[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200608133249.GW19604@bombadil.infradead.org>
Date: Mon, 8 Jun 2020 06:32:49 -0700
From: Matthew Wilcox <willy@...radead.org>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: Scott Branden <scott.branden@...adcom.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Wolfram Sang <wsa@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
David Brown <david.brown@...aro.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Shuah Khan <shuah@...nel.org>, bjorn.andersson@...aro.org,
Shuah Khan <skhan@...uxfoundation.org>,
Arnd Bergmann <arnd@...db.de>,
"Rafael J . Wysocki" <rafael@...nel.org>,
linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
Olof Johansson <olof@...om.net>,
Andrew Morton <akpm@...ux-foundation.org>,
Dan Carpenter <dan.carpenter@...cle.com>,
Colin Ian King <colin.king@...onical.com>,
Kees Cook <keescook@...omium.org>,
Takashi Iwai <tiwai@...e.de>, linux-kselftest@...r.kernel.org,
Andy Gross <agross@...nel.org>,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
Christoph Hellwig <hch@...radead.org>
Subject: Re: [PATCH v7 1/8] fs: introduce kernel_pread_file* support
On Mon, Jun 08, 2020 at 09:22:06AM -0400, Mimi Zohar wrote:
> On Mon, 2020-06-08 at 06:16 -0700, Matthew Wilcox wrote:
> > On Mon, Jun 08, 2020 at 09:03:21AM -0400, Mimi Zohar wrote:
> > > With this new design of not using a private vmalloc, will the file
> > > data be accessible prior to the post security hooks? From an IMA
> > > perspective, the hooks are used for measuring and/or verifying the
> > > integrity of the file.
> >
> > File data is already accessible prior to the post security hooks.
> > Look how kernel_read_file works:
> >
> > ret = deny_write_access(file);
> > ret = security_kernel_read_file(file, id);
> > *buf = vmalloc(i_size);
> > bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
> > ret = security_kernel_post_read_file(file, *buf, i_size, id);
> >
> > kernel_read() will read the data into the page cache and then copy it
> > into the vmalloc'd buffer. There's nothing here to prevent read accesses
> > to the file.
>
> The post security hook needs to access to the file data in order to
> calculate the file hash. The question is whether prior to returning
> from kernel_read_file() the caller can access the file data.
Whether you copy the data (as today) or map it (as I'm proposing),
the data goes into the page cache. It's up to the security system to
block access to the page cache until it's been verified.
Powered by blists - more mailing lists