Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2718664pxv; Sun, 11 Jul 2021 23:43:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwxRSjuBVAuarJKKIk/b8bBF5BH5JU1Z5IcWfQ8jg7WWcaWgVtTOiCvphHAG0kjcWUoynLM X-Received: by 2002:a50:fe94:: with SMTP id d20mr9393404edt.114.1626072195325; Sun, 11 Jul 2021 23:43:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626072195; cv=none; d=google.com; s=arc-20160816; b=TvOBZ7KAwM2YbbGsASBJ3biFxhc/TZJ6QfrFWaEOnOwzc5+xh6mmU7yquK5encgx9Z jDNwChNzHDjNg70BxQ5dW3yHP74A4sFjY2dfQtVIHT/AV7t4V4phxq3iGOHy7L8euNZC QBlWmKCCiXNhMlcH5LBS+JVYDLZ19PcA8OnfRKKTyNe8ob5y5Cfs104hP3TsIli0eGLA VkUn4XdvUe3yp5ZO5GtK3g4XQTpAU8uicHwz1iHNnZXsuJsn99y3D75NsG9rZ9qclNOe ymHcrAhEjO/uTF9Q3bll1/6TUZeI3X+nGanibU0aCOJHN3ZHYnSs2O5E2tI7Hi4aKtGD 9JFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lOpuIbUrmBDxV9E2D2X0oqNBUAAXESMV/CNiv4c1M1M=; b=FN65YbfMwIc/gL1loqa4qUtyGYnjYjMWQ6wVcrDhawRhjd/O9hWQb20TuINH05i0lf +NZ8oIem4SxkCoqSLo3s/nIS9Wq3T/UhvlIQHK3riO2iy2KQGA2XtIH18E3DdSF74Lnq 3T1rMc6Hs3gqaTxcc/bVJUr7LODD+04zGAFdHvJqwFDmqo/HKPy89VAEXSeU4jllpmPB erIY3h31sdfhFkeHbkrN3MD5topuQbDRau0vVf/Zdws3fow8TonntI9CWUz65THMOOFc Zsz0j6EMb4MD0dxBu1o/KOMp6OTNBOdxjLKfJzPYlE/tISNarDXW26nACx3UTswuJelG 02zw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nypltjpI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r17si15198206edv.508.2021.07.11.23.42.52; Sun, 11 Jul 2021 23:43:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nypltjpI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238778AbhGLGoU (ORCPT + 99 others); Mon, 12 Jul 2021 02:44:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:54238 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237757AbhGLGev (ORCPT ); Mon, 12 Jul 2021 02:34:51 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4BF766052B; Mon, 12 Jul 2021 06:31:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626071489; bh=qS50egKAp8vEr3qpIuMYt0weiZiMDCcr9XlfK1nfdTI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nypltjpIRyyB/UHj7qOlwjjlCFnHlW8uLbKWVCIhgEXkC9PiWhx4Ujp44iM/k9XVz yoc9yXvC09hGuj9u2qMhx7UofDtiMg7QcOp0c9RiBmbXwkL4nztY6kpImM+InmgkP/ 2pPQUcKjRBWp+2alCUU5ExYtddXp909v4zri7dO8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Roberto Sassu , Mimi Zohar Subject: [PATCH 5.10 091/593] evm: Execute evm_inode_init_security() only when an HMAC key is loaded Date: Mon, 12 Jul 2021 08:04:11 +0200 Message-Id: <20210712060853.204482998@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu commit 9eea2904292c2d8fa98df141d3bf7c41ec9dc1b5 upstream. evm_inode_init_security() requires an HMAC key to calculate the HMAC on initial xattrs provided by LSMs. However, it checks generically whether a key has been loaded, including also public keys, which is not correct as public keys are not suitable to calculate the HMAC. Originally, support for signature verification was introduced to verify a possibly immutable initial ram disk, when no new files are created, and to switch to HMAC for the root filesystem. By that time, an HMAC key should have been loaded and usable to calculate HMACs for new files. More recently support for requiring an HMAC key was removed from the kernel, so that signature verification can be used alone. Since this is a legitimate use case, evm_inode_init_security() should not return an error when no HMAC key has been loaded. This patch fixes this problem by replacing the evm_key_loaded() check with a check of the EVM_INIT_HMAC flag in evm_initialized. Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded") Signed-off-by: Roberto Sassu Cc: stable@vger.kernel.org # 4.5.x Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/evm/evm_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -521,7 +521,7 @@ void evm_inode_post_setattr(struct dentr } /* - * evm_inode_init_security - initializes security.evm + * evm_inode_init_security - initializes security.evm HMAC value */ int evm_inode_init_security(struct inode *inode, const struct xattr *lsm_xattr, @@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode struct evm_xattr *xattr_data; int rc; - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) + if (!(evm_initialized & EVM_INIT_HMAC) || + !evm_protected_xattr(lsm_xattr->name)) return 0; xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);