<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-toradex.git/security/integrity/ima/ima_fs.c, branch v4.9.113</title>
<subtitle>Linux kernel for Apalis and Colibri modules</subtitle>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/'/>
<entry>
<title>ima: fix memory leak in ima_release_policy</title>
<updated>2017-01-12T10:39:30+00:00</updated>
<author>
<name>Eric Richter</name>
<email>erichte@linux.vnet.ibm.com</email>
</author>
<published>2016-10-13T22:47:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=825e6a0f7c51cc2c7e56604d2ea89c86aebef914'/>
<id>825e6a0f7c51cc2c7e56604d2ea89c86aebef914</id>
<content type='text'>
commit 9a11a18902bc3b904353063763d06480620245a6 upstream.

When the "policy" securityfs file is opened for read, it is opened as a
sequential file. However, when it is eventually released, there is no
cleanup for the sequential file, therefore some memory is leaked.

This patch adds a call to seq_release() in ima_release_policy() to clean up
the memory when the file is opened for read.

Fixes: 80eae209d63a IMA: allow reading back the current policy
Reported-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Eric Richter &lt;erichte@linux.vnet.ibm.com&gt;
Tested-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9a11a18902bc3b904353063763d06480620245a6 upstream.

When the "policy" securityfs file is opened for read, it is opened as a
sequential file. However, when it is eventually released, there is no
cleanup for the sequential file, therefore some memory is leaked.

This patch adds a call to seq_release() in ima_release_policy() to clean up
the memory when the file is opened for read.

Fixes: 80eae209d63a IMA: allow reading back the current policy
Reported-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Eric Richter &lt;erichte@linux.vnet.ibm.com&gt;
Tested-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ima: change ima_measurements_show() to display the entry specific pcr</title>
<updated>2016-06-30T05:14:21+00:00</updated>
<author>
<name>Eric Richter</name>
<email>erichte@linux.vnet.ibm.com</email>
</author>
<published>2016-06-01T18:14:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=5f6f027b50d8ed9f1ba4447aa5aed3a94b601fe8'/>
<id>5f6f027b50d8ed9f1ba4447aa5aed3a94b601fe8</id>
<content type='text'>
IMA assumes that the same default Kconfig PCR is extended for each
entry. This patch replaces the default configured PCR with the policy
defined PCR.

Signed-off-by: Eric Richter &lt;erichte@linux.vnet.ibm.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
IMA assumes that the same default Kconfig PCR is extended for each
entry. This patch replaces the default configured PCR with the policy
defined PCR.

Signed-off-by: Eric Richter &lt;erichte@linux.vnet.ibm.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: measure and appraise the IMA policy itself</title>
<updated>2016-02-21T14:34:22+00:00</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2016-01-15T15:17:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=19f8a84713edc1d27ea05be00effb97b8f1ef207'/>
<id>19f8a84713edc1d27ea05be00effb97b8f1ef207</id>
<content type='text'>
Add support for measuring and appraising the IMA policy itself.

Changelog v4:
- use braces on both if/else branches, even if single line on one of the
branches - Dmitry
- Use the id mapping - Dmitry

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Acked-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Acked-by: Dmitry Kasatkin &lt;dmitry.kasatkin@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add support for measuring and appraising the IMA policy itself.

Changelog v4:
- use braces on both if/else branches, even if single line on one of the
branches - Dmitry
- Use the id mapping - Dmitry

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Acked-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Acked-by: Dmitry Kasatkin &lt;dmitry.kasatkin@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: load policy using path</title>
<updated>2016-02-21T14:34:05+00:00</updated>
<author>
<name>Dmitry Kasatkin</name>
<email>dmitry.kasatkin@huawei.com</email>
</author>
<published>2014-04-11T14:47:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=7429b092811fb20c6a5b261c2c116a6a90cb9a29'/>
<id>7429b092811fb20c6a5b261c2c116a6a90cb9a29</id>
<content type='text'>
We currently cannot do appraisal or signature vetting of IMA policies
since we currently can only load IMA policies by writing the contents
of the policy directly in, as follows:

cat policy-file &gt; &lt;securityfs&gt;/ima/policy

If we provide the kernel the path to the IMA policy so it can load
the policy itself it'd be able to later appraise or vet the file
signature if it has one.  This patch adds support to load the IMA
policy with a given path as follows:

echo /etc/ima/ima_policy &gt; /sys/kernel/security/ima/policy

Changelog v4+:
- moved kernel_read_file_from_path() error messages to callers
v3:
- moved kernel_read_file_from_path() to a separate patch
v2:
- after re-ordering the patches, replace calling integrity_kernel_read()
  to read the file with kernel_read_file_from_path() (Mimi)
- Patch description re-written by Luis R. Rodriguez

Signed-off-by: Dmitry Kasatkin &lt;dmitry.kasatkin@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We currently cannot do appraisal or signature vetting of IMA policies
since we currently can only load IMA policies by writing the contents
of the policy directly in, as follows:

cat policy-file &gt; &lt;securityfs&gt;/ima/policy

If we provide the kernel the path to the IMA policy so it can load
the policy itself it'd be able to later appraise or vet the file
signature if it has one.  This patch adds support to load the IMA
policy with a given path as follows:

echo /etc/ima/ima_policy &gt; /sys/kernel/security/ima/policy

Changelog v4+:
- moved kernel_read_file_from_path() error messages to callers
v3:
- moved kernel_read_file_from_path() to a separate patch
v2:
- after re-ordering the patches, replace calling integrity_kernel_read()
  to read the file with kernel_read_file_from_path() (Mimi)
- Patch description re-written by Luis R. Rodriguez

Signed-off-by: Dmitry Kasatkin &lt;dmitry.kasatkin@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: ima_write_policy() limit locking</title>
<updated>2016-01-03T18:22:38+00:00</updated>
<author>
<name>Petko Manolov</name>
<email>petkan@mip-labs.com</email>
</author>
<published>2016-01-03T15:36:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=6427e6c71c8b374761b661c4f355762794c171a1'/>
<id>6427e6c71c8b374761b661c4f355762794c171a1</id>
<content type='text'>
There is no need to hold the ima_write_mutex for so long.  We only need it
around ima_parse_add_rule().

Changelog:
- The return path now takes into account failed kmalloc() call.

Reported-by: Al Viro &lt;viro@ZenIV.linux.org.uk&gt;
Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There is no need to hold the ima_write_mutex for so long.  We only need it
around ima_parse_add_rule().

Changelog:
- The return path now takes into account failed kmalloc() call.

Reported-by: Al Viro &lt;viro@ZenIV.linux.org.uk&gt;
Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>IMA: policy can be updated zero times</title>
<updated>2015-12-24T23:56:45+00:00</updated>
<author>
<name>Sasha Levin</name>
<email>sasha.levin@oracle.com</email>
</author>
<published>2015-12-22T13:51:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=0112721df4edbdd07b800813300d76811572f080'/>
<id>0112721df4edbdd07b800813300d76811572f080</id>
<content type='text'>
Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.

If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be accessed.

Changelog:
- Move list_empty() test to ima_release_policy(), before audit msg - Mimi

Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.

If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be accessed.

Changelog:
- Move list_empty() test to ima_release_policy(), before audit msg - Mimi

Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>IMA: allow reading back the current IMA policy</title>
<updated>2015-12-15T15:01:43+00:00</updated>
<author>
<name>Petko Manolov</name>
<email>petkan@mip-labs.com</email>
</author>
<published>2015-12-02T15:47:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=80eae209d63ac6361c7b445f7e7e41f39c044772'/>
<id>80eae209d63ac6361c7b445f7e7e41f39c044772</id>
<content type='text'>
It is often useful to be able to read back the IMA policy.  It is
even more important after introducing CONFIG_IMA_WRITE_POLICY.
This option allows the root user to see the current policy rules.

Signed-off-by: Zbigniew Jasinski &lt;z.jasinski@samsung.com&gt;
Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It is often useful to be able to read back the IMA policy.  It is
even more important after introducing CONFIG_IMA_WRITE_POLICY.
This option allows the root user to see the current policy rules.

Signed-off-by: Zbigniew Jasinski &lt;z.jasinski@samsung.com&gt;
Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>IMA: policy can now be updated multiple times</title>
<updated>2015-12-15T15:01:43+00:00</updated>
<author>
<name>Petko Manolov</name>
<email>petkan@mip-labs.com</email>
</author>
<published>2015-12-02T15:47:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=38d859f991f3a05b352a06f82af0baa1acf33e02'/>
<id>38d859f991f3a05b352a06f82af0baa1acf33e02</id>
<content type='text'>
The new rules get appended to the original policy, forming a queue.
The new rules are first added to a temporary list, which on error
get released without disturbing the normal IMA operations.  On
success both lists (the current policy and the new rules) are spliced.

IMA policy reads are many orders of magnitude more numerous compared to
writes, the match code is RCU protected.  The updater side also does
list splice in RCU manner.

Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The new rules get appended to the original policy, forming a queue.
The new rules are first added to a temporary list, which on error
get released without disturbing the normal IMA operations.  On
success both lists (the current policy and the new rules) are spliced.

IMA policy reads are many orders of magnitude more numerous compared to
writes, the match code is RCU protected.  The updater side also does
list splice in RCU manner.

Signed-off-by: Petko Manolov &lt;petkan@mip-labs.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: fix ima_show_template_data_ascii()</title>
<updated>2015-06-16T12:18:21+00:00</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2015-06-11T15:54:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=45b26133b97871896b8c5241d59f4ff7839db7b2'/>
<id>45b26133b97871896b8c5241d59f4ff7839db7b2</id>
<content type='text'>
This patch fixes a bug introduced in "4d7aeee ima: define new template
ima-ng and template fields d-ng and n-ng".

Changelog:
- change int to uint32 (Roberto Sassu's suggestion)

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Signed-off-by: Roberto Sassu &lt;rsassu@suse.de&gt;
Cc: stable@vger.kernel.org # 3.13
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch fixes a bug introduced in "4d7aeee ima: define new template
ima-ng and template fields d-ng and n-ng".

Changelog:
- change int to uint32 (Roberto Sassu's suggestion)

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Signed-off-by: Roberto Sassu &lt;rsassu@suse.de&gt;
Cc: stable@vger.kernel.org # 3.13
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: display template format in meas. list if template name length is zero</title>
<updated>2014-10-13T12:39:01+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@polito.it</email>
</author>
<published>2014-10-13T12:08:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=7dbdb4206bd69bf518fd76e01f4c5c64cda96455'/>
<id>7dbdb4206bd69bf518fd76e01f4c5c64cda96455</id>
<content type='text'>
With the introduction of the 'ima_template_fmt' kernel cmdline parameter,
a user can define a new template descriptor with custom format. However,
in this case, userspace tools will be unable to parse the measurements
list because the new template is unknown. For this reason, this patch
modifies the current IMA behavior to display in the list the template
format instead of the name (only if the length of the latter is zero)
so that a tool can extract needed information if it can handle listed
fields.

This patch also correctly displays the error log message in
ima_init_template() if the selected template cannot be initialized.

Changelog:
 - v3:
   - check the first byte of 'e-&gt;template_desc-&gt;name' instead of using
     strlen() in ima_fs.c (suggested by Mimi Zohar)

 - v2:
   - print the template format in ima_init_template(), if the selected
     template is custom (Roberto Sassu)

 - v1:
   - fixed patch description (Roberto Sassu, suggested by Mimi Zohar)
   - set 'template_name' variable in ima_fs.c only once
     (Roberto Sassu, suggested by Mimi Zohar)

Signed-off-by: Roberto Sassu &lt;roberto.sassu@polito.it&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
With the introduction of the 'ima_template_fmt' kernel cmdline parameter,
a user can define a new template descriptor with custom format. However,
in this case, userspace tools will be unable to parse the measurements
list because the new template is unknown. For this reason, this patch
modifies the current IMA behavior to display in the list the template
format instead of the name (only if the length of the latter is zero)
so that a tool can extract needed information if it can handle listed
fields.

This patch also correctly displays the error log message in
ima_init_template() if the selected template cannot be initialized.

Changelog:
 - v3:
   - check the first byte of 'e-&gt;template_desc-&gt;name' instead of using
     strlen() in ima_fs.c (suggested by Mimi Zohar)

 - v2:
   - print the template format in ima_init_template(), if the selected
     template is custom (Roberto Sassu)

 - v1:
   - fixed patch description (Roberto Sassu, suggested by Mimi Zohar)
   - set 'template_name' variable in ima_fs.c only once
     (Roberto Sassu, suggested by Mimi Zohar)

Signed-off-by: Roberto Sassu &lt;roberto.sassu@polito.it&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
