From patchwork Tue Jan 30 21:46:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 194332 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2087:b0:106:209c:c626 with SMTP id gs7csp1513458dyb; Tue, 30 Jan 2024 13:48:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IFO/MWPkuttIcUMknsSCGMtd8QU8RTnFLy9wq2ZKhSM2NQixTjWTb67vi+UvGacZ3Aytzl1 X-Received: by 2002:a05:622a:184:b0:42a:9d03:1c1d with SMTP id s4-20020a05622a018400b0042a9d031c1dmr7560030qtw.63.1706651279835; Tue, 30 Jan 2024 13:47:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706651279; cv=pass; d=google.com; s=arc-20160816; b=QGl6/rnR2Cf+YAPGhk2DnHdz5oZdCykWSWehmjbjeaSLixDzU2P8wgbURyI1bWfo+j YEkBWyBxN2bZNeYZ9poF3PGQpnqchlSAbSbaNfYTl/nvLMq7urU7es3XqR4jNMHeyz4b V5a8wN9luF9nU4YIJctIlG8Rj818or+etyrZgPgeYfWEk549C9Jt9E7lAaeQSPoMgZ/l y/maGjlATmva6414Pi4Uvt+uC21Mga6ZpfDZiZTrSWcYA9S76TKnMxos2X2aXNy3QwZW LinjH2399BQm/QzV6JTsXM2WE3htins13o3MUiIsZEdrcgIi4WM3EU+tzBE0rz6WCzwc AxQA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=BP5fUK230w16aaAM9wCPXmpVSGviN/8Ei3dtKX9GF/U=; fh=ncez+Zuks3r0u/GH7GwMN7W85FP2C9GgAvOVpsEx2iM=; b=R4Nh7aStAQ5brrDQftdEz7xSyIbJDn8qgagZ3x2IYVmGtYzNmcjra4D1XQ1e82uxPf YAehgUKD+C9ViRrpZEThRV+eK01z8n9/YijyC3VlmcQKYHGRtRbC3Tpk0thMs0jRfn8M R0hLTvajTkvo1/te35IufZhkEI3ArRNZ2Rk/HhkwngiSFujT+hUu/Fcn+Ru1effdqrQz sHmocqgIqEP3PiNdNzveMgm3WKh2k8Xot4EbLlQ5Rm4IPeQnqMHbYYSS5phGvS9fE/p/ wLQnLZUVgGTnYHkVlf9439+gdYTlG3tzw5MmpXsakh/LcugcFFQ7lTzGnf46HCjMJdFc ESyA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ecdLKN4K; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-45345-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45345-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id jv23-20020a05622aa09700b0042a8c12730fsi7931956qtb.89.2024.01.30.13.47.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 13:47:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-45345-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ecdLKN4K; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-45345-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45345-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9F1131C238E8 for ; Tue, 30 Jan 2024 21:47:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6C15978663; Tue, 30 Jan 2024 21:46:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="ecdLKN4K" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6F9B78B68; Tue, 30 Jan 2024 21:46:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706651214; cv=none; b=IZfwYGdWFXHzy2vlAKNEZmvZcUuFNwA1SEHvUIJOcf6lkAz9g/NS5AfKQvf1hZ2WRiTgllgDhRTceNIYuafNUKDwVF9gfzq/QZWNnnWCiUumJETbXuhVx08FmXzJwzGI6aYFXfrNfDD76iY1CVfUa95qbEOVOrpDgNOE4mO5d8U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706651214; c=relaxed/simple; bh=1Mf3wyu6a17R4DYnsbGVDf+ocPp2KC6e1ASfr1NJ06s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pdafZrzcmc6mJp34KDVDpZHWf/hQmtG7/M5wN6cZtDE6849+HfXg04qCy0TGZ0pOyHfc4w7JgeCxzAakxYzPSr76VFGJjF2wrhyOMGKc04vSx2HpPs32JCBJacAi8T2BQ70yxAz2R5YQprYHXbNf7wQSBAjk2KqyHokwGaLFdSU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=ecdLKN4K; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0353726.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 40ULbNFx019671; Tue, 30 Jan 2024 21:46:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=BP5fUK230w16aaAM9wCPXmpVSGviN/8Ei3dtKX9GF/U=; b=ecdLKN4KFm1+vzBc03WbzQOFXLe6UPt46fJ+NZ33iZLXSibNHtNSZd2/AHc+JrxlhRNk LBsEDt4N9omGj5LTqo8u47++2OiW55IARQnCu+3v2iBAARJ1WxcHs0EC+ptTdTLc+int y7swpLK/9/8oebssR3A+fe65k99S/eTa59NfkVkU1tsA097eK8YScIiW8LPbp6iMsr7a MkAbgDQL29+7yV/26g4z6aDyXjbAWbyohb4dsclvwPzwkhc77mTRcathqu+ivzfuVN87 yOzaTap3D2hlzUyTlq8by8q1/BlgcsXm1v63vNQl7T+ON6NnC0ajuJ1UJxiYgKyynLXT Ww== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3vy96br53d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 Jan 2024 21:46:33 +0000 Received: from m0353726.ppops.net (m0353726.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 40ULbUew019804; Tue, 30 Jan 2024 21:46:32 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3vy96br536-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 Jan 2024 21:46:32 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 40UKMsFY007179; Tue, 30 Jan 2024 21:46:31 GMT Received: from smtprelay02.wdc07v.mail.ibm.com ([172.16.1.69]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3vwev291rs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 Jan 2024 21:46:31 +0000 Received: from smtpav05.dal12v.mail.ibm.com (smtpav05.dal12v.mail.ibm.com [10.241.53.104]) by smtprelay02.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 40ULkU3Z22610580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 30 Jan 2024 21:46:30 GMT Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2549F5805D; Tue, 30 Jan 2024 21:46:30 +0000 (GMT) Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D8E858052; Tue, 30 Jan 2024 21:46:29 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.dal12v.mail.ibm.com (Postfix) with ESMTP; Tue, 30 Jan 2024 21:46:29 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org Cc: linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, amir73il@gmail.com, miklos@szeredi.hu, Stefan Berger Subject: [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash Date: Tue, 30 Jan 2024 16:46:19 -0500 Message-ID: <20240130214620.3155380-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240130214620.3155380-1-stefanb@linux.ibm.com> References: <20240130214620.3155380-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 7YY7tYmObqCtrkaZ9b0L-3LVS_G6t8iH X-Proofpoint-GUID: k5R9ARI-UMjDdKRyjwX9gPNVBKEXQua2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-30_12,2024-01-30_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 mlxscore=0 spamscore=0 priorityscore=1501 clxscore=1015 suspectscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 impostorscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2401300163 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789553571956640600 X-GMAIL-MSGID: 1789553571956640600 Changes to the file attribute (mode bits, uid, gid) on the lower layer are not take into account when d_backing_inode() is used when a file is accessed on the overlay layer and this file has not yet been copied up. This is because d_backing_inode() does not return the real inode of the lower layer but instead returns the backing inode which holds old file attributes. When the old file attributes are used for calculating the metadata hash then the expected hash is calculated and the file then mistakenly passes signature verification. Therefore, use d_real_inode() which returns the inode of the lower layer for as long as the file has not been copied up and returns the upper layer's inode otherwise. Signed-off-by: Stefan Berger --- security/integrity/evm/evm_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..2e48fe54e899 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -223,7 +223,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, size_t req_xattr_value_len, uint8_t type, struct evm_digest *data) { - struct inode *inode = d_backing_inode(dentry); + struct inode *inode = d_real_inode(dentry); struct xattr_list *xattr; struct shash_desc *desc; size_t xattr_size = 0;