Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.9 2016-10-08T00:10:44Z 2016-10-08T00:10:44Z Andreas Gruenbacher agruenba@redhat.com 2016-09-29T15:48:42Z urn:sha1:5d6c31910bc0713e37628dc0ce677dcb13c8ccf4 Right now, various places in the kernel check for the existence of getxattr, setxattr, and removexattr inode operations and directly call those operations. Switch to helper functions and test for the IOP_XATTR flag instead. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-07-05T20:13:10Z Seth Forshee seth.forshee@canonical.com 2015-02-05T16:44:50Z urn:sha1:0b3c9761d1e405514a551ed24d3ea89aea26ce14 The EVM HMAC should be calculated using the on disk user and group ids, so the k[ug]ids in the inode must be translated relative to the s_user_ns of the inode's super block. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2016-04-11T04:48:00Z Al Viro viro@zeniv.linux.org.uk 2016-04-11T04:48:00Z urn:sha1:ce23e640133484eebc20ca7b7668388213e11327 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-04-10T21:11:51Z Al Viro viro@zeniv.linux.org.uk 2016-04-10T05:33:30Z urn:sha1:fc64005c93090c052637f63578d810b037abb1a1 ... and neither can ever be NULL Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-02-12T07:36:47Z Ryan Ware ware@linux.intel.com 2016-02-11T23:58:44Z urn:sha1:613317bd212c585c20796c10afe5daaa95d4b0a1 This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: Xiaofei Rex Guo <xiaofei.rex.guo@intel.com> Signed-off-by: Ryan Ware <ware@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2015-12-15T14:57:21Z Arnd Bergmann arnd@arndb.de 2015-11-27T13:52:33Z urn:sha1:05d3884b1ee66d83ad70ffa658c7b363797e2b0c The newly added EVM_LOAD_X509 code can be configured even if CONFIG_EVM is disabled, but that causes a link error: security/built-in.o: In function `integrity_load_keys': digsig_asymmetric.c:(.init.text+0x400): undefined reference to `evm_load_x509' This adds a Kconfig dependency to ensure it is only enabled when CONFIG_EVM is set as well. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 2ce523eb8976 ("evm: load x509 certificate from the kernel") Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T14:56:57Z Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:42Z urn:sha1:523b74b16bcbba34c662da5df7fa111ae4c1d0e6 The EVM verification status is cached in iint->evm_status and if it was successful, never re-verified again when IMA passes the 'iint' to evm_verifyxattr(). When file attributes or extended attributes change, we may wish to re-verify EVM integrity as well. For example, after setting a digital signature we may need to re-verify the signature and update the iint->flags that there is an EVM signature. This patch enables that by resetting evm_status to INTEGRITY_UKNOWN state. Changes in v2: * Flag setting moved to EVM layer Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T13:53:36Z Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:32Z urn:sha1:7626676320f398980a6bb4490fd58e924c888f6a A crypto HW kernel module can possibly initialize the EVM key from the kernel __init code to enable EVM before calling the 'init' process. This patch provides a function evm_set_key() to set the EVM key directly without using the KEY subsystem. Changes in v4: * kernel-doc style for evm_set_key Changes in v3: * error reporting moved to evm_set_key * EVM_INIT_HMAC moved to evm_set_key * added bitop to prevent key setting race Changes in v2: * use size_t for key size instead of signed int * provide EVM_MAX_KEY_SIZE macro in <linux/evm.h> * provide EVM_MIN_KEY_SIZE macro in <linux/evm.h> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T13:50:48Z Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:26Z urn:sha1:26ddabfe96bb7468763c9c92791404d991b16250 In order to enable EVM before starting the 'init' process, evm_initialized needs to be non-zero. Previously non-zero indicated that the HMAC key was loaded. When EVM loads the X509 before calling 'init', with this patch it is now possible to enable EVM to start signature based verification. This patch defines bits to enable EVM if a key of any type is loaded. Changes in v3: * print error message if key is not set Changes in v2: * EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC * EVM_STATE_X509_SET replaced by EVM_INIT_X509 Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T13:31:19Z Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:21Z urn:sha1:2ce523eb8976a12de1a4fb6fe8ad0b09b5dafb31 This patch defines a configuration option and the evm_load_x509() hook to load an X509 certificate onto the EVM trusted kernel keyring. Changes in v4: * Patch description updated Changes in v3: * Removed EVM_X509_PATH definition. CONFIG_EVM_X509_PATH is used directly. Changes in v2: * default key patch changed to /etc/keys Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>