Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1457583ybt;
        Thu, 18 Jun 2020 09:06:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxTUy+U1IvVW7iVTHATAil+01LFOqGQqmLR5chtDgo9m/I7cg2mYsdkcJWUfasK8et736tE
X-Received: by 2002:aa7:c9c9:: with SMTP id i9mr4679720edt.166.1592496408041;
        Thu, 18 Jun 2020 09:06:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592496408; cv=none;
        d=google.com; s=arc-20160816;
        b=f1GEkJWdlZIL+mmLUA3Emawmqn+RiGj8cN5nxfj9xc2j1F6rGOL2EwXYIguO1jj1eY
         qKremjy4QZGGMKPzZ9DLDD9FwLCG2UhT7qyIWpFOA739nh34eTdYkbyWOctLSmrAncxv
         lH6cxT4jvH5ojzouHP7WMoVUNcQ8BOWVCyG7F35BRaeb0sqYoNoitvkPyqe5LpCOlwsn
         yvvpsbBFtJmUgOyrOlK/LhkkV/eNXVsD+E+lMLXREtenl831KRryHKIaPcKP5JTj6QRe
         XtQEP0gbvlVk/WuE78i7B4er/wGv2pKxk6bFg5X95PxgVKB0LE/Xr7B9/JFRwoVG4zUg
         MQBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=Wc/MaWmhl61bO99xSUIgyVRc0C0SZgs3h/5bCoKmlgQ=;
        b=rkSQ3CNTd4s/oaXgFRELCCpL15j+ZxWtd2WiTwbe2aIZLSn9DypPVL3tYSE3S4zzxh
         D9WhGxoseD+lXx8tPwIftCnACUS5MSaf8o45f4oYrEUqsVBjOddzVcR1PGG6jt3oZj9i
         zjfSDmoy51Gq58MjE4ELR5V6lyCDHqt3BmeQKqkOEIVhXGm0OYU1HoP1pIaKP90jvuyx
         fj3rMIKKOcad46jSZBX+ukvxCKNj0DbyXH2tsbAmB0poxndTLYoUT9PSD63vuuavDhjE
         vdTZJpoqOa2aGWQ4ofMqi3sd9RdlnbWLIlkA/QZww4o1v66uma/dHJOCTzctfJVfnpm7
         6HPA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id mb11si2016973ejb.325.2020.06.18.09.06.23;
        Thu, 18 Jun 2020 09:06:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731790AbgFRQEW (ORCPT <rfc822;jaegeuk-test@gmail.com>
        + 99 others); Thu, 18 Jun 2020 12:04:22 -0400
Received: from lhrrgout.huawei.com ([185.176.76.210]:2332 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1731753AbgFRQEU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Jun 2020 12:04:20 -0400
Received: from lhreml736-chm.china.huawei.com (unknown [172.18.7.107])
        by Forcepoint Email with ESMTP id 688362462C46C0D090A2;
        Thu, 18 Jun 2020 17:04:19 +0100 (IST)
Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by
 lhreml736-chm.china.huawei.com (10.201.108.87) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1913.5; Thu, 18 Jun 2020 17:04:19 +0100
Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160)
 by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id
 15.1.1913.5; Thu, 18 Jun 2020 18:04:18 +0200
From:   Roberto Sassu <roberto.sassu@huawei.com>
To:     <zohar@linux.ibm.com>, <mjg59@google.com>
CC:     <linux-integrity@vger.kernel.org>,
        <linux-security-module@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>,
        Roberto Sassu <roberto.sassu@huawei.com>,
        <stable@vger.kernel.org>
Subject: [PATCH 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if the HMAC key is loaded
Date:   Thu, 18 Jun 2020 18:01:25 +0200
Message-ID: <20200618160133.937-3-roberto.sassu@huawei.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200618160133.937-1-roberto.sassu@huawei.com>
References: <20200618160133.937-1-roberto.sassu@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.204.65.160]
X-ClientProxiedBy: lhreml704-chm.china.huawei.com (10.201.108.53) To
 fraeml714-chm.china.huawei.com (10.206.15.33)
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Granting metadata write is safe if the HMAC key is not loaded, as it won't
let an attacker obtain a valid HMAC from corrupted xattrs. evm_write_key()
however does not allow it if any key is loaded, including a public key,
which should not be a problem.

This patch allows setting EVM_ALLOW_METADATA_WRITES if the EVM_INIT_HMAC
flag is not set.

Cc: stable@vger.kernel.org # 4.16.x
Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/evm/evm_secfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index cfc3075769bb..92fe26ace797 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
 	 * keys are loaded.
 	 */
 	if ((i & EVM_ALLOW_METADATA_WRITES) &&
-	    ((evm_initialized & EVM_KEY_MASK) != 0) &&
+	    ((evm_initialized & EVM_INIT_HMAC) != 0) &&
 	    !(evm_initialized & EVM_ALLOW_METADATA_WRITES))
 		return -EPERM;
 
-- 
2.17.1