1. 22 5月, 2009 1 次提交
    • E
      IMA: Minimal IMA policy and boot param for TCB IMA policy · 5789ba3b
      Eric Paris 提交于
      The IMA TCB policy is dangerous.  A normal use can use all of a system's
      memory (which cannot be freed) simply by building and running lots of
      executables.  The TCB policy is also nearly useless because logging in as root
      often causes a policy violation when dealing with utmp, thus rendering the
      measurements meaningless.
      
      There is no good fix for this in the kernel.  A full TCB policy would need to
      be loaded in userspace using LSM rule matching to get both a protected and
      useful system.  But, if too little is measured before userspace can load a real
      policy one again ends up with a meaningless set of measurements.  One option
      would be to put the policy load inside the initrd in order to get it early
      enough in the boot sequence to be useful, but this runs into trouble with the
      LSM.  For IMA to measure the LSM policy and the LSM policy loading mechanism
      it needs rules to do so, but we already talked about problems with defaulting
      to such broad rules....
      
      IMA also depends on the files being measured to be on an FS which implements
      and supports i_version.  Since the only FS with this support (ext4) doesn't
      even use it by default it seems silly to have any IMA rules by default.
      
      This should reduce the performance overhead of IMA to near 0 while still
      letting users who choose to configure their machine as such to inclue the
      ima_tcb kernel paramenter and get measurements during boot before they can
      load a customized, reasonable policy in userspace.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Acked-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      5789ba3b
  2. 19 5月, 2009 2 次提交
    • S
      selinux: remove obsolete read buffer limit from sel_read_bool · c5642f4b
      Stephen Smalley 提交于
      On Tue, 2009-05-19 at 00:05 -0400, Eamon Walsh wrote:
      > Recent versions of coreutils have bumped the read buffer size from 4K to
      > 32K in several of the utilities.
      >
      > This means that "cat /selinux/booleans/xserver_object_manager" no longer
      > works, it returns "Invalid argument" on F11.  getsebool works fine.
      >
      > sel_read_bool has a check for "count > PAGE_SIZE" that doesn't seem to
      > be present in the other read functions.  Maybe it could be removed?
      
      Yes, that check is obsoleted by the conversion of those functions to
      using simple_read_from_buffer(), which will reduce count if necessary to
      what is available in the buffer.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c5642f4b
    • E
      SELinux: move SELINUX_MAGIC into magic.h · 75834fc3
      Eric Paris 提交于
      The selinuxfs superblock magic is used inside the IMA code, but is being
      defined in two places and could someday get out of sync.  This patch moves the
      declaration into magic.h so it is only done once.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      75834fc3
  3. 15 5月, 2009 2 次提交
  4. 14 5月, 2009 1 次提交
    • E
      TPM: get_event_name stack corruption · b1033870
      Eric Paris 提交于
      get_event_name uses sprintf to fill a buffer declared on the stack.  It fills
      the buffer 2 bytes at a time.  What the code doesn't take into account is that
      sprintf(buf, "%02x", data) actually writes 3 bytes.  2 bytes for the data and
      then it nul terminates the string.  Since we declare buf to be 40 characters
      long and then we write 40 bytes of data into buf sprintf is going to write 41
      characters.  The fix is to leave room in buf for the nul terminator.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      b1033870
  5. 12 5月, 2009 4 次提交
  6. 11 5月, 2009 2 次提交
  7. 08 5月, 2009 6 次提交
    • J
      Merge branch 'master' into next · d2541170
      James Morris 提交于
      d2541170
    • D
      NOMMU: Don't check vm_region::vm_start is page aligned in add_nommu_region() · 8c9ed899
      David Howells 提交于
      Don't check vm_region::vm_start is page aligned in add_nommu_region() because
      the region may reflect some non-page-aligned mapped file, such as could be
      obtained from RomFS XIP.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NGreg Ungerer <gerg@uclinux.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8c9ed899
    • L
      Merge branch 'for-linus' of git://neil.brown.name/md · ee7fee0b
      Linus Torvalds 提交于
      * 'for-linus' of git://neil.brown.name/md:
        md: remove rd%d links immediately after stopping an array.
        md: remove ability to explicit set an inactive array to 'clean'.
        md: constify VFTs
        md: tidy up status_resync to handle large arrays.
        md: fix some (more) errors with bitmaps on devices larger than 2TB.
        md/raid10: don't clear bitmap during recovery if array will still be degraded.
        md: fix loading of out-of-date bitmap.
      ee7fee0b
    • L
      random: make get_random_int() more random · 8a0a9bd4
      Linus Torvalds 提交于
      It's a really simple patch that basically just open-codes the current
      "secure_ip_id()" call, but when open-coding it we now use a _static_
      hashing area, so that it gets updated every time.
      
      And to make sure somebody can't just start from the same original seed of
      all-zeroes, and then do the "half_md4_transform()" over and over until
      they get the same sequence as the kernel has, each iteration also mixes in
      the same old "current->pid + jiffies" we used - so we should now have a
      regular strong pseudo-number generator, but we also have one that doesn't
      have a single seed.
      
      Note: the "pid + jiffies" is just meant to be a tiny tiny bit of noise. It
      has no real meaning. It could be anything. I just picked the previous
      seed, it's just that now we keep the state in between calls and that will
      feed into the next result, and that should make all the difference.
      
      I made that hash be a per-cpu data just to avoid cache-line ping-pong:
      having multiple CPU's write to the same data would be fine for randomness,
      and add yet another layer of chaos to it, but since get_random_int() is
      supposed to be a fast interface I did it that way instead. I considered
      using "__raw_get_cpu_var()" to avoid any preemption overhead while still
      getting the hash be _mostly_ ping-pong free, but in the end good taste won
      out.
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8a0a9bd4
    • L
      Merge master.kernel.org:/home/rmk/linux-2.6-arm · 2c66fa7e
      Linus Torvalds 提交于
      * master.kernel.org:/home/rmk/linux-2.6-arm:
        [ARM] 5507/1: support R_ARM_MOVW_ABS_NC and MOVT_ABS relocation types
        [ARM] 5506/1: davinci: DMA_32BIT_MASK --> DMA_BIT_MASK(32)
        i.MX31: Disable CPU_32v6K in mx3_defconfig.
        mx3fb: Fix compilation with CONFIG_PM
        mx27ads: move PBC mapping out of vmalloc space
        MXC: remove BUG_ON in interrupt handler
        mx31: remove mx31moboard_defconfig
        ARM: ARCH_MXC should select HAVE_CLK
        mxc : BUG in imx_dma_request
        mxc : Clean up properly when imx_dma_free() used without imx_dma_disable()
        [ARM] mv78xx0: update defconfig
        [ARM] orion5x: update defconfig
        [ARM] Kirkwood: update defconfig
        [ARM] Kconfig typo fix:  "PXA930" -> "CPU_PXA930".
        [ARM] S3C2412: Add missing cache flush in suspend code
        [ARM] S3C: Add UDIVSLOT support for newer UARTS
        [ARM] S3C64XX: Add S3C64XX_PA_IIS{0,1} to <mach/map.h>
      2c66fa7e
    • P
      [ARM] 5507/1: support R_ARM_MOVW_ABS_NC and MOVT_ABS relocation types · ae51e609
      Paul Gortmaker 提交于
      From: Bruce Ashfield <bruce.ashfield@windriver.com>
      
      To fully support the armv7-a instruction set/optimizations, support
      for the R_ARM_MOVW_ABS_NC and R_ARM_MOVT_ABS relocation types is
      required.
      
      The MOVW and MOVT are both load-immediate instructions, MOVW loads 16
      bits into the bottom half of a register, and MOVT loads 16 bits into the
      top half of a register.
      
      The relocation information for these instructions has a full 32 bit
      value, plus an addend which is stored in the 16 immediate bits in the
      instruction itself.  The immediate bits in the instruction are not
      contiguous (the register # splits it into a 4 bit and 12 bit value),
      so the addend has to be extracted accordingly and added to the value.
      The value is then split and put into the instruction; a MOVW uses the
      bottom 16 bits of the value, and a MOVT uses the top 16 bits.
      Signed-off-by: NDavid Borman <david.borman@windriver.com>
      Signed-off-by: NBruce Ashfield <bruce.ashfield@windriver.com>
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      ae51e609
  8. 07 5月, 2009 22 次提交