162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (C) 2005,2006,2007,2008 IBM Corporation 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Authors: 662306a36Sopenharmony_ci * Serge Hallyn <serue@us.ibm.com> 762306a36Sopenharmony_ci * Reiner Sailer <sailer@watson.ibm.com> 862306a36Sopenharmony_ci * Mimi Zohar <zohar@us.ibm.com> 962306a36Sopenharmony_ci * 1062306a36Sopenharmony_ci * File: ima_queue.c 1162306a36Sopenharmony_ci * Implements queues that store template measurements and 1262306a36Sopenharmony_ci * maintains aggregate over the stored measurements 1362306a36Sopenharmony_ci * in the pre-configured TPM PCR (if available). 1462306a36Sopenharmony_ci * The measurement list is append-only. No entry is 1562306a36Sopenharmony_ci * ever removed or changed during the boot-cycle. 1662306a36Sopenharmony_ci */ 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci#include <linux/rculist.h> 1962306a36Sopenharmony_ci#include <linux/slab.h> 2062306a36Sopenharmony_ci#include "ima.h" 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#define AUDIT_CAUSE_LEN_MAX 32 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ci/* pre-allocated array of tpm_digest structures to extend a PCR */ 2562306a36Sopenharmony_cistatic struct tpm_digest *digests; 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ciLIST_HEAD(ima_measurements); /* list of all measurements */ 2862306a36Sopenharmony_ci#ifdef CONFIG_IMA_KEXEC 2962306a36Sopenharmony_cistatic unsigned long binary_runtime_size; 3062306a36Sopenharmony_ci#else 3162306a36Sopenharmony_cistatic unsigned long binary_runtime_size = ULONG_MAX; 3262306a36Sopenharmony_ci#endif 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci/* key: inode (before secure-hashing a file) */ 3562306a36Sopenharmony_cistruct ima_h_table ima_htable = { 3662306a36Sopenharmony_ci .len = ATOMIC_LONG_INIT(0), 3762306a36Sopenharmony_ci .violations = ATOMIC_LONG_INIT(0), 3862306a36Sopenharmony_ci .queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT 3962306a36Sopenharmony_ci}; 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci/* mutex protects atomicity of extending measurement list 4262306a36Sopenharmony_ci * and extending the TPM PCR aggregate. Since tpm_extend can take 4362306a36Sopenharmony_ci * long (and the tpm driver uses a mutex), we can't use the spinlock. 4462306a36Sopenharmony_ci */ 4562306a36Sopenharmony_cistatic DEFINE_MUTEX(ima_extend_list_mutex); 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ci/* lookup up the digest value in the hash table, and return the entry */ 4862306a36Sopenharmony_cistatic struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value, 4962306a36Sopenharmony_ci int pcr) 5062306a36Sopenharmony_ci{ 5162306a36Sopenharmony_ci struct ima_queue_entry *qe, *ret = NULL; 5262306a36Sopenharmony_ci unsigned int key; 5362306a36Sopenharmony_ci int rc; 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci key = ima_hash_key(digest_value); 5662306a36Sopenharmony_ci rcu_read_lock(); 5762306a36Sopenharmony_ci hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) { 5862306a36Sopenharmony_ci rc = memcmp(qe->entry->digests[ima_hash_algo_idx].digest, 5962306a36Sopenharmony_ci digest_value, hash_digest_size[ima_hash_algo]); 6062306a36Sopenharmony_ci if ((rc == 0) && (qe->entry->pcr == pcr)) { 6162306a36Sopenharmony_ci ret = qe; 6262306a36Sopenharmony_ci break; 6362306a36Sopenharmony_ci } 6462306a36Sopenharmony_ci } 6562306a36Sopenharmony_ci rcu_read_unlock(); 6662306a36Sopenharmony_ci return ret; 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci/* 7062306a36Sopenharmony_ci * Calculate the memory required for serializing a single 7162306a36Sopenharmony_ci * binary_runtime_measurement list entry, which contains a 7262306a36Sopenharmony_ci * couple of variable length fields (e.g template name and data). 7362306a36Sopenharmony_ci */ 7462306a36Sopenharmony_cistatic int get_binary_runtime_size(struct ima_template_entry *entry) 7562306a36Sopenharmony_ci{ 7662306a36Sopenharmony_ci int size = 0; 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci size += sizeof(u32); /* pcr */ 7962306a36Sopenharmony_ci size += TPM_DIGEST_SIZE; 8062306a36Sopenharmony_ci size += sizeof(int); /* template name size field */ 8162306a36Sopenharmony_ci size += strlen(entry->template_desc->name); 8262306a36Sopenharmony_ci size += sizeof(entry->template_data_len); 8362306a36Sopenharmony_ci size += entry->template_data_len; 8462306a36Sopenharmony_ci return size; 8562306a36Sopenharmony_ci} 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci/* ima_add_template_entry helper function: 8862306a36Sopenharmony_ci * - Add template entry to the measurement list and hash table, for 8962306a36Sopenharmony_ci * all entries except those carried across kexec. 9062306a36Sopenharmony_ci * 9162306a36Sopenharmony_ci * (Called with ima_extend_list_mutex held.) 9262306a36Sopenharmony_ci */ 9362306a36Sopenharmony_cistatic int ima_add_digest_entry(struct ima_template_entry *entry, 9462306a36Sopenharmony_ci bool update_htable) 9562306a36Sopenharmony_ci{ 9662306a36Sopenharmony_ci struct ima_queue_entry *qe; 9762306a36Sopenharmony_ci unsigned int key; 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci qe = kmalloc(sizeof(*qe), GFP_KERNEL); 10062306a36Sopenharmony_ci if (qe == NULL) { 10162306a36Sopenharmony_ci pr_err("OUT OF MEMORY ERROR creating queue entry\n"); 10262306a36Sopenharmony_ci return -ENOMEM; 10362306a36Sopenharmony_ci } 10462306a36Sopenharmony_ci qe->entry = entry; 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci INIT_LIST_HEAD(&qe->later); 10762306a36Sopenharmony_ci list_add_tail_rcu(&qe->later, &ima_measurements); 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_ci atomic_long_inc(&ima_htable.len); 11062306a36Sopenharmony_ci if (update_htable) { 11162306a36Sopenharmony_ci key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest); 11262306a36Sopenharmony_ci hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); 11362306a36Sopenharmony_ci } 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci if (binary_runtime_size != ULONG_MAX) { 11662306a36Sopenharmony_ci int size; 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_ci size = get_binary_runtime_size(entry); 11962306a36Sopenharmony_ci binary_runtime_size = (binary_runtime_size < ULONG_MAX - size) ? 12062306a36Sopenharmony_ci binary_runtime_size + size : ULONG_MAX; 12162306a36Sopenharmony_ci } 12262306a36Sopenharmony_ci return 0; 12362306a36Sopenharmony_ci} 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_ci/* 12662306a36Sopenharmony_ci * Return the amount of memory required for serializing the 12762306a36Sopenharmony_ci * entire binary_runtime_measurement list, including the ima_kexec_hdr 12862306a36Sopenharmony_ci * structure. 12962306a36Sopenharmony_ci */ 13062306a36Sopenharmony_ciunsigned long ima_get_binary_runtime_size(void) 13162306a36Sopenharmony_ci{ 13262306a36Sopenharmony_ci if (binary_runtime_size >= (ULONG_MAX - sizeof(struct ima_kexec_hdr))) 13362306a36Sopenharmony_ci return ULONG_MAX; 13462306a36Sopenharmony_ci else 13562306a36Sopenharmony_ci return binary_runtime_size + sizeof(struct ima_kexec_hdr); 13662306a36Sopenharmony_ci} 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_cistatic int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr) 13962306a36Sopenharmony_ci{ 14062306a36Sopenharmony_ci int result = 0; 14162306a36Sopenharmony_ci 14262306a36Sopenharmony_ci if (!ima_tpm_chip) 14362306a36Sopenharmony_ci return result; 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci result = tpm_pcr_extend(ima_tpm_chip, pcr, digests_arg); 14662306a36Sopenharmony_ci if (result != 0) 14762306a36Sopenharmony_ci pr_err("Error Communicating to TPM chip, result: %d\n", result); 14862306a36Sopenharmony_ci return result; 14962306a36Sopenharmony_ci} 15062306a36Sopenharmony_ci 15162306a36Sopenharmony_ci/* 15262306a36Sopenharmony_ci * Add template entry to the measurement list and hash table, and 15362306a36Sopenharmony_ci * extend the pcr. 15462306a36Sopenharmony_ci * 15562306a36Sopenharmony_ci * On systems which support carrying the IMA measurement list across 15662306a36Sopenharmony_ci * kexec, maintain the total memory size required for serializing the 15762306a36Sopenharmony_ci * binary_runtime_measurements. 15862306a36Sopenharmony_ci */ 15962306a36Sopenharmony_ciint ima_add_template_entry(struct ima_template_entry *entry, int violation, 16062306a36Sopenharmony_ci const char *op, struct inode *inode, 16162306a36Sopenharmony_ci const unsigned char *filename) 16262306a36Sopenharmony_ci{ 16362306a36Sopenharmony_ci u8 *digest = entry->digests[ima_hash_algo_idx].digest; 16462306a36Sopenharmony_ci struct tpm_digest *digests_arg = entry->digests; 16562306a36Sopenharmony_ci const char *audit_cause = "hash_added"; 16662306a36Sopenharmony_ci char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; 16762306a36Sopenharmony_ci int audit_info = 1; 16862306a36Sopenharmony_ci int result = 0, tpmresult = 0; 16962306a36Sopenharmony_ci 17062306a36Sopenharmony_ci mutex_lock(&ima_extend_list_mutex); 17162306a36Sopenharmony_ci if (!violation && !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)) { 17262306a36Sopenharmony_ci if (ima_lookup_digest_entry(digest, entry->pcr)) { 17362306a36Sopenharmony_ci audit_cause = "hash_exists"; 17462306a36Sopenharmony_ci result = -EEXIST; 17562306a36Sopenharmony_ci goto out; 17662306a36Sopenharmony_ci } 17762306a36Sopenharmony_ci } 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_ci result = ima_add_digest_entry(entry, 18062306a36Sopenharmony_ci !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)); 18162306a36Sopenharmony_ci if (result < 0) { 18262306a36Sopenharmony_ci audit_cause = "ENOMEM"; 18362306a36Sopenharmony_ci audit_info = 0; 18462306a36Sopenharmony_ci goto out; 18562306a36Sopenharmony_ci } 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_ci if (violation) /* invalidate pcr */ 18862306a36Sopenharmony_ci digests_arg = digests; 18962306a36Sopenharmony_ci 19062306a36Sopenharmony_ci tpmresult = ima_pcr_extend(digests_arg, entry->pcr); 19162306a36Sopenharmony_ci if (tpmresult != 0) { 19262306a36Sopenharmony_ci snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", 19362306a36Sopenharmony_ci tpmresult); 19462306a36Sopenharmony_ci audit_cause = tpm_audit_cause; 19562306a36Sopenharmony_ci audit_info = 0; 19662306a36Sopenharmony_ci } 19762306a36Sopenharmony_ciout: 19862306a36Sopenharmony_ci mutex_unlock(&ima_extend_list_mutex); 19962306a36Sopenharmony_ci integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 20062306a36Sopenharmony_ci op, audit_cause, result, audit_info); 20162306a36Sopenharmony_ci return result; 20262306a36Sopenharmony_ci} 20362306a36Sopenharmony_ci 20462306a36Sopenharmony_ciint ima_restore_measurement_entry(struct ima_template_entry *entry) 20562306a36Sopenharmony_ci{ 20662306a36Sopenharmony_ci int result = 0; 20762306a36Sopenharmony_ci 20862306a36Sopenharmony_ci mutex_lock(&ima_extend_list_mutex); 20962306a36Sopenharmony_ci result = ima_add_digest_entry(entry, 0); 21062306a36Sopenharmony_ci mutex_unlock(&ima_extend_list_mutex); 21162306a36Sopenharmony_ci return result; 21262306a36Sopenharmony_ci} 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ciint __init ima_init_digests(void) 21562306a36Sopenharmony_ci{ 21662306a36Sopenharmony_ci u16 digest_size; 21762306a36Sopenharmony_ci u16 crypto_id; 21862306a36Sopenharmony_ci int i; 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_ci if (!ima_tpm_chip) 22162306a36Sopenharmony_ci return 0; 22262306a36Sopenharmony_ci 22362306a36Sopenharmony_ci digests = kcalloc(ima_tpm_chip->nr_allocated_banks, sizeof(*digests), 22462306a36Sopenharmony_ci GFP_NOFS); 22562306a36Sopenharmony_ci if (!digests) 22662306a36Sopenharmony_ci return -ENOMEM; 22762306a36Sopenharmony_ci 22862306a36Sopenharmony_ci for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) { 22962306a36Sopenharmony_ci digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id; 23062306a36Sopenharmony_ci digest_size = ima_tpm_chip->allocated_banks[i].digest_size; 23162306a36Sopenharmony_ci crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id; 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_ci /* for unmapped TPM algorithms digest is still a padded SHA1 */ 23462306a36Sopenharmony_ci if (crypto_id == HASH_ALGO__LAST) 23562306a36Sopenharmony_ci digest_size = SHA1_DIGEST_SIZE; 23662306a36Sopenharmony_ci 23762306a36Sopenharmony_ci memset(digests[i].digest, 0xff, digest_size); 23862306a36Sopenharmony_ci } 23962306a36Sopenharmony_ci 24062306a36Sopenharmony_ci return 0; 24162306a36Sopenharmony_ci} 242