!20 [sync] PR-19: fix some bugs and enabled DIM_HASH_SUPPORT_SM3

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

backport-Adapter-test-cases.patch

@@ -0,0 +1,91 @@
+From 7bf8c057c27c72367bafb13c4a7e69883b6a7e29 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 23:45:39 +0800
+Subject: [PATCH 08/28] Adapter test cases
+
+---
+ test/test_interface/test_dim_core_modparam.sh    | 13 ++-----------
+ test/test_interface/test_dim_monitor_modparam.sh |  5 ++---
+ 2 files changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/test/test_interface/test_dim_core_modparam.sh b/test/test_interface/test_dim_core_modparam.sh
+index 67cd815..d51fc36 100644
+--- a/test/test_interface/test_dim_core_modparam.sh
++++ b/test/test_interface/test_dim_core_modparam.sh
+@@ -26,7 +26,6 @@ check_invalid_module_param()
+ test_module_param_measure_hash()
+ {
+     check_valid_module_param measure_hash=sha256
+-    check_valid_module_param measure_hash=sm3
+     check_invalid_module_param measure_hash=md5
+     check_invalid_module_param measure_hash=abc
+ }
+@@ -37,7 +36,7 @@ test_module_param_measure_pcr()
+     check_valid_module_param measure_pcr=1
+     check_valid_module_param measure_pcr=11
+     check_valid_module_param measure_pcr=127
+-    check_invalid_module_param measure_pcr=128
++    check_valid_module_param measure_pcr=128
+     check_invalid_module_param measure_pcr=-1
+     check_invalid_module_param measure_pcr=abc
+ }
+@@ -66,13 +65,6 @@ test_module_param_measure_interval()
+     dim_restore_baseline_and_policy
+ }
+ 
+-test_module_param_measure_action()
+-{
+-    check_valid_module_param measure_action=0
+-    check_valid_module_param measure_action=1
+-    check_invalid_module_param measure_action=abc
+-}
+-
+ test_module_param_signature()
+ {
+     check_valid_module_param signature=0
+@@ -96,7 +88,6 @@ case_list="
+            test_module_param_measure_pcr \
+            test_module_param_measure_schedule \
+            test_module_param_measure_interval \
+-           test_module_param_measure_action \
+            test_module_param_signature \
+            test_module_param_measure_log_capacity \
+            "
+@@ -113,4 +104,4 @@ for case in $case_list; do
+     fi
+ done
+ 
+-echo "===== End testing dim_core module parameters ====="
+\ No newline at end of file
++echo "===== End testing dim_core module parameters ====="
+diff --git a/test/test_interface/test_dim_monitor_modparam.sh b/test/test_interface/test_dim_monitor_modparam.sh
+index 1aaedf1..5ee5e17 100644
+--- a/test/test_interface/test_dim_monitor_modparam.sh
++++ b/test/test_interface/test_dim_monitor_modparam.sh
+@@ -30,7 +30,6 @@ check_invalid_module_param()
+ test_module_param_measure_hash()
+ {
+     check_valid_module_param measure_hash=sha256
+-    check_valid_module_param measure_hash=sm3
+     check_invalid_module_param measure_hash=md5
+     check_invalid_module_param measure_hash=abc
+ }
+@@ -41,7 +40,7 @@ test_module_param_measure_pcr()
+     check_valid_module_param measure_pcr=1
+     check_valid_module_param measure_pcr=11
+     check_valid_module_param measure_pcr=127
+-    check_invalid_module_param measure_pcr=128
++    check_valid_module_param measure_pcr=128
+     check_invalid_module_param measure_pcr=-1
+     check_invalid_module_param measure_pcr=abc
+ }
+@@ -76,4 +75,4 @@ for case in $case_list; do
+     fi
+ done
+ 
+-echo "===== End testing dim_monitor module parameters ====="
+\ No newline at end of file
++echo "===== End testing dim_monitor module parameters ====="
+-- 
+2.33.0
+

backport-Add-sm3-compile-macro-and-set-the-algo-name.patch

@@ -0,0 +1,41 @@
+From db470817655f80d63592c6550bdaca875dd42120 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 23:10:50 +0800
+Subject: [PATCH 05/28] Add sm3 compile macro and set the algo name
+
+---
+ src/common/dim_hash.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/common/dim_hash.c b/src/common/dim_hash.c
+index 9f73320..3f6ecb7 100644
+--- a/src/common/dim_hash.c
++++ b/src/common/dim_hash.c
+@@ -9,7 +9,9 @@
+ 
+ static const char *allow_hash[] = {
+ 	"sha256",
++#ifdef DIM_HASH_SUPPORT_SM3
+ 	"sm3",
++#endif
+ };
+ 
+ int dim_hash_init(const char *algo_name, struct dim_hash *hash)
+@@ -30,6 +32,7 @@ int dim_hash_init(const char *algo_name, struct dim_hash *hash)
+ 		hash->tfm = NULL;
+ 	}
+ 
++	hash->name = algo_name;
+ 	return ret;
+ }
+ 
+@@ -63,4 +66,4 @@ int dim_hash_calculate(const void *data, unsigned int len,
+ 		return ret;
+ 
+ 	return crypto_shash_final(shash, digest->data);
+-}
+\ No newline at end of file
++}
+-- 
+2.33.0
+

backport-Change-the-permissions-of-the-dim-directory-to-500.patch

@@ -0,0 +1,25 @@
+From 09d308cc79011c1d83fb9ffe7741c7b023f07cbe Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 18 Jun 2024 09:28:08 +0800
+Subject: [PATCH 10/14] Change the permissions of the dim directory to 500
+
+---
+ src/common/dim_entry.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/dim_entry.h b/src/common/dim_entry.h
+index 1c557b8..bb023b6 100644
+--- a/src/common/dim_entry.h
++++ b/src/common/dim_entry.h
+@@ -11,7 +11,7 @@
+ 
+ #include "dim_measure_log.h"
+ 
+-#define DIM_ENTRY_DIR_MASK (S_IFDIR | S_IRWXU | S_IRUSR)
++#define DIM_ENTRY_DIR_MASK (S_IFDIR | S_IXUSR | S_IRUSR)
+ #define DIM_ENTRY_RW_MASK (S_IWUSR | S_IRUSR)
+ #define DIM_ENTRY_W_MASK (S_IWUSR)
+ #define DIM_ENTRY_R_MASK (S_IRUSR)
+-- 
+2.33.0
+

backport-Fix-NULL-pointer-reference-when-kill-child-processes.patch

@@ -0,0 +1,27 @@
+From a8ce34c0c661683fe33ef79be2b5b6819d4adfde Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 14:54:40 +0800
+Subject: [PATCH 02/14] Fix NULL pointer reference when kill child processes
+
+---
+ .../tasks/dim_core_measure_process/dim_core_measure_process.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+index e5e262a..c1efa02 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+@@ -89,8 +89,8 @@ static int kill_task_tree(struct task_struct *tsk)
+ 		return -ENOMEM;
+ 
+ 	dim_core_kernel_symbol.walk_process_tree(tsk, store_task_tree, &ctx);
+-	if (ctx.len != 0) {
+-		for (i = ctx.len; i >= 0; i--) {
++	if (ctx.len > 0) {
++		for (i = ctx.len - 1; i >= 0; i--) {
+ 			send_sig(SIGKILL, ctx.buf[i], 1);
+ 			put_task_struct(ctx.buf[i]);
+ 		}
+-- 
+2.33.0
+

backport-Fix-calculating-ELF-memory-address.patch

@@ -0,0 +1,39 @@
+From 6c1a35ac10351a2b2d4d66899f5848c1201ca6fc Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 21:55:45 +0800
+Subject: [PATCH 01/28] Fix calculating ELF memory address
+
+---
+ .../dim_core_measure_process_elf.c                         | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+index 3821c7f..76d1560 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+@@ -266,6 +266,7 @@ static int measure_elf_text(struct vm_area_struct *vma,
+ 	int ret = 0;
+ 	unsigned int i = 0;
+ 	unsigned long addr = 0;
++	unsigned long base = 0;
+ 	struct elf_phdr *phdr = NULL;
+ 	struct dim_digest digest = {
+ 		.algo = ctx->m->hash.algo,
+@@ -276,10 +277,12 @@ static int measure_elf_text(struct vm_area_struct *vma,
+ 	ret = crypto_shash_init(shash);
+ 	if (ret < 0)
+ 		return ret;
+-	
++
++	base = vma->vm_start - phdrs_text[0].p_vaddr;
++
+ 	for (; i < phdrs_text_num; i++) {
+ 		phdr = &phdrs_text[i];
+-		addr = vma->vm_start + phdr->p_vaddr - vma->vm_pgoff * PAGE_SIZE;
++		addr = base + phdr->p_vaddr;
+ 		ret = dim_vm_hash_update_address(vma->vm_mm, addr,
+ 						 phdr->p_memsz, shash);
+ 		if (ret < 0)
+-- 
+2.33.0
+

backport-Fix-calculating-ELF-trampoline-address.patch

@@ -0,0 +1,79 @@
+From 89d0f0762a2241b518e55b45337c1874f74e2520 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 14:51:46 +0800
+Subject: [PATCH 01/14] Fix calculating ELF trampoline address
+
+---
+ .../dim_core_measure_process_elf.c                 | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+index 76d1560..12040e2 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+@@ -233,6 +233,7 @@ static int get_elf_measure_area(struct file *elf_file,
+ }
+ 
+ static int measure_elf_trampoline(struct vm_area_struct *vma,
++				  unsigned long base,
+ 				  struct elf_shdr *shdr_trampoline,
+ 				  struct task_measure_ctx *ctx)
+ {
+@@ -243,7 +244,7 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
+ 		.algo = ctx->m->hash.algo,
+ 	};
+ 
+-	addr_trampoline = vma->vm_start + shdr_trampoline->sh_addr;
++	addr_trampoline = base + shdr_trampoline->sh_addr;
+ 	vma_trampoline = find_vma(vma->vm_mm, addr_trampoline);
+ 	if (vma_trampoline == NULL || !vma_is_text(vma_trampoline) ||
+ 	    vma_trampoline->vm_start != addr_trampoline)
+@@ -259,6 +260,7 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
+ }
+ 
+ static int measure_elf_text(struct vm_area_struct *vma,
++			    unsigned long base,
+ 			    struct elf_phdr *phdrs_text,
+ 			    unsigned int phdrs_text_num,
+ 			    struct task_measure_ctx *ctx)
+@@ -266,7 +268,6 @@ static int measure_elf_text(struct vm_area_struct *vma,
+ 	int ret = 0;
+ 	unsigned int i = 0;
+ 	unsigned long addr = 0;
+-	unsigned long base = 0;
+ 	struct elf_phdr *phdr = NULL;
+ 	struct dim_digest digest = {
+ 		.algo = ctx->m->hash.algo,
+@@ -278,8 +279,6 @@ static int measure_elf_text(struct vm_area_struct *vma,
+ 	if (ret < 0)
+ 		return ret;
+ 
+-	base = vma->vm_start - phdrs_text[0].p_vaddr;
+-
+ 	for (; i < phdrs_text_num; i++) {
+ 		phdr = &phdrs_text[i];
+ 		addr = base + phdr->p_vaddr;
+@@ -322,7 +321,10 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 		return ret;
+ 	}
+ 
+-	ret = measure_elf_text(vma, phdrs_text, phdrs_text_num, ctx);
++	/* the vma is the first file-mapping text segment */
++	base = vma->vm_start - phdrs_text[0].p_vaddr;
++
++	ret = measure_elf_text(vma, base, phdrs_text, phdrs_text_num, ctx);
+ 	dim_kfree(phdrs_text);
+ 	if (ret < 0) {
+ 		dim_err("failed to measure elf text: %d\n", ret);
+@@ -330,7 +332,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 	}
+ 
+ 	if (shdr_trampoline_find) {
+-		ret = measure_elf_trampoline(vma, &shdr_trampoline, ctx);
++		ret = measure_elf_trampoline(vma, base, &shdr_trampoline, ctx);
+ 		if (ret < 0) {
+ 			dim_err("failed to measure elf trampoline: %d\n", ret);
+ 			return ret;
+-- 
+2.33.0
+

backport-Fix-print-errors.patch

@@ -0,0 +1,25 @@
+From 64e205655a1b8c885a1419116f1ddc724f07f844 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 18 Jun 2024 09:34:57 +0800
+Subject: [PATCH 12/14] Fix print errors
+
+---
+ src/core/policy/dim_core_policy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/policy/dim_core_policy.c b/src/core/policy/dim_core_policy.c
+index da734d3..adcdabe 100644
+--- a/src/core/policy/dim_core_policy.c
++++ b/src/core/policy/dim_core_policy.c
+@@ -132,7 +132,7 @@ static int policy_check_add_module_text(struct dim_policy *policy)
+ 	}
+ 
+ 	if (policy->path != NULL)
+-		dim_warn("path is ignored for BPRM_TEXT policy\n");
++		dim_warn("path is ignored for MODULE_TEXT policy\n");
+ 
+ 	if (policy->action != DIM_POLICY_ACTION_LOG)
+ 		dim_warn("action is ignored for MODULE_TEXT policy\n");
+-- 
+2.33.0
+

backport-Fix-the-issue-that-the-memory-allocation-is-too-larg.patch

@@ -0,0 +1,37 @@
+From ebcef654f8825e1db58a2d9bc62727ab9d4728a0 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 20:33:05 +0800
+Subject: [PATCH 08/14] Fix the issue that the memory allocation is too large.
+
+---
+ src/common/dim_utils.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c
+index 598e824..57ea3e9 100644
+--- a/src/common/dim_utils.c
++++ b/src/common/dim_utils.c
+@@ -9,6 +9,8 @@
+ #include "dim_safe_func.h"
+ #include "dim_utils.h"
+ 
++#define DIM_MAX_LINE_BUF (8 * 1024)
++
+ int dim_get_absolute_path(const char *path, const char **result)
+ {
+ 	int ret = 0;
+@@ -83,6 +85,11 @@ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, vo
+ 			line = &buf[i + 1];
+ 		} else {
+ 			line_len = buf + i - line + 1;
++			if (line_len + 1 > DIM_MAX_LINE_BUF) {
++				dim_err("failed to alloc memory for line buff\n");
++				return -ENOMEM;
++			}
++
+ 			line_buf = dim_kzalloc_gfp(line_len + 1);
+ 			if (line_buf == NULL)
+ 				return -ENOMEM;
+-- 
+2.33.0
+

backport-Fix-the-type-of-pcr.patch

@@ -0,0 +1,51 @@
+From 3fe99160401896477f5a7c2747c9aceb15170fce Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 23:45:00 +0800
+Subject: [PATCH 07/28] Fix the type of pcr
+
+---
+ src/common/dim_measure_log.c | 4 ++--
+ src/common/dim_measure_log.h | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/dim_measure_log.c b/src/common/dim_measure_log.c
+index b84e635..4b3bd34 100644
+--- a/src/common/dim_measure_log.c
++++ b/src/common/dim_measure_log.c
+@@ -272,9 +272,9 @@ int dim_measure_log_init_tree(struct dim_measure_log_tree *root,
+ 			      struct dim_hash *hash, 
+ 			      struct dim_tpm *tpm,
+ 			      unsigned int cap,
+-			      char pcr)
++			      unsigned int pcr)
+ {
+-	if (root == NULL || hash == NULL || pcr < 0)
++	if (root == NULL || hash == NULL)
+ 		return -EINVAL;
+ 
+ 	rwlock_init(&root->lock);
+diff --git a/src/common/dim_measure_log.h b/src/common/dim_measure_log.h
+index 6ea2361..fcf53aa 100644
+--- a/src/common/dim_measure_log.h
++++ b/src/common/dim_measure_log.h
+@@ -37,7 +37,7 @@ struct dim_measure_log_tree {
+ 	struct list_head list_root; /* list root for printing logs in order */
+ 	struct dim_hash *hash; /* algorithm for calculating log hash */
+ 	struct dim_tpm *tpm;
+-	char pcr;
++	unsigned int pcr;
+ 	rwlock_t lock;
+ 	unsigned int count; /* number of log */
+ 	unsigned int cap; /* capacity of log */
+@@ -93,7 +93,7 @@ static inline bool is_same_dim_measure_log(struct dim_measure_log *x,
+ 
+ int dim_measure_log_init_tree(struct dim_measure_log_tree *root,
+ 			      struct dim_hash *hash, struct dim_tpm *tpm,
+-			      unsigned int cap, char pcr);
++			      unsigned int cap, unsigned int pcr);
+ void dim_measure_log_destroy_tree(struct dim_measure_log_tree *root);
+ int dim_measure_log_add(struct dim_measure_log_tree *root,
+ 			     const char *name_str,
+-- 
+2.33.0
+

backport-Maximun-number-of-line-in-a-modification-policy.patch

@@ -0,0 +1,55 @@
+From f96c809dc83d8d0f44e586ccc4441e80dfe135f4 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 19:59:15 +0800
+Subject: [PATCH 05/14] Maximun number of line in a modification policy
+
+---
+ src/core/policy/dim_core_policy.h         | 2 +-
+ src/core/policy/dim_core_policy_complex.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/policy/dim_core_policy.h b/src/core/policy/dim_core_policy.h
+index 7f2c756..3b38d13 100644
+--- a/src/core/policy/dim_core_policy.h
++++ b/src/core/policy/dim_core_policy.h
+@@ -10,7 +10,7 @@
+ /* the policy filepath */
+ #define DIM_POLICY_PATH "/etc/dim/policy"
+ /* max number of lines for parsing */
+-#define DIM_POLICY_LINE_MAX 10000
++#define DIM_POLICY_LINE_MAX 100000
+ 
+ /* measurement object of policy */
+ enum dim_policy_obj {
+diff --git a/src/core/policy/dim_core_policy_complex.c b/src/core/policy/dim_core_policy_complex.c
+index 8c02227..cba2dd7 100644
+--- a/src/core/policy/dim_core_policy_complex.c
++++ b/src/core/policy/dim_core_policy_complex.c
+@@ -165,7 +165,7 @@ static int policy_parse_line(char* line, int line_no, void *data)
+ 	ret = parse_line(line, policy);
+ 	if (ret < 0) {
+ 		policy_destroy(policy);
+-		dim_err("fail to parse policy at line %d: %d\n", line_no, ret);
++		dim_err("failed to parse policy at line %d: %d\n", line_no, ret);
+ 		return ret;
+ 	}
+ 
+@@ -174,7 +174,7 @@ static int policy_parse_line(char* line, int line_no, void *data)
+ 		policy_destroy(policy);
+ 		/* ignore the repeat add */
+ 		if (ret != -EEXIST)
+-			dim_err("fail to add policy at line %d: %d\n", line_no, ret);
++			dim_err("failed to add policy at line %d: %d\n", line_no, ret);
+ 		return ret == -EEXIST ? 0 : ret;
+ 	}
+ 
+@@ -188,4 +188,4 @@ int policy_parse_complex_format(char *buf, size_t buf_len,
+ 		return -EINVAL;
+ 
+ 	return dim_parse_line_buf(buf, buf_len, policy_parse_line, policy_add);
+-}
+\ No newline at end of file
++}
+-- 
+2.33.0
+

backport-Optimize-task-kill-and-log-the-static-baseline-when-.patch

@@ -0,0 +1,110 @@
+From 8b7fea1bbb1796e710b9dea928de7e6e1715022f Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 20:22:45 +0800
+Subject: [PATCH 06/14] Optimize task kill and log the static baseline when
+ tampered
+
+---
+ .../dim_core_measure_process.c                | 56 ++++---------------
+ 1 file changed, 12 insertions(+), 44 deletions(-)
+
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+index c1efa02..2ea1980 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+@@ -21,16 +21,6 @@
+ #include "dim_core_measure_task.h"
+ #include "dim_core_measure_process.h"
+ 
+-/* max number of tasks to kill */
+-#define DIM_KILL_TASKS_MAX (1024)
+-
+-struct task_kill_ctx {
+-	struct task_struct **buf;
+-	int len;
+-	int size;
+-	int ret;
+-};
+-
+ static struct vm_area_struct *next_module_text_vma(struct vm_area_struct *vma)
+ {
+ 	struct vm_area_struct *v = NULL;
+@@ -48,55 +38,33 @@ static struct vm_area_struct *next_module_text_vma(struct vm_area_struct *vma)
+ 	return v;
+ }
+ 
+-static int store_task_tree(struct task_struct *p, void *data)
++static int kill_task(struct task_struct *p, void * __always_unused data)
+ {
+-	unsigned int new_size = 0;
+-	struct task_struct **tmp = NULL;
+-	struct task_kill_ctx *ctx = (struct task_kill_ctx *)data;
+-
+-	if (ctx->len == ctx->size) {
+-		if (ctx->size >= DIM_KILL_TASKS_MAX)
+-			return -ERANGE;
+-
+-		/* realloc to size * 2 */
+-		new_size = ctx->size << 1;
+-		tmp = dim_krealloc_atom(ctx->buf,
+-				new_size * sizeof(struct task_struct *));
+-		if (tmp == NULL)
+-			return -ENOMEM;
+-
+-		ctx->buf = tmp;
++	if (p == current) {
++		/* dont kill the current process */
++		dim_warn("don't kill the current process\n");
++		return 0;
+ 	}
+ 
+-	ctx->buf[ctx->len++] = get_task_struct(p);
++	send_sig(SIGKILL, p, 1);
+ 	return 1;
+ }
+ 
+ static int kill_task_tree(struct task_struct *tsk)
+ {
+-	int i = 0;
+-	const int def_size = 32;
+-	struct task_kill_ctx ctx = { .size = def_size };
+-
+ 	if (tsk->pid == 1) {
+ 		/* dont kill the init process */
+ 		dim_warn("the pid of tampered task is 1, don't kill it\n");
+ 		return 0;
+ 	}
+ 
+-	ctx.buf = dim_kzalloc_gfp(def_size * sizeof(struct task_struct *));
+-	if (ctx.buf == NULL)
+-		return -ENOMEM;
+-
+-	dim_core_kernel_symbol.walk_process_tree(tsk, store_task_tree, &ctx);
+-	if (ctx.len > 0) {
+-		for (i = ctx.len - 1; i >= 0; i--) {
+-			send_sig(SIGKILL, ctx.buf[i], 1);
+-			put_task_struct(ctx.buf[i]);
+-		}
++	if (tsk == current) {
++		/* dont kill the current process */
++		dim_warn("don't kill the current process\n");
++		return 0;
+ 	}
+ 
+-	dim_kfree(ctx.buf);
++	dim_core_kernel_symbol.walk_process_tree(tsk, kill_task, NULL);
+ 	send_sig(SIGKILL, tsk, 1);
+ 	return 0;
+ }
+@@ -140,7 +108,7 @@ static int check_process_digest(struct dim_digest *digest,
+ 		return ret;
+ 	}
+ 
+-	if (log_flag != LOG_TAMPERED ||
++	if (log_flag != LOG_TAMPERED || ctx->mode != DIM_MEASURE ||
+ 	    dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
+ 		return 0;
+ 
+-- 
+2.33.0
+

backport-Remove-unused-symbol-in-dim_core.patch

@@ -0,0 +1,40 @@
+From 79ad6482e5156c864973ca9e9f7f1a0e68290aa8 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 30 Apr 2024 00:42:43 +0800
+Subject: [PATCH 09/28] Remove unused symbol in dim_core
+
+---
+ src/core/dim_core_symbol.c | 14 +++-----------
+ 1 file changed, 3 insertions(+), 11 deletions(-)
+
+diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c
+index eeb9240..38c9f02 100644
+--- a/src/core/dim_core_symbol.c
++++ b/src/core/dim_core_symbol.c
+@@ -45,20 +45,12 @@ int dim_core_kallsyms_init(void)
+ 	k->find_get_task_by_vpid = (DIM_FIND_GET_TASK_BY_VPID)
+ 		dim_kallsyms_lookup_name("find_get_task_by_vpid");
+ #endif
+-#ifndef JUMP_LABEL_NOP_SIZE
+-	k->arch_jump_entry_size = (DIM_ARCH_JUMP_ENTRY_SIZE)
+-		dim_kallsyms_lookup_name("arch_jump_entry_size");
+-#endif
+ 
+ 	return (k->stext == NULL || k->etext == NULL ||
+-#ifndef JUMP_LABEL_NOP_SIZE
+-		k->arch_jump_entry_size == NULL ||
+-#endif
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
+ 		k->find_module == NULL || k->find_get_task_by_vpid == NULL ||
+ #endif
+-	    k->start_jump_table == NULL || k->stop_jump_table == NULL ||
+-	    k->jump_label_lock == NULL || k->jump_label_lock == NULL ||
+-	    k->walk_process_tree == NULL) ? -ENOENT : 0;
++		k->start_jump_table == NULL || k->stop_jump_table == NULL ||
++		k->jump_label_lock == NULL || k->jump_label_lock == NULL ||
++		k->walk_process_tree == NULL) ? -ENOENT : 0;
+ }
+-
+-- 
+2.33.0
+

backport-Try-to-add-the-absolute-path-of-process-in-static-ba.patch

@@ -0,0 +1,43 @@
+From 3c7a97428e8605ddcd12f7928f590d6f89d664f8 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Sun, 5 May 2024 11:43:10 +0800
+Subject: [PATCH 06/28] Try to add the absolute path of process in static
+ baseline
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ .../static_baseline/dim_core_static_baseline.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/static_baseline/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
+index e33c67c..ff05690 100644
+--- a/src/core/static_baseline/dim_core_static_baseline.c
++++ b/src/core/static_baseline/dim_core_static_baseline.c
+@@ -46,7 +46,23 @@ static int baseline_check_add(const char *name, int type,
+ 			      struct dim_digest *digest,
+ 			      struct dim_measure *m)
+ {
+-	return dim_measure_static_baseline_add(m, name, type, digest);
++	int ret = 0;
++	const char *real_path = NULL;
++
++	if (type == DIM_BASELINE_KERNEL)
++		return dim_measure_static_baseline_add(m, name, type, digest);
++
++	/* for process, try to add the absolute path */
++	ret = dim_get_absolute_path(name, &real_path);
++	if (ret < 0) {
++		dim_warn("failed to get absolute path of %s in static baeline: %d\n",
++			 name, ret);
++		return dim_measure_static_baseline_add(m, name, type, digest);
++	}
++
++	ret = dim_measure_static_baseline_add(m, real_path, type, digest);
++	dim_kfree(real_path);
++	return ret;
+ }
+ 
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
+-- 
+2.33.0
+

backport-Unified-log-printing-format.patch

@@ -0,0 +1,71 @@
+From fc44808dc01e95de501db0e2ca9ad84bb4815948 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 18 Jun 2024 09:32:10 +0800
+Subject: [PATCH 11/14] Unified log printing format
+
+---
+ src/core/policy/dim_core_policy.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/policy/dim_core_policy.c b/src/core/policy/dim_core_policy.c
+index f10a256..da734d3 100644
+--- a/src/core/policy/dim_core_policy.c
++++ b/src/core/policy/dim_core_policy.c
+@@ -70,17 +70,17 @@ static int policy_check_add_bprm_text(struct dim_policy *policy)
+ 
+ 	/* check the policy is valid */
+ 	if (policy->path == NULL) {
+-		pr_err("path must be set for BPRM_TEXT policy\n");
++		dim_err("path must be set for BPRM_TEXT policy\n");
+ 		return -EINVAL;
+ 	}
+ 
+ 	if (strlen(policy->path) + 1 > PATH_MAX) {
+-		pr_err("path must be shorter than %d\n", PATH_MAX);
++		dim_err("path must be shorter than %d\n", PATH_MAX);
+ 		return -ENAMETOOLONG;
+ 	}
+ 
+ 	if (policy->name != NULL)
+-		pr_warn("name is ignored for BPRM_TEXT policy\n");
++		dim_warn("name is ignored for BPRM_TEXT policy\n");
+ 
+ 	/* firstly, add the current node */
+ 	ret = dim_policy_rb_add(&policy_root, policy, NULL);
+@@ -122,20 +122,20 @@ static int policy_check_add_bprm_text(struct dim_policy *policy)
+ static int policy_check_add_module_text(struct dim_policy *policy)
+ {
+ 	if (policy->name == NULL) {
+-		pr_err("name must be set for MODULE_TEXT policy\n");
++		dim_err("name must be set for MODULE_TEXT policy\n");
+ 		return -EINVAL;
+ 	}
+ 
+ 	if (strlen(policy->name) + 1 > NAME_MAX) {
+-		pr_err("name must be shorter than %d\n", NAME_MAX);
++		dim_err("name must be shorter than %d\n", NAME_MAX);
+ 		return -ENAMETOOLONG;
+ 	}
+ 
+ 	if (policy->path != NULL)
+-		pr_warn("path is ignored for BPRM_TEXT policy\n");
++		dim_warn("path is ignored for BPRM_TEXT policy\n");
+ 
+ 	if (policy->action != DIM_POLICY_ACTION_LOG)
+-		pr_warn("action is ignored for MODULE_TEXT policy\n");
++		dim_warn("action is ignored for MODULE_TEXT policy\n");
+ 
+ 	return dim_policy_rb_add(&policy_root, policy, NULL);
+ }
+@@ -144,7 +144,7 @@ static int policy_check_add_kernel_text(struct dim_policy *policy)
+ {
+ 	if (policy->name != NULL || policy->path != NULL ||
+ 	    policy->action != DIM_POLICY_ACTION_LOG)
+-		pr_warn("all parameters are ignored for KERNEL_TEXT policy\n");
++		dim_warn("all parameters are ignored for KERNEL_TEXT policy\n");
+ 
+ 	return dim_policy_rb_add(&policy_root, policy, NULL);
+ }
+-- 
+2.33.0
+

backport-add-missing-line-break-in-log-printing.patch

@@ -0,0 +1,32 @@
+From 03facf95debc7d34e64b69a1da8200ada1f0a75a Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Thu, 9 May 2024 15:47:18 +0800
+Subject: [PATCH 13/28] add missing line break in log printing
+
+---
+ src/core/dim_core_measure.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index 2ccd1a1..caf767c 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -73,13 +73,13 @@ int dim_core_interval_set(unsigned int min)
+ 
+ 	atomic_set(&measure_interval, min);
+ 	if (min == 0) {
+-		dim_info("cancel dim timed measure work");
++		dim_info("cancel dim timed measure work\n");
+ 		cancel_delayed_work_sync(&dim_measure_work);
+ 	} else {
+ 		jiffies = nsecs_to_jiffies64((unsigned long)min *
+ 					     DIM_MINUTE_TO_NSEC);
+ 		dim_info("modify dim measure interval to %u min "
+-			 "(jittfies = 0x%lx)", min, jiffies);
++			 "(jittfies = 0x%lx)\n", min, jiffies);
+ 		mod_delayed_work(dim_work_queue, &dim_measure_work, jiffies);
+ 	}
+ 
+-- 
+2.33.0
+

backport-add-parameter-check.patch

@@ -0,0 +1,71 @@
+From 363b0761d007fa20e165f385a085a2fcf6fc11a0 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 18 Jun 2024 09:45:47 +0800
+Subject: [PATCH 13/14] add parameter check
+
+---
+ src/common/dim_measure_log.c             | 3 +++
+ src/core/tasks/dim_core_measure_kernel.c | 6 +++---
+ src/core/tasks/dim_core_measure_module.c | 6 ++++--
+ 3 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/common/dim_measure_log.c b/src/common/dim_measure_log.c
+index 4b3bd34..59654a5 100644
+--- a/src/common/dim_measure_log.c
++++ b/src/common/dim_measure_log.c
+@@ -33,6 +33,9 @@ static int cal_measure_log_digest(const char *name,
+ 	int digest_size = dim_digest_size(info->digest.algo);
+ 	SHASH_DESC_ON_STACK(shash, hash->tfm);
+ 
++	if (algo_name == NULL)
++		return -EINVAL;
++
+ 	shash->tfm = hash->tfm;
+ 	ret = crypto_shash_init(shash);
+ 	if (ret < 0)
+diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
+index fa04ae4..bb7fd74 100644
+--- a/src/core/tasks/dim_core_measure_kernel.c
++++ b/src/core/tasks/dim_core_measure_kernel.c
+@@ -139,13 +139,13 @@ static int kernel_text_measure(int mode, struct dim_measure *m)
+ {
+ 	int ret = 0;
+ 	const char *kr = init_uts_ns.name.release;
+-	struct dim_digest digest = {
+-		.algo = m->hash.algo,
+-	};
++	struct dim_digest digest = {0};
+ 
+ 	if (m == NULL)
+ 		return -EINVAL;
+ 
++	digest.algo = m->hash.algo;
++
+ 	if (!dim_core_policy_match(DIM_POLICY_OBJ_KERNEL_TEXT,
+ 				   DIM_POLICY_KEY_NAME, kr))
+ 		return 0;
+diff --git a/src/core/tasks/dim_core_measure_module.c b/src/core/tasks/dim_core_measure_module.c
+index feb6624..613e0e5 100644
+--- a/src/core/tasks/dim_core_measure_module.c
++++ b/src/core/tasks/dim_core_measure_module.c
+@@ -64,13 +64,15 @@ static int measure_module(struct dim_policy *policy, void *data)
+ {
+ 	int ret = 0;
+ 	struct module_text_measure_ctx *ctx = data;
+-	const char *mod_name = policy->name;
++	const char *mod_name = NULL;
+ 	struct dim_digest digest = { 0 };
+ 
+ 	if (policy == NULL || policy->obj != DIM_POLICY_OBJ_MODULE_TEXT ||
+-	    mod_name == NULL)
++	    policy->name == NULL)
+ 		return 0;
+ 
++	mod_name = policy->name;
++
+ 	/* if module is not inserted in baseline_init stage, ignore it */
+ 	if (ctx->mode == DIM_MEASURE &&
+ 	    dim_measure_dynamic_baseline_search(ctx->m, mod_name,
+-- 
+2.33.0
+

backport-add-two-interfaces-for-baseline-operations.patch

@@ -0,0 +1,65 @@
+From 59720657cc90aad769fa6a7bef2175f12dae72ef Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 23:02:27 +0800
+Subject: [PATCH 04/28] add two interfaces for baseline operations
+
+---
+ src/measure/dim_measure.h          |  7 +++++++
+ src/measure/dim_measure_baseline.c | 20 ++++++++++++++++++++
+ 2 files changed, 27 insertions(+)
+
+diff --git a/src/measure/dim_measure.h b/src/measure/dim_measure.h
+index d73fbaf..f5140f0 100644
+--- a/src/measure/dim_measure.h
++++ b/src/measure/dim_measure.h
+@@ -101,9 +101,16 @@ int dim_measure_process_dynamic_result(struct dim_measure *m, int mode,
+ int dim_measure_static_baseline_add(struct dim_measure *m,
+ 				    const char *name, int type,
+ 				    struct dim_digest *digest);
++int dim_measure_dynamic_baseline_add(struct dim_measure *m,
++				     const char *name, int type,
++				     struct dim_digest *digest);
++int dim_measure_static_baseline_search(struct dim_measure *m,
++				       const char *name, int type,
++				       struct dim_digest *digest);
+ int dim_measure_dynamic_baseline_search(struct dim_measure *m,
+ 					const char *name, int type,
+ 					struct dim_digest *digest);
++
+ /* functions for dim measurement task */
+ int dim_measure_tasks_register(struct dim_measure *m,
+ 			       struct dim_measure_task **tasks,
+diff --git a/src/measure/dim_measure_baseline.c b/src/measure/dim_measure_baseline.c
+index c62d6be..b73b639 100644
+--- a/src/measure/dim_measure_baseline.c
++++ b/src/measure/dim_measure_baseline.c
+@@ -224,6 +224,26 @@ int dim_measure_static_baseline_add(struct dim_measure *m,
+ 	return static_baseline_add(m, name, type, digest);
+ }
+ 
++int dim_measure_dynamic_baseline_add(struct dim_measure *m,
++				     const char *name, int type,
++				     struct dim_digest *digest)
++{
++	if (m == NULL)
++		return -EINVAL;
++
++	return dynamic_baseline_add(m, name, type, digest);
++}
++
++int dim_measure_static_baseline_search(struct dim_measure *m,
++				       const char *name, int type,
++				       struct dim_digest *digest)
++{
++	if (m == NULL)
++		return -EINVAL;
++
++	return static_baseline_search(m, name, type, digest);
++}
++
+ int dim_measure_dynamic_baseline_search(struct dim_measure *m,
+ 					const char *name, int type,
+ 					struct dim_digest *digest)
+-- 
+2.33.0
+

backport-dont-kill-the-init-process.patch

@@ -0,0 +1,29 @@
+From b515dc62636113d06ac524476da7c30fa3fd42b0 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Thu, 9 May 2024 15:16:28 +0800
+Subject: [PATCH 10/28] dont kill the init process
+
+---
+ .../dim_core_measure_process/dim_core_measure_process.c     | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+index 643b661..e5e262a 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+@@ -78,6 +78,12 @@ static int kill_task_tree(struct task_struct *tsk)
+ 	const int def_size = 32;
+ 	struct task_kill_ctx ctx = { .size = def_size };
+ 
++	if (tsk->pid == 1) {
++		/* dont kill the init process */
++		dim_warn("the pid of tampered task is 1, don't kill it\n");
++		return 0;
++	}
++
+ 	ctx.buf = dim_kzalloc_gfp(def_size * sizeof(struct task_struct *));
+ 	if (ctx.buf == NULL)
+ 		return -ENOMEM;
+-- 
+2.33.0
+

backport-dont-warp-strncpy.patch

@@ -0,0 +1,45 @@
+From 6f0a9e9a1ce574b5b2d28fbf986bf551d38b3832 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Thu, 9 May 2024 15:56:17 +0800
+Subject: [PATCH 14/28] dont warp strncpy
+
+---
+ src/common/dim_baseline.c  |  2 +-
+ src/common/dim_safe_func.h | 10 +---------
+ 2 files changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
+index 3272ded..17c58dd 100644
+--- a/src/common/dim_baseline.c
++++ b/src/common/dim_baseline.c
+@@ -106,7 +106,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
+ 	if (ret < 0)
+ 		goto err;
+ 
+-	dim_strncpy((char *)baseline->name, name, buf_len - 1);
++	strncpy((char *)baseline->name, name, buf_len - 1);
+         ((char *)baseline->name)[buf_len - 1] = '\0';
+ 
+ 	write_lock(&root->lock);
+diff --git a/src/common/dim_safe_func.h b/src/common/dim_safe_func.h
+index 15c716c..8cba7b2 100644
+--- a/src/common/dim_safe_func.h
++++ b/src/common/dim_safe_func.h
+@@ -132,12 +132,4 @@ static inline int dim_strncmp(const char *cs, const char *ct, size_t count)
+ 	return strncmp(cs, ct, count);
+ }
+ 
+-static inline char *dim_strncpy(char *dest, const char *src, size_t count)
+-{
+-	if (dest == NULL || src == NULL)
+-		return NULL;
+-
+-	return strncpy(dest, src, count);
+-}
+-
+-#endif
+\ No newline at end of file
++#endif
+-- 
+2.33.0
+

backport-fix-double-free-in-tpm.patch

@@ -0,0 +1,42 @@
+From b313cae9712a5c13ad9617c39019693072372499 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 14:58:16 +0800
+Subject: [PATCH 03/14] fix double free in tpm
+
+---
+ src/common/dim_tpm.c      | 4 +++-
+ src/measure/dim_measure.c | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/common/dim_tpm.c b/src/common/dim_tpm.c
+index 6d3c255..35f3fac 100644
+--- a/src/common/dim_tpm.c
++++ b/src/common/dim_tpm.c
+@@ -74,4 +74,6 @@ void dim_tpm_destroy(struct dim_tpm *tpm)
+ 
+ 	put_device(&tpm->chip->dev);
+ 	dim_kfree(tpm->digests);
+-}
+\ No newline at end of file
++	tpm->chip = NULL;
++	tpm->digests = NULL;
++}
+diff --git a/src/measure/dim_measure.c b/src/measure/dim_measure.c
+index dd35cb8..c40be0e 100644
+--- a/src/measure/dim_measure.c
++++ b/src/measure/dim_measure.c
+@@ -44,8 +44,10 @@ int dim_measure_init(struct dim_measure *m, struct dim_measure_cfg *cfg)
+ 	/* 2. init TPM, dont break if init fail */
+ 	if (cfg->pcr > 0) {
+ 		ret = dim_tpm_init(&m->tpm, HASH_ALGO_SHA256);
+-		if (ret < 0)
++		if (ret < 0) {
++			cfg->pcr = 0;
+ 			dim_warn("failed to init tpm chip: %d\n", ret);
++		}
+ 	} else {
+ 		memset(&m->tpm, 0, sizeof(struct dim_tpm));
+ 	}
+-- 
+2.33.0
+

backport-fix-incorrect-indent.patch

@@ -0,0 +1,30 @@
+From 19a59c415c0360df06ccd540e1c9e847926f7fe4 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 22:41:47 +0800
+Subject: [PATCH 03/28] fix incorrect indent
+
+---
+ src/measure/dim_measure_status.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/measure/dim_measure_status.c b/src/measure/dim_measure_status.c
+index 28cfb43..e57e611 100644
+--- a/src/measure/dim_measure_status.c
++++ b/src/measure/dim_measure_status.c
+@@ -18,10 +18,10 @@ const char *dim_measure_status_print(struct dim_measure *m)
+ {
+ 	int status = 0;
+         
+-        if (m == NULL)
+-                return status_name[MEASURE_STATUS_LAST];
++	if (m == NULL)
++		return status_name[MEASURE_STATUS_LAST];
+ 
+-        status = atomic_read(&m->status);
++	status = atomic_read(&m->status);
+ 	if (status < 0 || status >= MEASURE_STATUS_LAST)
+ 		status = MEASURE_STATUS_LAST;
+ 
+-- 
+2.33.0
+

backport-fix-resource-clear-in-concurrent-scenarios.patch

@@ -0,0 +1,67 @@
+From 3c3197390d14cc94e3e0117969ab8c70d0976dd0 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 20:28:35 +0800
+Subject: [PATCH 07/14] fix resource clear in concurrent scenarios
+
+---
+ src/common/dim_entry.c   | 13 ++++++++++++-
+ src/core/dim_core_main.c |  2 +-
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/common/dim_entry.c b/src/common/dim_entry.c
+index a8dcae7..f2454ce 100644
+--- a/src/common/dim_entry.c
++++ b/src/common/dim_entry.c
+@@ -4,9 +4,12 @@
+ 
+ #include <linux/err.h>
+ #include <linux/security.h>
++#include <linux/delay.h>
+ 
+ #include "dim_entry.h"
+ 
++#define WAIT_TIME_MAX 1000
++
+ int dim_entry_create(struct dim_entry *entry, struct dentry *parent)
+ {
+ 	int ret = 0;
+@@ -27,7 +30,15 @@ int dim_entry_create(struct dim_entry *entry, struct dentry *parent)
+ 
+ void dim_entry_remove(struct dim_entry *entry)
+ {
++	int time_ms = 0;
++
+ 	if (entry != NULL && entry->dentry != NULL) {
++		while (d_is_dir(entry->dentry) &&
++		       !simple_empty(entry->dentry) &&
++		       time_ms < WAIT_TIME_MAX) {
++			time_ms++;
++			msleep(1);
++		}
+ 		securityfs_remove(entry->dentry);
+ 		entry->dentry = NULL;
+ 	}
+@@ -60,4 +71,4 @@ void dim_entry_remove_list(struct dim_entry **list, unsigned int len)
+ 
+ 	for (i = 0; i < len; i++)
+ 		dim_entry_remove(list[i]);
+-}
+\ No newline at end of file
++}
+diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
+index de18d66..d4cc870 100644
+--- a/src/core/dim_core_main.c
++++ b/src/core/dim_core_main.c
+@@ -91,8 +91,8 @@ err:
+ 
+ static void __exit dim_core_exit(void)
+ {
+-	dim_core_measure_destroy();
+ 	dim_core_destroy_fs();
++	dim_core_measure_destroy();
+ 	dim_mem_pool_destroy();
+ 
+ 	if (signature)
+-- 
+2.33.0
+

backport-fix-trampoline.patch

@@ -0,0 +1,113 @@
+From 478e0745ff6e37c03aa98f0883a18f7749d0afb2 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 17 Jun 2024 19:28:54 +0800
+Subject: [PATCH 04/14] fix trampoline
+
+---
+ src/common/dim_baseline.h                     |  2 ++
+ .../dim_core_measure_process_elf.c            | 33 +++++++++++++++++--
+ 2 files changed, 32 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/dim_baseline.h b/src/common/dim_baseline.h
+index 345b348..4292259 100644
+--- a/src/common/dim_baseline.h
++++ b/src/common/dim_baseline.h
+@@ -15,6 +15,7 @@ enum dim_baseline_type {
+ 	DIM_BASELINE_USER, /* baseline of user process */
+ 	DIM_BASELINE_KERNEL, /* baseline of kernel or kernel modules */
+ 	DIM_BASELINE_DATA,
++	DIM_BASELINE_TRAMPOLINE,
+ 	DIM_BASELINE_LAST,
+ };
+ 
+@@ -22,6 +23,7 @@ static const char *const dim_baseline_name[DIM_BASELINE_LAST] = {
+ 	[DIM_BASELINE_USER] = "USER",
+ 	[DIM_BASELINE_KERNEL] = "KERNEL",
+ 	[DIM_BASELINE_DATA] = "DATA",
++	[DIM_BASELINE_TRAMPOLINE] = "TRAMPOLINE",
+ };
+ 
+ struct dim_baseline_tree {
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+index 12040e2..df8d773 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
+@@ -222,7 +222,10 @@ static int get_elf_measure_area(struct file *elf_file,
+ 		return ret;
+ 	}
+ 
+-	// TODO
++	/* check if it is no need to measure trampoline */
++	if (shdr_trampoline == NULL)
++		return 0;
++
+ 	ret = get_elf_section(elf_file, &ehdr, TRAMPOLINE_SECTION_NAME, shdr_trampoline);
+ 	if (ret == 0)
+ 		*shdr_trampoline_find = true;
+@@ -256,6 +259,14 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
+ 		return ret;
+ 	}
+ 
++	/* for baseline mode, add an extra dynamic baseline of trampoline */
++	if (ctx->mode == DIM_BASELINE) {
++		ret = dim_measure_dynamic_baseline_add(ctx->m, ctx->path,
++				DIM_BASELINE_TRAMPOLINE, &digest);
++		if (ret < 0)
++			pr_warn("failed to add trampoline dynamic baseline\n");
++	}
++
+ 	return ctx->check(&digest, ctx);
+ }
+ 
+@@ -295,6 +306,18 @@ static int measure_elf_text(struct vm_area_struct *vma,
+ 	return ctx->check(&digest, ctx);
+ }
+ 
++static bool trampoline_baseline_exist(struct task_measure_ctx *ctx)
++{
++	struct dim_digest digest = { 0 };
++
++	/* measure trampoline only the baseline is set */
++	return ctx->mode == DIM_BASELINE ?
++		(dim_measure_static_baseline_search(ctx->m, ctx->path,
++			DIM_BASELINE_TRAMPOLINE, &digest) == 0) :
++		(dim_measure_dynamic_baseline_search(ctx->m, ctx->path,
++			DIM_BASELINE_TRAMPOLINE, &digest) == 0);
++}
++
+ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 				    struct task_measure_ctx *ctx)
+ {
+@@ -304,6 +327,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 	unsigned int phdrs_text_num = 0;
+ 	struct elf_shdr shdr_trampoline = { 0 };
+ 	bool shdr_trampoline_find = false;
++	bool trampoline_baseline_existed = false;
+ 
+ 	if (vma == NULL || !vma_is_file_text(vma) || ctx == NULL
+ 	    || ctx->m == NULL || ctx->check == NULL)
+@@ -314,8 +338,11 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 		return -ENOEXEC;
+ 	}
+ 
++	trampoline_baseline_existed = trampoline_baseline_exist(ctx);
++
+ 	ret = get_elf_measure_area(elf_file, &phdrs_text, &phdrs_text_num,
+-				   &shdr_trampoline, &shdr_trampoline_find);
++				   trampoline_baseline_existed ? &shdr_trampoline : NULL,
++				   &shdr_trampoline_find);
+ 	if (ret < 0) {
+ 		dim_err("failed to get elf measure area from vma\n");
+ 		return ret;
+@@ -331,7 +358,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
+ 		return ret;
+ 	}
+ 
+-	if (shdr_trampoline_find) {
++	if (shdr_trampoline_find && trampoline_baseline_existed) {
+ 		ret = measure_elf_trampoline(vma, base, &shdr_trampoline, ctx);
+ 		if (ret < 0) {
+ 			dim_err("failed to measure elf trampoline: %d\n", ret);
+-- 
+2.33.0
+

backport-ignore-return-value-if-the-measure-log-is-limited.patch

@@ -0,0 +1,26 @@
+From e5ad2b5264d67694eba932c247d78011da4fd308 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 18 Jun 2024 09:25:44 +0800
+Subject: [PATCH 09/14] ignore return value if the measure log is limited
+
+---
+ src/measure/dim_measure_baseline.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/measure/dim_measure_baseline.c b/src/measure/dim_measure_baseline.c
+index b73b639..185a06e 100644
+--- a/src/measure/dim_measure_baseline.c
++++ b/src/measure/dim_measure_baseline.c
+@@ -93,7 +93,8 @@ static int measure_log_add(struct dim_measure *m, const char *name,
+ 	int ret = dim_measure_log_add(&m->log, name, digest, flag);
+ 	if (ret < 0 && ret != -EEXIST) {
+ 		dim_err("failed to add measure log of %s: %d\n", name, ret);
+-		return ret;
++		/* the measure log of this object has been limited */
++		return ret == -ENOSPC ? 0 : ret;
+ 	}
+ 
+ 	return 0;
+-- 
+2.33.0
+

backport-set-dim_work_queue-to-NULL-after-fail-branch.patch

@@ -0,0 +1,28 @@
+From 849a1ffebc606304e8a47aaa1dac9001873ffff9 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Thu, 9 May 2024 15:31:46 +0800
+Subject: [PATCH 11/28] set dim_work_queue to NULL after fail branch
+
+---
+ src/core/dim_core_measure.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index 6b8cd49..2ccd1a1 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -247,8 +247,10 @@ int dim_core_measure_init(struct dim_measure_cfg *cfg, unsigned int interval)
+ 	return 0;
+ err:
+ 	dim_measure_destroy(&dim_core_handle);
+-	if (dim_work_queue != NULL)
++	if (dim_work_queue != NULL) {
+ 		destroy_workqueue(dim_work_queue);
++		dim_work_queue = NULL;
++	}
+ 
+ 	return ret;
+ }
+-- 
+2.33.0
+

backport-use-fs-interface-to-set-measure-action.patch

@@ -0,0 +1,141 @@
+From 1be543b4082c7cf516d11408abf35d1b3ec67254 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 29 Apr 2024 22:27:49 +0800
+Subject: [PATCH 02/28] use fs interface to set measure action
+
+---
+ src/core/dim_core_fs.c                          | 11 +++++++++++
+ src/core/dim_core_main.c                        |  4 ----
+ src/core/dim_core_measure.c                     | 17 +++++++++++++++++
+ src/core/dim_core_measure.h                     |  9 ++++++++-
+ .../dim_core_measure_process.c                  |  3 ++-
+ 5 files changed, 38 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
+index 4d6bdd4..4a82e53 100644
+--- a/src/core/dim_core_fs.c
++++ b/src/core/dim_core_fs.c
+@@ -53,6 +53,16 @@ dim_string_print_entry(dim_status, runtime_status, dim_core_status_print);
+ dim_uint_rw_entry(dim_interval, interval, dim_core_interval_get,
+ 		  dim_core_interval_set);
+ 
++/*
++ * measure action set and read interface
++ * dim_entry struct: dim_tampered_action_entry
++ * file entry name: tampered_action
++ * read function: dim_core_measure_action_get
++ * write function: dim_core_measure_action_set
++ */
++dim_uint_rw_entry(dim_tampered_action, tampered_action,
++		  dim_core_measure_action_get, dim_core_measure_action_set);
++
+ /*
+  * dim directory
+  */
+@@ -69,6 +79,7 @@ static struct dim_entry *dim_core_files[] = {
+ 	&dim_measure_log_entry,
+ 	&dim_status_entry,
+ 	&dim_interval_entry,
++	&dim_tampered_action_entry,
+ };
+ 
+ void dim_core_destroy_fs(void)
+diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
+index c62fa09..de18d66 100644
+--- a/src/core/dim_core_main.c
++++ b/src/core/dim_core_main.c
+@@ -33,15 +33,11 @@ MODULE_PARM_DESC(measure_pcr, "TPM PCR index to extend measure log");
+ 
+ /* special measurement configuration for dim_core */
+ static unsigned int measure_interval = 0;
+-bool dim_core_measure_action_enabled = 0;
+ static bool signature = false;
+ 
+ module_param(measure_interval, uint, 0);
+ MODULE_PARM_DESC(measure_interval, "Interval time (min) for automatic measurement");
+ 
+-module_param_named(measure_action, dim_core_measure_action_enabled, bool, 0);
+-MODULE_PARM_DESC(signature, "Enable actions when tampering detected");
+-
+ module_param(signature, bool, 0);
+ MODULE_PARM_DESC(signature, "Require signature for policy and static baseline");
+ 
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index f5b378c..6b8cd49 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -32,6 +32,7 @@ static struct work_struct dim_baseline_work;
+ 
+ /* special measurement parameters for dim_core */
+ static atomic_t measure_interval = ATOMIC_INIT(0);
++static atomic_t measure_action = ATOMIC_INIT(0);
+ 
+ /* interface to print measure status string */
+ const char *dim_core_status_print(void)
+@@ -39,6 +40,22 @@ const char *dim_core_status_print(void)
+ 	return dim_measure_status_print(&dim_core_handle);
+ }
+ 
++/* interface to get tampered action */
++long dim_core_measure_action_get(void)
++{
++	return atomic_read(&measure_action);
++}
++
++/* interface to set measure action */
++int dim_core_measure_action_set(unsigned int act)
++{
++	if (act >= DIM_MEASURE_ACTION_MAX)
++		return -ERANGE;
++
++	atomic_set(&measure_action, act);
++	return 0;
++}
++
+ /* interface to get measure interval */
+ long dim_core_interval_get(void)
+ {
+diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
+index 3522ba0..a91d0b3 100644
+--- a/src/core/dim_core_measure.h
++++ b/src/core/dim_core_measure.h
+@@ -16,7 +16,12 @@
+ #define DIM_MINUTE_TO_SEC (60UL)
+ #define DIM_MINUTE_TO_NSEC (60UL * 1000 * 1000 * 1000)
+ 
+-extern bool dim_core_measure_action_enabled;
++enum dim_measure_action {
++	DIM_MEASURE_ACTION_DISABLE,
++	DIM_MEASURE_ACTION_ENABLE,
++	DIM_MEASURE_ACTION_MAX,
++};
++
+ extern struct dim_measure dim_core_handle;
+ 
+ /* global init and destroy */
+@@ -25,6 +30,8 @@ void dim_core_measure_destroy(void);
+ 
+ /* control function for measurement parameters */
+ const char *dim_core_status_print(void);
++long dim_core_measure_action_get(void);
++int dim_core_measure_action_set(unsigned int act);
+ long dim_core_interval_get(void);
+ int dim_core_interval_set(unsigned int p);
+ long dim_core_tampered_action_get(void);
+diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+index 8522085..643b661 100644
+--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
++++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+@@ -134,7 +134,8 @@ static int check_process_digest(struct dim_digest *digest,
+ 		return ret;
+ 	}
+ 
+-	if (log_flag != LOG_TAMPERED || !dim_core_measure_action_enabled)
++	if (log_flag != LOG_TAMPERED ||
++	    dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
+ 		return 0;
+ 
+ 	/* now the process is tampered, check if action need to be taken */
+-- 
+2.33.0
+

dim.spec

@@ -4,7 +4,7 @@
 Name         :  dim
 Summary      :  Dynamic Integrity Measurement
 Version      :  1.0.2
-Release      :  6
+Release      :  8
 License      :  GPL-2.0
 Source0      :  %{name}-v%{version}.tar.gz
 BuildRequires:  kernel-devel kernel-headers
@@ -34,6 +34,32 @@ Patch0021:      backport-Use-warpper-dim_vzalloc-to-avoid-false-warning.patch
 Patch0022:      backport-Set-dim_core_keyring-to-NULL-when-initialize-failed.patch
 Patch0023:      backport-Disable-dfx-testcase-by-default.patch
 Patch0024:      backport-Support-init-function-for-measure-tasks.patch
+Patch0025:      backport-Fix-calculating-ELF-memory-address.patch
+Patch0026:      backport-use-fs-interface-to-set-measure-action.patch
+Patch0027:      backport-fix-incorrect-indent.patch
+Patch0028:      backport-add-two-interfaces-for-baseline-operations.patch
+Patch0029:      backport-Add-sm3-compile-macro-and-set-the-algo-name.patch
+Patch0030:      backport-Try-to-add-the-absolute-path-of-process-in-static-ba.patch
+Patch0031:      backport-Fix-the-type-of-pcr.patch
+Patch0032:      backport-Adapter-test-cases.patch
+Patch0033:      backport-Remove-unused-symbol-in-dim_core.patch
+Patch0034:      backport-dont-kill-the-init-process.patch
+Patch0035:      backport-set-dim_work_queue-to-NULL-after-fail-branch.patch
+Patch0037:      backport-add-missing-line-break-in-log-printing.patch
+Patch0038:      backport-dont-warp-strncpy.patch
+Patch0039:      backport-Fix-calculating-ELF-trampoline-address.patch
+Patch0040:      backport-Fix-NULL-pointer-reference-when-kill-child-processes.patch
+Patch0041:      backport-fix-double-free-in-tpm.patch
+Patch0042:      backport-fix-trampoline.patch
+Patch0043:      backport-Maximun-number-of-line-in-a-modification-policy.patch
+Patch0044:      backport-Optimize-task-kill-and-log-the-static-baseline-when-.patch
+Patch0045:      backport-fix-resource-clear-in-concurrent-scenarios.patch
+Patch0046:      backport-Fix-the-issue-that-the-memory-allocation-is-too-larg.patch
+Patch0047:      backport-ignore-return-value-if-the-measure-log-is-limited.patch
+Patch0048:      backport-Change-the-permissions-of-the-dim-directory-to-500.patch
+Patch0049:      backport-Unified-log-printing-format.patch
+Patch0050:      backport-Fix-print-errors.patch
+Patch0051:      backport-add-parameter-check.patch
 
 %description
 Dynamic Integrity Measurement
@@ -44,7 +70,7 @@ Dynamic Integrity Measurement
 %build
 cd src
 sed -i 's#/lib/modules/$(shell uname -r)/build#/lib/modules/%{kernel_version}/build#' Makefile
-make
+make EXTRA_CFLAGS+=-DDIM_HASH_SUPPORT_SM3
 
 %install
 mkdir -p $RPM_BUILD_ROOT/lib/modules/%{kernel_version}/extra/dim
@@ -72,6 +98,12 @@ rm -rf %{buildroot}
 %attr(0400,root,root) /lib/modules/%{kernel_version}/extra/dim/dim_monitor.ko
 
 %changelog
+* Mon Aug 19 2024 gengqihu <gengqihu2@h-partners.com> 1.0.2-8
+- Enabled DIM_HASH_SUPPORT_SM3
+
+* Mon Aug 19 2024 gengqihu <gengqihu2@h-partners.com> 1.0.2-7
+- fix some bugs
+
 * Tue Apr 16 2024 jinlun <jinlun@huawei.com> 1.0.2-6
 - backport some patches