From patchwork Tue May 21 00:06:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10952737 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CAD7017D2 for ; Tue, 21 May 2019 00:07:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BBBB72886F for ; Tue, 21 May 2019 00:07:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B01D328939; Tue, 21 May 2019 00:07:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2B4FB28910 for ; Tue, 21 May 2019 00:07:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727213AbfEUAGw (ORCPT ); Mon, 20 May 2019 20:06:52 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:45941 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726370AbfEUAGw (ORCPT ); Mon, 20 May 2019 20:06:52 -0400 Received: by mail-pg1-f196.google.com with SMTP id i21so7545314pgi.12; Mon, 20 May 2019 17:06:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=U/AtKdH1X5etutLrjMupbicBsqHo7eOYlc1fu2CjeOg=; b=Wxlxe5ooDvuYSuuaz4UPFjxn8yUh3iBe3vONjM43XTHb1v6RTzCxD23y4Dx4q8DljS gfXGBmSCE7fDIWCJQKvMhu+mORKiah/YKrWjoH6Yp6ESNhgd9ev0rpU+5oIzUmZl8O1p xXzywFGHaRPZsDEeecS1KAPbu2LXydQ67kmoeJ2eQWTdGy7K9OxKDvyB+ZYn/n7Wj4dX 9V8BLb3B7hA4BWmln3KtOEe898JpIx97NF+SUiaNPX3D6ab91cU41Fqqnf2wlKNzzShb 2m85hmR0EVoK+/jS/nvg9OUEVFnj17uHeYAE5pJqjdVXsgevjCVHvqCau/X6i1Lsa0Sm 2aNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=U/AtKdH1X5etutLrjMupbicBsqHo7eOYlc1fu2CjeOg=; b=PYgSuRGjdOn/XlSTBhWeqMWrrDZnwqKhvx4aFU/asM90NRzu1cfM1OEYEbKbyng/Ns RfRPDOhLe+a5MmzVLeCDA6Pw/D/aoX9LEV963ixhAWRFUYSiMQtndKWScQOzikMgwJot 7QuA7BcFPMHpEt1mBCPh+dHnxPzVP587ERbdnAFoWoFk018x1Nf1R19kOwbUDIA6B7Qa 5mRkR9bbpqni/a85Ql5D+J3vlxteADXPgHAVhzGjjpL2QG07BtBFw2fF0La5GKJC4sZX vxI4Pp2vheGOgetig7OfBRgRjltl4TLLnzcl7EAT9vaocwTmnP1uXt9mMg/xo6Eg74Mx 1W+A== X-Gm-Message-State: APjAAAVWZfMxY1oP7dWUHXV/Eei1h3XzLig0McazJCDo9skKBd2JZah6 be4R/qADH5PaRowGpH2o+g1eVkFAiW/wqg== X-Google-Smtp-Source: APXvYqyNo4YpyKICOFtq2BuyOdLZylHnTR8DKr/rFxHJRd5iL1ZE/eKeu5Q1lo5+ctPfSdpfKHVasA== X-Received: by 2002:a62:128a:: with SMTP id 10mr82715681pfs.225.1558397210961; Mon, 20 May 2019 17:06:50 -0700 (PDT) Received: from prsriva-Precision-Tower-5810.corp.microsoft.com ([2001:4898:80e8:1:e5e3:4312:180a:c25e]) by smtp.gmail.com with ESMTPSA id i16sm5939149pfd.100.2019.05.20.17.06.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 May 2019 17:06:50 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: mjg59@google.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH v6 1/3] Add a new ima hook ima_kexec_cmdline to measure cmdline args Date: Mon, 20 May 2019 17:06:43 -0700 Message-Id: <20190521000645.16227-2-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190521000645.16227-1-prsriva02@gmail.com> References: <20190521000645.16227-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently during kexec_file_load(soft reboot) the cmdline args passed are not measured and the PCR values are not reset. This results in the new kernel to assume a secure boot was followed. The boot args used to launch the new kernel need to be measured and carried over to the next kernel to be used for attestation. IMA supports only measuring files, no functionality exists to measure a buffer(kexec cmdline). This change adds a new functionality to measure buffers process_buffer_measurement which uses the hash of the buffer instead of file hash to add an entry in the ima log. A new ima hook ima_kexec_cmdline is also defined which calls into process_buffer_measurement to add the kexec_cmdline args to the log. A new policy KEXEC_CMDLINE is also defined to control measuring the kexec_cmdline buffer. This patch only adds IMA_MEASURE as a supported functionality. - A new ima hook ima_kexec_cmdline is defined to be called by the kexec code. - A new function process_buffer_measurement is defined to measure the buffer hash into the ima log. - A new func policy KEXEC_CMDLINE is defined to control the measurement. Signed-off-by: Prakhar Srivastava --- Documentation/ABI/testing/ima_policy | 1 + include/linux/ima.h | 2 + security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_api.c | 1 + security/integrity/ima/ima_main.c | 77 ++++++++++++++++++++++++++++ security/integrity/ima/ima_policy.c | 9 ++++ 6 files changed, 91 insertions(+) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 74c6702de74e..62e7cd687e9c 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -29,6 +29,7 @@ Description: base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] + [KEXEC_CMDLINE] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value diff --git a/include/linux/ima.h b/include/linux/ima.h index dc12fbcf484c..2e2c77280be8 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -26,6 +26,7 @@ extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); +extern void ima_kexec_cmdline(const void *buf, int size); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); @@ -92,6 +93,7 @@ static inline void ima_post_path_mknod(struct dentry *dentry) return; } +static inline void ima_kexec_cmdline(const void *buf, int size) {} #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d213e835c498..226a26d8de09 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -184,6 +184,7 @@ static inline unsigned long ima_hash_key(u8 *digest) hook(KEXEC_KERNEL_CHECK) \ hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ + hook(KEXEC_CMDLINE) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c7505fb122d4..800d965232e5 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -169,6 +169,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK + * | KEXEC_CMDLINE * mask: contains the permission mask * fsmagic: hex value * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 357edd140c09..a88c28918a63 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -576,6 +576,83 @@ int ima_load_data(enum kernel_load_data_id id) return 0; } +/* + * process_buffer_measurement - Measure the buffer to ima log. + * @buf: pointer to the buffer that needs to be added to the log. + * @size: size of buffer(in bytes). + * @eventname: event name to be used for the buffer entry. + * @cred: a pointer to a credentials structure for user validation. + * @secid: the secid of the task to be validated. + * + * Based on policy, the buffer is measured into the ima log. + */ +static void process_buffer_measurement(const void *buf, int size, + const char *eventname, const struct cred *cred, + u32 secid) +{ + int ret = 0; + struct ima_template_entry *entry = NULL; + struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; + struct ima_event_data event_data = {iint, NULL, NULL, + NULL, 0, NULL}; + struct { + struct ima_digest_data hdr; + char digest[IMA_MAX_DIGEST_SIZE]; + } hash; + int violation = 0; + int pcr = CONFIG_IMA_MEASURE_PCR_IDX; + int action = 0; + + action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr); + if (!(action & IMA_MEASURE)) + goto out; + + memset(iint, 0, sizeof(*iint)); + memset(&hash, 0, sizeof(hash)); + + event_data.filename = eventname; + + iint->ima_hash = &hash.hdr; + iint->ima_hash->algo = ima_hash_algo; + iint->ima_hash->length = hash_digest_size[ima_hash_algo]; + + ret = ima_calc_buffer_hash(buf, size, iint->ima_hash); + if (ret < 0) + goto out; + + ret = ima_alloc_init_template(&event_data, &entry); + if (ret < 0) + goto out; + + if (action & IMA_MEASURE) + ret = ima_store_template(entry, violation, NULL, buf, pcr); + + if (ret < 0) { + ima_free_template_entry(entry); + } + +out: + return; +} + +/** + * ima_kexec_cmdline - measure kexec cmdline boot args + * @buf: pointer to buffer + * @size: size of buffer + * + * Buffers can only be measured, not appraised. + */ +void ima_kexec_cmdline(const void *buf, int size) +{ + u32 secid; + + if (buf && size != 0) { + security_task_getsecid(current, &secid); + process_buffer_measurement(buf, size, "kexec-cmdline", + current_cred(), secid); + } +} + static int __init init_ima(void) { int error; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e0cc323f948f..413e5921b248 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -291,6 +291,13 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, { int i; + /* only incase of KEXEC_CMDLINE, inode is NULL */ + if (func == KEXEC_CMDLINE) { + if ((rule->flags & IMA_FUNC) && + (rule->func == func) && (!inode)) + return true; + return false; + } if ((rule->flags & IMA_FUNC) && (rule->func != func && func != POST_SETATTR)) return false; @@ -869,6 +876,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) entry->func = KEXEC_INITRAMFS_CHECK; else if (strcmp(args[0].from, "POLICY_CHECK") == 0) entry->func = POLICY_CHECK; + else if (strcmp(args[0].from, "KEXEC_CMDLINE") == 0) + entry->func = KEXEC_CMDLINE; else result = -EINVAL; if (!result) From patchwork Tue May 21 00:06:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10952731 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7DE4E1390 for ; Tue, 21 May 2019 00:07:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6ED6E2886F for ; Tue, 21 May 2019 00:07:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6328728931; Tue, 21 May 2019 00:07:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B356E2886F for ; Tue, 21 May 2019 00:07:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727279AbfEUAGz (ORCPT ); Mon, 20 May 2019 20:06:55 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:43003 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726370AbfEUAGy (ORCPT ); Mon, 20 May 2019 20:06:54 -0400 Received: by mail-pg1-f194.google.com with SMTP id 145so7554339pgg.9; Mon, 20 May 2019 17:06:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JxIaeN4SD4CFbhbqaNpRlsoW5dHafJRRD8QpnczeAmQ=; b=cd4yskvtJ+KUGfjpl4WQ6FSqDhTfq7P08JFzEoT98G6r2q/jxYhAoGe2/ANamf+b2m bqYRtwf1bHWJYmKDHrDKfaozXQqDeyw78Q/TUVYIYYh639MOFdxXj/+l4wgIRXh1gAg1 I0w3o9EVCs2Vx2Z+99NgjB5u3OVeBb9FMpSkVtB00pMRJdpd6pgrKaWYOp55z0TPVAj5 uImyfWbltCwY602rzFzGL/6RRdxV6GvQN+F8/DeUGOmfKQgDPXzPSXXDQlZmDXyc9YOm YAXWiRyb8TOgJq2p1D+u0EedmgKTUy8FPRe+os11O3skdxZIagAam+LuhMBiCEk4KQXT Cz1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JxIaeN4SD4CFbhbqaNpRlsoW5dHafJRRD8QpnczeAmQ=; b=OiN6rKDcAnCnp+xQfblyJVHwnffrlqYTeMVd4G7tCARnBndJzn9jLwqzWyl6IuggGb azb/7SGKl7jVnP62CF0wrUFC5WwOYSPQJmYqZLBHy8PJIP7pXOYXXC4OnfMPc4HLyFVF gwX2xNzzl/UdBL6CHLVpDIIzJF0ka2Il7PeRaOKKN5H2AQieODlbMIRRa+iXBZjKuOZ2 6UhQHA947kPyvyRQ/b82uZa6Mf+/QPf87IhgrnkezUxs7KEkPQCeq3rbyC+1C1jO7/Ke Z99h74LG7qcVDplM2GE/wqyVISeAszTrN4e7s8qwGchq/EjV8uQkLWqCrKVVS2u1rYHY rN7g== X-Gm-Message-State: APjAAAWZF9gMr4mZrSwjyxlq5C/iMkIIYcSwiNjXiesoOd/tqWY+q7gi E77zY3GSH0I9qOVpzVPtOZwLPbydwmjXyg== X-Google-Smtp-Source: APXvYqymWVKYvHzfToNoW6hRcyCmFIj+AwqwvbnQLIRLaSQglL1AclWoZC40y5bdREA0+k3LCxG8Xw== X-Received: by 2002:a62:e00e:: with SMTP id f14mr83173348pfh.257.1558397213403; Mon, 20 May 2019 17:06:53 -0700 (PDT) Received: from prsriva-Precision-Tower-5810.corp.microsoft.com ([2001:4898:80e8:1:e5e3:4312:180a:c25e]) by smtp.gmail.com with ESMTPSA id i16sm5939149pfd.100.2019.05.20.17.06.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 May 2019 17:06:52 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: mjg59@google.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH v6 2/3] add a new ima template field buf Date: Mon, 20 May 2019 17:06:44 -0700 Message-Id: <20190521000645.16227-3-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190521000645.16227-1-prsriva02@gmail.com> References: <20190521000645.16227-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A buffer(cmdline args) measured into ima cannot be appraised without already being aware of the buffer contents.Since we don't know what cmdline args will be passed (or need to validate what was passed) it is not possible to appraise it. Since hashs are non reversible the raw buffer is needed to recompute the hash. To regenrate the hash of the buffer and appraise the same the contents of the buffer need to be available. A new template field buf is added to the existing ima template fields, which can be used to store/read the buffer itself. Two new fields are added to the ima_event_data to carry the buf and buf_len whenever necessary. Updated the process_buffer_measurement call to add the buf to the ima_event_data. process_buffer_measurement added in "Add a new ima hook ima_kexec_cmdline to measure cmdline args" - Add a new template field 'buf' to be used to store/read the buffer data. - Added two new fields to ima_event_data to hold the buf and buf_len [Suggested by Roberto] -Updated process_buffer_meaurement to add the buffer to ima_event_data Signed-off-by: Prakhar Srivastava Reviewed-by: Roberto Sassu --- Documentation/security/IMA-templates.rst | 2 +- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_api.c | 4 ++-- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_main.c | 4 +++- security/integrity/ima/ima_template.c | 2 ++ security/integrity/ima/ima_template_lib.c | 20 ++++++++++++++++++++ security/integrity/ima/ima_template_lib.h | 4 ++++ 8 files changed, 35 insertions(+), 5 deletions(-) diff --git a/Documentation/security/IMA-templates.rst b/Documentation/security/IMA-templates.rst index 2cd0e273cc9a..9cddb66727ee 100644 --- a/Documentation/security/IMA-templates.rst +++ b/Documentation/security/IMA-templates.rst @@ -70,7 +70,7 @@ descriptors by adding their identifier to the format string prefix is shown only if the hash algorithm is not SHA1 or MD5); - 'n-ng': the name of the event, without size limitations; - 'sig': the file signature. - + - 'buf': the buffer data that was used to generate the hash without size limitations. Below, there is the list of defined template descriptors: diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 226a26d8de09..4a82541dc3b6 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -65,6 +65,8 @@ struct ima_event_data { struct evm_ima_xattr_data *xattr_value; int xattr_len; const char *violation; + const void *buf; + int buf_len; }; /* IMA template field data definition */ diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 800d965232e5..c12f1cd38f8f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -134,7 +134,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, struct ima_template_entry *entry; struct inode *inode = file_inode(file); struct ima_event_data event_data = {iint, file, filename, NULL, 0, - cause}; + cause, NULL, 0}; int violation = 1; int result; @@ -286,7 +286,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct inode *inode = file_inode(file); struct ima_template_entry *entry; struct ima_event_data event_data = {iint, file, filename, xattr_value, - xattr_len, NULL}; + xattr_len, NULL, NULL, 0}; int violation = 0; if (iint->measured_pcrs & (0x1 << pcr)) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 6c9295449751..0c34d3100b5b 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void) struct ima_template_entry *entry; struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; struct ima_event_data event_data = {iint, NULL, boot_aggregate_name, - NULL, 0, NULL}; + NULL, 0, NULL, NULL, 0}; int result = -ENOMEM; int violation = 0; struct { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index a88c28918a63..6c5691b65b84 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -594,7 +594,7 @@ static void process_buffer_measurement(const void *buf, int size, struct ima_template_entry *entry = NULL; struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; struct ima_event_data event_data = {iint, NULL, NULL, - NULL, 0, NULL}; + NULL, 0, NULL, NULL, 0}; struct { struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; @@ -611,6 +611,8 @@ static void process_buffer_measurement(const void *buf, int size, memset(&hash, 0, sizeof(hash)); event_data.filename = eventname; + event_data.buf = buf; + event_data.buf_len = size; iint->ima_hash = &hash.hdr; iint->ima_hash->algo = ima_hash_algo; diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index b631b8bc7624..a76d1c04162a 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -43,6 +43,8 @@ static const struct ima_template_field supported_fields[] = { .field_show = ima_show_template_string}, {.field_id = "sig", .field_init = ima_eventsig_init, .field_show = ima_show_template_sig}, + {.field_id = "buf", .field_init = ima_eventbuf_init, + .field_show = ima_show_template_buf}, }; #define MAX_TEMPLATE_NAME_LEN 15 diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 513b457ae900..43d1404141c1 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -162,6 +162,12 @@ void ima_show_template_sig(struct seq_file *m, enum ima_show_type show, ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data); } +void ima_show_template_buf(struct seq_file *m, enum ima_show_type show, + struct ima_field_data *field_data) +{ + ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data); +} + /** * ima_parse_buf() - Parses lengths and data from an input buffer * @bufstartp: Buffer start address. @@ -389,3 +395,17 @@ int ima_eventsig_init(struct ima_event_data *event_data, return ima_write_template_field_data(xattr_value, event_data->xattr_len, DATA_FMT_HEX, field_data); } + +/* + * ima_eventbuf_init - include the buffer(kexec-cmldine) as part of the + * template data. + */ +int ima_eventbuf_init(struct ima_event_data *event_data, + struct ima_field_data *field_data) +{ + if ((!event_data->buf) || (event_data->buf_len == 0)) + return 0; + + return ima_write_template_field_data(event_data->buf, event_data->buf_len, + DATA_FMT_HEX, field_data); +} diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h index 6a3d8b831deb..f0178bc60c55 100644 --- a/security/integrity/ima/ima_template_lib.h +++ b/security/integrity/ima/ima_template_lib.h @@ -29,6 +29,8 @@ void ima_show_template_string(struct seq_file *m, enum ima_show_type show, struct ima_field_data *field_data); void ima_show_template_sig(struct seq_file *m, enum ima_show_type show, struct ima_field_data *field_data); +void ima_show_template_buf(struct seq_file *m, enum ima_show_type show, + struct ima_field_data *field_data); int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp, int maxfields, struct ima_field_data *fields, int *curfields, unsigned long *len_mask, int enforce_mask, char *bufname); @@ -42,4 +44,6 @@ int ima_eventname_ng_init(struct ima_event_data *event_data, struct ima_field_data *field_data); int ima_eventsig_init(struct ima_event_data *event_data, struct ima_field_data *field_data); +int ima_eventbuf_init(struct ima_event_data *event_data, + struct ima_field_data *field_data); #endif /* __LINUX_IMA_TEMPLATE_LIB_H */ From patchwork Tue May 21 00:06:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 10952729 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 82EFE912 for ; Tue, 21 May 2019 00:07:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73DA62886F for ; Tue, 21 May 2019 00:07:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 67B322892D; Tue, 21 May 2019 00:07:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1FA3F2886F for ; Tue, 21 May 2019 00:07:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727338AbfEUAG5 (ORCPT ); Mon, 20 May 2019 20:06:57 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:44202 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727319AbfEUAG4 (ORCPT ); Mon, 20 May 2019 20:06:56 -0400 Received: by mail-pg1-f195.google.com with SMTP id n2so886247pgp.11; Mon, 20 May 2019 17:06:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1yoN/ic+Auw9uJWvyGTewovBaYwnACSuIGV6GIUz8AQ=; b=XJDRGlQMlUosJ5Mg5JKUcAqICzEoZ6fnxeJ1mRBakghEeIMs2cHJSh7F1xmFUcSCzT 8vSLW7x0GHT82mQu5d/K0U/Qc1B9b0ENB7hSLas40ByixsHSjefZrGwZXjWax5d317CV IA6oekMu/WPPGvus26xUalii1CK2XqBqINVdZkTC+r/UwIXYSEqYEmSJz5ynxtUi5oNJ ZLQYdBr/r6C8dg9wPzPT+oAY6JvKZyW5iCXSrD02JamMSiHagVsidJNDiHbaGxoCvYbk 6ujGUPqL9Iy9vvrmJEzNIDjWLCXdo0q6RB6TsBODAZF/NDfjMIuGdjAgDF4XbKy2Fg02 QZgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1yoN/ic+Auw9uJWvyGTewovBaYwnACSuIGV6GIUz8AQ=; b=PN+Ng8SxixTEURAXRnjolPtFL270IFsewO+P0m+JOrFeDqypH2LWbtWZpuFZNn232H gaP+5N8wdbn6LoJ5opB+eDR1Sey3XDusSqUOJCndRCYQyAZAE1A/iMwXGIyQ+TpaUORB KabOtrDXjTLTIS3zmPdLp0ohGCTV0v1jqrQV3om62UrKbjAopBl5FCcLPECF40d2mNxv z6OZ78lt2oA15O/gHwZZZ2PZUxfoEkfLBwldSCeF5nK6AkMNly+h9XJeXeBTMbgyDz1e 9jLPVgvic7OhEPN3imYCdfz/PqyvIIqVPpYF8qdPywgUI9Aa1g4PKJn+1pOmcmAL4bBj VOdA== X-Gm-Message-State: APjAAAUXYxc04radiAqo9wLc+8lRFSl44PRx7LfrMgUXAVuOmk3nH8re GaPf0thPA/VZ9SiOzFWRX5YZdrY+IAt88A== X-Google-Smtp-Source: APXvYqz5McZmyf02dFOcHsmr8oHPkuNwM1ouhKJ3ecm085qvCV4DpjQW8xBrJ/mXtDpkZ4rlxln7NA== X-Received: by 2002:a63:40b:: with SMTP id 11mr62107358pge.31.1558397215422; Mon, 20 May 2019 17:06:55 -0700 (PDT) Received: from prsriva-Precision-Tower-5810.corp.microsoft.com ([2001:4898:80e8:1:e5e3:4312:180a:c25e]) by smtp.gmail.com with ESMTPSA id i16sm5939149pfd.100.2019.05.20.17.06.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 May 2019 17:06:54 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: mjg59@google.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH v6 3/3] call ima_kexec_cmdline to measure the cmdline args Date: Mon, 20 May 2019 17:06:45 -0700 Message-Id: <20190521000645.16227-4-prsriva02@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190521000645.16227-1-prsriva02@gmail.com> References: <20190521000645.16227-1-prsriva02@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP During soft reboot(kexec_file_load) boot cmdline args are not measured.Thus the new kernel on load boots with an assumption of cold reboot. This patch makes a call to the ima hook ima_kexec_cmdline, added in "Add a new ima hook ima_kexec_cmdline to measure cmdline args" to measure the boot cmdline args into the ima log. - call ima_kexec_cmdline from kexec_file_load. - move the call ima_add_kexec_buffer after the cmdline args have been measured. Signed-off-by: Prakhar Srivastava --- kernel/kexec_file.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f1d0e00a3971..fcc04a230925 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -198,9 +198,6 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, return ret; image->kernel_buf_len = size; - /* IMA needs to pass the measurement list to the next kernel. */ - ima_add_kexec_buffer(image); - /* Call arch image probe handlers */ ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, image->kernel_buf_len); @@ -241,8 +238,13 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, ret = -EINVAL; goto out; } + + ima_kexec_cmdline(image->cmdline_buf, image->cmdline_buf_len - 1); } + /* IMA needs to pass the measurement list to the next kernel. */ + ima_add_kexec_buffer(image); + /* Call arch image load handlers */ ldata = arch_kexec_kernel_image_load(image);