From patchwork Mon May 13 12:53:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10940859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A066F1398 for ; Mon, 13 May 2019 12:54:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 937C32766D for ; Mon, 13 May 2019 12:54:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 87B4827F60; Mon, 13 May 2019 12:54:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E346A2766D for ; Mon, 13 May 2019 12:54:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730039AbfEMMyh (ORCPT ); Mon, 13 May 2019 08:54:37 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:46273 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727462AbfEMMyg (ORCPT ); Mon, 13 May 2019 08:54:36 -0400 Received: by mail-lj1-f195.google.com with SMTP id h21so9081258ljk.13; Mon, 13 May 2019 05:54:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UzjKz/vW2dstXFpDFu7i07LcKQv51GH59FID2+twh4o=; b=d3QeS1y68Q5158M0RcnJlY55PLPtKDsCHYX2h+0lrGdGqaMlHJvi+Q4nwGfZYUu5iZ YgG4lpE9BXzz5LXmPYpCYLi1yVuCXBGj2Gd4Sk78tI6i9T90IQgBr6s4HdcDd+6/BPQ8 J/+bRcC5h6vtAiB0T2u+O/ZjWSW45Y0mTQvJI0kA4nYbg7m68HAUj1y6/qr7213tWeaI GRHfhpono6CD72Qb58TLCY5NqELT4G8a1DqV5wkbR+Vm40wFCcjpb+qRB8KD2Vv4P3gG i+Frk000VXQAWPSTHIVCZiOEPxpQrMgbLG5qBOczLLkDH3Vk2z8Cph6cYX7Ivqq+9wfF xrnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UzjKz/vW2dstXFpDFu7i07LcKQv51GH59FID2+twh4o=; b=EhgxGVGXCTnKRVOUI/bIC6qpjW7u+NLy9rROwQhmOdTRdhOpnnOowUyA0QkXQYnhmf 5QpvMwd4AZ3KHybixZzueuzs820EodaDrfRM9tZV9lcvTVgeqgANi2l3MUpqFRLQMkVy 2PASlWvpnl1BIdZK4dPlUqdtnRQpjgmd4IQ7/lZrh4zKaY0vqkdcgQbzqGaG4PV1XlPD QqFVdk9ynEBS4UAXwl0Zy9P5u9cTjWTfHbY5S4mMzrr27zBsr+mRopMmNsfbQD3r5upl AqCeR5aaCeqyajb/MPItcUpTVfK8XyPHgd25uYGZLuP62EA1cktjufLYOJpSIhOT0m2+ WQ6w== X-Gm-Message-State: APjAAAX6JwOM0JT6YAfyw9ZiQxSQTzIGCaudIOB3Qv+E+Rms3AKts3DF j0ZYOsb4uijWb16F+uH0CIe9GhZox94= X-Google-Smtp-Source: APXvYqzSIU9QtkOK7Xk7MUr0Asq8Hrzv0i79PvneROjR8LJc4+uBNOYawuxsZ10AgPGteOW4Q97SNw== X-Received: by 2002:a2e:121d:: with SMTP id t29mr5476290lje.29.1557752073701; Mon, 13 May 2019 05:54:33 -0700 (PDT) Received: from localhost.localdomain (mobile-user-2e84ba-11.dhcp.inet.fi. [46.132.186.11]) by smtp.gmail.com with ESMTPSA id t22sm3202924lje.58.2019.05.13.05.54.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 05:54:33 -0700 (PDT) From: Janne Karhunen To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, zohar@linux.ibm.com Cc: Janne Karhunen , Konsta Karsisto Subject: [PATCH 1/5] integrity: keep the integrity state of open files up to date Date: Mon, 13 May 2019 15:53:50 +0300 Message-Id: <20190513125354.23126-2-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190513125354.23126-1-janne.karhunen@gmail.com> References: <20190513125354.23126-1-janne.karhunen@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP When a file is open for writing, kernel crash or power outage is guaranteed to corrupt the inode integrity state leading to file appraisal failure on the subsequent boot. Add some basic infrastructure to keep the integrity measurements up to date as the files are written to. Core file operations (open, close, sync, msync, truncate) are now allowed to update the measurement immediately. In order to maintain sufficient write performance for writes, add a latency tunable delayed work workqueue for computing the re-measurements. Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto --- include/linux/ima.h | 12 +++ security/integrity/ima/Kconfig | 20 +++++ security/integrity/ima/ima_appraise.c | 6 +- security/integrity/ima/ima_main.c | 103 +++++++++++++++++++++++++- security/integrity/integrity.h | 6 ++ 5 files changed, 145 insertions(+), 2 deletions(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index dc12fbcf484c..c4e83f5c450a 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -20,6 +20,8 @@ extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct inode *inode); extern void ima_file_free(struct file *file); +extern void ima_file_update(struct file *file); +extern void ima_delayed_update(struct file *file); extern int ima_file_mmap(struct file *file, unsigned long prot); extern int ima_load_data(enum kernel_load_data_id id); extern int ima_read_file(struct file *file, enum kernel_read_file_id id); @@ -66,6 +68,16 @@ static inline void ima_file_free(struct file *file) return; } +static inline void ima_file_update(struct file *file) +{ + return; +} + +static inline void ima_delayed_update(struct file *file) +{ + return; +} + static inline int ima_file_mmap(struct file *file, unsigned long prot) { return 0; diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index a18f8c6d13b5..a2588d72cbc1 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -295,3 +295,23 @@ config IMA_APPRAISE_SIGNED_INIT default n help This option requires user-space init to be signed. + +config IMA_HASH_LATENCY + int + depends on IMA_APPRAISE + range 0 60000 + default 50 + help + This value defines the re-measurement interval when files are + being written. Value is in milliseconds. + +config IMA_HASH_LATENCY_CEILING + int + depends on IMA_APPRAISE + range 100 60000 + default 30000 + help + In order to maintain high write performance for large files, + IMA increases the re-measurement rate as the file size grows. + This value defines the ceiling for the re-measurement delay + in milliseconds. diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 5fb7127bbe68..9558ae0cc462 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -234,10 +234,14 @@ int ima_appraise_measurement(enum ima_hooks func, status = INTEGRITY_NOLABEL; if (file->f_mode & FMODE_CREATED) iint->flags |= IMA_NEW_FILE; + if ((iint->flags & IMA_NEW_FILE) && (!(iint->flags & IMA_DIGSIG_REQUIRED) || - (inode->i_size == 0))) + (inode->i_size == 0))) { + ima_fix_xattr(dentry, iint); + xattr_len = ima_read_xattr(dentry, &xattr_value); status = INTEGRITY_PASS; + } goto out; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 357edd140c09..67d41005cd22 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -16,7 +16,7 @@ * * File: ima_main.c * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_file_check. + * ima_delayed_update, ima_file_update and ima_file_check. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt @@ -30,6 +30,8 @@ #include #include #include +#include +#include #include #include "ima.h" @@ -40,8 +42,15 @@ int ima_appraise = IMA_APPRAISE_ENFORCE; int ima_appraise; #endif +#if CONFIG_IMA_HASH_LATENCY == 0 +#define IMA_LATENCY_INCREMENT 100 +#else +#define IMA_LATENCY_INCREMENT CONFIG_IMA_HASH_LATENCY +#endif + int ima_hash_algo = HASH_ALGO_SHA1; static int hash_setup_done; +static struct workqueue_struct *ima_update_wq; static int __init hash_setup(char *str) { @@ -127,6 +136,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, { fmode_t mode = file->f_mode; bool update; + bool creq; if (!(mode & FMODE_WRITE)) return; @@ -322,6 +332,17 @@ static int process_measurement(struct file *file, const struct cred *cred, return 0; } +static void ima_delayed_update_handler(struct work_struct *work) +{ + struct ima_work_entry *entry; + + entry = container_of(work, typeof(*entry), work.work); + + ima_file_update(entry->file); + fput(entry->file); + entry->file = NULL; +} + /** * ima_file_mmap - based on policy, collect/store measurement. * @file: pointer to the file to be measured (May be NULL) @@ -375,6 +396,78 @@ int ima_bprm_check(struct linux_binprm *bprm) MAY_EXEC, CREDS_CHECK); } +/** + * ima_delayed_update - add a file to delayed update list + * @file: pointer to file structure being updated + */ +void ima_delayed_update(struct file *file) +{ + struct inode *inode = file_inode(file); + struct integrity_iint_cache *iint; + unsigned long blocks; + unsigned long msecs; + bool creq; + + iint = integrity_iint_find(inode); + if (!iint) + return; + + if (iint->ima_work.file) + return; + + /* Slow down the samping rate per the file size */ + blocks = inode->i_size / SZ_1M + 1; + msecs = blocks * IMA_LATENCY_INCREMENT; + if (msecs > CONFIG_IMA_HASH_LATENCY_CEILING) + msecs = CONFIG_IMA_HASH_LATENCY_CEILING; + + get_file(file); + iint->ima_work.file = file; + INIT_DELAYED_WORK(&iint->ima_work.work, ima_delayed_update_handler); + + creq = queue_delayed_work(ima_update_wq, + &iint->ima_work.work, + msecs_to_jiffies(msecs)); + if (creq == false) { + iint->ima_work.file = NULL; + fput(file); + } +} +EXPORT_SYMBOL_GPL(ima_delayed_update); + +/** + * ima_file_update - update the file measurement + * @file: pointer to file structure being updated + */ +void ima_file_update(struct file *file) +{ + struct inode *inode = file_inode(file); + struct integrity_iint_cache *iint; + bool should_measure = true; + u64 i_version; + + if (!ima_policy_flag || !S_ISREG(inode->i_mode)) + return; + + iint = integrity_iint_find(inode); + if (!iint) + return; + + mutex_lock(&iint->mutex); + clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); + if (IS_I_VERSION(inode)) { + i_version = inode_query_iversion(inode); + if (i_version == iint->version) + should_measure = false; + } + if (should_measure) { + iint->flags &= ~IMA_COLLECTED; + ima_update_xattr(iint, file); + } + mutex_unlock(&iint->mutex); +} +EXPORT_SYMBOL_GPL(ima_file_update); + /** * ima_path_check - based on policy, collect/store measurement. * @file: pointer to the file to be measured @@ -580,6 +673,12 @@ static int __init init_ima(void) { int error; + ima_update_wq = alloc_workqueue("ima-update-wq", + WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, + 0); + if (!ima_update_wq) + return -ENOMEM; + ima_init_template_list(); hash_setup(CONFIG_IMA_DEFAULT_HASH); error = ima_init(); @@ -595,6 +694,8 @@ static int __init init_ima(void) if (!error) ima_update_policy_flag(); + else + destroy_workqueue(ima_update_wq); return error; } diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 7de59f44cba3..860c7a475a24 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -113,6 +113,11 @@ struct signature_v2_hdr { uint8_t sig[0]; /* signature payload */ } __packed; +struct ima_work_entry { + struct delayed_work work; + struct file *file; +}; + /* integrity data associated with an inode */ struct integrity_iint_cache { struct rb_node rb_node; /* rooted in integrity_iint_tree */ @@ -129,6 +134,7 @@ struct integrity_iint_cache { enum integrity_status ima_creds_status:4; enum integrity_status evm_status:4; struct ima_digest_data *ima_hash; + struct ima_work_entry ima_work; }; /* rbtree tree calls to lookup, insert, delete From patchwork Mon May 13 12:53:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10940855 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DD4E31398 for ; Mon, 13 May 2019 12:54:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D202C2766D for ; Mon, 13 May 2019 12:54:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C699027F60; Mon, 13 May 2019 12:54:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8857327F82 for ; Mon, 13 May 2019 12:54:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730037AbfEMMyh (ORCPT ); Mon, 13 May 2019 08:54:37 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:45678 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730009AbfEMMyg (ORCPT ); Mon, 13 May 2019 08:54:36 -0400 Received: by mail-lf1-f66.google.com with SMTP id n22so8935347lfe.12; Mon, 13 May 2019 05:54:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=LjPAYO25HnG81opjamBBgEbx9PUeCpkb7T1gwi9hG6g=; b=jAXX4HRirUwXmIVh3LlnRNtm4pIeOVVWBXb6ZQQm4YK6pckouVme1WoqH5vTD/ePqT yss83cEb22XXu2BesfkOh4mXarqfi/25Tp5grKdZ/PGOi9s7V/vESTmWfFItR8m6tPoR KlxRA19J4cgOxCrepI3MLMOTrIUYbYyr38QAUOlBV3oCFxfaBPmSjICTYi6Gjqq3Q/2T 7QiKmRiuyVvXzqz6ONN4heFOczQ3LTrnYHpcpv1QQgga0emjH0VChzayctCqvk1vEm1P gjF7Q+jMpOlo68meZl3n5KNj0uDI7CxTiQdNpif3ngpn+5BhFe+4YfPLuFRd6c9N/+2N 8tDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LjPAYO25HnG81opjamBBgEbx9PUeCpkb7T1gwi9hG6g=; b=PYIm0lthcrBglRijgYNp30Aczkc0sdwm0NJWYQi9FMsQ48sN0McEzdw3BenkeDliD3 vOBaVnHB6BFkuIkhjdsbiFscMylaTne60VSQqewvKhvBcy02E9UKj5o89dUi4WjmlsrR TWZ4VMRgBM6aav3UNQj12ok+lxuRRyN+qsA4SdJ2mj/d8SrJjZjXlHfD16lc60nIFDji A9m16MbDDizmvxOW2iPLCeFfOM9l9FbtpQPZieJMSSX7RBEPw4tGuJCA/Vuh2ZrIXPE/ Ww3VVLRhdhwxApWnls3DgtLWl6nuj9XTMEHVRgT5NVVlVa+0PsHllle26rk6a7BEwalb Y2qQ== X-Gm-Message-State: APjAAAX9fmyIkFx0Ud5+JjYqnqmvosrSaPpBSmwQXB/i6nQjGXg7FbYe a6elhQsYD3x2weAbHSVDCjHMHi+li9c= X-Google-Smtp-Source: APXvYqyHN8sFommx6hIklyDSBzX2LyTRZXRP3Ug6RKD/z+h4Vs8O0FWOnds29AEWU+9iy+hm+ozYuA== X-Received: by 2002:ac2:4357:: with SMTP id o23mr14356615lfl.146.1557752074707; Mon, 13 May 2019 05:54:34 -0700 (PDT) Received: from localhost.localdomain (mobile-user-2e84ba-11.dhcp.inet.fi. [46.132.186.11]) by smtp.gmail.com with ESMTPSA id t22sm3202924lje.58.2019.05.13.05.54.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 05:54:34 -0700 (PDT) From: Janne Karhunen To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, zohar@linux.ibm.com Cc: Janne Karhunen , Konsta Karsisto Subject: [PATCH 2/5] integrity: update the file measurement on truncate Date: Mon, 13 May 2019 15:53:51 +0300 Message-Id: <20190513125354.23126-3-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190513125354.23126-1-janne.karhunen@gmail.com> References: <20190513125354.23126-1-janne.karhunen@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Let IMA know when a file is being opened with truncate or truncated directly. Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")' Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto --- fs/namei.c | 5 ++++- fs/open.c | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index dede0147b3f6..31303063143b 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3418,8 +3418,11 @@ static int do_last(struct nameidata *nd, goto out; opened: error = ima_file_check(file, op->acc_mode); - if (!error && will_truncate) + if (!error && will_truncate) { error = handle_truncate(file); + if (!error) + ima_file_update(file); + } out: if (unlikely(error > 0)) { WARN_ON(1); diff --git a/fs/open.c b/fs/open.c index 0285ce7dbd51..a2771b787383 100644 --- a/fs/open.c +++ b/fs/open.c @@ -62,6 +62,9 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, /* Note any delegations or leases have already been broken: */ ret = notify_change(dentry, &newattrs, NULL); inode_unlock(dentry->d_inode); + + if (filp) + ima_file_update(filp); return ret; } From patchwork Mon May 13 12:53:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10940863 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A00261390 for ; Mon, 13 May 2019 12:54:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9436527F60 for ; Mon, 13 May 2019 12:54:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8891A27F82; Mon, 13 May 2019 12:54:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F44627853 for ; Mon, 13 May 2019 12:54:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730040AbfEMMyi (ORCPT ); Mon, 13 May 2019 08:54:38 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:42426 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730034AbfEMMyi (ORCPT ); Mon, 13 May 2019 08:54:38 -0400 Received: by mail-lf1-f68.google.com with SMTP id w23so8956919lfc.9; Mon, 13 May 2019 05:54:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=YDGj9rVkvE8XZld5lFXG+QIkeDeoJDurNDlY5dYrCpo=; b=XE04hlQkBchBUXgcGRWR4Jw6UPX9mcLpmQGKBKbZg8hioEveJttbj6pIDs5U43zi4f MnIG+a1pWRqCQHD93XoA0aXixI/0+g3ExLqNQt9orbk/pnyLnn9IDmsT1FdrNDVVtjm4 3BSc0ouTluJwoihs10/h4PC5oWS7LcPsnazpgs6T16A4keFqk5ciw0P7AhYQUcMjmxIA fubKyAkGp2w54elwmf/8HYycLlWIe5vichCHGDLgYe3x39fIhfIcDFhyxXcnnY9Vhs87 tLcXmARbjkdvyPmML3lJp54lZkQvdMLhapTpOXuzPoRNLOqF/Mf/12/BCqgUd+Sp9urF 135g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=YDGj9rVkvE8XZld5lFXG+QIkeDeoJDurNDlY5dYrCpo=; b=ZHL7O30hNhUFz73OmANpoFoqdicotyil4qHYzQbPrO/cKe1nrYrIGRUouyc4aW3U/o 9pbUkvTCSFAQa4+DRFr3Iq7TG9R7ciMB1jN5j7tT5iUgksDZ7kfraq4FlfuIYO6Wu1ln 6ISqhY8tZ5oZAoLd0NKFwPFIfC10MHqg2NN2TwukUzBTqEQ0gkC4Y4xUzDKImfAbPB4f OoUh3DY0NaYCicgzexkbpFjoBqRIUnsvGzLkpJSvyT5RuXdZFCfrdNfPNSMWjctPktYo 149V+ZpuHIjpYwL7gskQkEJwO/bZ/5iYcet3H/KcTTkYtARt2YyxuoYIhj+8sce28bHK FSMg== X-Gm-Message-State: APjAAAVPhlLjUs0UvUwMOHk9vGnQQD77A7hgcUQrtDKiZdnFgCGhZCr2 6/NjbCHLbHv9+KAX2nMS9z+QPB7Z1r8= X-Google-Smtp-Source: APXvYqzDO3AdUUpn1HJ9XHgficGSyDLCnABfId/VCfp8rMP+P4CjdKQj8qmGU1J0hA6BzHMdvS3Q8Q== X-Received: by 2002:ac2:528f:: with SMTP id q15mr12733938lfm.37.1557752075897; Mon, 13 May 2019 05:54:35 -0700 (PDT) Received: from localhost.localdomain (mobile-user-2e84ba-11.dhcp.inet.fi. [46.132.186.11]) by smtp.gmail.com with ESMTPSA id t22sm3202924lje.58.2019.05.13.05.54.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 05:54:35 -0700 (PDT) From: Janne Karhunen To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, zohar@linux.ibm.com Cc: Janne Karhunen , Konsta Karsisto Subject: [PATCH 3/5] integrity: update the file measurement on write Date: Mon, 13 May 2019 15:53:52 +0300 Message-Id: <20190513125354.23126-4-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190513125354.23126-1-janne.karhunen@gmail.com> References: <20190513125354.23126-1-janne.karhunen@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP When a file is being written, mark the file for IMA for delayed re-measurement. Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")' Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto --- fs/read_write.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 177ccc3d405a..bfe10d6dc135 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "internal.h" #include @@ -481,12 +482,18 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t static ssize_t __vfs_write(struct file *file, const char __user *p, size_t count, loff_t *pos) { + ssize_t sz; + if (file->f_op->write) - return file->f_op->write(file, p, count, pos); + sz = file->f_op->write(file, p, count, pos); else if (file->f_op->write_iter) - return new_sync_write(file, p, count, pos); + sz = new_sync_write(file, p, count, pos); else return -EINVAL; + + if (sz >= 1) + ima_delayed_update(file); + return sz; } ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) From patchwork Mon May 13 12:53:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10940867 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E3D9376 for ; Mon, 13 May 2019 12:54:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D71BE2766D for ; Mon, 13 May 2019 12:54:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CB66327F60; Mon, 13 May 2019 12:54:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8DC8227853 for ; Mon, 13 May 2019 12:54:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730042AbfEMMyk (ORCPT ); Mon, 13 May 2019 08:54:40 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:39247 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727462AbfEMMyj (ORCPT ); Mon, 13 May 2019 08:54:39 -0400 Received: by mail-lj1-f194.google.com with SMTP id a10so2867325ljf.6; Mon, 13 May 2019 05:54:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=/OasKaK8trru7E4rpuopnZXhAHikdiab0mVyv+wSaEY=; b=MuFITepIez4h6wo9/OA/es6WJGylkwB7T+8DCT+6yIsyj0DBFE18e4mDsnYc/rl3Du /fB7Y6/cyfE8iEkHuogqGapXqCyhEEFSY69FBG96e8mlnCSOK6Ix08wNfplumkH/T2yG sBPxnajy8tKiEzLDPiTLwkUe+Do0xtrk8f6VtcbkHaysMGmhc89by4Irw2/6YUHhukfe +qxi7IBqzViMVJ1stGGdYTChStX1W2fjAzBlys8NoT00a88cmGGf6iduJVJSgt9FZckx 9ROs+1XDYK1QSweiMFxW35OFzmrWQ8uQWd3yp6tT9e9OnzZn4KLUqW4FhdK+KsRXtIRa f0cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=/OasKaK8trru7E4rpuopnZXhAHikdiab0mVyv+wSaEY=; b=FvY7kejrtJAjsKCXcsjH59/mqUJ8v/yJZk31RSW6APBU7rVz76P2nprW+2OboB61VV vxq8q+CQHFiK7k7uJB2B8eCYH9OsS7ttFoW+cvLu4KqJArIQvTUqC/hmx0dsXlC5oTkL FSwvZ6VuP7pimkMihWV2o/uifBPNaJ8toTBKd29w3EWq2Yw28zZvatKJxE9/WxlgE/2U ChRelj9yFW37E1Vw3eGO3rYq/RXhlMHkpdngLfOeW7+bnsUklNnez5NwOPKvWEgeYIqE FLLdQg9ImI2G8spBoE8MjVAcnuFeubT+6I68z3KbxgfR7UDahNMt2Ft58e15CsjgO6B/ 9wsw== X-Gm-Message-State: APjAAAUxTH41gfyg4SuEPzQqZ5im2G99/Phtl6iWlKuI5Ssc5vPNn1LQ 3ba7oVEMGTB2JmLNFP8KkpI3C1VIZ30= X-Google-Smtp-Source: APXvYqzmI6bu/aF+fXadcpT0jAcGTq2LMmg5wvMVjVSBAwnNrGyynelsuFwRzlWy8KnJm71or44haA== X-Received: by 2002:a2e:80d5:: with SMTP id r21mr1793058ljg.43.1557752077035; Mon, 13 May 2019 05:54:37 -0700 (PDT) Received: from localhost.localdomain (mobile-user-2e84ba-11.dhcp.inet.fi. [46.132.186.11]) by smtp.gmail.com with ESMTPSA id t22sm3202924lje.58.2019.05.13.05.54.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 05:54:36 -0700 (PDT) From: Janne Karhunen To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, zohar@linux.ibm.com Cc: Janne Karhunen , Konsta Karsisto Subject: [PATCH 4/5] integrity: measure the file on sync Date: Mon, 13 May 2019 15:53:53 +0300 Message-Id: <20190513125354.23126-5-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190513125354.23126-1-janne.karhunen@gmail.com> References: <20190513125354.23126-1-janne.karhunen@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP When user requests a file sync, make sure that the IMA measurement reflects the state of the data being sync'd. Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")' Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto --- fs/sync.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/sync.c b/fs/sync.c index b54e0541ad89..90353f9ed931 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "internal.h" #define VALID_FLAGS (SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE| \ @@ -194,6 +195,8 @@ int vfs_fsync_range(struct file *file, loff_t start, loff_t end, int datasync) return -EINVAL; if (!datasync && (inode->i_state & I_DIRTY_TIME)) mark_inode_dirty_sync(inode); + ima_file_update(file); + return file->f_op->fsync(file, start, end, datasync); } EXPORT_SYMBOL(vfs_fsync_range); From patchwork Mon May 13 12:53:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janne Karhunen X-Patchwork-Id: 10940871 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E22E31398 for ; Mon, 13 May 2019 12:54:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D61A42766D for ; Mon, 13 May 2019 12:54:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CA64527853; Mon, 13 May 2019 12:54:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B16027F60 for ; Mon, 13 May 2019 12:54:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730044AbfEMMyk (ORCPT ); Mon, 13 May 2019 08:54:40 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:33471 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730034AbfEMMyk (ORCPT ); Mon, 13 May 2019 08:54:40 -0400 Received: by mail-lf1-f67.google.com with SMTP id x132so8990026lfd.0; Mon, 13 May 2019 05:54:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bpMSvjltOUBlj6ILO+9LtMa6iMJna4vA44ohQNnfYy8=; b=OAdORtiP1OrPa74FypH7T44CXyJViT7H0BqwCh/WMEmFoRSlGIQf8mmxpk/+e37Wmx WTmR1+YMmaYBXlq8gX1wMghaZMvw6vORA3QFGX6MYca+HvW6UVY82WOgy4HzAvjtuUtE Mc4dp5fA+EFeZfkXpasbq1PVp9fi5oZaTs4rSSB9FuXE5aRhx99dE/VSRWxsajb+wwh2 w21XPH0ghgioje+uounfFB4fb8SzJVJGmWzaDXY0b/EDMA1uz9NNJEljLHud8vCM7wYE /TnNjcCmHssxCybLEETPvW1WqYyV7R4jsnDHTTO92VnO0DJhbCzhj2gwk2+1LPn6X8lt OH9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bpMSvjltOUBlj6ILO+9LtMa6iMJna4vA44ohQNnfYy8=; b=sgMMUwvgCCGtYB31Y+9I4EAKvCymiSHQCVgJgcZ35Zz42Xdfc/TD7AIWb5RClBh4G0 Ty2GFbK+Yub7KV76DnX6zdyDKK9D9sFy5ytUBB4nlmV2u06lP9dcYhAPJVW3VVy0Bnlm 0gKRBNrNnve7JNdNf1L09u0hL7mbGkSvKf0Ase2SyCW4R/hoH1s9IHyTvQeatJMRfVzA bbZfPZrsJKI9rmu+pKMbkndgqzFywKHomRL3rrraq28guaUHlCw1lWrt5Z3vIwabhXVQ 2CbeGwDS7L4pRSlq3bOsUdRUe5joRdaREHm7A2c9s6fKOSSGADcmTnEAWex60JPWtTtH cK6A== X-Gm-Message-State: APjAAAULxn49pZkAK41ghWKmlKmh6D0RL3vdQ4RStTObMF2sDD0O7S5h ruYHJ7+ACR+VjVGUUM1YsWx8Qe2bue8= X-Google-Smtp-Source: APXvYqxaU93pAwRo1pF2T0rPh0blRlPymNqN4eGeRs0hM0thtRyzyqHsfvpx9Qhpgumdf00bzHJ1kQ== X-Received: by 2002:a19:ca0e:: with SMTP id a14mr13347671lfg.3.1557752078166; Mon, 13 May 2019 05:54:38 -0700 (PDT) Received: from localhost.localdomain (mobile-user-2e84ba-11.dhcp.inet.fi. [46.132.186.11]) by smtp.gmail.com with ESMTPSA id t22sm3202924lje.58.2019.05.13.05.54.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 05:54:37 -0700 (PDT) From: Janne Karhunen To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, zohar@linux.ibm.com Cc: Janne Karhunen , Konsta Karsisto Subject: [PATCH 5/5] integrity: measure the file on msync Date: Mon, 13 May 2019 15:53:54 +0300 Message-Id: <20190513125354.23126-6-janne.karhunen@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190513125354.23126-1-janne.karhunen@gmail.com> References: <20190513125354.23126-1-janne.karhunen@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP When user requests a file msync, make sure that the IMA measurement reflects the state of the data being sync'd. Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")' Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto --- mm/msync.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/mm/msync.c b/mm/msync.c index ef30a429623a..5a256e08b49d 100644 --- a/mm/msync.c +++ b/mm/msync.c @@ -14,6 +14,7 @@ #include #include #include +#include /* * MS_SYNC syncs the entire file - including mappings. @@ -88,12 +89,18 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags) get_file(file); up_read(&mm->mmap_sem); error = vfs_fsync_range(file, fstart, fend, 1); + if (!error) + ima_file_update(file); + fput(file); if (error || start >= end) goto out; down_read(&mm->mmap_sem); vma = find_vma(mm, start); } else { + if (file) + ima_delayed_update(file); + if (start >= end) { error = 0; goto out_unlock;