Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=v4.12-rc1 2017-03-02T07:42:40+00:00 2017-03-02T07:42:40+00:00 Ingo Molnar mingo@kernel.org 2017-02-05T15:03:58+00:00 urn:sha1:50d34394cee68dd12c5e01fff073d1167700bfce Update files that depend on the magic.h inclusion. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 2016-11-14T03:50:11+00:00 Seth Forshee seth.forshee@canonical.com 2016-08-01T13:19:10+00:00 urn:sha1:b4bfec7f4a86424b114f94f41c4e1841ec102df3 In general the handling of IMA/EVM xattrs is good, but I found a few locations where either the xattr size or the value of the type field in the xattr are not checked. Add a few simple checks to these locations to prevent malformed or malicious xattrs from causing problems. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-10-08T00:10:44+00:00 Andreas Gruenbacher agruenba@redhat.com 2016-09-29T15:48:42+00:00 urn:sha1:5d6c31910bc0713e37628dc0ce677dcb13c8ccf4 Right now, various places in the kernel check for the existence of getxattr, setxattr, and removexattr inode operations and directly call those operations. Switch to helper functions and test for the IOP_XATTR flag instead. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-04-11T04:48:00+00:00 Al Viro viro@zeniv.linux.org.uk 2016-04-11T04:48:00+00:00 urn:sha1:ce23e640133484eebc20ca7b7668388213e11327 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-04-10T21:11:51+00:00 Al Viro viro@zeniv.linux.org.uk 2016-04-10T05:33:30+00:00 urn:sha1:fc64005c93090c052637f63578d810b037abb1a1 ... and neither can ever be NULL Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-02-12T07:36:47+00:00 Ryan Ware ware@linux.intel.com 2016-02-11T23:58:44+00:00 urn:sha1:613317bd212c585c20796c10afe5daaa95d4b0a1 This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: Xiaofei Rex Guo <xiaofei.rex.guo@intel.com> Signed-off-by: Ryan Ware <ware@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2015-12-15T14:56:57+00:00 Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:42+00:00 urn:sha1:523b74b16bcbba34c662da5df7fa111ae4c1d0e6 The EVM verification status is cached in iint->evm_status and if it was successful, never re-verified again when IMA passes the 'iint' to evm_verifyxattr(). When file attributes or extended attributes change, we may wish to re-verify EVM integrity as well. For example, after setting a digital signature we may need to re-verify the signature and update the iint->flags that there is an EVM signature. This patch enables that by resetting evm_status to INTEGRITY_UKNOWN state. Changes in v2: * Flag setting moved to EVM layer Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T13:50:48+00:00 Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:26+00:00 urn:sha1:26ddabfe96bb7468763c9c92791404d991b16250 In order to enable EVM before starting the 'init' process, evm_initialized needs to be non-zero. Previously non-zero indicated that the HMAC key was loaded. When EVM loads the X509 before calling 'init', with this patch it is now possible to enable EVM to start signature based verification. This patch defines bits to enable EVM if a key of any type is loaded. Changes in v3: * print error message if key is not set Changes in v2: * EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC * EVM_STATE_X509_SET replaced by EVM_INIT_X509 Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15T13:31:19+00:00 Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:21+00:00 urn:sha1:2ce523eb8976a12de1a4fb6fe8ad0b09b5dafb31 This patch defines a configuration option and the evm_load_x509() hook to load an X509 certificate onto the EVM trusted kernel keyring. Changes in v4: * Patch description updated Changes in v3: * Removed EVM_X509_PATH definition. CONFIG_EVM_X509_PATH is used directly. Changes in v2: * default key patch changed to /etc/keys Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-11-23T19:30:02+00:00 Dmitry Kasatkin dmitry.kasatkin@huawei.com 2015-10-22T18:26:10+00:00 urn:sha1:f4dc37785e9b3373d0cb93125d5579fed2af3a43 Require all keys added to the EVM keyring be signed by an existing trusted key on the system trusted keyring. This patch also switches IMA to use integrity_init_keyring(). Changes in v3: * Added 'init_keyring' config based variable to skip initializing keyring instead of using __integrity_init_keyring() wrapper. * Added dependency back to CONFIG_IMA_TRUSTED_KEYRING Changes in v2: * Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option * Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config file compatibility. (Mimi Zohar) Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>