From patchwork Mon Jun 24 06:23:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 11012393 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1E3601398 for ; Mon, 24 Jun 2019 06:25:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E15028ABE for ; Mon, 24 Jun 2019 06:25:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0176D28B2C; Mon, 24 Jun 2019 06:25:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6363028ABE for ; Mon, 24 Jun 2019 06:25:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727669AbfFXGYv (ORCPT ); Mon, 24 Jun 2019 02:24:51 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:43630 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727266AbfFXGYu (ORCPT ); Mon, 24 Jun 2019 02:24:50 -0400 Received: by mail-pf1-f193.google.com with SMTP id i189so6883566pfg.10; Sun, 23 Jun 2019 23:24:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HN5YV7Qd60ZchgjEv31k3P0Qt+jZVdCRyjf0E8NQ2IU=; b=ew5JlFz78/vAGM1p3EWka0Sw90/OUAbwMN8yHBT2ow1tdSdzGppSon0kLy2UbkHfy7 MWUzPBmOwbyQPN0QnAOEFS/peTDPD6kPWDl78wYXXem+V39cNUkmV9Q6b5XINUsMSd02 zUVbrawiSb+dpjpKXBR05ZSpyTuAgIpnHDDvp0KBRi3YFytxhcNvasxF4B9/kpvEaC9i fcC2Va8vDhpoSM5O/XJxTNj6Xarzy8//Xe46M8BCxrw1or+84Q0MJAZlMYZkTNeE3CJF 0+e9GNAZ/t4CR/WhyGyvcVxAOOeQq8vtbtyQgT3QZfvgdePKkPYDkd4HretCPclFhKXq knAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HN5YV7Qd60ZchgjEv31k3P0Qt+jZVdCRyjf0E8NQ2IU=; b=dnEGC7wtvWa2u9QvUsxb5AQxq8i9CqLZkpYUF7UGZHC6hYWELJlhpEXK51TteD7il9 FwzxzHkJc24ihW7RWptjwuPDYVEJMm+WRppnTNZkYPBFlRQiQMKAZ8IdFnx8fkTZBFKc cHCo9Gv5FqvZG1mNPjoaqITiVfd9QfSlVnqbffA+CzKpS+nPn0emS4+ZYSvfVmTvavlU kbbjtw2alCi1yf0PbHw2yhlRhJpBWmgNql2myNb4LFicTrlDYv8LO4/mOUpM+OikjHyo 2OESfFA1zE4663d5W1sOCw5poJOQh6bQldJPcoXXkP5hXRrfe921/1zKRwJsYpTp3kOU RX+g== X-Gm-Message-State: APjAAAWyGo9ltBmZuyRQBlmpQxIRqtaP6rNghunfIphPFy2EB77dHBIn v6lHSwYT/R/CQwNlSBFXrGP+28N2 X-Google-Smtp-Source: APXvYqwwqJxH6lHL8DCu/LqNlnM/FPDDRO1LQPR261ZvI/iFdxKmufP+WZFYBeuQy4r8fn3Qb4FVgw== X-Received: by 2002:a63:c10d:: with SMTP id w13mr30892813pgf.28.1561357489701; Sun, 23 Jun 2019 23:24:49 -0700 (PDT) Received: from prsriva-ThinkPad-P50s.hsd1.wa.comcast.net ([2601:602:9c01:c794:e00a:1dbc:5f62:b8ea]) by smtp.gmail.com with ESMTPSA id 191sm2641620pfu.177.2019.06.23.23.24.48 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sun, 23 Jun 2019 23:24:49 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH V10 1/3] IMA: Define a new hook to measure the kexec boot command line arguments Date: Sun, 23 Jun 2019 23:23:29 -0700 Message-Id: <20190624062331.388-2-prsriva02@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190624062331.388-1-prsriva02@gmail.com> References: <20190624062331.388-1-prsriva02@gmail.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently during soft reboot(kexec_file_load) boot command line arguments are not measured. Define hooks needed to measure kexec command line arguments during soft reboot(kexec_file_load). - A new ima hook ima_kexec_cmdline is defined to be called by the kexec code. - A new function process_buffer_measurement is defined to measure the buffer hash into the IMA measurement list. - A new func policy KEXEC_CMDLINE is defined to control the measurement.[Suggested by Mimi] Signed-off-by: Prakhar Srivastava --- Documentation/ABI/testing/ima_policy | 1 + include/linux/ima.h | 2 + security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_api.c | 1 + security/integrity/ima/ima_main.c | 72 ++++++++++++++++++++++++++++ security/integrity/ima/ima_policy.c | 7 +++ 6 files changed, 84 insertions(+) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index b383c1763610..fc376a323908 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -28,6 +28,7 @@ Description: base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] + [KEXEC_CMDLINE] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value diff --git a/include/linux/ima.h b/include/linux/ima.h index fd9f7cf4cdf5..b42f5a006042 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -26,6 +26,7 @@ extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); +extern void ima_kexec_cmdline(const void *buf, int size); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); @@ -92,6 +93,7 @@ static inline void ima_post_path_mknod(struct dentry *dentry) return; } +static inline void ima_kexec_cmdline(const void *buf, int size) {} #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index e7b9ea7732d9..bdca641f9e51 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -190,6 +190,7 @@ static inline unsigned long ima_hash_key(u8 *digest) hook(KEXEC_KERNEL_CHECK) \ hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ + hook(KEXEC_CMDLINE) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c0cf4bcfc82f..d426d4d1fe04 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -178,6 +178,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK + * | KEXEC_CMDLINE * mask: contains the permission mask * fsmagic: hex value * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index a7e7e2d7224c..2507bee1b762 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -609,6 +609,78 @@ int ima_load_data(enum kernel_load_data_id id) return 0; } +/* + * process_buffer_measurement - Measure the buffer to ima log. + * @buf: pointer to the buffer that needs to be added to the log. + * @size: size of buffer(in bytes). + * @eventname: event name to be used for the buffer entry. + * @cred: a pointer to a credentials structure for user validation. + * @secid: the secid of the task to be validated. + * + * Based on policy, the buffer is measured into the ima log. + */ +static void process_buffer_measurement(const void *buf, int size, + const char *eventname, + const struct cred *cred, u32 secid) +{ + int ret = 0; + struct ima_template_entry *entry = NULL; + struct integrity_iint_cache iint = {}; + struct ima_event_data event_data = {.iint = &iint, + .filename = eventname}; + struct ima_template_desc *template_desc = NULL; + struct { + struct ima_digest_data hdr; + char digest[IMA_MAX_DIGEST_SIZE]; + } hash = {}; + int violation = 0; + int pcr = CONFIG_IMA_MEASURE_PCR_IDX; + int action = 0; + + action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr, + &template_desc); + if (!(action & IMA_MEASURE)) + return; + + iint.ima_hash = &hash.hdr; + iint.ima_hash->algo = ima_hash_algo; + iint.ima_hash->length = hash_digest_size[ima_hash_algo]; + + ret = ima_calc_buffer_hash(buf, size, iint.ima_hash); + if (ret < 0) + goto out; + + ret = ima_alloc_init_template(&event_data, &entry, template_desc); + if (ret < 0) + goto out; + + ret = ima_store_template(entry, violation, NULL, buf, pcr); + + if (ret < 0) + ima_free_template_entry(entry); + +out: + return; +} + +/** + * ima_kexec_cmdline - measure kexec cmdline boot args + * @buf: pointer to buffer + * @size: size of buffer + * + * Buffers can only be measured, not appraised. + */ +void ima_kexec_cmdline(const void *buf, int size) +{ + u32 secid; + + if (buf && size != 0) { + security_task_getsecid(current, &secid); + process_buffer_measurement(buf, size, "kexec-cmdline", + current_cred(), secid); + } +} + static int __init init_ima(void) { int error; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 98c289559079..a3058b03a955 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -374,6 +374,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, { int i; + if (func == KEXEC_CMDLINE) { + if ((rule->flags & IMA_FUNC) && (rule->func == func)) + return true; + return false; + } if ((rule->flags & IMA_FUNC) && (rule->func != func && func != POST_SETATTR)) return false; @@ -956,6 +961,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) entry->func = KEXEC_INITRAMFS_CHECK; else if (strcmp(args[0].from, "POLICY_CHECK") == 0) entry->func = POLICY_CHECK; + else if (strcmp(args[0].from, "KEXEC_CMDLINE") == 0) + entry->func = KEXEC_CMDLINE; else result = -EINVAL; if (!result) From patchwork Mon Jun 24 06:23:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 11012387 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3587776 for ; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 237C828B2C for ; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1197428AC2; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 60F4328AC2 for ; Mon, 24 Jun 2019 06:25:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727699AbfFXGYz (ORCPT ); Mon, 24 Jun 2019 02:24:55 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:41740 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727680AbfFXGYw (ORCPT ); Mon, 24 Jun 2019 02:24:52 -0400 Received: by mail-pg1-f196.google.com with SMTP id y72so6528658pgd.8; Sun, 23 Jun 2019 23:24:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=s7KgeCWoIYvzHqbQO0gbh/ggWINu6e3+yzWokAE8U54=; b=u4de4LAPDzX8oPmZCuOTIZu5+4Dh3Bf7J5IdjgtWSkJTrAMioa4m4tQgZ7XG1jV+GY tt/hxdUxgVz2bwOr+VJ3MJ3LjcE4d9/Ke6OWRdqjwiUM63aM+kT/hplK/8JXbwu9nBO1 Pd/j5un4jp7ijBrliB5Xs86Ejp+994Cx84IVcnhCmBEzNeak1b1jfGeYaOcQMfZNr5jJ kOnYlW8PNbQdTvkXQDyRibVOaAKBp3JvsZeVOzKmE0vsyNg49IDVwuKMtXmrj2ZmiatJ kDua3OklzFbk5lFWQPGLZt99LTq48E87OvVHeDyKv/VAXB9F1BtLSpbyKHQ+gQju6YoQ 7kXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=s7KgeCWoIYvzHqbQO0gbh/ggWINu6e3+yzWokAE8U54=; b=qUuvM/AXh507usS3GLMoEKo5YCW4m8lIPphK2/CBD78lIlsa8T2T9HJqDHt7WKuXdA Sqe3D/v7f2Go/o2RCzTfTYZT0HxCSVk+hRfurqRg9+hDbGqcItomgbg48v9+vwcjUy96 9qeOwRm3+dCwJUSDBcKoyD28UKvt/bAwoN5+XDvz2Bovzj5AHP3TrKE2C88V57UJJEF+ hKzb1/Q5MlzsREoWS4D5z8as8m4+GfdQLbgbb+cOc70ssakfUVQFIAIiIq9nNrjawb1+ o2ihwtKwpDKM4/93lYvi4UbqCB8DNiO78dONqAO/Kgf6jonsqC6WyeQ+cdqPFoCeVY7z vAKw== X-Gm-Message-State: APjAAAXiArIqr/EPfuZybMYWCFO+S5CuoiPv04/q7HSg3XV2Y6nHvTQ2 /UUewu4GpEoezMhyjAB5MxNvgJz7 X-Google-Smtp-Source: APXvYqw+DdTMnXJ8GmRg0HuK0sJKr8U+Z02WZScMH4hXt0jYiQ6ClhiYbPu+HeIQoB8c1sZWFEFm3w== X-Received: by 2002:a63:d512:: with SMTP id c18mr32420591pgg.239.1561357490935; Sun, 23 Jun 2019 23:24:50 -0700 (PDT) Received: from prsriva-ThinkPad-P50s.hsd1.wa.comcast.net ([2601:602:9c01:c794:e00a:1dbc:5f62:b8ea]) by smtp.gmail.com with ESMTPSA id 191sm2641620pfu.177.2019.06.23.23.24.49 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sun, 23 Jun 2019 23:24:50 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH V10 2/3] IMA: Define a new template field buf Date: Sun, 23 Jun 2019 23:23:30 -0700 Message-Id: <20190624062331.388-3-prsriva02@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190624062331.388-1-prsriva02@gmail.com> References: <20190624062331.388-1-prsriva02@gmail.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A buffer(kexec boot command line arguments) measured into IMA measuremnt list cannot be appraised, without already being aware of the buffer contents. Since hashes are non-reversible, raw buffer is needed for validation or regenerating hash for appraisal/attestation. Add support to store/read the buffer contents in HEX. The kexec cmdline hash is stored in the "d-ng" field of the template data,it can be verified using sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements | grep kexec-cmdline | cut -d' ' -f 6 | xxd -r -p | sha256sum - Add two new fields to ima_event_data to hold the buf and buf_len [Suggested by Roberto] - Add a new temaplte field 'buf' to be used to store/read the buffer data.[Suggested by Mimi] - Updated process_buffer_meaurement to add the buffer to ima_event_data. process_buffer_measurement added in "Define a new IMA hook to measure the boot command line arguments" - Add a new template policy name ima-buf to represent 'd-ng|n-ng|buf' Signed-off-by: Prakhar Srivastava Reviewed-by: Roberto Sassu Reviewed-by: James Morris --- Documentation/security/IMA-templates.rst | 7 ++++--- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_main.c | 4 +++- security/integrity/ima/ima_template.c | 3 +++ security/integrity/ima/ima_template_lib.c | 21 +++++++++++++++++++++ security/integrity/ima/ima_template_lib.h | 4 ++++ 6 files changed, 37 insertions(+), 4 deletions(-) diff --git a/Documentation/security/IMA-templates.rst b/Documentation/security/IMA-templates.rst index 2cd0e273cc9a..3d1cca287aa4 100644 --- a/Documentation/security/IMA-templates.rst +++ b/Documentation/security/IMA-templates.rst @@ -69,15 +69,16 @@ descriptors by adding their identifier to the format string algorithm (field format: [:]digest, where the digest prefix is shown only if the hash algorithm is not SHA1 or MD5); - 'n-ng': the name of the event, without size limitations; - - 'sig': the file signature. + - 'sig': the file signature; + - 'buf': the buffer data that was used to generate the hash without size limitations; Below, there is the list of defined template descriptors: - "ima": its format is ``d|n``; - "ima-ng" (default): its format is ``d-ng|n-ng``; - - "ima-sig": its format is ``d-ng|n-ng|sig``. - + - "ima-sig": its format is ``d-ng|n-ng|sig``; + - "ima-buf": its format is ``d-ng|n-ng|buf``; Use diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index bdca641f9e51..6aa28ab53d27 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -65,6 +65,8 @@ struct ima_event_data { struct evm_ima_xattr_data *xattr_value; int xattr_len; const char *violation; + const void *buf; + int buf_len; }; /* IMA template field data definition */ diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 2507bee1b762..317c4b6f2c18 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -627,7 +627,9 @@ static void process_buffer_measurement(const void *buf, int size, struct ima_template_entry *entry = NULL; struct integrity_iint_cache iint = {}; struct ima_event_data event_data = {.iint = &iint, - .filename = eventname}; + .filename = eventname, + .buf = buf, + .buf_len = size}; struct ima_template_desc *template_desc = NULL; struct { struct ima_digest_data hdr; diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 00dd5a434689..a01a17e5c581 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -26,6 +26,7 @@ static struct ima_template_desc builtin_templates[] = { {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT}, {.name = "ima-ng", .fmt = "d-ng|n-ng"}, {.name = "ima-sig", .fmt = "d-ng|n-ng|sig"}, + {.name = "ima-buf", .fmt = "d-ng|n-ng|buf"}, {.name = "", .fmt = ""}, /* placeholder for a custom format */ }; @@ -43,6 +44,8 @@ static const struct ima_template_field supported_fields[] = { .field_show = ima_show_template_string}, {.field_id = "sig", .field_init = ima_eventsig_init, .field_show = ima_show_template_sig}, + {.field_id = "buf", .field_init = ima_eventbuf_init, + .field_show = ima_show_template_buf}, }; #define MAX_TEMPLATE_NAME_LEN 15 diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 513b457ae900..baf4de45c5aa 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -162,6 +162,12 @@ void ima_show_template_sig(struct seq_file *m, enum ima_show_type show, ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data); } +void ima_show_template_buf(struct seq_file *m, enum ima_show_type show, + struct ima_field_data *field_data) +{ + ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data); +} + /** * ima_parse_buf() - Parses lengths and data from an input buffer * @bufstartp: Buffer start address. @@ -389,3 +395,18 @@ int ima_eventsig_init(struct ima_event_data *event_data, return ima_write_template_field_data(xattr_value, event_data->xattr_len, DATA_FMT_HEX, field_data); } + +/* + * ima_eventbuf_init - include the buffer(kexec-cmldine) as part of the + * template data. + */ +int ima_eventbuf_init(struct ima_event_data *event_data, + struct ima_field_data *field_data) +{ + if ((!event_data->buf) || (event_data->buf_len == 0)) + return 0; + + return ima_write_template_field_data(event_data->buf, + event_data->buf_len, DATA_FMT_HEX, + field_data); +} diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h index 6a3d8b831deb..12f1a8578b31 100644 --- a/security/integrity/ima/ima_template_lib.h +++ b/security/integrity/ima/ima_template_lib.h @@ -29,6 +29,8 @@ void ima_show_template_string(struct seq_file *m, enum ima_show_type show, struct ima_field_data *field_data); void ima_show_template_sig(struct seq_file *m, enum ima_show_type show, struct ima_field_data *field_data); +void ima_show_template_buf(struct seq_file *m, enum ima_show_type show, + struct ima_field_data *field_data); int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp, int maxfields, struct ima_field_data *fields, int *curfields, unsigned long *len_mask, int enforce_mask, char *bufname); @@ -42,4 +44,6 @@ int ima_eventname_ng_init(struct ima_event_data *event_data, struct ima_field_data *field_data); int ima_eventsig_init(struct ima_event_data *event_data, struct ima_field_data *field_data); +int ima_eventbuf_init(struct ima_event_data *event_data, + struct ima_field_data *field_data); #endif /* __LINUX_IMA_TEMPLATE_LIB_H */ From patchwork Mon Jun 24 06:23:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prakhar Srivastava X-Patchwork-Id: 11012389 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5630913B4 for ; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4906828AC2 for ; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3D3A028B2C; Mon, 24 Jun 2019 06:25:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BBF3228B1E for ; Mon, 24 Jun 2019 06:25:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727682AbfFXGYx (ORCPT ); Mon, 24 Jun 2019 02:24:53 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:46314 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727266AbfFXGYx (ORCPT ); Mon, 24 Jun 2019 02:24:53 -0400 Received: by mail-pg1-f194.google.com with SMTP id v9so6512131pgr.13; Sun, 23 Jun 2019 23:24:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0IvJHoD0x6Z/N31hvvGGVGsE7+bjH2MX+F9HjOeromU=; b=NZyt9A/FB82vZiEifdr4Gx0xRekMuZIHBVLc2U4ciy49oyXnteKcbU3xAWpZIH2Oi0 QqUJZ+arQh/RT94jLsK6IWOt4GUGUOl4w1VMPgcoxBf14CzYX6lJk+ZOXkdCGqc+EG6w TFi44c4Dd8PW752R9KlLakLU49Wz9A2M/qfAG8wALOpUyS8gGbt2FyWyal3iRntzcWco ApVGW8Sy6mQeBzPTpyejshIpszTRZzop41iqenSASYj/tKxS5cI2BrtMuutB0zvoc5bI Bpz+yoZ5CbAZwxdqiz2Np+SzSIRNXE2EJ8lzuDwyFG+HDB0VhGxZwcbpPfjRvXukzUPy goMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0IvJHoD0x6Z/N31hvvGGVGsE7+bjH2MX+F9HjOeromU=; b=DKzuBrCv82+ZPM/15q+iML71BkEdnTvwOHBNzlJgsR6E0T9O6I76K8RRjHQ4XXtH2V /Ds9EvUhXYn3AZ5fd36p16T7lA4HUaVMxsSFbOR2gtTe+KvxgdE6o4dFSLQWMqOt2yWH r4UpxTujwVS0du+Dz837f12YxAignvVsvwQ/lFbVoVr+uAhgtrPRISDt6axVVUPMcCcv IVLhdRVs0hISuau7bLZpLx+EHo2hZYthqcbsvhwe/vbDLET2aRYJRDcwiEViHrJBx2gE LTPWhQAqRXfhLul2FLg902FFA2ueoh+cshXWTE87H0dN69NHhc1RQsXVwjrCbQbL246T +d5w== X-Gm-Message-State: APjAAAXIZbg/qNiMrd3rQ79GDUawYCgD+I4ugxtnBFC+RM+w75bKzhzH z41oMw2wlFzch2oOZUWDd9byb0MD X-Google-Smtp-Source: APXvYqxTzWCohtq7uhbcpUGfCJQdaCRM5/dDC1t+UWjKV1bWOZDk0wItx04vbN7k1hGgnsy6X7/wDA== X-Received: by 2002:a63:4641:: with SMTP id v1mr25070516pgk.347.1561357492003; Sun, 23 Jun 2019 23:24:52 -0700 (PDT) Received: from prsriva-ThinkPad-P50s.hsd1.wa.comcast.net ([2601:602:9c01:c794:e00a:1dbc:5f62:b8ea]) by smtp.gmail.com with ESMTPSA id 191sm2641620pfu.177.2019.06.23.23.24.51 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sun, 23 Jun 2019 23:24:51 -0700 (PDT) From: Prakhar Srivastava To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huawei.com, vgoyal@redhat.com, Prakhar Srivastava Subject: [PATCH V10 3/3] KEXEC: Call ima_kexec_cmdline to measure the boot command line args Date: Sun, 23 Jun 2019 23:23:31 -0700 Message-Id: <20190624062331.388-4-prsriva02@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190624062331.388-1-prsriva02@gmail.com> References: <20190624062331.388-1-prsriva02@gmail.com> MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP During soft reboot(kexec_file_load) boot command line arguments are not measured. Call ima hook ima_kexec_cmdline to measure the boot command line arguments into IMA measurement list. - call ima_kexec_cmdline from kexec_file_load. - move the call ima_add_kexec_buffer after the cmdline args have been measured. Signed-off-by: Prakhar Srivastava Reviewed-by: James Morris Acked-by: Dave Young --- kernel/kexec_file.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 072b6ee55e3f..b0c724e5d86c 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -198,9 +198,6 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, return ret; image->kernel_buf_len = size; - /* IMA needs to pass the measurement list to the next kernel. */ - ima_add_kexec_buffer(image); - /* Call arch image probe handlers */ ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, image->kernel_buf_len); @@ -241,8 +238,14 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, ret = -EINVAL; goto out; } + + ima_kexec_cmdline(image->cmdline_buf, + image->cmdline_buf_len - 1); } + /* IMA needs to pass the measurement list to the next kernel. */ + ima_add_kexec_buffer(image); + /* Call arch image load handlers */ ldata = arch_kexec_kernel_image_load(image);