Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp785857rdf; Fri, 3 Nov 2023 15:31:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFeP0WSYrRkWFt0/tw+zSvD3qNgptQspv/YzQ8gZa8PS1TZ5L/3NHmP7zQdautd+zNtE0+p X-Received: by 2002:a05:6a21:a108:b0:181:a9b6:8883 with SMTP id aq8-20020a056a21a10800b00181a9b68883mr6513744pzc.35.1699050684432; Fri, 03 Nov 2023 15:31:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1699050684; cv=none; d=google.com; s=arc-20160816; b=F1Y3S531iiH8OzQW6YWbr9t00n2uthkZ6HxW7sKS6+ya+udituwcxma/2WHnPjWj1f piCH0u8qj7b95+kx6ik/Kep7U8sFXE7ghaQsA/LV++bjUn4zn6pFr+FSPOiHmzRInV0j wMMtHXdYdR+x873sROM1eIG3U2mg56I9i0KUNChih+8vly1KdlLzBH5rjG+hR+fuISo5 yunTLVhSKabmaiS+EL09+3ABY2h6UBg6SKxhV6xjR1ds8e4SI33ICg70f/WgxPdQiKg+ /iEHf13CCnTp+70VuPJWY6lfroTQiRhgK6CDTPcxgt7BbU+LB24YM7pnO6UIKTGbyhjo YVKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=OOhQ+4ppHia6X5vZEThJt6hjspNBijG8E4l1rtJpvmc=; fh=ZPAeM+xkYp66u1aG9nkgtxe8xYzYiWSgUDTN5KvOyaM=; b=eQy9rorGQaIZvaeiXzUDKpNpsfpX6JROl5UvDPEV9W+7XvKMI6HVCRvynXjoVA0J9O tMGuxyvnYcVrUawGAPTNbqbBefR7egM8rb0ZmB9TLHLfUtqIY93vjUzX3RYSwtDpaAav /u4qmLpSItAmPJBXjE46mZ90/sp6/DHCcum8Ah5/9VIa3M7n82xNEj7JNbictZ4iHduC ryVgcXAA7Nl4FvQrexZV5SzrC5j1Bgei9aZFFsvXkcJxoIcaebFw7+FmtUQyxq1V8JKO Tz2I2d5TYALiqKk2uRZ8PoI0+4RVSz5y77FUk8pTP3lZH6/DgwdGhhnHsTEQ+QG8rk2Q SMBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=Fb+t+TGV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id m70-20020a633f49000000b005bd0432d9b5si2406639pga.88.2023.11.03.15.31.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Nov 2023 15:31:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=Fb+t+TGV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6458A80873A7; Fri, 3 Nov 2023 15:30:42 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230326AbjKCWaY (ORCPT + 99 others); Fri, 3 Nov 2023 18:30:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233720AbjKCWaW (ORCPT ); Fri, 3 Nov 2023 18:30:22 -0400 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF238D61 for ; Fri, 3 Nov 2023 15:30:17 -0700 (PDT) Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-d9fe0a598d8so2587850276.2 for ; Fri, 03 Nov 2023 15:30:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1699050617; x=1699655417; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OOhQ+4ppHia6X5vZEThJt6hjspNBijG8E4l1rtJpvmc=; b=Fb+t+TGVFWJo9Lt7NqbDpiCp5KTiTLq3qWK2F8FUuNtUM5WTuaxGb0+z1NVnqotvW1 2qZn6RS+Srkmk93yyT+/Ms2J3a7yxlyceX7Ft6kBLCx2jcS7lEJy9zgxUQXVHzj4blHS fyr7qxkrJU2HwS9ru50vk3tZdpJzSWKa2JEcflHAIVzuA7GESxwEJtB/bI3b70A9QUXa doEEoLqOl5hoHhMwCKdm/XfcW/zcTZPHZcjWSio+N81QNCrj++ZcVtYVoo53MGlrHnkn WkerntN/joI4lYf51rws1n6PycdZxbZwUR8MePbvYxSxCedAqTx+o/U0M0YpVs5udBPf IO1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699050617; x=1699655417; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OOhQ+4ppHia6X5vZEThJt6hjspNBijG8E4l1rtJpvmc=; b=HB5SgEgP6McT3hRHziBSzF8yn2omTaFi9wVDQvMGn6JiiCqsRNkwfhp+Iiqhcj/EV/ Ssyw+hnAPTljPUbpDs3FIaA01IZspX9p/SYVIxKLEBJ6b8+ZCD74T5ehN2ipYg9Ikdb5 a1hsOsZ0aF9U8nnHraY3cJ5NYG1b4qYnAnahREmjYKSxhpDDKiURVdLE0M/fHiSGANRT ipe12BaPRe0kEWMPaRX02nT1Yn8LVeCaDXLhyBUqdEiTBnjgOtZ6GLZQyprj2wYGZ50a rw6fAY88BRg1jBUFSHeufheDkxs2u66qH+3Xu2mAAu64k8CnJ9xKwPW4mzKJDjnjPoeL zKjw== X-Gm-Message-State: AOJu0YxoHH0LkVuARUHtRX/7yhrRdlOW428GOX5hqGaYPnczoFfRSOeE 7OFFMu0fnRUJuALyI/IPV5hDcl/FOt9nAipxF1Ud X-Received: by 2002:a25:8590:0:b0:da0:cf4b:c504 with SMTP id x16-20020a258590000000b00da0cf4bc504mr23753840ybk.8.1699050616923; Fri, 03 Nov 2023 15:30:16 -0700 (PDT) MIME-Version: 1.0 References: <1696457386-3010-6-git-send-email-wufan@linux.microsoft.com> <616a6fd7-47b1-4b46-af23-46f9b1a3eedf@linux.microsoft.com> In-Reply-To: From: Paul Moore Date: Fri, 3 Nov 2023 18:30:16 -0400 Message-ID: Subject: Re: [PATCH RFC v11 5/19] ipe: introduce 'boot_verified' as a trust provider To: Fan Wu Cc: corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, eparis@redhat.com, linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, audit@vger.kernel.org, roberto.sassu@huawei.com, linux-kernel@vger.kernel.org, Deven Bowers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 03 Nov 2023 15:30:42 -0700 (PDT) On Fri, Nov 3, 2023 at 6:15=E2=80=AFPM Paul Moore wro= te: > On Thu, Nov 2, 2023 at 6:46=E2=80=AFPM Fan Wu = wrote: > > On 10/26/2023 3:12 PM, Paul Moore wrote: > > > On Thu, Oct 26, 2023 at 5:33=E2=80=AFPM Fan Wu wrote: > > >> On 10/23/2023 8:52 PM, Paul Moore wrote: > > >>> On Oct 4, 2023 Fan Wu wrote: > > >>>> > > >>>> IPE is designed to provide system level trust guarantees, this usu= ally > > >>>> implies that trust starts from bootup with a hardware root of trus= t, > > >>>> which validates the bootloader. After this, the bootloader verifie= s the > > >>>> kernel and the initramfs. > > >>>> > > >>>> As there's no currently supported integrity method for initramfs, = and > > >>>> it's typically already verified by the bootloader, introduce a pro= perty > > >>>> that causes the first superblock to have an execution to be "pinne= d", > > >>>> which is typically initramfs. > > >>>> > > >>>> When the "pinned" device is unmounted, it will be "unpinned" and > > >>>> `boot_verified` property will always evaluate to false afterward. > > >>>> > > >>>> We use a pointer with a spin_lock to "pin" the device instead of r= cu > > >>>> because rcu synchronization may sleep, which is not allowed when > > >>>> unmounting a device. > > >>>> > > >>>> Signed-off-by: Deven Bowers > > >>>> Signed-off-by: Fan Wu > > >> ... > > >>>> --- > > >>>> security/ipe/eval.c | 72 +++++++++++++++++++++++++++++= ++++++- > > >>>> security/ipe/eval.h | 2 + > > >>>> security/ipe/hooks.c | 12 ++++++ > > >>>> security/ipe/hooks.h | 2 + > > >>>> security/ipe/ipe.c | 1 + > > >>>> security/ipe/policy.h | 2 + > > >>>> security/ipe/policy_parser.c | 35 +++++++++++++++++- > > >>>> 7 files changed, 124 insertions(+), 2 deletions(-) > > ... > > > >>>> +/** > > >>>> + * from_pinned - Determine whether @sb is the pinned super_block. > > >>>> + * @sb: Supplies a super_block to check against the pinned super_= block. > > >>>> + * > > >>>> + * Return: > > >>>> + * * true - @sb is the pinned super_block > > >>>> + * * false - @sb is not the pinned super_block > > >>>> + */ > > >>>> +static bool from_pinned(const struct super_block *sb) > > >>>> +{ > > >>>> + bool rv; > > >>>> + > > >>>> + if (!sb) > > >>>> + return false; > > >>>> + spin_lock(&pin_lock); > > >>>> + rv =3D !IS_ERR_OR_NULL(pinned_sb) && pinned_sb =3D=3D sb; > > >>>> + spin_unlock(&pin_lock); > > >>> > > >>> It's okay for an initial version, but I still think you need to get > > >>> away from this spinlock in from_pinned() as quickly as possible. > > >>> Maybe I'm wrong, but this looks like a major source of lock content= ion. > > >>> > > >>> I understand the issue around RCU and the potential for matching on > > >>> a reused buffer/address, but if you modified IPE to have its own LS= M > > >>> security blob in super_block::security you could mark the superbloc= k > > >>> when it was mounted and do a lockless lookup here in from_pinned(). > > >> > > >> Thank you for the suggestion. After some testing, I discovered that > > >> switching to RCU to pin the super block and using a security blob to > > >> mark a pinned super block works. This approach do avoid many spinloc= k > > >> operations. I'll incorporate these changes in the next version of th= e patch. > > > > > > I probably wasn't as clear as I should have been, I was thinking of > > > doing away with the @pinned_sb global variable entirely, as well as > > > its associated lock problems and simply marking the initramfs/initrd > > > superblock when it was mounted. I will admit that I haven't fully > > > thought about all the implementation details, but I think you could > > > leverage the security_sb_mount() hook to set a flag in IPE's > > > superblock metadata when the initramfs was mounted. > > > > I wasn't able to find a way to let LSM pin initramfs/initrd during moun= t > > time ... > > I haven't had to look at the kernel init code in a while, and I don't > recall ever looking at the initramfs code, but I spent some time > digging through the code and I wonder if it would be possible to mark > the initramfs superblock in wait_for_initramfs() via a new LSM hook > using @current->fs->root.mnt->mnt_sb? Although I'm not completely > sure that it's populated. Have you already looked at an approach like > this? Thinking about this more, the current IPE approach of treating the first file access as being present in the initramfs is not correct (one could build a system without an initramfs). I think we need to do something like the above where the initramfs is explicitly marked in the initramfs code. > > But I think we could replace the global variable with a flag > > variable ipe_sb_state so we could use atomic operation to only mark one > > drive as pinned without any lock. The code will be like: > > > > static void pin_sb(const struct super_block *sb) > > { > > if (!sb) > > return; > > > > if (!test_and_set_bit_lock(IPE_SB_PINNED, &ipe_sb_state)) { > > ipe_sb(sb)->pinned =3D true; > > } > > } > > > > Would this sound better? --=20 paul-moore.com