| From 9eea2904292c2d8fa98df141d3bf7c41ec9dc1b5 Mon Sep 17 00:00:00 2001 |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| Date: Fri, 14 May 2021 17:27:42 +0200 |
| Subject: evm: Execute evm_inode_init_security() only when an HMAC key is loaded |
| |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| |
| commit 9eea2904292c2d8fa98df141d3bf7c41ec9dc1b5 upstream. |
| |
| evm_inode_init_security() requires an HMAC key to calculate the HMAC on |
| initial xattrs provided by LSMs. However, it checks generically whether a |
| key has been loaded, including also public keys, which is not correct as |
| public keys are not suitable to calculate the HMAC. |
| |
| Originally, support for signature verification was introduced to verify a |
| possibly immutable initial ram disk, when no new files are created, and to |
| switch to HMAC for the root filesystem. By that time, an HMAC key should |
| have been loaded and usable to calculate HMACs for new files. |
| |
| More recently support for requiring an HMAC key was removed from the |
| kernel, so that signature verification can be used alone. Since this is a |
| legitimate use case, evm_inode_init_security() should not return an error |
| when no HMAC key has been loaded. |
| |
| This patch fixes this problem by replacing the evm_key_loaded() check with |
| a check of the EVM_INIT_HMAC flag in evm_initialized. |
| |
| Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded") |
| Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> |
| Cc: stable@vger.kernel.org # 4.5.x |
| Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| security/integrity/evm/evm_main.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/security/integrity/evm/evm_main.c |
| +++ b/security/integrity/evm/evm_main.c |
| @@ -521,7 +521,7 @@ void evm_inode_post_setattr(struct dentr |
| } |
| |
| /* |
| - * evm_inode_init_security - initializes security.evm |
| + * evm_inode_init_security - initializes security.evm HMAC value |
| */ |
| int evm_inode_init_security(struct inode *inode, |
| const struct xattr *lsm_xattr, |
| @@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode |
| struct evm_xattr *xattr_data; |
| int rc; |
| |
| - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) |
| + if (!(evm_initialized & EVM_INIT_HMAC) || |
| + !evm_protected_xattr(lsm_xattr->name)) |
| return 0; |
| |
| xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); |