Eric Lee / smarc-fsl-linux-kernel

19 Jul, 2019

1 commit

  • eec4844fa   proc/sysctl: add shared variables for range check ... Browse Code »

    In the sysctl code the proc_dointvec_minmax() function is often used to
    validate the user supplied value between an allowed range. This
    function uses the extra1 and extra2 members from struct ctl_table as
    minimum and maximum allowed value.

    On sysctl handler declaration, in every source file there are some
    readonly variables containing just an integer which address is assigned
    to the extra1 and extra2 members, so the sysctl range is enforced.

    The special values 0, 1 and INT_MAX are very often used as range
    boundary, leading duplication of variables like zero=0, one=1,
    int_max=INT_MAX in different source files:

    $ git grep -E '\.extra[12].*&(zero|one|int_max)' |wc -l
    248

    Add a const int array containing the most commonly used values, some
    macros to refer more easily to the correct array member, and use them
    instead of creating a local one for every object file.

    This is the bloat-o-meter output comparing the old and new binary
    compiled with the default Fedora config:

    # scripts/bloat-o-meter -d vmlinux.o.old vmlinux.o
    add/remove: 2/2 grow/shrink: 0/2 up/down: 24/-188 (-164)
    Data old new delta
    sysctl_vals - 12 +12
    __kstrtab_sysctl_vals - 12 +12
    max 14 10 -4
    int_max 16 - -16
    one 68 - -68
    zero 128 28 -100
    Total: Before=20583249, After=20583085, chg -0.00%

    [mcroce@redhat.com: tipc: remove two unused variables]
    Link: http://lkml.kernel.org/r/20190530091952.4108-1-mcroce@redhat.com
    [akpm@linux-foundation.org: fix net/ipv6/sysctl_net_ipv6.c]
    [arnd@arndb.de: proc/sysctl: make firmware loader table conditional]
    Link: http://lkml.kernel.org/r/20190617130014.1713870-1-arnd@arndb.de
    [akpm@linux-foundation.org: fix fs/eventpoll.c]
    Link: http://lkml.kernel.org/r/20190430180111.10688-1-mcroce@redhat.com
    Signed-off-by: Matteo Croce
    Signed-off-by: Arnd Bergmann
    Acked-by: Kees Cook
    Reviewed-by: Aaron Tomlin
    Cc: Matthew Wilcox
    Cc: Stephen Rothwell
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Matteo Croce
     

12 Jul, 2019

1 commit

05 Jun, 2019

1 commit

  • 9c92ab619   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 ... Browse Code »

    Based on 1 normalized pattern(s):

    this software is licensed under the terms of the gnu general public
    license version 2 as published by the free software foundation and
    may be copied distributed and modified under those terms this
    program is distributed in the hope that it will be useful but
    without any warranty without even the implied warranty of
    merchantability or fitness for a particular purpose see the gnu
    general public license for more details

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-only

    has been chosen to replace the boilerplate/reference in 285 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Alexios Zavras
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190529141900.642774971@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

01 Jun, 2019

1 commit

  • 0ff984806   security/loadpin: Allow to exclude specific file types ... Browse Code »

    Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to
    make sure loaded kernel module and kernel image are trusted. This
    patch adds a kernel command line option "loadpin.exclude" which
    allows to exclude specific file types from LoadPin. This is useful
    when people want to use different mechanisms to verify module and
    kernel image while still use LoadPin to protect the integrity of
    other files kernel loads.

    Signed-off-by: Ke Wu
    Reviewed-by: James Morris
    [kees: fix array size issue reported by Coverity via Colin Ian King]
    Signed-off-by: Kees Cook

    Ke Wu
     

21 May, 2019

1 commit

09 Jan, 2019

1 commit

19 Oct, 2018

2 commits

  • 13523bef1   LoadPin: Rename boot param "enabled" to "enforce" ... Browse Code »

    LoadPin's "enabled" setting is really about enforcement, not whether
    or not the LSM is using LSM hooks. Instead, split this out so that LSM
    enabling can be logically distinct from whether enforcement is happening
    (for example, the pinning happens when the LSM is enabled, but the pin
    is only checked when "enforce" is set). This allows LoadPin to continue
    to operate sanely in test environments once LSM enable/disable is
    centrally handled (i.e. we want LoadPin to be enabled separately from
    its enforcement).

    Signed-off-by: Kees Cook
    Reviewed-by: Casey Schaufler
    Reviewed-by: John Johansen

    Kees Cook
     
  • f4b626d6d   LoadPin: Report friendly block device name ... Browse Code »

    Instead of only reporting major/minor, include the actual block device
    name, at least as seen by the kernel.

    Signed-off-by: Kees Cook

    Kees Cook
     

17 Jul, 2018

1 commit

  • c77b8cdf7   module: replace the existing LSM hook in init_module ... Browse Code »

    Both the init_module and finit_module syscalls call either directly
    or indirectly the security_kernel_read_file LSM hook. This patch
    replaces the direct call in init_module with a call to the new
    security_kernel_load_data hook and makes the corresponding changes
    in SELinux, LoadPin, and IMA.

    Signed-off-by: Mimi Zohar
    Cc: Jeff Vander Stoep
    Cc: Casey Schaufler
    Cc: Kees Cook
    Acked-by: Jessica Yu
    Acked-by: Paul Moore
    Acked-by: Kees Cook
    Signed-off-by: James Morris

    Mimi Zohar
     

23 Feb, 2018

1 commit

06 Mar, 2017

1 commit

19 Jan, 2017

1 commit

  • d69dece5f   LSM: Add /sys/kernel/security/lsm ... Browse Code »

    I am still tired of having to find indirect ways to determine
    what security modules are active on a system. I have added
    /sys/kernel/security/lsm, which contains a comma separated
    list of the active security modules. No more groping around
    in /proc/filesystems or other clever hacks.

    Unchanged from previous versions except for being updated
    to the latest security next branch.

    Signed-off-by: Casey Schaufler
    Acked-by: John Johansen
    Acked-by: Paul Moore
    Acked-by: Kees Cook
    Signed-off-by: James Morris

    Casey Schaufler
     

17 May, 2016

1 commit

  • b937190c4   LSM: LoadPin: provide enablement CONFIG ... Browse Code »

    Instead of being enabled by default when SECURITY_LOADPIN is selected,
    provide an additional (default off) config to determine the boot time
    behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains
    available.

    Suggested-by: James Morris
    Signed-off-by: Kees Cook
    Signed-off-by: James Morris

    Kees Cook
     

21 Apr, 2016

1 commit

  • 9b091556a   LSM: LoadPin for kernel file loading restrictions ... Browse Code »

    This LSM enforces that kernel-loaded files (modules, firmware, etc)
    must all come from the same filesystem, with the expectation that
    such a filesystem is backed by a read-only device such as dm-verity
    or CDROM. This allows systems that have a verified and/or unchangeable
    filesystem to enforce module and firmware loading restrictions without
    needing to sign the files individually.

    Signed-off-by: Kees Cook
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Kees Cook