soft reboot(kexec_file_load) the kernel file and signature is measured by IMA. The cmdline args used to load the kernel is not measured. The boot aggregate that gets calculated will have no change since the EFI loader has not been triggered. Adding the kexec cmdline args measure and kernel version will add some attestable criteria. Cmdline args can be same for multiple kexec, log entry hash will collide. Prepend the kernel file name to the cmdline args to distinguish between cmdline args passed to subsequent kexec calls kernel/kexec_core.c | 57 +++++++++++++++++++++++++++++++++++++++++ kernel/kexec_file.c | 14 ++++++++-- kernel/kexec_internal.h | 3 +++ 3 files changed, 72 insertions(+), 2 deletions(-) diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index ae1a3ba24df5..97b77c780311 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -1151,3 +1151,60 @@ void __weak arch_kexec_protect_crashkres(void) void __weak arch_kexec_unprotect_crashkres(void) {} + +/** + * kexec_cmdline_prepend_img_name - prepare the buffer with cmdline + * that needs to be measured + * @outbuf - out buffer that contains the formated string + * @kernel_fd - the file identifier for the kerenel image + * @cmdline_ptr - ptr to the cmdline buffer + * @cmdline_len - len of the buffer. + * + * This generates a buffer in the format Kerenelfilename::cmdline + * + * On success return 0. + * On failure return -EINVAL. + */ +int kexec_cmdline_prepend_img_name(char **outbuf, int kernel_fd, + const char *cmdline_ptr, + unsigned long cmdline_len) +{ + int ret = -EINVAL; + struct fd f = {}; + int size = 0; + char *buf = NULL; + char delimiter[] = "::"; + + if (!outbuf || !cmdline_ptr) + goto out; + + f = fdget(kernel_fd); + if (!f.file) + goto out; + + size = (f.file->f_path.dentry->d_name.len + cmdline_len - 1+ + ARRAY_SIZE(delimiter)) - 1; + + buf = kzalloc(size, GFP_KERNEL); + if (!buf) + goto out; + + memcpy(buf, f.file->f_path.dentry->d_name.name, + f.file->f_path.dentry->d_name.len); + memcpy(buf + f.file->f_path.dentry->d_name.len, + delimiter, ARRAY_SIZE(delimiter) - 1); + memcpy(buf + f.file->f_path.dentry->d_name.len + + ARRAY_SIZE(delimiter) - 1, + cmdline_ptr, cmdline_len - 1); + + *outbuf = buf; + ret = size; + + pr_debug("kexec cmdline buff: %s\n", buf); + +out: + if (f.file) + fdput(f); + + return ret; +} diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 2a5234eb4b28..a487491d55b9 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -126,6 +126,8 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, int ret = 0; void *ldata; loff_t size; + char *buff_to_measure = NULL; + int buff_to_measure_size = 0; ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf, &size, INT_MAX, READING_KEXEC_IMAGE); @@ -183,8 +185,13 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, goto out; } - ima_buffer_check(image->cmdline_buf, cmdline_len - 1, - "kexec_cmdline"); + /* IMA measures the cmdline args passed to the next kernel*/ + buff_to_measure_size = kexec_cmdline_prepend_img_name(&buff_to_measure, + kernel_fd, image->cmdline_buf, image->cmdline_buf_len); + + ima_buffer_check(buff_to_measure, buff_to_measure_size, + "kexec_cmdline"); + } /* Call arch image load handlers */ @@ -200,6 +207,9 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, /* In case of error, free up all allocated memory in this function */ if (ret) kimage_file_post_load_cleanup(image); + + kfree(buff_to_measure); + return ret; } diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h index 799a8a452187..4d34a8ef4637 100644 --- a/kernel/kexec_internal.h +++ b/kernel/kexec_internal.h @@ -11,6 +11,9 @@ int kimage_load_segment(struct kimage *image, struct kexec_segment *segment); void kimage_terminate(struct kimage *image); int kimage_is_destination_range(struct kimage *image, unsigned long start, unsigned long end); +int kexec_cmdline_prepend_img_name(char **outbuf, int kernel_fd, + const char *cmdline_ptr, + unsigned long cmdline_len); extern struct mutex kexec_mutex; From patchwork Wed Apr 24 00:15:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10913901 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5D8BC1515 for ; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4C66D28A05 for ; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4004728A0A; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D02F828A05 for ; Wed, 24 Apr 2019 00:16:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728946AbfDXAP5 (ORCPT ); Tue, 23 Apr 2019 20:15:57 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:39005 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728933AbfDXAPz (ORCPT ); Tue, 23 Apr 2019 20:15:55 -0400 Received: by mail-pf1-f194.google.com with SMTP id i17so8314088pfo.6; Tue, 23 Apr 2019 17:15:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=h9bNhb/vyVI8CKaP4voIFfDYS/TIEFClb5DV8TzqYBo=; b=NyxVWfA6b3lwfqX0Bt2LiGHyJgN7my9cHOcHQ+EswGBahIzm3rWa4Dc6YqEq4YFTOH WgSkqBAKF2MToU3LdMAZXok9TiXu777a/uYSwE2g4eSPtkQ4p6680kaOjwvtnFmhzRq2 wSxenJJpIoz3ejvm7rz1txhnIJauG0N2lo0LtGQGakRFZ5qeq+V+X7v9icD4MMC0leBq usyiNJ4c40lkQsVdeVTGYRWgxGw/n4r4Ix0+le0eaSWNxjRc9kJh5shy1XuD9He3JE2P 45mLmfUGBa0xorKpc0p+/+iW+gRCHjU25ojQjOSnjX02l1MRYVcRgQbbHCYf98jSnyb3 Y+ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=h9bNhb/vyVI8CKaP4voIFfDYS/TIEFClb5DV8TzqYBo=; b=MDrISQruprB7WhyY7VNI3nOn3NvVRZkHDQ36MZlHMFGimsRdr+FhFlnqmcdtJWJL2H MQjGL8l6Gf+V0CnX15QIJ5NtPiVVIcvRkcRRyqa8JIcgLDv510p3keoVJMiiYV4l+d4S aPgEgUJyhgfTGw+CnkR9jnTiHF2eX0VMj4/mz8i7k/IzxuAZtrxHT2/nlII/4mcJ9fgJ r/WKXtWxdgQgHo90pHo0zbD58+8PUZlKjxWW6aygwTwsr6TyYq3mEyub0BLHvKYkVmNi tIc1dKexbEUzMV53nW/iAp0lsBbnCvkHOnmK1pfv6J8NHxeIAjGL01uWs7TkQBGjOMC8 bVSg== X-Gm-Message-State: APjAAAUABdA7rIond7ptqQF4SIoZImkmE1LfNatHPEIou5pkQTrqEU5+ yAXozGyrQ0i+qxSOEXEwp9WT0NNo1Os= X-Google-Smtp-Source: APXvYqx6zsxArmk1PlcFE8b98yBbT3SpkJMQqpVj79Dy/DNwMKo3SYcY8GBVRcmP671IJ/+q+NlXUA== X-Received: by 2002:a63:575e:: with SMTP id h30mr27650448pgm.54.1556064954844; Tue, 23 Apr 2019 17:15:54 -0700 (PDT) Received: from prsriva-linux.corp.microsoft.com ([2001:4898:80e8:1:d4f:4d24:45fa:d461]) by smtp.gmail.com with ESMTPSA id n21sm58955712pfb.42.2019.04.23.17.15.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 17:15:53 -0700 (PDT) From: Prakhar Srivastava X-Google-Original-From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com, Prakhar Srivastava , Prakhar Srivastava Subject: [PATCH v2 4/5 RFC] added a buffer_check LSM hook Date: Tue, 23 Apr 2019 17:15:43 -0700 Message-Id: <20190424001544.7188-4-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190424001544.7188-1-prsriva02@gmail.com> References: <20190424001544.7188-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Prakhar Srivastava Signed-off-by: Prakhar Srivastava --- Currently for soft reboot(kexec_file_load) the kernel file and signature is measured by IMA. The cmdline args used to load the kernel is not measured. The boot aggregate that gets calculated will have no change since the EFI loader has not been triggered. Adding the kexec cmdline args measure and kernel version will add some attestable criteria. This patch adds a LSM hook for buffer_check Suggested by Mimi Zohar include/linux/lsm_hooks.h | 3 +++ include/linux/security.h | 5 +++++ security/security.c | 7 +++++++ 3 files changed, 15 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 080f34e66017..854bf3cac716 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1568,6 +1568,8 @@ union security_list_options { int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen); int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); + int (*buffer_check)(const void *buff, int size, const char *eventname); + #ifdef CONFIG_SECURITY_NETWORK int (*unix_stream_connect)(struct sock *sock, struct sock *other, struct sock *newsk); @@ -1813,6 +1815,7 @@ struct security_hook_heads { struct list_head inode_notifysecctx; struct list_head inode_setsecctx; struct list_head inode_getsecctx; + struct list_head buffer_check; #ifdef CONFIG_SECURITY_NETWORK struct list_head unix_stream_connect; struct list_head unix_may_send; diff --git a/include/linux/security.h b/include/linux/security.h index af675b576645..cbba0e119234 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -377,6 +377,8 @@ void security_inode_invalidate_secctx(struct inode *inode); int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); + +void security_buffer_measure(const void *buff, int size, char *eventname); #else /* CONFIG_SECURITY */ struct security_mnt_opts { }; @@ -776,6 +778,9 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid) *secid = 0; } +static inline void security_buffer_measure(const void *buff, int size, char *eventname) +{ } + static inline int security_inode_copy_up(struct dentry *src, struct cred **new) { return 0; diff --git a/security/security.c b/security/security.c index 38316bb28b16..a0dfdb015412 100644 --- a/security/security.c +++ b/security/security.c @@ -320,6 +320,13 @@ int security_bprm_check(struct linux_binprm *bprm) return ima_bprm_check(bprm); } +void security_buffer_measure(const void *buff, int size, char *eventname) +{ + call_void_hook(buffer_check, buff, size, eventname); + return ima_buffer_check(buff, size, eventname); +} + + void security_bprm_committing_creds(struct linux_binprm *bprm) { call_void_hook(bprm_committing_creds, bprm); From patchwork Wed Apr 24 00:15:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10913903 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 89DCB1575 for ; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7965628A05 for ; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6D34028A07; Wed, 24 Apr 2019 00:16:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F154828A06 for ; Wed, 24 Apr 2019 00:16:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728470AbfDXAQC (ORCPT ); Tue, 23 Apr 2019 20:16:02 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:37915 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728948AbfDXAP5 (ORCPT ); Tue, 23 Apr 2019 20:15:57 -0400 Received: by mail-pf1-f193.google.com with SMTP id 10so8312816pfo.5; Tue, 23 Apr 2019 17:15:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Pycg9+C9bswcmRyU8TzuQlgStI2j8eLUrkh/YIs9LC4=; b=jrMX1ev3szbH4DubtpUrkgvcYCNA/Rz6ct/zFlbS4zNaCpStXfXHZZKefr9YCOy5Ec okmVPjfjwSt4enrIurZpPP6VZjxU5kyJx1XgC/S92+//L6oN6JQzyUCCrxMs02zEQnx1 u65Y2E3pFFVtWvRJHU0w6NCDq2orkmoVYUZBmXsxws2x0vXiWPUYVVNY5JyGZjVfm/KB 2BAAqqIjodcAaXQg8ZtlB/c19p3FZx58vcfvq3w1l+e6z64E4JJtI8CKf5I0HuV6drVN hgH6xel4ey59yEZ2yXJ4GTR4xSCfmc/p/wZ/5IogdP/TOUqW0n4kHSCovo9T0HT1OQm7 JMug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Pycg9+C9bswcmRyU8TzuQlgStI2j8eLUrkh/YIs9LC4=; b=PDakXGP/ewfnS1PPAUdvbGbS2YilUnUMxfWaJGdqgvmyG/0WumYE0wzIiSNicAXT16 zMmJsMXhvWfXRCLPSS7KNCFff8QMovNJQ5kdrqUfytDWSf01xtlYygMGYplDdZHK3VXw NQdVw9pd46e1QuffT1tcrOaht+hsWVT89W+H4VD7C28Kd8wqrr4kcXzS28DLiv3y8ix8 M4eHENUrUO/eifaKIbsnTchvfYELXxnFA7i+SB8z+gz5603kllrv/lC+auCX1SFB1uzl Gd1HoGjelapHtAyj2egBqUxU/LwSfiIaAb60A6X7dsmPN3aSwFG98R2b0aIBIedjb+Og jfaw== X-Gm-Message-State: APjAAAUSaNg2CMfVrBELuscdKPK42wEGkNhFywkMWG5gvTc1UbGnyOl3 sTsM9YhfC1FKkcz00aVWP7cYu/lJv6o= X-Google-Smtp-Source: APXvYqyB5ey/k+LdWtgC5yc8pCGHy1vIKxeiDszzqdgVr8q7n9T6blBkrp4NPkL85O4v4QvhsgoOrA== X-Received: by 2002:a62:6807:: with SMTP id d7mr29268317pfc.75.1556064956523; Tue, 23 Apr 2019 17:15:56 -0700 (PDT) Received: from prsriva-linux.corp.microsoft.com ([2001:4898:80e8:1:d4f:4d24:45fa:d461]) by smtp.gmail.com with ESMTPSA id n21sm58955712pfb.42.2019.04.23.17.15.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 17:15:55 -0700 (PDT) From: Prakhar Srivastava X-Google-Original-From: Prakhar Srivastava To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org Cc: zohar@linux.ibm.com, ebiederm@xmission.com, vgoyal@redhat.com, Prakhar Srivastava , Prakhar Srivastava Subject: [PATCH v2 5/5 RFC] add the buffer to the event data in ima free entry data if store_template failed added check in templates for buffer Date: Tue, 23 Apr 2019 17:15:44 -0700 Message-Id: <20190424001544.7188-5-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190424001544.7188-1-prsriva02@gmail.com> References: <20190424001544.7188-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Prakhar Srivastava Signed-off-by: Prakhar Srivastava --- Currently for soft reboot(kexec_file_load) the kernel file and signature is measured by IMA. The cmdline args used to load the kernel is not measured. The boot aggregate that gets calculated will have no change since the EFI loader has not been triggered. Adding the kexec cmdline args measure and kernel version will add some attestable criteria. This patch adds the buffer to be measured as the event data. this also contains changes necessary for template security/integrity/ima/ima_main.c | 36 +++++++++++++++++++++-- security/integrity/ima/ima_template_lib.c | 3 +- security/integrity/integrity.h | 1 + 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index da82c705a5ed..204a7a1acb86 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -14,7 +14,7 @@ * * File: ima_main.c * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_file_check. + * ima_file_check and ima_buffer_check. */ #include #include @@ -180,16 +180,37 @@ static int process_buffer_measurement(const void *buff, int size, struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; } hash; + struct buffer_xattr { + enum evm_ima_xattr_type type; + u16 buff_length; + unsigned char buff[0]; + }; char *name = NULL; int violation = 0; int pcr = CONFIG_IMA_MEASURE_PCR_IDX; + struct buffer_xattr *buffer_event_data = NULL; + int alloc_length = 0; + int action = 0; if (!buff || size == 0 || !eventname) goto err_out; - if (ima_get_action(NULL, 0, BUFFER_CHECK, &pcr) != IMA_MEASURE) + action = ima_get_action(NULL, 0, BUFFER_CHECK, &pcr); + if (!(action & IMA_AUDIT) && !(action & IMA_MEASURE)) goto err_out; + alloc_length = sizeof(struct buffer_xattr) + size; + buffer_event_data = kzalloc(alloc_length, GFP_KERNEL); + if (!buffer_event_data) + goto err_out; + + buffer_event_data->type = IMA_BUFFER_CHECK; + buffer_event_data->buff_length = size; + memcpy(buffer_event_data->buff, buff, size); + + event_data.xattr_value = (struct evm_ima_xattr_data *)buffer_event_data; + event_data.xattr_len = alloc_length; + name = eventname; memset(iint, 0, sizeof(*iint)); memset(&hash, 0, sizeof(hash)); @@ -208,16 +229,25 @@ static int process_buffer_measurement(const void *buff, int size, if (ret < 0) goto err_out; - ret = ima_store_template(entry, violation, NULL, + if (action & IMA_MEASURE) + ret = ima_store_template(entry, violation, NULL, buff, pcr); + if (ret < 0) { ima_free_template_entry(entry); goto err_out; } + if (action & IMA_AUDIT) + ima_audit_measurement(iint, event_data.filename); + + kfree(buffer_event_data); return 0; err_out: + + kfree(buffer_event_data); + pr_err("Error in adding buffer measure: %d\n", ret); return ret; } diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index f9ba37b3928d..6050ef774355 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -322,7 +322,8 @@ int ima_eventsig_init(struct ima_event_data *event_data, int xattr_len = event_data->xattr_len; int rc = 0; - if ((!xattr_value) || (xattr_value->type != EVM_IMA_XATTR_DIGSIG)) + if ((!xattr_value) || !((xattr_value->type == EVM_IMA_XATTR_DIGSIG) || + (xattr_value->type == IMA_BUFFER_CHECK))) goto out; rc = ima_write_template_field_data(xattr_value, xattr_len, fmt, diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 24520b4ef3b0..a674ae5be231 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -58,6 +58,7 @@ enum evm_ima_xattr_type { EVM_XATTR_HMAC, EVM_IMA_XATTR_DIGSIG, IMA_XATTR_DIGEST_NG, + IMA_BUFFER_CHECK, IMA_XATTR_LAST };