From patchwork Wed Feb  7 15:45:12 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dongsu Park <dongsu@kinvolk.io>
X-Patchwork-Id: 10205425
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	29F926020F for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  7 Feb 2018 15:44:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1BF6B28765
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  7 Feb 2018 15:44:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1076B28EEC; Wed,  7 Feb 2018 15:44:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE40D28765
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  7 Feb 2018 15:44:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754543AbeBGPoj (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Wed, 7 Feb 2018 10:44:39 -0500
Received: from mail-wm0-f66.google.com ([74.125.82.66]:35136 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754535AbeBGPnx (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 7 Feb 2018 10:43:53 -0500
Received: by mail-wm0-f66.google.com with SMTP id r78so4197233wme.0
	for <linux-fsdevel@vger.kernel.org>;
	Wed, 07 Feb 2018 07:43:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:in-reply-to:references;
	bh=Gp2MmCecFmFsZS68lBb6q0++JAf3fsEHOhdcC9vtAQ8=;
	b=O2nvkTAiKIj/s/7pX8rITpojItl5WhHqdlfgNeSZgsxFPqy+XUqewUjnd2BdqlsMUs
	N7RXx9mifwlf9ANAZRQz2ZkUB2xt0T76K9JngdyX1GgBgBC+w3hOjNwfoGff23PAbtM9
	JI00PbU3KpKoPqFle8yF4F9p454w2i8EBITiE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:in-reply-to:references;
	bh=Gp2MmCecFmFsZS68lBb6q0++JAf3fsEHOhdcC9vtAQ8=;
	b=kC/QebR6uxaWL2w3mwCv35NmGErmIYEdz1ZlabmCuSbj11/tnFZtNRPKavnbm5o6HY
	ocAM0kVAqyK/OXr3SPTaSSriratDOw5Zag7x0drxNl6iZptzWHZA/6HQrgTI/IJ8OhKD
	vfgdqBcQx/ur/oCmoHsX1Iaq2xb4GGT4GYecI9qUUKsEjDaw3mRy3udgwJtojsa5NaKU
	XGvfiQwOfrwPGaumGa+rE8ThwWR7MLXh1RyIU4BS2MpAfT9E5fhEELWYYo0sK9l3Obtt
	HY1ajfD6bz88Wv9nBWrysrytSOJN+z2nWHTrUgkRh91tklhdy3qdq4re7s1fef9AKfVe
	kpvQ==
X-Gm-Message-State: APf1xPD+HlEEMr3P07FxDMvdErULpXlQPuz9G5X4uViq5zgN6eom/gsW
	NcXtJU9b3Q80khKeTPWw9/S+wg==
X-Google-Smtp-Source: 
 AH8x226UpBjFiv0bQZ/0uIy7hiuDq8M0LDCbaGzSAyVyr1h2ds9HlQGt1Ej31QuDPRLQ0GZwIsdxag==
X-Received: by 10.80.177.178 with SMTP id m47mr8921776edd.45.1518018232284;
	Wed, 07 Feb 2018 07:43:52 -0800 (PST)
Received: from dberlin.localdomain ([178.19.216.175])
	by smtp.gmail.com with ESMTPSA id
	6sm1185594edl.87.2018.02.07.07.43.51
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 07 Feb 2018 07:43:51 -0800 (PST)
From: Dongsu Park <dongsu@kinvolk.io>
To: linux-kernel@vger.kernel.org
Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, Alexander Viro <viro@zeniv.linux.org.uk>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	James Morris <jmorris@namei.org>, Christoph Hellwig <hch@infradead.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	Seth Forshee <seth.forshee@canonical.com>,
	Alban Crequy <alban@kinvolk.io>, Dongsu Park <dongsu@kinvolk.io>
Subject: [RFC PATCH v5 1/2] ima: force re-appraisal on filesystems with
	FS_IMA_NO_CACHE
Date: Wed,  7 Feb 2018 16:45:12 +0100
Message-Id: 
 <9b3794980f61bdb5d5f92fe0ae620491be857a8a.1517999503.git.dongsu@kinvolk.io>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <cover.1517999503.git.dongsu@kinvolk.io>
References: <cover.1517999503.git.dongsu@kinvolk.io>
In-Reply-To: <cover.1517999503.git.dongsu@kinvolk.io>
References: <cover.1517999503.git.dongsu@kinvolk.io>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Alban Crequy <alban@kinvolk.io>

This patch forces files to be re-measured, re-appraised and re-audited
on file systems with the feature flag FS_IMA_NO_CACHE. In that way,
cached integrity results won't be used.

Cc: linux-kernel@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: James Morris <jmorris@namei.org>
Cc: Christoph Hellwig <hch@infradead.org>
Acked-by: "Serge E. Hallyn" <serge@hallyn.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Tested-by: Dongsu Park <dongsu@kinvolk.io>
Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
---
 include/linux/fs.h                |  1 +
 security/integrity/ima/ima_main.c | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 511fbaab..ced841ba 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2075,6 +2075,7 @@ struct file_system_type {
 #define FS_BINARY_MOUNTDATA	2
 #define FS_HAS_SUBTYPE		4
 #define FS_USERNS_MOUNT		8	/* Can be mounted by userns root */
+#define FS_IMA_NO_CACHE		16	/* Force IMA to re-measure, re-appraise, re-audit files */
 #define FS_RENAME_DOES_D_MOVE	32768	/* FS will handle d_move() during rename() internally. */
 	struct dentry *(*mount) (struct file_system_type *, int,
 		       const char *, void *);
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 6d78cb26..83edbad8 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -24,6 +24,7 @@
 #include <linux/slab.h>
 #include <linux/xattr.h>
 #include <linux/ima.h>
+#include <linux/fs.h>
 
 #include "ima.h"
 
@@ -228,9 +229,19 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
 				 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
 				 IMA_ACTION_FLAGS);
 
-	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags))
-		/* reset all flags if ima_inode_setxattr was called */
+	/*
+	 * Reset the measure, appraise and audit cached flags either if:
+	 * - ima_inode_setxattr was called, or
+	 * - based on filesystem feature flag
+	 * forcing the file to be re-evaluated.
+	 */
+	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags)) {
 		iint->flags &= ~IMA_DONE_MASK;
+	} else if (inode->i_sb->s_type->fs_flags & FS_IMA_NO_CACHE) {
+		iint->flags &= ~IMA_DONE_MASK;
+		if (action & IMA_MEASURE)
+			iint->measured_pcrs = 0;
+	}
 
 	/* Determine if already appraised/measured based on bitmask
 	 * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED,