From patchwork Sat Sep 4 09:59:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 12476583 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 786A3C433FE for ; Mon, 6 Sep 2021 08:14:54 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EFC0B61050 for ; Mon, 6 Sep 2021 08:14:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org EFC0B61050 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aisec.fraunhofer.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-189-c6MmleaBOn-mHGgRBnA5FQ-1; Mon, 06 Sep 2021 04:14:51 -0400 X-MC-Unique: c6MmleaBOn-mHGgRBnA5FQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9E9A6180FD97; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 85DCC6F7F0; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5C56844A5A; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 184A036j024027 for ; Sat, 4 Sep 2021 06:00:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8BAD5163CF1; Sat, 4 Sep 2021 10:00:03 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 85ED511FC82 for ; Sat, 4 Sep 2021 10:00:03 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 691DD811E76 for ; Sat, 4 Sep 2021 10:00:03 +0000 (UTC) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-462-EJozrlbiPKOG5_u406xieQ-1; Sat, 04 Sep 2021 05:59:59 -0400 X-MC-Unique: EJozrlbiPKOG5_u406xieQ-1 Received: from weisslap.aisec.fraunhofer.de ([178.27.102.95]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MQPVR-1mZKVm0Xib-00MKNG; Sat, 04 Sep 2021 11:59:55 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Paul Moore , Casey Schaufler Date: Sat, 4 Sep 2021 11:59:28 +0200 Message-Id: <20210904095934.5033-2-michael.weiss@aisec.fraunhofer.de> In-Reply-To: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> References: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:F7jaxNLYZmcHF31SeDO+/f2fM6Km0AGZZ2iZRrudUczWZW+SkYM RZb7OceToHw+2fUZRitGde1LH2HkEKoUmCu7+PMBTKs+bSx5Ezybz6c8/3MXK53+Oavx5dQ S6t+OPa2RU7SyEMuVip10b5CwlUZeU7XGVblBW0U2plg3stgW33kIczyUpHzefS9hPs1ZK6 xZp8RYrhh4uCWo8+csVUw== X-UI-Out-Filterresults: notjunk:1;V03:K0:OxiizS/gnH0=:CaGTwi+Ugena1QurnT762+ QqmfZdY8PzDAjAMDec35CKLQI05fYiMvRp53xLD7kPpzuUDLfR3VFh0hP4bVlgC5EsfXCtGIU S87OSj11tV5kUZm1kQNcr4WNGtX6+T25JDvvZSCuQkZ2tSxdChQ8luWvkiCt8R/clMQpxMn+j 2HN0s2C53zYq4gim3qK7U24KfNtIXB82X0v4PxADWWY9zcR5PWSMzbqRi4gK3dFaeLKdDG0bv LJuGnWln0gNpw5t6c/7G8k6lj/YSnHXAWgpYYSBZyALPRostrjbBgJXLLqDRKYsr6JNp1G9UC RbtWubJt17nKfX7gNSk1anjylaGJxQP5LXa6Z//PGehue68cK+crn43zP7wAmDwXXeMP5EGKV XIyQpYV/2AscZyweUeLl1p9NK7I/B48BROgSW3LwziOchsB5V4dC8tysW4/T6O2YISKwz50Nw AHR1ET2rpyYJh2Pqm515IUyeIVYMtfn0XCY/ts9AWB41oNbnB3qFx65Vu/J5MWXcbjAJRkxLY pP74ILtG501tlJNbgwXrOxC1cWfMJlLjWo5kWUn9LcKpVH9pOEM5o2g88jhQJND9eBRkp0MzD kHPoIgwnJCl3vOdCt5GiJP45gFnn7OCw46jkeEaxACYbu4GsEafTCEVEWCszreFPiEr6oQU08 ajEP/WWkiLX4s0fQa+aLD9I2VL5WdYik4jpIewWq7pAcVfGf2JSr3SSvoFnlwX+LZpXAAlMS/ ge4lTc98AsqYjGpZ3oNn2DIat383MeQ7tRou/z5Ok8//OV9f7iYdiyWluFo= X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 06 Sep 2021 04:14:38 -0400 Cc: =?utf-8?q?Michael_Wei=C3=9F?= , Mike Snitzer , linux-kernel@vger.kernel.org, Eric Paris , linux-raid@vger.kernel.org, Song Liu , dm-devel@redhat.com, linux-audit@redhat.com, Alasdair Kergon Subject: [dm-devel] [PATCH v4 1/3] dm: introduce audit event module for device mapper X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com To be able to send auditing events to user space, we introduce a generic dm-audit module. It provides helper functions to emit audit events through the kernel audit subsystem. We claim the AUDIT_DM_CTRL type=1336 and AUDIT_DM_EVENT type=1337 out of the audit event messages range in the corresponding userspace api in 'include/uapi/linux/audit.h' for those events. AUDIT_DM_CTRL is used to provide information about creation and destruction of device mapper targets which are triggered by user space admin control actions. AUDIT_DM_EVENT is used to provide information about actual errors during operation of the mapped device, showing e.g. integrity violations in audit log. Following commits to device mapper targets actually will make use of this to emit those events in relevant cases. The audit logs look like this if executing the following simple test: # dd if=/dev/zero of=test.img bs=1M count=1024 # losetup -f test.img # integritysetup -vD format --integrity sha256 -t 32 /dev/loop0 # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # integritysetup close integritytest # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # dd if=/dev/urandom of=/dev/loop0 bs=512 count=1 seek=100000 # dd if=/dev/mapper/integritytest of=/dev/null ------------------------- audit.log from auditd type=UNKNOWN[1336] msg=audit(1630425039.363:184): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.471:185): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.611:186): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425054.475:187): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425073.171:191): module=integrity op=ctr ppid=3807 pid=3883 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425087.239:192): module=integrity op=dtr ppid=3807 pid=3902 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425093.755:193): module=integrity op=ctr ppid=3807 pid=3906 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1337] msg=audit(1630425112.119:194): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:195): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:196): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:197): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:198): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:199): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:200): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:201): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:202): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:203): module=integrity op=integrity-checksum dev=254:3 sector=77480 res=0 Signed-off-by: Michael Weiß --- drivers/md/Kconfig | 10 +++++ drivers/md/Makefile | 4 ++ drivers/md/dm-audit.c | 84 ++++++++++++++++++++++++++++++++++++++ drivers/md/dm-audit.h | 66 ++++++++++++++++++++++++++++++ include/uapi/linux/audit.h | 2 + 5 files changed, 166 insertions(+) create mode 100644 drivers/md/dm-audit.c create mode 100644 drivers/md/dm-audit.h diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index 0602e82a9516..48adbec12148 100644 --- a/drivers/md/Kconfig +++ b/drivers/md/Kconfig @@ -608,6 +608,7 @@ config DM_INTEGRITY select CRYPTO select CRYPTO_SKCIPHER select ASYNC_XOR + select DM_AUDIT if AUDIT help This device-mapper target emulates a block device that has additional per-sector tags that can be used for storing @@ -640,4 +641,13 @@ config DM_ZONED If unsure, say N. +config DM_AUDIT + bool "DM audit events" + depends on AUDIT + help + Generate audit events for device-mapper. + + Enables audit logging of several security relevant events in the + particular device-mapper targets, especially the integrity target. + endif # MD diff --git a/drivers/md/Makefile b/drivers/md/Makefile index a74aaf8b1445..2f83d649500d 100644 --- a/drivers/md/Makefile +++ b/drivers/md/Makefile @@ -103,3 +103,7 @@ endif ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y) dm-verity-objs += dm-verity-verify-sig.o endif + +ifeq ($(CONFIG_DM_AUDIT),y) +dm-mod-objs += dm-audit.o +endif diff --git a/drivers/md/dm-audit.c b/drivers/md/dm-audit.c new file mode 100644 index 000000000000..3049dfe67e50 --- /dev/null +++ b/drivers/md/dm-audit.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Creating audit records for mapped devices. + * + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved. + * + * Authors: Michael Weiß + */ + +#include +#include +#include +#include +#include + +#include "dm-audit.h" +#include "dm-core.h" + +static struct audit_buffer *dm_audit_log_start(int audit_type, + const char *dm_msg_prefix, + const char *op) +{ + struct audit_buffer *ab; + + if (audit_enabled == AUDIT_OFF) + return NULL; + + ab = audit_log_start(audit_context(), GFP_KERNEL, audit_type); + if (unlikely(!ab)) + return NULL; + + audit_log_format(ab, "module=%s op=%s", dm_msg_prefix, op); + return ab; +} + +void dm_audit_log_ti(int audit_type, const char *dm_msg_prefix, const char *op, + struct dm_target *ti, int result) +{ + struct audit_buffer *ab = NULL; + struct mapped_device *md = dm_table_get_md(ti->table); + int dev_major = dm_disk(md)->major; + int dev_minor = dm_disk(md)->first_minor; + + switch (audit_type) { + case AUDIT_DM_CTRL: + ab = dm_audit_log_start(audit_type, dm_msg_prefix, op); + if (unlikely(!ab)) + return; + audit_log_task_info(ab); + audit_log_format(ab, " dev=%d:%d error_msg='%s'", dev_major, + dev_minor, !result ? ti->error : "success"); + break; + case AUDIT_DM_EVENT: + ab = dm_audit_log_start(audit_type, dm_msg_prefix, op); + if (unlikely(!ab)) + return; + audit_log_format(ab, " dev=%d:%d sector=?", dev_major, + dev_minor); + break; + default: /* unintended use */ + return; + } + + audit_log_format(ab, " res=%d", result); + audit_log_end(ab); +} +EXPORT_SYMBOL_GPL(dm_audit_log_ti); + +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op, + struct bio *bio, sector_t sector, int result) +{ + struct audit_buffer *ab; + int dev_major = MAJOR(bio->bi_bdev->bd_dev); + int dev_minor = MINOR(bio->bi_bdev->bd_dev); + + ab = dm_audit_log_start(AUDIT_DM_EVENT, dm_msg_prefix, op); + if (unlikely(!ab)) + return; + + audit_log_format(ab, " dev=%d:%d sector=%llu res=%d", + dev_major, dev_minor, sector, result); + audit_log_end(ab); +} +EXPORT_SYMBOL_GPL(dm_audit_log_bio); diff --git a/drivers/md/dm-audit.h b/drivers/md/dm-audit.h new file mode 100644 index 000000000000..2385f2b659be --- /dev/null +++ b/drivers/md/dm-audit.h @@ -0,0 +1,66 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Creating audit records for mapped devices. + * + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved. + * + * Authors: Michael Weiß + */ + +#ifndef DM_AUDIT_H +#define DM_AUDIT_H + +#include +#include + +#ifdef CONFIG_DM_AUDIT +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op, + struct bio *bio, sector_t sector, int result); + +/* + * dm_audit_log_ti() is not intended to be used directly in dm modules, + * the wrapper functions below should be called by dm modules instead. + */ +void dm_audit_log_ti(int audit_type, const char *dm_msg_prefix, const char *op, + struct dm_target *ti, int result); + +static inline void dm_audit_log_ctr(const char *dm_msg_prefix, + struct dm_target *ti, int result) +{ + dm_audit_log_ti(AUDIT_DM_CTRL, dm_msg_prefix, "ctr", ti, result); +} + +static inline void dm_audit_log_dtr(const char *dm_msg_prefix, + struct dm_target *ti, int result) +{ + dm_audit_log_ti(AUDIT_DM_CTRL, dm_msg_prefix, "dtr", ti, result); +} + +static inline void dm_audit_log_target(const char *dm_msg_prefix, const char *op, + struct dm_target *ti, int result) +{ + dm_audit_log_ti(AUDIT_DM_EVENT, dm_msg_prefix, op, ti, result); +} +#else +static inline void dm_audit_log_bio(const char *dm_msg_prefix, const char *op, + struct bio *bio, sector_t sector, + int result) +{ +} +static inline void dm_audit_log_target(const char *dm_msg_prefix, + const char *op, struct dm_target *ti, + int result) +{ +} +static inline void dm_audit_log_ctr(const char *dm_msg_prefix, + struct dm_target *ti, int result) +{ +} + +static inline void dm_audit_log_dtr(const char *dm_msg_prefix, + struct dm_target *ti, int result) +{ +} +#endif + +#endif diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index daa481729e9b..6650ab6def2a 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -118,6 +118,8 @@ #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */ #define AUDIT_BPF 1334 /* BPF subsystem */ #define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */ +#define AUDIT_DM_CTRL 1336 /* Device Mapper target control */ +#define AUDIT_DM_EVENT 1337 /* Device Mapper events */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ From patchwork Sat Sep 4 09:59:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 12476579 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73E20C433F5 for ; Mon, 6 Sep 2021 08:14:48 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2753061039 for ; Mon, 6 Sep 2021 08:14:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2753061039 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aisec.fraunhofer.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-573-ifxcKmQHOeWQKQxI-ld85g-1; Mon, 06 Sep 2021 04:14:44 -0400 X-MC-Unique: ifxcKmQHOeWQKQxI-ld85g-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 58BFF5188; Mon, 6 Sep 2021 08:14:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19D143A08; Mon, 6 Sep 2021 08:14:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BCAD51809C98; Mon, 6 Sep 2021 08:14:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 184A05Vj024038 for ; Sat, 4 Sep 2021 06:00:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id 48CE0207B328; Sat, 4 Sep 2021 10:00:05 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4477C207B444 for ; Sat, 4 Sep 2021 10:00:02 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8CC36866DF1 for ; Sat, 4 Sep 2021 10:00:02 +0000 (UTC) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-511-Yd6wmlmNN6aKdwf3lo5lmA-1; Sat, 04 Sep 2021 06:00:00 -0400 X-MC-Unique: Yd6wmlmNN6aKdwf3lo5lmA-1 Received: from weisslap.aisec.fraunhofer.de ([178.27.102.95]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MGQ85-1mCLaN0BKv-00GsJy; Sat, 04 Sep 2021 11:59:58 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Paul Moore , Casey Schaufler Date: Sat, 4 Sep 2021 11:59:29 +0200 Message-Id: <20210904095934.5033-3-michael.weiss@aisec.fraunhofer.de> In-Reply-To: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> References: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:RP+JHEoDg5VvsKjeP9S5rZHlghsg8MPUmfTGnKeICw1pmu8IjvF OqwSNzXO21A5q/0TqrUIufY8Y/d1CphP5BWCfpcIDQ4qKmXolaojP2QXcW4C9cNvPraIZqA s+rz7wh/mfaP+3VwVm+RJQmGuoSBXeGNxAVKb70YQN9e4/6uGIcMW89xYuOKKvWkgwomfMk cSJ6eLjIfC+AUxv7vTdUQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:xcpveqbB3/Q=:Drx6HjR5aUtbb/iUMNedIW WBml1Bh2K2iDqa7q5vicmyALkVUqFa0TCFD0gy1EGWh5z3GJydcG7UGXdi9rgIqvJIskyQriR de/v4tur8L0RyGlEM6gQszd0kR+eZn9PzR2xsO6KQh6oKk+n9542WZ4uwHwcxjvJF2uLCV1Xp fqF2Jvr5rG6xS/ZqI1jpgOXyAQA8ZMsICB9scTQQwyA/CEZWxIm4xRBQhzN8JfV8yO/lPfumC PT5NAmYZKnvp0TUHhOhoNd48aWzPq//ZRNJNlqfePQAksy7sX3XyqOfbF8kuyHqd5oekorX5w f9Uh/yAFaGTEfUqPAC6/p1lyc/EUaQyWmY+DLzXi8VPuR5wxlYkQ5Xbpe3VSaAZElN8k6doCY WQG4R4SPjAOxzLF08zgos9AXFqTEW2dwBxidFhtt4fOGr3ZVVvO+SShZAwpq94LgorCc4Bc5A rYFX69D6vhWsZpbGzsJPTjHSpeUY5leOVkQb1CskSs44dP0oYB3eTEHXpnKUGAYlHenU12yYo PqNB07m/iTY4hA2bokDAqxM+a8GMQdv7umqqhx7k2aRtnrOWG5Eh5ee5hxlwh6pi8PWoRBs8p QN2yoktEDXimqWbcrIqx8tIZGD0mM+iFc6YC3lV61zud6ADveT523g2jerbz9cyrHnYxp/x5H c2JIUuWNjqiCOvcCQtSztwybhQObbrKZTXGYqi6IcMPq0zBZY9XT4ykVY2/9iay+CsFJCO0vX JR/OCqVSvkNpXc14EZy/8iW8EbUQeGms4FEfRllTWBoBsAPPDZ2d+j7Gvxo= X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 06 Sep 2021 04:14:38 -0400 Cc: =?utf-8?q?Michael_Wei=C3=9F?= , Mike Snitzer , linux-kernel@vger.kernel.org, Eric Paris , linux-raid@vger.kernel.org, Song Liu , dm-devel@redhat.com, linux-audit@redhat.com, Alasdair Kergon Subject: [dm-devel] [PATCH v4 2/3] dm integrity: log audit events for dm-integrity target X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com dm-integrity signals integrity violations by returning I/O errors to user space. To identify integrity violations by a controlling instance, the kernel audit subsystem can be used to emit audit events to user space. We use the new dm-audit submodule allowing to emit audit events on relevant I/O errors. The construction and destruction of integrity device mappings are also relevant for auditing a system. Thus, those events are also logged as audit events. Signed-off-by: Michael Weiß --- drivers/md/dm-integrity.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 20f2510db1f6..a881ead4b506 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -23,6 +23,8 @@ #include #include +#include "dm-audit.h" + #define DM_MSG_PREFIX "integrity" #define DEFAULT_INTERLEAVE_SECTORS 32768 @@ -539,6 +541,7 @@ static int sb_mac(struct dm_integrity_c *ic, bool wr) } if (memcmp((__u8 *)ic->sb + (1 << SECTOR_SHIFT) - size, result, size)) { dm_integrity_io_error(ic, "superblock mac", -EILSEQ); + dm_audit_log_target(DM_MSG_PREFIX, "mac-superblock", ic->ti, 0); return -EILSEQ; } } @@ -876,8 +879,10 @@ static void rw_section_mac(struct dm_integrity_c *ic, unsigned section, bool wr) if (likely(wr)) memcpy(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR); else { - if (memcmp(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR)) + if (memcmp(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR)) { dm_integrity_io_error(ic, "journal mac", -EILSEQ); + dm_audit_log_target(DM_MSG_PREFIX, "mac-journal", ic->ti, 0); + } } } } @@ -1782,10 +1787,15 @@ static void integrity_metadata(struct work_struct *w) if (unlikely(r)) { if (r > 0) { char b[BDEVNAME_SIZE]; - DMERR_LIMIT("%s: Checksum failed at sector 0x%llx", bio_devname(bio, b), - (sector - ((r + ic->tag_size - 1) / ic->tag_size))); + sector_t s; + + s = sector - ((r + ic->tag_size - 1) / ic->tag_size); + DMERR_LIMIT("%s: Checksum failed at sector 0x%llx", + bio_devname(bio, b), s); r = -EILSEQ; atomic64_inc(&ic->number_of_mismatches); + dm_audit_log_bio(DM_MSG_PREFIX, "integrity-checksum", + bio, s, 0); } if (likely(checksums != checksums_onstack)) kfree(checksums); @@ -1991,6 +2001,8 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio, if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) { DMERR_LIMIT("Checksum failed when reading from journal, at sector 0x%llx", logical_sector); + dm_audit_log_bio(DM_MSG_PREFIX, "journal-checksum", + bio, logical_sector, 0); } } #endif @@ -2534,8 +2546,10 @@ static void do_journal_write(struct dm_integrity_c *ic, unsigned write_start, integrity_sector_checksum(ic, sec + ((l - j) << ic->sb->log2_sectors_per_block), (char *)access_journal_data(ic, i, l), test_tag); - if (unlikely(memcmp(test_tag, journal_entry_tag(ic, je2), ic->tag_size))) + if (unlikely(memcmp(test_tag, journal_entry_tag(ic, je2), ic->tag_size))) { dm_integrity_io_error(ic, "tag mismatch when replaying journal", -EILSEQ); + dm_audit_log_target(DM_MSG_PREFIX, "integrity-replay-journal", ic->ti, 0); + } } journal_entry_set_unused(je2); @@ -4490,9 +4504,11 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) if (ic->discard) ti->num_discard_bios = 1; + dm_audit_log_ctr(DM_MSG_PREFIX, ti, 1); return 0; bad: + dm_audit_log_ctr(DM_MSG_PREFIX, ti, 0); dm_integrity_dtr(ti); return r; } @@ -4566,6 +4582,7 @@ static void dm_integrity_dtr(struct dm_target *ti) free_alg(&ic->journal_mac_alg); kfree(ic); + dm_audit_log_dtr(DM_MSG_PREFIX, ti, 1); } static struct target_type integrity_target = { From patchwork Sat Sep 4 09:59:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 12476585 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BCEEC4332F for ; Mon, 6 Sep 2021 08:14:54 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A15066103B for ; Mon, 6 Sep 2021 08:14:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A15066103B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aisec.fraunhofer.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-260-MrkN8OtnM_CYFHYzu8bh9Q-1; Mon, 06 Sep 2021 04:14:51 -0400 X-MC-Unique: MrkN8OtnM_CYFHYzu8bh9Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 932A0180FD91; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A2706A256; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 538D6180B44F; Mon, 6 Sep 2021 08:14:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 184A08Fn024049 for ; Sat, 4 Sep 2021 06:00:08 -0400 Received: by smtp.corp.redhat.com (Postfix) id E9C032167809; Sat, 4 Sep 2021 10:00:07 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E3B422167805 for ; Sat, 4 Sep 2021 10:00:05 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 36843866DF5 for ; Sat, 4 Sep 2021 10:00:05 +0000 (UTC) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-117-iSQcCx8XOeGGDS7gLVzyFA-1; Sat, 04 Sep 2021 06:00:03 -0400 X-MC-Unique: iSQcCx8XOeGGDS7gLVzyFA-1 Received: from weisslap.aisec.fraunhofer.de ([178.27.102.95]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MPrXf-1mYmI73emh-00MsL2; Sat, 04 Sep 2021 12:00:00 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Paul Moore , Casey Schaufler Date: Sat, 4 Sep 2021 11:59:30 +0200 Message-Id: <20210904095934.5033-4-michael.weiss@aisec.fraunhofer.de> In-Reply-To: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> References: <20210904095934.5033-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:m7H31RjTq/RWlxT0KJCzKnzsf7xGhGsSA9GOUbq9dzTVKL/B/7E jiH4G8fgCUfwOS9K75NuJ55TlCa9LC0plVPCbW1MrUVzDN6X94zAy6Lzu5Oq9/N4YSxFWyE WGCJPiibYXhNJZ1n5NlSWdjZ46F2jK/lBj3h+ijX+CdmeR4d1Y00s8aImbzta1eL1JxNatA 7rDkahC9w0SDGMCfK5Wjw== X-UI-Out-Filterresults: notjunk:1;V03:K0:ierr4Vfsyso=:EhRe4ISPaUlcG6i3McEf7O qngGcL7ENkdo2/WQ7yStDQDdzMMDQl34lGyu4YUbnrOSu53lnObo/SgijGvp5/zh0tI9PH9TE jJk/H10YFhOqyAiy2TcT2M8gqZtc5eYIo45eD4dHCQWIdt0bTKVu01+gTnmzKa4KfmVxfN+Xe SacYQ7OH9zr8+93UHOBk2eP82Lmw1ihvfdnxMDF/gBzp+ugt2SEAGHzW9nUbu7CTaWWYIXHIc OJyoZrpmdXJ7HaWwIyD6bRYMJmNJGh1Hpw1N5/x18yk/x+rSOAnd5rrKzRrSy4hnAaTAxAfsz b3TIew59B/K349tgeWrfts4VgbA/lKK5JsBXK3+Zgv/fA2NF/EMInAD5ozOxpl+9KbMb3lPqZ zTylnxWwmpFj3txgIP6VnduHOLjlpTtth2GrbT33RuEHAPJCbgQePTMdFxQDSyuau4/fmDEI7 t5FxMAOei85VlXWniT/kKwOev7cIF07tVH39u6tiqrYn8tGl9YWg3ZEXtUX1K1m+D5Z1t3NbL ZVdslYRirn2bcZnaC9wCKbV8+ON63p8NtnBSijtsw0lFWL5F8C59quFSRIw+czmPlGCacvW52 r/RjS6gwrhkYp1PFuSMm880r/wG8rFGJe9HKiFz+FG/uQWDElr7B4Z7oMZPsh02xcjdiBB5ek HAtxoiGx77qEuphxkHeSK/abudZmVjGunKe6V+yKsjBXwiVMttjD0PAhL0KU87JmEG62woU1S YFt91GbTHEcRUTNCUtlUC5V+JFm394orRBxe0Sq7598j7x0RexSsfqK/PIY= X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 06 Sep 2021 04:14:38 -0400 Cc: =?utf-8?q?Michael_Wei=C3=9F?= , Mike Snitzer , linux-kernel@vger.kernel.org, Eric Paris , linux-raid@vger.kernel.org, Song Liu , dm-devel@redhat.com, linux-audit@redhat.com, Alasdair Kergon Subject: [dm-devel] [PATCH v4 3/3] dm crypt: log aead integrity violations to audit subsystem X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Since dm-crypt target can be stacked on dm-integrity targets to provide authenticated encryption, integrity violations are recognized here during aead computation. We use the dm-audit submodule to signal those events to user space, too. The construction and destruction of crypt device mappings are also logged as audit events. Signed-off-by: Michael Weiß --- drivers/md/dm-crypt.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 50f4cbd600d5..5e02002345fa 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -41,6 +41,8 @@ #include +#include "dm-audit.h" + #define DM_MSG_PREFIX "crypt" /* @@ -1362,8 +1364,12 @@ static int crypt_convert_block_aead(struct crypt_config *cc, if (r == -EBADMSG) { char b[BDEVNAME_SIZE]; - DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", bio_devname(ctx->bio_in, b), - (unsigned long long)le64_to_cpu(*sector)); + sector_t s = le64_to_cpu(*sector); + + DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", + bio_devname(ctx->bio_in, b), s); + dm_audit_log_bio(DM_MSG_PREFIX, "integrity-aead", + ctx->bio_in, s, 0); } if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post) @@ -2173,8 +2179,12 @@ static void kcryptd_async_done(struct crypto_async_request *async_req, if (error == -EBADMSG) { char b[BDEVNAME_SIZE]; - DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", bio_devname(ctx->bio_in, b), - (unsigned long long)le64_to_cpu(*org_sector_of_dmreq(cc, dmreq))); + sector_t s = le64_to_cpu(*org_sector_of_dmreq(cc, dmreq)); + + DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", + bio_devname(ctx->bio_in, b), s); + dm_audit_log_bio(DM_MSG_PREFIX, "integrity-aead", + ctx->bio_in, s, 0); io->error = BLK_STS_PROTECTION; } else if (error < 0) io->error = BLK_STS_IOERR; @@ -2729,6 +2739,8 @@ static void crypt_dtr(struct dm_target *ti) dm_crypt_clients_n--; crypt_calculate_pages_per_client(); spin_unlock(&dm_crypt_clients_lock); + + dm_audit_log_dtr(DM_MSG_PREFIX, ti, 1); } static int crypt_ctr_ivmode(struct dm_target *ti, const char *ivmode) @@ -3357,9 +3369,11 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ti->num_flush_bios = 1; ti->limit_swap_bios = true; + dm_audit_log_ctr(DM_MSG_PREFIX, ti, 1); return 0; bad: + dm_audit_log_ctr(DM_MSG_PREFIX, ti, 0); crypt_dtr(ti); return ret; }