| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <509ea86d324445b59bedd4a93015d7c3@huawei.com>
Date: Tue, 15 Feb 2022 16:20:17 +0000
From: Roberto Sassu <roberto.sassu@...wei.com>
To: Shuah Khan <skhan@...uxfoundation.org>,
"zohar@...ux.ibm.com" <zohar@...ux.ibm.com>,
"shuah@...nel.org" <shuah@...nel.org>,
"ast@...nel.org" <ast@...nel.org>,
"daniel@...earbox.net" <daniel@...earbox.net>,
"andrii@...nel.org" <andrii@...nel.org>,
"kpsingh@...nel.org" <kpsingh@...nel.org>,
"revest@...omium.org" <revest@...omium.org>
CC: "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 6/6] selftests/bpf: Add test for
bpf_lsm_kernel_read_file()
> From: Shuah Khan [mailto:skhan@...uxfoundation.org]
> Sent: Tuesday, February 15, 2022 5:11 PM
> On 2/15/22 5:40 AM, Roberto Sassu wrote:
> > Test the ability of bpf_lsm_kernel_read_file() to call the sleepable
> > functions bpf_ima_inode_hash() or bpf_ima_file_hash() to obtain a
> > measurement of a loaded IMA policy.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> > ---
> > tools/testing/selftests/bpf/ima_setup.sh | 2 ++
> > .../selftests/bpf/prog_tests/test_ima.c | 3 +-
> > tools/testing/selftests/bpf/progs/ima.c | 28 ++++++++++++++++---
> > 3 files changed, 28 insertions(+), 5 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/ima_setup.sh
> b/tools/testing/selftests/bpf/ima_setup.sh
> > index 8e62581113a3..82530f19f85a 100755
> > --- a/tools/testing/selftests/bpf/ima_setup.sh
> > +++ b/tools/testing/selftests/bpf/ima_setup.sh
> > @@ -51,6 +51,7 @@ setup()
> >
> > ensure_mount_securityfs
> > echo "measure func=BPRM_CHECK fsuuid=${mount_uuid}" >
> ${IMA_POLICY_FILE}
> > + echo "measure func=BPRM_CHECK fsuuid=${mount_uuid}" >
> ${mount_dir}/policy_test
> > }
> >
> > cleanup() {
> > @@ -74,6 +75,7 @@ run()
> > local mount_dir="${tmp_dir}/mnt"
> > local copied_bin_path="${mount_dir}/$(basename ${TEST_BINARY})"
> >
> > + echo ${mount_dir}/policy_test > ${IMA_POLICY_FILE}
> > exec "${copied_bin_path}"
> > }
> >
> > diff --git a/tools/testing/selftests/bpf/prog_tests/test_ima.c
> b/tools/testing/selftests/bpf/prog_tests/test_ima.c
> > index 62bf0e830453..c4a62d7b70df 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/test_ima.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/test_ima.c
> > @@ -97,8 +97,9 @@ void test_test_ima(void)
> > /*
> > * 1 sample with use_ima_file_hash = false
> > * 2 samples with use_ima_file_hash = true (./ima_setup.sh, /bin/true)
> > + * 1 sample with use_ima_file_hash = true (IMA policy)
> > */
> > - ASSERT_EQ(err, 3, "num_samples_or_err");
> > + ASSERT_EQ(err, 4, "num_samples_or_err");
> > ASSERT_NEQ(ima_hash_from_bpf, 0, "ima_hash");
> >
> > close_clean:
> > diff --git a/tools/testing/selftests/bpf/progs/ima.c
> b/tools/testing/selftests/bpf/progs/ima.c
> > index 9bb63f96cfc0..9b4c03f30a1c 100644
> > --- a/tools/testing/selftests/bpf/progs/ima.c
> > +++ b/tools/testing/selftests/bpf/progs/ima.c
> > @@ -20,8 +20,7 @@ char _license[] SEC("license") = "GPL";
> >
> > bool use_ima_file_hash;
> >
> > -SEC("lsm.s/bprm_committed_creds")
> > -void BPF_PROG(ima, struct linux_binprm *bprm)
> > +static void ima_test_common(struct file *file)
> > {
> > u64 ima_hash = 0;
> > u64 *sample;
> > @@ -31,10 +30,10 @@ void BPF_PROG(ima, struct linux_binprm *bprm)
> > pid = bpf_get_current_pid_tgid() >> 32;
> > if (pid == monitored_pid) {
> > if (!use_ima_file_hash)
> > - ret = bpf_ima_inode_hash(bprm->file->f_inode,
> &ima_hash,
> > + ret = bpf_ima_inode_hash(file->f_inode, &ima_hash,
> > sizeof(ima_hash));
> > else
> > - ret = bpf_ima_file_hash(bprm->file, &ima_hash,
> > + ret = bpf_ima_file_hash(file, &ima_hash,
> > sizeof(ima_hash));
> > if (ret < 0 || ima_hash == 0)
>
> Is this considered an error? Does it make sense for this test to be
> void type and not return the error to its callers? One of the callers
> below seems to care for return values.
The user space side of the test (test_ima.c) seems to check the
number of samples obtained from the ring buffer. A failure here
would result in the sample not being sent to that component.
Another test, as you suggest, could be to ensure that the
kernel_read_file hook is able to deny operations. I would check
this in a separate test.
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Zhong Ronghua
> > return;
> > @@ -49,3 +48,24 @@ void BPF_PROG(ima, struct linux_binprm *bprm)
> >
> > return;
> > }
> > +
> > +SEC("lsm.s/bprm_committed_creds")
> > +void BPF_PROG(ima, struct linux_binprm *bprm)
> > +{
> > + ima_test_common(bprm->file);
> > +}
> > +
> > +SEC("lsm.s/kernel_read_file")
> > +int BPF_PROG(kernel_read_file, struct file *file, enum kernel_read_file_id id,
> > + bool contents)
> > +{
> > + if (!contents)
> > + return 0;
> > +
> > + if (id != READING_POLICY)
> > + return 0;
> > +
> > + ima_test_common(file);
>
> This one here.
>
> > +
> > + return 0;
> > +}
> >
>
> thanks,
> -- Shuah
Powered by blists - more mailing lists