Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.20 2018-12-18T00:31:28Z 2018-12-18T00:31:28Z Mimi Zohar zohar@linux.ibm.com 2018-12-18T00:14:49Z urn:sha1:1a9430db2835c0c00acc87d915b573496998c1bf Start the policy_tokens and the associated enumeration from zero, simplifying the pt macro. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2018-11-13T21:09:56Z Mimi Zohar zohar@linux.ibm.com 2018-11-09T05:53:40Z urn:sha1:fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca On systems with IMA-appraisal enabled with a policy requiring file signatures, the "good" signature values are stored on the filesystem as extended attributes (security.ima). Signature verification failure would normally be limited to just a particular file (eg. executable), but during boot signature verification failure could result in a system hang. Defining and requiring a new public_key_signature field requires all callers of asymmetric signature verification to be updated to reflect the change. This patch updates the integrity asymmetric_verify() caller. Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Cc: David Howells <dhowells@redhat.com> Acked-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-25T20:22:23Z Linus Torvalds torvalds@linux-foundation.org 2018-10-25T20:22:23Z urn:sha1:57ce66d39f10fb01efabd72b14eb033deddb226b Pull integrity updates from James Morris: "From Mimi: This contains a couple of bug fixes, including one for a recent problem with calculating file hashes on overlayfs, and some code cleanup" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: MAINTAINERS: add Jarkko as maintainer for trusted keys ima: open a new file instance if no read permissions ima: fix showing large 'violations' or 'runtime_measurements_count' security/integrity: remove unnecessary 'init_keyring' variable security/integrity: constify some read-only data vfs: require i_size <= SIZE_MAX in kernel_read_file() 2018-10-11T03:40:22Z Kees Cook keescook@chromium.org 2018-10-11T00:18:24Z urn:sha1:07aed2f2af5a5892ced035dbcf3993f630825fc3 In preparation for making LSM selections outside of the LSMs, include the name of LSMs in struct lsm_info. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-11T03:40:21Z Kees Cook keescook@chromium.org 2018-10-11T00:18:23Z urn:sha1:3d6e5f6dcf6561e57b6466e43e14029fb196028d Instead of using argument-based initializers, switch to defining the contents of struct lsm_info on a per-LSM basis. This also drops the final use of the now inaccurate "initcall" naming. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-11T03:40:21Z Kees Cook keescook@chromium.org 2018-10-11T00:18:21Z urn:sha1:5b89c1bd4c7e5c5ca8c5374fde35ecee6e16496c In preparation for doing more interesting LSM init probing, this converts the existing initcall system into an explicit call into a function pointer from a section-collected struct lsm_info array. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <james.morris@microsoft.com> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-10T19:18:00Z Goldwyn Rodrigues rgoldwyn@suse.de 2018-10-09T15:12:33Z urn:sha1:a408e4a86b36bf98ad15b9ada531cf0e5118ac67 Open a new file instance as opposed to changing file->f_mode when the file is not readable. This is done to accomodate overlayfs stacked file operations change. The real struct file is hidden behind the overlays struct file. So, any file->f_mode manipulations are not reflected on the real struct file. Open the file again in read mode if original file cannot be read, read and calculate the hash. Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Cc: stable@vger.kernel.org (linux-4.19) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2018-10-10T16:56:16Z Eric Biggers ebiggers@google.com 2018-09-07T21:33:24Z urn:sha1:1e4c8dafbb6bf72fb5eca035b861e39c5896c2b7 The 12 character temporary buffer is not necessarily long enough to hold a 'long' value. Increase it. Signed-off-by: Eric Biggers <ebiggers@google.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2018-10-10T16:56:15Z Eric Biggers ebiggers@google.com 2018-10-04T00:15:44Z urn:sha1:2ab5daf867d1f7898327962d59d3039206294d3a The 'init_keyring' variable actually just gave the value of CONFIG_INTEGRITY_TRUSTED_KEYRING. We should check the config option directly instead. No change in behavior; this just simplifies the code. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2018-10-10T16:56:15Z Eric Biggers ebiggers@google.com 2018-09-07T20:22:23Z urn:sha1:b2724d5802a77b7fb47e84d9b88b80370eccbc64 Constify some static data that is never modified, so that it is placed in .rodata. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>