Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v4.18-rc2 2018-06-07T22:40:37Z 2018-06-07T22:40:37Z Linus Torvalds torvalds@linux-foundation.org 2018-06-07T22:40:37Z urn:sha1:00d535a386c071a06e111fd846f6beda445126a5 Pull integrity updates from James Morris: "From Mimi: - add run time support for specifying additional security xattrs included in the security.evm HMAC/signature - some code clean up and bug fixes" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: unlock on error path in evm_read_xattrs() EVM: prevent array underflow in evm_write_xattrs() EVM: Fix null dereference on xattr when xattr fails to allocate EVM: fix memory leak of temporary buffer 'temp' IMA: use list_splice_tail_init_rcu() instead of its open coded variant ima: use match_string() helper ima: fix updating the ima_appraise flag ima: based on policy verify firmware signatures (pre-allocated buffer) ima: define a new policy condition based on the filesystem name EVM: Allow runtime modification of the set of verified xattrs EVM: turn evm_config_xattrnames into a list integrity: Add an integrity directory in securityfs ima: Remove unused variable ima_initialized ima: Unify logging ima: Reflect correct permissions for policy 2018-06-06T23:34:00Z Linus Torvalds torvalds@linux-foundation.org 2018-06-06T23:34:00Z urn:sha1:8b5c6a3a49d9ebc7dc288870b9c56c4f946035d8 Pull audit updates from Paul Moore: "Another reasonable chunk of audit changes for v4.18, thirteen patches in total. The thirteen patches can mostly be broken down into one of four categories: general bug fixes, accessor functions for audit state stored in the task_struct, negative filter matches on executable names, and extending the (relatively) new seccomp logging knobs to the audit subsystem. The main driver for the accessor functions from Richard are the changes we're working on to associate audit events with containers, but I think they have some standalone value too so I figured it would be good to get them in now. The seccomp/audit patches from Tyler apply the seccomp logging improvements from a few releases ago to audit's seccomp logging; starting with this patchset the changes in /proc/sys/kernel/seccomp/actions_logged should apply to both the standard kernel logging and audit. As usual, everything passes the audit-testsuite and it happens to merge cleanly with your tree" [ Heh, except it had trivial merge conflicts with the SELinux tree that also came in from Paul - Linus ] * tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: Fix wrong task in comparison of session ID audit: use existing session info function audit: normalize loginuid read access audit: use new audit_context access funciton for seccomp_actions_logged audit: use inline function to set audit context audit: use inline function to get audit context audit: convert sessionid unset to a macro seccomp: Don't special case audited processes when logging seccomp: Audit attempts to modify the actions_logged sysctl seccomp: Configurable separator for the actions_logged string seccomp: Separate read and write code for actions_logged sysctl audit: allow not equal op for audit by executable audit: add syscall information to FEATURE_CHANGE records 2018-06-01T10:03:08Z Dan Carpenter dan.carpenter@oracle.com 2018-06-01T08:00:05Z urn:sha1:b5c90a7526fe39164c2204f0404ce8f8ff21e522 We need to unlock before returning on this error path. Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:13:24Z Dan Carpenter dan.carpenter@oracle.com 2018-05-29T13:11:28Z urn:sha1:a41d80acfa2764e9b1ce49aa303a263e609d91f7 If the user sets xattr->name[0] to NUL then we would read one character before the start of the array. This bug seems harmless as far as I can see but perhaps it would trigger a warning in KASAN. Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:13:23Z Colin Ian King colin.king@canonical.com 2018-05-27T22:55:10Z urn:sha1:72acd64df4561593d2ec3227b4aca9b0d7ded50e In the case where the allocation of xattr fails and xattr is NULL, the error exit return path via label 'out' will dereference xattr when kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr when xattr is non-null. Detected by CoverityScan, CID#1469366 ("Dereference after null check") Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:13:22Z Colin Ian King colin.king@canonical.com 2018-05-27T22:15:02Z urn:sha1:825b8650dc3dd064969ce343e918d0eb6bf907fb The allocation of 'temp' is not kfree'd and hence there is a memory leak on each call of evm_read_xattrs. Fix this by kfree'ing it after copying data from it back to the user space buffer 'buf'. Detected by CoverityScan, CID#1469386 ("Resource Leak") Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:13:22Z Petko Manolov petkan@nucleusys.com 2018-05-22T14:06:55Z urn:sha1:53b626f9038ee357a2183a6994c11fd9dfb3f94d Use list_splice_tail_init_rcu() to extend the existing custom IMA policy with additional IMA policy rules. Signed-off-by: Petko Manolov <petko.manolov@konsulko.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-31T14:11:58Z Yisheng Xie xieyisheng1@huawei.com 2018-05-21T11:58:02Z urn:sha1:b4df86085af9d3f456bed8245cede7c4413dcf83 match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-22T17:16:42Z Mimi Zohar zohar@linux.vnet.ibm.com 2018-04-12T04:15:22Z urn:sha1:6f0911a666d1f99ff72e7848ddee36af7bbce050 As IMA policy rules are added, a mask of the type of rule (eg. kernel modules, firmware, IMA policy) is updated. Unlike custom IMA policy rules, which replace the original builtin policy rules and update the mask, the builtin "secure_boot" policy rules were loaded, but did not update the mask. This patch refactors the code to load custom policies, defining a new function named ima_appraise_flag(). The new function is called either when loading the builtin "secure_boot" or custom policies. Fixes: 503ceaef8e2e ("ima: define a set of appraisal rules requiring file signatures") Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2018-05-22T11:34:47Z Mimi Zohar zohar@linux.vnet.ibm.com 2018-04-27T18:31:40Z urn:sha1:fd90bc559bfba743ae8de87ff23b92a5e4668062 Don't differentiate, for now, between kernel_read_file_id READING_FIRMWARE and READING_FIRMWARE_PREALLOC_BUFFER enumerations. Fixes: a098ecd firmware: support loading into a pre-allocated buffer (since 4.8) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: Stephen Boyd <stephen.boyd@linaro.org>