From patchwork Fri Aug 28 20:26:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 11745751 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C5D5618 for ; Mon, 31 Aug 2020 07:57:11 +0000 (UTC) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CC71E2073A for ; Mon, 31 Aug 2020 07:57:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CC71E2073A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-devel-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-560-AXAlVj6nP7ia2FBxgURjYQ-1; Mon, 31 Aug 2020 03:57:05 -0400 X-MC-Unique: AXAlVj6nP7ia2FBxgURjYQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 00D9610059A4; Mon, 31 Aug 2020 07:57:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 87D5260C04; Mon, 31 Aug 2020 07:57:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CBA3285CD; Mon, 31 Aug 2020 07:56:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07SKRJlC008898 for ; Fri, 28 Aug 2020 16:27:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id DB2B81140FC; Fri, 28 Aug 2020 20:27:18 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D5EDF114100 for ; Fri, 28 Aug 2020 20:27:16 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A3503800260 for ; Fri, 28 Aug 2020 20:27:16 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-522-1qg93cxeMMijKeXQHnxUXQ-1; Fri, 28 Aug 2020 16:27:14 -0400 X-MC-Unique: 1qg93cxeMMijKeXQHnxUXQ-1 Received: from tusharsu-Ubuntu.lan (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id E857820B7179; Fri, 28 Aug 2020 13:27:11 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E857820B7179 From: Tushar Sugandhi To: zohar@linux.ibm.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com Date: Fri, 28 Aug 2020 13:26:59 -0700 Message-Id: <20200828202700.23086-2-tusharsu@linux.microsoft.com> In-Reply-To: <20200828202700.23086-1-tusharsu@linux.microsoft.com> References: <20200828202700.23086-1-tusharsu@linux.microsoft.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false; X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 31 Aug 2020 03:56:57 -0400 Cc: sashal@kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, nramas@linux.microsoft.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, linux-integrity@vger.kernel.org Subject: [dm-devel] [PATCH v3 1/2] dm-devel: collect target data and submit to IMA to measure X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com For the device-mapper targets to take advantage of IMA's measuring and quoting abilities, and for enabling remote attestation for device-mapper targets, device-mapper needs to provide the functionality to consistently measure target data using ima_measure_critical_data() function provided by IMA. A generic set of functions at device-mapper layer would enable the measurement structure to be uniform across targets, and avoid code duplication. It will also make on-boarding easier and faster for targets that want to use IMA infrastructure for measurements, quoting, and remote attestation. The uniform measurement structure across targets would also help the remote attestation services to consistently process, across targets, the measurement to be attested. Implement a set of functions at device-mapper layer to manage the data coming from various device-mapper targets to be measured by IMA. Provide the functionality for various tasks - initialize the necessary data structures, add the data to the list of key-value pairs to be be measured, reset the list if needed (e.g. in error/retry cases), and finally pass it on to device-mapper layer, to be measured by IMA. Ensure the functionality is generic and implemented at device-mapper layer, so that any device-mapper target can use it to measure its data through IMA. Also make sure the functionality is non-intrusive/best effort for the targets using it. The errors in managing the list to be measured, and the actual errors in the measurement should not disrupt the core functionality of the targets. Protect the list of key value pairs to be measured for a given target, by putting it under critical sections - so that multi-threaded targets can safely use the list to append the data from different threads, for measurements and quoting. Compute the last measurement's hash and store it internally, so that unnecessary duplicate data is not sent to IMA for measurement. Divide the functionality into 5 main functions: (1) dm_ima_init_measurements(): Use it to initialize device-mapper target's IMA measurement list. It should abstract the necessary data initialization from the device-mapper target apps. (2) dm_ima_append_measurement_list(): Use it to append the key-value pair to the existing list of key-value pairs to measure. (3) dm_ima_finalize_and_measure(): Use it to measure the key-value pair list for a given target, and finally release the resources held by the list for that specific target. Note that the data given by the target for a given device would be sent to IMA subsystem for measurement only if it has changed since the last time it was measured. (4) dm_ima_reset_measurement_list(): Use it to reset device-mapper target's ima measurement list, by releasing the resources held by the list. Use it if the measurements list need to be reset after dm_ima_init_measurements() and before calling dm_ima_finalize_and_measure(). This can be needed in scenarios like recovering from error paths and retrying measurements and quoting again. (5) dm_ima_exit_measurements(): Use it during the destruction of the target - to release the resources held for measurement. This is useful to protect the kernel from possible resource leaks when the target adds data for measurements using dm_ima_append_measurement_list(), but gets destroyed before calling dm_ima_finalize_and_measure(). Signed-off-by: Tushar Sugandhi --- drivers/md/Makefile | 1 + drivers/md/dm-ima.c | 298 ++++++++++++++++++++++++++++++++++ include/linux/device-mapper.h | 60 +++++++ 3 files changed, 359 insertions(+) create mode 100644 drivers/md/dm-ima.c diff --git a/drivers/md/Makefile b/drivers/md/Makefile index 6d3e234dc46a..0dc50181aaf2 100644 --- a/drivers/md/Makefile +++ b/drivers/md/Makefile @@ -77,6 +77,7 @@ obj-$(CONFIG_DM_LOG_WRITES) += dm-log-writes.o obj-$(CONFIG_DM_INTEGRITY) += dm-integrity.o obj-$(CONFIG_DM_ZONED) += dm-zoned.o obj-$(CONFIG_DM_WRITECACHE) += dm-writecache.o +obj-$(CONFIG_IMA) += dm-ima.o ifeq ($(CONFIG_DM_INIT),y) dm-mod-objs += dm-init.o diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c new file mode 100644 index 000000000000..2651e5c88395 --- /dev/null +++ b/drivers/md/dm-ima.c @@ -0,0 +1,298 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2020 Microsoft Corporation + * + * Author: Tushar Sugandhi + * + * File: dm-ima.c + * Enables IMA measurements for DM targets + */ + +#include "dm-core.h" + +#include +#include +#include +#include +#include + +#define DM_MSG_PREFIX "ima" + +static int dm_compute_buffer_hash(void *buf, + size_t buf_len, + void **buf_hash, + int *buf_hash_len) +{ + struct crypto_shash *tfm; + struct shash_desc *desc = NULL; + void *digest = NULL; + int desc_size; + int digest_size; + int ret = 0; + + tfm = crypto_alloc_shash("sha256", 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); + + digest = kmalloc(digest_size, GFP_KERNEL); + if (!digest) { + ret = -ENOMEM; + goto error; + } + + desc = kzalloc(desc_size, GFP_KERNEL); + if (!desc) { + ret = -ENOMEM; + goto error; + } + + desc->tfm = tfm; + + ret = crypto_shash_digest(desc, buf, buf_len, digest); + if (ret < 0) + goto error; + + *buf_hash_len = digest_size; + *buf_hash = digest; + digest = NULL; + +error: + kfree(desc); + kfree(digest); + + crypto_free_shash(tfm); + + return ret; +} + +static void dm_release_ima_measurements(struct list_head + *ima_kv_list) +{ + struct ima_keyval *cur_keyval, *tmp_keyval; + + list_for_each_entry_safe(cur_keyval, + tmp_keyval, + ima_kv_list, + kv_list) { + + list_del(&cur_keyval->kv_list); + kzfree(cur_keyval->key); + kzfree(cur_keyval->val); + kfree(cur_keyval); + } +} + +void dm_ima_init_measurements(struct target_type *tt) +{ + INIT_LIST_HEAD(&tt->ima_kv_list); + mutex_init(&tt->ima_lock); + tt->ima_last_buf_hash = NULL; + tt->ima_last_buf_hash_len = 0; +} +EXPORT_SYMBOL(dm_ima_init_measurements); + +void dm_ima_reset_measurement_list(struct target_type *tt) +{ + LIST_HEAD(temp_list); + + if (!tt) { + DMERR("invalid argument, target_type"); + return; + } + + mutex_lock(&tt->ima_lock); + list_cut_before(&temp_list, &tt->ima_kv_list, &tt->ima_kv_list); + mutex_unlock(&tt->ima_lock); + + dm_release_ima_measurements(&temp_list); +} +EXPORT_SYMBOL(dm_ima_reset_measurement_list); + +void dm_ima_append_measurement_list(struct target_type *tt, + const char *key, + const void *val, + unsigned int val_len) +{ + struct ima_keyval *cur_keyval = NULL; + int r = 0; + + if (!tt || !key || !val || val_len == 0) { + r = -EINVAL; + goto error; + } + + cur_keyval = kzalloc(sizeof(*cur_keyval), GFP_KERNEL); + if (!cur_keyval) { + r = -ENOMEM; + goto error; + } + + cur_keyval->key = kstrdup(key, GFP_KERNEL); + if (!cur_keyval->key) { + r = -ENOMEM; + goto error; + } + + cur_keyval->val_len = val_len; + cur_keyval->val = kmemdup(val, val_len, GFP_KERNEL); + if (!cur_keyval->val) { + r = -ENOMEM; + goto error; + } + + INIT_LIST_HEAD(&cur_keyval->kv_list); + + mutex_lock(&tt->ima_lock); + list_add(&cur_keyval->kv_list, &tt->ima_kv_list); + mutex_unlock(&tt->ima_lock); + + return; + +error: + if (cur_keyval) { + kzfree(cur_keyval->key); + kzfree(cur_keyval->val); + } + kfree(cur_keyval); + + DMERR("failed to append IMA measurement list %d", r); +} +EXPORT_SYMBOL(dm_ima_append_measurement_list); + +void dm_ima_finalize_and_measure(struct target_type *tt, + const char *buf_desc, + bool measure_buf_hash) +{ + char *evt_name = NULL, *evt_src = NULL, *equ = "=", *sep = ";"; + void *buf = NULL, *buf_hash = NULL, *last_buf_hash = NULL; + struct ima_keyval *cur_keyval = NULL, *tmp_keyval = NULL; + int cursor = 0, buf_len = 0, cur_keyname_len = 0; + int l_sep = strlen(sep), l_equ = strlen(equ); + int r = 0, hr = 0, mr = 0; + int buf_hash_len = 0; + struct timespec64 ts; + LIST_HEAD(temp_list); + + + if (!tt) { + r = -EINVAL; + goto out; + } + + mutex_lock(&tt->ima_lock); + if (!list_empty(&tt->ima_kv_list)) + list_cut_before(&temp_list, + &tt->ima_kv_list, + &tt->ima_kv_list); + else + r = -EINVAL; + + last_buf_hash = tt->ima_last_buf_hash; + tt->ima_last_buf_hash = NULL; + tt->ima_last_buf_hash_len = 0; + mutex_unlock(&tt->ima_lock); + + if (r) + goto out; + + list_for_each_entry_safe(cur_keyval, + tmp_keyval, + &temp_list, + kv_list) + buf_len += strlen(cur_keyval->key) + l_equ + + cur_keyval->val_len + l_sep; + + if (!buf_len) { + r = -EINVAL; + goto out; + } + + buf = kzalloc(buf_len, GFP_KERNEL); + if (!buf) { + r = -ENOMEM; + goto out; + } + + list_for_each_entry_safe(cur_keyval, + tmp_keyval, + &temp_list, + kv_list) { + cur_keyname_len = strlen(cur_keyval->key); + memcpy(buf+cursor, cur_keyval->key, cur_keyname_len); + cursor += cur_keyname_len; + memcpy(buf+cursor, equ, l_equ); + cursor += l_equ; + memcpy(buf+cursor, cur_keyval->val, cur_keyval->val_len); + cursor += cur_keyval->val_len; + memcpy(buf+cursor, sep, l_sep); + cursor += l_sep; + } + + hr = dm_compute_buffer_hash(buf, buf_len, &buf_hash, &buf_hash_len); + + if (!hr && buf_hash && last_buf_hash) + mr = memcmp(buf_hash, last_buf_hash, buf_hash_len); + + if (hr || mr || !last_buf_hash) { + ktime_get_real_ts64(&ts); + + evt_src = kasprintf(GFP_KERNEL, "dm-%s", tt->name); + if (!evt_src) { + r = -ENOMEM; + goto out; + } + + evt_name = kasprintf(GFP_KERNEL, "%lld:%09ld:%s%s%s", + ts.tv_sec, + ts.tv_nsec, + evt_src, + buf_desc ? ":" : "", + buf_desc ? buf_desc : ""); + + if (!evt_name) { + r = -ENOMEM; + goto out; + } + + ima_measure_critical_data((const char *)evt_name, + (const char *)evt_src, + (const void *)buf, + buf_len, + measure_buf_hash); + + kzfree(last_buf_hash); + + mutex_lock(&tt->ima_lock); + tt->ima_last_buf_hash = buf_hash; + tt->ima_last_buf_hash_len = buf_hash_len; + mutex_unlock(&tt->ima_lock); + + buf_hash = NULL; + } + + dm_release_ima_measurements(&temp_list); +out: + if (r) + DMERR("failed to measure DM target data through IMA %d", r); + + kfree(evt_src); + kzfree(evt_name); + kzfree(buf); + kzfree(buf_hash); +} +EXPORT_SYMBOL(dm_ima_finalize_and_measure); + +void dm_ima_exit_measurements(struct target_type *tt) +{ + dm_ima_reset_measurement_list(tt); + kzfree(tt->ima_last_buf_hash); + mutex_destroy(&tt->ima_lock); +} +EXPORT_SYMBOL(dm_ima_exit_measurements); + +MODULE_AUTHOR("Tushar Sugandhi "); +MODULE_DESCRIPTION("Enables IMA measurements for DM targets"); +MODULE_LICENSE("GPL"); diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index 93096e524e43..0568ba619723 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -164,6 +164,18 @@ int dm_get_device(struct dm_target *ti, const char *path, fmode_t mode, struct dm_dev **result); void dm_put_device(struct dm_target *ti, struct dm_dev *d); +/* + * Information about IMA measurement data entry + */ +#ifdef CONFIG_IMA +struct ima_keyval { + char *key; + void *val; + unsigned int val_len; + struct list_head kv_list; +}; +#endif + /* * Information about a target type */ @@ -199,6 +211,13 @@ struct target_type { dm_dax_copy_iter_fn dax_copy_to_iter; dm_dax_zero_page_range_fn dax_zero_page_range; +#ifdef CONFIG_IMA + /* For ima measurements*/ + struct list_head ima_kv_list; + void *ima_last_buf_hash; + int ima_last_buf_hash_len; + struct mutex ima_lock; +#endif /* For internal device-mapper use. */ struct list_head list; }; @@ -533,6 +552,47 @@ struct dm_table *dm_swap_table(struct mapped_device *md, */ void *dm_vcalloc(unsigned long nmemb, unsigned long elem_size); +/*----------------------------------------------------------------- + * Functions for ima measurements. + *----------------------------------------------------------------- + */ +#ifdef CONFIG_IMA +void dm_ima_init_measurements(struct target_type *tt); + +/* + * Reset device mapper target's ima measurement list. + * If the measurements list need to be reset after dm_ima_init_measurements() + * and before calling dm_ima_finalize_and_measure(), this function should + * be called. This can be needed in scenarios like recovering from error + * paths and retrying measurements again. + */ +void dm_ima_reset_measurement_list(struct target_type *tt); + +void dm_ima_append_measurement_list(struct target_type *tt, + const char *key, + const void *val, + unsigned int val_length); + +void dm_ima_finalize_and_measure(struct target_type *tt, + const char *buf_desc, + bool measure_buf_hash); + +void dm_ima_exit_measurements(struct target_type *tt); +#else +static inline void dm_ima_init_measurements(struct target_type *tt) {} + +static inline void dm_ima_reset_measurement_list(struct target_type *tt) {} + +static inline void dm_ima_append_measurement_list(struct target_type *tt, + const char *key, + const void *val, + unsigned int val_length) {} + +static inline void dm_ima_finalize_and_measure(struct target_type *tt, + const char *buf_desc, + bool measure_buf_hash) {} +static inline void dm_ima_exit_measurements(struct target_type *tt) {} +#endif /* CONFIG_IMA */ /*----------------------------------------------------------------- * Macros. *---------------------------------------------------------------*/ From patchwork Fri Aug 28 20:27:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tushar Sugandhi X-Patchwork-Id: 11745749 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C125618 for ; Mon, 31 Aug 2020 07:57:09 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C5A022073A for ; Mon, 31 Aug 2020 07:57:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C5A022073A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-devel-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-560-1UNF65q_MA2Kblh-5RVSpA-1; Mon, 31 Aug 2020 03:57:05 -0400 X-MC-Unique: 1UNF65q_MA2Kblh-5RVSpA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 01F3C189E62C; Mon, 31 Aug 2020 07:57:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4A5F15D9D3; Mon, 31 Aug 2020 07:57:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D45EB7A31B; Mon, 31 Aug 2020 07:56:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07SKRIss008890 for ; Fri, 28 Aug 2020 16:27:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6DFAD2024508; Fri, 28 Aug 2020 20:27:18 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 69643200A7DC for ; Fri, 28 Aug 2020 20:27:16 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 17C6A102F1E0 for ; Fri, 28 Aug 2020 20:27:16 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-459-0aw4zTLeMpi8kIRsBmBMLQ-1; Fri, 28 Aug 2020 16:27:13 -0400 X-MC-Unique: 0aw4zTLeMpi8kIRsBmBMLQ-1 Received: from tusharsu-Ubuntu.lan (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id 65DB32056D2B; Fri, 28 Aug 2020 13:27:12 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 65DB32056D2B From: Tushar Sugandhi To: zohar@linux.ibm.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com Date: Fri, 28 Aug 2020 13:27:00 -0700 Message-Id: <20200828202700.23086-3-tusharsu@linux.microsoft.com> In-Reply-To: <20200828202700.23086-1-tusharsu@linux.microsoft.com> References: <20200828202700.23086-1-tusharsu@linux.microsoft.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false; X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 31 Aug 2020 03:56:57 -0400 Cc: sashal@kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, nramas@linux.microsoft.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, linux-integrity@vger.kernel.org Subject: [dm-devel] [PATCH v3 2/2] dm-crypt: collect data and submit to DM to measure X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0.003 X-Mimecast-Originator: redhat.com Currently, dm-crypt does not take advantage of IMA measuring capabilities, and ultimately the benefits of remote attestation. Measure various dm-crypt constructs by calling various device-mapper functions - dm_ima_*() that use IMA measuring capabilities. Implement ima_measure_dm_crypt_data() to measure various dm-crypt constructs. Ensure that ima_measure_dm_crypt_data() is non intrusive, i.e. failures in this function and the call-stack below should not affect the core functionality of dm-crypt. Register dm-crypt as supported data source for IMA measurement in ima.h. A demonstrative usage of above functionality on a system: If the IMA policy contains the following rule: measure func=CRITICAL_DATA critical_kernel_data_sources=dm-crypt template=ima-buf and, the following commands are used to setup a crypt target: #key="faf453b4ee938cff2f0d2c869a0b743f59125c0a37f5bcd8f1dbbd911a78abaa" #arg="'0 1953125 crypt aes-xts-plain64 " #arg="$arg $key 0 " #arg="$arg /dev/loop0 0 1 allow_discards'" #tgt_name="test-crypt" #cmd="dmsetup create $tgt_name --table $arg" #eval $cmd then, the IMA log at /sys/kernel/security/integrity/ima/ascii_runtime_measurements should contain the dm-crypt measurements. And, the following IMA log entry should be added in the IMA log, ima-buf sha1:039d8ff71918608d585adca3e5aab2e3f41f84d6 1598637500:520585536:dm-crypt:add_target 74695f6e756d5f646973636172645f62696f733d313b7065725f62696f5f646 174615f73697a653d3834383b646d7265715f73746172743d3136383b74666d 735f636f756e743d313b6f6e5f6469736b5f7461675f73697a653d303b696e7 46567726974795f69765f73697a653d303b696e746567726974795f7461675f 73697a653d303b69765f73697a653d31363b69765f6f66667365743d303b736 563746f725f73686966743d303b736563746f725f73697a653d3531323b666c 6167733d323b6369706865725f666c6167733d303b73746172743d303b6b657 95f6d61635f73697a653d303b6b65795f65787472615f73697a653d303b6b65 795f70617274733d313b6b65795f73697a653d33323b6369706865725f73747 2696e673d6165732d7874732d706c61696e36343b6465766963655f6e616d65 3d3235333a303b where, the ascii representation of the above data is: ti_num_discard_bios=1;per_bio_data_size=848;dmreq_start=168; tfms_count=1;on_disk_tag_size=0;integrity_iv_size=0; integrity_tag_size=0;iv_size=16;iv_offset=0;sector_shift=0; sector_size=512;flags=2;cipher_flags=0;start=0;key_mac_size=0; key_extra_size=0;key_parts=1;key_size=32; cipher_string=aes-xts-plain64;device_name=253:0; Some of the above values can be verified using: #dmsetup table --showkeys where, the output of the command should be similar to: test-crypt: 0 1953125 crypt aes-xts-plain64 faf453b4ee938cff2f0d2c869a0b743f59125c0a37f5bcd8f1dbbd911a78abaa 0 7:0 0 1 allow_discards Signed-off-by: Tushar Sugandhi --- drivers/md/dm-crypt.c | 171 +++++++++++++++++++++++++++++++++ security/integrity/ima/Kconfig | 3 +- security/integrity/ima/ima.h | 1 + 3 files changed, 173 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 148960721254..47fb2ce15211 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2529,6 +2529,8 @@ static void crypt_dtr(struct dm_target *ti) ti->private = NULL; + dm_ima_exit_measurements(ti->type); + if (!cc) return; @@ -2991,6 +2993,167 @@ static int crypt_report_zones(struct dm_target *ti, #endif +#ifdef CONFIG_IMA +/* + * append integer values to dm-crypt specific data + * to be measured through IMA + */ +static int ima_append_num_values(struct dm_target *ti, + const char *key, + long long num_val) +{ + char *num_str = NULL; + int length = 0; + int r = 0; + + if (!ti || !key) { + r = -EINVAL; + goto error; + } + + length = snprintf(NULL, 0, "%lld", num_val); + num_str = kzalloc(length + 1, GFP_KERNEL); + if (!num_str) { + r = -ENOMEM; + goto error; + } + snprintf(num_str, length + 1, "%lld", num_val); + dm_ima_append_measurement_list(ti->type, + key, + (const void *)num_str, + length); + kzfree(num_str); + return r; +error: + DMERR("appending num values to IMA measurement list failed %d", r); + return r; +} +/* + * Measure dm-crypt specific data through IMA. + * It appends all the needed data to the list as a key-val pair using + * dm_ima_append_measurement_list() and internal ima_append_num_values(), + * and finally measures the list using dm_ima_finalize_and_measure(). + */ +static void ima_measure_dm_crypt_data(struct dm_target *ti, const char *desc) +{ + int r = 0; + struct crypt_config *cc = NULL; + const char *devname = dm_table_device_name(ti->table); + + if (!ti) { + r = -EINVAL; + goto out; + } + + cc = ti->private; + + if (devname) { + dm_ima_append_measurement_list(ti->type, + "device_name", + (const void *)devname, + strlen(devname)); + } + + if (cc->cipher_string) { + dm_ima_append_measurement_list(ti->type, + "cipher_string", + (const void *)cc->cipher_string, + strlen(cc->cipher_string)); + } + + if (cc->cipher_auth) { + dm_ima_append_measurement_list(ti->type, + "cipher_auth", + (const void *)cc->cipher_auth, + strlen(cc->cipher_auth)); + } + + r = ima_append_num_values(ti, "key_size", cc->key_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "key_parts", cc->key_parts); + if (r) + goto out; + + r = ima_append_num_values(ti, "key_extra_size", cc->key_extra_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "key_mac_size", cc->key_mac_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "start", cc->start); + if (r) + goto out; + + r = ima_append_num_values(ti, "cipher_flags", cc->cipher_flags); + if (r) + goto out; + + r = ima_append_num_values(ti, "flags", cc->flags); + if (r) + goto out; + + r = ima_append_num_values(ti, "sector_size", cc->sector_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "sector_shift", cc->sector_shift); + if (r) + goto out; + + r = ima_append_num_values(ti, "iv_offset", cc->iv_offset); + if (r) + goto out; + + r = ima_append_num_values(ti, "iv_size", cc->iv_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "integrity_tag_size", cc->integrity_tag_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "integrity_iv_size", cc->integrity_iv_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "on_disk_tag_size", cc->on_disk_tag_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "tfms_count", cc->tfms_count); + if (r) + goto out; + + r = ima_append_num_values(ti, "dmreq_start", cc->dmreq_start); + if (r) + goto out; + + r = ima_append_num_values(ti, "per_bio_data_size", cc->per_bio_data_size); + if (r) + goto out; + + r = ima_append_num_values(ti, "ti_num_discard_bios", + ti->num_discard_bios); + if (r) + goto out; + + dm_ima_finalize_and_measure(ti->type, desc, false); + return; + +out: + DMERR("IMA measurement of dm-crypt data failed %d", r); + +} +#else +static inline void ima_measure_dm_crypt_data(struct dm_target *ti, + const char *desc) {} +#endif /* CONFIG_IMA */ + + /* * Construct an encryption mapping: * [|:::] @@ -3186,6 +3349,10 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ti->num_flush_bios = 1; + dm_ima_init_measurements(ti->type); + + ima_measure_dm_crypt_data(ti, "add_target"); + return 0; bad: @@ -3324,6 +3491,8 @@ static void crypt_postsuspend(struct dm_target *ti) struct crypt_config *cc = ti->private; set_bit(DM_CRYPT_SUSPENDED, &cc->flags); + + ima_measure_dm_crypt_data(ti, "post_suspend"); } static int crypt_preresume(struct dm_target *ti) @@ -3343,6 +3512,8 @@ static void crypt_resume(struct dm_target *ti) struct crypt_config *cc = ti->private; clear_bit(DM_CRYPT_SUSPENDED, &cc->flags); + + ima_measure_dm_crypt_data(ti, "resume"); } /* Message interface diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 953314d145bb..ad643cc5aad4 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -324,8 +324,7 @@ config IMA_MEASURE_ASYMMETRIC_KEYS config IMA_QUEUE_EARLY_BOOT_DATA bool - depends on IMA_MEASURE_ASYMMETRIC_KEYS - depends on SYSTEM_TRUSTED_KEYRING + depends on (IMA_MEASURE_ASYMMETRIC_KEYS && SYSTEM_TRUSTED_KEYRING) || DM_CRYPT default y config IMA_SECURE_AND_OR_TRUSTED_BOOT diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 422fe833037d..bc922aa2ff92 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -230,6 +230,7 @@ struct modsig; #define __ima_supported_kernel_data_sources(source) \ source(MIN_SOURCE, min_source) \ + source(DM_CRYPT, dm-crypt) \ source(MAX_SOURCE, max_source) #define __ima_enum_stringify(ENUM, str) (#str),