1 /* 2 * Copyright (C) 2008 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation, version 2 of the 10 * License. 11 * 12 * File: integrity_iint.c 13 * - implements the integrity hooks: integrity_inode_alloc, 14 * integrity_inode_free 15 * - cache integrity information associated with an inode 16 * using a rbtree tree. 17 */ 18 #include <linux/slab.h> 19 #include <linux/init.h> 20 #include <linux/spinlock.h> 21 #include <linux/rbtree.h> 22 #include <linux/file.h> 23 #include <linux/uaccess.h> 24 #include <linux/security.h> 25 #include <linux/lsm_hooks.h> 26 #include "integrity.h" 27 28 static struct rb_root integrity_iint_tree = RB_ROOT; 29 static DEFINE_RWLOCK(integrity_iint_lock); 30 static struct kmem_cache *iint_cache __read_mostly; 31 32 struct dentry *integrity_dir; 33 34 /* 35 * __integrity_iint_find - return the iint associated with an inode 36 */ 37 static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode) 38 { 39 struct integrity_iint_cache *iint; 40 struct rb_node *n = integrity_iint_tree.rb_node; 41 42 while (n) { 43 iint = rb_entry(n, struct integrity_iint_cache, rb_node); 44 45 if (inode < iint->inode) 46 n = n->rb_left; 47 else if (inode > iint->inode) 48 n = n->rb_right; 49 else 50 break; 51 } 52 if (!n) 53 return NULL; 54 55 return iint; 56 } 57 58 /* 59 * integrity_iint_find - return the iint associated with an inode 60 */ 61 struct integrity_iint_cache *integrity_iint_find(struct inode *inode) 62 { 63 struct integrity_iint_cache *iint; 64 65 if (!IS_IMA(inode)) 66 return NULL; 67 68 read_lock(&integrity_iint_lock); 69 iint = __integrity_iint_find(inode); 70 read_unlock(&integrity_iint_lock); 71 72 return iint; 73 } 74 75 static void iint_free(struct integrity_iint_cache *iint) 76 { 77 kfree(iint->ima_hash); 78 iint->ima_hash = NULL; 79 iint->version = 0; 80 iint->flags = 0UL; 81 iint->atomic_flags = 0UL; 82 iint->ima_file_status = INTEGRITY_UNKNOWN; 83 iint->ima_mmap_status = INTEGRITY_UNKNOWN; 84 iint->ima_bprm_status = INTEGRITY_UNKNOWN; 85 iint->ima_read_status = INTEGRITY_UNKNOWN; 86 iint->ima_creds_status = INTEGRITY_UNKNOWN; 87 iint->evm_status = INTEGRITY_UNKNOWN; 88 iint->measured_pcrs = 0; 89 kmem_cache_free(iint_cache, iint); 90 } 91 92 /** 93 * integrity_inode_get - find or allocate an iint associated with an inode 94 * @inode: pointer to the inode 95 * @return: allocated iint 96 * 97 * Caller must lock i_mutex 98 */ 99 struct integrity_iint_cache *integrity_inode_get(struct inode *inode) 100 { 101 struct rb_node **p; 102 struct rb_node *node, *parent = NULL; 103 struct integrity_iint_cache *iint, *test_iint; 104 105 iint = integrity_iint_find(inode); 106 if (iint) 107 return iint; 108 109 iint = kmem_cache_alloc(iint_cache, GFP_NOFS); 110 if (!iint) 111 return NULL; 112 113 write_lock(&integrity_iint_lock); 114 115 p = &integrity_iint_tree.rb_node; 116 while (*p) { 117 parent = *p; 118 test_iint = rb_entry(parent, struct integrity_iint_cache, 119 rb_node); 120 if (inode < test_iint->inode) 121 p = &(*p)->rb_left; 122 else 123 p = &(*p)->rb_right; 124 } 125 126 iint->inode = inode; 127 node = &iint->rb_node; 128 inode->i_flags |= S_IMA; 129 rb_link_node(node, parent, p); 130 rb_insert_color(node, &integrity_iint_tree); 131 132 write_unlock(&integrity_iint_lock); 133 return iint; 134 } 135 136 /** 137 * integrity_inode_free - called on security_inode_free 138 * @inode: pointer to the inode 139 * 140 * Free the integrity information(iint) associated with an inode. 141 */ 142 void integrity_inode_free(struct inode *inode) 143 { 144 struct integrity_iint_cache *iint; 145 146 if (!IS_IMA(inode)) 147 return; 148 149 write_lock(&integrity_iint_lock); 150 iint = __integrity_iint_find(inode); 151 rb_erase(&iint->rb_node, &integrity_iint_tree); 152 write_unlock(&integrity_iint_lock); 153 154 iint_free(iint); 155 } 156 157 static void init_once(void *foo) 158 { 159 struct integrity_iint_cache *iint = foo; 160 161 memset(iint, 0, sizeof(*iint)); 162 iint->ima_file_status = INTEGRITY_UNKNOWN; 163 iint->ima_mmap_status = INTEGRITY_UNKNOWN; 164 iint->ima_bprm_status = INTEGRITY_UNKNOWN; 165 iint->ima_read_status = INTEGRITY_UNKNOWN; 166 iint->ima_creds_status = INTEGRITY_UNKNOWN; 167 iint->evm_status = INTEGRITY_UNKNOWN; 168 mutex_init(&iint->mutex); 169 } 170 171 static int __init integrity_iintcache_init(void) 172 { 173 iint_cache = 174 kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), 175 0, SLAB_PANIC, init_once); 176 return 0; 177 } 178 DEFINE_LSM(integrity) = { 179 .name = "integrity", 180 .init = integrity_iintcache_init, 181 }; 182 183 184 /* 185 * integrity_kernel_read - read data from the file 186 * 187 * This is a function for reading file content instead of kernel_read(). 188 * It does not perform locking checks to ensure it cannot be blocked. 189 * It does not perform security checks because it is irrelevant for IMA. 190 * 191 */ 192 int integrity_kernel_read(struct file *file, loff_t offset, 193 void *addr, unsigned long count) 194 { 195 mm_segment_t old_fs; 196 char __user *buf = (char __user *)addr; 197 ssize_t ret; 198 199 if (!(file->f_mode & FMODE_READ)) 200 return -EBADF; 201 202 old_fs = get_fs(); 203 set_fs(get_ds()); 204 ret = __vfs_read(file, buf, count, &offset); 205 set_fs(old_fs); 206 207 return ret; 208 } 209 210 /* 211 * integrity_load_keys - load integrity keys hook 212 * 213 * Hooks is called from init/main.c:kernel_init_freeable() 214 * when rootfs is ready 215 */ 216 void __init integrity_load_keys(void) 217 { 218 ima_load_x509(); 219 evm_load_x509(); 220 } 221 222 static int __init integrity_fs_init(void) 223 { 224 integrity_dir = securityfs_create_dir("integrity", NULL); 225 if (IS_ERR(integrity_dir)) { 226 int ret = PTR_ERR(integrity_dir); 227 228 if (ret != -ENODEV) 229 pr_err("Unable to create integrity sysfs dir: %d\n", 230 ret); 231 integrity_dir = NULL; 232 return ret; 233 } 234 235 return 0; 236 } 237 238 late_initcall(integrity_fs_init) 239