[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20181023213504.28905-18-igor.stoppa@huawei.com>
Date: Wed, 24 Oct 2018 00:35:04 +0300
From: Igor Stoppa <igor.stoppa@...il.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Kees Cook <keescook@...omium.org>,
Matthew Wilcox <willy@...radead.org>,
Dave Chinner <david@...morbit.com>,
James Morris <jmorris@...ei.org>,
Michal Hocko <mhocko@...nel.org>,
kernel-hardening@...ts.openwall.com,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org
Cc: igor.stoppa@...wei.com, Dave Hansen <dave.hansen@...ux.intel.com>,
Jonathan Corbet <corbet@....net>,
Laura Abbott <labbott@...hat.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
"Serge E. Hallyn" <serge@...lyn.com>, linux-kernel@...r.kernel.org
Subject: [PATCH 17/17] prmem: ima: turn the measurements list write rare
The measurement list is moved to write rare memory, including
related data structures.
Various boilerplate linux data structures and related functions are
replaced by their write-rare counterpart.
Signed-off-by: Igor Stoppa <igor.stoppa@...wei.com>
CC: Mimi Zohar <zohar@...ux.vnet.ibm.com>
CC: Dmitry Kasatkin <dmitry.kasatkin@...il.com>
CC: James Morris <jmorris@...ei.org>
CC: "Serge E. Hallyn" <serge@...lyn.com>
CC: linux-integrity@...r.kernel.org
CC: linux-kernel@...r.kernel.org
---
security/integrity/ima/ima.h | 18 ++++++++------
security/integrity/ima/ima_api.c | 29 +++++++++++++----------
security/integrity/ima/ima_fs.c | 12 +++++-----
security/integrity/ima/ima_main.c | 6 +++++
security/integrity/ima/ima_queue.c | 28 +++++++++++++---------
security/integrity/ima/ima_template.c | 14 ++++++-----
security/integrity/ima/ima_template_lib.c | 14 +++++++----
7 files changed, 74 insertions(+), 47 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 67db9d9454ca..5f5959753bf5 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -24,6 +24,8 @@
#include <linux/hash.h>
#include <linux/tpm.h>
#include <linux/audit.h>
+#include <linux/prlist.h>
+#include <linux/pratomic-long.h>
#include <crypto/hash_info.h>
#include "../integrity.h"
@@ -84,7 +86,7 @@ struct ima_template_field {
/* IMA template descriptor definition */
struct ima_template_desc {
- struct list_head list;
+ union prlist_head list;
char *name;
char *fmt;
int num_fields;
@@ -100,11 +102,13 @@ struct ima_template_entry {
};
struct ima_queue_entry {
- struct hlist_node hnext; /* place in hash collision list */
- struct list_head later; /* place in ima_measurements list */
+ union prhlist_node hnext; /* place in hash collision list */
+ union prlist_head later; /* place in ima_measurements list */
struct ima_template_entry *entry;
};
-extern struct list_head ima_measurements; /* list of all measurements */
+
+/* list of all measurements */
+extern union prlist_head ima_measurements __wr_after_init;
/* Some details preceding the binary serialized measurement list */
struct ima_kexec_hdr {
@@ -160,9 +164,9 @@ void ima_init_template_list(void);
extern spinlock_t ima_queue_lock;
struct ima_h_table {
- atomic_long_t len; /* number of stored measurements in the list */
- atomic_long_t violations;
- struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
+ struct pratomic_long_t len; /* # of measurements in the list */
+ struct pratomic_long_t violations;
+ union prhlist_head queue[IMA_MEASURE_HTABLE_SIZE];
};
extern struct ima_h_table ima_htable;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index a02c5acfd403..4fc28c2478b0 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -19,9 +19,12 @@
#include <linux/xattr.h>
#include <linux/evm.h>
#include <linux/iversion.h>
+#include <linux/prmemextra.h>
+#include <linux/pratomic-long.h>
#include "ima.h"
+extern struct pmalloc_pool ima_pool;
/*
* ima_free_template_entry - free an existing template entry
*/
@@ -29,10 +32,10 @@ void ima_free_template_entry(struct ima_template_entry *entry)
{
int i;
- for (i = 0; i < entry->template_desc->num_fields; i++)
- kfree(entry->template_data[i].data);
+// for (i = 0; i < entry->template_desc->num_fields; i++)
+// kfree(entry->template_data[i].data);
- kfree(entry);
+// kfree(entry);
}
/*
@@ -44,12 +47,13 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
struct ima_template_desc *template_desc = ima_template_desc_current();
int i, result = 0;
- *entry = kzalloc(sizeof(**entry) + template_desc->num_fields *
- sizeof(struct ima_field_data), GFP_NOFS);
+ *entry = pzalloc(&ima_pool,
+ sizeof(**entry) + template_desc->num_fields *
+ sizeof(struct ima_field_data));
if (!*entry)
return -ENOMEM;
- (*entry)->template_desc = template_desc;
+ wr_ptr(&((*entry)->template_desc), template_desc);
for (i = 0; i < template_desc->num_fields; i++) {
struct ima_template_field *field = template_desc->fields[i];
u32 len;
@@ -59,9 +63,10 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
if (result != 0)
goto out;
- len = (*entry)->template_data[i].len;
- (*entry)->template_data_len += sizeof(len);
- (*entry)->template_data_len += len;
+ len = (*entry)->template_data_len + sizeof(len) +
+ (*entry)->template_data[i].len;
+ wr_memcpy(&(*entry)->template_data_len, &len,
+ sizeof(len));
}
return 0;
out:
@@ -113,9 +118,9 @@ int ima_store_template(struct ima_template_entry *entry,
audit_cause, result, 0);
return result;
}
- memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
+ wr_memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
}
- entry->pcr = pcr;
+ wr_int(&entry->pcr, pcr);
result = ima_add_template_entry(entry, violation, op, inode, filename);
return result;
}
@@ -139,7 +144,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
int result;
/* can overflow, only indicator */
- atomic_long_inc(&ima_htable.violations);
+ pratomic_long_inc(&ima_htable.violations);
result = ima_alloc_init_template(&event_data, &entry);
if (result < 0) {
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ae9d5c766a3c..ab20da1161c7 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -57,7 +57,8 @@ static ssize_t ima_show_htable_violations(struct file *filp,
char __user *buf,
size_t count, loff_t *ppos)
{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
+ return ima_show_htable_value(buf, count, ppos,
+ &ima_htable.violations.l);
}
static const struct file_operations ima_htable_violations_ops = {
@@ -69,8 +70,7 @@ static ssize_t ima_show_measurements_count(struct file *filp,
char __user *buf,
size_t count, loff_t *ppos)
{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
-
+ return ima_show_htable_value(buf, count, ppos, &ima_htable.len.l);
}
static const struct file_operations ima_measurements_count_ops = {
@@ -86,7 +86,7 @@ static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
/* we need a lock since pos could point beyond last element */
rcu_read_lock();
- list_for_each_entry_rcu(qe, &ima_measurements, later) {
+ list_for_each_entry_rcu(qe, &ima_measurements.list, later.list) {
if (!l--) {
rcu_read_unlock();
return qe;
@@ -303,7 +303,7 @@ static ssize_t ima_read_policy(char *path)
size -= rc;
}
- vfree(data);
+// vfree(data);
if (rc < 0)
return rc;
else if (size)
@@ -350,7 +350,7 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
}
mutex_unlock(&ima_write_mutex);
out_free:
- kfree(data);
+// kfree(data);
out:
if (result < 0)
valid_policy = 0;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2d31921fbda4..d52e59006781 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -29,6 +29,7 @@
#include <linux/ima.h>
#include <linux/iversion.h>
#include <linux/fs.h>
+#include <linux/prlist.h>
#include "ima.h"
@@ -536,10 +537,15 @@ int ima_load_data(enum kernel_load_data_id id)
return 0;
}
+struct pmalloc_pool ima_pool;
+
+#define IMA_POOL_ALLOC_CHUNK (16 * PAGE_SIZE)
static int __init init_ima(void)
{
int error;
+ pmalloc_init_custom_pool(&ima_pool, IMA_POOL_ALLOC_CHUNK, 3,
+ PMALLOC_MODE_START_WR);
ima_init_template_list();
hash_setup(CONFIG_IMA_DEFAULT_HASH);
error = ima_init();
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index b186819bd5aa..444c47b745d8 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -24,11 +24,14 @@
#include <linux/module.h>
#include <linux/rculist.h>
#include <linux/slab.h>
+#include <linux/prmemextra.h>
+#include <linux/prlist.h>
+#include <linux/pratomic-long.h>
#include "ima.h"
#define AUDIT_CAUSE_LEN_MAX 32
-LIST_HEAD(ima_measurements); /* list of all measurements */
+PRLIST_HEAD(ima_measurements); /* list of all measurements */
#ifdef CONFIG_IMA_KEXEC
static unsigned long binary_runtime_size;
#else
@@ -36,9 +39,9 @@ static unsigned long binary_runtime_size = ULONG_MAX;
#endif
/* key: inode (before secure-hashing a file) */
-struct ima_h_table ima_htable = {
- .len = ATOMIC_LONG_INIT(0),
- .violations = ATOMIC_LONG_INIT(0),
+struct ima_h_table ima_htable __wr_after_init = {
+ .len = PRATOMIC_LONG_INIT(0),
+ .violations = PRATOMIC_LONG_INIT(0),
.queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT
};
@@ -58,7 +61,7 @@ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value,
key = ima_hash_key(digest_value);
rcu_read_lock();
- hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) {
+ hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext.node) {
rc = memcmp(qe->entry->digest, digest_value, TPM_DIGEST_SIZE);
if ((rc == 0) && (qe->entry->pcr == pcr)) {
ret = qe;
@@ -87,6 +90,8 @@ static int get_binary_runtime_size(struct ima_template_entry *entry)
return size;
}
+extern struct pmalloc_pool ima_pool;
+
/* ima_add_template_entry helper function:
* - Add template entry to the measurement list and hash table, for
* all entries except those carried across kexec.
@@ -99,20 +104,21 @@ static int ima_add_digest_entry(struct ima_template_entry *entry,
struct ima_queue_entry *qe;
unsigned int key;
- qe = kmalloc(sizeof(*qe), GFP_KERNEL);
+ qe = pmalloc(&ima_pool, sizeof(*qe));
if (qe == NULL) {
pr_err("OUT OF MEMORY ERROR creating queue entry\n");
return -ENOMEM;
}
- qe->entry = entry;
+ wr_ptr(&qe->entry, entry);
+ INIT_PRLIST_HEAD(&qe->later);
+ prlist_add_tail_rcu(&qe->later, &ima_measurements);
+
- INIT_LIST_HEAD(&qe->later);
- list_add_tail_rcu(&qe->later, &ima_measurements);
+ pratomic_long_inc(&ima_htable.len);
- atomic_long_inc(&ima_htable.len);
if (update_htable) {
key = ima_hash_key(entry->digest);
- hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
+ prhlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
}
if (binary_runtime_size != ULONG_MAX) {
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 30db39b23804..40ae57a17d89 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -22,14 +22,15 @@
enum header_fields { HDR_PCR, HDR_DIGEST, HDR_TEMPLATE_NAME,
HDR_TEMPLATE_DATA, HDR__LAST };
-static struct ima_template_desc builtin_templates[] = {
+static struct ima_template_desc builtin_templates[] __wr_after_init = {
{.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
{.name = "ima-ng", .fmt = "d-ng|n-ng"},
{.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
{.name = "", .fmt = ""}, /* placeholder for a custom format */
};
-static LIST_HEAD(defined_templates);
+static PRLIST_HEAD(defined_templates);
+
static DEFINE_SPINLOCK(template_list);
static struct ima_template_field supported_fields[] = {
@@ -114,7 +115,8 @@ static struct ima_template_desc *lookup_template_desc(const char *name)
int found = 0;
rcu_read_lock();
- list_for_each_entry_rcu(template_desc, &defined_templates, list) {
+ list_for_each_entry_rcu(template_desc, &defined_templates.list,
+ list.list) {
if ((strcmp(template_desc->name, name) == 0) ||
(strcmp(template_desc->fmt, name) == 0)) {
found = 1;
@@ -207,12 +209,12 @@ void ima_init_template_list(void)
{
int i;
- if (!list_empty(&defined_templates))
+ if (!list_empty(&defined_templates.list))
return;
spin_lock(&template_list);
for (i = 0; i < ARRAY_SIZE(builtin_templates); i++) {
- list_add_tail_rcu(&builtin_templates[i].list,
+ prlist_add_tail_rcu(&builtin_templates[i].list,
&defined_templates);
}
spin_unlock(&template_list);
@@ -266,7 +268,7 @@ static struct ima_template_desc *restore_template_fmt(char *template_name)
goto out;
spin_lock(&template_list);
- list_add_tail_rcu(&template_desc->list, &defined_templates);
+ prlist_add_tail_rcu(&template_desc->list, &defined_templates);
spin_unlock(&template_list);
out:
return template_desc;
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 43752002c222..a6d10eabf0e5 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -15,8 +15,12 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/printk.h>
+#include <linux/prmemextra.h>
#include "ima_template_lib.h"
+extern struct pmalloc_pool ima_pool;
+
static bool ima_template_hash_algo_allowed(u8 algo)
{
if (algo == HASH_ALGO_SHA1 || algo == HASH_ALGO_MD5)
@@ -42,11 +46,11 @@ static int ima_write_template_field_data(const void *data, const u32 datalen,
if (datafmt == DATA_FMT_STRING)
buflen = datalen + 1;
- buf = kzalloc(buflen, GFP_KERNEL);
+ buf = pzalloc(&ima_pool, buflen);
if (!buf)
return -ENOMEM;
- memcpy(buf, data, datalen);
+ wr_memcpy(buf, data, datalen);
/*
* Replace all space characters with underscore for event names and
@@ -58,11 +62,11 @@ static int ima_write_template_field_data(const void *data, const u32 datalen,
if (datafmt == DATA_FMT_STRING) {
for (buf_ptr = buf; buf_ptr - buf < datalen; buf_ptr++)
if (*buf_ptr == ' ')
- *buf_ptr = '_';
+ wr_char(buf_ptr, '_');
}
- field_data->data = buf;
- field_data->len = buflen;
+ wr_ptr(&field_data->data, buf);
+ wr_memcpy(&field_data->len, &buflen, sizeof(buflen));
return 0;
}
--
2.17.1
Powered by blists - more mailing lists