Intel OpenBMC Linux kernel source tree (mirror) https://git.radix-linux.su/BMC/Intel-BMC/linux.git/atom?h=dev-5.15-intel 2022-04-08T12:23:06+00:00 2022-04-08T12:23:06+00:00 Randy Dunlap rdunlap@infradead.org 2022-02-22T21:45:18+00:00 urn:sha1:0c366ade8606ba2483493104627fc445d985bc81 [ Upstream commit f2544f5e6c691679d56bb38637d2f347075b36fa ] __setup() handlers should return 1 if the parameter is handled. Returning 0 causes the entire string to be added to init's environment strings (limited to 32 strings), unnecessarily polluting it. Using the documented string "evm=fix" causes an Unknown parameter message: Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc5 evm=fix", will be passed to user space. and that string is added to init's environment string space: Run /sbin/init as init process with arguments: /sbin/init with environment: HOME=/ TERM=linux BOOT_IMAGE=/boot/bzImage-517rc5 evm=fix With this change, using "evm=fix" acts as expected and an invalid option ("evm=evm") causes a warning to be printed: evm: invalid "evm" mode but init's environment is not polluted with this string, as expected. Fixes: 7102ebcd65c1 ("evm: permit only valid security.evm xattrs to be updated") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru> Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-02-16T11:56:04+00:00 Stefan Berger stefanb@linux.ibm.com 2022-02-01T20:37:10+00:00 urn:sha1:cf4570ca8ed624841f8dc2be8c4939c9f61239d3 commit 89677197ae709eb1ab3646952c44f6a171c9e74c upstream. Before printing a policy rule scan for inactive LSM labels in the policy rule. Inactive LSM labels are identified by args_p != NULL and rule == NULL. Fixes: 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes") Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Cc: <stable@vger.kernel.org> # v5.6+ Acked-by: Christian Brauner <brauner@kernel.org> [zohar@linux.ibm.com: Updated "Fixes" tag] Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-02-16T11:56:04+00:00 Roberto Sassu roberto.sassu@huawei.com 2022-01-31T17:11:39+00:00 urn:sha1:5389ea64af1ea4069f25c564556b37d470976e31 commit bb8e52e4906f148c2faf6656b5106cf7233e9301 upstream. Commit c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") introduced an additional check on the ima_template variable to avoid multiple template selection. Unfortunately, ima_template could be also set by the setup function of the ima_hash= parameter, when it calls ima_template_desc_current(). This causes attempts to choose a new template with ima_template= or with ima_template_fmt=, after ima_hash=, to be ignored. Achieve the goal of the commit mentioned with the new static variable template_setup_done, so that template selection requests after ima_hash= are not ignored. Finally, call ima_init_template_list(), if not already done, to initialize the list of templates before lookup_template_desc() is called. Reported-by: Guo Zihua <guozihua@huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Cc: stable@vger.kernel.org Fixes: c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-02-16T11:56:03+00:00 Stefan Berger stefanb@linux.ibm.com 2022-01-25T22:46:23+00:00 urn:sha1:20805cdf95af0c64e428ee4b7e2cefa27abbe375 commit f7333b9572d0559e00352a926c92f29f061b4569 upstream. The removal of ima_dir currently fails since ima_policy still exists, so remove the ima_policy file before removing the directory. Fixes: 4af4662fa4a9 ("integrity: IMA policy") Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Cc: <stable@vger.kernel.org> Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-02-16T11:56:03+00:00 Eric Biggers ebiggers@google.com 2022-01-13T19:44:38+00:00 urn:sha1:0838d6d68182f0b28a5434bc6d50727c4757e35b commit 926fd9f23b27ca6587492c3f58f4c7f4cd01dad5 upstream. Don't leak a reference to the key if its algorithm is unknown. Fixes: 947d70597236 ("ima: Support EC keys for signature verification") Cc: <stable@vger.kernel.org> # v5.13+ Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-02-16T11:56:03+00:00 Xiaoke Wang xkernel.wang@foxmail.com 2022-01-15T01:11:11+00:00 urn:sha1:739b7bb886b5ffa40a9492398aa04b01438e598b commit 83230351c523b04ff8a029a4bdf97d881ecb96fc upstream. audit_log_start() returns audit_buffer pointer on success or NULL on error, so it is better to check the return value of it. Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com> Cc: <stable@vger.kernel.org> Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-11-18T18:16:31+00:00 liqiong liqiong@nfschina.com 2021-10-09T10:38:21+00:00 urn:sha1:4bef6e617dbc92c665ccbaf7a6ad3f504def3253 [ Upstream commit eb0782bbdfd0d7c4786216659277c3fd585afc0e ] The current IMA ruleset is identified by the variable "ima_rules" that default to "&ima_default_rules". When loading a custom policy for the first time, the variable is updated to "&ima_policy_rules" instead. That update isn't RCU-safe, and deadlocks are possible. Indeed, some functions like ima_match_policy() may loop indefinitely when traversing "ima_default_rules" with list_for_each_entry_rcu(). When iterating over the default ruleset back to head, if the list head is "ima_default_rules", and "ima_rules" have been updated to "&ima_policy_rules", the loop condition (&entry->list != ima_rules) stays always true, traversing won't terminate, causing a soft lockup and RCU stalls. Introduce a temporary value for "ima_rules" when iterating over the ruleset to avoid the deadlocks. Signed-off-by: liqiong <liqiong@nfschina.com> Reviewed-by: THOBY Simon <Simon.THOBY@viveris.fr> Fixes: 38d859f991f3 ("IMA: policy can now be updated multiple times") Reported-by: kernel test robot <lkp@intel.com> (Fix sparse: incompatible types in comparison expression.) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2021-11-18T18:15:58+00:00 Austin Kim austin.kim@lge.com 2021-10-28T11:26:42+00:00 urn:sha1:11b37df34aa8230862c3ead753542f384a923450 commit 32ba540f3c2a7ef61ed5a577ce25069a3d714fc9 upstream. The evm_fixmode is only configurable by command-line option and it is never modified outside initcalls, so declaring it with __ro_after_init is better. Signed-off-by: Austin Kim <austin.kim@lge.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-09-02T19:51:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-09-02T19:51:41+00:00 urn:sha1:aef4892a63c248c31718d23941536b86829a49f0 Pull integrity subsystem updates from Mimi Zohar: - Limit the allowed hash algorithms when writing security.ima xattrs or verifying them, based on the IMA policy and the configured hash algorithms. - Return the calculated "critical data" measurement hash and size to avoid code duplication. (Preparatory change for a proposed LSM.) - and a single patch to address a compiler warning. * tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: IMA: reject unknown hash algorithms in ima_get_hash_algo IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms IMA: introduce a new policy option func=SETXATTR_CHECK IMA: add a policy option to restrict xattr hash algorithms on appraisal IMA: add support to restrict the hash algorithms used for file appraisal IMA: block writes of the security.ima xattr with unsupported algorithms IMA: remove the dependency on CRYPTO_MD5 ima: Add digest and digest_len params to the functions to measure a buffer ima: Return int in the functions to measure a buffer ima: Introduce ima_get_current_hash_algo() IMA: remove -Wmissing-prototypes warning 2021-08-31T21:55:09+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-08-31T21:55:09+00:00 urn:sha1:efa916af13206eb15916e102c45c99a13ea78f33 Pull device mapper updates from Mike Snitzer: - Add DM infrastructure for IMA-based remote attestion. These changes are the basis for deploying DM-based storage in a "cloud" that must validate configurations end-users run to maintain trust. These DM changes allow supported DM targets' configurations to be measured via IMA. But the policy and enforcement (of which configurations are valid) is managed by something outside the kernel (e.g. Keylime). - Fix DM crypt scalability regression on systems with many cpus due to percpu_counter spinlock contention in crypt_page_alloc(). - Use in_hardirq() instead of deprecated in_irq() in DM crypt. - Add event counters to DM writecache to allow users to further assess how the writecache is performing. - Various code cleanup in DM writecache's main IO mapping function. * tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm crypt: use in_hardirq() instead of deprecated in_irq() dm ima: update dm documentation for ima measurement support dm ima: update dm target attributes for ima measurements dm ima: add a warning in dm_init if duplicate ima events are not measured dm ima: prefix ima event name related to device mapper with dm_ dm ima: add version info to dm related events in ima log dm ima: prefix dm table hashes in ima log with hash algorithm dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() dm: add documentation for IMA measurement support dm: update target status functions to support IMA measurement dm ima: measure data on device rename dm ima: measure data on table clear dm ima: measure data on device remove dm ima: measure data on device resume dm ima: measure data on table load dm writecache: add event counters dm writecache: report invalid return from writecache_map helpers dm writecache: further writecache_map() cleanup dm writecache: factor out writecache_map_remap_origin() dm writecache: split up writecache_map() to improve code readability