Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.8.16 2016-10-16T16:03:41+00:00 2016-10-16T16:03:41+00:00 Miklos Szeredi mszeredi@redhat.com 2016-09-16T10:44:20+00:00 urn:sha1:a8284cfff8f1115ec048c8127bbc34c224e33076 commit e71b9dff0634edb127f449e076e883ef24a8c76c upstream. Ima tries to call ->setxattr() on overlayfs dentry after having locked underlying inode, which results in a deadlock. Reported-by: Krisztian Litkey <kli@iki.fi> Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-06-30T05:14:22+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:07+00:00 urn:sha1:544e1cea03e6674e3c12a3b8e8cc507c3dbeaf0c Extend the PCR supplied as a parameter, instead of assuming that the measurement entry uses the default configured PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:22+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:06+00:00 urn:sha1:a422638d492a35316e3fd9bb31bfc9769b249bca IMA avoids re-measuring files by storing the current state as a flag in the integrity cache. It will then skip adding a new measurement log entry if the cache reports the file as already measured. If a policy measures an already measured file to a new PCR, the measurement will not be added to the list. This patch implements a new bitfield for specifying which PCR the file was measured into, rather than if it was measured. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:21+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:05+00:00 urn:sha1:67696f6d79923cdc0084b73b4bbe52e6749a43a4 Template entry duplicates are prevented from being added to the measurement list by checking a hash table that contains the template entry digests. However, the PCR value is not included in this comparison, so duplicate template entry digests with differing PCRs may be dropped. This patch redefines duplicate template entries as template entries with the same digest and same PCR values. Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:21+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:04+00:00 urn:sha1:5f6f027b50d8ed9f1ba4447aa5aed3a94b601fe8 IMA assumes that the same default Kconfig PCR is extended for each entry. This patch replaces the default configured PCR with the policy defined PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:21+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:03+00:00 urn:sha1:14b1da85bbe9a59c5e01123a06dea4c4758a6db9 The IMA measurement list entries include the Kconfig defined PCR value. This patch defines a new ima_template_entry field for including the PCR as specified in the policy rule. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:20+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:02+00:00 urn:sha1:725de7fabb9fe4ca388c780ad4644352f2f06ccc Different policy rules may extend different PCRs. This patch retrieves the specific PCR for the matched rule. Subsequent patches will include the rule specific PCR in the measurement list and extend the appropriate PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30T05:14:20+00:00 Eric Richter erichte@linux.vnet.ibm.com 2016-06-01T18:14:01+00:00 urn:sha1:0260643ce8047d2a58f76222d09f161149622465 This patch defines a new IMA measurement policy rule option "pcr=", which allows extending different PCRs on a per rule basis. For example, the system independent files could extend the default IMA Kconfig specified PCR, while the system dependent files could extend a different PCR. The following is an example of this usage with an SELinux policy; the rule would extend PCR 11 with system configuration files: measure func=FILE_CHECK mask=MAY_READ obj_type=system_conf_t pcr=11 Changelog v3: - FIELD_SIZEOF returns bytes, not bits. Fixed INVALID_PCR Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-05-21T00:58:30+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2016-05-21T00:00:57+00:00 urn:sha1:b8b572789cde5118b2cee49d426d48fcf5b30e47 Instead of open coded variant re-use extension that vsprintf.c provides us for ages. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2016-05-19T16:21:36+00:00 Linus Torvalds torvalds@linux-foundation.org 2016-05-19T16:21:36+00:00 urn:sha1:f4f27d0028aabce57e44c16c2fdefccd6310d2f3 Pull security subsystem updates from James Morris: "Highlights: - A new LSM, "LoadPin", from Kees Cook is added, which allows forcing of modules and firmware to be loaded from a specific device (this is from ChromeOS, where the device as a whole is verified cryptographically via dm-verity). This is disabled by default but can be configured to be enabled by default (don't do this if you don't know what you're doing). - Keys: allow authentication data to be stored in an asymmetric key. Lots of general fixes and updates. - SELinux: add restrictions for loading of kernel modules via finit_module(). Distinguish non-init user namespace capability checks. Apply execstack check on thread stacks" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits) LSM: LoadPin: provide enablement CONFIG Yama: use atomic allocations when reporting seccomp: Fix comment typo ima: add support for creating files using the mknodat syscall ima: fix ima_inode_post_setattr vfs: forbid write access when reading a file into memory fs: fix over-zealous use of "const" selinux: apply execstack check on thread stacks selinux: distinguish non-init user namespace capability checks LSM: LoadPin for kernel file loading restrictions fs: define a string representation of the kernel_read_file_id enumeration Yama: consolidate error reporting string_helpers: add kstrdup_quotable_file string_helpers: add kstrdup_quotable_cmdline string_helpers: add kstrdup_quotable selinux: check ss_initialized before revalidating an inode label selinux: delay inode label lookup as long as possible selinux: don't revalidate an inode's label when explicitly setting it selinux: Change bool variable name to index. KEYS: Add KEYCTL_DH_COMPUTE command ...