Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp900663pxb; Tue, 1 Feb 2022 12:46:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJzS08969iQv7zd81RDN6TyZtZ4pTm2PBP5TUocSUmFGNG7eUjh6ktdMvKDIoj2z+/aCy9ta X-Received: by 2002:a63:e34a:: with SMTP id o10mr1522731pgj.130.1643748388961; Tue, 01 Feb 2022 12:46:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643748388; cv=none; d=google.com; s=arc-20160816; b=NYd0/fBJTZM/F5rI3RG9ypZxdRDl5KPsNkdqNyJwNRupbkLMIMpuDT0Y3AujEZTsU7 noKJmalLJqssDBN7AfJb67ZyV8dYZZmjZEuTlhDW8OyVIRsq7HMiuNIypOxfIGqPdHR2 B1/yMBvSR/EusfNoG8H5fy+aAZnmSzIm9RUHJ0QogwnXFHjoPdMrQXh8tNBJDRvOIILz 5tvYSU+hS93djNr83W82bQ+o0GyRojZpHmppjq+ScPkgb25pfu8hH4Z2s8qaOPwXfEj1 1xV2EkL5mP3xWbE4GGaLcAYUgg57ITLanwgaY6NM7Km966oEqAgyXqhdwhjpv37RS0KE jnAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=FyMzMb2CYHb8obaVz5cImG4sMQhUWtPLzWA+mRrkyYw=; b=cazo/j6G+m6O8k4gbhHreU6BJE6Toc9awGpujjKzki3nfYqfFiLe01eQEtnS1N+71F RosDFqKiXpue+mvSzQV8FSzaodSRHMBjgAuHJ+tC99j+epcQA9eqryrxriGfO8a/I+Kr e0QX0mKB+HLL6JWdOGUuQK3V0DAlS7x7z2vQyl72qbO/AXzWgZNvYKyxsG/XV+phaQwQ vUAs2IpnNZtcqWxWkIzWZOFnCwM1Z5YHsGFdimUnBgncguVFlmNqAH29tyKl8naHY2s3 I+867BIhdToM1KBWH/KTbnvEZe5E8yLzrMm2NZ7J50VyRVgfRdAEl6aaW0hk7pZA03p1 +T4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k10si19464980pfc.213.2022.02.01.12.46.17; Tue, 01 Feb 2022 12:46:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380786AbiAaRNw (ORCPT + 99 others); Mon, 31 Jan 2022 12:13:52 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:4577 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1380775AbiAaRNt (ORCPT ); Mon, 31 Jan 2022 12:13:49 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4JnZQN2X6hz67lD0; Tue, 1 Feb 2022 01:13:16 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Mon, 31 Jan 2022 18:13:46 +0100 From: Roberto Sassu To: CC: , , , , Roberto Sassu , Subject: [PATCH] ima: Allow template selection with ima_template[_fmt]= after ima_hash= Date: Mon, 31 Jan 2022 18:11:39 +0100 Message-ID: <20220131171139.3024883-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml751-chm.china.huawei.com (10.201.108.201) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") introduced an additional check on the ima_template variable to avoid multiple template selection. Unfortunately, ima_template could be also set by the setup function of the ima_hash= parameter, when it calls ima_template_desc_current(). This causes attempts to choose a new template with ima_template= or with ima_template_fmt=, after ima_hash=, to be ignored. Achieve the goal of the commit mentioned with the new static variable template_setup_done, so that template selection requests after ima_hash= are not ignored. Finally, call ima_init_template_list(), if not already done, to initialize the list of templates before lookup_template_desc() is called. Cc: stable@vger.kernel.org Fixes: c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") Signed-off-by: Roberto Sassu --- security/integrity/ima/ima_template.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 694560396be0..db1ad6d7a57f 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -29,6 +29,7 @@ static struct ima_template_desc builtin_templates[] = { static LIST_HEAD(defined_templates); static DEFINE_SPINLOCK(template_list); +static int template_setup_done; static const struct ima_template_field supported_fields[] = { {.field_id = "d", .field_init = ima_eventdigest_init, @@ -101,10 +102,11 @@ static int __init ima_template_setup(char *str) struct ima_template_desc *template_desc; int template_len = strlen(str); - if (ima_template) + if (template_setup_done) return 1; - ima_init_template_list(); + if (!ima_template) + ima_init_template_list(); /* * Verify that a template with the supplied name exists. @@ -128,6 +130,7 @@ static int __init ima_template_setup(char *str) } ima_template = template_desc; + template_setup_done = 1; return 1; } __setup("ima_template=", ima_template_setup); @@ -136,7 +139,7 @@ static int __init ima_template_fmt_setup(char *str) { int num_templates = ARRAY_SIZE(builtin_templates); - if (ima_template) + if (template_setup_done) return 1; if (template_desc_init_fields(str, NULL, NULL) < 0) { @@ -147,6 +150,7 @@ static int __init ima_template_fmt_setup(char *str) builtin_templates[num_templates - 1].fmt = str; ima_template = builtin_templates + num_templates - 1; + template_setup_done = 1; return 1; } -- 2.32.0