lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1579179410.5857.21.camel@linux.ibm.com>
Date:   Thu, 16 Jan 2020 07:56:50 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
        linux-integrity@...r.kernel.org
Cc:     sashal@...nel.org, linux-kernel@...r.kernel.org,
        keyrings@...r.kernel.org
Subject: Re: [PATCH] IMA: pre-allocate keyrings string

Hi Laskhmi,

On Wed, 2020-01-15 at 19:15 -0800, Lakshmi Ramasubramanian wrote:
> ima_match_keyring() is called while holding rcu read lock.
> Since this function executes in atmomic context, it should
> not call any function that can sleep (such as kstrdup()).

Good catch!

> This patch pre-allocates a buffer to hold the keyrings
> string read from the IMA policy and uses that to check
> the given keyring in ima_match_keyring().

(Reminder: this patch description line length is a bit short.
 According to  Documentation/process/submitting-patches.rst, the patch
description line length should be line wrapped at 75 columns.)

> 
> Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
> Fixes: e9085e0ad38a ("IMA: Add support to limit measuring keys")
> ---

 
> @@ -1120,8 +1117,17 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
>  				result = -EINVAL;
>  				break;
>  			}
> +
> +			ima_keyrings = kstrdup(args[0].from, GFP_KERNEL);
> +			if (!ima_keyrings) {
> +				result = -ENOMEM;
> +				break;
> +			}


This would work for a single "key" measurement rule, but not for
multiple rules, where the last "keyrings" string is shorter than the
previous ones.  For example, in addition to the builtin trusted
keyrings, another rule could measure a keyring owned by a user.

measure func=KEY_CHECK template=ima-buf keyrings=.ima|.builtin_trusted_keys
measure func=KEY_CHECK uid=1000 template=ima-buf keyrings=_foo

Mimi

>  			entry->keyrings = kstrdup(args[0].from, GFP_KERNEL);
>  			if (!entry->keyrings) {
> +				kfree(ima_keyrings);
> +				ima_keyrings = NULL;
>  				result = -ENOMEM;
>  				break;
>  			}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ