From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FE483D523B for ; Wed, 4 Feb 2026 15:50:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=67.231.145.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770220211; cv=none; b=ncdjX5dlLoow4sthq8JY3VjIyyt59f3adUhxjdkJnzE/ZqWY3rL/E6f79wU92thsb0yPKNlHTVFnPXdhBA34TRz06SFmfo+zNNMzXegplmGWIL68ncjL9WBMVHBm5YRF/iBoopg+gR7mvE/iJvnP2+HteBZYcXqIvVTXc6c14J4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770220211; c=relaxed/simple; bh=Iv6ceCD67TOkKQAVQ2Nt4LeyOIYSO+D5hmUYWlyO+rA=; h=Date:From:To:CC:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=vB6Kj15pRZnPvChOaBVdbP6RPLU/usUxxkLkNiJk3y8Eff/T2YJ3Et8bfWA11xVFRztaL5y/87v/O/o/7sAmFeKtW92oUZEMTCCbAcH84GPFty71z/MX08t6/4A25kpPR0RNgs9E9Uv3ov7pj3CjQEkGPrJ82qNZCWOl1xhPP5A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com; spf=pass smtp.mailfrom=meta.com; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b=uQdhuzVj; arc=none smtp.client-ip=67.231.145.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=meta.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b="uQdhuzVj" Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 614EoM9V2536351 for ; Wed, 4 Feb 2026 07:50:10 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=s2048-2025-q2; bh=ChkmBy7CZof0BPx1r6UN 8ALJ9ItnMaa8AwUM/o8GdWI=; b=uQdhuzVjmNDSkobt3LmqljqgR7I2qUh/tev3 BsLxl1DgfA11KZlVrCQ1Ph02Az3LfcR+V53HLaZT8XXtlsv7uDvTigAoRA0OFH8t jpnAq6ImgUIFtjfaDMihtCbiHftAwqmXXVejNNIjzO1/zpEXl3h7idwVpy8Nm+QV /oeBx2R3EcjWqIx/H2uJAD95/zB21xvL9aJiLnMnbqJZdQm7X2tJEBsmIdUZHJmO +W5UbWJBccag9CNk5VBv6FFQO5VkHMCq/3lhF+3c3VqUnWw7sZsUuNonvugpbjop L/hX5/uM3lLtMDGLJim738GpudvdAnJ7R+iKKqXm6uzalT1JLw== Received: from mail.thefacebook.com ([163.114.134.16]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 4c487hrnx3-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 04 Feb 2026 07:50:10 -0800 (PST) Received: from twshared25002.15.frc2.facebook.com (2620:10d:c085:208::7cb7) by mail.thefacebook.com (2620:10d:c08b:78::c78f) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.2.2562.35; Wed, 4 Feb 2026 15:50:09 +0000 Received: by devbig010.atn3.facebook.com (Postfix, from userid 224791) id 5DBC99E3AE7; Wed, 4 Feb 2026 07:47:04 -0800 (PST) Date: Wed, 4 Feb 2026 07:47:04 -0800 From: Daniel Hodges To: Roberto Sassu CC: , , , , , , , , , Subject: Re: [PATCH] evm: check return values of crypto_shash functions Message-ID: References: <20260131182233.2365157-1-hodgesd@meta.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-FB-Internal: Safe X-Authority-Analysis: v=2.4 cv=eu3SD4pX c=1 sm=1 tr=0 ts=69836ab2 cx=c_pps a=CB4LiSf2rd0gKozIdrpkBw==:117 a=CB4LiSf2rd0gKozIdrpkBw==:17 a=kj9zAlcOel0A:10 a=HzLeVaNsDn8A:10 a=VkNPw1HP01LnGYTKEx00:22 a=VabnemYjAAAA:8 a=tRd023x4sL2B9Mxxro0A:9 a=CjuIK1q_8ugA:10 a=gKebqoRLp9LExxC7YDUY:22 X-Proofpoint-GUID: xfJZ0eCmyez2ZhlPvSZq-n4dOZwy33g3 X-Proofpoint-ORIG-GUID: xfJZ0eCmyez2ZhlPvSZq-n4dOZwy33g3 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjA0MDExOSBTYWx0ZWRfX4f54Sv1IwKjM f1qOaBDhzoy6g7GJfc1pLpjnspgqZO4uSGiFGhohBWFghzdfyqiSgPk/1exhknM7EFv1fBQRaN1 vaOKFiCt7ysaFFiad+1gs8rmy2io31bb5QkEJvU+64+WeZXikFOibnmKRJlNjFUak3hTEXbXMWP KdzQrHyPbnrOpBBmhCW7Zdl2f3gLF2TZsssPEk9q5MWRdQzrgbO+m/W25iYhJy90XyPibity4Gk aawZ8XFmkSYBZwaztwSVD9KvSAFkGEgrd/5rMr0Po22jqgfuMPLq8fabpAe6NJq5ILMWW57RBKi nXq4Xe7bE8K+0MyfYfbi5miBqqpt4ClAojxgkrHym7kaC48+CkiixFwIjjdnrD02UZ7zdz0GHNh bbC/Xry1ggkVnRe2bEBDiTC/oBeTpN6xFqSxeLqCrvmAI/gcDiyD0pdv8MjYjRPKWh4uuE9Cahy /ajdGRegajhy4fax+5g== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-04_04,2026-02-04_01,2025-10-01_01 On Wed, Feb 04, 2026 at 01:50:29PM +0100, Roberto Sassu wrote: > On Sat, 2026-01-31 at 10:22 -0800, Daniel Hodges wrote: > > The crypto_shash_update() and crypto_shash_final() functions can fail > > and return error codes, but their return values were being ignored in > > several places in evm_crypto.c: > > > > - hmac_add_misc(): ignores returns from crypto_shash_update() and > > crypto_shash_final() > > - evm_calc_hmac_or_hash(): ignores returns from crypto_shash_update() > > - evm_init_hmac(): ignores returns from crypto_shash_update() > > > > If these hash operations fail silently, the resulting HMAC could be > > invalid or incomplete. This could potentially allow integrity > > verification to pass with incorrect HMACs, weakening EVM's security > > guarantees. > > > > Fix this by: > > - Changing hmac_add_misc() from void to int return type > > - Checking and propagating error codes from all crypto_shash calls > > - Updating all callers to check the return values > > > > Fixes: 66dbc325afce ("evm: re-release") > > Signed-off-by: Daniel Hodges > > --- > > security/integrity/evm/evm_crypto.c | 45 +++++++++++++++++++---------- > > 1 file changed, 30 insertions(+), 15 deletions(-) > > > > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c > > index a5e730ffda57..286f23a1a26b 100644 > > --- a/security/integrity/evm/evm_crypto.c > > +++ b/security/integrity/evm/evm_crypto.c > > @@ -132,58 +132,65 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo) > > } > > return desc; > > } > > > > /* Protect against 'cutting & pasting' security.evm xattr, include inode > > * specific info. > > * > > * (Additional directory/file metadata needs to be added for more complete > > * protection.) > > */ > > -static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, > > - char type, char *digest) > > +static int hmac_add_misc(struct shash_desc *desc, struct inode *inode, > > + char type, char *digest) > > { > > struct h_misc { > > unsigned long ino; > > __u32 generation; > > uid_t uid; > > gid_t gid; > > umode_t mode; > > } hmac_misc; > > + int ret; > > > > memset(&hmac_misc, 0, sizeof(hmac_misc)); > > /* Don't include the inode or generation number in portable > > * signatures > > */ > > if (type != EVM_XATTR_PORTABLE_DIGSIG) { > > hmac_misc.ino = inode->i_ino; > > hmac_misc.generation = inode->i_generation; > > } > > /* The hmac uid and gid must be encoded in the initial user > > * namespace (not the filesystems user namespace) as encoding > > * them in the filesystems user namespace allows an attack > > * where first they are written in an unprivileged fuse mount > > * of a filesystem and then the system is tricked to mount the > > * filesystem for real on next boot and trust it because > > * everything is signed. > > */ > > hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); > > hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); > > hmac_misc.mode = inode->i_mode; > > - crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); > > + ret = crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); > > + if (ret) > > + return ret; > > if ((evm_hmac_attrs & EVM_ATTR_FSUUID) && > > - type != EVM_XATTR_PORTABLE_DIGSIG) > > - crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE); > > - crypto_shash_final(desc, digest); > > + type != EVM_XATTR_PORTABLE_DIGSIG) { > > + ret = crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE); > > + if (ret) > > + return ret; > > + } > > + ret = crypto_shash_final(desc, digest); > > Maybe we should also indicate if an error occurred, with a separate > error message, or adding the result in the message below. > > Thanks > > Roberto That makes sense, I'll send a V2. I'm having trouble with my corporate email mail delivery so it might come from my personal email.