- 22 Jul, 2014 15 commits
-
-
David Howells authored
Signed-off-by:David Howells <dhowells@redhat.com>
-
David Howells authored
Here's a set of changes that implement a PE file signature checker. This provides the following facility: (1) Extract the signature from the PE file. This is a PKCS#7 message containing, as its data, a hash of the signed parts of the file. (2) Digest the signed parts of the file. (3) Compare the digest with the one from the PKCS#7 message. (4) Validate the signatures on the PKCS#7 message and indicate whether it was matched by a trusted key. Signed-off-by: -
David Howells authored
Here's a set of changes that implement a PKCS#7 message parser in the kernel. The PKCS#7 message parsing will then be used to limit kexec to authenticated kernels only if so configured. The changes provide the following facilities: (1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data content and the X.509 certificates used to sign it and all the data signatures. (2) Verify all the data signatures against the set of X.509 certificates available in the message. (3) Follow the certificate chains and verify that: (a) for every self-signed X.509 certificate, check that it validly signed itself, and: (b) for every non-self-signed certificate, if we have a 'parent' certificate, the former is validly signed by the latter. (4) Look for intersections between the certificate chains and the trusted keyring, if any intersections are found, verify that the trusted certificates signed the intersection point in the chain. (5) For testing purposes, a key type can be made available that will take a PKCS#7 message, check that the message is trustworthy, and if so, add its data content into the key. Note that (5) has to be altered to take account of the preparsing patches already committed to this branch. Signed-off-by: -
David Howells authored
Here are a set of changes that make all but encrypted and trusted keys use preparsing. Unfortunately, encrypted and trusted keys incorrectly use the update op to alter a key, so other changes will need to be made for them. These changes permit payload parsing when instantiating or updating a key to be done before locks are taken and to determine the amount of quota that will be required in advance. The latter will make it possible to do LRU discard before any locks are taken. Signed-off-by: -
David Howells authored
Provide key preparsing for the request_key_auth key type so that we can make preparsing mandatory. This does nothing as this type can only be set up internally to the kernel. Signed-off-by:
Steve Dickson <steved@redhat.com> Acked-by:
Jeff Layton <jlayton@primarydata.com>
-
David Howells authored
Provide key preparsing in the keyring so that we can make preparsing mandatory. For keyrings, however, only an empty payload is permitted. Signed-off-by:
-
David Howells authored
Make use of key preparsing in the big key type so that quota size determination can take place prior to keyring locking when a key is being added. Signed-off-by:
-
David Howells authored
Make use of key preparsing in the RxRPC protocol so that quota size determination can take place prior to keyring locking when a key is being added. Signed-off-by:
-
David Howells authored
Make use of key preparsing in the DNS resolver so that quota size determination can take place prior to keyring locking when a key is being added. Signed-off-by:
-
David Howells authored
Ceph can use user_match() instead of defining its own identical function. Signed-off-by:
Sage Weil <sage@redhat.com> cc: Tommi Virtanen <tommi.virtanen@dreamhost.com>
-
David Howells authored
Make use of key preparsing in Ceph so that quota size determination can take place prior to keyring locking when a key is being added. Signed-off-by:
-
David Howells authored
Make use of key preparsing in user-defined and logon keys so that quota size determination can take place prior to keyring locking when a key is being added. Also the idmapper key types need to change to match as they use the user-defined key type routines. Signed-off-by:
-
David Howells authored
Call the ->free_preparse() key type op even after ->preparse() returns an error as it does cleaning up type stuff. Signed-off-by:
-
David Howells authored
Allow a key type's preparsing routine to set the expiry time for a key. Signed-off-by:
-
David Howells authored
struct key_preparsed_payload should have two payload pointers to correspond with those in struct key. Signed-off-by:
-
- 18 Jul, 2014 1 commit
-
-
David Howells authored
Provide a generic instantiation function for key types that use the preparse hook. This makes it easier to prereserve key quota before keyrings get locked to retain the new key. Signed-off-by:
-
- 17 Jul, 2014 12 commits
-
-
Mimi Zohar authored
Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog v6: - remove ifdef CONFIG_IMA_TRUSTED_KEYRING in C code - Dmitry - update Kconfig dependency and help - select KEYS_DEBUG_PROC_KEYS - Dmitry Changelog v5: - Move integrity_init_keyring() to init_ima() - Dmitry - reset keyring[id] on failure - Dmitry Changelog v1: - don't link IMA trusted keyring to user keyring Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) - only make the IMA keyring a trusted keyring (reported-by D. Kastatkin) - define stub integrity_init_keyring() definition based on CONFIG_INTEGRITY_SIGNATURE, not CONFIG_INTEGRITY_ASYMMETRIC_KEYS. (reported-by Jim Davis) Signed-off-by:
Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by:
Dmitry Kasatkin <d.kasatkin@samsung.com> Acked-by:
-
Dmitry Kasatkin authored
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed only by builtin keys on the system keyring. This patch defines a new option 'builtin' for the kernel parameter 'keys_ownerid' to allow trust validation using builtin keys. Simplified Mimi's "KEYS: define an owner trusted keyring" patch Changelog v7: - rename builtin_keys to use_builtin_keys Signed-off-by:
-
Dmitry Kasatkin authored
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed by a particular key on the system keyring. This patch defines a new kernel parameter 'ca_keys' to identify the specific key which must be used for trust validation of certificates. Simplified Mimi's "KEYS: define an owner trusted keyring" patch. Changelog: - support for builtin x509 public keys only - export "asymmetric_keyid_match" - remove ifndefs MODULE - rename kernel boot parameter from keys_ownerid to ca_keys Signed-off-by:
-
Dmitry Kasatkin authored
To avoid code duplication this patch refactors asymmetric_key_match(), making partial ID string match a separate function. This patch also implicitly fixes a bug in the code. asymmetric_key_match() allows to match the key by its subtype. But subtype matching could be undone if asymmetric_key_id(key) would return NULL. This patch first checks for matching spec and then for its value. Signed-off-by:
-
Mimi Zohar authored
Only public keys, with certificates signed by an existing 'trusted' key on the system trusted keyring, should be added to a trusted keyring. This patch adds support for verifying a certificate's signature. This is derived from David Howells pkcs7_request_asymmetric_key() patch. Changelog v6: - on error free key - Dmitry - validate trust only for not already trusted keys - Dmitry - formatting cleanup Changelog: - define get_system_trusted_keyring() to fix kbuild issues Signed-off-by:
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
-
Mimi Zohar authored
Dot prefixed keyring names are supposed to be reserved for the kernel, but add_key() calls key_get_type_from_user(), which incorrectly verifies the 'type' field, not the 'description' field. This patch verifies the 'description' field isn't dot prefixed, when creating a new keyring, and removes the dot prefix test in key_get_type_from_user(). Changelog v6: - whitespace and other cleanup Changelog v5: - Only prevent userspace from creating a dot prefixed keyring, not regular keys - Dmitry Reported-by:
-
Dmitry Kasatkin authored
The asynchronous hash API allows initiating a hash calculation and then performing other tasks, while waiting for the hash calculation to complete. This patch introduces usage of double buffering for simultaneous hashing and reading of the next chunk of data from storage. Changes in v3: - better comments Signed-off-by:
-
Dmitry Kasatkin authored
Use of multiple-page collect buffers reduces: 1) the number of block IO requests 2) the number of asynchronous hash update requests Second is important for HW accelerated hashing, because significant amount of time is spent for preparation of hash update operation, which includes configuring acceleration HW, DMA engine, etc... Thus, HW accelerators are more efficient when working on large chunks of data. This patch introduces usage of multi-page collect buffers. Buffer size can be specified using 'ahash_bufsize' module parameter. Default buffer size is 4096 bytes. Changes in v3: - kernel parameter replaced with module parameter Signed-off-by:
-
Dmitry Kasatkin authored
Async hash API allows the use of HW acceleration for hash calculation. It may give significant performance gain and/or reduce power consumption, which might be very beneficial for battery powered devices. This patch introduces hash calculation using ahash API. ahash performance depends on the data size and the particular HW. Depending on the specific system, shash performance may be better. This patch defines 'ahash_minsize' module parameter, which is used to define the minimal file size to use with ahash. If this minimum file size is not set or the file is smaller than defined by the parameter, shash will be used. Changes in v3: - kernel parameter replaced with module parameter - pr_crit replaced with pr_crit_ratelimited - more comment changes - Mimi Changes in v2: - ima_ahash_size became as ima_ahash - ahash pre-allocation moved out from __init code to be able to use ahash crypto modules. Ahash allocated once on the first use. - hash calculation falls back to shash if ahash allocation/calculation fails - complex initialization separated from variable declaration - improved comments Signed-off-by:
-
Richard Guy Briggs authored
Replace spaces in op keyword labels in log output since userspace audit tools can't parse orphaned keywords. Reported-by:
Steve Grubb <sgrubb@redhat.com> Signed-off-by:
Richard Guy Briggs <rgb@redhat.com> Signed-off-by:
-
Dmitry Kasatkin authored
process_measurement() always calls ima_template_desc_current(), including when an IMA policy has not been defined. This patch delays template descriptor lookup until action is determined. Signed-off-by:
-
Dmitry Kasatkin authored
Before 2.6.39 inode->i_readcount was maintained by IMA. It was not atomic and protected using spinlock. For 2.6.39, i_readcount was converted to atomic and maintaining was moved VFS layer. Spinlock for some unclear reason was replaced by i_mutex. After analyzing the code, we came to conclusion that i_mutex locking is unnecessary, especially when an IMA policy has not been defined. This patch removes i_mutex locking from ima_rdwr_violation_check(). Signed-off-by:
-
- 16 Jul, 2014 2 commits
-
-
-
James Morris authored
-
- 13 Jul, 2014 10 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4Linus Torvalds authored
Pull ext4 bugfixes from Ted Ts'o: "More bug fixes for ext4 -- most importantly, a fix for a bug introduced in 3.15 that can end up triggering a file system corruption error after a journal replay. It shouldn't lead to any actual data corruption, but it is scary and can force file systems to be remounted read-only, etc" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix potential null pointer dereference in ext4_free_inode ext4: fix a potential deadlock in __ext4_es_shrink() ext4: revert commit which was causing fs corruption after journal replays ext4: disable synchronous transaction batching if max_batch_time==0 ext4: clarify ext4_error message in ext4_mb_generate_buddy_error() ext4: clarify error count warning messages ext4: fix unjournalled bg descriptor while initializing inode bitmap
-
git://git.linaro.org/people/mike.turquette/linuxLinus Torvalds authored
Pull clock driver fixes from Mike Turquette: "This batch of fixes is for a handful of clock drivers from Allwinner, Samsung, ST & TI. Most of them are of the "this hardware won't work without this fix" variety, including patches that fix platforms that did not boot under certain configurations. Other fixes are the result of changes to the clock core introduced in 3.15 that had subtle impacts on the clock drivers. There are no fixes to the clock framework core in this pull request" * tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux: clk: spear3xx: Set proper clock parent of uart1/2 clk: spear3xx: Use proper control register offset clk: qcom: HDMI source sel is 3 not 2 clk: sunxi: fix devm_ioremap_resource error detection code clk: s2mps11: Fix double free corruption during driver unbind clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled clk: exynos5420: Remove aclk66_peric from the clock tree description clk/exynos5250: fix bit number for tv sysmmu clock clk: s3c64xx: Hookup SPI clocks correctly clk: samsung: exynos4: Remove SRC_MASK_ISP gates clk: samsung: add more aliases for s3c24xx clk: samsung: fix several typos to fix boot on s3c2410 clk: ti: set CLK_SET_RATE_NO_REPARENT for ti,mux-clock clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled clk: ti: dra7: return error code in failure case clk: ti: apll: not allocating enough data
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "This week's arm-soc fixes: - Another set of OMAP fixes * Clock fixes * Restart handling * PHY regulators * SATA hwmod data for DRA7 + Some trivial fixes and removal of a bit of dead code - Exynos fixes * A bunch of clock fixes * Some SMP fixes * Exynos multi-core timer: register as clocksource and fix ftrace. + a few other minor fixes There's also a couple more patches, and at91 fix for USB caused by common clock conversion, and more MAINTAINERS entries for shmobile. We're definitely switching to only regression fixes from here on out, we've been a little less strict than usual up until now" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits) ARM: at91: at91sam9x5: add clocks for usb device ARM: EXYNOS: Register cpuidle device only on exynos4210 and 5250 ARM: dts: Add clock property for mfc_pd in exynos5420 clk: exynos5420: Add IDs for clocks used in PD mfc ARM: EXYNOS: Add support for clock handling in power domain ARM: OMAP2+: Remove non working OMAP HDMI audio initialization ARM: imx: fix shared gate clock ARM: dts: Update the parent for Audss clocks in Exynos5420 ARM: EXYNOS: Update secondary boot addr for secure mode ARM: dts: Fix TI CPSW Phy mode selection on IGEP COM AQUILA. ARM: dts: am335x-evmsk: Enable the McASP FIFO for audio ARM: dts: am335x-evm: Enable the McASP FIFO for audio ARM: OMAP2+: Make GPMC skip disabled devices ARM: OMAP2+: create dsp device only on OMAP3 SoCs ARM: dts: dra7-evm: Make VDDA_1V8_PHY supply always on ARM: DRA7/AM43XX: fix header definition for omap44xx_restart ARM: OMAP2+: clock/dpll: fix _dpll_test_fint arithmetics overflow ARM: DRA7: hwmod: Add SYSCONFIG for usb_otg_ss ARM: DRA7: hwmod: Fixup SATA hwmod ARM: OMAP3: PRM/CM: Add back macros used by TI DSP/Bridge driver ... -
git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds authored
Pull ARM fixes from Russell King: "Another round of fixes for ARM: - a set of kprobes fixes from Jon Medhurst - fix the revision checking for the L2 cache which wasn't noticed to have been broken" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: l2c: fix revision checking ARM: kprobes: Fix test code compilation errors for ARMv4 targets ARM: kprobes: Disallow instructions with PC and register specified shift ARM: kprobes: Prevent known test failures stopping other tests running -
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68kLinus Torvalds authored
Pull m68k fixes from Geert Uytterhoeven: "Summary: - Fix for a boot regression introduced in v3.16-rc1, - Fix for a build issue in -next" Christoph Hellwig questioned why mach_random_get_entropy should be exported to modules, and Geert explains that random_get_entropy() is called by at least the crypto layer and ends up using it on m68k. On most other architectures it just uses get_cycles() (which is typically inlined and doesn't need exporting), * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Export mach_random_get_entropy to modules m68k: Fix boot regression on machines with RAM at non-zero
-
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linuxLinus Torvalds authored
Pull parisc fixes from Helge Deller: "The major patch in here is one which fixes the fanotify_mark() syscall in the compat layer of the 64bit parisc kernel. It went unnoticed so long, because the calling syntax when using a 64bit parameter in a 32bit syscall is quite complex and even worse, it may be even different if you call syscall() or the glibc wrapper. This patch makes the kernel accept the calling convention when called by the glibc wrapper. The other two patches are trivial and remove unused headers, #includes and adds the serial ports of the fastest C8000 workstation to the parisc-kernel internal hardware database" * 'parisc-3.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: drop unused defines and header includes parisc: fix fanotify_mark() syscall on 32bit compat kernel parisc: add serial ports of C8000/1GHz machine to hardware database
-
Thomas Gleixner authored
The uarts only work when the parent is ras_ahb_clk. The stale 3.5 based ST tree does this in the board file. Add it to the clk init function. Not pretty, but the mess there is amazing anyway. Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Acked-by:
Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by:
Mike Turquette <mturquette@linaro.org>
-
Thomas Gleixner authored
The control register is at offset 0x10, not 0x0. This is wreckaged since commit 5df33a62 (SPEAr: Switch to common clock framework). Signed-off-by:
-
Helge Deller authored
Signed-off-by:Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # 3.13+
-
