Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1690400ybm;
        Thu, 23 May 2019 05:22:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqy//YYoqB1xr+3zkdt0ffUMYiYL2FIND5ngPg6QAdInUCLO1LAXcsYfX1VDRWFHuU7qPlzn
X-Received: by 2002:a17:902:9343:: with SMTP id g3mr96978744plp.260.1558614176763;
        Thu, 23 May 2019 05:22:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558614176; cv=none;
        d=google.com; s=arc-20160816;
        b=RyrsAHeQo2f1FuhPW0ZmJquPzJCzfsUYz+iZUkMHhVdiuQ20TE3H9iu9VLMJUEv9Ul
         nB42G07PTHykh7Rcr4QOUqAZ7ZhLgSK/kWRTE8ihfgDdUWX/t850TDcqq7r4q5HnV7UA
         7jTWjbVHqOdhajRZ/VH/LFZC1V++YmxMAG4ocW0XuLPYeZ+0HCWGR/j5dghvkixZNaqv
         SXtTb+hK6DbwJgf1GpGrNpt0V+hgcTikdyB+ZuFYp4HyVJQXnH+2apZrPQB5RdGDqq5N
         3JENDop+k73upcdiaQCSIKMGpKB9EUQIdhRBzXYoD0BRmOYQt2y0gQf18bTAmMtmuous
         56LQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject:cc
         :to:from;
        bh=Gca7NINJbBABHZ9kMzYts4D2cWSmMTidd3h/wTP/W0w=;
        b=wqRBU1+Zckl6G0SP83G9yqL+BeKkOD1KrjMoUzv/mPnK9zFjEhhCH3czUxTChXhZXx
         Kke1/I+Xtm5WAbrsBIEfhfAm01vj/3JWAaMf7FedqPMKFpPe5aALJeI5dex4rTwvWlW9
         smx6OXZlaqSck3iC9dDdoN3IO+ZN3+/NK8+mTBuGC+avEkkLDpkB1vwQ23Il34CPPGJp
         Q3x9X7dwrQbxXmf+hjcVz9UoZFcLRvNfT/N/vYNRe1I3aU86MnV/i+bQcYzzKeOWoMWf
         WIAZOFpggHvpHL6+GTk8HZppUmxC3s4kpbVOf2+FTM84LGvX/ufEr9mfgl9wWVLOShr4
         bE6w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z25si12793827pgv.418.2019.05.23.05.22.39;
        Thu, 23 May 2019 05:22:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730560AbfEWMVZ (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Thu, 23 May 2019 08:21:25 -0400
Received: from lhrrgout.huawei.com ([185.176.76.210]:32962 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1728309AbfEWMVZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 May 2019 08:21:25 -0400
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.108])
        by Forcepoint Email with ESMTP id DF1343C60C1E20BF93B0;
        Thu, 23 May 2019 13:21:22 +0100 (IST)
Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.154)
 by smtpsuk.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id
 14.3.408.0; Thu, 23 May 2019 13:21:11 +0100
From:   Roberto Sassu <roberto.sassu@huawei.com>
To:     <viro@zeniv.linux.org.uk>
CC:     <linux-security-module@vger.kernel.org>,
        <linux-integrity@vger.kernel.org>, <initramfs@vger.kernel.org>,
        <linux-api@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <bug-cpio@gnu.org>,
        <zohar@linux.vnet.ibm.com>, <silviu.vlasceanu@huawei.com>,
        <dmitry.kasatkin@huawei.com>, <takondra@cisco.com>,
        <kamensky@cisco.com>, <hpa@zytor.com>, <arnd@arndb.de>,
        <rob@landley.net>, <james.w.mcmechan@gmail.com>,
        <niveditas98@gmail.com>, Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Date:   Thu, 23 May 2019 14:18:00 +0200
Message-ID: <20190523121803.21638-1-roberto.sassu@huawei.com>
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.204.65.154]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch set aims at solving the following use case: appraise files from
the initial ram disk. To do that, IMA checks the signature/hash from the
security.ima xattr. Unfortunately, this use case cannot be implemented
currently, as the CPIO format does not support xattrs.

This proposal consists in including file metadata as additional files named
METADATA!!!, for each file added to the ram disk. The CPIO parser in the
kernel recognizes these special files from the file name, and calls the
appropriate parser to add metadata to the previously extracted file. It has
been proposed to use bit 17:16 of the file mode as a way to recognize files
with metadata, but both the kernel and the cpio tool declare the file mode
as unsigned short.

The difference from v2, v3 (https://lkml.org/lkml/2019/5/9/230,
https://lkml.org/lkml/2019/5/17/466) is that file metadata are stored in
separate files instead of a single file. Given that files with metadata
must immediately follow the files metadata will be added to, image
generators have to be modified in this version.

The difference from v1 (https://lkml.org/lkml/2018/11/22/1182) is that
all files have the same name. The file metadata are added to is always the
previous one, and the image generator in user space will make sure that
files are in the correct sequence.

The difference with another proposal
(https://lore.kernel.org/patchwork/cover/888071/) is that xattrs can be
included in an image without changing the image format. Files with metadata
will appear as regular files. It will be task of the parser in the kernel
to process them.

This patch set extends the format of data defined in patch 9/15 of the last
proposal. It adds header version and type, so that new formats can be
defined and arbitrary metadata types can be processed.

The changes introduced by this patch set don't cause any compatibility
issue: kernels without the metadata parser simply extract the special files
and don't process metadata; kernels with the metadata parser don't process
metadata if the special files are not included in the image.

From the kernel space perspective, backporting this functionality to older
kernels should be very easy. It is sufficient to add two calls to the new
function do_process_metadata() in do_copy(), and to check the file name in
do_name(). From the user space perspective, unlike the previous version of
the patch set, it is required to modify the image generators in order to
include metadata as separate files.

Changelog

v3:
- include file metadata as separate files named METADATA!!!
- add the possibility to include in the ram disk arbitrary metadata types

v2:
- replace ksys_lsetxattr() with kern_path() and vfs_setxattr()
  (suggested by Jann Horn)
- replace ksys_open()/ksys_read()/ksys_close() with
  filp_open()/kernel_read()/fput()
  (suggested by Jann Horn)
- use path variable instead of name_buf in do_readxattrs()
- set last byte of str to 0 in do_readxattrs()
- call do_readxattrs() in do_name() before replacing an existing
  .xattr-list
- pass pathname to do_setxattrs()

v1:
- move xattr unmarshaling to CPIO parser


Mimi Zohar (1):
  initramfs: add file metadata

Roberto Sassu (2):
  initramfs: read metadata from special file METADATA!!!
  gen_init_cpio: add support for file metadata

 include/linux/initramfs.h |  21 ++++++
 init/initramfs.c          | 137 +++++++++++++++++++++++++++++++++++++-
 usr/Kconfig               |   8 +++
 usr/Makefile              |   4 +-
 usr/gen_init_cpio.c       | 137 ++++++++++++++++++++++++++++++++++++--
 usr/gen_initramfs_list.sh |  10 ++-
 6 files changed, 305 insertions(+), 12 deletions(-)
 create mode 100644 include/linux/initramfs.h

-- 
2.17.1