[PATCH] evm: Correct inode_init_security hooks behaviors

Mimi Zohar zohar at linux.ibm.com
Thu Oct 20 19:51:38 UTC 2022


On Thu, 2022-10-20 at 15:55 +0200, Nicolas Bouchinet wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet at ssi.gouv.fr>
> 
> Fixes a NULL pointer dereference occuring in the
> `evm_protected_xattr_common` function of the EVM LSM. The bug is
> triggered if a `inode_init_security` hook returns 0 without initializing
> the given `struct xattr` fields (which is the case of BPF) and if no
> other LSM overrides thoses fields after. This also leads to memory
> leaks.
> 
> Adds a `call_int_hook_xattr` macro that fetches and feed the
> `new_xattrs` array with every called hook xattr values.
> 
> Adds a `evm_init_hmacs` function which init the EVM hmac using every
> entry of the array contrary to `evm_init_hmac`.
  
Only EVM portable digital signatures include all of the protected
xattrs.   Refer to commit 8c7a703ec978 ("evm: Verify portable
signatures against all protected xattrs").

> 
> Fixes the `evm_inode_init_security` function to use `evm_init_hmacs`.

Won't this break existing EVM hmac usage?

-- 
thanks,

Mimi



More information about the Linux-security-module-archive mailing list