On Fri, 2024-10-11 at 12:15 +0200, Mickaël Salaün wrote:
> On Thu, Oct 10, 2024 at 09:20:52PM -0400, Paul Moore wrote:
> > On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@xxxxxxxxxxx> wrote:
> > >
> > > Use the new inode_get_ino() helper to log the user space's view of
> > > inode's numbers instead of the private kernel values.
> > >
> > > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> > > Cc: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > > Cc: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>
> > > Cc: Eric Snowberg <eric.snowberg@xxxxxxxxxx>
> > > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx>
> > > ---
> > > security/integrity/integrity_audit.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > Should we also need to update the inode value used in hmac_add_misc()?
>
> I'm not sure what the impact will be wrt backward compatibility. Mimi,
> Roberto?
Changing the inode number the HMAC was calculated with has the
potential effect of making the file inaccessible.
In order to use the new inode number, we need to define a new EVM xattr
type, and update the previous xattr version with the new one. We could
deprecate the old xattr version after a while (to be discussed with
Mimi).
Roberto
> >
> > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> > index 7c06ffd633d2..68ae454e187f 100644
> > --- a/security/integrity/evm/evm_crypto.c
> > +++ b/security/integrity/evm/evm_crypto.c
> > @@ -155,7 +155,7 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
> > * signatures
> > */
> > if (type != EVM_XATTR_PORTABLE_DIGSIG) {
> > - hmac_misc.ino = inode->i_ino;
> > + hmac_misc.ino = inode_get_ino(inode->i_ino);
> > hmac_misc.generation = inode->i_generation;
> > }
> > /* The hmac uid and gid must be encoded in the initial user
> >
> > --
> > paul-moore.com
