[PATCH 4 of 4] ima: module measure extension

From: Reiner Sailer
Date: Fri May 20 2005 - 09:10:17 EST

Next message: Miklos Szeredi: "[PATCH] namespace.c: cleanup in mark_mounts_for_expiry()"
Previous message: Richard B. Johnson: "Screen regen buffer at 0x00b8000"
Next in thread: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is the 4th of 4 patches that constitute the IBM Integrity
Measurement Architecture (IMA). This patch includes a small additional
hook that measures kernel modules before they are relocated. LSM does
not offer a proper hook for this.

This patch applies to the clean 2.6.12-rc4 test kernel.

Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxxxxxx>
---
diff -uprN linux-2.6.12-rc4/include/linux/ima_module.h linux-2.6.12-rc4-ima/include/linux/ima_module.h
--- linux-2.6.12-rc4/include/linux/ima_module.h 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.12-rc4-ima/include/linux/ima_module.h 2005-05-19 17:59:19.000000000 -0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
+ *
+ * Maintained by: TBD
+ *
+ * LSM IBM Integrity Measurement Architecture.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * File: ima_module.h
+ * define modules measurement hook (no LSM hook) to measure
+ * modules before they are relocated
+ */
+#ifdef CONFIG_IMA_MEASURE
+extern int ima_terminating;
+extern void measure_kernel_module(void *start, unsigned long len, void *uargs);
+
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+ if (!ima_terminating)
+ measure_kernel_module(start, len, uargs);
+}
+#else
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+}
+#endif
diff -uprN linux-2.6.12-rc4/kernel/module.c linux-2.6.12-rc4-ima/kernel/module.c
--- linux-2.6.12-rc4/kernel/module.c 2005-05-07 01:20:31.000000000 -0400
+++ linux-2.6.12-rc4-ima/kernel/module.c 2005-05-19 17:59:19.000000000 -0400
@@ -38,6 +38,7 @@
#include <asm/uaccess.h>
#include <asm/semaphore.h>
#include <asm/cacheflush.h>
+#include <linux/ima_module.h>

#if 0
#define DEBUGP printk
@@ -1441,6 +1442,8 @@ static struct module *load_module(void _
if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
goto truncated;

+ ima_measure_module((void *)hdr, len, (void *)uargs);
+
/* Convenience variables */
sechdrs = (void *)hdr + hdr->e_shoff;
secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miklos Szeredi: "[PATCH] namespace.c: cleanup in mark_mounts_for_expiry()"
Previous message: Richard B. Johnson: "Screen regen buffer at 0x00b8000"
Next in thread: Greg KH: "Re: [PATCH 4 of 4] ima: module measure extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]