Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp209657pxb; Wed, 11 Nov 2020 01:25:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJwPJ+GKRKzt8DQUVP3KeiNSNeJCOBQ2txv0JpjkxjJZoh1/r6bU1gjHuWO4sqhBIEk6aNnE X-Received: by 2002:a50:aa84:: with SMTP id q4mr4094968edc.331.1605086756401; Wed, 11 Nov 2020 01:25:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605086756; cv=none; d=google.com; s=arc-20160816; b=yg+bfQlkoSuZ7SNf5eRoEHyjm6EjCFrEY4tOb+Caqhhi7qOINFkoksU314cyN4Cslx 53pnW+Qi7xfqFp8C778413bSFOc2lBm6wasebqXJrnNx4b6ZgafX23vYbiLe+o2dizQj na3P9VijRyjlckGKIi3XP+UoCWfs5/gcrQcca6H+bIQYwO7TexqwOrqAlNqSpn6OaVIx mey4w6pQW9GgVVKSiM/jWQUD/Qmnjo/3UuV16tMxqLwPLnZwhEqRcn6Ff5urKR2R3/RF ZU7EzrdXJv/fDHMhxSF6hXkX3KX5b+Q7R62gMzn1anQDtPbBudmSCfIDXfy1GdHFPjMg UkTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=1BonFNc6jqxrdCD+eT/FxY1TkwxPZ9GYgwk+c67rGcs=; b=YZRFeZqFOa2LiMoA/XJZiIvr3V7xK5YAnxbNRsCwHaGeTwGtuOrgvPSj0DdKYoZejf Bp2Bhv1oRAHN4EmlpqAinRVtgUFR8s83f6VWYf6RbdviqIgbACrxp23xYLxm5xk8ovNI gwOdGx1cM0tyH3a+FYe4j3UscPBlB9twVTHruW21amR0TP3mtEUqYO/mxuVpMkiuODnQ 6edvr+S5JT+eUj2VCkZhMLmTp1dMSlhgphA3gnZIRN//K12kDROfnj/4x2LT96wFGV9T t+CT2/GdJgfSIYBBUKZclDtffUztLE8nwkxx/jqkSGDmH2ppRMj2MnUH01ncbePf1Ci/ zkpw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u9si1071978edr.63.2020.11.11.01.25.32; Wed, 11 Nov 2020 01:25:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726964AbgKKJYF (ORCPT + 99 others); Wed, 11 Nov 2020 04:24:05 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:2082 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726061AbgKKJYC (ORCPT ); Wed, 11 Nov 2020 04:24:02 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CWK4w3zX1z67KXd; Wed, 11 Nov 2020 17:22:24 +0800 (CST) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.161) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Wed, 11 Nov 2020 10:23:59 +0100 From: Roberto Sassu To: , CC: , , , , , Roberto Sassu , Subject: [PATCH v3 01/11] evm: Execute evm_inode_init_security() only when an HMAC key is loaded Date: Wed, 11 Nov 2020 10:22:52 +0100 Message-ID: <20201111092302.1589-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.27.GIT In-Reply-To: <20201111092302.1589-1-roberto.sassu@huawei.com> References: <20201111092302.1589-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.65.161] X-ClientProxiedBy: lhreml735-chm.china.huawei.com (10.201.108.86) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org evm_inode_init_security() requires an HMAC key to calculate the HMAC on initial xattrs provided by LSMs. However, it checks generically whether a key has been loaded, including also public keys, which is not correct as public keys are not suitable to calculate the HMAC. Originally, support for signature verification was introduced to verify a possibly immutable initial ram disk, when no new files are created, and to switch to HMAC for the root filesystem. By that time, an HMAC key should have been loaded and usable to calculate HMACs for new files. More recently support for requiring an HMAC key was removed from the kernel, so that signature verification can be used alone. Since this is a legitimate use case, evm_inode_init_security() should not return an error when no HMAC key has been loaded. This patch fixes this problem by replacing the evm_key_loaded() check with a check of the EVM_INIT_HMAC flag in evm_initialized. Cc: stable@vger.kernel.org # 4.5.x Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded") Signed-off-by: Roberto Sassu Reviewed-by: Mimi Zohar --- security/integrity/evm/evm_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 76d19146d74b..001e001eae01 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode *inode, struct evm_xattr *xattr_data; int rc; - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) + if (!(evm_initialized & EVM_INIT_HMAC) || + !evm_protected_xattr(lsm_xattr->name)) return 0; xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); -- 2.27.GIT