AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-26 15:35:04 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
6eb864c1d9
linux_dsm_epyc7002/include
History
Mikhail Kurinnoi 6eb864c1d9 integrity: prevent deadlock during digsig verification. 
This patch aimed to prevent deadlock during digsig verification.The point
of issue - user space utility modprobe and/or it's dependencies (ld-*.so,
libz.so.*, libc-*.so and /lib/modules/ files) that could be used for
kernel modules load during digsig verification and could be signed by
digsig in the same time.

First at all, look at crypto_alloc_tfm() work algorithm:
crypto_alloc_tfm() will first attempt to locate an already loaded
algorithm. If that fails and the kernel supports dynamically loadable
modules, it will then attempt to load a module of the same name or alias.
If that fails it will send a query to any loaded crypto manager to
construct an algorithm on the fly.

We have situation, when public_key_verify_signature() in case of RSA
algorithm use alg_name to store internal information in order to construct
an algorithm on the fly, but crypto_larval_lookup() will try to use
alg_name in order to load kernel module with same name.

1) we can't do anything with crypto module work, since it designed to work
exactly in this way;
2) we can't globally filter module requests for modprobe, since it
designed to work with any requests.

In this patch, I propose add an exception for "crypto-pkcs1pad(rsa,*)"
module requests only in case of enabled integrity asymmetric keys support.
Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules for
sure, we are safe to fail such module request from crypto_larval_lookup().
In this way we prevent modprobe execution during digsig verification and
avoid possible deadlock if modprobe and/or it's dependencies also signed
with digsig.

Requested "crypto-pkcs1pad(rsa,*)" kernel module name formed by:
1) "pkcs1pad(rsa,%s)" in public_key_verify_signature();
2) "crypto-%s" / "crypto-%s-all" in crypto_larval_lookup().
"crypto-pkcs1pad(rsa," part of request is a constant and unique and could
be used as filter.

Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

 include/linux/integrity.h              | 13 +++++++++++++
 security/integrity/digsig_asymmetric.c | 23 +++++++++++++++++++++++
 security/security.c                    |  7 ++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)
2018-07-18 07:27:22 -04:00
..
acpi ACPI / processor: Finish making acpi_processor_ppc_has_changed() void 2018-06-20 10:50:40 +02:00
asm-generic locking/qspinlock: Fix build for anonymous union in older GCC compilers 2018-06-22 04:19:16 +02:00
clocksource
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-06-05 15:51:21 -07:00
drm drm for v4.18-rc1 2018-06-06 08:16:33 -07:00
dt-bindings ARM: SoC driver updates 2018-06-11 18:15:22 -07:00
keys docs: Fix some broken references 2018-06-15 18:10:01 -03:00
kvm
linux integrity: prevent deadlock during digsig verification. 2018-07-18 07:27:22 -04:00
math-emu
media
memory
misc ocxl: Expose the thread_id needed for wait on POWER9 2018-06-03 20:40:32 +10:00
net net/ipv6: respect rcu grace period before freeing fib6_info 2018-06-20 07:57:23 +09:00
pcmcia
ras
rdma 4.18-rc 2018-06-21 07:22:30 +09:00
scsi SCSI misc on 20180610 2018-06-10 13:01:12 -07:00
soc ARM: SoC: late updates 2018-06-11 18:19:45 -07:00
sound sound updates for 4.18 2018-06-06 09:08:38 -07:00
target
trace NFS client updates for Linux 4.18 2018-06-12 10:09:03 -07:00
uapi ima: Differentiate auditing policy rules from "audit" actions 2018-07-18 07:27:22 -04:00
video fbdev changes for v4.18: 2018-06-17 05:00:24 +09:00
xen xen: fixes for 4.18-rc2 2018-06-23 20:44:11 +08:00