integrity/evm/evm_secfs.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (C) 2010 IBM Corporation
0004  *
0005  * Authors:
0006  * Mimi Zohar <zohar@us.ibm.com>
0007  *
0008  * File: evm_secfs.c
0009  *  - Used to signal when key is on keyring
0010  *  - Get the key and enable EVM
0011  */
0012
0013 #include <linux/audit.h>
0014 #include <linux/uaccess.h>
0015 #include <linux/init.h>
0016 #include <linux/mutex.h>
0017 #include "evm.h"
0018
0019 static struct dentry *evm_dir;
0020 static struct dentry *evm_init_tpm;
0021 static struct dentry *evm_symlink;
0022
0023 #ifdef CONFIG_EVM_ADD_XATTRS
0024 static struct dentry *evm_xattrs;
0025 static DEFINE_MUTEX(xattr_list_mutex);
0026 static int evm_xattrs_locked;
0027 #endif
0028
0029 /**
0030  * evm_read_key - read() for <securityfs>/evm
0031  *
0032  * @filp: file pointer, not actually used
0033  * @buf: where to put the result
0034  * @count: maximum to send along
0035  * @ppos: where to start
0036  *
0037  * Returns number of bytes read or error code, as appropriate
0038  */
0039 static ssize_t evm_read_key(struct file *filp, char __user *buf,
0040                 size_t count, loff_t *ppos)
0041 {
0042     char temp[80];
0043     ssize_t rc;
0044
0045     if (*ppos != 0)
0046         return 0;
0047
0048     sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
0049     rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
0050
0051     return rc;
0052 }
0053
0054 /**
0055  * evm_write_key - write() for <securityfs>/evm
0056  * @file: file pointer, not actually used
0057  * @buf: where to get the data from
0058  * @count: bytes sent
0059  * @ppos: where to start
0060  *
0061  * Used to signal that key is on the kernel key ring.
0062  * - get the integrity hmac key from the kernel key ring
0063  * - create list of hmac protected extended attributes
0064  * Returns number of bytes written or error code, as appropriate
0065  */
0066 static ssize_t evm_write_key(struct file *file, const char __user *buf,
0067                  size_t count, loff_t *ppos)
0068 {
0069     unsigned int i;
0070     int ret;
0071
0072     if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
0073         return -EPERM;
0074
0075     ret = kstrtouint_from_user(buf, count, 0, &i);
0076
0077     if (ret)
0078         return ret;
0079
0080     /* Reject invalid values */
0081     if (!i || (i & ~EVM_INIT_MASK) != 0)
0082         return -EINVAL;
0083
0084     /*
0085      * Don't allow a request to enable metadata writes if
0086      * an HMAC key is loaded.
0087      */
0088     if ((i & EVM_ALLOW_METADATA_WRITES) &&
0089         (evm_initialized & EVM_INIT_HMAC) != 0)
0090         return -EPERM;
0091
0092     if (i & EVM_INIT_HMAC) {
0093         ret = evm_init_key();
0094         if (ret != 0)
0095             return ret;
0096         /* Forbid further writes after the symmetric key is loaded */
0097         i |= EVM_SETUP_COMPLETE;
0098     }
0099
0100     evm_initialized |= i;
0101
0102     /* Don't allow protected metadata modification if a symmetric key
0103      * is loaded
0104      */
0105     if (evm_initialized & EVM_INIT_HMAC)
0106         evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES);
0107
0108     return count;
0109 }
0110
0111 static const struct file_operations evm_key_ops = {
0112     .read       = evm_read_key,
0113     .write      = evm_write_key,
0114 };
0115
0116 #ifdef CONFIG_EVM_ADD_XATTRS
0117 /**
0118  * evm_read_xattrs - read() for <securityfs>/evm_xattrs
0119  *
0120  * @filp: file pointer, not actually used
0121  * @buf: where to put the result
0122  * @count: maximum to send along
0123  * @ppos: where to start
0124  *
0125  * Returns number of bytes read or error code, as appropriate
0126  */
0127 static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
0128                    size_t count, loff_t *ppos)
0129 {
0130     char *temp;
0131     int offset = 0;
0132     ssize_t rc, size = 0;
0133     struct xattr_list *xattr;
0134
0135     if (*ppos != 0)
0136         return 0;
0137
0138     rc = mutex_lock_interruptible(&xattr_list_mutex);
0139     if (rc)
0140         return -ERESTARTSYS;
0141
0142     list_for_each_entry(xattr, &evm_config_xattrnames, list) {
0143         if (!xattr->enabled)
0144             continue;
0145
0146         size += strlen(xattr->name) + 1;
0147     }
0148
0149     temp = kmalloc(size + 1, GFP_KERNEL);
0150     if (!temp) {
0151         mutex_unlock(&xattr_list_mutex);
0152         return -ENOMEM;
0153     }
0154
0155     list_for_each_entry(xattr, &evm_config_xattrnames, list) {
0156         if (!xattr->enabled)
0157             continue;
0158
0159         sprintf(temp + offset, "%s\n", xattr->name);
0160         offset += strlen(xattr->name) + 1;
0161     }
0162
0163     mutex_unlock(&xattr_list_mutex);
0164     rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
0165
0166     kfree(temp);
0167
0168     return rc;
0169 }
0170
0171 /**
0172  * evm_write_xattrs - write() for <securityfs>/evm_xattrs
0173  * @file: file pointer, not actually used
0174  * @buf: where to get the data from
0175  * @count: bytes sent
0176  * @ppos: where to start
0177  *
0178  * Returns number of bytes written or error code, as appropriate
0179  */
0180 static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
0181                 size_t count, loff_t *ppos)
0182 {
0183     int len, err;
0184     struct xattr_list *xattr, *tmp;
0185     struct audit_buffer *ab;
0186     struct iattr newattrs;
0187     struct inode *inode;
0188
0189     if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)
0190         return -EPERM;
0191
0192     if (*ppos != 0)
0193         return -EINVAL;
0194
0195     if (count > XATTR_NAME_MAX)
0196         return -E2BIG;
0197
0198     ab = audit_log_start(audit_context(), GFP_KERNEL,
0199                  AUDIT_INTEGRITY_EVM_XATTR);
0200     if (!ab && IS_ENABLED(CONFIG_AUDIT))
0201         return -ENOMEM;
0202
0203     xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);
0204     if (!xattr) {
0205         err = -ENOMEM;
0206         goto out;
0207     }
0208
0209     xattr->enabled = true;
0210     xattr->name = memdup_user_nul(buf, count);
0211     if (IS_ERR(xattr->name)) {
0212         err = PTR_ERR(xattr->name);
0213         xattr->name = NULL;
0214         goto out;
0215     }
0216
0217     /* Remove any trailing newline */
0218     len = strlen(xattr->name);
0219     if (len && xattr->name[len-1] == '\n')
0220         xattr->name[len-1] = '\0';
0221
0222     audit_log_format(ab, "xattr=");
0223     audit_log_untrustedstring(ab, xattr->name);
0224
0225     if (strcmp(xattr->name, ".") == 0) {
0226         evm_xattrs_locked = 1;
0227         newattrs.ia_mode = S_IFREG | 0440;
0228         newattrs.ia_valid = ATTR_MODE;
0229         inode = evm_xattrs->d_inode;
0230         inode_lock(inode);
0231         err = simple_setattr(&init_user_ns, evm_xattrs, &newattrs);
0232         inode_unlock(inode);
0233         if (!err)
0234             err = count;
0235         goto out;
0236     }
0237
0238     if (strncmp(xattr->name, XATTR_SECURITY_PREFIX,
0239             XATTR_SECURITY_PREFIX_LEN) != 0) {
0240         err = -EINVAL;
0241         goto out;
0242     }
0243
0244     /*
0245      * xattr_list_mutex guards against races in evm_read_xattrs().
0246      * Entries are only added to the evm_config_xattrnames list
0247      * and never deleted. Therefore, the list is traversed
0248      * using list_for_each_entry_lockless() without holding
0249      * the mutex in evm_calc_hmac_or_hash(), evm_find_protected_xattrs()
0250      * and evm_protected_xattr().
0251      */
0252     mutex_lock(&xattr_list_mutex);
0253     list_for_each_entry(tmp, &evm_config_xattrnames, list) {
0254         if (strcmp(xattr->name, tmp->name) == 0) {
0255             err = -EEXIST;
0256             if (!tmp->enabled) {
0257                 tmp->enabled = true;
0258                 err = count;
0259             }
0260             mutex_unlock(&xattr_list_mutex);
0261             goto out;
0262         }
0263     }
0264     list_add_tail_rcu(&xattr->list, &evm_config_xattrnames);
0265     mutex_unlock(&xattr_list_mutex);
0266
0267     audit_log_format(ab, " res=0");
0268     audit_log_end(ab);
0269     return count;
0270 out:
0271     audit_log_format(ab, " res=%d", (err < 0) ? err : 0);
0272     audit_log_end(ab);
0273     if (xattr) {
0274         kfree(xattr->name);
0275         kfree(xattr);
0276     }
0277     return err;
0278 }
0279
0280 static const struct file_operations evm_xattr_ops = {
0281     .read       = evm_read_xattrs,
0282     .write      = evm_write_xattrs,
0283 };
0284
0285 static int evm_init_xattrs(void)
0286 {
0287     evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL,
0288                         &evm_xattr_ops);
0289     if (!evm_xattrs || IS_ERR(evm_xattrs))
0290         return -EFAULT;
0291
0292     return 0;
0293 }
0294 #else
0295 static int evm_init_xattrs(void)
0296 {
0297     return 0;
0298 }
0299 #endif
0300
0301 int __init evm_init_secfs(void)
0302 {
0303     int error = 0;
0304
0305     evm_dir = securityfs_create_dir("evm", integrity_dir);
0306     if (!evm_dir || IS_ERR(evm_dir))
0307         return -EFAULT;
0308
0309     evm_init_tpm = securityfs_create_file("evm", 0660,
0310                           evm_dir, NULL, &evm_key_ops);
0311     if (!evm_init_tpm || IS_ERR(evm_init_tpm)) {
0312         error = -EFAULT;
0313         goto out;
0314     }
0315
0316     evm_symlink = securityfs_create_symlink("evm", NULL,
0317                         "integrity/evm/evm", NULL);
0318     if (!evm_symlink || IS_ERR(evm_symlink)) {
0319         error = -EFAULT;
0320         goto out;
0321     }
0322
0323     if (evm_init_xattrs() != 0) {
0324         error = -EFAULT;
0325         goto out;
0326     }
0327
0328     return 0;
0329 out:
0330     securityfs_remove(evm_symlink);
0331     securityfs_remove(evm_init_tpm);
0332     securityfs_remove(evm_dir);
0333     return error;
0334 }