18 Mar, 2016
1 commit
-
Pull security layer updates from James Morris:
"There are a bunch of fixes to the TPM, IMA, and Keys code, with minor
fixes scattered across the subsystem.IMA now requires signed policy, and that policy is also now measured
and appraised"* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (67 commits)
X.509: Make algo identifiers text instead of enum
akcipher: Move the RSA DER encoding check to the crypto layer
crypto: Add hash param to pkcs1pad
sign-file: fix build with CMS support disabled
MAINTAINERS: update tpmdd urls
MODSIGN: linux/string.h should be #included to get memcpy()
certs: Fix misaligned data in extra certificate list
X.509: Handle midnight alternative notation in GeneralizedTime
X.509: Support leap seconds
Handle ISO 8601 leap seconds and encodings of midnight in mktime64()
X.509: Fix leap year handling again
PKCS#7: fix unitialized boolean 'want'
firmware: change kernel read fail to dev_dbg()
KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert
KEYS: Reserve an extra certificate symbol for inserting without recompiling
modsign: hide openssl output in silent builds
tpm_tis: fix build warning with tpm_tis_resume
ima: require signed IMA policy
ima: measure and appraise the IMA policy itself
ima: load policy using path
...
21 Feb, 2016
1 commit
-
Replace copy_file_from_fd() with kernel_read_file_from_fd().
Two new identifiers named READING_KEXEC_IMAGE and READING_KEXEC_INITRAMFS
are defined for measuring, appraising or auditing the kexec image and
initramfs.Changelog v3:
- return -EBADF, not -ENOEXEC
- identifier change
- split patch, moving copy_file_from_fd() to a separate patch
- split patch, moving IMA changes to a separate patch
v0:
- use kstat file size type loff_t, not size_t
- Calculate the file hash from the in memory buffer - Dave YoungSigned-off-by: Mimi Zohar
Acked-by: Kees Cook
Acked-by: Luis R. Rodriguez
Cc: Eric Biederman
Acked-by: Dave Young
30 Jan, 2016
2 commits
-
Change the callers of walk_iomem_res() scanning for the
following resources by name to use walk_iomem_res_desc()
instead."ACPI Tables"
"ACPI Non-volatile Storage"
"Persistent Memory (legacy)"
"Crash kernel"Note, the caller of walk_iomem_res() with "GART" will be removed
in a later patch.Signed-off-by: Toshi Kani
Signed-off-by: Borislav Petkov
Reviewed-by: Dave Young
Cc: Andrew Morton
Cc: Andy Lutomirski
Cc: Andy Lutomirski
Cc: Borislav Petkov
Cc: Brian Gerst
Cc: Chun-Yi
Cc: Dan Williams
Cc: Denys Vlasenko
Cc: Don Zickus
Cc: H. Peter Anvin
Cc: Lee, Chun-Yi
Cc: Linus Torvalds
Cc: Luis R. Rodriguez
Cc: Minfei Huang
Cc: Peter Zijlstra (Intel)
Cc: Ross Zwisler
Cc: Stephen Rothwell
Cc: Takao Indoh
Cc: Thomas Gleixner
Cc: Toshi Kani
Cc: kexec@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mm
Cc: linux-nvdimm@lists.01.org
Link: http://lkml.kernel.org/r/1453841853-11383-15-git-send-email-bp@alien8.de
Signed-off-by: Ingo Molnar -
Set proper ioresource flags and types for crash kernel
reservation areas.Signed-off-by: Toshi Kani
Signed-off-by: Borislav Petkov
Reviewed-by: Dave Young
Cc: Andrew Morton
Cc: Andy Lutomirski
Cc: Baoquan He
Cc: Borislav Petkov
Cc: Brian Gerst
Cc: Denys Vlasenko
Cc: H. Peter Anvin
Cc: HATAYAMA Daisuke
Cc: Linus Torvalds
Cc: Luis R. Rodriguez
Cc: Minfei Huang
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: Toshi Kani
Cc: Vivek Goyal
Cc: kexec@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mm
Link: http://lkml.kernel.org/r/1453841853-11383-8-git-send-email-bp@alien8.de
Signed-off-by: Ingo Molnar
21 Jan, 2016
1 commit
-
Move the stuff currently only used by the kexec file code within
CONFIG_KEXEC_FILE (and CONFIG_KEXEC_VERIFY_SIG).Also move internal "struct kexec_sha_region" and "struct kexec_buf" into
"kexec_internal.h".Signed-off-by: Xunlei Pang
Cc: "Eric W. Biederman"
Cc: Dave Young
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Nov, 2015
1 commit
-
kexec output message misses the prefix "kexec", when Dave Young split the
kexec code. Now, we use file name as the output message prefix.Currently, the format of output message:
[ 140.290795] SYSC_kexec_load: hello, world
[ 140.291534] kexec: sanity_check_segment_list: hello, worldIdeally, the format of output message:
[ 30.791503] kexec: SYSC_kexec_load, Hello, world
[ 79.182752] kexec_core: sanity_check_segment_list, Hello, worldRemove the custom prefix "kexec" in output message.
Signed-off-by: Minfei Huang
Acked-by: Dave Young
Cc: "Eric W. Biederman"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Sep, 2015
1 commit
-
Split kexec_file syscall related code to another file kernel/kexec_file.c
so that the #ifdef CONFIG_KEXEC_FILE in kexec.c can be dropped.Sharing variables and functions are moved to kernel/kexec_internal.h per
suggestion from Vivek and Petr.[akpm@linux-foundation.org: fix bisectability]
[akpm@linux-foundation.org: declare the various arch_kexec functions]
[akpm@linux-foundation.org: fix build]
Signed-off-by: Dave Young
Cc: Eric W. Biederman
Cc: Vivek Goyal
Cc: Petr Tesarik
Cc: Theodore Ts'o
Cc: Josh Boyer
Cc: David Howells
Cc: Geert Uytterhoeven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds