Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v6.8 2023-12-08T22:45:10Z 2023-12-08T22:45:10Z Sumit Garg sumit.garg@linaro.org 2023-11-28T07:23:52Z urn:sha1:50709576d81bbcbe027d22c64cd2ec934bd9087b Add a separate documentation directory for TEE subsystem since it is a standalone subsystem which already offers devices consumed by multiple different subsystem drivers. Split overall TEE subsystem documentation modularly where: - The userspace API has been moved to Documentation/userspace-api/tee.rst. - The driver API has been moved to Documentation/driver-api/tee.rst. - The first module covers the overview of TEE subsystem. - The further modules are dedicated to different TEE implementations like: - OP-TEE - AMD-TEE - and so on for future TEE implementation support. Acked-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> Link: https://lore.kernel.org/r/20231128072352.866859-1-sumit.garg@linaro.org 2023-09-23T07:14:21Z Carlos Bilbao carlos.bilbao@amd.com 2023-09-14T16:20:46Z urn:sha1:1f597b1a6ec28f848fc236f17f246c4cac7aa8cc Kernel developers working on confidential computing for virtualized environments in x86 operate under a set of assumptions regarding the Linux kernel threat model that differs from the traditional view. Historically, the Linux threat model acknowledges attackers residing in userspace, as well as a limited set of external attackers that are able to interact with the kernel through networking or limited HW-specific exposed interfaces (e.g. USB, thunderbolt). The goal of this document is to explain additional attack vectors that arise in the virtualized confidential computing space. Reviewed-by: Larry Dewey <larry.dewey@amd.com> Reviewed-by: David Kaplan <david.kaplan@amd.com> Co-developed-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Carlos Bilbao <carlos.bilbao@amd.com> Message-ID: <98804f27-c2e7-74d6-d671-1eda927e19fe@amd.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2023-08-18T17:29:03Z Bjorn Helgaas bhelgaas@google.com 2023-08-14T21:28:22Z urn:sha1:d56b699d76d1b352f7a3d3a0a3e91c79b8612d94 Fix typos in Documentation. Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Link: https://lore.kernel.org/r/20230814212822.193684-4-helgaas@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2023-04-28T15:58:34Z Randy Dunlap rdunlap@infradead.org 2023-04-28T03:09:16Z urn:sha1:6d2ed653185baa5ba601306cbd6cd7192642045d Fix one kernel-doc warning, but invesigating that led to other kernel-doc movement (lsm_hooks.h to security.c) that needs to be fixed also. include/linux/lsm_hooks.h:1: warning: no structured comments found Fixes: e261301c851a ("lsm: move the remaining LSM hook comments to security/security.c") Fixes: 1cd2aca64a5d ("lsm: move the io_uring hook comments to security/security.c") Fixes: 452b670c7222 ("lsm: move the perf hook comments to security/security.c") Fixes: 55e853201a9e ("lsm: move the bpf hook comments to security/security.c") Fixes: b14faf9c94a6 ("lsm: move the audit hook comments to security/security.c") Fixes: 1427ddbe5cc1 ("lsm: move the binder hook comments to security/security.c") Fixes: 43fad2821876 ("lsm: move the sysv hook comments to security/security.c") Fixes: ecc419a44535 ("lsm: move the key hook comments to security/security.c") Fixes: 742b99456e86 ("lsm: move the xfrm hook comments to security/security.c") Fixes: ac318aed5498 ("lsm: move the Infiniband hook comments to security/security.c") Fixes: 4a49f592e931 ("lsm: move the SCTP hook comments to security/security.c") Fixes: 6b6bbe8c02a1 ("lsm: move the socket hook comments to security/security.c") Fixes: 2c2442fd46cd ("lsm: move the AF_UNIX hook comments to security/security.c") Fixes: 2bcf51bf2f03 ("lsm: move the netlink hook comments to security/security.c") Fixes: 130c53bfee4b ("lsm: move the task hook comments to security/security.c") Fixes: a0fd6480de48 ("lsm: move the file hook comments to security/security.c") Fixes: 9348944b775d ("lsm: move the kernfs hook comments to security/security.c") Fixes: 916e32584dfa ("lsm: move the inode hook comments to security/security.c") Fixes: 08526a902cc4 ("lsm: move the filesystem hook comments to security/security.c") Fixes: 36819f185590 ("lsm: move the fs_context hook comments to security/security.c") Fixes: 1661372c912d ("lsm: move the program execution hook comments to security/security.c") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Paul Moore <paul@paul-moore.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: linux-security-module@vger.kernel.org Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org Cc: KP Singh <kpsingh@kernel.org> Cc: bpf@vger.kernel.org Signed-off-by: Paul Moore <paul@paul-moore.com> 2023-01-13T19:40:35Z Mickaël Salaün mic@digikod.net 2022-12-09T19:38:13Z urn:sha1:3e52e5b077f6c3e26801d87335aac35411744108 Starting with LANDLOCK_ACCESS_FS_TRUNCATE, it is worth explaining why we choose to restrict access checks at open time. This new "File descriptor access rights" section is complementary to the existing "Inode access rights" section. Add a new guiding principle related to this section. Reviewed-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221209193813.972012-1-mic@digikod.net [mic: Include the latest Günther's suggestion, and fix spelling] Signed-off-by: Mickaël Salaün <mic@digikod.net> 2022-10-19T17:01:23Z Nikolaus Voss nikolaus.voss@haag-streit.com 2022-10-19T16:38:20Z urn:sha1:5adedd42245af0860ebda8fe0949f24f5204c1b1 Commit cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") added key instantiation with user provided decrypted data. The user data is hex-ascii-encoded but was just memcpy'ed to the binary buffer. Fix this to use hex2bin instead. Old keys created from user provided decrypted data saved with "keyctl pipe" are still valid, however if the key is recreated from decrypted data the old key must be converted to the correct format. This can be done with a small shell script, e.g.: BROKENKEY=abcdefABCDEF1234567890aaaaaaaaaa NEWKEY=$(echo -ne $BROKENKEY | xxd -p -c32) keyctl add user masterkey "$(cat masterkey.bin)" @u keyctl add encrypted testkey "new user:masterkey 32 $NEWKEY" @u However, NEWKEY is still broken: If for BROKENKEY 32 bytes were specified, a brute force attacker knowing the key properties would only need to try at most 2^(16*8) keys, as if the key was only 16 bytes long. The security issue is a result of the combination of limiting the input range to hex-ascii and using memcpy() instead of hex2bin(). It could have been fixed either by allowing binary input or using hex2bin() (and doubling the ascii input key length). This patch implements the latter. The corresponding test for the Linux Test Project ltp has also been fixed (see link below). Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided decrypted data") Cc: stable@kernel.org Link: https://lore.kernel.org/ltp/20221006081709.92303897@mail.steuer-voss.de/ Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2022-09-29T16:43:04Z Mickaël Salaün mic@digikod.net 2022-09-23T15:42:07Z urn:sha1:2fff00c81d4c37a037cf704d2d219fbcb45aea3c It seems that all code should use double backquotes, which is also used to convert "%" defines. Let's use an homogeneous style and remove all use of simple backquotes (which should only be used for emphasis). Cc: Günther Noack <gnoack3000@gmail.com> Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20220923154207.3311629-4-mic@digikod.net 2022-09-29T16:43:03Z Mickaël Salaün mic@digikod.net 2022-09-23T15:42:06Z urn:sha1:16023b05f0832f5bc14e6e0d1e7be4d00e01e1bb Now that we have more than one ABI version, make limitation explanation more consistent by replacing "ABI 1" with "ABI < 2". This also indicates which ABIs support such past limitation. Improve documentation consistency by not using contractions. Fix spelling in fs.c . Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Reviewed-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20220923154207.3311629-3-mic@digikod.net 2022-07-13T20:01:22Z Dov Murik dovmurik@linux.ibm.com 2022-07-12T10:44:55Z urn:sha1:12fe434314c8572c8043c6eee6799d2ccac99f26 The siphash documentation misspelled "offsetendof" instead of "offsetofend". Fixes: 2c956a60778cbb ("siphash: add cryptographically secure PRF") Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Link: https://lore.kernel.org/r/20220712104455.1408150-1-dovmurik@linux.ibm.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2022-07-07T19:09:59Z Mauro Carvalho Chehab mchehab@kernel.org 2022-06-26T09:10:58Z urn:sha1:7ac3945d8e22cfa4f32ec5b7f81a68d2afe4e38e Changeset daec8d408308 ("Documentation: KVM: add separate directories for architecture-specific documentation") renamed: Documentation/virt/kvm/amd-memory-encryption.rst to: Documentation/virt/kvm/x86/amd-memory-encryption.rst. Update the cross-references accordingly. Fixes: daec8d408308 ("Documentation: KVM: add separate directories for architecture-specific documentation") Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org> Link: https://lore.kernel.org/r/fd80db889e34aae87a4ca88cad94f650723668f4.1656234456.git.mchehab@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>