From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
James.Bottomley@HansenPartnership.com,
linux-integrity@vger.kernel.org
Cc: eric.snowberg@oracle.com, dhowells@redhat.com,
mathew.j.martineau@linux.intel.com, matthewgarrett@google.com,
sashal@kernel.org, jamorris@linux.microsoft.com,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH v2] IMA: Defined timer to free queued keys
Date: Tue, 24 Dec 2019 15:35:04 -0500 [thread overview]
Message-ID: <1577219704.4487.2.camel@linux.ibm.com> (raw)
In-Reply-To: <20191224180114.2772-1-nramas@linux.microsoft.com>
On Tue, 2019-12-24 at 10:01 -0800, Lakshmi Ramasubramanian wrote:
> keys queued for measurement should be freed if a custom IMA policy
> was not loaded. Otherwise, the keys will remain queued forever
> consuming kernel memory.
>
> This patch defines a timer to handle the above scenario. The timer
> is setup to expire 5 minutes after IMA initialization is completed.
>
> If a custom IMA policy is loaded before the timer expires, the timer
> is removed and any queued keys are processed for measurement.
> But if a custom policy was not loaded, on timer expiration
> queued keys are just freed.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Thanks. This patch is now queued in next-integrity-testing.
Mimi
> ---
> security/integrity/ima/ima.h | 2 +
> security/integrity/ima/ima_asymmetric_keys.c | 42 ++++++++++++++++++--
> security/integrity/ima/ima_init.c | 8 +++-
> 3 files changed, 48 insertions(+), 4 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 97f8a4078483..c483215a9ee5 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -216,8 +216,10 @@ struct ima_key_entry {
> char *keyring_name;
> };
> void ima_process_queued_keys(void);
> +void ima_init_key_queue(void);
> #else
> static inline void ima_process_queued_keys(void) {}
> +static inline void ima_init_key_queue(void) {}
> #endif /* CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */
>
> /* LIM API function definitions */
> diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
> index 4124f10ff0c2..9ea2233c911a 100644
> --- a/security/integrity/ima/ima_asymmetric_keys.c
> +++ b/security/integrity/ima/ima_asymmetric_keys.c
> @@ -11,6 +11,7 @@
>
> #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> +#include <linux/timer.h>
> #include <keys/asymmetric-type.h>
> #include "ima.h"
>
> @@ -26,6 +27,36 @@ static bool ima_process_keys;
> static DEFINE_MUTEX(ima_keys_mutex);
> static LIST_HEAD(ima_keys);
>
> +/*
> + * If custom IMA policy is not loaded then keys queued up
> + * for measurement should be freed. This timer is used
> + * for handling this scenario.
> + */
> +static long ima_key_queue_timeout = 300000; /* 5 Minutes */
> +static struct timer_list ima_key_queue_timer;
> +static bool timer_expired;
> +
> +/*
> + * This timer callback function frees keys that may still be
> + * queued up in case custom IMA policy was not loaded.
> + */
> +static void ima_timer_handler(struct timer_list *timer)
> +{
> + timer_expired = true;
> + ima_process_queued_keys();
> +}
> +
> +/*
> + * This function sets up a timer to free queued keys in case
> + * custom IMA policy was never loaded.
> + */
> +void ima_init_key_queue(void)
> +{
> + timer_setup(&ima_key_queue_timer, ima_timer_handler, 0);
> + mod_timer(&ima_key_queue_timer,
> + jiffies + msecs_to_jiffies(ima_key_queue_timeout));
> +}
> +
> static void ima_free_key_entry(struct ima_key_entry *entry)
> {
> if (entry) {
> @@ -120,10 +151,15 @@ void ima_process_queued_keys(void)
> if (!process)
> return;
>
> + del_timer(&ima_key_queue_timer);
> +
> list_for_each_entry_safe(entry, tmp, &ima_keys, list) {
> - process_buffer_measurement(entry->payload, entry->payload_len,
> - entry->keyring_name, KEY_CHECK, 0,
> - entry->keyring_name);
> + if (!timer_expired)
> + process_buffer_measurement(entry->payload,
> + entry->payload_len,
> + entry->keyring_name,
> + KEY_CHECK, 0,
> + entry->keyring_name);
> list_del(&entry->list);
> ima_free_key_entry(entry);
> }
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 5d55ade5f3b9..195cb4079b2b 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -131,5 +131,11 @@ int __init ima_init(void)
>
> ima_init_policy();
>
> - return ima_fs_init();
> + rc = ima_fs_init();
> + if (rc != 0)
> + return rc;
> +
> + ima_init_key_queue();
> +
> + return rc;
> }
prev parent reply other threads:[~2019-12-24 20:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-24 18:01 [PATCH v2] IMA: Defined timer to free queued keys Lakshmi Ramasubramanian
2019-12-24 20:35 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1577219704.4487.2.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=eric.snowberg@oracle.com \
--cc=jamorris@linux.microsoft.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthewgarrett@google.com \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).