Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2861914lqt; Tue, 23 Apr 2024 04:07:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWiDqVhgZ7C36451KwLhLdB8hNtdMbseKIfJPhVQT5ZejupvzQ1DdJpdZKSi6DEv9koDCbT+BSQWxfFmMddnXu27jWsShu20FTe547lAA== X-Google-Smtp-Source: AGHT+IE+VzB7g/zQSFB3G4TBcn/QKBPy3A1A5H2iYyk0YR68ZFsHYGaGMOHFduaJsF/amawViUEg X-Received: by 2002:a05:6359:65c8:b0:17e:89bb:e545 with SMTP id ym8-20020a05635965c800b0017e89bbe545mr16773472rwb.19.1713870446917; Tue, 23 Apr 2024 04:07:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713870446; cv=pass; d=google.com; s=arc-20160816; b=zvSNHAQcWWt9gRgLfVR0YJ6qkNPEzG8O+D7FOgBALg/FP45uRC5haM/CelBRDHoC8D AqitwnG+tgw/X7LgFs0xVtrZ5jYgi3OOO7ylv7ruklcexBwECpIyLleWwBaclvkJl7am nbKw7Kz8mM7I2dMTlwNXVW2hmYA6dEuTy6S1LF1NOuoVwJBg6PpgC14RxCxH+mxzj1Bp D5oRiYLQ3yRI2MnZkJvjBTjq4m3IvyMGYjlBN88qEXkUw9fM5tD0SuOhIUXsM3B8wffP fjoSlZ1u5i0XF5rhud2HhoEHtsTB2rnGGksgj13mwtoxYVBWLV90YUIFaSovJnwAhS19 YZZA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=4wUsxduyxnw3tRxR+5pqJbGtttgBs5DrdX3QvzytJP8=; fh=EtJMFfxWqDo8D5pVHwOeZdCtHZURNyO3RKDMC9hyq6Q=; b=Pb0YyyU5p/ao/vZoaPA9a4hLsO3Ec+lwQZVvZAD8jJqiH8UOsNQa1q9wFjuqQMpTgj 1EP2aImW9+TukCC1nIZ0UQ74LQ9PbzgU4ucabrtEyhzkSxS2zP3Av/7sT+eig9d6vooo GTic13iwsCDe6a80IDbh0mdS5+yzcVoTXFHHWzjHO8jiqnoLgGopwskClnc5vIML8+4O d80+Iz4c8CSO8yONPmskE9p5HQ5DqEDKxBscaUfvhr9KvDJgo6XaBDeBpP5fDzGMTn7R ArkLQ7YVdR0cxaRDjZorh+kMjwomi+s7ORb6RNo6c8p4J3Tac+AYgVxd2eU9kBFXjHpx tKIQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=ghbb0qEv; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-154947-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-154947-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id cd22-20020a056130109600b007e36e518440si2001911uab.14.2024.04.23.04.07.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Apr 2024 04:07:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-154947-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=ghbb0qEv; arc=pass (i=1 spf=pass spfdomain=szeredi.hu dkim=pass dkdomain=szeredi.hu dmarc=pass fromdomain=szeredi.hu); spf=pass (google.com: domain of linux-kernel+bounces-154947-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-154947-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 239A71C221AF for ; Tue, 23 Apr 2024 11:07:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4C07B7E0FB; Tue, 23 Apr 2024 11:06:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b="ghbb0qEv" Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1983762E8 for ; Tue, 23 Apr 2024 11:06:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713870408; cv=none; b=gqVY97E7w35l6a3nSPT6lPZp3BUFHioDDJfI+3pKd2KAjyoKtmQpZYPR5FrpA5o6l7dOhvL39ZTJ5Q8ESxt3r6VcPY9tPU8tthQYNhURo3HhOzk58ky3JhDe+HJIfB8cnsWTU8+hCUyi+d7xHGj/xxERWcBsWHmqj5tgBiO3jwU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713870408; c=relaxed/simple; bh=AdPVc0A61kGLqMdPSFwl4zNIhRj+J3lsict6JN3wJUo=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=pAO2G2SQK7pfvGqXgThbBBBN29Fq/SeD8EY+gOC87Xh3QGo2hl++IpqMJxuFKzZ4YO252o+WVj01Jx7hagGRScrW5HzWPwShK1vboa8A2kPlHeFcO0F+IBBj0jN6jBt7VBs+PraroM07cGe3OODT90kOBfNzU519OcKeaKzSFuw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu; spf=pass smtp.mailfrom=szeredi.hu; dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b=ghbb0qEv; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=szeredi.hu Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-a5544fd07easo618769966b.0 for ; Tue, 23 Apr 2024 04:06:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1713870405; x=1714475205; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4wUsxduyxnw3tRxR+5pqJbGtttgBs5DrdX3QvzytJP8=; b=ghbb0qEvROFxiYb1AlYkC25WMO7m7vDXMUQn+lj4ILBihB0dHB/vISDW4a3Vm26pQr B4WGP8WV3bKgaGq0OhOv5gn/2Wj9C6W4oo74SMnxMFcA5s/RIAHU6RL+oudnMb9Ka4kb 4qoVrc9AaJiYaOnkGNrYEvwYmzpaKvv8OeqF8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713870405; x=1714475205; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4wUsxduyxnw3tRxR+5pqJbGtttgBs5DrdX3QvzytJP8=; b=WvGCqTp/b//EFUUKQYiUgpdYkklrmaLnDaWdD17YWUCqxZM4kzxhxpuQ3lQz1LpeGU TRB14g8YTMuZQCBCqs4zLbasbZgjgKW1qOY2hCd9/Zct/BzfWw7JcvVE/vWE1NqFYT5I ms/1h7byaVCPnOXpX/J0dL2jXsKNus87CqlgBXaExNmkhS9RAGI3qwfsc33a0uNTllqy aLtPg7nAf2CQ9Lc7GmMB4xVoJ5F9mblg0oxngtQYNJmG0ndFC7gKiOUCdb6y9vXQFYBH IT2XQpDna6qZSFZ5hUlIlLNaS/ptYA94nz3b7RnrlfbU8OP1JrU2bxko+3Tl+O5HY6ft rxRg== X-Forwarded-Encrypted: i=1; AJvYcCUNJyYc7GYXT9gwcpM2w60Fl5IIzRAu4WEtx8OGrgooRxJtD2iJfJRya9Z+JIgFBVe9ci/o4DcEVEjokL0GlhmIH3aHdlQCigYuhM4K X-Gm-Message-State: AOJu0YyGwDr24bVi9iv0JRh9JjFLB1q3wLSA3er65HjHVtVXFYHZ3DIN PIcS5WuhahAjfyuijLwvuFEEQ03L0kdnaTmva2+W03si4IGRCDXZXwalEBAZe576gNYLXNnVySu IAQ12iw90eCcwvhqYPu4g5J6tEu5UEJkEhbwTUQ== X-Received: by 2002:a17:906:34c5:b0:a55:428d:5de9 with SMTP id h5-20020a17090634c500b00a55428d5de9mr7869885ejb.28.1713870405155; Tue, 23 Apr 2024 04:06:45 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240412140122.2607743-1-stefanb@linux.ibm.com> <20240412140122.2607743-3-stefanb@linux.ibm.com> <89b4fb29-5906-4b21-8b5b-6b340701ffe4@linux.ibm.com> <52645fb25b424e10e68f0bde3b80906bbf8b9a37.camel@linux.ibm.com> <254ee35d6534089e99f7396582572606f24ff3a2.camel@linux.ibm.com> In-Reply-To: <254ee35d6534089e99f7396582572606f24ff3a2.camel@linux.ibm.com> From: Miklos Szeredi Date: Tue, 23 Apr 2024 13:06:33 +0200 Message-ID: Subject: Re: [RFC 2/2] ima: Fix detection of read/write violations on stacked filesystems To: Mimi Zohar Cc: Stefan Berger , Amir Goldstein , linux-integrity@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, roberto.sassu@huawei.com, Christian Brauner Content-Type: text/plain; charset="UTF-8" On Tue, 16 Apr 2024 at 21:06, Mimi Zohar wrote: > > On Tue, 2024-04-16 at 16:46 +0200, Miklos Szeredi wrote: > > On Tue, 16 Apr 2024 at 14:18, Mimi Zohar wrote: > > > Originally there was a single measureent unless the filesystem was mounted with > > > SB_I_VERSION. With commit a2a2c3c8580a ("ima: Use i_version only when > > > filesystem supports it") this changed to always re-measure the file if the > > > filesystem wasn't mounted with SB_I_VERSION. > > > > Does the i_version get stored and compared only while the inode is in memory? > > > > In that case I think it should be possible to support a version number > > for the overlay inode. > > i_version was insufficient to detect a file change for overlay. Commit > b836c4d29f27 ("ima: detect changes to the backing overlay") also compares the > i_ino and s_dev as well. Refer to > https://lore.kernel.org/lkml/20231025143906.133218-1-zohar@linux.ibm.com/. Which is rather ad-hoc. I'm talking about returning something in overlay i_version, which really indicates the version of the overlay file calculated from the i_version of the underlying files. The only issue is making this i_version persistent, AFAICS. If that's not needed than the overlayfs specific logic in IMA could be moved into overlayfs, where it belongs. > Here in this patch set we need to detect IMA read/write violations, based on the > i_readcount/i_writecount. If an overlay file is opened for read, but the > backing file is already opened for write, the file measurement is > meaningless. An "open-writers" violation needs to be generated; and the IMA > measurement list needs to be invalidated. If there's no other way, then let's implement an API to query the writecount that can take overlayfs into account. This is for the VFS and/or overlayfs to calculate, not for IMA. Thanks, Miklos