Re: [PATCH v3 2/6] IMA: change process_buffer_measurement return type from void to int
From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2020-08-31 11:36:50
Also in:
dm-devel, linux-security-module, lkml, selinux
On Thu, 2020-08-27 at 18:57 -0700, Tushar Sugandhi wrote:
process_buffer_measurement() does not return the result of the operation. Therefore, the consumers of this function cannot act on it, if needed. Update return type of process_buffer_measurement() from void to int.
Failure to measure may be audited, but should never fail. This is one of the main differences between secure and trusted boot concepts. Notice in process_measurement() that -EACCES is only returned for appraisal. Returning a failure from process_buffer_measurement() in itself isn't a problem, as long as the failure isn't returned to the LSM/IMA hook. However, just as the callers of process_measurement() originally processed the result, that processing was moved into process_measurement() [1]. Mimi [1] 750943a30714 ima: remove enforce checking duplication
quoted hunk ↗ jump to hunk
Signed-off-by: Tushar Sugandhi <redacted> --- security/integrity/ima/ima.h | 6 +++--- security/integrity/ima/ima_main.c | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-)diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 8875085db689..83ed57147e68 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h@@ -265,9 +265,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, int pcr, struct ima_template_desc *template_desc); -void process_buffer_measurement(struct inode *inode, const void *buf, int size, - const char *eventname, enum ima_hooks func, - int pcr, const char *func_data); +int process_buffer_measurement(struct inode *inode, const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr, const char *func_data); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data,diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c870fd6d2f83..0979a62a9257 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c@@ -736,9 +736,9 @@ int ima_load_data(enum kernel_load_data_id id) * * Based on policy, the buffer is measured into the ima log. */ -void process_buffer_measurement(struct inode *inode, const void *buf, int size, - const char *eventname, enum ima_hooks func, - int pcr, const char *func_data) +int process_buffer_measurement(struct inode *inode, const void *buf, int size, + const char *eventname, enum ima_hooks func, + int pcr, const char *func_data) { int ret = 0; const char *audit_cause = "ENOMEM";@@ -758,7 +758,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, u32 secid; if (!ima_policy_flag) - return; + return 0; /* * Both LSM hooks and auxilary based buffer measurements are@@ -772,7 +772,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, action = ima_get_action(inode, current_cred(), secid, 0, func, &pcr, &template, func_data); if (!(action & IMA_MEASURE)) - return; + return 0; } if (!pcr)@@ -787,7 +787,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, pr_err("template %s init failed, result: %d\n", (strlen(template->name) ? template->name : template->fmt), ret); - return; + return ret; } }@@ -819,7 +819,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, func_measure_str(func), audit_cause, ret, 0, ret); - return; + return ret; } /**