Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.19.103 2017-04-06T22:58:35+00:00 2017-04-06T22:58:35+00:00 Nicolas Iooss nicolas.iooss_linux@m4x.org 2017-04-06T13:55:21+00:00 urn:sha1:9814448da7a84dd50b69e4ada2d7d1c042493daf When building the kernel with clang, the compiler fails to build security/apparmor/crypto.c with the following error: security/apparmor/crypto.c:36:8: error: fields must have a constant size: 'variable length array in structure' extension will never be supported char ctx[crypto_shash_descsize(apparmor_tfm)]; ^ Since commit a0a77af14117 ("crypto: LLVMLinux: Add macro to remove use of VLAIS in crypto code"), include/crypto/hash.h defines SHASH_DESC_ON_STACK to work around this issue. Use it in aa_calc_hash() and aa_calc_profile_hash(). Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2017-01-16T09:18:42+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:42:55+00:00 urn:sha1:5ac8c355ae0013d82b3a07b49aebeadfce9b6e52 Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-27T07:39:26+00:00 Arnd Bergmann arnd@arndb.de 2016-07-25T17:59:07+00:00 urn:sha1:7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 The newly added Kconfig option could never work and just causes a build error when disabled: security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT; The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant. Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2013-09-29T23:53:59+00:00 Tyler Hicks tyhicks@canonical.com 2013-09-29T15:39:21+00:00 urn:sha1:71ac7f6255c560716c20da8ee2c964bbd96e941f Use the shash interface, rather than the hash interface, when hashing AppArmor profiles. The shash interface does not use scatterlists and it is a better fit for what AppArmor needs. This fixes a kernel paging BUG when aa_calc_profile_hash() is passed a buffer from vmalloc(). The hash interface requires callers to handle vmalloc() buffers differently than what AppArmor was doing. Due to vmalloc() memory not being physically contiguous, each individual page behind the buffer must be assigned to a scatterlist with sg_set_page() and then the scatterlist passed to crypto_hash_update(). The shash interface does not have that limitation and allows vmalloc() and kmalloc() buffers to be handled in the same manner. BugLink: https://launchpad.net/bugs/1216294/ BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=62261 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2013-08-14T18:42:08+00:00 John Johansen john.johansen@canonical.com 2013-08-14T18:27:36+00:00 urn:sha1:f8eb8a1324e81927b2c64823b2fc38386efd3fef Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>