[PATCH] ima: Make a copy of sig and digest in asymmetric_verify()
Mimi Zohar
zohar at linux.ibm.com
Tue Nov 22 19:39:12 UTC 2022
Hi Roberto,
On Fri, 2022-11-04 at 13:20 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Commit ac4e97abce9b8 ("scatterlist: sg_set_buf() argument must be in linear
> mapping") requires that both the signature and the digest resides in the
> linear mapping area.
>
> However, more recently commit ba14a194a434c ("fork: Add generic vmalloced
> stack support"), made it possible to move the stack in the vmalloc area,
> which could make the requirement of the first commit not satisfied anymore.
>
> If CONFIG_SG=y and CONFIG_VMAP_STACK=y, the following BUG() is triggered:
^CONFIG_DEBUG_SG
>
> [ 467.077359] kernel BUG at include/linux/scatterlist.h:163!
> [ 467.077939] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
>
> [...]
>
> [ 467.095225] Call Trace:
> [ 467.096088] <TASK>
> [ 467.096928] ? rcu_read_lock_held_common+0xe/0x50
> [ 467.097569] ? rcu_read_lock_sched_held+0x13/0x70
> [ 467.098123] ? trace_hardirqs_on+0x2c/0xd0
> [ 467.098647] ? public_key_verify_signature+0x470/0x470
> [ 467.099237] asymmetric_verify+0x14c/0x300
> [ 467.099869] evm_verify_hmac+0x245/0x360
> [ 467.100391] evm_inode_setattr+0x43/0x190
>
> The failure happens only for the digest, as the pointer comes from the
> stack, and not for the signature, which instead was allocated by
> vfs_getxattr_alloc().
Only after enabling CONFIG_DEBUG_SG does EVM fail.
>
> Fix this by making a copy of both in asymmetric_verify(), so that the
> linear mapping requirement is always satisfied, regardless of the caller.
As only EVM is affected, it would make more sense to limit the change
to EVM.
--
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list