Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
- security/integrity/ima/ima_api.c | 16 ++++++++++++----
- security/integrity/ima/ima_template_lib.c | 17 ++++++++++++++---
+ security/integrity/ima/ima_api.c | 16 ++++++++++++----
+ security/integrity/ima/ima_template_lib.c | 17 ++++++++++++++---
2 files changed, 26 insertions(+), 7 deletions(-)
-diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index 7a244e8ce65a5..cea8df0115a28 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
-@@ -243,8 +243,8 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
+@@ -244,8 +244,8 @@ int ima_collect_measurement(struct integ
const char *audit_cause = "failed";
struct inode *inode = file_inode(file);
struct inode *real_inode = d_real_inode(file_dentry(file));
- const char *filename = file->f_path.dentry->d_name.name;
struct ima_max_digest_data hash;
+ struct name_snapshot filename;
- struct kstat stat;
int result = 0;
int length;
-@@ -322,9 +322,13 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
+ void *tmpbuf;
+@@ -319,9 +319,13 @@ out:
if (file->f_flags & O_DIRECT)
audit_cause = "failed(directio)";
}
return result;
}
-@@ -437,6 +441,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
+@@ -434,6 +438,7 @@ out:
*/
const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
{
char *pathname = NULL;
*pathbuf = __getname();
-@@ -450,7 +455,10 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
+@@ -447,7 +452,10 @@ const char *ima_d_path(const struct path
}
if (!pathname) {
pathname = namebuf;
}
-diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
-index 7bf9b15072202..41ec31debe870 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
-@@ -483,7 +483,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data,
+@@ -483,7 +483,10 @@ static int ima_eventname_init_common(str
bool size_limit)
{
const char *cur_filename = NULL;
BUG_ON(event_data->filename == NULL && event_data->file == NULL);
-@@ -496,7 +499,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data,
+@@ -496,7 +499,10 @@ static int ima_eventname_init_common(str
}
if (event_data->file) {
cur_filename_len = strlen(cur_filename);
} else
/*
-@@ -505,8 +511,13 @@ static int ima_eventname_init_common(struct ima_event_data *event_data,
+@@ -505,8 +511,13 @@ static int ima_eventname_init_common(str
*/
cur_filename_len = IMA_EVENT_NAME_LEN_MAX;
out:
}
/*
---
-2.43.0
-
+++ /dev/null
-From 1ecfaeacb62b0e0c7cbe178410b6bd5dc2a394b1 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 17 Apr 2023 12:55:51 -0400
-Subject: IMA: use vfs_getattr_nosec to get the i_version
-
-From: Jeff Layton <jlayton@kernel.org>
-
-[ Upstream commit db1d1e8b9867aae5c3e61ad7859abfcc4a6fd6c7 ]
-
-IMA currently accesses the i_version out of the inode directly when it
-does a measurement. This is fine for most simple filesystems, but can be
-problematic with more complex setups (e.g. overlayfs).
-
-Make IMA instead call vfs_getattr_nosec to get this info. This allows
-the filesystem to determine whether and how to report the i_version, and
-should allow IMA to work properly with a broader class of filesystems in
-the future.
-
-Reported-and-Tested-by: Stefan Berger <stefanb@linux.ibm.com>
-Reviewed-by: Christian Brauner <brauner@kernel.org>
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Stable-dep-of: be84f32bb2c9 ("ima: Fix use-after-free on a dentry's dname.name")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- security/integrity/ima/ima_api.c | 9 ++++++---
- security/integrity/ima/ima_main.c | 12 ++++++++----
- 2 files changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index 026c8c9db9920..7a244e8ce65a5 100644
---- a/security/integrity/ima/ima_api.c
-+++ b/security/integrity/ima/ima_api.c
-@@ -13,7 +13,6 @@
- #include <linux/fs.h>
- #include <linux/xattr.h>
- #include <linux/evm.h>
--#include <linux/iversion.h>
- #include <linux/fsverity.h>
-
- #include "ima.h"
-@@ -246,10 +245,11 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
- struct inode *real_inode = d_real_inode(file_dentry(file));
- const char *filename = file->f_path.dentry->d_name.name;
- struct ima_max_digest_data hash;
-+ struct kstat stat;
- int result = 0;
- int length;
- void *tmpbuf;
-- u64 i_version;
-+ u64 i_version = 0;
-
- /*
- * Always collect the modsig, because IMA might have already collected
-@@ -268,7 +268,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
- * to an initial measurement/appraisal/audit, but was modified to
- * assume the file changed.
- */
-- i_version = inode_query_iversion(inode);
-+ result = vfs_getattr_nosec(&file->f_path, &stat, STATX_CHANGE_COOKIE,
-+ AT_STATX_SYNC_AS_STAT);
-+ if (!result && (stat.result_mask & STATX_CHANGE_COOKIE))
-+ i_version = stat.change_cookie;
- hash.hdr.algo = algo;
- hash.hdr.length = hash_digest_size[algo];
-
-diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
-index 185666d90eebc..bba421f617312 100644
---- a/security/integrity/ima/ima_main.c
-+++ b/security/integrity/ima/ima_main.c
-@@ -24,7 +24,6 @@
- #include <linux/slab.h>
- #include <linux/xattr.h>
- #include <linux/ima.h>
--#include <linux/iversion.h>
- #include <linux/fs.h>
- #include <linux/iversion.h>
-
-@@ -164,11 +163,16 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
-
- mutex_lock(&iint->mutex);
- if (atomic_read(&inode->i_writecount) == 1) {
-+ struct kstat stat;
-+
- update = test_and_clear_bit(IMA_UPDATE_XATTR,
- &iint->atomic_flags);
-- if (!IS_I_VERSION(inode) ||
-- !inode_eq_iversion(inode, iint->version) ||
-- (iint->flags & IMA_NEW_FILE)) {
-+ if ((iint->flags & IMA_NEW_FILE) ||
-+ vfs_getattr_nosec(&file->f_path, &stat,
-+ STATX_CHANGE_COOKIE,
-+ AT_STATX_SYNC_AS_STAT) ||
-+ !(stat.result_mask & STATX_CHANGE_COOKIE) ||
-+ stat.change_cookie != iint->version) {
- iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
- iint->measured_pcrs = 0;
- if (update)
---
-2.43.0
-
riscv-stacktrace-convert-arch_stack_walk-to-noinstr.patch
gpiolib-cdev-disallow-reconfiguration-without-direct.patch
randomize_kstack-remove-non-functional-per-arch-entr.patch
-vfs-plumb-i_version-handling-into-struct-kstat.patch
-ima-use-vfs_getattr_nosec-to-get-the-i_version.patch
ima-fix-use-after-free-on-a-dentry-s-dname.name.patch
x86-stop-playing-stack-games-in-profile_pc.patch
parisc-use-generic-sys_fanotify_mark-implementation.patch
+++ /dev/null
-From 72aa39d07c4636965c9a8c7e965476f103d8a398 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 4 Dec 2016 09:29:46 -0500
-Subject: vfs: plumb i_version handling into struct kstat
-
-From: Jeff Layton <jlayton@redhat.com>
-
-[ Upstream commit a1175d6b1bdaf4f74eda47ab18eb44194f9cb796 ]
-
-The NFS server has a lot of special handling for different types of
-change attribute access, depending on the underlying filesystem. In
-most cases, it's doing a getattr anyway and then fetching that value
-after the fact.
-
-Rather that do that, add a new STATX_CHANGE_COOKIE flag that is a
-kernel-only symbol (for now). If requested and getattr can implement it,
-it can fill out this field. For IS_I_VERSION inodes, add a generic
-implementation in vfs_getattr_nosec. Take care to mask
-STATX_CHANGE_COOKIE off in requests from userland and in the result
-mask.
-
-Since not all filesystems can give the same guarantees of monotonicity,
-claim a STATX_ATTR_CHANGE_MONOTONIC flag that filesystems can set to
-indicate that they offer an i_version value that can never go backward.
-
-Eventually if we decide to make the i_version available to userland, we
-can just designate a field for it in struct statx, and move the
-STATX_CHANGE_COOKIE definition to the uapi header.
-
-Reviewed-by: NeilBrown <neilb@suse.de>
-Reviewed-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
-Stable-dep-of: be84f32bb2c9 ("ima: Fix use-after-free on a dentry's dname.name")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/stat.c | 17 +++++++++++++++--
- include/linux/stat.h | 9 +++++++++
- 2 files changed, 24 insertions(+), 2 deletions(-)
-
-diff --git a/fs/stat.c b/fs/stat.c
-index ef50573c72a26..06fd3fc1ab84b 100644
---- a/fs/stat.c
-+++ b/fs/stat.c
-@@ -18,6 +18,7 @@
- #include <linux/syscalls.h>
- #include <linux/pagemap.h>
- #include <linux/compat.h>
-+#include <linux/iversion.h>
-
- #include <linux/uaccess.h>
- #include <asm/unistd.h>
-@@ -119,6 +120,11 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat,
- stat->attributes_mask |= (STATX_ATTR_AUTOMOUNT |
- STATX_ATTR_DAX);
-
-+ if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) {
-+ stat->result_mask |= STATX_CHANGE_COOKIE;
-+ stat->change_cookie = inode_query_iversion(inode);
-+ }
-+
- mnt_userns = mnt_user_ns(path->mnt);
- if (inode->i_op->getattr)
- return inode->i_op->getattr(mnt_userns, path, stat,
-@@ -599,9 +605,11 @@ cp_statx(const struct kstat *stat, struct statx __user *buffer)
-
- memset(&tmp, 0, sizeof(tmp));
-
-- tmp.stx_mask = stat->result_mask;
-+ /* STATX_CHANGE_COOKIE is kernel-only for now */
-+ tmp.stx_mask = stat->result_mask & ~STATX_CHANGE_COOKIE;
- tmp.stx_blksize = stat->blksize;
-- tmp.stx_attributes = stat->attributes;
-+ /* STATX_ATTR_CHANGE_MONOTONIC is kernel-only for now */
-+ tmp.stx_attributes = stat->attributes & ~STATX_ATTR_CHANGE_MONOTONIC;
- tmp.stx_nlink = stat->nlink;
- tmp.stx_uid = from_kuid_munged(current_user_ns(), stat->uid);
- tmp.stx_gid = from_kgid_munged(current_user_ns(), stat->gid);
-@@ -640,6 +648,11 @@ int do_statx(int dfd, struct filename *filename, unsigned int flags,
- if ((flags & AT_STATX_SYNC_TYPE) == AT_STATX_SYNC_TYPE)
- return -EINVAL;
-
-+ /* STATX_CHANGE_COOKIE is kernel-only for now. Ignore requests
-+ * from userland.
-+ */
-+ mask &= ~STATX_CHANGE_COOKIE;
-+
- error = vfs_statx(dfd, filename, flags, &stat, mask);
- if (error)
- return error;
-diff --git a/include/linux/stat.h b/include/linux/stat.h
-index ff277ced50e9f..52150570d37a5 100644
---- a/include/linux/stat.h
-+++ b/include/linux/stat.h
-@@ -52,6 +52,15 @@ struct kstat {
- u64 mnt_id;
- u32 dio_mem_align;
- u32 dio_offset_align;
-+ u64 change_cookie;
- };
-
-+/* These definitions are internal to the kernel for now. Mainly used by nfsd. */
-+
-+/* mask values */
-+#define STATX_CHANGE_COOKIE 0x40000000U /* Want/got stx_change_attr */
-+
-+/* file attribute values */
-+#define STATX_ATTR_CHANGE_MONOTONIC 0x8000000000000000ULL /* version monotonically increases */
-+
- #endif
---
-2.43.0
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
