Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-4.20.y 2019-02-12T19:02:14+00:00 2019-02-12T19:02:14+00:00 Zoran Markovic zmarkovic@sierrawireless.com 2018-10-17T23:25:44+00:00 urn:sha1:ea2e6a0975a4bd93dc43f26363c0905eac5304d3 [ Upstream commit 5b841bfab695e3b8ae793172a9ff7990f99cc3e2 ] Function smack_key_permission() only issues smack requests for the following operations: - KEY_NEED_READ (issues MAY_READ) - KEY_NEED_WRITE (issues MAY_WRITE) - KEY_NEED_LINK (issues MAY_WRITE) - KEY_NEED_SETATTR (issues MAY_WRITE) A blank smack request is issued in all other cases, resulting in smack access being granted if there is any rule defined between subject and object, or denied with -EACCES otherwise. Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW. Fix the logic in the unlikely case when both MAY_READ and MAY_WRITE are needed. Validate access permission field for valid contents. Signed-off-by: Zoran Markovic <zmarkovic@sierrawireless.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2018-10-25T20:29:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-10-25T20:29:51+00:00 urn:sha1:e80bc229691a4f601a2476e07cbdf08a289a2ad6 Pull smack updates from James Morris: "From Casey: three patches for Smack for 4.20. Two clean up warnings and one is a rarely encountered ptrace capability check" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Mark expected switch fall-through Smack: ptrace capability use fixes Smack: remove set but not used variable 'root_inode' 2018-10-24T10:49:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-10-24T10:49:35+00:00 urn:sha1:638820d8da8ededd6dc609beaef02d5396599c03 Pull security subsystem updates from James Morris: "In this patchset, there are a couple of minor updates, as well as some reworking of the LSM initialization code from Kees Cook (these prepare the way for ordered stackable LSMs, but are a valuable cleanup on their own)" * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: LSM: Don't ignore initialization failures LSM: Provide init debugging infrastructure LSM: Record LSM name in struct lsm_info LSM: Convert security_initcall() into DEFINE_LSM() vmlinux.lds.h: Move LSM_TABLE into INIT_DATA LSM: Convert from initcall to struct lsm_info LSM: Remove initcall tracing LSM: Rename .security_initcall section to .lsm_info vmlinux.lds.h: Avoid copy/paste of security_init section LSM: Correctly announce start of LSM initialization security: fix LSM description location keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h seccomp: remove unnecessary unlikely() security: tomoyo: Fix obsolete function security/capabilities: remove check for -EINVAL 2018-10-11T03:40:22+00:00 Kees Cook keescook@chromium.org 2018-10-11T00:18:24+00:00 urn:sha1:07aed2f2af5a5892ced035dbcf3993f630825fc3 In preparation for making LSM selections outside of the LSMs, include the name of LSMs in struct lsm_info. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-11T03:40:21+00:00 Kees Cook keescook@chromium.org 2018-10-11T00:18:23+00:00 urn:sha1:3d6e5f6dcf6561e57b6466e43e14029fb196028d Instead of using argument-based initializers, switch to defining the contents of struct lsm_info on a per-LSM basis. This also drops the final use of the now inaccurate "initcall" naming. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-03T14:47:43+00:00 Eric W. Biederman ebiederm@xmission.com 2018-09-25T09:27:20+00:00 urn:sha1:ae7795bc6187a15ec51cf258abae656a625f9980 Linus recently observed that if we did not worry about the padding member in struct siginfo it is only about 48 bytes, and 48 bytes is much nicer than 128 bytes for allocating on the stack and copying around in the kernel. The obvious thing of only adding the padding when userspace is including siginfo.h won't work as there are sigframe definitions in the kernel that embed struct siginfo. So split siginfo in two; kernel_siginfo and siginfo. Keeping the traditional name for the userspace definition. While the version that is used internally to the kernel and ultimately will not be padded to 128 bytes is called kernel_siginfo. The definition of struct kernel_siginfo I have put in include/signal_types.h A set of buildtime checks has been added to verify the two structures have the same field offsets. To make it easy to verify the change kernel_siginfo retains the same size as siginfo. The reduction in size comes in a following change. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2018-09-18T23:28:54+00:00 Gustavo A. R. Silva gustavo@embeddedor.com 2018-08-01T22:38:54+00:00 urn:sha1:b1fed3edc82ae0d763d5c24769e4a0193da150c9 In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case, I replaced "No break" with a proper "Fall through" annotation, which is what GCC is expecting to find. Warning level 2 was used: -Wimplicit-fallthrough=2 Addresses-Coverity-ID: 115051 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2018-09-18T23:09:16+00:00 Casey Schaufler casey.schaufler@intel.com 2018-09-18T23:09:16+00:00 urn:sha1:dcb569cf6ac99ca899b8109c128b6ae52477a015 This fixes a pair of problems in the Smack ptrace checks related to checking capabilities. In both cases, as reported by Lukasz Pawelczyk, the raw capability calls are used rather than the Smack wrapper that check addition restrictions. In one case, as reported by Jann Horn, the wrong task is being checked for capabilities. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2018-09-18T16:07:12+00:00 YueHaibing yuehaibing@huawei.com 2018-09-13T13:18:11+00:00 urn:sha1:76c9805b28557d0b6d439359350061ed0a9395e3 Fixes gcc '-Wunused-but-set-variable' warning: security/smack/smackfs.c: In function 'smk_fill_super': security/smack/smackfs.c:2856:16: warning: variable 'root_inode' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2018-08-16T05:49:04+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-08-16T05:49:04+00:00 urn:sha1:04743f89bcad30a438ef4f38840caddd7978dbaa Pull smack updates from James Morris: "Minor fixes from Piotr Sawicki" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Inform peer that IPv6 traffic has been blocked Smack: Check UDP-Lite and DCCP protocols during IPv6 handling Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets