From: Benjamin Marzinski <bmarzins@redhat.com>
To: Mikulas Patocka <mpatocka@redhat.com>, Mike Snitzer <snitzer@kernel.org>
Cc: dm-devel@lists.linux.dev, linux-integrity@vger.kernel.org,
Alasdair Kergon <agk@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
steven chen <chenste@linux.microsoft.com>
Subject: [PATCH v2 07/10] dm-ima: Fix issues with dm_ima_measure_on_device_rename
Date: Wed, 29 Apr 2026 16:21:05 -0400 [thread overview]
Message-ID: <20260429202108.2823261-8-bmarzins@redhat.com> (raw)
In-Reply-To: <20260429202108.2823261-1-bmarzins@redhat.com>
dm_ima_measure_on_device_rename() can be called on a device before it
ever loads a table, so it needs to handle the case where there is no
table metadata. Also, it was only updating the table_metadata on the
active table. If there was an inactive table when the device was renamed
and that table was later swapped in as the active table, it would
still have the old name. dm_ima_measure_on_device_rename() was also
needlessly allocating new memory for the updated table metadata, instead
of just reusing the existing memory.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
---
drivers/md/dm-ima.c | 69 ++++++++++++++++++++++++---------------------
1 file changed, 37 insertions(+), 32 deletions(-)
diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c
index 75c46b5af3f7..f563c4381489 100644
--- a/drivers/md/dm-ima.c
+++ b/drivers/md/dm-ima.c
@@ -133,22 +133,18 @@ void dm_ima_context_table_op(struct mapped_device *md,
}
/*
- * Internal function to allocate and copy device data for IMA measurements.
+ * Internal function to copy device data for IMA measurements.
*/
-static int dm_ima_alloc_and_copy_device_data(struct mapped_device *md, char **device_data,
- struct dm_ima_context *context,
- unsigned int num_targets, bool noio)
+static void dm_ima_copy_device_data(struct mapped_device *md, char *device_data,
+ struct dm_ima_context *context,
+ unsigned int num_targets)
{
- *device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio);
- if (!(*device_data))
- return -ENOMEM;
-
- scnprintf(*device_data, DM_IMA_DEVICE_BUF_LEN,
+ memset(device_data, 0, DM_IMA_DEVICE_BUF_LEN);
+ scnprintf(device_data, DM_IMA_DEVICE_BUF_LEN,
"name=%s,uuid=%s,major=%d,minor=%d,minor_count=%d,num_targets=%u;",
context->dev_name, context->dev_uuid, md->disk->major,
md->disk->first_minor, md->disk->minors, num_targets);
- return 0;
}
/*
@@ -223,11 +219,14 @@ void dm_ima_measure_on_table_load(struct dm_table *table,
num_targets = table->num_targets;
- fix_context_strings(context);
- if (dm_ima_alloc_and_copy_device_data(table->md, &device_data_buf,
- context, num_targets, noio))
+ device_data_buf = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio);
+ if (!device_data_buf)
goto error;
+ fix_context_strings(context);
+ dm_ima_copy_device_data(table->md, device_data_buf, context,
+ num_targets);
+
sha256_init(&hash_ctx);
memcpy(ima_buf + l, DM_IMA_VERSION_STR, strlen(DM_IMA_VERSION_STR));
@@ -626,48 +625,54 @@ void dm_ima_measure_on_table_clear(struct mapped_device *md,
void dm_ima_measure_on_device_rename(struct mapped_device *md,
struct dm_ima_context *context)
{
- char *old_device_data = NULL, *new_device_data = NULL;
+ char *old_device_data = NULL;
char *combined_device_data = NULL, *capacity_str = NULL;
bool noio = true;
int len;
+ struct dm_ima_device_table_metadata *table;
if (unlikely(!context))
return;
wait_to_measure(&md->ima, context->update_idx);
- fix_context_strings(context);
- if (dm_ima_alloc_and_copy_device_data(md, &new_device_data, context,
- md->ima.active_table.num_targets,
- noio))
- goto error;
-
combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, noio);
if (!combined_device_data)
- goto error;
+ goto exit;
if (dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio) < 0)
- goto error;
-
- old_device_data = md->ima.active_table.device_metadata;
-
- md->ima.active_table.device_metadata = new_device_data;
- md->ima.active_table.device_metadata_len = strlen(new_device_data);
+ goto exit;
+ if (md->ima.active_table.device_metadata)
+ old_device_data = md->ima.active_table.device_metadata;
+ else if (md->ima.inactive_table.device_metadata)
+ old_device_data = md->ima.inactive_table.device_metadata;
+ else
+ old_device_data = "device_rename=no_data;";
+ fix_context_strings(context);
len = scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2,
"%s%snew_name=%s,new_uuid=%s;%s", DM_IMA_VERSION_STR, old_device_data,
context->dev_name, context->dev_uuid, capacity_str);
- dm_ima_measure_data("dm_device_rename", combined_device_data, len, noio);
+ if (md->ima.active_table.device_metadata) {
+ table = &md->ima.active_table;
+ dm_ima_copy_device_data(md, table->device_metadata, context,
+ table->num_targets);
+ table->device_metadata_len = strlen(table->device_metadata);
+ }
- goto exit;
+ if (md->ima.inactive_table.device_metadata) {
+ table = &md->ima.inactive_table;
+ dm_ima_copy_device_data(md, table->device_metadata, context,
+ table->num_targets);
+ table->device_metadata_len = strlen(table->device_metadata);
+ }
+
+ dm_ima_measure_data("dm_device_rename", combined_device_data, len, noio);
-error:
- kfree(new_device_data);
exit:
kfree(capacity_str);
kfree(combined_device_data);
- kfree(old_device_data);
wake_next_measure(&md->ima);
}
--
2.53.0
next prev parent reply other threads:[~2026-04-29 20:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 20:20 [PATCH v2 00/10] Fix dm-ima bugs Benjamin Marzinski
2026-04-29 20:20 ` [PATCH v2 01/10] dm-ima: remove dm_ima_reset_data() Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 02/10] dm-ima: remove broken last_target_measured logic Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 03/10] dm-ima: Remove status_flags from dm_ima_measure_on_table_load() Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 04/10] dm-ima: don't copy the active table to the inactive table Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 05/10] dm-ima: Fix UAF errors and measuring incorrect context Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 06/10] dm-ima: remove new_map from dm_ima_measure_on_device_clear Benjamin Marzinski
2026-04-29 20:21 ` Benjamin Marzinski [this message]
2026-04-29 20:21 ` [PATCH v2 08/10] dm-ima: Handle race between rename and table swap Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 09/10] dm-ima: Fail more gracefully in dm_ima_measure_on_* Benjamin Marzinski
2026-04-29 20:21 ` [PATCH v2 10/10] dm-ima: use active table's size if available Benjamin Marzinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260429202108.2823261-8-bmarzins@redhat.com \
--to=bmarzins@redhat.com \
--cc=agk@redhat.com \
--cc=chenste@linux.microsoft.com \
--cc=dm-devel@lists.linux.dev \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=nramas@linux.microsoft.com \
--cc=roberto.sassu@huawei.com \
--cc=snitzer@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox