Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
From: Paul Moore
Date: Wed Feb 07 2024 - 22:27:20 EST
On Jan 15, 2024 Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote:
>
> In preparation for removing the 'integrity' LSM, move
> integrity_kernel_module_request() to IMA, and rename it to
> ima_kernel_module_request().
>
> Compile it conditionally if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled,
> and call it from security.c (removed afterwards with the move of IMA to the
> LSM infrastructure).
>
> Adding this hook cannot be avoided, since IMA has no control on the flags
> passed to crypto_alloc_sig() in public_key_verify_signature(), and thus
> cannot pass CRYPTO_NOLOAD, which solved the problem for EVM hashing with
> commit e2861fa71641 ("evm: Don't deadlock if a crypto algorithm is
> unavailable").
>
> EVM alone does not need to implement this hook, first because there is no
> mutex to deadlock, and second because even if it had it, there should be a
> recursive call. However, since verification from EVM can be initiated only
> by setting inode metadata, deadlock would occur if modprobe would do the
> same while loading a kernel module (which is unlikely).
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> ---
> include/linux/ima.h | 10 +++++++++
> include/linux/integrity.h | 13 ------------
> security/integrity/digsig_asymmetric.c | 23 --------------------
> security/integrity/ima/ima_main.c | 29 ++++++++++++++++++++++++++
> security/security.c | 2 +-
> 5 files changed, 40 insertions(+), 37 deletions(-)
Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>
--
paul-moore.com