1. 21 Oct, 2015 8 commits
    • David Howells's avatar
      PKCS#7: Make trust determination dependent on contents of trust keyring · be4dc974
      David Howells authored
      Make the determination of the trustworthiness of a key dependent on whether
      a key that can verify it is present in the ring of trusted keys rather than
      whether or not the verifying key has KEY_FLAG_TRUSTED set.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      be4dc974
    • David Howells's avatar
      KEYS: Generalise system_verify_data() to provide access to internal content · 661cb9c4
      David Howells authored
      Generalise system_verify_data() to provide access to internal content
      through a callback.  This allows all the PKCS#7 stuff to be hidden inside
      this function and removed from the PE file parser and the PKCS#7 test key.
      
      If external content is not required, NULL should be passed as data to the
      function.  If the callback is not required, that can be set to NULL.
      
      The function is now called verify_pkcs7_signature() to contrast with
      verify_pefile_signature() and the definitions of both have been moved into
      linux/verification.h along with the key_being_used_for enum.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      661cb9c4
    • David Howells's avatar
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells authored
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
      146aa8b1
    • David Howells's avatar
      KEYS: Provide a script to extract a module signature · 4adc605e
      David Howells authored
      The supplied script takes a signed module file and extracts the tailmost
      signature (there could theoretically be more than one) and dumps all or
      part of it or the unsigned file to stdout.
      
      Call as:
      
      	scripts/extract-module-sig.pl -[0adnks] module-file >out
      
      where the initial flag indicates which bit of the signed file you want dumping
      to stdout:
      
       (*) "-0".  Dumps the unsigned data with the signature stripped.
      
       (*) "-a".  Dumps all of the signature data, including the magic number.
      
       (*) "-d".  Dumps the signature information block as a sequence of decimal
           	    numbers in text form with spaces between (crypto algorithm type,
           	    hash type, identifier type, signer's name length, key identifier
           	    length and signature length).
      
       (*) "-n".  Dumps the signer's name contents.
      
       (*) "-k".  Dumps the key identifier contents.
      
       (*) "-s".  Dumps the cryptographic signature contents.
      
      In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
      print a warning to stderr and dump nothing to stdout, but will otherwise
      complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
      will show "0 0 2 0 0 <pkcs#7-msg-len>".
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      4adc605e
    • David Howells's avatar
      KEYS: Provide a script to extract the sys cert list from a vmlinux file · 2221a6ee
      David Howells authored
      The supplied script takes a vmlinux file - and if necessary a System.map
      file - locates the system certificates list and extracts it to the named
      file.
      
      Call as:
      
          ./scripts/extract-sys-certs vmlinux certs
      
      if vmlinux contains symbols and:
      
          ./scripts/extract-sys-certs -s System.map vmlinux certs
      
      if it does not.
      
      It prints something like the following to stdout:
      
      	Have 27 sections
      	No symbols in vmlinux, trying System.map
      	Have 80088 symbols
      	Have 1346 bytes of certs at VMA 0xffffffff8201c540
      	Certificate list in section .init.data
      	Certificate list at file offset 0x141c540
      
      If vmlinux contains symbols then that is used rather than System.map - even
      if one is given.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      2221a6ee
    • Insu Yun's avatar
      keys: Be more consistent in selection of union members used · 27720e75
      Insu Yun authored
      key->description and key->index_key.description are same because
      they are unioned. But, for readability, using same name for
      duplication and validation seems better.
      Signed-off-by: default avatarInsu Yun <wuninsu@gmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      27720e75
    • Paul Gortmaker's avatar
      certs: add .gitignore to stop git nagging about x509_certificate_list · 48dbc164
      Paul Gortmaker authored
      Currently we see this in "git status" if we build in the source dir:
      
      Untracked files:
        (use "git add <file>..." to include in what will be committed)
      
              certs/x509_certificate_list
      
      It looks like it used to live in kernel/ so we squash that .gitignore
      entry at the same time.  I didn't bother to dig through git history to
      see when it moved, since it is just a minor annoyance at most.
      
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: keyrings@linux-nfs.org
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      48dbc164
    • Geliang Tang's avatar
      KEYS: use kvfree() in add_key · d0e0eba0
      Geliang Tang authored
      There is no need to make a flag to tell that this memory is allocated by
      kmalloc or vmalloc. Just use kvfree to free the memory.
      Signed-off-by: default avatarGeliang Tang <geliangtang@163.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d0e0eba0
  2. 20 Oct, 2015 2 commits
  3. 19 Oct, 2015 1 commit
    • Zbigniew Jasinski's avatar
      Smack: limited capability for changing process label · 38416e53
      Zbigniew Jasinski authored
      This feature introduces new kernel interface:
      
      - <smack_fs>/relabel-self - for setting transition labels list
      
      This list is used to control smack label transition mechanism.
      List is set by, and per process. Process can transit to new label only if
      label is on the list. Only process with CAP_MAC_ADMIN capability can add
      labels to this list. With this list, process can change it's label without
      CAP_MAC_ADMIN but only once. After label changing, list is unset.
      
      Changes in v2:
      * use list_for_each_entry instead of _rcu during label write
      * added missing description in security/Smack.txt
      
      Changes in v3:
      * squashed into one commit
      
      Changes in v4:
      * switch from global list to per-task list
      * since the per-task list is accessed only by the task itself
        there is no need to use synchronization mechanisms on it
      
      Changes in v5:
      * change smackfs interface of relabel-self to the one used for onlycap
        multiple labels are accepted, separated by space, which
        replace the previous list upon write
      Signed-off-by: default avatarZbigniew Jasinski <z.jasinski@samsung.com>
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      38416e53
  4. 18 Oct, 2015 18 commits
  5. 09 Oct, 2015 5 commits
  6. 04 Oct, 2015 6 commits
    • Linus Torvalds's avatar
      Linux 4.3-rc4 · 049e6dde
      Linus Torvalds authored
      049e6dde
    • Linus Torvalds's avatar
      Merge branch 'strscpy' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 30c44659
      Linus Torvalds authored
      Pull strscpy string copy function implementation from Chris Metcalf.
      
      Chris sent this during the merge window, but I waffled back and forth on
      the pull request, which is why it's going in only now.
      
      The new "strscpy()" function is definitely easier to use and more secure
      than either strncpy() or strlcpy(), both of which are horrible nasty
      interfaces that have serious and irredeemable problems.
      
      strncpy() has a useless return value, and doesn't NUL-terminate an
      overlong result.  To make matters worse, it pads a short result with
      zeroes, which is a performance disaster if you have big buffers.
      
      strlcpy(), by contrast, is a mis-designed "fix" for strlcpy(), lacking
      the insane NUL padding, but having a differently broken return value
      which returns the original length of the source string.  Which means
      that it will read characters past the count from the source buffer, and
      you have to trust the source to be properly terminated.  It also makes
      error handling fragile, since the test for overflow is unnecessarily
      subtle.
      
      strscpy() avoids both these problems, guaranteeing the NUL termination
      (but not excessive padding) if the destination size wasn't zero, and
      making the overflow condition very obvious by returning -E2BIG.  It also
      doesn't read past the size of the source, and can thus be used for
      untrusted source data too.
      
      So why did I waffle about this for so long?
      
      Every time we introduce a new-and-improved interface, people start doing
      these interminable series of trivial conversion patches.
      
      And every time that happens, somebody does some silly mistake, and the
      conversion patch to the improved interface actually makes things worse.
      Because the patch is mindnumbing and trivial, nobody has the attention
      span to look at it carefully, and it's usually done over large swatches
      of source code which means that not every conversion gets tested.
      
      So I'm pulling the strscpy() support because it *is* a better interface.
      But I will refuse to pull mindless conversion patches.  Use this in
      places where it makes sense, but don't do trivial patches to fix things
      that aren't actually known to be broken.
      
      * 'strscpy' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
        tile: use global strscpy() rather than private copy
        string: provide strscpy()
        Make asm/word-at-a-time.h available on all architectures
      30c44659
    • Linus Torvalds's avatar
      Merge tag 'md/4.3-fixes' of git://neil.brown.name/md · 15ecf9a9
      Linus Torvalds authored
      Pull md fixes from Neil Brown:
       "Assorted fixes for md in 4.3-rc.
      
        Two tagged for -stable, and one is really a cleanup to match and
        improve kmemcache interface.
      
      * tag 'md/4.3-fixes' of git://neil.brown.name/md:
        md/bitmap: don't pass -1 to bitmap_storage_alloc.
        md/raid1: Avoid raid1 resync getting stuck
        md: drop null test before destroy functions
        md: clear CHANGE_PENDING in readonly array
        md/raid0: apply base queue limits *before* disk_stack_limits
        md/raid5: don't index beyond end of array in need_this_block().
        raid5: update analysis state for failed stripe
        md: wait for pending superblock updates before switching to read-only
      15ecf9a9
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 0d877081
      Linus Torvalds authored
      Pull MIPS updates from Ralf Baechle:
       "This week's round of MIPS fixes:
         - Fix JZ4740 build
         - Fix fallback to GFP_DMA
         - FP seccomp in case of ENOSYS
         - Fix bootmem panic
         - A number of FP and CPS fixes
         - Wire up new syscalls
         - Make sure BPF assembler objects can properly be disassembled
         - Fix BPF assembler code for MIPS I"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: scall: Always run the seccomp syscall filters
        MIPS: Octeon: Fix kernel panic on startup from memory corruption
        MIPS: Fix R2300 FP context switch handling
        MIPS: Fix octeon FP context switch handling
        MIPS: BPF: Fix load delay slots.
        MIPS: BPF: Do all exports of symbols with FEXPORT().
        MIPS: Fix the build on jz4740 after removing the custom gpio.h
        MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT
        MIPS: CPS: Don't include MT code in non-MT kernels.
        MIPS: CPS: Stop dangling delay slot from has_mt.
        MIPS: dma-default: Fix 32-bit fall back to GFP_DMA
        MIPS: Wire up userfaultfd and membarrier syscalls.
      0d877081
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3e519dde
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "This update contains:
      
         - Fix for a long standing race affecting /proc/irq/NNN
      
         - One line fix for ARM GICV3-ITS counting the wrong data
      
         - Warning silencing in ARM GICV3-ITS.  Another GCC trying to be
           overly clever issue"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3-its: Count additional LPIs for the aliased devices
        irqchip/gic-v3-its: Silence warning when its_lpi_alloc_chunks gets inlined
        genirq: Fix race in register_irq_proc()
      3e519dde
    • Markos Chandras's avatar
      MIPS: scall: Always run the seccomp syscall filters · d218af78
      Markos Chandras authored
      The MIPS syscall handler code used to return -ENOSYS on invalid
      syscalls. Whilst this is expected, it caused problems for seccomp
      filters because the said filters never had the change to run since
      the code returned -ENOSYS before triggering them. This caused
      problems on the chromium testsuite for filters looking for invalid
      syscalls. This has now changed and the seccomp filters are always
      run even if the syscall is invalid. We return -ENOSYS once we
      return from the seccomp filters. Moreover, similar codepaths have
      been merged in the process which simplifies somewhat the overall
      syscall code.
      Signed-off-by: default avatarMarkos Chandras <markos.chandras@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/11236/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      d218af78