diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-11-19 12:39:22 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-02-21 09:03:44 -0500 |
| commit | e40ba6d56b41754b37b995dbc8035b2b3a6afd8a (patch) | |
| tree | 0bbc573dde5374e434d6acd883b330f92645bfe2 /security | |
| parent | 09596b94f7d28595602482e69ed954deab707437 (diff) | |
firmware: replace call to fw_read_file_contents() with kernel version
Replace the fw_read_file_contents with kernel_file_read_from_path().
Although none of the upstreamed LSMs define a kernel_fw_from_file hook,
IMA is called by the security function to prevent unsigned firmware from
being loaded and to measure/appraise signed firmware, based on policy.
Instead of reading the firmware twice, once for measuring/appraising the
firmware and again for reading the firmware contents into memory, the
kernel_post_read_file() security hook calculates the file hash based on
the in memory file buffer. The firmware is read once.
This patch removes the LSM kernel_fw_from_file() hook and security call.
Changelog v4+:
- revert dropped buf->size assignment - reported by Sergey Senozhatsky
v3:
- remove kernel_fw_from_file hook
- use kernel_file_read_from_path() - requested by Luis
v2:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Luis R. Rodriguez <mcgrof@kernel.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 21 | ||||
| -rw-r--r-- | security/security.c | 13 |
2 files changed, 10 insertions, 24 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 757765354158..e9651be17b72 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -337,17 +337,6 @@ int ima_module_check(struct file *file) | |||
| 337 | return process_measurement(file, NULL, 0, MAY_EXEC, MODULE_CHECK, 0); | 337 | return process_measurement(file, NULL, 0, MAY_EXEC, MODULE_CHECK, 0); |
| 338 | } | 338 | } |
| 339 | 339 | ||
| 340 | int ima_fw_from_file(struct file *file, char *buf, size_t size) | ||
| 341 | { | ||
| 342 | if (!file) { | ||
| 343 | if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && | ||
| 344 | (ima_appraise & IMA_APPRAISE_ENFORCE)) | ||
| 345 | return -EACCES; /* INTEGRITY_UNKNOWN */ | ||
| 346 | return 0; | ||
| 347 | } | ||
| 348 | return process_measurement(file, NULL, 0, MAY_EXEC, FIRMWARE_CHECK, 0); | ||
| 349 | } | ||
| 350 | |||
| 351 | /** | 340 | /** |
| 352 | * ima_post_read_file - in memory collect/appraise/audit measurement | 341 | * ima_post_read_file - in memory collect/appraise/audit measurement |
| 353 | * @file: pointer to the file to be measured/appraised/audit | 342 | * @file: pointer to the file to be measured/appraised/audit |
| @@ -366,12 +355,22 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, | |||
| 366 | { | 355 | { |
| 367 | enum ima_hooks func = FILE_CHECK; | 356 | enum ima_hooks func = FILE_CHECK; |
| 368 | 357 | ||
| 358 | if (!file && read_id == READING_FIRMWARE) { | ||
| 359 | if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && | ||
| 360 | (ima_appraise & IMA_APPRAISE_ENFORCE)) | ||
| 361 | return -EACCES; /* INTEGRITY_UNKNOWN */ | ||
| 362 | return 0; | ||
| 363 | } | ||
| 364 | |||
| 369 | if (!file || !buf || size == 0) { /* should never happen */ | 365 | if (!file || !buf || size == 0) { /* should never happen */ |
| 370 | if (ima_appraise & IMA_APPRAISE_ENFORCE) | 366 | if (ima_appraise & IMA_APPRAISE_ENFORCE) |
| 371 | return -EACCES; | 367 | return -EACCES; |
| 372 | return 0; | 368 | return 0; |
| 373 | } | 369 | } |
| 374 | 370 | ||
| 371 | if (read_id == READING_FIRMWARE) | ||
| 372 | func = FIRMWARE_CHECK; | ||
| 373 | |||
| 375 | return process_measurement(file, buf, size, MAY_READ, func, 0); | 374 | return process_measurement(file, buf, size, MAY_READ, func, 0); |
| 376 | } | 375 | } |
| 377 | 376 | ||
diff --git a/security/security.c b/security/security.c index ef4c65a9fd17..cd85be61c416 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -884,17 +884,6 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode) | |||
| 884 | return call_int_hook(kernel_create_files_as, 0, new, inode); | 884 | return call_int_hook(kernel_create_files_as, 0, new, inode); |
| 885 | } | 885 | } |
| 886 | 886 | ||
| 887 | int security_kernel_fw_from_file(struct file *file, char *buf, size_t size) | ||
| 888 | { | ||
| 889 | int ret; | ||
| 890 | |||
| 891 | ret = call_int_hook(kernel_fw_from_file, 0, file, buf, size); | ||
| 892 | if (ret) | ||
| 893 | return ret; | ||
| 894 | return ima_fw_from_file(file, buf, size); | ||
| 895 | } | ||
| 896 | EXPORT_SYMBOL_GPL(security_kernel_fw_from_file); | ||
| 897 | |||
| 898 | int security_kernel_module_request(char *kmod_name) | 887 | int security_kernel_module_request(char *kmod_name) |
| 899 | { | 888 | { |
| 900 | return call_int_hook(kernel_module_request, 0, kmod_name); | 889 | return call_int_hook(kernel_module_request, 0, kmod_name); |
| @@ -1703,8 +1692,6 @@ struct security_hook_heads security_hook_heads = { | |||
| 1703 | LIST_HEAD_INIT(security_hook_heads.kernel_act_as), | 1692 | LIST_HEAD_INIT(security_hook_heads.kernel_act_as), |
| 1704 | .kernel_create_files_as = | 1693 | .kernel_create_files_as = |
| 1705 | LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as), | 1694 | LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as), |
| 1706 | .kernel_fw_from_file = | ||
| 1707 | LIST_HEAD_INIT(security_hook_heads.kernel_fw_from_file), | ||
| 1708 | .kernel_module_request = | 1695 | .kernel_module_request = |
| 1709 | LIST_HEAD_INIT(security_hook_heads.kernel_module_request), | 1696 | LIST_HEAD_INIT(security_hook_heads.kernel_module_request), |
| 1710 | .kernel_module_from_file = | 1697 | .kernel_module_from_file = |