From patchwork Fri May 31 14:02:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10970239 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 946356C5 for ; Fri, 31 May 2019 14:03:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8112328D0E for ; Fri, 31 May 2019 14:03:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6606728D11; Fri, 31 May 2019 14:03:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 085EC28BDD for ; Fri, 31 May 2019 14:03:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726037AbfEaODj (ORCPT ); Fri, 31 May 2019 10:03:39 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:36351 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726700AbfEaODi (ORCPT ); Fri, 31 May 2019 10:03:38 -0400 Received: by mail-lf1-f65.google.com with SMTP id q26so8012616lfc.3; Fri, 31 May 2019 07:03:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=PRisEFiAzs0UBk9yhEwg6SHyV1hVyDK73ysonpeTsxE=; b=hIf7q2osecUnb+VDqvVy0e1Jvx4wqFrUOCxrsclnLXX26wlAjy0a7gcb4i3ujUZeIh eCPRF+cbxXIW7hFZiS4rOxueKTS4Fl+cbX2izE7xMlvOCYJ7e/2NxhsOGEbVKYvXXc7k jTf3c3C0VRpjxi1h3YWFg9FLtdJxR7h415ic28KHczvFqNu7sTqNOeK73jH8aytM3dKK mjGVush5Be69cYQUiZL5xzH0syBPLej9Y9iehk9ItAVygat6bzzyEgi7mdjbo7SAODvj iMEPDj//lbT4Imd1mV7+NJ36sWa806wxGx55yA4CwOU6uc0QZlPfHBGfUbhSQGOKQVls T9gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=PRisEFiAzs0UBk9yhEwg6SHyV1hVyDK73ysonpeTsxE=; b=kL4ynptWYGP+CTQmrM+wztyOmybZE4/Ss8EwzcCKppV93mnGrr73Aqcr1asxHp1aG1 4j7URXtC7MOVGUhJKe3PKlJ/yi2IzDo/0H4mmDAMugLr7CYSlVmbPZ4rDf6TLAgXvz7d bofPszqqteL50wfv6cdH0xdeMrNnVLYkftWIYxx72REkS7QKrHbe9HaO9R2ownqB2Vs3 G/q5zRaQAWK626fo77xMr0vi5/EqW28nuj6JvxUPM/NYMHqQanB8nyD8pqiTdopUggNN wfjiVfj0bOU281EILb9uSfh5s1US+3798Gq50WKm8KRwtUIjnwMawPkSjiEnWEdXmdwk y6hg== X-Gm-Message-State: APjAAAWvTM4DhrlM0tXokokecr/GrLpXOYs2yR9AsGCj9YV5QyUOW68R T/RpG1vgammZ7v+eTzHWzhckf4bzbkg= X-Google-Smtp-Source: APXvYqyz6dRCdp0U6mfFInrNeB7yoKVKeuEGCJ0ME7oUjv3Ey2VX8RExx84uDZyXTO29uiuZwpYvgg== X-Received: by 2002:a19:6b04:: with SMTP id d4mr5579063lfa.57.1559311416504; Fri, 31 May 2019 07:03:36 -0700 (PDT) Received: from localhost.localdomain (mobile-user-c1d2e5-213.dhcp.inet.fi. [193.210.229.213]) by smtp.gmail.com with ESMTPSA id d15sm670412lfq.76.2019.05.31.07.03.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 May 2019 07:03:35 -0700 (PDT) From: Janne Karhunen To: sds@tycho.nsa.gov, zohar@linux.ibm.com, paul@paul-moore.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Janne Karhunen Subject: [PATCH 1/2] LSM: switch to blocking policy update notifiers Date: Fri, 31 May 2019 17:02:36 +0300 Message-Id: <20190531140237.9199-1-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Atomic policy updaters are not very useful as they cannot usually perform the policy updates on their own. Since it seems that there is no strict need for the atomicity, switch to the blocking variant. Signed-off-by: Janne Karhunen --- security/security.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/security/security.c b/security/security.c index 23cbb1a295a3..c5e69ce81521 100644 --- a/security/security.c +++ b/security/security.c @@ -39,7 +39,7 @@ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) struct security_hook_heads security_hook_heads __lsm_ro_after_init; -static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); +static BLOCKING_NOTIFIER_HEAD(lsm_notifier_chain); static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; @@ -432,19 +432,19 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, int call_lsm_notifier(enum lsm_event event, void *data) { - return atomic_notifier_call_chain(&lsm_notifier_chain, event, data); + return blocking_notifier_call_chain(&lsm_notifier_chain, event, data); } EXPORT_SYMBOL(call_lsm_notifier); int register_lsm_notifier(struct notifier_block *nb) { - return atomic_notifier_chain_register(&lsm_notifier_chain, nb); + return blocking_notifier_chain_register(&lsm_notifier_chain, nb); } EXPORT_SYMBOL(register_lsm_notifier); int unregister_lsm_notifier(struct notifier_block *nb) { - return atomic_notifier_chain_unregister(&lsm_notifier_chain, nb); + return blocking_notifier_chain_unregister(&lsm_notifier_chain, nb); } EXPORT_SYMBOL(unregister_lsm_notifier); From patchwork Fri May 31 14:02:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10970245 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A33816C5 for ; Fri, 31 May 2019 14:04:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 922F428AD2 for ; Fri, 31 May 2019 14:04:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8629828B15; Fri, 31 May 2019 14:04:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 017CE28CD4 for ; Fri, 31 May 2019 14:04:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726546AbfEaOEP (ORCPT ); Fri, 31 May 2019 10:04:15 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:46941 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726421AbfEaOEP (ORCPT ); Fri, 31 May 2019 10:04:15 -0400 Received: by mail-lf1-f65.google.com with SMTP id l26so7974616lfh.13; Fri, 31 May 2019 07:04:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NbiFOXPIgLQl8X4RPOXyYI26kwMW4SPGkalTFBiRZ70=; b=DsDJ/R5syVbbBzUegwP9YPJCreqBZD4YX6TDNd2S1lE+3vnZkJ+L3BwzzMbCOm6Y9u GxTayoeoJIU4SG3p8edN2dwYKuKLU7b3JedDnvp5advMX/y+Hy78LyIMApCxsTpz1z0h gVZqZCtSP51XD+s+6quoOXY3nrQm/1CHqUeXC9khCAkf1iOSc7KENq1RvHhku8vbGZIo DuSTsHEMzMGniXiisWit+QIcXyJm8l0AKawQwnec0HjXXbPvxIGVgNVCX2TOmZsVU9rI XW3Ai4/0Kg9cUUPtInjvrgioxTSrt8Uxx3f6ptm+SIBsxZloXrybEqWpRkbatZvc5t/N GFAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NbiFOXPIgLQl8X4RPOXyYI26kwMW4SPGkalTFBiRZ70=; b=fOEk4PUaGJ9YDqZCB30/T43QI7oJQ/GzlSE8FN5IMylw0qdxliYNWLPa35vXgRwuL/ 3iloqU9PNThj57jjZsPgU5dErIDcLI9C+2Gcx/Bnm8jgatqryKjcZB3fbInsYgi0BCc8 AnamG5kXD2eDD28eBE7UjuonJy56KrG5agBVqhjgkAKthwcOutVp8kaVdjZB3bQSBEuD H8K1XxlQQIzxZScxIh2LqoD/yx4tUAG2Y6/OrmAtg8mx5VS7eGQmFQUJT3Lj0cOzfLj+ YXpU2Rbd6kEuWa27l2XDoXPYwt46EHKnD9RIk6pXbp/dU6sDFyYjU3Z/81aV5lwlzCzr KMig== X-Gm-Message-State: APjAAAWPAkPLo3IWJGAEnPZ/WDzpeYmxgDcV5iRFharVElMRR0HQwOFe cisUXzX12C0Cz9UgCfhUX0pPGeT7uoY= X-Google-Smtp-Source: APXvYqxBCKqkK0/ycIl6x26U+uJ74w4gr3ePPAhUqv9OuTLs3y2WzkKqv/jkbOG/+uPUfrj56/+nYw== X-Received: by 2002:ac2:5621:: with SMTP id b1mr5460421lff.27.1559311452507; Fri, 31 May 2019 07:04:12 -0700 (PDT) Received: from localhost.localdomain (mobile-user-c1d2e5-213.dhcp.inet.fi. [193.210.229.213]) by smtp.gmail.com with ESMTPSA id d15sm670412lfq.76.2019.05.31.07.04.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 May 2019 07:04:11 -0700 (PDT) From: Janne Karhunen To: sds@tycho.nsa.gov, zohar@linux.ibm.com, paul@paul-moore.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Janne Karhunen Subject: [PATCH 2/2] ima: use the lsm policy update notifier Date: Fri, 31 May 2019 17:02:37 +0300 Message-Id: <20190531140237.9199-2-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190531140237.9199-1-janne.karhunen@gmail.com> References: <20190531140237.9199-1-janne.karhunen@gmail.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Don't do lazy policy updates while running the rule matching, run the updates as they happen. Depends on commit cda44589be1c ("LSM: switch to blocking policy update notifiers") Signed-off-by: Janne Karhunen --- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_main.c | 8 ++++++ security/integrity/ima/ima_policy.c | 44 +++++++++++++++++++++-------- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d213e835c498..2203451862d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -154,6 +154,8 @@ unsigned long ima_get_binary_runtime_size(void); int ima_init_template(void); void ima_init_template_list(void); int __init ima_init_digests(void); +int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, + void *lsm_data); /* * used to protect h_table and sha_table diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 357edd140c09..f9629c5e1aee 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -43,6 +43,10 @@ int ima_appraise; int ima_hash_algo = HASH_ALGO_SHA1; static int hash_setup_done; +static struct notifier_block ima_lsm_policy_notifier = { + .notifier_call = ima_lsm_policy_change, +}; + static int __init hash_setup(char *str) { struct ima_template_desc *template_desc = ima_template_desc_current(); @@ -593,6 +597,10 @@ static int __init init_ima(void) error = ima_init(); } + error = register_lsm_notifier(&ima_lsm_policy_notifier); + if (error) + pr_warn("Couldn't register LSM notifier, error %d\n", error); + if (!error) ima_update_policy_flag(); diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e0cc323f948f..4201a21ff42f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -252,12 +252,14 @@ __setup("ima_appraise_tcb", default_appraise_policy_setup); /* * The LSM policy can be reloaded, leaving the IMA LSM based rules referring * to the old, stale LSM policy. Update the IMA LSM based rules to reflect - * the reloaded LSM policy. We assume the rules still exist; and BUG_ON() if - * they don't. + * the reloaded LSM policy. */ static void ima_lsm_update_rules(void) { struct ima_rule_entry *entry; + void *rule_new; + char *lsm_new; + char *lsm_old; int result; int i; @@ -265,15 +267,39 @@ static void ima_lsm_update_rules(void) for (i = 0; i < MAX_LSM_RULES; i++) { if (!entry->lsm[i].rule) continue; + + lsm_old = entry->lsm[i].args_p; + lsm_new = kstrdup(lsm_old, GFP_KERNEL); + if (unlikely(!lsm_new)) + return; + result = security_filter_rule_init(entry->lsm[i].type, Audit_equal, - entry->lsm[i].args_p, - &entry->lsm[i].rule); - BUG_ON(!entry->lsm[i].rule); + lsm_new, + &rule_new); + if (result == -EINVAL) + pr_warn("ima: rule for LSM \'%d\' is invalid\n", + entry->lsm[i].type); + + entry->lsm[i].rule = rule_new; + entry->lsm[i].args_p = lsm_new; + synchronize_rcu(); + + kfree(lsm_old); } } } +int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, + void *lsm_data) +{ + if (event != LSM_POLICY_CHANGE) + return NOTIFY_DONE; + + ima_lsm_update_rules(); + return NOTIFY_OK; +} + /** * ima_match_rules - determine whether an inode matches the measure rule. * @rule: a pointer to a rule @@ -327,11 +353,10 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid; - int retried = 0; if (!rule->lsm[i].rule) continue; -retry: + switch (i) { case LSM_OBJ_USER: case LSM_OBJ_ROLE: @@ -352,11 +377,6 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, default: break; } - if ((rc < 0) && (!retried)) { - retried = 1; - ima_lsm_update_rules(); - goto retry; - } if (!rc) return false; }