Received: by 10.223.176.5 with SMTP id f5csp800595wra; Wed, 7 Feb 2018 07:46:00 -0800 (PST) X-Google-Smtp-Source: AH8x225/tuCEW9NAaTfgeY6DzytqYawSnv001Csr0/3901ByeACoAS0cADduD7MK0hvbcR//sPdB X-Received: by 2002:a17:902:40e:: with SMTP id 14-v6mr6372653ple.64.1518018359934; Wed, 07 Feb 2018 07:45:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518018359; cv=none; d=google.com; s=arc-20160816; b=JVMvXAiFj8lZW9LbEAOByH/oJifUcOkeRHcrHpTHDvLJF7+ysl8nIv02SnF9QsSb2c byZlWk5l+NsPqcPmNFUMQn3smwaMm99TIS75fGz2VBeJ0GgvvzlDEO3GQplpqJNkBd1x SyvmQMQwGQky/pk1TtuPKA3EeMec3RlyjzHbmgbc7//sP9B9NVr2s1DuCmAj6QyoFihX Rqg0e6hVcH+oZTZMQH+Egb/ydNFgcGkVvtIfS9rk/RqyMGRrmKCswq69J6O0ZV+6forv nXnTS3Qwi8VmO4/ztZGvEuSMpRZD9if7UadRDVfSiAtqIS78qAn4m0SZZfUL7mJVBMl0 yXIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=Gp2MmCecFmFsZS68lBb6q0++JAf3fsEHOhdcC9vtAQ8=; b=p8l4fZHI7Pc+00WILGcVfHyzmScSuT+DyGER1h+aCkihoS+v4UbH5M65C2YsHYYSM5 /LesuccxZN1RLA/ONA6a+d52GwkiIk4j6m6s81I5OaESLog4HZbg+z7QyEdFOcPtf9Pz PwqodvWoAfjh8XYC1n8lPW7WcJadP7RjFotYh1VgDWWL8O9Loj80KUt2tuum6I/hLVxw aCb9XvM0rzD6tzCcKY7tz+Pwm4oO8YtcGZcgthwprFjocUKNP10s0Xb05quj/J0GqCPI g3fzpgDDwxPsfdp8o5GhMSpEhw7rCOchFgsrwvHXQYK1O+hiX0inrKOI5DuJvbws0dbG ZWYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=O2nvkTAi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c23si1267844pfc.323.2018.02.07.07.45.46; Wed, 07 Feb 2018 07:45:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=O2nvkTAi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754538AbeBGPoj (ORCPT + 99 others); Wed, 7 Feb 2018 10:44:39 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:40522 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754546AbeBGPnx (ORCPT ); Wed, 7 Feb 2018 10:43:53 -0500 Received: by mail-wm0-f66.google.com with SMTP id v123so4170086wmd.5 for ; Wed, 07 Feb 2018 07:43:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=Gp2MmCecFmFsZS68lBb6q0++JAf3fsEHOhdcC9vtAQ8=; b=O2nvkTAiKIj/s/7pX8rITpojItl5WhHqdlfgNeSZgsxFPqy+XUqewUjnd2BdqlsMUs N7RXx9mifwlf9ANAZRQz2ZkUB2xt0T76K9JngdyX1GgBgBC+w3hOjNwfoGff23PAbtM9 JI00PbU3KpKoPqFle8yF4F9p454w2i8EBITiE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=Gp2MmCecFmFsZS68lBb6q0++JAf3fsEHOhdcC9vtAQ8=; b=EwV8vClWnwi3naGWeemdwLuXQur8VvQP/r1tGk1CoaTmNGk+Pip/O0YckiE8PaYdk8 htuwKUYDkhsWoz9ZoAqgVk8PUzfjXU8gRuQ1XryyA/BW/aV8tkza8MgP6XRE/8K46+QV koX7oMUQPBlj/xMCeZ8LHLP5crjzVOM1s9F4IGt+FR01uxwk9ONwAVsidJxzj0nshgZx rD/1o7M55l9y6EUmMQ2souZI5lJNI0Nq8pb9Xi1YPOrFsKqTF/JFZSb8qRcHZ/+4/9V2 IxZj7eVjKuB15ytq5UlL/bEfJfTT/En7QudmYiSAg114WgIAwdbWY+OFXY/SELlOgo6t jeTQ== X-Gm-Message-State: APf1xPCA/UUQQryBouNcLO6oV7MOxOUZPm8O7pTI3xOoc2frZ1RlBv+S oMXcOdcf05YDNmm/wucfCw9CsYlfgvE= X-Received: by 10.80.177.178 with SMTP id m47mr8921776edd.45.1518018232284; Wed, 07 Feb 2018 07:43:52 -0800 (PST) Received: from dberlin.localdomain ([178.19.216.175]) by smtp.gmail.com with ESMTPSA id 6sm1185594edl.87.2018.02.07.07.43.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 07 Feb 2018 07:43:51 -0800 (PST) From: Dongsu Park To: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alexander Viro , Mimi Zohar , Dmitry Kasatkin , James Morris , Christoph Hellwig , Miklos Szeredi , "Serge E . Hallyn" , Seth Forshee , Alban Crequy , Dongsu Park Subject: [RFC PATCH v5 1/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE Date: Wed, 7 Feb 2018 16:45:12 +0100 Message-Id: <9b3794980f61bdb5d5f92fe0ae620491be857a8a.1517999503.git.dongsu@kinvolk.io> X-Mailer: git-send-email 2.13.6 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alban Crequy This patch forces files to be re-measured, re-appraised and re-audited on file systems with the feature flag FS_IMA_NO_CACHE. In that way, cached integrity results won't be used. Cc: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: Alexander Viro Cc: Miklos Szeredi Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: Christoph Hellwig Acked-by: "Serge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy Signed-off-by: Dongsu Park --- include/linux/fs.h | 1 + security/integrity/ima/ima_main.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 511fbaab..ced841ba 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2075,6 +2075,7 @@ struct file_system_type { #define FS_BINARY_MOUNTDATA 2 #define FS_HAS_SUBTYPE 4 #define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */ +#define FS_IMA_NO_CACHE 16 /* Force IMA to re-measure, re-appraise, re-audit files */ #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ struct dentry *(*mount) (struct file_system_type *, int, const char *, void *); diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6d78cb26..83edbad8 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "ima.h" @@ -228,9 +229,19 @@ static int process_measurement(struct file *file, char *buf, loff_t size, IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | IMA_ACTION_FLAGS); - if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags)) - /* reset all flags if ima_inode_setxattr was called */ + /* + * Reset the measure, appraise and audit cached flags either if: + * - ima_inode_setxattr was called, or + * - based on filesystem feature flag + * forcing the file to be re-evaluated. + */ + if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags)) { iint->flags &= ~IMA_DONE_MASK; + } else if (inode->i_sb->s_type->fs_flags & FS_IMA_NO_CACHE) { + iint->flags &= ~IMA_DONE_MASK; + if (action & IMA_MEASURE) + iint->measured_pcrs = 0; + } /* Determine if already appraised/measured based on bitmask * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED, -- 2.13.6