Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.18.17 2018-06-07T22:40:37+00:00 2018-06-07T22:40:37+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-06-07T22:40:37+00:00 urn:sha1:00d535a386c071a06e111fd846f6beda445126a5 Pull integrity updates from James Morris: "From Mimi: - add run time support for specifying additional security xattrs included in the security.evm HMAC/signature - some code clean up and bug fixes" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: unlock on error path in evm_read_xattrs() EVM: prevent array underflow in evm_write_xattrs() EVM: Fix null dereference on xattr when xattr fails to allocate EVM: fix memory leak of temporary buffer 'temp' IMA: use list_splice_tail_init_rcu() instead of its open coded variant ima: use match_string() helper ima: fix updating the ima_appraise flag ima: based on policy verify firmware signatures (pre-allocated buffer) ima: define a new policy condition based on the filesystem name EVM: Allow runtime modification of the set of verified xattrs EVM: turn evm_config_xattrnames into a list integrity: Add an integrity directory in securityfs ima: Remove unused variable ima_initialized ima: Unify logging ima: Reflect correct permissions for policy 2018-05-31T14:13:22+00:00 Petko Manolov petkan@nucleusys.com 2018-05-22T14:06:55+00:00 urn:sha1:53b626f9038ee357a2183a6994c11fd9dfb3f94d Use list_splice_tail_init_rcu() to extend the existing custom IMA policy with additional IMA policy rules. Signed-off-by: Petko Manolov <petko.manolov@konsulko.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:11:58+00:00 Yisheng Xie xieyisheng1@huawei.com 2018-05-21T11:58:02+00:00 urn:sha1:b4df86085af9d3f456bed8245cede7c4413dcf83 match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-22T17:16:42+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2018-04-12T04:15:22+00:00 urn:sha1:6f0911a666d1f99ff72e7848ddee36af7bbce050 As IMA policy rules are added, a mask of the type of rule (eg. kernel modules, firmware, IMA policy) is updated. Unlike custom IMA policy rules, which replace the original builtin policy rules and update the mask, the builtin "secure_boot" policy rules were loaded, but did not update the mask. This patch refactors the code to load custom policies, defining a new function named ima_appraise_flag(). The new function is called either when loading the builtin "secure_boot" or custom policies. Fixes: 503ceaef8e2e ("ima: define a set of appraisal rules requiring file signatures") Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-22T11:34:47+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2018-04-27T18:31:40+00:00 urn:sha1:fd90bc559bfba743ae8de87ff23b92a5e4668062 Don't differentiate, for now, between kernel_read_file_id READING_FIRMWARE and READING_FIRMWARE_PREALLOC_BUFFER enumerations. Fixes: a098ecd firmware: support loading into a pre-allocated buffer (since 4.8) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: Stephen Boyd <stephen.boyd@linaro.org> 2018-05-22T11:33:53+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2018-01-15T16:20:36+00:00 urn:sha1:f1b08bbcbdaf3160fa95ec95a760a49adf312b67 If/when file data signatures are distributed with the file data, this patch will not be needed. In the current environment where only some files are signed, the ability to differentiate between file systems is needed. Some file systems consider the file system magic number internal to the file system. This patch defines a new IMA policy condition named "fsname", based on the superblock's file_system_type (sb->s_type) name. This allows policy rules to be expressed in terms of the filesystem name. The following sample rules require file signatures on rootfs files executed or mmap'ed. appraise func=BPRM_CHECK fsname=rootfs appraise_type=imasig appraise func=FILE_MMAP fsname=rootfs appraise_type=imasig Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Dave Chinner <david@fromorbit.com> Cc: Theodore Ts'o <tytso@mit.edu> 2018-05-17T12:03:07+00:00 Matthew Garrett mjg59@google.com 2018-05-11T23:12:34+00:00 urn:sha1:0c343af8065be5ceb0c03a876af7c513e960e2ff We want to add additional evm control nodes, and it'd be preferable not to clutter up the securityfs root directory any further. Create a new integrity directory, move the ima directory into it, create an evm directory for the evm attribute and add compatibility symlinks. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-17T12:03:06+00:00 Petr Vorel pvorel@suse.cz 2018-05-10T15:15:48+00:00 urn:sha1:4ecd9934ba1c2edf95588a364d49ddfd85c61bd1 Commit a756024 ("ima: added ima_policy_flag variable") replaced ima_initialized with ima_policy_flag, but didn't remove ima_initialized. This patch removes it. Signed-off-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-17T11:49:12+00:00 Petr Vorel pvorel@suse.cz 2018-04-24T14:30:38+00:00 urn:sha1:de636769c8c7359dacccca61d6c187d864d1d3b8 Define pr_fmt everywhere. Signed-off-by: Petr Vorel <pvorel@suse.cz> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> (powerpc build error) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Changelog: Previous pr_fmt definition was too late and caused problems in powerpc allyesconfg build. 2018-05-17T11:47:17+00:00 Petr Vorel pvorel@suse.cz 2018-04-20T13:28:57+00:00 urn:sha1:ffb122de9a60bd789422fd9caa4d8363acf1e851 Kernel configured as CONFIG_IMA_READ_POLICY=y && CONFIG_IMA_WRITE_POLICY=n keeps 0600 mode after loading policy. Remove write permission to state that policy file no longer be written. Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>