Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.20 2018-12-18T00:31:28Z 2018-12-18T00:31:28Z Mimi Zohar zohar@linux.ibm.com 2018-12-18T00:14:49Z urn:sha1:1a9430db2835c0c00acc87d915b573496998c1bf Start the policy_tokens and the associated enumeration from zero, simplifying the pt macro. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2018-12-18T00:21:48Z Linus Torvalds torvalds@linux-foundation.org 2018-12-17T19:39:57Z urn:sha1:94c13f66e13ca0f3d5b7b9e7e385fe5db35abe3c The code uses a bitmap to check for duplicate tokens during parsing, and that doesn't work at all for the negative Opt_err token case. There is absolutely no reason to make Opt_err be negative, and in fact it only confuses things, since some of the affected functions actually return a positive Opt_xyz enum _or_ a regular negative error code (eg -EINVAL), and using -1 for Opt_err makes no sense. There are similar problems in ima_policy.c and key encryption, but they don't have the immediate bug wrt bitmap handing, and ima_policy.c in particular needs a different patch to make the enum values match the token array index. Mimi is sending that separately. Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com Reported-by: Eric Biggers <ebiggers@kernel.org> Fixes: 5208cc83423d ("keys, trusted: fix: *do not* allow duplicate key options") Fixes: 00d60fd3b932 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]") Cc: James Morris James Morris <jmorris@namei.org> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2018-11-29T18:15:06Z Linus Torvalds torvalds@linux-foundation.org 2018-11-29T18:15:06Z urn:sha1:f92a2ebb3d5588720a33d4f22d55b4ba24f94da6 Pull SELinux fix from Paul Moore: "One more SELinux fix for v4.20: add some missing netlink message to SELinux permission mappings. The netlink messages were added in v4.19, but unfortunately we didn't catch it then because the mechanism to catch these things was bypassed. In addition to adding the mappings, we're adding some comments to the code to hopefully prevent bypasses in the future" * tag 'selinux-pr-20181129' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN 2018-11-29T16:32:02Z Paul Moore paul@paul-moore.com 2018-11-28T17:57:33Z urn:sha1:598e1a42e9626213565d3b22ea948ce78556512a Commit 32a4f5ecd738 ("net: sched: introduce chain object to uapi") added new RTM_* definitions without properly updating SELinux, this patch adds the necessary SELinux support. While there was a BUILD_BUG_ON() in the SELinux code to protect from exactly this case, it was bypassed in the broken commit. In order to hopefully prevent this from happening in the future, add additional comments which provide some instructions on how to resolve the BUILD_BUG_ON() failures. Fixes: 32a4f5ecd738 ("net: sched: introduce chain object to uapi") Cc: <stable@vger.kernel.org> # 4.19 Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-15T17:26:09Z Linus Torvalds torvalds@linux-foundation.org 2018-11-15T17:26:09Z urn:sha1:da5322e65940e4e8426613a8ff3d99a08b350a52 Pull SELinux fixes from Paul Moore: "Two small SELinux fixes for v4.20. Ondrej's patch adds a check on user input, and my patch ensures we don't look past the end of a buffer. Both patches are quite small and pass the selinux-testsuite" * tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix non-MLS handling in mls_context_to_sid() selinux: check length properly in SCTP bind hook 2018-11-14T02:44:33Z Paul Moore paul@paul-moore.com 2018-11-14T02:44:33Z urn:sha1:877181a8d9dc663f7a73f77f50af714d7888ec3b Commit 95ffe194204a ("selinux: refactor mls_context_to_sid() and make it stricter") inadvertently changed how we handle labels that did not contain MLS information. This patch restores the proper behavior in mls_context_to_sid() and adds a comment explaining the proper behavior to help ensure this doesn't happen again. Fixes: 95ffe194204a ("selinux: refactor mls_context_to_sid() and make it stricter") Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-13T21:09:56Z Mimi Zohar zohar@linux.ibm.com 2018-11-09T05:53:40Z urn:sha1:fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca On systems with IMA-appraisal enabled with a policy requiring file signatures, the "good" signature values are stored on the filesystem as extended attributes (security.ima). Signature verification failure would normally be limited to just a particular file (eg. executable), but during boot signature verification failure could result in a system hang. Defining and requiring a new public_key_signature field requires all callers of asymmetric signature verification to be updated to reflect the change. This patch updates the integrity asymmetric_verify() caller. Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Cc: David Howells <dhowells@redhat.com> Acked-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-11-13T16:39:09Z Ondrej Mosnacek omosnace@redhat.com 2018-11-13T15:16:08Z urn:sha1:c138325fb8713472d5a0c3c7258b9131bab40725 selinux_sctp_bind_connect() must verify if the address buffer has sufficient length before accessing the 'sa_family' field. See __sctp_connect() for a similar check. The length of the whole address ('len') is already checked in the callees. Reported-by: Qian Cai <cai@gmx.us> Fixes: d452930fd3b9 ("selinux: Add SCTP support") Cc: <stable@vger.kernel.org> # 4.17+ Cc: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Tested-by: Qian Cai <cai@gmx.us> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-02T17:04:26Z Linus Torvalds torvalds@linux-foundation.org 2018-11-02T17:04:26Z urn:sha1:d81f50bd34646d8373b989e55180c0fc9af94e0b Pull apparmor updates from John Johansen: "Features/Improvements: - replace spin_is_locked() with lockdep - add base support for secmark labeling and matching Cleanups: - clean an indentation issue, remove extraneous space - remove no-op permission check in policy_unpack - fix checkpatch missing spaces error in Parse secmark policy - fix network performance issue in aa_label_sk_perm Bug fixes: - add #ifdef checks for secmark filtering - fix an error code in __aa_create_ns() - don't try to replace stale label in ptrace checks - fix failure to audit context info in build_change_hat - check buffer bounds when mapping permissions mask - fully initialize aa_perms struct when answering userspace query - fix uninitialized value in aa_split_fqname" * tag 'apparmor-pr-2018-11-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: clean an indentation issue, remove extraneous space apparmor: fix checkpatch error in Parse secmark policy apparmor: add #ifdef checks for secmark filtering apparmor: Fix uninitialized value in aa_split_fqname apparmor: don't try to replace stale label in ptraceme check apparmor: Replace spin_is_locked() with lockdep apparmor: Allow filtering based on secmark policy apparmor: Parse secmark policy apparmor: Add a wildcard secid apparmor: don't try to replace stale label in ptrace access check apparmor: Fix network performance issue in aa_label_sk_perm 2018-11-02T05:34:25Z Colin Ian King colin.king@canonical.com 2018-10-30T14:11:31Z urn:sha1:566f52ece7bd1099d20dfe2f6f0801896643cf8f Trivial fix to clean up an indentation issue, remove space Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>