Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp113506imm; Mon, 2 Jul 2018 08:32:33 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK6HtoSgflKN8jBOcd2Zx5uq25dHNsDvK9/B0wRFTUvmvgBlZaQ0HhF7VLgbC1zsyBuZsCu X-Received: by 2002:a17:902:925:: with SMTP id 34-v6mr26575352plm.103.1530545553459; Mon, 02 Jul 2018 08:32:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530545553; cv=none; d=google.com; s=arc-20160816; b=aK45YXGWpJrbQRFXKYwn3rSmDLTcDKE+Mu1emdHq1709SI1DMOHDO7/xCAuu9qSDyz c1D3NBNjBzE0R7etwSb7/DLjdCy9qpGgb8r1K9hSyGtUKWYnIhaCyKAPmcgXY/CciVeB ddQcvt8Sc6afpuaDKnXO28FHulZfNyyfpXqDcMFQISTT4qzHRxDxYzVcfcpsPBiLx+3x kiqK445gaXspexK/XvAoPSDLKbPmn8Pa/EC3UcdXReW2nVxbu2FE1S814eMLHcFkrPl3 dunCzskIdRGpz0pDzO8si37VS9NNEc1DX9FwUGqz9k30o6S/bBCJa3MDGzruMFnz3pUK nyPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=CD4KI0jPM07KgYF3rLl2mWnRZNB6RQOW9e3jPGthpjU=; b=gS6IcdSk8FWnMUdPY9G6UdORkvpgAm6gsktHoF2lDF42yO+7feYAF9+WYCJdFRlNdU 8m8HDKTBLscU9PMw7F4Hawa7xkGuVqiO7f/O2tIi0/YxP101RBdCZORYxRBkTyAhk7R2 C1NQD9e4pPtqytxwy65VqiXR7Gf7/e+BvoAxWSwg1ntja4G6+6f5S8wtmowzFtVThFd/ R1hEEEki5z+w6ArjA/ZBBRHfPEmogesyzn1MJFa1SQwQNeiBXAmPmzDEJszJfPqims62 wiVaZQ2uvTjwNLzscB+NJ2TEg/tv4G3kzWuI7VjYANFgGQSqIOdZNt29Gx90At33ygJ1 V/CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Yqh1zbdT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a23-v6si15745779plm.305.2018.07.02.08.31.49; Mon, 02 Jul 2018 08:32:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Yqh1zbdT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752227AbeGBPaM (ORCPT + 99 others); Mon, 2 Jul 2018 11:30:12 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:34785 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752055AbeGBPaK (ORCPT ); Mon, 2 Jul 2018 11:30:10 -0400 Received: by mail-io0-f195.google.com with SMTP id l7-v6so1121115ioj.1 for ; Mon, 02 Jul 2018 08:30:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CD4KI0jPM07KgYF3rLl2mWnRZNB6RQOW9e3jPGthpjU=; b=Yqh1zbdTBk8D8NlBrmZkAQEtcDUabKzDwZQWkN/qAjxtgKHgPOX9UdTsX1ZRU5skvV iiZ9bgYBZvKH4gAM/BrfCywvhYZOqPQFcplwAAimHJJUno/EiX2jjcgTQnDmdIUxOkap NwylHT0qYQQOv7cFUVw4+KdjT0kjHiZTmwfkg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CD4KI0jPM07KgYF3rLl2mWnRZNB6RQOW9e3jPGthpjU=; b=tvpiO2QOTf+WWD4XQKNkFDYOXmm4uL1GV0cb6tgH8LFt/jwqG2wdTavnkpBn3TF3IO zRFzewWAG6kgK8sfdK+IZlOC9waCVBtFJLF6DCogeZ2gPre/FVX37HhBaAcRL9B885fx KLdq+QUj/viUsuGqV/V0Zbw38udBz9gLgDXbDsDnhUwBvZwGOyCRVQX0OHLl370iH8G7 Ykzd5+3+2J4C4t93PckXQWGy/+rB8DuW+0LIXITpO0WZYFh+cUgvA+QSfEone0aBxwbI Lt8FkCvGMlqJKzp/l6aacCGiNioDNgpkY1BTH+y9+QDHFWxMkkp2D6C7ew6o3FS8bOV1 qG/g== X-Gm-Message-State: APt69E35wpDe+nvRcWtzvm0FaAUtNF4rhNnQTu2aC+SiiElr2kMxhi9t cq1hxKfatpeJL74m6w+FXF6Zfk1rm55tbM7laRQI4g== X-Received: by 2002:a6b:520d:: with SMTP id g13-v6mr22364000iob.60.1530545410007; Mon, 02 Jul 2018 08:30:10 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:bbc7:0:0:0:0:0 with HTTP; Mon, 2 Jul 2018 08:30:09 -0700 (PDT) In-Reply-To: <1530542283-26145-8-git-send-email-zohar@linux.vnet.ibm.com> References: <1530542283-26145-1-git-send-email-zohar@linux.vnet.ibm.com> <1530542283-26145-8-git-send-email-zohar@linux.vnet.ibm.com> From: Ard Biesheuvel Date: Mon, 2 Jul 2018 17:30:09 +0200 Message-ID: Subject: Re: [PATCH v5 7/8] ima: based on policy warn about loading firmware (pre-allocated buffer) To: Mimi Zohar Cc: linux-integrity , linux-security-module , Linux Kernel Mailing List , David Howells , "Luis R . Rodriguez" , Eric Biederman , Kexec Mailing List , Andres Rodriguez , Greg Kroah-Hartman , "Luis R . Rodriguez" , Kees Cook , "Serge E . Hallyn" , Stephen Boyd , Bjorn Andersson Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2 July 2018 at 16:38, Mimi Zohar wrote: > Some systems are memory constrained but they need to load very large > firmwares. The firmware subsystem allows drivers to request this > firmware be loaded from the filesystem, but this requires that the > entire firmware be loaded into kernel memory first before it's provided > to the driver. This can lead to a situation where we map the firmware > twice, once to load the firmware into kernel memory and once to copy the > firmware into the final resting place. > > To resolve this problem, commit a098ecd2fa7d ("firmware: support loading > into a pre-allocated buffer") introduced request_firmware_into_buf() API > that allows drivers to request firmware be loaded directly into a > pre-allocated buffer. (Based on the mailing list discussions, calling > dma_alloc_coherent() is unnecessary and confusing.) > > (Very broken/buggy) devices using pre-allocated memory run the risk of > the firmware being accessible to the device prior to the completion of > IMA's signature verification. For the time being, this patch emits a > warning, but does not prevent the loading of the firmware. > As I attempted to explain in the exchange with Luis, this has nothing to do with broken or buggy devices, but is simply the reality we have to deal with on platforms that lack IOMMUs. Even if you load into one buffer, carry out the signature verification and *only then* copy it to another buffer, a bus master could potentially read it from the first buffer as well. Mapping for DMA does *not* mean 'making the memory readable by the device' unless IOMMUs are being used. Otherwise, a bus master can read it from the first buffer, or even patch the code that performs the security check in the first place. For such platforms, copying the data around to prevent the device from reading it is simply pointless, as well as any other mitigation in software to protect yourself from misbehaving bus masters. So issuing a warning in this particular case is rather arbitrary. On these platforms, all bus masters can read (and modify) all of your memory all of the time, and as long as the firmware loader code takes care not to provide the DMA address to the device until after the verification is complete, it really has done all it reasonably can in the environment that it is expected to operate in. (The use of dma_alloc_coherent() is a bit of a red herring here, as it incorporates the DMA map operation. However, DMA map is a no-op on systems with cache coherent 1:1 DMA [iow, all PCs and most arm64 platforms unless they have IOMMUs], and so there is not much difference between memory allocated with kmalloc() or with dma_alloc_coherent() in terms of whether the device can access it freely) > Signed-off-by: Mimi Zohar > Cc: Luis R. Rodriguez > Cc: David Howells > Cc: Kees Cook > Cc: Serge E. Hallyn > Cc: Stephen Boyd > Cc: Bjorn Andersson > > --- > Changelog v5: > - Instead of preventing loading firmware from a pre-allocate buffer, > emit a warning. > > security/integrity/ima/ima_main.c | 25 ++++++++++++++++--------- > 1 file changed, 16 insertions(+), 9 deletions(-) > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > index e467664965e7..7da123d980ea 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -416,6 +416,15 @@ void ima_post_path_mknod(struct dentry *dentry) > iint->flags |= IMA_NEW_FILE; > } > > +static int read_idmap[READING_MAX_ID] = { > + [READING_FIRMWARE] = FIRMWARE_CHECK, > + [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK, > + [READING_MODULE] = MODULE_CHECK, > + [READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK, > + [READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK, > + [READING_POLICY] = POLICY_CHECK > +}; > + > /** > * ima_read_file - pre-measure/appraise hook decision based on policy > * @file: pointer to the file to be measured/appraised/audit > @@ -439,18 +448,16 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id) > } > return 0; /* We rely on module signature checking */ > } > + > + if (read_id == READING_FIRMWARE_PREALLOC_BUFFER) { > + if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && > + (ima_appraise & IMA_APPRAISE_ENFORCE)) { > + pr_warn("device might be able to access firmware prior to signature verification completion.\n"); > + } > + } > return 0; > } > > -static int read_idmap[READING_MAX_ID] = { > - [READING_FIRMWARE] = FIRMWARE_CHECK, > - [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK, > - [READING_MODULE] = MODULE_CHECK, > - [READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK, > - [READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK, > - [READING_POLICY] = POLICY_CHECK > -}; > - > /** > * ima_post_read_file - in memory collect/appraise/audit measurement > * @file: pointer to the file to be measured/appraised/audit > -- > 2.7.5 >