Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2200594iof; Tue, 7 Jun 2022 23:02:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyJOiv2YTeYgdulmwjNjWPpJzV/iO+pgv7lzc4Ch4tCM/b6Sl2kLVOauggcc2s+uCeIwAgK X-Received: by 2002:a17:90a:cc0d:b0:1e3:1256:faa3 with SMTP id b13-20020a17090acc0d00b001e31256faa3mr51775311pju.107.1654668125849; Tue, 07 Jun 2022 23:02:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654668125; cv=none; d=google.com; s=arc-20160816; b=eFqkPyIEwaKNvdURDswJiUNNq/CMA5ORzC9p/VUSPnXpQ5H4iey5n14wtSEsu2WvD9 07X6aV6aFNYYK3Lpxqy+kD58MFTcMTMIwsQFs1h95cSEnUgpzPfhlzYcNaTl7dVz+Djs 8RgP8lJvHedZy6Ni2/roIn4Ymqg4Cx8BoUmSTA1GFMikocS5+UQQO8AvKI4tCjUAUbOv wgmVRSfX4DcsF2R0lZji+ZZ6CgE+Pg5EE6yuvzS0Roog8rtCJ/Kw3ErUpIO/8gi0ZXMU jKzxXMmkCw9oCDOcKplWuHWEg/sFLfclCXAen5eMh5JGVzryXzzAljGBboF3Uw4hIYON auxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XAP3IjTAKYXFNWSkuVva2ACrcCw0v+/vkrCc1Ld79os=; b=ruYWTAUI+GNsq9suu3ZR7NG8Ugbd7y5KvwpCRk+0lChuBjlVEgPmG17fVUB7oBPcI8 gH3jWfNUXlVzdYSMPN2T0lgFGdqgMwQ5SGAy5eV/IGZoyPV9qR0vARbiOeyrZwusXJBV UTNQAE6RRRynB3pDsaWuWhNbb0RDbRXb2O8UlHBiO4dK/HnBQ0w4OjuIbekt/gbseL/G /cEhfmwITk5ZNzGUOcM0rGXDeIkJlq4+na1kLmiJLPuTklagcksTfZdbIWeEKPlzrlvl B74b7j8ld/XUW20h69jyZHLE1vuA4Hhp87MEFgAFhoxgf+pRc4Gygxmql7o0jo/IYNWT CtrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vIgU3Sl1; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id d2-20020a656b82000000b003fdac2b3964si11235132pgw.335.2022.06.07.23.02.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 23:02:05 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vIgU3Sl1; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9B0EDF3F94; Tue, 7 Jun 2022 22:26:21 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381932AbiFHBOz (ORCPT + 99 others); Tue, 7 Jun 2022 21:14:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385498AbiFGWbe (ORCPT ); Tue, 7 Jun 2022 18:31:34 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FA3A27B481; Tue, 7 Jun 2022 12:24:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CBE16B8220B; Tue, 7 Jun 2022 19:24:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42AEAC385A5; Tue, 7 Jun 2022 19:24:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654629893; bh=mTdIDoujXMOK+HqZWo1bcLLznZ0mfsHSUpSPn8Lcwd8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vIgU3Sl1XyqfPvoe0kgesTJ2zlUTctwMd0IcJWYagOw/r0s7/jlIUhRZUp07BIJWd l+b+AA8d6jI3T34FyotoMOFsDIfaOxCJ9ZJe5+9vRZfhNmCkf2OVahRdNadEiWyRBG EHH6KdY3nLBI4b8QiiCoMym42APo+KKrt7Ny9ufQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, GUO Zihua , Stable@vger.kernel.org, Mimi Zohar Subject: [PATCH 5.18 804/879] ima: remove the IMA_TEMPLATE Kconfig option Date: Tue, 7 Jun 2022 19:05:22 +0200 Message-Id: <20220607165026.196094150@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220607165002.659942637@linuxfoundation.org> References: <20220607165002.659942637@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: GUO Zihua commit 891163adf180bc369b2f11c9dfce6d2758d2a5bd upstream. The original 'ima' measurement list template contains a hash, defined as 20 bytes, and a null terminated pathname, limited to 255 characters. Other measurement list templates permit both larger hashes and longer pathnames. When the "ima" template is configured as the default, a new measurement list template (ima_template=) must be specified before specifying a larger hash algorithm (ima_hash=) on the boot command line. To avoid this boot command line ordering issue, remove the legacy "ima" template configuration option, allowing it to still be specified on the boot command line. The root cause of this issue is that during the processing of ima_hash, we would try to check whether the hash algorithm is compatible with the template. If the template is not set at the moment we do the check, we check the algorithm against the configured default template. If the default template is "ima", then we reject any hash algorithm other than sha1 and md5. For example, if the compiled default template is "ima", and the default algorithm is sha1 (which is the current default). In the cmdline, we put in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be that ima starts with ima-ng as the template and sha256 as the hash algorithm. However, during the processing of "ima_hash=", "ima_template=" has not been processed yet, and hash_setup would check the configured hash algorithm against the compiled default: ima, and reject sha256. So at the end, the hash algorithm that is actually used will be sha1. With template "ima" removed from the configured default, we ensure that the default tempalte would at least be "ima-ng" which allows for basically any hash algorithm. This change would not break the algorithm compatibility checks for IMA. Fixes: 4286587dccd43 ("ima: add Kconfig default measurement list template") Signed-off-by: GUO Zihua Cc: Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/ima/Kconfig | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -69,10 +69,9 @@ choice hash, defined as 20 bytes, and a null terminated pathname, limited to 255 characters. The 'ima-ng' measurement list template permits both larger hash digests and longer - pathnames. + pathnames. The configured default template can be replaced + by specifying "ima_template=" on the boot command line. - config IMA_TEMPLATE - bool "ima" config IMA_NG_TEMPLATE bool "ima-ng (default)" config IMA_SIG_TEMPLATE @@ -82,7 +81,6 @@ endchoice config IMA_DEFAULT_TEMPLATE string depends on IMA - default "ima" if IMA_TEMPLATE default "ima-ng" if IMA_NG_TEMPLATE default "ima-sig" if IMA_SIG_TEMPLATE @@ -102,19 +100,19 @@ choice config IMA_DEFAULT_HASH_SHA256 bool "SHA256" - depends on CRYPTO_SHA256=y && !IMA_TEMPLATE + depends on CRYPTO_SHA256=y config IMA_DEFAULT_HASH_SHA512 bool "SHA512" - depends on CRYPTO_SHA512=y && !IMA_TEMPLATE + depends on CRYPTO_SHA512=y config IMA_DEFAULT_HASH_WP512 bool "WP512" - depends on CRYPTO_WP512=y && !IMA_TEMPLATE + depends on CRYPTO_WP512=y config IMA_DEFAULT_HASH_SM3 bool "SM3" - depends on CRYPTO_SM3=y && !IMA_TEMPLATE + depends on CRYPTO_SM3=y endchoice config IMA_DEFAULT_HASH