1 // SPDX-License-Identifier: GPL-2.0 1 // SPDX-License-Identifier: GPL-2.0
2 /* 2 /*
3 * Ioctl to get a verity file's digest 3 * Ioctl to get a verity file's digest
4 * 4 *
5 * Copyright 2019 Google LLC 5 * Copyright 2019 Google LLC
6 */ 6 */
7 7
8 #include "fsverity_private.h" 8 #include "fsverity_private.h"
9 9
10 #include <linux/bpf.h> <<
11 #include <linux/btf.h> <<
12 #include <linux/uaccess.h> 10 #include <linux/uaccess.h>
13 11
14 /** 12 /**
15 * fsverity_ioctl_measure() - get a verity fil 13 * fsverity_ioctl_measure() - get a verity file's digest
16 * @filp: file to get digest of 14 * @filp: file to get digest of
17 * @_uarg: user pointer to fsverity_digest 15 * @_uarg: user pointer to fsverity_digest
18 * 16 *
19 * Retrieve the file digest that the kernel is 17 * Retrieve the file digest that the kernel is enforcing for reads from a verity
20 * file. See the "FS_IOC_MEASURE_VERITY" sect 18 * file. See the "FS_IOC_MEASURE_VERITY" section of
21 * Documentation/filesystems/fsverity.rst for 19 * Documentation/filesystems/fsverity.rst for the documentation.
22 * 20 *
23 * Return: 0 on success, -errno on failure 21 * Return: 0 on success, -errno on failure
24 */ 22 */
25 int fsverity_ioctl_measure(struct file *filp, 23 int fsverity_ioctl_measure(struct file *filp, void __user *_uarg)
26 { 24 {
27 const struct inode *inode = file_inode 25 const struct inode *inode = file_inode(filp);
28 struct fsverity_digest __user *uarg = 26 struct fsverity_digest __user *uarg = _uarg;
29 const struct fsverity_info *vi; 27 const struct fsverity_info *vi;
30 const struct fsverity_hash_alg *hash_a 28 const struct fsverity_hash_alg *hash_alg;
31 struct fsverity_digest arg; 29 struct fsverity_digest arg;
32 30
33 vi = fsverity_get_info(inode); 31 vi = fsverity_get_info(inode);
34 if (!vi) 32 if (!vi)
35 return -ENODATA; /* not a veri 33 return -ENODATA; /* not a verity file */
36 hash_alg = vi->tree_params.hash_alg; 34 hash_alg = vi->tree_params.hash_alg;
37 35
38 /* 36 /*
39 * The user specifies the digest_size 37 * The user specifies the digest_size their buffer has space for; we can
40 * return the digest if it fits in the 38 * return the digest if it fits in the available space. We write back
41 * the actual size, which may be short 39 * the actual size, which may be shorter than the user-specified size.
42 */ 40 */
43 41
44 if (get_user(arg.digest_size, &uarg->d 42 if (get_user(arg.digest_size, &uarg->digest_size))
45 return -EFAULT; 43 return -EFAULT;
46 if (arg.digest_size < hash_alg->digest 44 if (arg.digest_size < hash_alg->digest_size)
47 return -EOVERFLOW; 45 return -EOVERFLOW;
48 46
49 memset(&arg, 0, sizeof(arg)); 47 memset(&arg, 0, sizeof(arg));
50 arg.digest_algorithm = hash_alg - fsve 48 arg.digest_algorithm = hash_alg - fsverity_hash_algs;
51 arg.digest_size = hash_alg->digest_siz 49 arg.digest_size = hash_alg->digest_size;
52 50
53 if (copy_to_user(uarg, &arg, sizeof(ar 51 if (copy_to_user(uarg, &arg, sizeof(arg)))
54 return -EFAULT; 52 return -EFAULT;
55 53
56 if (copy_to_user(uarg->digest, vi->fil 54 if (copy_to_user(uarg->digest, vi->file_digest, hash_alg->digest_size))
57 return -EFAULT; 55 return -EFAULT;
58 56
59 return 0; 57 return 0;
60 } 58 }
61 EXPORT_SYMBOL_GPL(fsverity_ioctl_measure); 59 EXPORT_SYMBOL_GPL(fsverity_ioctl_measure);
62 60
63 /** 61 /**
64 * fsverity_get_digest() - get a verity file's 62 * fsverity_get_digest() - get a verity file's digest
65 * @inode: inode to get digest of 63 * @inode: inode to get digest of
66 * @raw_digest: (out) the raw file digest 64 * @raw_digest: (out) the raw file digest
67 * @alg: (out) the digest's algorithm, as a FS 65 * @alg: (out) the digest's algorithm, as a FS_VERITY_HASH_ALG_* value
68 * @halg: (out) the digest's algorithm, as a H 66 * @halg: (out) the digest's algorithm, as a HASH_ALGO_* value
69 * 67 *
70 * Retrieves the fsverity digest of the given 68 * Retrieves the fsverity digest of the given file. The file must have been
71 * opened at least once since the inode was la 69 * opened at least once since the inode was last loaded into the inode cache;
72 * otherwise this function will not recognize 70 * otherwise this function will not recognize when fsverity is enabled.
73 * 71 *
74 * The file's fsverity digest consists of @raw 72 * The file's fsverity digest consists of @raw_digest in combination with either
75 * @alg or @halg. (The caller can choose whic 73 * @alg or @halg. (The caller can choose which one of @alg or @halg to use.)
76 * 74 *
77 * IMPORTANT: Callers *must* make use of one o 75 * IMPORTANT: Callers *must* make use of one of the two algorithm IDs, since
78 * @raw_digest is meaningless without knowing 76 * @raw_digest is meaningless without knowing which algorithm it uses! fsverity
79 * provides no security guarantee for users wh 77 * provides no security guarantee for users who ignore the algorithm ID, even if
80 * they use the digest size (since algorithms 78 * they use the digest size (since algorithms can share the same digest size).
81 * 79 *
82 * Return: The size of the raw digest in bytes 80 * Return: The size of the raw digest in bytes, or 0 if the file doesn't have
83 * fsverity enabled. 81 * fsverity enabled.
84 */ 82 */
85 int fsverity_get_digest(struct inode *inode, 83 int fsverity_get_digest(struct inode *inode,
86 u8 raw_digest[FS_VERIT 84 u8 raw_digest[FS_VERITY_MAX_DIGEST_SIZE],
87 u8 *alg, enum hash_alg 85 u8 *alg, enum hash_algo *halg)
88 { 86 {
89 const struct fsverity_info *vi; 87 const struct fsverity_info *vi;
90 const struct fsverity_hash_alg *hash_a 88 const struct fsverity_hash_alg *hash_alg;
91 89
92 vi = fsverity_get_info(inode); 90 vi = fsverity_get_info(inode);
93 if (!vi) 91 if (!vi)
94 return 0; /* not a verity file 92 return 0; /* not a verity file */
95 93
96 hash_alg = vi->tree_params.hash_alg; 94 hash_alg = vi->tree_params.hash_alg;
97 memcpy(raw_digest, vi->file_digest, ha 95 memcpy(raw_digest, vi->file_digest, hash_alg->digest_size);
98 if (alg) 96 if (alg)
99 *alg = hash_alg - fsverity_has 97 *alg = hash_alg - fsverity_hash_algs;
100 if (halg) 98 if (halg)
101 *halg = hash_alg->algo_id; 99 *halg = hash_alg->algo_id;
102 return hash_alg->digest_size; 100 return hash_alg->digest_size;
103 } 101 }
104 EXPORT_SYMBOL_GPL(fsverity_get_digest); 102 EXPORT_SYMBOL_GPL(fsverity_get_digest);
105 <<
106 #ifdef CONFIG_BPF_SYSCALL <<
107 <<
108 /* bpf kfuncs */ <<
109 __bpf_kfunc_start_defs(); <<
110 <<
111 /** <<
112 * bpf_get_fsverity_digest: read fsverity dige <<
113 * @file: file to get digest from <<
114 * @digest_p: (out) dynptr for struct fsverity <<
115 * <<
116 * Read fsverity_digest of *file* into *digest <<
117 * <<
118 * Return: 0 on success, a negative value on e <<
119 */ <<
120 __bpf_kfunc int bpf_get_fsverity_digest(struct <<
121 { <<
122 struct bpf_dynptr_kern *digest_ptr = ( <<
123 const struct inode *inode = file_inode <<
124 u32 dynptr_sz = __bpf_dynptr_size(dige <<
125 struct fsverity_digest *arg; <<
126 const struct fsverity_info *vi; <<
127 const struct fsverity_hash_alg *hash_a <<
128 int out_digest_sz; <<
129 <<
130 if (dynptr_sz < sizeof(struct fsverity <<
131 return -EINVAL; <<
132 <<
133 arg = __bpf_dynptr_data_rw(digest_ptr, <<
134 if (!arg) <<
135 return -EINVAL; <<
136 <<
137 if (!IS_ALIGNED((uintptr_t)arg, __alig <<
138 return -EINVAL; <<
139 <<
140 vi = fsverity_get_info(inode); <<
141 if (!vi) <<
142 return -ENODATA; /* not a veri <<
143 <<
144 hash_alg = vi->tree_params.hash_alg; <<
145 <<
146 arg->digest_algorithm = hash_alg - fsv <<
147 arg->digest_size = hash_alg->digest_si <<
148 <<
149 out_digest_sz = dynptr_sz - sizeof(str <<
150 <<
151 /* copy digest */ <<
152 memcpy(arg->digest, vi->file_digest, <<
153 <<
154 /* fill the extra buffer with zeros */ <<
155 if (out_digest_sz > hash_alg->digest_s <<
156 memset(arg->digest + arg->dige <<
157 <<
158 return 0; <<
159 } <<
160 <<
161 __bpf_kfunc_end_defs(); <<
162 <<
163 BTF_KFUNCS_START(fsverity_set_ids) <<
164 BTF_ID_FLAGS(func, bpf_get_fsverity_digest, KF <<
165 BTF_KFUNCS_END(fsverity_set_ids) <<
166 <<
167 static int bpf_get_fsverity_digest_filter(cons <<
168 { <<
169 if (!btf_id_set8_contains(&fsverity_se <<
170 return 0; <<
171 <<
172 /* Only allow to attach from LSM hooks <<
173 return prog->type != BPF_PROG_TYPE_LSM <<
174 } <<
175 <<
176 static const struct btf_kfunc_id_set bpf_fsver <<
177 .owner = THIS_MODULE, <<
178 .set = &fsverity_set_ids, <<
179 .filter = bpf_get_fsverity_digest_filt <<
180 }; <<
181 <<
182 void __init fsverity_init_bpf(void) <<
183 { <<
184 register_btf_kfunc_id_set(BPF_PROG_TYP <<
185 } <<
186 <<
187 #endif /* CONFIG_BPF_SYSCALL */ <<
188 103
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.