Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.141 2023-02-14T19:23:07+00:00 2023-02-14T19:23:07+00:00 Heinz Mauelshagen heinzm@redhat.com 2023-02-07T19:56:57+00:00 urn:sha1:9bfeac5d33d8500332d75e32abe32c0df4910add Signed-off-by: Heinz Mauelshagen <heinzm@redhat.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org> 2023-02-14T19:23:06+00:00 Heinz Mauelshagen heinzm@redhat.com 2023-01-25T20:00:44+00:00 urn:sha1:3bd940030752a33ff665eefdd74a1cdb74a4f9b0 'GPL-2.0-only' is used instead of 'GPL-2.0' because SPDX has deprecated its use. Suggested-by: John Wiele <jwiele@redhat.com> Signed-off-by: Heinz Mauelshagen <heinzm@redhat.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org> 2022-07-07T15:49:34+00:00 Mike Snitzer snitzer@kernel.org 2022-07-05T20:12:27+00:00 urn:sha1:564b5c5476cdb71b717340897b2b50f9c45df158 All callers of dm_table_get_target() are expected to do proper bounds checking on the index they pass. Move dm_table_get_target() to dm-core.h to make it extra clear that only DM core code should be using it. Switch it to be inlined while at it. Standardize all DM core callers to use the same for loop pattern and make associated variables as local as possible. Rename some variables (e.g. s/table/t/ and s/tgt/ti/) along the way. Signed-off-by: Mike Snitzer <snitzer@kernel.org> 2022-07-07T15:49:33+00:00 Mike Snitzer snitzer@kernel.org 2022-07-05T18:00:36+00:00 urn:sha1:2aec377a29250b942f14d3c16d49783da3e9df11 More efficient and readable to just access table->num_targets directly. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Mike Snitzer <snitzer@kernel.org> 2022-02-22T15:42:41+00:00 Thore Sommer public@thson.de 2022-01-25T14:05:47+00:00 urn:sha1:118f31b4964fa9fce65b0901ef598c734553cfc7 All entries measured by dm ima are prefixed by a version string (dm_version=N.N.N). When there is no data to measure, the entire buffer is overwritten with a string containing the version string again and the length of that string is added to the length of the version string. The new length is now wrong because it contains the version string twice. This caused entries like this: dm_version=4.45.0;name=test,uuid=test;table_clear=no_data; \ \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \ current_device_capacity=204808; Signed-off-by: Thore Sommer <public@thson.de> Signed-off-by: Mike Snitzer <snitzer@redhat.com> 2021-10-18T12:17:01+00:00 Christoph Hellwig hch@lst.de 2021-09-20T12:33:13+00:00 urn:sha1:e41d12f539f7c8bac9b0897031fee6cc9158a6be There is no need to pull blk-cgroup.h and thus blkdev.h in here, so break the include chain. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Link: https://lore.kernel.org/r/20210920123328.1399408-3-hch@lst.de Signed-off-by: Jens Axboe <axboe@kernel.dk> 2021-09-02T19:51:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-09-02T19:51:41+00:00 urn:sha1:aef4892a63c248c31718d23941536b86829a49f0 Pull integrity subsystem updates from Mimi Zohar: - Limit the allowed hash algorithms when writing security.ima xattrs or verifying them, based on the IMA policy and the configured hash algorithms. - Return the calculated "critical data" measurement hash and size to avoid code duplication. (Preparatory change for a proposed LSM.) - and a single patch to address a compiler warning. * tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: IMA: reject unknown hash algorithms in ima_get_hash_algo IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms IMA: introduce a new policy option func=SETXATTR_CHECK IMA: add a policy option to restrict xattr hash algorithms on appraisal IMA: add support to restrict the hash algorithms used for file appraisal IMA: block writes of the security.ima xattr with unsupported algorithms IMA: remove the dependency on CRYPTO_MD5 ima: Add digest and digest_len params to the functions to measure a buffer ima: Return int in the functions to measure a buffer ima: Introduce ima_get_current_hash_algo() IMA: remove -Wmissing-prototypes warning 2021-08-20T20:00:36+00:00 Tushar Sugandhi tusharsu@linux.microsoft.com 2021-08-13T21:37:58+00:00 urn:sha1:9c2adfa6ba134efaf0bdeb15f76f99e9bcffb903 The event names for the DM events recorded in the ima log do not contain any information to indicate the events are part of the DM devices/targets. Prefix the event names for DM events with "dm_" to indicate that they are part of device-mapper. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Suggested-by: Thore Sommer <public@thson.de> Signed-off-by: Mike Snitzer <snitzer@redhat.com> 2021-08-20T19:59:47+00:00 Tushar Sugandhi tusharsu@linux.microsoft.com 2021-08-13T21:37:57+00:00 urn:sha1:dc7b79cc2466805855f554e5f567ea9222b6e33a The DM events present in the ima log contain various attributes in the key=value format. The attributes' names/values may change in future, and new attributes may also get added. The attestation server needs some versioning to determine which attributes are supported and are expected in the ima log. Add version information to the DM events present in the ima log to help attestation servers to correctly process the attributes across different versions. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> 2021-08-20T19:59:43+00:00 Tushar Sugandhi tusharsu@linux.microsoft.com 2021-08-13T21:37:56+00:00 urn:sha1:8f509fd4a53ffaf07feeef6dd48cc6bd060ca4f3 The active/inactive table hashes measured in the ima log do not contain the information about hash algorithm. This information is useful for the attestation servers to recreate the hashes and compare them with the ones present in the ima log to verify the table contents. Prefix the table hashes in various DM events in ima log with the hash algorithm used to compute those hashes. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>