1. 13 6月, 2018 2 次提交
    • K
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook 提交于
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6396bb22
    • K
      treewide: kmalloc() -> kmalloc_array() · 6da2ec56
      Kees Cook 提交于
      The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
      patch replaces cases of:
      
              kmalloc(a * b, gfp)
      
      with:
              kmalloc_array(a * b, gfp)
      
      as well as handling cases of:
      
              kmalloc(a * b * c, gfp)
      
      with:
      
              kmalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kmalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kmalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The tools/ directory was manually excluded, since it has its own
      implementation of kmalloc().
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kmalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kmalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kmalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kmalloc
      + kmalloc_array
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kmalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kmalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kmalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kmalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kmalloc(C1 * C2 * C3, ...)
      |
        kmalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kmalloc(sizeof(THING) * C2, ...)
      |
        kmalloc(sizeof(TYPE) * C2, ...)
      |
        kmalloc(C1 * C2 * C3, ...)
      |
        kmalloc(C1 * C2, ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6da2ec56
  2. 07 6月, 2018 10 次提交
  3. 06 6月, 2018 1 次提交
  4. 01 6月, 2018 1 次提交
  5. 31 5月, 2018 5 次提交
  6. 30 5月, 2018 1 次提交
    • S
      selinux: KASAN: slab-out-of-bounds in xattr_getsecurity · efe3de79
      Sachin Grover 提交于
      Call trace:
       [<ffffff9203a8d7a8>] dump_backtrace+0x0/0x428
       [<ffffff9203a8dbf8>] show_stack+0x28/0x38
       [<ffffff920409bfb8>] dump_stack+0xd4/0x124
       [<ffffff9203d187e8>] print_address_description+0x68/0x258
       [<ffffff9203d18c00>] kasan_report.part.2+0x228/0x2f0
       [<ffffff9203d1927c>] kasan_report+0x5c/0x70
       [<ffffff9203d1776c>] check_memory_region+0x12c/0x1c0
       [<ffffff9203d17cdc>] memcpy+0x34/0x68
       [<ffffff9203d75348>] xattr_getsecurity+0xe0/0x160
       [<ffffff9203d75490>] vfs_getxattr+0xc8/0x120
       [<ffffff9203d75d68>] getxattr+0x100/0x2c8
       [<ffffff9203d76fb4>] SyS_fgetxattr+0x64/0xa0
       [<ffffff9203a83f70>] el0_svc_naked+0x24/0x28
      
      If user get root access and calls security.selinux setxattr() with an
      embedded NUL on a file and then if some process performs a getxattr()
      on that file with a length greater than the actual length of the string,
      it would result in a panic.
      
      To fix this, add the actual length of the string to the security context
      instead of the length passed by the userspace process.
      Signed-off-by: NSachin Grover <sgrover@codeaurora.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NPaul Moore <paul@paul-moore.com>
      efe3de79
  7. 25 5月, 2018 1 次提交
    • E
      capabilities: Allow privileged user in s_user_ns to set security.* xattrs · b1d749c5
      Eric W. Biederman 提交于
      A privileged user in s_user_ns will generally have the ability to
      manipulate the backing store and insert security.* xattrs into
      the filesystem directly. Therefore the kernel must be prepared to
      handle these xattrs from unprivileged mounts, and it makes little
      sense for commoncap to prevent writing these xattrs to the
      filesystem. The capability and LSM code have already been updated
      to appropriately handle xattrs from unprivileged mounts, so it
      is safe to loosen this restriction on setting xattrs.
      
      The exception to this logic is that writing xattrs to a mounted
      filesystem may also cause the LSM inode_post_setxattr or
      inode_setsecurity callbacks to be invoked. SELinux will deny the
      xattr update by virtue of applying mountpoint labeling to
      unprivileged userns mounts, and Smack will deny the writes for
      any user without global CAP_MAC_ADMIN, so loosening the
      capability check in commoncap is safe in this respect as well.
      Signed-off-by: NSeth Forshee <seth.forshee@canonical.com>
      Acked-by: NSerge Hallyn <serge@hallyn.com>
      Acked-by: NChristian Brauner <christian@brauner.io>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      b1d749c5
  8. 23 5月, 2018 1 次提交
    • M
      ima: fix updating the ima_appraise flag · 6f0911a6
      Mimi Zohar 提交于
      As IMA policy rules are added, a mask of the type of rule (eg. kernel
      modules, firmware, IMA policy) is updated.  Unlike custom IMA policy
      rules, which replace the original builtin policy rules and update the
      mask, the builtin "secure_boot" policy rules were loaded, but did not
      update the mask.
      
      This patch refactors the code to load custom policies, defining a new
      function named ima_appraise_flag().  The new function is called either
      when loading the builtin "secure_boot" or custom policies.
      
      Fixes: 503ceaef ("ima: define a set of appraisal rules requiring file signatures")
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      6f0911a6
  9. 22 5月, 2018 2 次提交
    • M
      ima: based on policy verify firmware signatures (pre-allocated buffer) · fd90bc55
      Mimi Zohar 提交于
      Don't differentiate, for now, between kernel_read_file_id READING_FIRMWARE
      and READING_FIRMWARE_PREALLOC_BUFFER enumerations.
      
      Fixes: a098ecd2 firmware: support loading into a pre-allocated buffer (since 4.8)
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Serge E. Hallyn <serge@hallyn.com>
      Cc: Stephen Boyd <stephen.boyd@linaro.org>
      fd90bc55
    • M
      ima: define a new policy condition based on the filesystem name · f1b08bbc
      Mimi Zohar 提交于
      If/when file data signatures are distributed with the file data, this
      patch will not be needed.  In the current environment where only some
      files are signed, the ability to differentiate between file systems is
      needed.  Some file systems consider the file system magic number
      internal to the file system.
      
      This patch defines a new IMA policy condition named "fsname", based on
      the superblock's file_system_type (sb->s_type) name. This allows policy
      rules to be expressed in terms of the filesystem name.
      
      The following sample rules require file signatures on rootfs files
      executed or mmap'ed.
      
      appraise func=BPRM_CHECK fsname=rootfs appraise_type=imasig
      appraise func=FILE_MMAP fsname=rootfs appraise_type=imasig
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      Cc: Dave Chinner <david@fromorbit.com>
      Cc: Theodore Ts'o <tytso@mit.edu>
      f1b08bbc
  10. 19 5月, 2018 2 次提交
    • M
      EVM: Allow runtime modification of the set of verified xattrs · fa516b66
      Matthew Garrett 提交于
      Sites may wish to provide additional metadata alongside files in order
      to make more fine-grained security decisions[1]. The security of this is
      enhanced if this metadata is protected, something that EVM makes
      possible. However, the kernel cannot know about the set of extended
      attributes that local admins may wish to protect, and hardcoding this
      policy in the kernel makes it difficult to change over time and less
      convenient for distributions to enable.
      
      This patch adds a new /sys/kernel/security/integrity/evm/evm_xattrs node,
      which can be read to obtain the current set of EVM-protected extended
      attributes or written to in order to add new entries. Extending this list
      will not change the validity of any existing signatures provided that the
      file in question does not have any of the additional extended attributes -
      missing xattrs are skipped when calculating the EVM hash.
      
      [1] For instance, a package manager could install information about the
      package uploader in an additional extended attribute. Local LSM policy
      could then be associated with that extended attribute in order to
      restrict the privileges available to packages from less trusted
      uploaders.
      Signed-off-by: NMatthew Garrett <mjg59@google.com>
      Reviewed-by: NJames Morris <james.morris@microsoft.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      fa516b66
    • M
      EVM: turn evm_config_xattrnames into a list · 21af7663
      Matthew Garrett 提交于
      Use a list of xattrs rather than an array - this makes it easier to
      extend the list at runtime.
      Signed-off-by: NMatthew Garrett <mjg59@google.com>
      Reviewed-by: NJames Morris <james.morris@microsoft.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      21af7663
  11. 17 5月, 2018 4 次提交
  12. 16 5月, 2018 1 次提交
  13. 15 5月, 2018 4 次提交
  14. 14 5月, 2018 2 次提交
  15. 12 5月, 2018 3 次提交
    • T
      dh key: get rid of stack allocated array for zeroes · 890e2abe
      Tycho Andersen 提交于
      We're interested in getting rid of all of the stack allocated arrays in
      the kernel: https://lkml.org/lkml/2018/3/7/621
      
      This case is interesting, since we really just need an array of bytes that
      are zero. The loop already ensures that if the array isn't exactly the
      right size that enough zero bytes will be copied in. So, instead of
      choosing this value to be the size of the hash, let's just choose it to be
      32, since that is a common size, is not too big, and will not result in too
      many extra iterations of the loop.
      
      v2: split out from other patch, just hardcode array size instead of
          dynamically allocating something the right size
      v3: fix typo of 256 -> 32
      Signed-off-by: NTycho Andersen <tycho@tycho.ws>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      CC: David Howells <dhowells@redhat.com>
      CC: James Morris <jmorris@namei.org>
      CC: "Serge E. Hallyn" <serge@hallyn.com>
      CC: Eric Biggers <ebiggers3@gmail.com>
      Signed-off-by: NJames Morris <james.morris@microsoft.com>
      890e2abe
    • T
      dh key: get rid of stack allocated array · 383203ef
      Tycho Andersen 提交于
      We're interested in getting rid of all of the stack allocated arrays in the
      kernel: https://lkml.org/lkml/2018/3/7/621
      
      This particular vla is used as a temporary output buffer in case there is
      too much hash output for the destination buffer. Instead, let's just
      allocate a buffer that's big enough initially, but only copy back to
      userspace the amount that was originally asked for.
      
      v2: allocate enough in the original output buffer vs creating a temporary
          output buffer
      Signed-off-by: NTycho Andersen <tycho@tycho.ws>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      CC: David Howells <dhowells@redhat.com>
      CC: James Morris <jmorris@namei.org>
      CC: "Serge E. Hallyn" <serge@hallyn.com>
      CC: Eric Biggers <ebiggers3@gmail.com>
      Signed-off-by: NJames Morris <james.morris@microsoft.com>
      383203ef
    • T
      big key: get rid of stack array allocation · a964f395
      Tycho Andersen 提交于
      We're interested in getting rid of all of the stack allocated arrays in the
      kernel [1]. This patch simply hardcodes the iv length to match that of the
      hardcoded cipher.
      
      [1]: https://lkml.org/lkml/2018/3/7/621
      
      v2: hardcode the length of the nonce to be the GCM AES IV length, and do a
          sanity check in init(), Eric Biggers
      v3: * remember to free big_key_aead when sanity check fails
          * define a constant for big key IV size so it can be changed along side
            the algorithm in the code
      Signed-off-by: NTycho Andersen <tycho@tycho.ws>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      CC: David Howells <dhowells@redhat.com>
      CC: James Morris <jmorris@namei.org>
      CC: "Serge E. Hallyn" <serge@hallyn.com>
      CC: Jason A. Donenfeld <Jason@zx2c4.com>
      CC: Eric Biggers <ebiggers3@gmail.com>
      Signed-off-by: NJames Morris <james.morris@microsoft.com>
      a964f395
新手
引导
客服 返回
顶部