Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2706235pxv; Sun, 11 Jul 2021 23:19:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxo0KY7poRkH2oqBsnk13uC7ZpEETrdK6gZAUt3rlKEMCfO9zOtuVEUkFH7OeybpyQV4twp X-Received: by 2002:a92:5401:: with SMTP id i1mr36653317ilb.17.1626070765643; Sun, 11 Jul 2021 23:19:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626070765; cv=none; d=google.com; s=arc-20160816; b=GwLaNSrdvjNO7sBXxOnq63w/HulZsIxzk3jndM7N4+109JPAmU75eKRmGFXWqVj7RP 5gysg+1BKZWt17rcty2Xq9EM2MUZjzniX1DH95Fd5FpDafjvnxU37n5u9TpawKqussO2 QbGMmcShzE9VaBtt0nicuGIOS9H6gJgGUruPENW1w4ebUsOabtgja9d4zVF05hEggPE0 1QzLa5yBav6b9SNf94kblI6iVEE5f0f372tnauieSxXJMgkXOVz5qOGoQb+RXPROu899 StQZtA5DrVlguzL/dmLR65saPW86nKXuaN32CYP7RjcS2lKmD7vAOPHpWf1erj/B3176 Uf4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cgtQsvDOqwak0rxrso6y0ss8GBtVIfo7HNGhFI7HyFY=; b=bZ1Uk4eKolWTKO1o+YumGvkHbaXMhHUL8JsOpS00msDWwAZXpWRbH/UNL1hAocL13x 1BtMESyo9bxj4fctdUqKWryLMjdeW0JaSrSpnugwCrLLAQuB7jSYzyyI4b1HoFoWPHK6 dEQqDGeopWRA21Uje9RUqsuuZWgKmmjKZ2EgkqDsJYrjySMs5eAeCiIyXTrLCTW1ZWA7 RAkLsAg/U7jkaP4Nv2FOtGtgJ5UVkfN0eEZGBAYoC2MgNf/mpbLCMJhUxOevb8Sbfnq/ SkBZD83CirSmk4P1nf7stFMVJYtKF7CBpCRZ66RGez3uup/+ikb0/2m4rUfG2DdfjlnI 6dsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PpOxJIf+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g3si16167066ilc.117.2021.07.11.23.19.13; Sun, 11 Jul 2021 23:19:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PpOxJIf+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233739AbhGLGUE (ORCPT + 99 others); Mon, 12 Jul 2021 02:20:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:37428 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233354AbhGLGTa (ORCPT ); Mon, 12 Jul 2021 02:19:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 74EBB610A7; Mon, 12 Jul 2021 06:16:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626070601; bh=4AJkvd6ETh8wjYwlTiVkmXWX8Anus4ctfjHbG1nMs00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PpOxJIf+iZSGuzss1MpMynOp2kNGVtvRaiI2oS6b0jCgo59MCE5M1ffaSddY/bVKh QK/FVkVqtX0sIfuUEY/wGJqivWsj8QgjbuS+1ZqPCg07MGq+JMfWB90Z/fyXIEQ7jp p789OFxBkwYevyeN/lhjCn7ALSHgLw2KXv6GxooA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Roberto Sassu , Mimi Zohar Subject: [PATCH 5.4 059/348] evm: Execute evm_inode_init_security() only when an HMAC key is loaded Date: Mon, 12 Jul 2021 08:07:23 +0200 Message-Id: <20210712060709.688186236@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060659.886176320@linuxfoundation.org> References: <20210712060659.886176320@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu commit 9eea2904292c2d8fa98df141d3bf7c41ec9dc1b5 upstream. evm_inode_init_security() requires an HMAC key to calculate the HMAC on initial xattrs provided by LSMs. However, it checks generically whether a key has been loaded, including also public keys, which is not correct as public keys are not suitable to calculate the HMAC. Originally, support for signature verification was introduced to verify a possibly immutable initial ram disk, when no new files are created, and to switch to HMAC for the root filesystem. By that time, an HMAC key should have been loaded and usable to calculate HMACs for new files. More recently support for requiring an HMAC key was removed from the kernel, so that signature verification can be used alone. Since this is a legitimate use case, evm_inode_init_security() should not return an error when no HMAC key has been loaded. This patch fixes this problem by replacing the evm_key_loaded() check with a check of the EVM_INIT_HMAC flag in evm_initialized. Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded") Signed-off-by: Roberto Sassu Cc: stable@vger.kernel.org # 4.5.x Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/evm/evm_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -520,7 +520,7 @@ void evm_inode_post_setattr(struct dentr } /* - * evm_inode_init_security - initializes security.evm + * evm_inode_init_security - initializes security.evm HMAC value */ int evm_inode_init_security(struct inode *inode, const struct xattr *lsm_xattr, @@ -529,7 +529,8 @@ int evm_inode_init_security(struct inode struct evm_xattr *xattr_data; int rc; - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) + if (!(evm_initialized & EVM_INIT_HMAC) || + !evm_protected_xattr(lsm_xattr->name)) return 0; xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);