diff options
| author | James Morris <james.morris@microsoft.com> | 2018-10-18 20:20:08 -0400 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2018-10-18 20:20:08 -0400 |
| commit | 85a585918fb4122ad26b6febaec5c3c90bf2535c (patch) | |
| tree | 1d228acd4b740bfb291d84c553ecd641ee2ca2ff | |
| parent | 3f6caaf5ff33073ca1a3a0b82edacab3c57c38f9 (diff) | |
| parent | 13523bef1e2154b6d02836cd0f6c0ffc89b2eae6 (diff) | |
Merge tag 'loadpin-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-loadpin
LoadPin: report improvement and parameter renaming
- Report human-readable device name during init
- Change boot parameter and Kconfig "enabled" to "enforce"
| -rw-r--r-- | security/loadpin/Kconfig | 4 | ||||
| -rw-r--r-- | security/loadpin/loadpin.c | 26 |
2 files changed, 17 insertions, 13 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig index dd01aa91e521..a0d70d82b98e 100644 --- a/security/loadpin/Kconfig +++ b/security/loadpin/Kconfig | |||
| @@ -10,10 +10,10 @@ config SECURITY_LOADPIN | |||
| 10 | have a root filesystem backed by a read-only device such as | 10 | have a root filesystem backed by a read-only device such as |
| 11 | dm-verity or a CDROM. | 11 | dm-verity or a CDROM. |
| 12 | 12 | ||
| 13 | config SECURITY_LOADPIN_ENABLED | 13 | config SECURITY_LOADPIN_ENFORCE |
| 14 | bool "Enforce LoadPin at boot" | 14 | bool "Enforce LoadPin at boot" |
| 15 | depends on SECURITY_LOADPIN | 15 | depends on SECURITY_LOADPIN |
| 16 | help | 16 | help |
| 17 | If selected, LoadPin will enforce pinning at boot. If not | 17 | If selected, LoadPin will enforce pinning at boot. If not |
| 18 | selected, it can be enabled at boot with the kernel parameter | 18 | selected, it can be enabled at boot with the kernel parameter |
| 19 | "loadpin.enabled=1". | 19 | "loadpin.enforce=1". |
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 0716af28808a..48f39631b370 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c | |||
| @@ -44,7 +44,7 @@ static void report_load(const char *origin, struct file *file, char *operation) | |||
| 44 | kfree(pathname); | 44 | kfree(pathname); |
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | static int enabled = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENABLED); | 47 | static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE); |
| 48 | static struct super_block *pinned_root; | 48 | static struct super_block *pinned_root; |
| 49 | static DEFINE_SPINLOCK(pinned_root_spinlock); | 49 | static DEFINE_SPINLOCK(pinned_root_spinlock); |
| 50 | 50 | ||
| @@ -60,8 +60,8 @@ static struct ctl_path loadpin_sysctl_path[] = { | |||
| 60 | 60 | ||
| 61 | static struct ctl_table loadpin_sysctl_table[] = { | 61 | static struct ctl_table loadpin_sysctl_table[] = { |
| 62 | { | 62 | { |
| 63 | .procname = "enabled", | 63 | .procname = "enforce", |
| 64 | .data = &enabled, | 64 | .data = &enforce, |
| 65 | .maxlen = sizeof(int), | 65 | .maxlen = sizeof(int), |
| 66 | .mode = 0644, | 66 | .mode = 0644, |
| 67 | .proc_handler = proc_dointvec_minmax, | 67 | .proc_handler = proc_dointvec_minmax, |
| @@ -84,8 +84,11 @@ static void check_pinning_enforcement(struct super_block *mnt_sb) | |||
| 84 | * device, allow sysctl to change modes for testing. | 84 | * device, allow sysctl to change modes for testing. |
| 85 | */ | 85 | */ |
| 86 | if (mnt_sb->s_bdev) { | 86 | if (mnt_sb->s_bdev) { |
| 87 | char bdev[BDEVNAME_SIZE]; | ||
| 88 | |||
| 87 | ro = bdev_read_only(mnt_sb->s_bdev); | 89 | ro = bdev_read_only(mnt_sb->s_bdev); |
| 88 | pr_info("dev(%u,%u): %s\n", | 90 | bdevname(mnt_sb->s_bdev, bdev); |
| 91 | pr_info("%s (%u:%u): %s\n", bdev, | ||
| 89 | MAJOR(mnt_sb->s_bdev->bd_dev), | 92 | MAJOR(mnt_sb->s_bdev->bd_dev), |
| 90 | MINOR(mnt_sb->s_bdev->bd_dev), | 93 | MINOR(mnt_sb->s_bdev->bd_dev), |
| 91 | ro ? "read-only" : "writable"); | 94 | ro ? "read-only" : "writable"); |
| @@ -97,7 +100,7 @@ static void check_pinning_enforcement(struct super_block *mnt_sb) | |||
| 97 | loadpin_sysctl_table)) | 100 | loadpin_sysctl_table)) |
| 98 | pr_notice("sysctl registration failed!\n"); | 101 | pr_notice("sysctl registration failed!\n"); |
| 99 | else | 102 | else |
| 100 | pr_info("load pinning can be disabled.\n"); | 103 | pr_info("enforcement can be disabled.\n"); |
| 101 | } else | 104 | } else |
| 102 | pr_info("load pinning engaged.\n"); | 105 | pr_info("load pinning engaged.\n"); |
| 103 | } | 106 | } |
| @@ -128,7 +131,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) | |||
| 128 | 131 | ||
| 129 | /* This handles the older init_module API that has a NULL file. */ | 132 | /* This handles the older init_module API that has a NULL file. */ |
| 130 | if (!file) { | 133 | if (!file) { |
| 131 | if (!enabled) { | 134 | if (!enforce) { |
| 132 | report_load(origin, NULL, "old-api-pinning-ignored"); | 135 | report_load(origin, NULL, "old-api-pinning-ignored"); |
| 133 | return 0; | 136 | return 0; |
| 134 | } | 137 | } |
| @@ -151,7 +154,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) | |||
| 151 | * Unlock now since it's only pinned_root we care about. | 154 | * Unlock now since it's only pinned_root we care about. |
| 152 | * In the worst case, we will (correctly) report pinning | 155 | * In the worst case, we will (correctly) report pinning |
| 153 | * failures before we have announced that pinning is | 156 | * failures before we have announced that pinning is |
| 154 | * enabled. This would be purely cosmetic. | 157 | * enforcing. This would be purely cosmetic. |
| 155 | */ | 158 | */ |
| 156 | spin_unlock(&pinned_root_spinlock); | 159 | spin_unlock(&pinned_root_spinlock); |
| 157 | check_pinning_enforcement(pinned_root); | 160 | check_pinning_enforcement(pinned_root); |
| @@ -161,7 +164,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) | |||
| 161 | } | 164 | } |
| 162 | 165 | ||
| 163 | if (IS_ERR_OR_NULL(pinned_root) || load_root != pinned_root) { | 166 | if (IS_ERR_OR_NULL(pinned_root) || load_root != pinned_root) { |
| 164 | if (unlikely(!enabled)) { | 167 | if (unlikely(!enforce)) { |
| 165 | report_load(origin, file, "pinning-ignored"); | 168 | report_load(origin, file, "pinning-ignored"); |
| 166 | return 0; | 169 | return 0; |
| 167 | } | 170 | } |
| @@ -186,10 +189,11 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { | |||
| 186 | 189 | ||
| 187 | void __init loadpin_add_hooks(void) | 190 | void __init loadpin_add_hooks(void) |
| 188 | { | 191 | { |
| 189 | pr_info("ready to pin (currently %sabled)", enabled ? "en" : "dis"); | 192 | pr_info("ready to pin (currently %senforcing)\n", |
| 193 | enforce ? "" : "not "); | ||
| 190 | security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); | 194 | security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); |
| 191 | } | 195 | } |
| 192 | 196 | ||
| 193 | /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ | 197 | /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ |
| 194 | module_param(enabled, int, 0); | 198 | module_param(enforce, int, 0); |
| 195 | MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)"); | 199 | MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); |