diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-05-12 09:28:11 -0400 |
---|---|---|
committer | Serge Hallyn <serge.hallyn@ubuntu.com> | 2014-06-03 15:21:50 -0400 |
commit | f9b2a735bdddf836214b5dca74f6ca7712e5a08c (patch) | |
tree | c4793e07a83230143e3490dc274ad2c9883d980c /security | |
parent | ed1c96429a6aa6ffd8c4ee3e80bcde28aad270bc (diff) |
ima: audit log files opened with O_DIRECT flag
Files are measured or appraised based on the IMA policy. When a
file, in policy, is opened with the O_DIRECT flag, a deadlock
occurs.
The first attempt at resolving this lockdep temporarily removed the
O_DIRECT flag and restored it, after calculating the hash. The
second attempt introduced the O_DIRECT_HAVELOCK flag. Based on this
flag, do_blockdev_direct_IO() would skip taking the i_mutex a second
time. The third attempt, by Dmitry Kasatkin, resolves the i_mutex
locking issue, by re-introducing the IMA mutex, but uncovered
another problem. Reading a file with O_DIRECT flag set, writes
directly to userspace pages. A second patch allocates a user-space
like memory. This works for all IMA hooks, except ima_file_free(),
which is called on __fput() to recalculate the file hash.
Until this last issue is addressed, do not 'collect' the
measurement for measuring, appraising, or auditing files opened
with the O_DIRECT flag set. Based on policy, permit or deny file
access. This patch defines a new IMA policy rule option named
'permit_directio'. Policy rules could be defined, based on LSM
or other criteria, to permit specific applications to open files
with the O_DIRECT flag set.
Changelog v1:
- permit or deny file access based IMA policy rules
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Cc: <stable@vger.kernel.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_api.c | 10 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 5 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 6 | ||||
-rw-r--r-- | security/integrity/integrity.h | 1 |
4 files changed, 19 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index ba9e4d792dd5..d9cd5ce14d2b 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
@@ -199,6 +199,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, | |||
199 | struct evm_ima_xattr_data **xattr_value, | 199 | struct evm_ima_xattr_data **xattr_value, |
200 | int *xattr_len) | 200 | int *xattr_len) |
201 | { | 201 | { |
202 | const char *audit_cause = "failed"; | ||
202 | struct inode *inode = file_inode(file); | 203 | struct inode *inode = file_inode(file); |
203 | const char *filename = file->f_dentry->d_name.name; | 204 | const char *filename = file->f_dentry->d_name.name; |
204 | int result = 0; | 205 | int result = 0; |
@@ -213,6 +214,12 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, | |||
213 | if (!(iint->flags & IMA_COLLECTED)) { | 214 | if (!(iint->flags & IMA_COLLECTED)) { |
214 | u64 i_version = file_inode(file)->i_version; | 215 | u64 i_version = file_inode(file)->i_version; |
215 | 216 | ||
217 | if (file->f_flags & O_DIRECT) { | ||
218 | audit_cause = "failed(directio)"; | ||
219 | result = -EACCES; | ||
220 | goto out; | ||
221 | } | ||
222 | |||
216 | /* use default hash algorithm */ | 223 | /* use default hash algorithm */ |
217 | hash.hdr.algo = ima_hash_algo; | 224 | hash.hdr.algo = ima_hash_algo; |
218 | 225 | ||
@@ -233,9 +240,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, | |||
233 | result = -ENOMEM; | 240 | result = -ENOMEM; |
234 | } | 241 | } |
235 | } | 242 | } |
243 | out: | ||
236 | if (result) | 244 | if (result) |
237 | integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, | 245 | integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, |
238 | filename, "collect_data", "failed", | 246 | filename, "collect_data", audit_cause, |
239 | result, 0); | 247 | result, 0); |
240 | return result; | 248 | return result; |
241 | } | 249 | } |
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 52ac6cf41f88..dcc98cf542d8 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
@@ -214,8 +214,11 @@ static int process_measurement(struct file *file, const char *filename, | |||
214 | xattr_ptr = &xattr_value; | 214 | xattr_ptr = &xattr_value; |
215 | 215 | ||
216 | rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len); | 216 | rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len); |
217 | if (rc != 0) | 217 | if (rc != 0) { |
218 | if (file->f_flags & O_DIRECT) | ||
219 | rc = (iint->flags & IMA_PERMIT_DIRECTIO) ? 0 : -EACCES; | ||
218 | goto out_digsig; | 220 | goto out_digsig; |
221 | } | ||
219 | 222 | ||
220 | pathname = filename ?: ima_d_path(&file->f_path, &pathbuf); | 223 | pathname = filename ?: ima_d_path(&file->f_path, &pathbuf); |
221 | 224 | ||
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 93873a450ff7..40a7488f6721 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -353,7 +353,7 @@ enum { | |||
353 | Opt_obj_user, Opt_obj_role, Opt_obj_type, | 353 | Opt_obj_user, Opt_obj_role, Opt_obj_type, |
354 | Opt_subj_user, Opt_subj_role, Opt_subj_type, | 354 | Opt_subj_user, Opt_subj_role, Opt_subj_type, |
355 | Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, | 355 | Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, |
356 | Opt_appraise_type, Opt_fsuuid | 356 | Opt_appraise_type, Opt_fsuuid, Opt_permit_directio |
357 | }; | 357 | }; |
358 | 358 | ||
359 | static match_table_t policy_tokens = { | 359 | static match_table_t policy_tokens = { |
@@ -375,6 +375,7 @@ static match_table_t policy_tokens = { | |||
375 | {Opt_uid, "uid=%s"}, | 375 | {Opt_uid, "uid=%s"}, |
376 | {Opt_fowner, "fowner=%s"}, | 376 | {Opt_fowner, "fowner=%s"}, |
377 | {Opt_appraise_type, "appraise_type=%s"}, | 377 | {Opt_appraise_type, "appraise_type=%s"}, |
378 | {Opt_permit_directio, "permit_directio"}, | ||
378 | {Opt_err, NULL} | 379 | {Opt_err, NULL} |
379 | }; | 380 | }; |
380 | 381 | ||
@@ -622,6 +623,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) | |||
622 | else | 623 | else |
623 | result = -EINVAL; | 624 | result = -EINVAL; |
624 | break; | 625 | break; |
626 | case Opt_permit_directio: | ||
627 | entry->flags |= IMA_PERMIT_DIRECTIO; | ||
628 | break; | ||
625 | case Opt_err: | 629 | case Opt_err: |
626 | ima_log_string(ab, "UNKNOWN", p); | 630 | ima_log_string(ab, "UNKNOWN", p); |
627 | result = -EINVAL; | 631 | result = -EINVAL; |
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 2fb5e53e927f..33c0a70f6b15 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h | |||
@@ -30,6 +30,7 @@ | |||
30 | #define IMA_ACTION_FLAGS 0xff000000 | 30 | #define IMA_ACTION_FLAGS 0xff000000 |
31 | #define IMA_DIGSIG 0x01000000 | 31 | #define IMA_DIGSIG 0x01000000 |
32 | #define IMA_DIGSIG_REQUIRED 0x02000000 | 32 | #define IMA_DIGSIG_REQUIRED 0x02000000 |
33 | #define IMA_PERMIT_DIRECTIO 0x04000000 | ||
33 | 34 | ||
34 | #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ | 35 | #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ |
35 | IMA_APPRAISE_SUBMASK) | 36 | IMA_APPRAISE_SUBMASK) |