14 May, 2019

1 commit

  • Pull networking fixes from David Miller:
    "Fixes all over:

    1) Netdev refcnt leak in nf_flow_table, from Taehee Yoo.

    2) Fix RCU usage in nf_tables, from Florian Westphal.

    3) Fix DSA build when NET_DSA_TAG_BRCM_PREPEND is not set, from Yue
    Haibing.

    4) Add missing page read/write ops to realtek driver, from Heiner
    Kallweit.

    5) Endianness fix in qrtr code, from Nicholas Mc Guire.

    6) Fix various bugs in DSA_SKB_* macros, from Vladimir Oltean.

    7) Several BPF documentation cures, from Quentin Monnet.

    8) Fix undefined behavior in narrow load handling of BPF verifier,
    from Krzesimir Nowak.

    9) DMA ops crash in SGI Seeq driver due to not set netdev parent
    device pointer, from Thomas Bogendoerfer.

    10) Flow dissector has to disable preemption when invoking BPF
    program, from Eric Dumazet"

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (48 commits)
    net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
    net: ethernet: ti: netcp_ethss: fix build
    flow_dissector: disable preemption around BPF calls
    bonding: fix arp_validate toggling in active-backup mode
    net: meson: fixup g12a glue ephy id
    net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init()
    net: seeq: fix crash caused by not set dev.parent
    of_net: Fix missing of_find_device_by_node ref count drop
    net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag
    bpf: fix undefined behavior in narrow load handling
    libbpf: detect supported kernel BTF features and sanitize BTF
    selftests: bpf: Add files generated after build to .gitignore
    tools: bpf: synchronise BPF UAPI header with tools
    bpf: fix minor issues in documentation for BPF helpers.
    bpf: fix recurring typo in documentation for BPF helpers
    bpf: fix script for generating man page on BPF helpers
    bpf: add various test cases for backward jumps
    net: dccp : proto: remove Unneeded variable "err"
    net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro
    net: dsa: Remove dangerous DSA_SKB_CLONE() macro
    ...

    Linus Torvalds
     

11 May, 2019

5 commits

  • Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
    testing.") enabled the learning mode, but syzkaller is detecting any
    "WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if
    built for fuzzing testing.

    Signed-off-by: Tetsuo Handa
    Cc: Dmitry Vyukov
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • Commit 5625f2e3266319fd ("TOMOYO: Change pathname for non-rename()able
    filesystems.") intended to be applied to filesystems where the content is
    not controllable from the userspace (e.g. proc, sysfs, securityfs), based
    on an assumption that such filesystems do not support rename() operation.

    But it turned out that read-only filesystems also do not support rename()
    operation despite the content is controllable from the userspace, and that
    commit is annoying TOMOYO users who want to use e.g. squashfs as the root
    filesystem due to use of local name which does not start with '/'.

    Therefore, based on an assumption that filesystems which require the
    device argument upon mount() request is an indication that the content
    is controllable from the userspace, do not use local name if a filesystem
    does not support rename() operation but requires the device argument upon
    mount() request.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • KMSAN will complain if valid address length passed to bind()/connect()/
    sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • syzbot is reporting kernel panic triggered by memory allocation fault
    injection before loading TOMOYO's policy [1]. To make the fuzzing tests
    useful, we need to assign a profile other than "disabled" (no-op) mode.
    Therefore, let's allow syzbot to load TOMOYO's built-in policy for
    "learning" mode using a kernel config option. This option must not be
    enabled for kernels built for production system, for this option also
    disables domain/program checks when modifying policy configuration via
    /sys/kernel/security/tomoyo/ interface.

    [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95

    Reported-by: syzbot
    Reported-by: syzbot
    Reported-by: syzbot
    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • This reverts commit c7e0d6cca86581092cbbf2cd868b3601495554cf.

    It was agreed a slightly different fix via the selinux tree.

    v1 -> v2:
    - use the correct reverted commit hash

    Signed-off-by: Paolo Abeni
    Signed-off-by: David S. Miller

    Paolo Abeni
     

10 May, 2019

2 commits

  • Pull networking fixes from David Miller:
    "Several bug fixes, many are quick merge-window regression cures:

    - When NLM_F_EXCL is not set, allow same fib rule insertion. From
    Hangbin Liu.

    - Several cures in sja1105 DSA driver (while loop exit condition fix,
    return of negative u8, etc.) from Vladimir Oltean.

    - Handle tx/rx delays in realtek PHY driver properly, from Serge
    Semin.

    - Double free in cls_matchall, from Pieter Jansen van Vuuren.

    - Disable SIOCSHWTSTAMP in macvlan/vlan containers, from Hangbin Liu.

    - Endainness fixes in aqc111, from Oliver Neukum.

    - Handle errors in packet_init properly, from Haibing Yue.

    - Various W=1 warning fixes in kTLS, from Jakub Kicinski"

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
    nfp: add missing kdoc
    net/tls: handle errors from padding_length()
    net/tls: remove set but not used variables
    docs/btf: fix the missing section marks
    nfp: bpf: fix static check error through tightening shift amount adjustment
    selftests: bpf: initialize bpf_object pointers where needed
    packet: Fix error path in packet_init
    net/tcp: use deferred jump label for TCP acked data hook
    net: aquantia: fix undefined devm_hwmon_device_register_with_info reference
    aqc111: fix double endianness swap on BE
    aqc111: fix writing to the phy on BE
    aqc111: fix endianness issue in aqc111_change_mtu
    vlan: disable SIOCSHWTSTAMP in container
    macvlan: disable SIOCSHWTSTAMP in container
    tipc: fix hanging clients using poll with EPOLLOUT flag
    tuntap: synchronize through tfiles array instead of tun->numqueues
    tuntap: fix dividing by zero in ebpf queue selection
    dwmac4_prog_mtl_tx_algorithms() missing write operation
    ptp_qoriq: fix NULL access if ptp dt node missing
    net/sched: avoid double free on matchall reoffload
    ...

    Linus Torvalds
     
  • Pull smack updates from James Morris:
    "Bug fixes for IPv6 handling and other issues and two memory use
    improvements."

    * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
    Smack: Fix kbuild reported build error
    smack: Check address length before reading address family
    Smack: Fix IPv6 handling of 0 secmark
    Smack: Create smack_rule cache to optimize memory usage
    smack: removal of global rule list

    Linus Torvalds
     

09 May, 2019

1 commit

  • calling connect(AF_UNSPEC) on an already connected TCP socket is an
    established way to disconnect() such socket. After commit 68741a8adab9
    ("selinux: Fix ltp test connect-syscall failure") it no longer works
    and, in the above scenario connect() fails with EAFNOSUPPORT.

    Fix the above falling back to the generic/old code when the address family
    is not AF_INET{4,6}, but leave the SCTP code path untouched, as it has
    specific constraints.

    Fixes: 68741a8adab9 ("selinux: Fix ltp test connect-syscall failure")
    Reported-by: Tom Deseyn
    Signed-off-by: Paolo Abeni
    Reviewed-by: Marcelo Ricardo Leitner
    Signed-off-by: David S. Miller

    Paolo Abeni
     

08 May, 2019

5 commits

  • Pull mount ABI updates from Al Viro:
    "The syscalls themselves, finally.

    That's not all there is to that stuff, but switching individual
    filesystems to new methods is fortunately independent from everything
    else, so e.g. NFS series can go through NFS tree, etc.

    As those conversions get done, we'll be finally able to get rid of a
    bunch of duplication in fs/super.c introduced in the beginning of the
    entire thing. I expect that to be finished in the next window..."

    * 'work.mount-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    vfs: Add a sample program for the new mount API
    vfs: syscall: Add fspick() to select a superblock for reconfiguration
    vfs: syscall: Add fsmount() to create a mount for a superblock
    vfs: syscall: Add fsconfig() for configuring and managing a context
    vfs: Implement logging through fs_context
    vfs: syscall: Add fsopen() to prepare for superblock creation
    Make anon_inodes unconditional
    teach move_mount(2) to work with OPEN_TREE_CLONE
    vfs: syscall: Add move_mount(2) to move mounts around
    vfs: syscall: Add open_tree(2) to reference or clone a mount

    Linus Torvalds
     
  • Pull audit updates from Paul Moore:
    "We've got a reasonably broad set of audit patches for the v5.2 merge
    window, the highlights are below:

    - The biggest change, and the source of all the arch/* changes, is
    the patchset from Dmitry to help enable some of the work he is
    doing around PTRACE_GET_SYSCALL_INFO.

    To be honest, including this in the audit tree is a bit of a
    stretch, but it does help move audit a little further along towards
    proper syscall auditing for all arches, and everyone else seemed to
    agree that audit was a "good" spot for this to land (or maybe they
    just didn't want to merge it? dunno.).

    - We can now audit time/NTP adjustments.

    - We continue the work to connect associated audit records into a
    single event"

    * tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: (21 commits)
    audit: fix a memory leak bug
    ntp: Audit NTP parameters adjustment
    timekeeping: Audit clock adjustments
    audit: purge unnecessary list_empty calls
    audit: link integrity evm_write_xattrs record to syscall event
    syscall_get_arch: add "struct task_struct *" argument
    unicore32: define syscall_get_arch()
    Move EM_UNICORE to uapi/linux/elf-em.h
    nios2: define syscall_get_arch()
    nds32: define syscall_get_arch()
    Move EM_NDS32 to uapi/linux/elf-em.h
    m68k: define syscall_get_arch()
    hexagon: define syscall_get_arch()
    Move EM_HEXAGON to uapi/linux/elf-em.h
    h8300: define syscall_get_arch()
    c6x: define syscall_get_arch()
    arc: define syscall_get_arch()
    Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
    audit: Make audit_log_cap and audit_copy_inode static
    audit: connect LOGIN record to its syscall record
    ...

    Linus Torvalds
     
  • Pull selinux updates from Paul Moore:
    "We've got a few SELinux patches for the v5.2 merge window, the
    highlights are below:

    - Add LSM hooks, and the SELinux implementation, for proper labeling
    of kernfs. While we are only including the SELinux implementation
    here, the rest of the LSM folks have given the hooks a thumbs-up.

    - Update the SELinux mdp (Make Dummy Policy) script to actually work
    on a modern system.

    - Disallow userspace to change the LSM credentials via
    /proc/self/attr when the task's credentials are already overridden.

    The change was made in procfs because all the LSM folks agreed this
    was the Right Thing To Do and duplicating it across each LSM was
    going to be annoying"

    * tag 'selinux-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
    proc: prevent changes to overridden credentials
    selinux: Check address length before reading address family
    kernfs: fix xattr name handling in LSM helpers
    MAINTAINERS: update SELinux file patterns
    selinux: avoid uninitialized variable warning
    selinux: remove useless assignments
    LSM: lsm_hooks.h - fix missing colon in docstring
    selinux: Make selinux_kernfs_init_security static
    kernfs: initialize security of newly created nodes
    selinux: implement the kernfs_init_security hook
    LSM: add new hook for kernfs node initialization
    kernfs: use simple_xattrs for security attributes
    selinux: try security xattr after genfs for kernfs filesystems
    kernfs: do not alloc iattrs in kernfs_xattr_get
    kernfs: clean up struct kernfs_iattrs
    scripts/selinux: fix build
    selinux: use kernel linux/socket.h for genheaders and mdp
    scripts/selinux: modernize mdp

    Linus Torvalds
     
  • Pull compiler-based variable initialization updates from Kees Cook:
    "This is effectively part of my gcc-plugins tree, but as this adds some
    Clang support, it felt weird to still call it "gcc-plugins". :)

    This consolidates Kconfig for the existing stack variable
    initialization (via structleak and stackleak gcc plugins) and adds
    Alexander Potapenko's support for Clang's new similar functionality.

    Summary:

    - Consolidate memory initialization Kconfigs (Kees)

    - Implement support for Clang's stack variable auto-init (Alexander)"

    * tag 'meminit-v5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
    security: Implement Clang's stack initialization
    security: Move stackleak config to Kconfig.hardening
    security: Create "kernel hardening" config area

    Linus Torvalds
     
  • Pull vfs inode freeing updates from Al Viro:
    "Introduction of separate method for RCU-delayed part of
    ->destroy_inode() (if any).

    Pretty much as posted, except that destroy_inode() stashes
    ->free_inode into the victim (anon-unioned with ->i_fops) before
    scheduling i_callback() and the last two patches (sockfs conversion
    and folding struct socket_wq into struct socket) are excluded - that
    pair should go through netdev once davem reopens his tree"

    * 'work.icache' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (58 commits)
    orangefs: make use of ->free_inode()
    shmem: make use of ->free_inode()
    hugetlb: make use of ->free_inode()
    overlayfs: make use of ->free_inode()
    jfs: switch to ->free_inode()
    fuse: switch to ->free_inode()
    ext4: make use of ->free_inode()
    ecryptfs: make use of ->free_inode()
    ceph: use ->free_inode()
    btrfs: use ->free_inode()
    afs: switch to use of ->free_inode()
    dax: make use of ->free_inode()
    ntfs: switch to ->free_inode()
    securityfs: switch to ->free_inode()
    apparmor: switch to ->free_inode()
    rpcpipe: switch to ->free_inode()
    bpf: switch to ->free_inode()
    mqueue: switch to ->free_inode()
    ufs: switch to ->free_inode()
    coda: switch to ->free_inode()
    ...

    Linus Torvalds
     

07 May, 2019

4 commits

  • Pull security subsystem updates from James Morris:
    "Just a few bugfixes and documentation updates"

    * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
    seccomp: fix up grammar in comment
    Revert "security: inode: fix a missing check for securityfs_create_file"
    Yama: mark function as static
    security: inode: fix a missing check for securityfs_create_file
    keys: safe concurrent user->{session,uid}_keyring access
    security: don't use RCU accessors for cred->session_keyring
    Yama: mark local symbols as static
    LSM: lsm_hooks.h: fix documentation format
    LSM: fix documentation for the shm_* hooks
    LSM: fix documentation for the sem_* hooks
    LSM: fix documentation for the msg_queue_* hooks
    LSM: fix documentation for the audit_* hooks
    LSM: fix documentation for the path_chmod hook
    LSM: fix documentation for the socket_getpeersec_dgram hook
    LSM: fix documentation for the task_setscheduler hook
    LSM: fix documentation for the socket_post_create hook
    LSM: fix documentation for the syslog hook
    LSM: fix documentation for sb_copy_data hook

    Linus Torvalds
     
  • Smack: Fix kbuild reported build error

    James Morris
     
  • Pull crypto update from Herbert Xu:
    "API:
    - Add support for AEAD in simd
    - Add fuzz testing to testmgr
    - Add panic_on_fail module parameter to testmgr
    - Use per-CPU struct instead multiple variables in scompress
    - Change verify API for akcipher

    Algorithms:
    - Convert x86 AEAD algorithms over to simd
    - Forbid 2-key 3DES in FIPS mode
    - Add EC-RDSA (GOST 34.10) algorithm

    Drivers:
    - Set output IV with ctr-aes in crypto4xx
    - Set output IV in rockchip
    - Fix potential length overflow with hashing in sun4i-ss
    - Fix computation error with ctr in vmx
    - Add SM4 protected keys support in ccree
    - Remove long-broken mxc-scc driver
    - Add rfc4106(gcm(aes)) cipher support in cavium/nitrox"

    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (179 commits)
    crypto: ccree - use a proper le32 type for le32 val
    crypto: ccree - remove set but not used variable 'du_size'
    crypto: ccree - Make cc_sec_disable static
    crypto: ccree - fix spelling mistake "protedcted" -> "protected"
    crypto: caam/qi2 - generate hash keys in-place
    crypto: caam/qi2 - fix DMA mapping of stack memory
    crypto: caam/qi2 - fix zero-length buffer DMA mapping
    crypto: stm32/cryp - update to return iv_out
    crypto: stm32/cryp - remove request mutex protection
    crypto: stm32/cryp - add weak key check for DES
    crypto: atmel - remove set but not used variable 'alg_name'
    crypto: picoxcell - Use dev_get_drvdata()
    crypto: crypto4xx - get rid of redundant using_sd variable
    crypto: crypto4xx - use sync skcipher for fallback
    crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
    crypto: crypto4xx - fix ctr-aes missing output IV
    crypto: ecrdsa - select ASN1 and OID_REGISTRY for EC-RDSA
    crypto: ux500 - use ccflags-y instead of CFLAGS_.o
    crypto: ccree - handle tee fips error during power management resume
    crypto: ccree - add function to handle cryptocell tee fips error
    ...

    Linus Torvalds
     
  • Pull s390 updates from Martin Schwidefsky:

    - Support for kernel address space layout randomization

    - Add support for kernel image signature verification

    - Convert s390 to the generic get_user_pages_fast code

    - Convert s390 to the stack unwind API analog to x86

    - Add support for CPU directed interrupts for PCI devices

    - Provide support for MIO instructions to the PCI base layer, this will
    allow the use of direct PCI mappings in user space code

    - Add the basic KVM guest ultravisor interface for protected VMs

    - Add AT_HWCAP bits for several new hardware capabilities

    - Update the CPU measurement facility counter definitions to SVN 6

    - Arnds cleanup patches for his quest to get LLVM compiles working

    - A vfio-ccw update with bug fixes and support for halt and clear

    - Improvements for the hardware TRNG code

    - Another round of cleanup for the QDIO layer

    - Numerous cleanups and bug fixes

    * tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (98 commits)
    s390/vdso: drop unnecessary cc-ldoption
    s390: fix clang -Wpointer-sign warnigns in boot code
    s390: drop CONFIG_VIRT_TO_BUS
    s390: boot, purgatory: pass $(CLANG_FLAGS) where needed
    s390: only build for new CPUs with clang
    s390: simplify disabled_wait
    s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR
    s390/unwind: introduce stack unwind API
    s390/opcodes: add missing instructions to the disassembler
    s390/bug: add entry size to the __bug_table section
    s390: use proper expoline sections for .dma code
    s390/nospec: rename assembler generated expoline thunks
    s390: add missing ENDPROC statements to assembler functions
    locking/lockdep: check for freed initmem in static_obj()
    s390/kernel: add support for kernel address space layout randomization (KASLR)
    s390/kernel: introduce .dma sections
    s390/sclp: do not use static sccbs
    s390/kprobes: use static buffer for insn_page
    s390/kernel: convert SYSCALL and PGM_CHECK handlers to .quad
    s390/kernel: build a relocatable kernel
    ...

    Linus Torvalds
     

06 May, 2019

1 commit

  • Pull vfs fixes from Al Viro:

    - a couple of ->i_link use-after-free fixes

    - regression fix for wrong errno on absent device name in mount(2)
    (this cycle stuff)

    - ancient UFS braino in large GID handling on Solaris UFS images (bogus
    cut'n'paste from large UID handling; wrong field checked to decide
    whether we should look at old (16bit) or new (32bit) field)

    * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    Abort file_remove_privs() for non-reg. files
    [fix] get rid of checking for absent device name in vfs_get_tree()
    apparmorfs: fix use-after-free on symlink traversal
    securityfs: fix use-after-free on symlink traversal

    Linus Torvalds
     

02 May, 2019

2 commits


01 May, 2019

2 commits


30 Apr, 2019

2 commits

  • Pull selinux fix from Paul Moore:
    "One small patch for the stable folks to fix a problem when building
    against the latest glibc.

    I'll be honest and say that I'm not really thrilled with the idea of
    sending this up right now, but Greg is a little annoyed so here I
    figured I would at least send this"

    * tag 'selinux-pr-20190429' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
    selinux: use kernel linux/socket.h for genheaders and mdp

    Linus Torvalds
     
  • KMSAN will complain if valid address length passed to bind()/connect()/
    sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.

    Also, since smk_ipv6_port_label()/smack_netlabel_send()/
    smack_ipv6host_label()/smk_ipv6_check()/smk_ipv6_port_check() are not
    checking valid address length and/or address family, make sure we check
    both. The minimal valid length in smack_socket_connect() is changed from
    sizeof(struct sockaddr_in6) bytes to SIN6_LEN_RFC2133 bytes, for it seems
    that Smack is not using "struct sockaddr_in6"->sin6_scope_id field.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: Casey Schaufler

    Tetsuo Handa
     

29 Apr, 2019

1 commit

  • When compiling genheaders and mdp from a newer host kernel, the
    following error happens:

    In file included from scripts/selinux/genheaders/genheaders.c:18:
    ./security/selinux/include/classmap.h:238:2: error: #error New
    address family defined, please update secclass_map. #error New
    address family defined, please update secclass_map. ^~~~~
    make[3]: *** [scripts/Makefile.host:107:
    scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
    [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
    make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
    make[1]: *** Waiting for unfinished jobs....

    Instead of relying on the host definition, include linux/socket.h in
    classmap.h to have PF_MAX.

    Cc: stable@vger.kernel.org
    Signed-off-by: Paulo Alcantara
    Acked-by: Stephen Smalley
    [PM: manually merge in mdp.c, subject line tweaks]
    Signed-off-by: Paul Moore

    Paulo Alcantara
     

26 Apr, 2019

1 commit

  • Read the IPL Report block provided by secure-boot, add the entries
    of the certificate list to the system key ring and print the list
    of components.

    PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list
    for later use in kexec_file.

    Signed-off-by: Martin Schwidefsky
    Signed-off-by: Philipp Rudo
    Signed-off-by: Martin Schwidefsky

    Martin Schwidefsky
     

25 Apr, 2019

4 commits

  • The flags field in 'struct shash_desc' never actually does anything.
    The only ostensibly supported flag is CRYPTO_TFM_REQ_MAY_SLEEP.
    However, no shash algorithm ever sleeps, making this flag a no-op.

    With this being the case, inevitably some users who can't sleep wrongly
    pass MAY_SLEEP. These would all need to be fixed if any shash algorithm
    actually started sleeping. For example, the shash_ahash_*() functions,
    which wrap a shash algorithm with the ahash API, pass through MAY_SLEEP
    from the ahash API to the shash API. However, the shash functions are
    called under kmap_atomic(), so actually they're assumed to never sleep.

    Even if it turns out that some users do need preemption points while
    hashing large buffers, we could easily provide a helper function
    crypto_shash_update_large() which divides the data into smaller chunks
    and calls crypto_shash_update() and cond_resched() for each chunk. It's
    not necessary to have a flag in 'struct shash_desc', nor is it necessary
    to make individual shash algorithms aware of this at all.

    Therefore, remove shash_desc::flags, and document that the
    crypto_shash_*() functions can be called from any context.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • CONFIG_INIT_STACK_ALL turns on stack initialization based on
    -ftrivial-auto-var-init in Clang builds, which has greater coverage
    than CONFIG_GCC_PLUGINS_STRUCTLEAK_BYREF_ALL.

    -ftrivial-auto-var-init Clang option provides trivial initializers for
    uninitialized local variables, variable fields and padding.

    It has three possible values:
    pattern - uninitialized locals are filled with a fixed pattern
    (mostly 0xAA on 64-bit platforms, see https://reviews.llvm.org/D54604
    for more details, but 0x000000AA for 32-bit pointers) likely to cause
    crashes when uninitialized value is used;
    zero (it's still debated whether this flag makes it to the official
    Clang release) - uninitialized locals are filled with zeroes;
    uninitialized (default) - uninitialized locals are left intact.

    This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is
    enabled.

    Developers have the possibility to opt-out of this feature on a
    per-variable basis by using __attribute__((uninitialized)), but such
    use should be well justified in comments.

    Co-developed-by: Alexander Potapenko
    Signed-off-by: Alexander Potapenko
    Signed-off-by: Kees Cook
    Tested-by: Alexander Potapenko
    Acked-by: Masahiro Yamada

    Kees Cook
     
  • This moves the stackleak plugin options to Kconfig.hardening's memory
    initialization menu.

    Signed-off-by: Kees Cook
    Reviewed-by: Alexander Popov
    Acked-by: Masahiro Yamada

    Kees Cook
     
  • Right now kernel hardening options are scattered around various Kconfig
    files. This can be a central place to collect these kinds of options
    going forward. This is initially populated with the memory initialization
    options from the gcc-plugins.

    Signed-off-by: Kees Cook
    Acked-by: Masahiro Yamada

    Kees Cook
     

20 Apr, 2019

1 commit


18 Apr, 2019

1 commit

  • Allow to use EC-RDSA signatures for IMA by determining signature type by
    the hash algorithm name. This works good for EC-RDSA since Streebog and
    EC-RDSA should always be used together.

    Cc: Mimi Zohar
    Cc: Dmitry Kasatkin
    Cc: linux-integrity@vger.kernel.org
    Signed-off-by: Vitaly Chikunov
    Reviewed-by: Mimi Zohar
    Signed-off-by: Herbert Xu

    Vitaly Chikunov
     

16 Apr, 2019

2 commits


11 Apr, 2019

5 commits