2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
5 * Serge Hallyn <serue@us.ibm.com>
6 * Reiner Sailer <sailer@watson.ibm.com>
7 * Mimi Zohar <zohar@us.ibm.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 * Implements queues that store template measurements and
16 * maintains aggregate over the stored measurements
17 * in the pre-configured TPM PCR (if available).
18 * The measurement list is append-only. No entry is
19 * ever removed or changed during the boot-cycle.
22 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
24 #include <linux/module.h>
25 #include <linux/rculist.h>
26 #include <linux/slab.h>
29 #define AUDIT_CAUSE_LEN_MAX 32
31 LIST_HEAD(ima_measurements
); /* list of all measurements */
32 #ifdef CONFIG_IMA_KEXEC
33 static unsigned long binary_runtime_size
;
35 static unsigned long binary_runtime_size
= ULONG_MAX
;
38 /* key: inode (before secure-hashing a file) */
39 struct ima_h_table ima_htable
= {
40 .len
= ATOMIC_LONG_INIT(0),
41 .violations
= ATOMIC_LONG_INIT(0),
42 .queue
[0 ... IMA_MEASURE_HTABLE_SIZE
- 1] = HLIST_HEAD_INIT
45 /* mutex protects atomicity of extending measurement list
46 * and extending the TPM PCR aggregate. Since tpm_extend can take
47 * long (and the tpm driver uses a mutex), we can't use the spinlock.
49 static DEFINE_MUTEX(ima_extend_list_mutex
);
51 /* lookup up the digest value in the hash table, and return the entry */
52 static struct ima_queue_entry
*ima_lookup_digest_entry(u8
*digest_value
,
55 struct ima_queue_entry
*qe
, *ret
= NULL
;
59 key
= ima_hash_key(digest_value
);
61 hlist_for_each_entry_rcu(qe
, &ima_htable
.queue
[key
], hnext
) {
62 rc
= memcmp(qe
->entry
->digest
, digest_value
, TPM_DIGEST_SIZE
);
63 if ((rc
== 0) && (qe
->entry
->pcr
== pcr
)) {
73 * Calculate the memory required for serializing a single
74 * binary_runtime_measurement list entry, which contains a
75 * couple of variable length fields (e.g template name and data).
77 static int get_binary_runtime_size(struct ima_template_entry
*entry
)
81 size
+= sizeof(u32
); /* pcr */
82 size
+= sizeof(entry
->digest
);
83 size
+= sizeof(int); /* template name size field */
84 size
+= strlen(entry
->template_desc
->name
);
85 size
+= sizeof(entry
->template_data_len
);
86 size
+= entry
->template_data_len
;
90 /* ima_add_template_entry helper function:
91 * - Add template entry to the measurement list and hash table, for
92 * all entries except those carried across kexec.
94 * (Called with ima_extend_list_mutex held.)
96 static int ima_add_digest_entry(struct ima_template_entry
*entry
,
99 struct ima_queue_entry
*qe
;
102 qe
= kmalloc(sizeof(*qe
), GFP_KERNEL
);
104 pr_err("OUT OF MEMORY ERROR creating queue entry\n");
109 INIT_LIST_HEAD(&qe
->later
);
110 list_add_tail_rcu(&qe
->later
, &ima_measurements
);
112 atomic_long_inc(&ima_htable
.len
);
114 key
= ima_hash_key(entry
->digest
);
115 hlist_add_head_rcu(&qe
->hnext
, &ima_htable
.queue
[key
]);
118 if (binary_runtime_size
!= ULONG_MAX
) {
121 size
= get_binary_runtime_size(entry
);
122 binary_runtime_size
= (binary_runtime_size
< ULONG_MAX
- size
) ?
123 binary_runtime_size
+ size
: ULONG_MAX
;
129 * Return the amount of memory required for serializing the
130 * entire binary_runtime_measurement list, including the ima_kexec_hdr
133 unsigned long ima_get_binary_runtime_size(void)
135 if (binary_runtime_size
>= (ULONG_MAX
- sizeof(struct ima_kexec_hdr
)))
138 return binary_runtime_size
+ sizeof(struct ima_kexec_hdr
);
141 static int ima_pcr_extend(const u8
*hash
, int pcr
)
148 result
= tpm_pcr_extend(NULL
, pcr
, hash
);
150 pr_err("Error Communicating to TPM chip, result: %d\n", result
);
155 * Add template entry to the measurement list and hash table, and
158 * On systems which support carrying the IMA measurement list across
159 * kexec, maintain the total memory size required for serializing the
160 * binary_runtime_measurements.
162 int ima_add_template_entry(struct ima_template_entry
*entry
, int violation
,
163 const char *op
, struct inode
*inode
,
164 const unsigned char *filename
)
166 u8 digest
[TPM_DIGEST_SIZE
];
167 const char *audit_cause
= "hash_added";
168 char tpm_audit_cause
[AUDIT_CAUSE_LEN_MAX
];
170 int result
= 0, tpmresult
= 0;
172 mutex_lock(&ima_extend_list_mutex
);
174 memcpy(digest
, entry
->digest
, sizeof(digest
));
175 if (ima_lookup_digest_entry(digest
, entry
->pcr
)) {
176 audit_cause
= "hash_exists";
182 result
= ima_add_digest_entry(entry
, 1);
184 audit_cause
= "ENOMEM";
189 if (violation
) /* invalidate pcr */
190 memset(digest
, 0xff, sizeof(digest
));
192 tpmresult
= ima_pcr_extend(digest
, entry
->pcr
);
193 if (tpmresult
!= 0) {
194 snprintf(tpm_audit_cause
, AUDIT_CAUSE_LEN_MAX
, "TPM_error(%d)",
196 audit_cause
= tpm_audit_cause
;
200 mutex_unlock(&ima_extend_list_mutex
);
201 integrity_audit_msg(AUDIT_INTEGRITY_PCR
, inode
, filename
,
202 op
, audit_cause
, result
, audit_info
);
206 int ima_restore_measurement_entry(struct ima_template_entry
*entry
)
210 mutex_lock(&ima_extend_list_mutex
);
211 result
= ima_add_digest_entry(entry
, 0);
212 mutex_unlock(&ima_extend_list_mutex
);