• Mimi Zohar's avatar
    ima: audit log files opened with O_DIRECT flag · f9b2a735
    Mimi Zohar authored
    Files are measured or appraised based on the IMA policy.  When a
    file, in policy, is opened with the O_DIRECT flag, a deadlock
    occurs.
    
    The first attempt at resolving this lockdep temporarily removed the
    O_DIRECT flag and restored it, after calculating the hash.  The
    second attempt introduced the O_DIRECT_HAVELOCK flag. Based on this
    flag, do_blockdev_direct_IO() would skip taking the i_mutex a second
    time.  The third attempt, by Dmitry Kasatkin, resolves the i_mutex
    locking issue, by re-introducing the IMA mutex, but uncovered
    another problem.  Reading a file with O_DIRECT flag set, writes
    directly to userspace pages.  A second patch allocates a user-space
    like memory.  This works for all IMA hooks, except ima_file_free(),
    which is called on __fput() to recalculate the file hash.
    
    Until this last issue is addressed, do not 'collect' the
    measurement for measuring, appraising, or auditing files opened
    with the O_DIRECT flag set.  Based on policy, permit or deny file
    access.  This patch defines a new IMA policy rule option named
    'permit_directio'.  Policy rules could be defined, based on LSM
    or other criteria, to permit specific applications to open files
    with the O_DIRECT flag set.
    
    Changelog v1:
    - permit or deny file access based IMA policy rules
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    Acked-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Cc: <stable@vger.kernel.org>
    f9b2a735
integrity.h 4.47 KB