tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

IMA: Add support for file reads without contents

When the kernel_read_file LSM hook is called with contents=false, IMA
can appraise the file directly, without requiring a filled buffer. When
such a buffer is available, though, IMA can continue to use it instead
of forcing a double read here.

Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Link: https://lore.kernel.org/lkml/20200706232309.12010-10-scott.branden@broadcom.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Link: https://lore.kernel.org/r/20201002173828.2099543-13-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Scott Branden and committed by
Greg Kroah-Hartman 34736dae 2039bda1

+16 -6
+16 -6
security/integrity/ima/ima_main.c
··· 613 613 int ima_read_file(struct file *file, enum kernel_read_file_id read_id, 614 614 bool contents) 615 615 { 616 - /* Reject all partial reads during appraisal. */ 617 - if (!contents) { 618 - if (ima_appraise & IMA_APPRAISE_ENFORCE) 619 - return -EACCES; 620 - } 616 + enum ima_hooks func; 617 + u32 secid; 621 618 622 619 /* 623 620 * Do devices using pre-allocated memory run the risk of the ··· 623 626 * buffers? It may be desirable to include the buffer address 624 627 * in this API and walk all the dma_map_single() mappings to check. 625 628 */ 626 - return 0; 629 + 630 + /* 631 + * There will be a call made to ima_post_read_file() with 632 + * a filled buffer, so we don't need to perform an extra 633 + * read early here. 634 + */ 635 + if (contents) 636 + return 0; 637 + 638 + /* Read entire file for all partial reads. */ 639 + func = read_idmap[read_id] ?: FILE_CHECK; 640 + security_task_getsecid(current, &secid); 641 + return process_measurement(file, current_cred(), secid, NULL, 642 + 0, MAY_READ, func); 627 643 } 628 644 629 645 const int read_idmap[READING_MAX_ID] = {