Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758751Ab0FCJ7L (ORCPT ); Thu, 3 Jun 2010 05:59:11 -0400 Received: from mail-fx0-f46.google.com ([209.85.161.46]:53601 "EHLO mail-fx0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751142Ab0FCJ7F (ORCPT ); Thu, 3 Jun 2010 05:59:05 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=lh51XpnuF+F2Gc6AlVl74va/koTA00B6AmXdJ8KJekmxJ7pyGY9/dvYuPPo9ZywjL3 TF0fwK7Nll+wnEmO9pJRfZF1m2qTXpqGRg0QLVJDJC4Z7JfDJNBcLgwGsWaikHTEZPVb 8HqERV8RJVus5JK6Hblpom6UNlk6VV8xCoYto= From: Roberto Sassu To: Mimi Zohar Subject: Re: [Linux-ima-user] [PATCH][1/1] fs: wrong type for 'magic' =?utf-8?q?argument=09in?= 'simple_fill_super()', fs/libfs.c Date: Thu, 3 Jun 2010 11:58:28 +0200 User-Agent: KMail/1.13.3 (Linux/2.6.32.12-115.fc12.x86_64; KDE/4.4.3; x86_64; ; ) Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, James Morris , linux-ima-user@lists.sourceforge.net, linux-fsdevel@vger.kernel.org References: <201006011906.00880.roberto.sassu@polito.it> <1275504265.3091.5.camel@localhost.localdomain> In-Reply-To: <1275504265.3091.5.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1628879.SxsvaoqpPi"; protocol="application/pkcs7-signature"; micalg=sha1 Content-Transfer-Encoding: 7bit Message-Id: <201006031158.33629.roberto.sassu@polito.it> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 7754 Lines: 176 --nextPart1628879.SxsvaoqpPi Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sorry for resending, the previous was rejected by some mailing list. On Wednesday 02 June 2010 20:44:25 Mimi Zohar wrote: > On Tue, 2010-06-01 at 19:05 +0200, Roberto Sassu wrote:=20 > > Description of the issue: > >=20 > > The function 'simple_fill_super()' in the path 'fs/libfs.c' takes the '= magic' argument as int.=20 > > In the include file 'include/linux/fs.h' the 's_magic' field of the 'su= per_block' structure is > > declared as unsigned long. > > This causes a misbehaviour in the 'Integrity Measurement Architecture' = security module,=20 > > since the 's_magic' field is used as criteria to determine if the inode= must be measured. >=20 > There aren't any magic numbers today greater than 32 bits. Out of > curiosity, which magic number on which platform are you having a > problem? >=20 I'm using a Fedora 12 64-bit KVM virtual machine. I do some tests on the 'i= ma_must_measure()' function and i noted that the result for inodes with superblock magic SELIN= UX_MAGIC is to=20 measure, when the action specified in the default policy is don't measure. = So i modified the code to display the superblock's magic of measured inodes adding this l= ine in the function=20 'process_measurement()' in 'security/integrity/ima/ima_main.c' after 'ima_m= ust_measure()': printk("file %s: magic: %lx\n", file->f_dentry->d_name.name, inode->i_sb->s= _magic); I obtained this result: =2E.. file access: magic 0xfffffffff97cff8c =2E.. The magic that i'm expecting is 0xf97cff8c. I think this is why the IMA pol= icy is not applied=20 correctly. I investigated further the selinux's code to understand how the super_block= structure is=20 instantiated in memory and i found this code in 'security/selinux/selinuxfs= =2Ec' , line 1601: ret =3D simple_fill_super(sb, SELINUX_MAGIC, selinux_files); In the prototype of the above function the type of the second argument is '= int', when the=20 's_magic' type of the 'super_block' structure is 'unsigned long'. In the patch i modified the type of the second argument of the function 'si= mple_fill_super()'.=20 This solves my problem but, since this is used by other filesystems, i don'= t known if this=20 solution is valid in general. > > This patch applies to the mainline kernel repository. > >=20 > >=20 > > >From a9f6d9bc7b2259ac025977f4b28a8b90784caf62 Mon Sep 17 00:00:00 2001 > > From: Roberto Sassu > > Date: Tue, 1 Jun 2010 18:28:13 +0200 > > Subject: [PATCH] BUG: wrong type for magic argument in simple_fill_supe= r(), fs/libfs.c > >=20 > >=20 > > Signed-off-by: Roberto Sassu >=20 > Reviewed-by: Mimi Zohar >=20 > > --- > > fs/libfs.c | 2 +- > > include/linux/fs.h | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > >=20 > > diff --git a/fs/libfs.c b/fs/libfs.c > > index 09e1016..7d966e8 100644 > > --- a/fs/libfs.c > > +++ b/fs/libfs.c > > @@ -489,7 +489,7 @@ int simple_write_end(struct file *file, struct addr= ess_space *mapping, > > * unique inode values later for this filesystem, then you must take c= are > > * to pass it an appropriate max_reserved value to avoid collisions. > > */ > > -int simple_fill_super(struct super_block *s, int magic, struct tree_de= scr *files) > > +int simple_fill_super(struct super_block *s, unsigned long magic, stru= ct tree_descr *files) > > { > > struct inode *inode; > > struct dentry *root; > > diff --git a/include/linux/fs.h b/include/linux/fs.h > > index 3428393..471e1ff 100644 > > --- a/include/linux/fs.h > > +++ b/include/linux/fs.h > > @@ -2388,7 +2388,7 @@ extern const struct file_operations simple_dir_op= erations; > > extern const struct inode_operations simple_dir_inode_operations; > > struct tree_descr { char *name; const struct file_operations *ops; int= mode; }; > > struct dentry *d_alloc_name(struct dentry *, const char *); > > -extern int simple_fill_super(struct super_block *, int, struct tree_de= scr *); > > +extern int simple_fill_super(struct super_block *, unsigned long, stru= ct tree_descr *); > > extern int simple_pin_fs(struct file_system_type *, struct vfsmount **= mount, int *count); > > extern void simple_release_fs(struct vfsmount **mount, int *count); > >=20 >=20 >=20 >=20 --nextPart1628879.SxsvaoqpPi Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGDzCCBgsw ggTzoAMCAQICAgPBMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAklUMR4wHAYDVQQKExVQb2xp dGVjbmljbyBkaSBUb3Jpbm8xNjA0BgNVBAMTLVBvbGl0ZWNuaWNvIGRpIFRvcmlubyBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTAeFw0wODEyMDUxNjAwMDBaFw0xMDEyMzAxMjAwMDBaMHkxCzAJBgNV BAYTAklUMR4wHAYDVQQKExVQb2xpdGVjbmljbyBkaSBUb3Jpbm8xMTAvBgNVBAsTKERpcGFydGlt ZW50byBkaSBBdXRvbWF0aWNhIGUgSW5mb3JtYXRpY2ExFzAVBgNVBAMTDlJvYmVydG8gIFNhc3N1 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5L+V4w3Mbm/sUbvfK2Fa00852rwwQWnO DuaPLgztSxL36xxvtATxM5ffrmr/6YHDFnupb46E0p+C/XgDfL+q6O7k/uaNOZM28pYOmxQGML60 Kz5alayAg9zbHFY+tHtuvThT9Jhg2zHKeHVO07aCxCsciP1L/A2I1E/wYY8ICK5hGVovYJ5JWfgk QpxPTM54sgip8OncB3dh4GGP5xHdOuY71PIZM8IBvWjKr3C4DVPHTjiupJA1unR7RG86vAAikP/a Y08/dF5N4HndpKCrSkIegfWzYBxj+NYnWOhgUL2GH/YOplG8w0iwztRx7kiLPayCXUjrUhQPjrnw djMKYwIDAQABo4ICrzCCAqswgZUGCWCGSAGG+EIBDQSBhxaBhElzc3VlZCB1bmRlciBwb2xpY2ll czoKIGh0dHA6Ly93d3cuZXVyb3BraS5vcmcvY2Evcm9vdC9jcHMvMS4xLwogaHR0cDovL3d3dy5l dXJvcGtpLm9yZy9jYS9pdC9jcHMvMS4xLwogaHR0cDovL2NhLnBvbGl0by5pdC9jcHMvMi4xLzAR BglghkgBhvhCAQEEBAMCALAwYwYIKwYBBQUHAQEEVzBVMCgGCCsGAQUFBzABhhxodHRwOi8vb2Nz cC5ldXJvcGtpLm9yZzo4MDI2MCkGCCsGAQUFBzAChh1odHRwOi8vd3d3LmV1cm9wa2kub3JnL2Nh L2l0LzAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY2EucG9saXRvLml0L2NybDAzL2NybC5kZXIw DAYDVR0TAQH/BAIwADA6BgNVHREEMzAxgRdyb2JlcnRvLnNhc3N1QHBvbGl0by5pdKAWBgorBgEE AZViAgEBoAgWBjAyMTMwNTCBzQYDVR0gBIHFMIHCMEMGCisGAQQBqQcBAQEwNTAzBggrBgEFBQcC ARYnaHR0cDovL3d3dy5ldXJvcGtpLm9yZy9jYS9yb290L2Nwcy8xLjEvMEEGCisGAQQBqQcCAQEw MzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5ldXJvcGtpLm9yZy9jYS9pdC9jcHMvMS4xLzA4Bgor BgEEAZViAQIBMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9jYS5wb2xpdG8uaXQvY3BzLzIuMS8wCwYD VR0PBAQDAgTwMB0GA1UdDgQWBBQ/7fsOlEvqvkE2OCyAWMjwwe8ZNzAfBgNVHSMEGDAWgBQJ/SUZ b+NofIJrNXO8KAC+LDw6ODANBgkqhkiG9w0BAQUFAAOCAQEANGPQ5YyCXMtdM+4o0P2AxMd3WJE/ NE0jVOJgU39YjK5reY16/rnAqfflXFtsxXqTvO7HF0Luj6JhEt6lU6enD3QB/9KIlFz1AjiuTy3N KvnEgju8jR8+9yWuNIzKZcK/AqttjCsp7QWEGdJnwCh7BegcNDx/riF4shTyYta7CjX5uurSklQf lD7r1YAYPTeWf6UWGTYqq9W/zIAPbU/J2tLtSTZksTuXv/4FNAFjxmOk1FnjgLr6juWi7bM3qWRa 1UcHBQ1V1+7fCRJN20Kb/LFHxdSUXJmQsd+FjX1VbiW7FvspngaI8oMRF1DAFvSSNrh6pI4GQA9Z n1jzOm/hsDGCAhwwggIYAgEBMGswZTELMAkGA1UEBhMCSVQxHjAcBgNVBAoTFVBvbGl0ZWNuaWNv IGRpIFRvcmlubzE2MDQGA1UEAxMtUG9saXRlY25pY28gZGkgVG9yaW5vIENlcnRpZmljYXRpb24g QXV0aG9yaXR5AgIDwTAJBgUrDgMCGgUAoIGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTEwMDYwMzA5NTgyOFowIwYJKoZIhvcNAQkEMRYEFHoXKFE2koMnUaF143MC SgBIHDHeMCgGCSqGSIb3DQEJDzEbMBkwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA0GCSqGSIb3 DQEBAQUABIIBALQOyvI9158A8Z8inq0PBK0AK3WyfEh/Pd5rnsQra+e7mi9g8vm1pRaVVzEerYyQ fSXCOGfbIyFX+HNoR0UmabX17rlklm/sJv8PNRbuoXF7vHhIXaz6yojMf9SFekPeXN9dft5lm8xg a7do0b0Qh7l46aVkbXdbLlfQe1J0Trk6ILKPAcjRChD8IQQ7gTxLLt6NFeHYlu1hGKEMzNj0jaSj LWhQAoaqykzHrBc89yiKmeI5SS/gtOOofD/ZDJl4JFDy/0Vh5+6eauRhOrVcxOon1+x4gmqCOTBr IUTBIfGPtSxiPpEe6IwK5yVGD45PKhUCyrWqKWtwFisBUNU1kA0AAAAAAAA= --nextPart1628879.SxsvaoqpPi-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/