18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * Copyright (C) 2005,2006,2007,2008 IBM Corporation 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Authors: 68c2ecf20Sopenharmony_ci * Serge Hallyn <serue@us.ibm.com> 78c2ecf20Sopenharmony_ci * Reiner Sailer <sailer@watson.ibm.com> 88c2ecf20Sopenharmony_ci * Mimi Zohar <zohar@us.ibm.com> 98c2ecf20Sopenharmony_ci * 108c2ecf20Sopenharmony_ci * File: ima_queue.c 118c2ecf20Sopenharmony_ci * Implements queues that store template measurements and 128c2ecf20Sopenharmony_ci * maintains aggregate over the stored measurements 138c2ecf20Sopenharmony_ci * in the pre-configured TPM PCR (if available). 148c2ecf20Sopenharmony_ci * The measurement list is append-only. No entry is 158c2ecf20Sopenharmony_ci * ever removed or changed during the boot-cycle. 168c2ecf20Sopenharmony_ci */ 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci#include <linux/rculist.h> 198c2ecf20Sopenharmony_ci#include <linux/slab.h> 208c2ecf20Sopenharmony_ci#include "ima.h" 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci#define AUDIT_CAUSE_LEN_MAX 32 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_ci/* pre-allocated array of tpm_digest structures to extend a PCR */ 258c2ecf20Sopenharmony_cistatic struct tpm_digest *digests; 268c2ecf20Sopenharmony_ci 278c2ecf20Sopenharmony_ciLIST_HEAD(ima_measurements); /* list of all measurements */ 288c2ecf20Sopenharmony_ci#ifdef CONFIG_IMA_KEXEC 298c2ecf20Sopenharmony_cistatic unsigned long binary_runtime_size; 308c2ecf20Sopenharmony_ci#else 318c2ecf20Sopenharmony_cistatic unsigned long binary_runtime_size = ULONG_MAX; 328c2ecf20Sopenharmony_ci#endif 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ci/* key: inode (before secure-hashing a file) */ 358c2ecf20Sopenharmony_cistruct ima_h_table ima_htable = { 368c2ecf20Sopenharmony_ci .len = ATOMIC_LONG_INIT(0), 378c2ecf20Sopenharmony_ci .violations = ATOMIC_LONG_INIT(0), 388c2ecf20Sopenharmony_ci .queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT 398c2ecf20Sopenharmony_ci}; 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci/* mutex protects atomicity of extending measurement list 428c2ecf20Sopenharmony_ci * and extending the TPM PCR aggregate. Since tpm_extend can take 438c2ecf20Sopenharmony_ci * long (and the tpm driver uses a mutex), we can't use the spinlock. 448c2ecf20Sopenharmony_ci */ 458c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(ima_extend_list_mutex); 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci/* lookup up the digest value in the hash table, and return the entry */ 488c2ecf20Sopenharmony_cistatic struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value, 498c2ecf20Sopenharmony_ci int pcr) 508c2ecf20Sopenharmony_ci{ 518c2ecf20Sopenharmony_ci struct ima_queue_entry *qe, *ret = NULL; 528c2ecf20Sopenharmony_ci unsigned int key; 538c2ecf20Sopenharmony_ci int rc; 548c2ecf20Sopenharmony_ci 558c2ecf20Sopenharmony_ci key = ima_hash_key(digest_value); 568c2ecf20Sopenharmony_ci rcu_read_lock(); 578c2ecf20Sopenharmony_ci hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) { 588c2ecf20Sopenharmony_ci rc = memcmp(qe->entry->digests[ima_hash_algo_idx].digest, 598c2ecf20Sopenharmony_ci digest_value, hash_digest_size[ima_hash_algo]); 608c2ecf20Sopenharmony_ci if ((rc == 0) && (qe->entry->pcr == pcr)) { 618c2ecf20Sopenharmony_ci ret = qe; 628c2ecf20Sopenharmony_ci break; 638c2ecf20Sopenharmony_ci } 648c2ecf20Sopenharmony_ci } 658c2ecf20Sopenharmony_ci rcu_read_unlock(); 668c2ecf20Sopenharmony_ci return ret; 678c2ecf20Sopenharmony_ci} 688c2ecf20Sopenharmony_ci 698c2ecf20Sopenharmony_ci/* 708c2ecf20Sopenharmony_ci * Calculate the memory required for serializing a single 718c2ecf20Sopenharmony_ci * binary_runtime_measurement list entry, which contains a 728c2ecf20Sopenharmony_ci * couple of variable length fields (e.g template name and data). 738c2ecf20Sopenharmony_ci */ 748c2ecf20Sopenharmony_cistatic int get_binary_runtime_size(struct ima_template_entry *entry) 758c2ecf20Sopenharmony_ci{ 768c2ecf20Sopenharmony_ci int size = 0; 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci size += sizeof(u32); /* pcr */ 798c2ecf20Sopenharmony_ci size += TPM_DIGEST_SIZE; 808c2ecf20Sopenharmony_ci size += sizeof(int); /* template name size field */ 818c2ecf20Sopenharmony_ci size += strlen(entry->template_desc->name); 828c2ecf20Sopenharmony_ci size += sizeof(entry->template_data_len); 838c2ecf20Sopenharmony_ci size += entry->template_data_len; 848c2ecf20Sopenharmony_ci return size; 858c2ecf20Sopenharmony_ci} 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ci/* ima_add_template_entry helper function: 888c2ecf20Sopenharmony_ci * - Add template entry to the measurement list and hash table, for 898c2ecf20Sopenharmony_ci * all entries except those carried across kexec. 908c2ecf20Sopenharmony_ci * 918c2ecf20Sopenharmony_ci * (Called with ima_extend_list_mutex held.) 928c2ecf20Sopenharmony_ci */ 938c2ecf20Sopenharmony_cistatic int ima_add_digest_entry(struct ima_template_entry *entry, 948c2ecf20Sopenharmony_ci bool update_htable) 958c2ecf20Sopenharmony_ci{ 968c2ecf20Sopenharmony_ci struct ima_queue_entry *qe; 978c2ecf20Sopenharmony_ci unsigned int key; 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci qe = kmalloc(sizeof(*qe), GFP_KERNEL); 1008c2ecf20Sopenharmony_ci if (qe == NULL) { 1018c2ecf20Sopenharmony_ci pr_err("OUT OF MEMORY ERROR creating queue entry\n"); 1028c2ecf20Sopenharmony_ci return -ENOMEM; 1038c2ecf20Sopenharmony_ci } 1048c2ecf20Sopenharmony_ci qe->entry = entry; 1058c2ecf20Sopenharmony_ci 1068c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&qe->later); 1078c2ecf20Sopenharmony_ci list_add_tail_rcu(&qe->later, &ima_measurements); 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci atomic_long_inc(&ima_htable.len); 1108c2ecf20Sopenharmony_ci if (update_htable) { 1118c2ecf20Sopenharmony_ci key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest); 1128c2ecf20Sopenharmony_ci hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); 1138c2ecf20Sopenharmony_ci } 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_ci if (binary_runtime_size != ULONG_MAX) { 1168c2ecf20Sopenharmony_ci int size; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci size = get_binary_runtime_size(entry); 1198c2ecf20Sopenharmony_ci binary_runtime_size = (binary_runtime_size < ULONG_MAX - size) ? 1208c2ecf20Sopenharmony_ci binary_runtime_size + size : ULONG_MAX; 1218c2ecf20Sopenharmony_ci } 1228c2ecf20Sopenharmony_ci return 0; 1238c2ecf20Sopenharmony_ci} 1248c2ecf20Sopenharmony_ci 1258c2ecf20Sopenharmony_ci/* 1268c2ecf20Sopenharmony_ci * Return the amount of memory required for serializing the 1278c2ecf20Sopenharmony_ci * entire binary_runtime_measurement list, including the ima_kexec_hdr 1288c2ecf20Sopenharmony_ci * structure. 1298c2ecf20Sopenharmony_ci */ 1308c2ecf20Sopenharmony_ciunsigned long ima_get_binary_runtime_size(void) 1318c2ecf20Sopenharmony_ci{ 1328c2ecf20Sopenharmony_ci if (binary_runtime_size >= (ULONG_MAX - sizeof(struct ima_kexec_hdr))) 1338c2ecf20Sopenharmony_ci return ULONG_MAX; 1348c2ecf20Sopenharmony_ci else 1358c2ecf20Sopenharmony_ci return binary_runtime_size + sizeof(struct ima_kexec_hdr); 1368c2ecf20Sopenharmony_ci} 1378c2ecf20Sopenharmony_ci 1388c2ecf20Sopenharmony_cistatic int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr) 1398c2ecf20Sopenharmony_ci{ 1408c2ecf20Sopenharmony_ci int result = 0; 1418c2ecf20Sopenharmony_ci 1428c2ecf20Sopenharmony_ci if (!ima_tpm_chip) 1438c2ecf20Sopenharmony_ci return result; 1448c2ecf20Sopenharmony_ci 1458c2ecf20Sopenharmony_ci result = tpm_pcr_extend(ima_tpm_chip, pcr, digests_arg); 1468c2ecf20Sopenharmony_ci if (result != 0) 1478c2ecf20Sopenharmony_ci pr_err("Error Communicating to TPM chip, result: %d\n", result); 1488c2ecf20Sopenharmony_ci return result; 1498c2ecf20Sopenharmony_ci} 1508c2ecf20Sopenharmony_ci 1518c2ecf20Sopenharmony_ci/* 1528c2ecf20Sopenharmony_ci * Add template entry to the measurement list and hash table, and 1538c2ecf20Sopenharmony_ci * extend the pcr. 1548c2ecf20Sopenharmony_ci * 1558c2ecf20Sopenharmony_ci * On systems which support carrying the IMA measurement list across 1568c2ecf20Sopenharmony_ci * kexec, maintain the total memory size required for serializing the 1578c2ecf20Sopenharmony_ci * binary_runtime_measurements. 1588c2ecf20Sopenharmony_ci */ 1598c2ecf20Sopenharmony_ciint ima_add_template_entry(struct ima_template_entry *entry, int violation, 1608c2ecf20Sopenharmony_ci const char *op, struct inode *inode, 1618c2ecf20Sopenharmony_ci const unsigned char *filename) 1628c2ecf20Sopenharmony_ci{ 1638c2ecf20Sopenharmony_ci u8 *digest = entry->digests[ima_hash_algo_idx].digest; 1648c2ecf20Sopenharmony_ci struct tpm_digest *digests_arg = entry->digests; 1658c2ecf20Sopenharmony_ci const char *audit_cause = "hash_added"; 1668c2ecf20Sopenharmony_ci char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; 1678c2ecf20Sopenharmony_ci int audit_info = 1; 1688c2ecf20Sopenharmony_ci int result = 0, tpmresult = 0; 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ci mutex_lock(&ima_extend_list_mutex); 1718c2ecf20Sopenharmony_ci if (!violation) { 1728c2ecf20Sopenharmony_ci if (ima_lookup_digest_entry(digest, entry->pcr)) { 1738c2ecf20Sopenharmony_ci audit_cause = "hash_exists"; 1748c2ecf20Sopenharmony_ci result = -EEXIST; 1758c2ecf20Sopenharmony_ci goto out; 1768c2ecf20Sopenharmony_ci } 1778c2ecf20Sopenharmony_ci } 1788c2ecf20Sopenharmony_ci 1798c2ecf20Sopenharmony_ci result = ima_add_digest_entry(entry, 1); 1808c2ecf20Sopenharmony_ci if (result < 0) { 1818c2ecf20Sopenharmony_ci audit_cause = "ENOMEM"; 1828c2ecf20Sopenharmony_ci audit_info = 0; 1838c2ecf20Sopenharmony_ci goto out; 1848c2ecf20Sopenharmony_ci } 1858c2ecf20Sopenharmony_ci 1868c2ecf20Sopenharmony_ci if (violation) /* invalidate pcr */ 1878c2ecf20Sopenharmony_ci digests_arg = digests; 1888c2ecf20Sopenharmony_ci 1898c2ecf20Sopenharmony_ci tpmresult = ima_pcr_extend(digests_arg, entry->pcr); 1908c2ecf20Sopenharmony_ci if (tpmresult != 0) { 1918c2ecf20Sopenharmony_ci snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", 1928c2ecf20Sopenharmony_ci tpmresult); 1938c2ecf20Sopenharmony_ci audit_cause = tpm_audit_cause; 1948c2ecf20Sopenharmony_ci audit_info = 0; 1958c2ecf20Sopenharmony_ci } 1968c2ecf20Sopenharmony_ciout: 1978c2ecf20Sopenharmony_ci mutex_unlock(&ima_extend_list_mutex); 1988c2ecf20Sopenharmony_ci integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 1998c2ecf20Sopenharmony_ci op, audit_cause, result, audit_info); 2008c2ecf20Sopenharmony_ci return result; 2018c2ecf20Sopenharmony_ci} 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_ciint ima_restore_measurement_entry(struct ima_template_entry *entry) 2048c2ecf20Sopenharmony_ci{ 2058c2ecf20Sopenharmony_ci int result = 0; 2068c2ecf20Sopenharmony_ci 2078c2ecf20Sopenharmony_ci mutex_lock(&ima_extend_list_mutex); 2088c2ecf20Sopenharmony_ci result = ima_add_digest_entry(entry, 0); 2098c2ecf20Sopenharmony_ci mutex_unlock(&ima_extend_list_mutex); 2108c2ecf20Sopenharmony_ci return result; 2118c2ecf20Sopenharmony_ci} 2128c2ecf20Sopenharmony_ci 2138c2ecf20Sopenharmony_ciint __init ima_init_digests(void) 2148c2ecf20Sopenharmony_ci{ 2158c2ecf20Sopenharmony_ci u16 digest_size; 2168c2ecf20Sopenharmony_ci u16 crypto_id; 2178c2ecf20Sopenharmony_ci int i; 2188c2ecf20Sopenharmony_ci 2198c2ecf20Sopenharmony_ci if (!ima_tpm_chip) 2208c2ecf20Sopenharmony_ci return 0; 2218c2ecf20Sopenharmony_ci 2228c2ecf20Sopenharmony_ci digests = kcalloc(ima_tpm_chip->nr_allocated_banks, sizeof(*digests), 2238c2ecf20Sopenharmony_ci GFP_NOFS); 2248c2ecf20Sopenharmony_ci if (!digests) 2258c2ecf20Sopenharmony_ci return -ENOMEM; 2268c2ecf20Sopenharmony_ci 2278c2ecf20Sopenharmony_ci for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) { 2288c2ecf20Sopenharmony_ci digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id; 2298c2ecf20Sopenharmony_ci digest_size = ima_tpm_chip->allocated_banks[i].digest_size; 2308c2ecf20Sopenharmony_ci crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id; 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_ci /* for unmapped TPM algorithms digest is still a padded SHA1 */ 2338c2ecf20Sopenharmony_ci if (crypto_id == HASH_ALGO__LAST) 2348c2ecf20Sopenharmony_ci digest_size = SHA1_DIGEST_SIZE; 2358c2ecf20Sopenharmony_ci 2368c2ecf20Sopenharmony_ci memset(digests[i].digest, 0xff, digest_size); 2378c2ecf20Sopenharmony_ci } 2388c2ecf20Sopenharmony_ci 2398c2ecf20Sopenharmony_ci return 0; 2408c2ecf20Sopenharmony_ci} 241