[PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
amir73il at gmail.com
Fri Feb 2 15:51:40 UTC 2024
On Fri, Feb 2, 2024 at 4:59 PM Stefan Berger <stefanb at linux.ibm.com> wrote:
>
>
>
> On 2/2/24 04:24, Amir Goldstein wrote:
> > On Thu, Feb 1, 2024 at 10:35 PM Stefan Berger <stefanb at linux.ibm.com> wrote:
>
> >
> >>
> >> and your suggested change to this patch :
> >>
> >> - struct inode *inode = d_real_inode(dentry);
> >> + struct inode *inode = d_inode(d_real(dentry, false));;
> >>
> >
> > In the new version I change the API to use an enum instead of bool, e.g.:
> >
> > struct inode *inode = d_inode(d_real(dentry, D_REAL_METADATA));
>
> Thanks. I will use it.
>
> >
> > This catches in build time and in run time, callers that were not converted
> > to the new API.
> >
> >> The test cases are now passing with and without metacopy enabled. Yay!
> >
> > Too soon to be happy.
> > I guess you are missing a test for the following case:
> > 1. file was meta copied up (change is detected)
> > 2. the lower file that contains the data is being changed (change is
> > not detected)
>
> Right. Though it seems there's something wrong with overlayfs as well
> after appending a byte to the file on the lower.
>
> -rwxr-xr-x 1 0 0 25 Feb 2 14:55
> /ext4.mount/lower/test_rsa_portable2
> -rwxr-xr-x 1 0 0 24 Feb 2 14:55
> /ext4.mount/overlay/test_rsa_portable2
> bb16aa5350bcc8863da1a873c846fec9281842d9
> /ext4.mount/lower/test_rsa_portable2
> bb16aa5350bcc8863da1a873c846fec9281842d9
> /ext4.mount/overlay/test_rsa_portable2
>
> We have a hash collision on a file with 24 bytes and the underlying one
> with 25 byte. (-; :-)
https://docs.kernel.org/filesystems/overlayfs.html#changes-to-underlying-filesystems
If you modify the lower file underneath overlayfs, you get no
guarantee from overlayfs about expected results.
This makes your work more challenging.
Thanks,
Amir.
More information about the Linux-security-module-archive
mailing list