Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5980026pxb; Mon, 14 Feb 2022 12:14:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJwILuKIPccebYMw7Soezp2I2fmB+rwcNwxBf6zsDN8ryuIc96skyTV3VWND77Wvgb84X0UL X-Received: by 2002:a17:90a:15c8:b0:1b9:bf04:f64c with SMTP id w8-20020a17090a15c800b001b9bf04f64cmr425902pjd.112.1644869646747; Mon, 14 Feb 2022 12:14:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644869646; cv=none; d=google.com; s=arc-20160816; b=F9m4NPd7V16C04mBJZYlyWmQH83GA9fu1c6IBkz0lxFgeHs6XuUMkzxSH4Q3cKj/e/ dpZhji7NeKbY2t0vYmqzKKyRV66suGCfaKM+CW5W9qZR2hwRPNbZP0nzWfJnbYr8nA1r E45ZHdOVye1MQEI/aJbFTd2Q8ZDF4GoptTbQFjczWzyuHUrcHTgT2zsX1CCSg+boPixe dXUVFhWLRmoUJ9DAOLCvMJ5TKFxPNMFUu6GDkUgoCHTcOdTkwm5NcguBaimYwORr0Xbq Q256wVQbbLQ66RVc64q2CLk8tENCvZaucKKvfrSlYWGKcdRC5NPT9OU+P7xxBeC9Otaw gJpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qcXen9uUNGf+/d3axsIis0Vly/zr0VDmSIWUpNqUul8=; b=PEJARVtMFHEyojJHON1iHqenwaN+6mzEYa8ahmX64M5CsAqlFoiyWbbus/c9bGVt5W JMYwwNW1FVLzjk/xs5h98XUhXY3y7LCy0ScrXUZdCaPdtTW1ZiP4z0a+EVVAtojYh1tW kiDDB6ON6mQsgCpD0KG6Sp0gDO1yEjfLIGdCPvr9y3EcBe+CM8Cna5go2NAjYys9HKL9 i1Cb3djAUFg5Pbpf5QD7nt/fiahKEvavz2/Aa93GFl5nGIRGZn/N+izjWFPcIiPo3S1k lbi8cVsGal3nmAX4gR5ZK4kNuac+/ESXIaVm/B6++mmF9lGhKmzxEki4tyFlWeQs2jvu traA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xqRgVqTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id m14si781852pgu.58.2022.02.14.12.14.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Feb 2022 12:14:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xqRgVqTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E89C4F540E; Mon, 14 Feb 2022 11:50:47 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233552AbiBNJmA (ORCPT + 99 others); Mon, 14 Feb 2022 04:42:00 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:33454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244594AbiBNJkr (ORCPT ); Mon, 14 Feb 2022 04:40:47 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2327AB861; Mon, 14 Feb 2022 01:36:00 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D77D560FA2; Mon, 14 Feb 2022 09:35:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BE396C340F0; Mon, 14 Feb 2022 09:35:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1644831358; bh=t6eXjYA4rKPNICg4rTTpI2MzLeemt627oblOFcmf4C0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xqRgVqTbrxiKNn+JbE7EutXLkoLcp3PSJd5Z/J+ks5+bj2+yJI1UId1t0kQ2n+noZ LQImdmU5xxpLL40+7dAgJltiFXd8yYC3fcBFdDjZpayiSU+OK2KmWfq+jl0K5ZFMRz s7V7i5FfLDBPczUky+ZeVSp/YUqj/3mPdDEPbu+w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Guo Zihua , Roberto Sassu , Mimi Zohar Subject: [PATCH 5.4 03/71] ima: Allow template selection with ima_template[_fmt]= after ima_hash= Date: Mon, 14 Feb 2022 10:25:31 +0100 Message-Id: <20220214092452.136339118@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220214092452.020713240@linuxfoundation.org> References: <20220214092452.020713240@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu commit bb8e52e4906f148c2faf6656b5106cf7233e9301 upstream. Commit c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") introduced an additional check on the ima_template variable to avoid multiple template selection. Unfortunately, ima_template could be also set by the setup function of the ima_hash= parameter, when it calls ima_template_desc_current(). This causes attempts to choose a new template with ima_template= or with ima_template_fmt=, after ima_hash=, to be ignored. Achieve the goal of the commit mentioned with the new static variable template_setup_done, so that template selection requests after ima_hash= are not ignored. Finally, call ima_init_template_list(), if not already done, to initialize the list of templates before lookup_template_desc() is called. Reported-by: Guo Zihua Signed-off-by: Roberto Sassu Cc: stable@vger.kernel.org Fixes: c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/ima/ima_template.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -29,6 +29,7 @@ static struct ima_template_desc builtin_ static LIST_HEAD(defined_templates); static DEFINE_SPINLOCK(template_list); +static int template_setup_done; static const struct ima_template_field supported_fields[] = { {.field_id = "d", .field_init = ima_eventdigest_init, @@ -82,10 +83,11 @@ static int __init ima_template_setup(cha struct ima_template_desc *template_desc; int template_len = strlen(str); - if (ima_template) + if (template_setup_done) return 1; - ima_init_template_list(); + if (!ima_template) + ima_init_template_list(); /* * Verify that a template with the supplied name exists. @@ -109,6 +111,7 @@ static int __init ima_template_setup(cha } ima_template = template_desc; + template_setup_done = 1; return 1; } __setup("ima_template=", ima_template_setup); @@ -117,7 +120,7 @@ static int __init ima_template_fmt_setup { int num_templates = ARRAY_SIZE(builtin_templates); - if (ima_template) + if (template_setup_done) return 1; if (template_desc_init_fields(str, NULL, NULL) < 0) { @@ -128,6 +131,7 @@ static int __init ima_template_fmt_setup builtin_templates[num_templates - 1].fmt = str; ima_template = builtin_templates + num_templates - 1; + template_setup_done = 1; return 1; }