On Mon, 2018-03-19 at 21:05 +0100, Petr Vorel wrote: > Hi Mimi, > > > On Mon, 2018-03-19 at 15:43 +1100, James Morris wrote: > > > On Sat, 17 Mar 2018, Mimi Zohar wrote: > > > > > On Sat, 2018-03-17 at 00:28 +0100, Petr Vorel wrote: > > > > > IMA requires have it's hash algorithm to be compiled-in due it's early > > > > > use. Default IMA algorithm is protected by Kconfig to be compiled-in. > > > > > > ima_hash kernel parameter allows to choose hash algorithm. When > > > > > specified algorithm not available or available as module, IMA > > > > > initialization fails, but mknodat syscall expect it and calls > > > > > ima_post_path_mknod(). This leads to to kernel oops: > > > > > > $ grep CONFIG_CRYPTO_MD4 .config > > > > > CONFIG_CRYPTO_MD4=m > > > > > > [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.12.14-2.3-default root=UUID=74ae8202-9ca7-4e39-813b-22287ec52f7a video=1024x768-16 plymouth.ignore-serial-consoles console=ttyS0 console=tty resume=/dev/disk/by-path/pci-0000:00:07.0-part3 splash=silent showopts ima_hash=md4 > > > > > ... > > > > > [ 1.545190] ima: Can not allocate md4 (reason: -2) > > > > > The hash algorithm specified on the boot command line needs to be > > > > builtin. For whatever reason it isn't builtin, rather than skipping > > > > measurements, a better solution I think would be to fallback to the > > > > builtin hash algorithm. > > > > What if this falls back to a hash which is not secure enough? > > > It should fallback to the Kconfig selected hash algorithm as defined > > in CONFIG_IMA_DEFAULT_HASH. > > OK, I have v2 which use CONFIG_IMA_DEFAULT_HASH, I'll post it tomorrow. > But I'd also keep this patch as well, this check doesn't harm and IMHO you can never be > sure it does not fail. Adding a new measurement gap is not an acceptable solution. Either an ima_init() failure causes the kernel to panic, or we force IMA to use the default builtin Kconfig hash algorithm. Mimi