From patchwork Mon Jan 9 23:59:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13094542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04C72C678D7 for ; Tue, 10 Jan 2023 00:00:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237435AbjAJAAA (ORCPT ); Mon, 9 Jan 2023 19:00:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234501AbjAIX75 (ORCPT ); Mon, 9 Jan 2023 18:59:57 -0500 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3ECEF1D0FE; Mon, 9 Jan 2023 15:59:55 -0800 (PST) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=weissschuh.net; s=mail; t=1673308791; bh=1Wy0BHk7SYwdUBaE089VQhP0zqUnmzWkZKjn/dXjACA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bhYuK2oeJY8gviN3HbJr/bo8VBWAmueZts0nHUoGcq3wDBImKh7MFnh3mRZrmDLX+ 0SMkp+n5/sN1Ia632LjMZfE5fKkV/zMB4MfJ05wQy58ri0JC+j6xtYCUG+SJnjfQp3 7qN5m62yuq9QPbpr1ftpjnboqLplCnonAy03Js54= Date: Mon, 09 Jan 2023 23:59:41 +0000 Subject: [PATCH RESEND v6 1/3] certs: make blacklisted hash available in klog MIME-Version: 1.0 Message-Id: <20221212-keys-blacklist-v6-1-933267a80582@weissschuh.net> References: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> In-Reply-To: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> To: David Howells , David Woodhouse , Jarkko Sakkinen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Paul Menzel , Mark Pearson , =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12-dev-3dd91 X-Developer-Signature: v=1; a=ed25519-sha256; t=1673308789; l=1169; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=1Wy0BHk7SYwdUBaE089VQhP0zqUnmzWkZKjn/dXjACA=; b=c64cfXF9x4RM7Q5bWJbzQNo5OWkOwIZr0wI7+wka2HDRG/48d5yVSzS0LCG0cnzCPOFgUHMulrWd K0BaoTTODZ2RvzZDdadPLf0x0X4UvcdDZDrPF3LICVGlxG1Qv3Gg X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: One common situation triggering this log statement are duplicate hashes reported by the system firmware. These duplicates should be removed from the firmware. Without logging the blacklisted hash triggering the issue however the users can not report it properly to the firmware vendors and the firmware vendors can not easily see which specific hash is duplicated. While changing the log message also use the dedicated ERR_PTR format placeholder for the returned error value. Signed-off-by: Thomas Weißschuh Reviewed-by: Jarkko Sakkinen --- certs/blacklist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 41f10601cc72..6e260c4b6a19 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -192,7 +192,7 @@ static int mark_raw_hash_blacklisted(const char *hash) KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN); if (IS_ERR(key)) { - pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key)); + pr_err("Problem blacklisting hash %s: %pe\n", hash, key); return PTR_ERR(key); } return 0; From patchwork Mon Jan 9 23:59:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13094540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 974F6C5479D for ; Mon, 9 Jan 2023 23:59:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235137AbjAIX75 (ORCPT ); Mon, 9 Jan 2023 18:59:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233142AbjAIX74 (ORCPT ); Mon, 9 Jan 2023 18:59:56 -0500 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBBB417042; Mon, 9 Jan 2023 15:59:54 -0800 (PST) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=weissschuh.net; s=mail; t=1673308792; bh=tpnkczSX2FwWlmZTnCPhCbSJEIyoDbZvYiTjIxvF0jk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kN1d/2bOP/g/Sp+jL2FuaXmS542fD2wwbTdGM6v/CMAJspf/++H6sNafe0koB8rif XKO01Hh94u2KISkJKp2OKx7XkLGEfuog31tgdeydKGuj/UX9om0pjxiOHCUOxvdbdz mwQcQKs/AfcTEylR2GKr10C6IhgRBgIYrYciSJT4= Date: Mon, 09 Jan 2023 23:59:42 +0000 Subject: [PATCH RESEND v6 2/3] KEYS: Add new function key_create() MIME-Version: 1.0 Message-Id: <20221212-keys-blacklist-v6-2-933267a80582@weissschuh.net> References: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> In-Reply-To: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> To: David Howells , David Woodhouse , Jarkko Sakkinen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Paul Menzel , Mark Pearson , =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12-dev-3dd91 X-Developer-Signature: v=1; a=ed25519-sha256; t=1673308789; l=7489; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=tpnkczSX2FwWlmZTnCPhCbSJEIyoDbZvYiTjIxvF0jk=; b=B8UhbwBCWMsNObT0Eb5Ppp2q1hl9PRVWLVMjWU82TnY02qe0+hTRfSqanG3ePPjQjZOJ9TjsObEi x5dEVqgOCjLDOQ9r331JZLF9idgOsmN7hkVZ8URNosTdJJ+/YECh X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: key_create() works like key_create_or_update() but does not allow updating an existing key, instead returning ERR_PTR(-EEXIST). key_create() will be used by the blacklist keyring which should not create duplicate entries or update existing entries. Instead a dedicated message with appropriate severity will be logged. Signed-off-by: Thomas Weißschuh --- include/linux/key.h | 8 +++ security/keys/key.c | 137 ++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 108 insertions(+), 37 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index d27477faf00d..8dc7f7c3088b 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -386,6 +386,14 @@ extern int wait_for_key_construction(struct key *key, bool intr); extern int key_validate(const struct key *key); +extern key_ref_t key_create(key_ref_t keyring, + const char *type, + const char *description, + const void *payload, + size_t plen, + key_perm_t perm, + unsigned long flags); + extern key_ref_t key_create_or_update(key_ref_t keyring, const char *type, const char *description, diff --git a/security/keys/key.c b/security/keys/key.c index c45afdd1dfbb..5c0c7df833f8 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -788,38 +788,18 @@ static inline key_ref_t __key_update(key_ref_t key_ref, goto out; } -/** - * key_create_or_update - Update or create and instantiate a key. - * @keyring_ref: A pointer to the destination keyring with possession flag. - * @type: The type of key. - * @description: The searchable description for the key. - * @payload: The data to use to instantiate or update the key. - * @plen: The length of @payload. - * @perm: The permissions mask for a new key. - * @flags: The quota flags for a new key. - * - * Search the destination keyring for a key of the same description and if one - * is found, update it, otherwise create and instantiate a new one and create a - * link to it from that keyring. - * - * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be - * concocted. - * - * Returns a pointer to the new key if successful, -ENODEV if the key type - * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the - * caller isn't permitted to modify the keyring or the LSM did not permit - * creation of the key. - * - * On success, the possession flag from the keyring ref will be tacked on to - * the key ref before it is returned. +/* + * Create or potentially update a key. The combined logic behind + * key_create_or_update() and key_create() */ -key_ref_t key_create_or_update(key_ref_t keyring_ref, - const char *type, - const char *description, - const void *payload, - size_t plen, - key_perm_t perm, - unsigned long flags) +static key_ref_t __key_create_or_update(key_ref_t keyring_ref, + const char *type, + const char *description, + const void *payload, + size_t plen, + key_perm_t perm, + unsigned long flags, + bool allow_update) { struct keyring_index_key index_key = { .description = description, @@ -906,14 +886,23 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_link_end; } - /* if it's possible to update this type of key, search for an existing - * key of the same type and description in the destination keyring and - * update that instead if possible + /* if it's requested and possible to update this type of key, search + * for an existing key of the same type and description in the + * destination keyring and update that instead if possible */ - if (index_key.type->update) { + if (allow_update) { + if (index_key.type->update) { + key_ref = find_key_to_update(keyring_ref, &index_key); + if (key_ref) + goto found_matching_key; + } + } else { key_ref = find_key_to_update(keyring_ref, &index_key); - if (key_ref) - goto found_matching_key; + if (key_ref) { + key_ref_put(key_ref); + key_ref = ERR_PTR(-EEXIST); + goto error_link_end; + } } /* if the client doesn't provide, decide on the permissions we want */ @@ -985,8 +974,82 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_free_prep; } + +/** + * key_create_or_update - Update or create and instantiate a key. + * @keyring_ref: A pointer to the destination keyring with possession flag. + * @type: The type of key. + * @description: The searchable description for the key. + * @payload: The data to use to instantiate or update the key. + * @plen: The length of @payload. + * @perm: The permissions mask for a new key. + * @flags: The quota flags for a new key. + * + * Search the destination keyring for a key of the same description and if one + * is found, update it, otherwise create and instantiate a new one and create a + * link to it from that keyring. + * + * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be + * concocted. + * + * Returns a pointer to the new key if successful, -ENODEV if the key type + * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the + * caller isn't permitted to modify the keyring or the LSM did not permit + * creation of the key. + * + * On success, the possession flag from the keyring ref will be tacked on to + * the key ref before it is returned. + */ +key_ref_t key_create_or_update(key_ref_t keyring_ref, + const char *type, + const char *description, + const void *payload, + size_t plen, + key_perm_t perm, + unsigned long flags) +{ + return __key_create_or_update(keyring_ref, type, description, payload, + plen, perm, flags, true); +} EXPORT_SYMBOL(key_create_or_update); +/** + * key_create - Create and instantiate a key. + * @keyring_ref: A pointer to the destination keyring with possession flag. + * @type: The type of key. + * @description: The searchable description for the key. + * @payload: The data to use to instantiate or update the key. + * @plen: The length of @payload. + * @perm: The permissions mask for a new key. + * @flags: The quota flags for a new key. + * + * Create and instantiate a new key and link to it from the destination keyring. + * + * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be + * concocted. + * + * Returns a pointer to the new key if successful, -EEXIST if a key with the + * same description already exists, -ENODEV if the key type wasn't available, + * -ENOTDIR if the keyring wasn't a keyring, -EACCES if the caller isn't + * permitted to modify the keyring or the LSM did not permit creation of the + * key. + * + * On success, the possession flag from the keyring ref will be tacked on to + * the key ref before it is returned. + */ +key_ref_t key_create(key_ref_t keyring_ref, + const char *type, + const char *description, + const void *payload, + size_t plen, + key_perm_t perm, + unsigned long flags) +{ + return __key_create_or_update(keyring_ref, type, description, payload, + plen, perm, flags, false); +} +EXPORT_SYMBOL(key_create); + /** * key_update - Update a key's contents. * @key_ref: The pointer (plus possession flag) to the key. From patchwork Mon Jan 9 23:59:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13094541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30744C54EBE for ; Tue, 10 Jan 2023 00:00:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237300AbjAIX75 (ORCPT ); Mon, 9 Jan 2023 18:59:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234480AbjAIX75 (ORCPT ); Mon, 9 Jan 2023 18:59:57 -0500 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3EB3A1D0FC; Mon, 9 Jan 2023 15:59:55 -0800 (PST) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=weissschuh.net; s=mail; t=1673308792; bh=XbsyBGwFNX/+AhMDtn4NosVJq1CKEYv0BSyy10RgWi8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=JGTxi12A9Q1nheqVStkHBKWzMEVW5z1qpY2qLGO9WHdBjI1WjHsUXawmS/cqTUAJj sVTTiEumgxwmWhWQIVdoGJxINu79EBLWDNLPiq/IH60IS/KvD65sb7andhXJkQJ7ti SzJUtSQ5OZg4S7vRQ4RbExw+/jjLFYwA7qC/y6dg= Date: Mon, 09 Jan 2023 23:59:43 +0000 Subject: [PATCH RESEND v6 3/3] certs: don't try to update blacklist keys MIME-Version: 1.0 Message-Id: <20221212-keys-blacklist-v6-3-933267a80582@weissschuh.net> References: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> In-Reply-To: <20221212-keys-blacklist-v6-0-933267a80582@weissschuh.net> To: David Howells , David Woodhouse , Jarkko Sakkinen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Paul Menzel , Mark Pearson , =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12-dev-3dd91 X-Developer-Signature: v=1; a=ed25519-sha256; t=1673308789; l=1743; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=XbsyBGwFNX/+AhMDtn4NosVJq1CKEYv0BSyy10RgWi8=; b=m22y9R8oSOW93S3ubz+AnnJoxZ9hUwAVd6c+F34GIiRUf5++/uFiiniR7WAkiS2gpmI1wx9XxO77 HypSBqAlAj56LRUxNTvo5JiRklFZoOhzbOwoxmmJ3ckeThurk1TJ X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: When the same key is blacklisted repeatedly logging at pr_err() level is excessive as no functionality is impaired. When these duplicates are provided by buggy firmware there is nothing the user can do to fix the situation. Instead of spamming the bootlog with errors we use a warning that can still be seen by OEMs when testing their firmware. Link: https://lore.kernel.org/all/c8c65713-5cda-43ad-8018-20f2e32e4432@t-8ch.de/ Link: https://lore.kernel.org/all/20221104014704.3469-1-linux@weissschuh.net/ Signed-off-by: Thomas Weißschuh Tested-by: Paul Menzel Reviewed-by: Jarkko Sakkinen --- certs/blacklist.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 6e260c4b6a19..675dd7a8f07a 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -183,16 +183,19 @@ static int mark_raw_hash_blacklisted(const char *hash) { key_ref_t key; - key = key_create_or_update(make_key_ref(blacklist_keyring, true), - "blacklist", - hash, - NULL, - 0, - BLACKLIST_KEY_PERM, - KEY_ALLOC_NOT_IN_QUOTA | - KEY_ALLOC_BUILT_IN); + key = key_create(make_key_ref(blacklist_keyring, true), + "blacklist", + hash, + NULL, + 0, + BLACKLIST_KEY_PERM, + KEY_ALLOC_NOT_IN_QUOTA | + KEY_ALLOC_BUILT_IN); if (IS_ERR(key)) { - pr_err("Problem blacklisting hash %s: %pe\n", hash, key); + if (PTR_ERR(key) == -EEXIST) + pr_warn("Duplicate blacklisted hash %s\n", hash); + else + pr_err("Problem blacklisting hash %s: %pe\n", hash, key); return PTR_ERR(key); } return 0;