From: Mimi Zohar <zohar@linux.ibm.com>
To: Prakhar Srivastava <prsriva02@gmail.com>,
linux-integrity@vger.kernel.org,
linux-secuirty-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: ebiederm@xmission.com, vgoyal@redhat.com, nayna@linux.ibm.com
Subject: Re: [PATCH v3 3/4] add kexec_cmdline used to ima
Date: Thu, 02 May 2019 12:52:35 -0400 [thread overview]
Message-ID: <1556815955.4134.78.camel@linux.ibm.com> (raw)
In-Reply-To: <20190429214743.4625-4-prsriva02@gmail.com>
On Mon, 2019-04-29 at 14:47 -0700, Prakhar Srivastava wrote:
> From: Prakhar Srivastava <prsriva02@gmail.com>
>
> prepend the kernel file name to kexec_cmdline
> before measuring the buffer.
>
kexec doesn't really know or care about IMA. Other than the IMA call,
itself, nothing should be added to kexec files. As mentioned in 1/4,
the IMA hook would be named something like ima_kexec_cmdline().
Mimi
> Signed-off-by: Prakhar Srivastava <prsriva02@gmail.com>
> ---
> kernel/kexec_core.c | 57 +++++++++++++++++++++++++++++++++++++++++++++
> kernel/kexec_file.c | 14 +++++++++++
> 2 files changed, 71 insertions(+)
>
> diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> index d7140447be75..4667f03d406e 100644
> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -1213,3 +1213,60 @@ void __weak arch_kexec_protect_crashkres(void)
>
> void __weak arch_kexec_unprotect_crashkres(void)
> {}
> +
> +/**
> + * kexec_cmdline_prepend_img_name - prepare the buffer with cmdline
> + * that needs to be measured
> + * @outbuf - out buffer that contains the formated string
> + * @kernel_fd - the file identifier for the kerenel image
> + * @cmdline_ptr - ptr to the cmdline buffer
> + * @cmdline_len - len of the buffer.
> + *
> + * This generates a buffer in the format Kerenelfilename::cmdline
> + *
> + * On success return 0.
> + * On failure return -EINVAL.
> + */
> +int kexec_cmdline_prepend_img_name(char **outbuf, int kernel_fd,
> + const char *cmdline_ptr,
> + unsigned long cmdline_len)
> +{
> + int ret = -EINVAL;
> + struct fd f = {};
> + int size = 0;
> + char *buf = NULL;
> + char delimiter[] = "::";
> +
> + if (!outbuf || !cmdline_ptr)
> + goto out;
> +
> + f = fdget(kernel_fd);
> + if (!f.file)
> + goto out;
> +
> + size = (f.file->f_path.dentry->d_name.len + cmdline_len - 1+
> + ARRAY_SIZE(delimiter)) - 1;
> +
> + buf = kzalloc(size, GFP_KERNEL);
> + if (!buf)
> + goto out;
> +
> + memcpy(buf, f.file->f_path.dentry->d_name.name,
> + f.file->f_path.dentry->d_name.len);
> + memcpy(buf + f.file->f_path.dentry->d_name.len,
> + delimiter, ARRAY_SIZE(delimiter) - 1);
> + memcpy(buf + f.file->f_path.dentry->d_name.len +
> + ARRAY_SIZE(delimiter) - 1,
> + cmdline_ptr, cmdline_len - 1);
> +
> + *outbuf = buf;
> + ret = size;
> +
> + pr_debug("kexec cmdline buff: %s\n", buf);
> +
> +out:
> + if (f.file)
> + fdput(f);
> +
> + return ret;
> +}
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index f1d0e00a3971..d287e139085c 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -191,6 +191,8 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> int ret = 0;
> void *ldata;
> loff_t size;
> + char *buff_to_measure = NULL;
> + int buff_to_measure_size = 0;
>
> ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
> &size, INT_MAX, READING_KEXEC_IMAGE);
> @@ -241,6 +243,16 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> ret = -EINVAL;
> goto out;
> }
> +
> + /* IMA measures the cmdline args passed to the next kernel*/
> + buff_to_measure_size =
> + kexec_cmdline_prepend_img_name(&buff_to_measure,
> + kernel_fd, image->cmdline_buf, image->cmdline_buf_len);
> +
> + ima_buffer_check(buff_to_measure, buff_to_measure_size,
> + "kexec_cmdline");
> +
> +
> }
>
> /* Call arch image load handlers */
> @@ -253,7 +265,9 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
>
> image->image_loader_data = ldata;
> out:
> +
> /* In case of error, free up all allocated memory in this function */
> + kfree(buff_to_measure);
> if (ret)
> kimage_file_post_load_cleanup(image);
> return ret;
next prev parent reply other threads:[~2019-05-02 16:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-29 21:47 [PATCH v3 0/4] Add a new ima_hook buffer_check to measure buffers critical for attestation Prakhar Srivastava
2019-04-29 21:47 ` [PATCH v3 1/4] added a new ima policy func buffer_check, and ima hook to measure the buffer hash into ima Prakhar Srivastava
2019-05-02 16:52 ` Mimi Zohar
2019-04-29 21:47 ` [PATCH v3 2/4] add the buffer to the xattr Prakhar Srivastava
2019-05-02 16:52 ` Mimi Zohar
2019-04-29 21:47 ` [PATCH v3 3/4] add kexec_cmdline used to ima Prakhar Srivastava
2019-05-02 16:52 ` Mimi Zohar [this message]
2019-05-02 16:58 ` Al Viro
2019-04-29 21:47 ` [PATCH v3 4/4] added LSM hook to call ima_buffer_check Prakhar Srivastava
2019-05-02 16:52 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1556815955.4134.78.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=ebiederm@xmission.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-secuirty-module@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=prsriva02@gmail.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.