[PATCH 4 of 4] ima: module measure extension

This is the 4th of 4 patches that constitute the IBM Integrity
Measurement Architecture (IMA). This patch includes a small additional
hook that measures kernel modules before they are relocated. LSM does
not offer a proper hook for this.

This patch applies to the clean 2.6.12-rc4 test kernel.

Signed-off-by: Reiner Sailer <[email protected]>
---
diff -uprN linux-2.6.12-rc4/include/linux/ima_module.h linux-2.6.12-rc4-ima/include/linux/ima_module.h
--- linux-2.6.12-rc4/include/linux/ima_module.h	1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.12-rc4-ima/include/linux/ima_module.h	2005-05-19 17:59:19.000000000 -0400
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <[email protected]>
+ *
+ * Maintained by: TBD
+ *
+ * LSM IBM Integrity Measurement Architecture.		  
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * File: ima_module.h
+ *             define modules measurement hook (no LSM hook) to measure
+ *             modules before they are relocated
+ */
+#ifdef CONFIG_IMA_MEASURE
+extern int ima_terminating;
+extern void measure_kernel_module(void *start, unsigned long len, void *uargs);
+
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+	if (!ima_terminating)
+		measure_kernel_module(start, len, uargs);
+}
+#else
+static inline void ima_measure_module(void *start, unsigned long len, void *uargs)
+{
+}
+#endif
diff -uprN linux-2.6.12-rc4/kernel/module.c linux-2.6.12-rc4-ima/kernel/module.c
--- linux-2.6.12-rc4/kernel/module.c	2005-05-07 01:20:31.000000000 -0400
+++ linux-2.6.12-rc4-ima/kernel/module.c	2005-05-19 17:59:19.000000000 -0400
@@ -38,6 +38,7 @@
 #include <asm/uaccess.h>
 #include <asm/semaphore.h>
 #include <asm/cacheflush.h>
+#include <linux/ima_module.h>
 
 #if 0
 #define DEBUGP printk
@@ -1441,6 +1442,8 @@ static struct module *load_module(void _
 	if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
 		goto truncated;
 
+	ima_measure_module((void *)hdr, len, (void *)uargs);
+
 	/* Convenience variables */
 	sechdrs = (void *)hdr + hdr->e_shoff;
 	secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 4 of 4] ima: module measure extension
  - From: Greg KH <[email protected]>

Prev by Date: ocf-linux-20050520 - Asynchronous Crypto support for linux
Next by Date: Screen regen buffer at 0x00b8000
Previous by thread: ocf-linux-20050520 - Asynchronous Crypto support for linux
Next by thread: Re: [PATCH 4 of 4] ima: module measure extension
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]