Eric Lee / smarc-fsl-linux-kernel

10 Feb, 2016

1 commit

18 Jan, 2016

1 commit

  • 5807fcaa9   Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security ... Browse Code »

    Pull security subsystem updates from James Morris:

    - EVM gains support for loading an x509 cert from the kernel
    (EVM_LOAD_X509), into the EVM trusted kernel keyring.

    - Smack implements 'file receive' process-based permission checking for
    sockets, rather than just depending on inode checks.

    - Misc enhancments for TPM & TPM2.

    - Cleanups and bugfixes for SELinux, Keys, and IMA.

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits)
    selinux: Inode label revalidation performance fix
    KEYS: refcount bug fix
    ima: ima_write_policy() limit locking
    IMA: policy can be updated zero times
    selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()
    selinux: export validatetrans decisions
    gfs2: Invalid security labels of inodes when they go invalid
    selinux: Revalidate invalid inode security labels
    security: Add hook to invalidate inode security labels
    selinux: Add accessor functions for inode->i_security
    security: Make inode argument of inode_getsecid non-const
    security: Make inode argument of inode_getsecurity non-const
    selinux: Remove unused variable in selinux_inode_init_security
    keys, trusted: seal with a TPM2 authorization policy
    keys, trusted: select hash algorithm for TPM2 chips
    keys, trusted: fix: *do not* allow duplicate key options
    tpm_ibmvtpm: properly handle interrupted packet receptions
    tpm_tis: Tighten IRQ auto-probing
    tpm_tis: Refactor the interrupt setup
    tpm_tis: Get rid of the duplicate IRQ probing code
    ...

    Linus Torvalds
     

20 Dec, 2015

3 commits

  • 5beb0c435   keys, trusted: seal with a TPM2 authorization policy ... Browse Code »

    TPM2 supports authorization policies, which are essentially
    combinational logic statements repsenting the conditions where the data
    can be unsealed based on the TPM state. This patch enables to use
    authorization policies to seal trusted keys.

    Two following new options have been added for trusted keys:

    * 'policydigest=': provide an auth policy digest for sealing.
    * 'policyhandle=': provide a policy session handle for unsealing.

    If 'hash=' option is supplied after 'policydigest=' option, this
    will result an error because the state of the option would become
    mixed.

    Signed-off-by: Jarkko Sakkinen
    Tested-by: Colin Ian King
    Reviewed-by: Mimi Zohar
    Acked-by: Peter Huewe

    Jarkko Sakkinen
     
  • 5ca4c20cf   keys, trusted: select hash algorithm for TPM2 chips ... Browse Code »

    Added 'hash=' option for selecting the hash algorithm for add_key()
    syscall and documentation for it.

    Added entry for sm3-256 to the following tables in order to support
    TPM_ALG_SM3_256:

    * hash_algo_name
    * hash_digest_size

    Includes support for the following hash algorithms:

    * sha1
    * sha256
    * sha384
    * sha512
    * sm3-256

    Signed-off-by: Jarkko Sakkinen
    Tested-by: Colin Ian King
    Reviewed-by: James Morris
    Reviewed-by: Mimi Zohar
    Acked-by: Peter Huewe

    Jarkko Sakkinen
     
  • 5208cc834   keys, trusted: fix: *do not* allow duplicate key options ... Browse Code »

    The trusted keys option parsing allows specifying the same option
    multiple times. The last option value specified is used.

    This is problematic because:

    * No gain.
    * This makes complicated to specify options that are dependent on other
    options.

    This patch changes the behavior in a way that option can be specified
    only once.

    Reported-by: James Morris James Morris
    Reviewed-by: Mimi Zohar
    Signed-off-by: Jarkko Sakkinen
    Acked-by: Peter Huewe

    Jarkko Sakkinen
     

25 Nov, 2015

1 commit

  • 096fe9eae   KEYS: Fix handling of stored error in a negatively instantiated user key ... Browse Code »

    If a user key gets negatively instantiated, an error code is cached in the
    payload area. A negatively instantiated key may be then be positively
    instantiated by updating it with valid data. However, the ->update key
    type method must be aware that the error code may be there.

    The following may be used to trigger the bug in the user key type:

    keyctl request2 user user "" @u
    keyctl add user user "a" @u

    which manifests itself as:

    BUG: unable to handle kernel paging request at 00000000ffffff8a
    IP: [] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
    PGD 7cc30067 PUD 0
    Oops: 0002 [#1] SMP
    Modules linked in:
    CPU: 3 PID: 2644 Comm: a.out Not tainted 4.3.0+ #49
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    task: ffff88003ddea700 ti: ffff88003dd88000 task.ti: ffff88003dd88000
    RIP: 0010:[] [] __call_rcu.constprop.76+0x1f/0x280
    [] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
    RSP: 0018:ffff88003dd8bdb0 EFLAGS: 00010246
    RAX: 00000000ffffff82 RBX: 0000000000000000 RCX: 0000000000000001
    RDX: ffffffff81e3fe40 RSI: 0000000000000000 RDI: 00000000ffffff82
    RBP: ffff88003dd8bde0 R08: ffff88007d2d2da0 R09: 0000000000000000
    R10: 0000000000000000 R11: ffff88003e8073c0 R12: 00000000ffffff82
    R13: ffff88003dd8be68 R14: ffff88007d027600 R15: ffff88003ddea700
    FS: 0000000000b92880(0063) GS:ffff88007fd00000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 00000000ffffff8a CR3: 000000007cc5f000 CR4: 00000000000006e0
    Stack:
    ffff88003dd8bdf0 ffffffff81160a8a 0000000000000000 00000000ffffff82
    ffff88003dd8be68 ffff88007d027600 ffff88003dd8bdf0 ffffffff810a39e5
    ffff88003dd8be20 ffffffff812a31ab ffff88007d027600 ffff88007d027620
    Call Trace:
    [] kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3136
    [] user_update+0x8b/0xb0 security/keys/user_defined.c:129
    [< inline >] __key_update security/keys/key.c:730
    [] key_create_or_update+0x291/0x440 security/keys/key.c:908
    [< inline >] SYSC_add_key security/keys/keyctl.c:125
    [] SyS_add_key+0x101/0x1e0 security/keys/keyctl.c:60
    [] entry_SYSCALL_64_fastpath+0x12/0x6a arch/x86/entry/entry_64.S:185

    Note the error code (-ENOKEY) in EDX.

    A similar bug can be tripped by:

    keyctl request2 trusted user "" @u
    keyctl add trusted user "a" @u

    This should also affect encrypted keys - but that has to be correctly
    parameterised or it will fail with EINVAL before getting to the bit that
    will crashes.

    Reported-by: Dmitry Vyukov
    Signed-off-by: David Howells
    Acked-by: Mimi Zohar
    Signed-off-by: James Morris

    David Howells
     

21 Oct, 2015

1 commit

  • 146aa8b14   KEYS: Merge the type-specific data with the payload data ... Browse Code »

    Merge the type-specific data with the payload data into one four-word chunk
    as it seems pointless to keep them separate.

    Use user_key_payload() for accessing the payloads of overloaded
    user-defined keys.

    Signed-off-by: David Howells
    cc: linux-cifs@vger.kernel.org
    cc: ecryptfs@vger.kernel.org
    cc: linux-ext4@vger.kernel.org
    cc: linux-f2fs-devel@lists.sourceforge.net
    cc: linux-nfs@vger.kernel.org
    cc: ceph-devel@vger.kernel.org
    cc: linux-ima-devel@lists.sourceforge.net

    David Howells
     

19 Oct, 2015

1 commit

  • 0fe548030   keys, trusted: seal/unseal with TPM 2.0 chips ... Browse Code »

    Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips.
    We require explicit 'keyhandle=' option because there's no a fixed
    storage root key inside TPM2 chips.

    Signed-off-by: Jarkko Sakkinen
    Reviewed-by: Andreas Fuchs
    Tested-by: Mimi Zohar (on TPM 1.2)
    Tested-by: Chris J Arges
    Tested-by: Colin Ian King
    Tested-by: Kevin Strasser
    Signed-off-by: Peter Huewe

    Jarkko Sakkinen
     

17 Sep, 2014

1 commit

  • c06cfb08b   KEYS: Remove key_type::match in favour of overriding default by match_preparse ... Browse Code »

    A previous patch added a ->match_preparse() method to the key type. This is
    allowed to override the function called by the iteration algorithm.
    Therefore, we can just set a default that simply checks for an exact match of
    the key description with the original criterion data and allow match_preparse
    to override it as needed.

    The key_type::match op is then redundant and can be removed, as can the
    user_match() function.

    Signed-off-by: David Howells
    Acked-by: Vivek Goyal

    David Howells
     

06 Feb, 2014

1 commit

15 Oct, 2012

1 commit

  • d25282d1c   Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux ... Browse Code »

    Pull module signing support from Rusty Russell:
    "module signing is the highlight, but it's an all-over David Howells frenzy..."

    Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.

    * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
    X.509: Fix indefinite length element skip error handling
    X.509: Convert some printk calls to pr_devel
    asymmetric keys: fix printk format warning
    MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
    MODSIGN: Make mrproper should remove generated files.
    MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
    MODSIGN: Use the same digest for the autogen key sig as for the module sig
    MODSIGN: Sign modules during the build process
    MODSIGN: Provide a script for generating a key ID from an X.509 cert
    MODSIGN: Implement module signature checking
    MODSIGN: Provide module signing public keys to the kernel
    MODSIGN: Automatically generate module signing keys if missing
    MODSIGN: Provide Kconfig options
    MODSIGN: Provide gitignore and make clean rules for extra files
    MODSIGN: Add FIPS policy
    module: signature checking hook
    X.509: Add a crypto key parser for binary (DER) X.509 certificates
    MPILIB: Provide a function to read raw data into an MPI
    X.509: Add an ASN.1 decoder
    X.509: Add simple ASN.1 grammar compiler
    ...

    Linus Torvalds
     

08 Oct, 2012

1 commit

  • cf7f601c0   KEYS: Add payload preparsing opportunity prior to key instantiate or update ... Browse Code »

    Give the key type the opportunity to preparse the payload prior to the
    instantiation and update routines being called. This is done with the
    provision of two new key type operations:

    int (*preparse)(struct key_preparsed_payload *prep);
    void (*free_preparse)(struct key_preparsed_payload *prep);

    If the first operation is present, then it is called before key creation (in
    the add/update case) or before the key semaphore is taken (in the update and
    instantiate cases). The second operation is called to clean up if the first
    was called.

    preparse() is given the opportunity to fill in the following structure:

    struct key_preparsed_payload {
    char *description;
    void *type_data[2];
    void *payload;
    const void *data;
    size_t datalen;
    size_t quotalen;
    };

    Before the preparser is called, the first three fields will have been cleared,
    the payload pointer and size will be stored in data and datalen and the default
    quota size from the key_type struct will be stored into quotalen.

    The preparser may parse the payload in any way it likes and may store data in
    the type_data[] and payload fields for use by the instantiate() and update()
    ops.

    The preparser may also propose a description for the key by attaching it as a
    string to the description field. This can be used by passing a NULL or ""
    description to the add_key() system call or the key_create_or_update()
    function. This cannot work with request_key() as that required the description
    to tell the upcall about the key to be created.

    This, for example permits keys that store PGP public keys to generate their own
    name from the user ID and public key fingerprint in the key.

    The instantiate() and update() operations are then modified to look like this:

    int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
    int (*update)(struct key *key, struct key_preparsed_payload *prep);

    and the new payload data is passed in *prep, whether or not it was preparsed.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     

23 Aug, 2012

1 commit

  • 41ab999c8   tpm: Move tpm_get_random api into the TPM device driver ... Browse Code »

    Move the tpm_get_random api from the trusted keys code into the TPM
    device driver itself so that other callers can make use of it. Also,
    change the api slightly so that the number of bytes read is returned in
    the call, since the TPM command can potentially return fewer bytes than
    requested.

    Acked-by: David Safford
    Reviewed-by: H. Peter Anvin
    Signed-off-by: Kent Yoder

    Kent Yoder
     

18 Jan, 2012

1 commit

  • ee0b31a25   keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages ... Browse Code »

    Define rcu_assign_keypointer(), which uses the key payload.rcudata instead
    of payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message:
    "incompatible types in comparison expression (different address spaces)"

    Replace the rcu_assign_pointer() calls in encrypted/trusted keys with
    rcu_assign_keypointer().

    Signed-off-by: Mimi Zohar
    Signed-off-by: David Howells
    Signed-off-by: James Morris

    Mimi Zohar
     

01 Nov, 2011

1 commit

21 Sep, 2011

1 commit

20 May, 2011

1 commit

08 Mar, 2011

1 commit

24 Jan, 2011

2 commits