drivers/md/dm-ima.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright (C) 2021 Microsoft Corporation
   4  *
   5  * Author: Tushar Sugandhi <tusharsu@linux.microsoft.com>
   6  *
   7  * File: dm-ima.c
   8  *       Enables IMA measurements for DM targets
   9  */
  10
  11 #include "dm-core.h"
  12 #include "dm-ima.h"
  13
  14 #include <linux/ima.h>
  15 #include <crypto/hash.h>
  16 #include <linux/crypto.h>
  17 #include <crypto/hash_info.h>
  18
  19 #define DM_MSG_PREFIX "ima"
  20
  21 /*
  22  * Internal function to prefix separator characters in input buffer with escape
  23  * character, so that they don't interfere with the construction of key-value pairs,
  24  * and clients can split the key1=val1,key2=val2,key3=val3; pairs properly.
  25  */
  26 static void fix_separator_chars(char **buf)
  27 {
  28         int l = strlen(*buf);
  29         int i, j, sp = 0;
  30
  31         for (i = 0; i < l; i++)
  32                 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',')
  33                         sp++;
  34
  35         if (!sp)
  36                 return;
  37
  38         for (i = l-1, j = i+sp; i >= 0; i--) {
  39                 (*buf)[j--] = (*buf)[i];
  40                 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',')
  41                         (*buf)[j--] = '\\';
  42         }
  43 }
  44
  45 /*
  46  * Internal function to allocate memory for IMA measurements.
  47  */
  48 static void *dm_ima_alloc(size_t len, gfp_t flags, bool noio)
  49 {
  50         unsigned int noio_flag;
  51         void *ptr;
  52
  53         if (noio)
  54                 noio_flag = memalloc_noio_save();
  55
  56         ptr = kzalloc(len, flags);
  57
  58         if (noio)
  59                 memalloc_noio_restore(noio_flag);
  60
  61         return ptr;
  62 }
  63
  64 /*
  65  * Internal function to allocate and copy name and uuid for IMA measurements.
  66  */
  67 static int dm_ima_alloc_and_copy_name_uuid(struct mapped_device *md, char **dev_name,
  68                                            char **dev_uuid, bool noio)
  69 {
  70         int r;
  71         *dev_name = dm_ima_alloc(DM_NAME_LEN*2, GFP_KERNEL, noio);
  72         if (!(*dev_name)) {
  73                 r = -ENOMEM;
  74                 goto error;
  75         }
  76
  77         *dev_uuid = dm_ima_alloc(DM_UUID_LEN*2, GFP_KERNEL, noio);
  78         if (!(*dev_uuid)) {
  79                 r = -ENOMEM;
  80                 goto error;
  81         }
  82
  83         r = dm_copy_name_and_uuid(md, *dev_name, *dev_uuid);
  84         if (r)
  85                 goto error;
  86
  87         fix_separator_chars(dev_name);
  88         fix_separator_chars(dev_uuid);
  89
  90         return 0;
  91 error:
  92         kfree(*dev_name);
  93         kfree(*dev_uuid);
  94         *dev_name = NULL;
  95         *dev_uuid = NULL;
  96         return r;
  97 }
  98
  99 /*
 100  * Internal function to allocate and copy device data for IMA measurements.
 101  */
 102 static int dm_ima_alloc_and_copy_device_data(struct mapped_device *md, char **device_data,
 103                                              unsigned int num_targets, bool noio)
 104 {
 105         char *dev_name = NULL, *dev_uuid = NULL;
 106         int r;
 107
 108         r = dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio);
 109         if (r)
 110                 return r;
 111
 112         *device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
 113         if (!(*device_data)) {
 114                 r = -ENOMEM;
 115                 goto error;
 116         }
 117
 118         scnprintf(*device_data, DM_IMA_DEVICE_BUF_LEN,
 119                   "name=%s,uuid=%s,major=%d,minor=%d,minor_count=%d,num_targets=%u;",
 120                   dev_name, dev_uuid, md->disk->major, md->disk->first_minor,
 121                   md->disk->minors, num_targets);
 122 error:
 123         kfree(dev_name);
 124         kfree(dev_uuid);
 125         return r;
 126 }
 127
 128 /*
 129  * Internal wrapper function to call IMA to measure DM data.
 130  */
 131 static void dm_ima_measure_data(const char *event_name, const void *buf, size_t buf_len,
 132                                 bool noio)
 133 {
 134         unsigned int noio_flag;
 135
 136         if (noio)
 137                 noio_flag = memalloc_noio_save();
 138
 139         ima_measure_critical_data(DM_NAME, event_name, buf, buf_len, false);
 140
 141         if (noio)
 142                 memalloc_noio_restore(noio_flag);
 143 }
 144
 145 /*
 146  * Internal function to allocate and copy current device capacity for IMA measurements.
 147  */
 148 static int dm_ima_alloc_and_copy_capacity_str(struct mapped_device *md, char **capacity_str,
 149                                               bool noio)
 150 {
 151         sector_t capacity;
 152
 153         capacity = get_capacity(md->disk);
 154
 155         *capacity_str = dm_ima_alloc(DM_IMA_DEVICE_CAPACITY_BUF_LEN, GFP_KERNEL, noio);
 156         if (!(*capacity_str))
 157                 return -ENOMEM;
 158
 159         scnprintf(*capacity_str, DM_IMA_DEVICE_BUF_LEN, "current_device_capacity=%llu;",
 160                   capacity);
 161
 162         return 0;
 163 }
 164
 165 /*
 166  * Initialize/reset the dm ima related data structure variables.
 167  */
 168 void dm_ima_reset_data(struct mapped_device *md)
 169 {
 170         memset(&(md->ima), 0, sizeof(md->ima));
 171         md->ima.dm_version_str_len = strlen(DM_IMA_VERSION_STR);
 172 }
 173
 174 /*
 175  * Build up the IMA data for each target, and finally measure.
 176  */
 177 void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags)
 178 {
 179         size_t device_data_buf_len, target_metadata_buf_len, target_data_buf_len, l = 0;
 180         char *target_metadata_buf = NULL, *target_data_buf = NULL, *digest_buf = NULL;
 181         char *ima_buf = NULL, *device_data_buf = NULL;
 182         int digest_size, last_target_measured = -1, r;
 183         status_type_t type = STATUSTYPE_IMA;
 184         size_t cur_total_buf_len = 0;
 185         unsigned int num_targets, i;
 186         SHASH_DESC_ON_STACK(shash, NULL);
 187         struct crypto_shash *tfm = NULL;
 188         u8 *digest = NULL;
 189         bool noio = false;
 190         /*
 191          * In below hash_alg_prefix_len assignment +1 is for the additional char (':'),
 192          * when prefixing the hash value with the hash algorithm name. e.g. sha256:<hash_value>.
 193          */
 194         const size_t hash_alg_prefix_len = strlen(DM_IMA_TABLE_HASH_ALG) + 1;
 195         char table_load_event_name[] = "dm_table_load";
 196
 197         ima_buf = dm_ima_alloc(DM_IMA_MEASUREMENT_BUF_LEN, GFP_KERNEL, noio);
 198         if (!ima_buf)
 199                 return;
 200
 201         target_metadata_buf = dm_ima_alloc(DM_IMA_TARGET_METADATA_BUF_LEN, GFP_KERNEL, noio);
 202         if (!target_metadata_buf)
 203                 goto error;
 204
 205         target_data_buf = dm_ima_alloc(DM_IMA_TARGET_DATA_BUF_LEN, GFP_KERNEL, noio);
 206         if (!target_data_buf)
 207                 goto error;
 208
 209         num_targets = dm_table_get_num_targets(table);
 210
 211         if (dm_ima_alloc_and_copy_device_data(table->md, &device_data_buf, num_targets, noio))
 212                 goto error;
 213
 214         tfm = crypto_alloc_shash(DM_IMA_TABLE_HASH_ALG, 0, 0);
 215         if (IS_ERR(tfm))
 216                 goto error;
 217
 218         shash->tfm = tfm;
 219         digest_size = crypto_shash_digestsize(tfm);
 220         digest = dm_ima_alloc(digest_size, GFP_KERNEL, noio);
 221         if (!digest)
 222                 goto error;
 223
 224         r = crypto_shash_init(shash);
 225         if (r)
 226                 goto error;
 227
 228         memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len);
 229         l += table->md->ima.dm_version_str_len;
 230
 231         device_data_buf_len = strlen(device_data_buf);
 232         memcpy(ima_buf + l, device_data_buf, device_data_buf_len);
 233         l += device_data_buf_len;
 234
 235         for (i = 0; i < num_targets; i++) {
 236                 struct dm_target *ti = dm_table_get_target(table, i);
 237
 238                 if (!ti)
 239                         goto error;
 240
 241                 last_target_measured = 0;
 242
 243                 /*
 244                  * First retrieve the target metadata.
 245                  */
 246                 scnprintf(target_metadata_buf, DM_IMA_TARGET_METADATA_BUF_LEN,
 247                           "target_index=%d,target_begin=%llu,target_len=%llu,",
 248                           i, ti->begin, ti->len);
 249                 target_metadata_buf_len = strlen(target_metadata_buf);
 250
 251                 /*
 252                  * Then retrieve the actual target data.
 253                  */
 254                 if (ti->type->status)
 255                         ti->type->status(ti, type, status_flags, target_data_buf,
 256                                          DM_IMA_TARGET_DATA_BUF_LEN);
 257                 else
 258                         target_data_buf[0] = '\0';
 259
 260                 target_data_buf_len = strlen(target_data_buf);
 261
 262                 /*
 263                  * Check if the total data can fit into the IMA buffer.
 264                  */
 265                 cur_total_buf_len = l + target_metadata_buf_len + target_data_buf_len;
 266
 267                 /*
 268                  * IMA measurements for DM targets are best-effort.
 269                  * If the total data buffered so far, including the current target,
 270                  * is too large to fit into DM_IMA_MEASUREMENT_BUF_LEN, measure what
 271                  * we have in the current buffer, and continue measuring the remaining
 272                  * targets by prefixing the device metadata again.
 273                  */
 274                 if (unlikely(cur_total_buf_len >= DM_IMA_MEASUREMENT_BUF_LEN)) {
 275                         dm_ima_measure_data(table_load_event_name, ima_buf, l, noio);
 276                         r = crypto_shash_update(shash, (const u8 *)ima_buf, l);
 277                         if (r < 0)
 278                                 goto error;
 279
 280                         memset(ima_buf, 0, DM_IMA_MEASUREMENT_BUF_LEN);
 281                         l = 0;
 282
 283                         /*
 284                          * Each new "dm_table_load" entry in IMA log should have device data
 285                          * prefix, so that multiple records from the same "dm_table_load" for
 286                          * a given device can be linked together.
 287                          */
 288                         memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len);
 289                         l += table->md->ima.dm_version_str_len;
 290
 291                         memcpy(ima_buf + l, device_data_buf, device_data_buf_len);
 292                         l += device_data_buf_len;
 293
 294                         /*
 295                          * If this iteration of the for loop turns out to be the last target
 296                          * in the table, dm_ima_measure_data("dm_table_load", ...) doesn't need
 297                          * to be called again, just the hash needs to be finalized.
 298                          * "last_target_measured" tracks this state.
 299                          */
 300                         last_target_measured = 1;
 301                 }
 302
 303                 /*
 304                  * Fill-in all the target metadata, so that multiple targets for the same
 305                  * device can be linked together.
 306                  */
 307                 memcpy(ima_buf + l, target_metadata_buf, target_metadata_buf_len);
 308                 l += target_metadata_buf_len;
 309
 310                 memcpy(ima_buf + l, target_data_buf, target_data_buf_len);
 311                 l += target_data_buf_len;
 312         }
 313
 314         if (!last_target_measured) {
 315                 dm_ima_measure_data(table_load_event_name, ima_buf, l, noio);
 316
 317                 r = crypto_shash_update(shash, (const u8 *)ima_buf, l);
 318                 if (r < 0)
 319                         goto error;
 320         }
 321
 322         /*
 323          * Finalize the table hash, and store it in table->md->ima.inactive_table.hash,
 324          * so that the table data can be verified against the future device state change
 325          * events, e.g. resume, rename, remove, table-clear etc.
 326          */
 327         r = crypto_shash_final(shash, digest);
 328         if (r < 0)
 329                 goto error;
 330
 331         digest_buf = dm_ima_alloc((digest_size*2) + hash_alg_prefix_len + 1, GFP_KERNEL, noio);
 332
 333         if (!digest_buf)
 334                 goto error;
 335
 336         snprintf(digest_buf, hash_alg_prefix_len + 1, "%s:", DM_IMA_TABLE_HASH_ALG);
 337
 338         for (i = 0; i < digest_size; i++)
 339                 snprintf((digest_buf + hash_alg_prefix_len + (i*2)), 3, "%02x", digest[i]);
 340
 341         if (table->md->ima.active_table.hash != table->md->ima.inactive_table.hash)
 342                 kfree(table->md->ima.inactive_table.hash);
 343
 344         table->md->ima.inactive_table.hash = digest_buf;
 345         table->md->ima.inactive_table.hash_len = strlen(digest_buf);
 346         table->md->ima.inactive_table.num_targets = num_targets;
 347
 348         if (table->md->ima.active_table.device_metadata !=
 349             table->md->ima.inactive_table.device_metadata)
 350                 kfree(table->md->ima.inactive_table.device_metadata);
 351
 352         table->md->ima.inactive_table.device_metadata = device_data_buf;
 353         table->md->ima.inactive_table.device_metadata_len = device_data_buf_len;
 354
 355         goto exit;
 356 error:
 357         kfree(digest_buf);
 358         kfree(device_data_buf);
 359 exit:
 360         kfree(digest);
 361         if (tfm)
 362                 crypto_free_shash(tfm);
 363         kfree(ima_buf);
 364         kfree(target_metadata_buf);
 365         kfree(target_data_buf);
 366 }
 367
 368 /*
 369  * Measure IMA data on device resume.
 370  */
 371 void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap)
 372 {
 373         char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
 374         char active[] = "active_table_hash=";
 375         unsigned int active_len = strlen(active), capacity_len = 0;
 376         unsigned int l = 0;
 377         bool noio = true;
 378         bool nodata = true;
 379         int r;
 380
 381         device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
 382         if (!device_table_data)
 383                 return;
 384
 385         r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
 386         if (r)
 387                 goto error;
 388
 389         memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
 390         l += md->ima.dm_version_str_len;
 391
 392         if (swap) {
 393                 if (md->ima.active_table.hash != md->ima.inactive_table.hash)
 394                         kfree(md->ima.active_table.hash);
 395
 396                 md->ima.active_table.hash = NULL;
 397                 md->ima.active_table.hash_len = 0;
 398
 399                 if (md->ima.active_table.device_metadata !=
 400                     md->ima.inactive_table.device_metadata)
 401                         kfree(md->ima.active_table.device_metadata);
 402
 403                 md->ima.active_table.device_metadata = NULL;
 404                 md->ima.active_table.device_metadata_len = 0;
 405                 md->ima.active_table.num_targets = 0;
 406
 407                 if (md->ima.inactive_table.hash) {
 408                         md->ima.active_table.hash = md->ima.inactive_table.hash;
 409                         md->ima.active_table.hash_len = md->ima.inactive_table.hash_len;
 410                         md->ima.inactive_table.hash = NULL;
 411                         md->ima.inactive_table.hash_len = 0;
 412                 }
 413
 414                 if (md->ima.inactive_table.device_metadata) {
 415                         md->ima.active_table.device_metadata =
 416                                 md->ima.inactive_table.device_metadata;
 417                         md->ima.active_table.device_metadata_len =
 418                                 md->ima.inactive_table.device_metadata_len;
 419                         md->ima.active_table.num_targets = md->ima.inactive_table.num_targets;
 420                         md->ima.inactive_table.device_metadata = NULL;
 421                         md->ima.inactive_table.device_metadata_len = 0;
 422                         md->ima.inactive_table.num_targets = 0;
 423                 }
 424         }
 425
 426         if (md->ima.active_table.device_metadata) {
 427                 memcpy(device_table_data + l, md->ima.active_table.device_metadata,
 428                        md->ima.active_table.device_metadata_len);
 429                 l += md->ima.active_table.device_metadata_len;
 430
 431                 nodata = false;
 432         }
 433
 434         if (md->ima.active_table.hash) {
 435                 memcpy(device_table_data + l, active, active_len);
 436                 l += active_len;
 437
 438                 memcpy(device_table_data + l, md->ima.active_table.hash,
 439                        md->ima.active_table.hash_len);
 440                 l += md->ima.active_table.hash_len;
 441
 442                 memcpy(device_table_data + l, ";", 1);
 443                 l++;
 444
 445                 nodata = false;
 446         }
 447
 448         if (nodata) {
 449                 r = dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio);
 450                 if (r)
 451                         goto error;
 452
 453                 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
 454                           "%sname=%s,uuid=%s;device_resume=no_data;",
 455                           DM_IMA_VERSION_STR, dev_name, dev_uuid);
 456                 l += strlen(device_table_data);
 457
 458         }
 459
 460         capacity_len = strlen(capacity_str);
 461         memcpy(device_table_data + l, capacity_str, capacity_len);
 462         l += capacity_len;
 463
 464         dm_ima_measure_data("dm_device_resume", device_table_data, l, noio);
 465
 466         kfree(dev_name);
 467         kfree(dev_uuid);
 468 error:
 469         kfree(capacity_str);
 470         kfree(device_table_data);
 471 }
 472
 473 /*
 474  * Measure IMA data on remove.
 475  */
 476 void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all)
 477 {
 478         char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
 479         char active_table_str[] = "active_table_hash=";
 480         char inactive_table_str[] = "inactive_table_hash=";
 481         char device_active_str[] = "device_active_metadata=";
 482         char device_inactive_str[] = "device_inactive_metadata=";
 483         char remove_all_str[] = "remove_all=";
 484         unsigned int active_table_len = strlen(active_table_str);
 485         unsigned int inactive_table_len = strlen(inactive_table_str);
 486         unsigned int device_active_len = strlen(device_active_str);
 487         unsigned int device_inactive_len = strlen(device_inactive_str);
 488         unsigned int remove_all_len = strlen(remove_all_str);
 489         unsigned int capacity_len = 0;
 490         unsigned int l = 0;
 491         bool noio = true;
 492         bool nodata = true;
 493         int r;
 494
 495         device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN*2, GFP_KERNEL, noio);
 496         if (!device_table_data)
 497                 goto exit;
 498
 499         r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
 500         if (r) {
 501                 kfree(device_table_data);
 502                 goto exit;
 503         }
 504
 505         memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
 506         l += md->ima.dm_version_str_len;
 507
 508         if (md->ima.active_table.device_metadata) {
 509                 memcpy(device_table_data + l, device_active_str, device_active_len);
 510                 l += device_active_len;
 511
 512                 memcpy(device_table_data + l, md->ima.active_table.device_metadata,
 513                        md->ima.active_table.device_metadata_len);
 514                 l += md->ima.active_table.device_metadata_len;
 515
 516                 nodata = false;
 517         }
 518
 519         if (md->ima.inactive_table.device_metadata) {
 520                 memcpy(device_table_data + l, device_inactive_str, device_inactive_len);
 521                 l += device_inactive_len;
 522
 523                 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata,
 524                        md->ima.inactive_table.device_metadata_len);
 525                 l += md->ima.inactive_table.device_metadata_len;
 526
 527                 nodata = false;
 528         }
 529
 530         if (md->ima.active_table.hash) {
 531                 memcpy(device_table_data + l, active_table_str, active_table_len);
 532                 l += active_table_len;
 533
 534                 memcpy(device_table_data + l, md->ima.active_table.hash,
 535                            md->ima.active_table.hash_len);
 536                 l += md->ima.active_table.hash_len;
 537
 538                 memcpy(device_table_data + l, ",", 1);
 539                 l++;
 540
 541                 nodata = false;
 542         }
 543
 544         if (md->ima.inactive_table.hash) {
 545                 memcpy(device_table_data + l, inactive_table_str, inactive_table_len);
 546                 l += inactive_table_len;
 547
 548                 memcpy(device_table_data + l, md->ima.inactive_table.hash,
 549                        md->ima.inactive_table.hash_len);
 550                 l += md->ima.inactive_table.hash_len;
 551
 552                 memcpy(device_table_data + l, ",", 1);
 553                 l++;
 554
 555                 nodata = false;
 556         }
 557         /*
 558          * In case both active and inactive tables, and corresponding
 559          * device metadata is cleared/missing - record the name and uuid
 560          * in IMA measurements.
 561          */
 562         if (nodata) {
 563                 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio))
 564                         goto error;
 565
 566                 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
 567                           "%sname=%s,uuid=%s;device_remove=no_data;",
 568                           DM_IMA_VERSION_STR, dev_name, dev_uuid);
 569                 l += strlen(device_table_data);
 570         }
 571
 572         memcpy(device_table_data + l, remove_all_str, remove_all_len);
 573         l += remove_all_len;
 574         memcpy(device_table_data + l, remove_all ? "y;" : "n;", 2);
 575         l += 2;
 576
 577         capacity_len = strlen(capacity_str);
 578         memcpy(device_table_data + l, capacity_str, capacity_len);
 579         l += capacity_len;
 580
 581         dm_ima_measure_data("dm_device_remove", device_table_data, l, noio);
 582
 583 error:
 584         kfree(device_table_data);
 585         kfree(capacity_str);
 586 exit:
 587         kfree(md->ima.active_table.device_metadata);
 588
 589         if (md->ima.active_table.device_metadata !=
 590             md->ima.inactive_table.device_metadata)
 591                 kfree(md->ima.inactive_table.device_metadata);
 592
 593         kfree(md->ima.active_table.hash);
 594
 595         if (md->ima.active_table.hash != md->ima.inactive_table.hash)
 596                 kfree(md->ima.inactive_table.hash);
 597
 598         dm_ima_reset_data(md);
 599
 600         kfree(dev_name);
 601         kfree(dev_uuid);
 602 }
 603
 604 /*
 605  * Measure ima data on table clear.
 606  */
 607 void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map)
 608 {
 609         unsigned int l = 0, capacity_len = 0;
 610         char *device_table_data = NULL, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
 611         char inactive_str[] = "inactive_table_hash=";
 612         unsigned int inactive_len = strlen(inactive_str);
 613         bool noio = true;
 614         bool nodata = true;
 615         int r;
 616
 617         device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
 618         if (!device_table_data)
 619                 return;
 620
 621         r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
 622         if (r)
 623                 goto error1;
 624
 625         memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
 626         l += md->ima.dm_version_str_len;
 627
 628         if (md->ima.inactive_table.device_metadata_len &&
 629             md->ima.inactive_table.hash_len) {
 630                 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata,
 631                        md->ima.inactive_table.device_metadata_len);
 632                 l += md->ima.inactive_table.device_metadata_len;
 633
 634                 memcpy(device_table_data + l, inactive_str, inactive_len);
 635                 l += inactive_len;
 636
 637                 memcpy(device_table_data + l, md->ima.inactive_table.hash,
 638                            md->ima.inactive_table.hash_len);
 639
 640                 l += md->ima.inactive_table.hash_len;
 641
 642                 memcpy(device_table_data + l, ";", 1);
 643                 l++;
 644
 645                 nodata = false;
 646         }
 647
 648         if (nodata) {
 649                 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio))
 650                         goto error2;
 651
 652                 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
 653                           "%sname=%s,uuid=%s;table_clear=no_data;",
 654                            DM_IMA_VERSION_STR, dev_name, dev_uuid);
 655                 l += strlen(device_table_data);
 656         }
 657
 658         capacity_len = strlen(capacity_str);
 659         memcpy(device_table_data + l, capacity_str, capacity_len);
 660         l += capacity_len;
 661
 662         dm_ima_measure_data("dm_table_clear", device_table_data, l, noio);
 663
 664         if (new_map) {
 665                 if (md->ima.inactive_table.hash &&
 666                     md->ima.inactive_table.hash != md->ima.active_table.hash)
 667                         kfree(md->ima.inactive_table.hash);
 668
 669                 md->ima.inactive_table.hash = NULL;
 670                 md->ima.inactive_table.hash_len = 0;
 671
 672                 if (md->ima.inactive_table.device_metadata &&
 673                     md->ima.inactive_table.device_metadata != md->ima.active_table.device_metadata)
 674                         kfree(md->ima.inactive_table.device_metadata);
 675
 676                 md->ima.inactive_table.device_metadata = NULL;
 677                 md->ima.inactive_table.device_metadata_len = 0;
 678                 md->ima.inactive_table.num_targets = 0;
 679
 680                 if (md->ima.active_table.hash) {
 681                         md->ima.inactive_table.hash = md->ima.active_table.hash;
 682                         md->ima.inactive_table.hash_len = md->ima.active_table.hash_len;
 683                 }
 684
 685                 if (md->ima.active_table.device_metadata) {
 686                         md->ima.inactive_table.device_metadata =
 687                                 md->ima.active_table.device_metadata;
 688                         md->ima.inactive_table.device_metadata_len =
 689                                 md->ima.active_table.device_metadata_len;
 690                         md->ima.inactive_table.num_targets =
 691                                 md->ima.active_table.num_targets;
 692                 }
 693         }
 694
 695         kfree(dev_name);
 696         kfree(dev_uuid);
 697 error2:
 698         kfree(capacity_str);
 699 error1:
 700         kfree(device_table_data);
 701 }
 702
 703 /*
 704  * Measure IMA data on device rename.
 705  */
 706 void dm_ima_measure_on_device_rename(struct mapped_device *md)
 707 {
 708         char *old_device_data = NULL, *new_device_data = NULL, *combined_device_data = NULL;
 709         char *new_dev_name = NULL, *new_dev_uuid = NULL, *capacity_str = NULL;
 710         bool noio = true;
 711         int r;
 712
 713         if (dm_ima_alloc_and_copy_device_data(md, &new_device_data,
 714                                               md->ima.active_table.num_targets, noio))
 715                 return;
 716
 717         if (dm_ima_alloc_and_copy_name_uuid(md, &new_dev_name, &new_dev_uuid, noio))
 718                 goto error;
 719
 720         combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, GFP_KERNEL, noio);
 721         if (!combined_device_data)
 722                 goto error;
 723
 724         r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
 725         if (r)
 726                 goto error;
 727
 728         old_device_data = md->ima.active_table.device_metadata;
 729
 730         md->ima.active_table.device_metadata = new_device_data;
 731         md->ima.active_table.device_metadata_len = strlen(new_device_data);
 732
 733         scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2,
 734                   "%s%snew_name=%s,new_uuid=%s;%s", DM_IMA_VERSION_STR, old_device_data,
 735                   new_dev_name, new_dev_uuid, capacity_str);
 736
 737         dm_ima_measure_data("dm_device_rename", combined_device_data, strlen(combined_device_data),
 738                             noio);
 739
 740         goto exit;
 741
 742 error:
 743         kfree(new_device_data);
 744 exit:
 745         kfree(capacity_str);
 746         kfree(combined_device_data);
 747         kfree(old_device_data);
 748         kfree(new_dev_name);
 749         kfree(new_dev_uuid);
 750 }