1. 04 Apr, 2017 8 commits
    • David Howells's avatar
      Merge branch 'keyctl-restrict' of... · f0df90cd
      David Howells authored
      Merge branch 'keyctl-restrict' of git://git.kernel.org/pub/scm/linux/kernel/git/martineau/linux into keys-next
      
      To quote Mat Martineau:
      
      """
      Keyrings recently acquired the ability to validate keys before they are
      linked using kernel internal APIs. This patch set enables configuration
      of restricted keyrings from userspace.
      
      These patches apply to linux-fs/keys-misc and are also available here:
      
          https://git.kernel.org/cgit/linux/kernel/git/martineau/linux.git/log/?h=keyctl-restrict
      
      v13: Detect and avoid cycles in restriction references, and change
      restrictions to store a single key pointer rather than arbitrary data.
      
      v12: Rework the KEYCTL_RESTRICT_KEYRING command to take an additional
      parameter, renamed some functions based on feedback, and dropped an
      unnecessary locking change (patch 1 in previous set).
      
      v11: Configure restrictions using KEYCTL_RESTRICT_KEYRING instead of
      using a keyring payload at creation time. Make the garbage collector
      aware of restrictions.
      
      v10: Fixups from maintainer feedback. Added some missing documentation.
      
      v9: Rebased on linux-fs/keys-misc (v4.9-rc5)
      
      v8: Add option to look for signing keys within the destination keyring.
      Fix a consistency issue with keyring locking and restriction checks.
      
      v7: Rework key restriction payload syntax. Move key-type-specific payload
      parsing to the key-type. Attach more restriction information to keyrings
      (restriction function, data, and data free) so future restrictions are not
      limited to storing a key ID to use for key validation. Validate key before
      using it to verify another key. Modify key type locking model to allow key
      type lookup during keyring creation.
      
      v6: Return error if only restrict_key is supplied, address misc. review
      comments.
      
      v5: Fixed signature bypass problem in patch 3/6
      
      v4: Added userspace restriction options based on builtin keyrings.
      restrict_link_by_signature implementation is no longer modified. Split
      up v3's patch 2/5 to isolate the change to key.h.
      
      v3: Updated commit message for patch 2/5 (restrict_link_by_signature_indirect)
      
      v2: Payload is now preparsed
      """
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      f0df90cd
    • Mat Martineau's avatar
      KEYS: Keyring asymmetric key restrict method with chaining · 8e323a02
      Mat Martineau authored
      Add a restrict_link_by_key_or_keyring_chain link restriction that
      searches for signing keys in the destination keyring in addition to the
      signing key or keyring designated when the destination keyring was
      created. Userspace enables this behavior by including the "chain" option
      in the keyring restriction:
      
        keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
               "key_or_keyring:<signing key>:chain");
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      8e323a02
    • Mat Martineau's avatar
      KEYS: Restrict asymmetric key linkage using a specific keychain · 7e3c4d22
      Mat Martineau authored
      Adds restrict_link_by_signature_keyring(), which uses the restrict_key
      member of the provided destination_keyring data structure as the
      key or keyring to search for signing keys.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      7e3c4d22
    • Mat Martineau's avatar
      KEYS: Add a lookup_restriction function for the asymmetric key type · 97d3aa0f
      Mat Martineau authored
      Look up asymmetric keyring restriction information using the key-type
      lookup_restrict hook.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      97d3aa0f
    • Mat Martineau's avatar
      KEYS: Add KEYCTL_RESTRICT_KEYRING · 6563c91f
      Mat Martineau authored
      Keyrings recently gained restrict_link capabilities that allow
      individual keys to be validated prior to linking.  This functionality
      was only available using internal kernel APIs.
      
      With the KEYCTL_RESTRICT_KEYRING command existing keyrings can be
      configured to check the content of keys before they are linked, and
      then allow or disallow linkage of that key to the keyring.
      
      To restrict a keyring, call:
      
        keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring, const char *type,
               const char *restriction)
      
      where 'type' is the name of a registered key type and 'restriction' is a
      string describing how key linkage is to be restricted. The restriction
      option syntax is specific to each key type.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      6563c91f
    • Mat Martineau's avatar
      KEYS: Consistent ordering for __key_link_begin and restrict check · 4a420896
      Mat Martineau authored
      The keyring restrict callback was sometimes called before
      __key_link_begin and sometimes after, which meant that the keyring
      semaphores were not always held during the restrict callback.
      
      If the semaphores are consistently acquired before checking link
      restrictions, keyring contents cannot be changed after the restrict
      check is complete but before the evaluated key is linked to the keyring.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      4a420896
    • Mat Martineau's avatar
      KEYS: Add an optional lookup_restriction hook to key_type · efba797b
      Mat Martineau authored
      The restrict_link functions used to validate keys as they are linked
      to a keyring can be associated with specific key types.  Each key type
      may be loaded (or not) at runtime, so lookup of restrict_link
      functions needs to be part of the key type implementation to ensure
      that the requested keys can be examined.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      efba797b
    • Mat Martineau's avatar
      KEYS: Use structure to capture key restriction function and data · 2b6aa412
      Mat Martineau authored
      Replace struct key's restrict_link function pointer with a pointer to
      the new struct key_restriction. The structure contains pointers to the
      restriction function as well as relevant data for evaluating the
      restriction.
      
      The garbage collector checks restrict_link->keytype when key types are
      unregistered. Restrictions involving a removed key type are converted
      to use restrict_link_reject so that restrictions cannot be removed by
      unregistering key types.
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      2b6aa412
  2. 03 Apr, 2017 9 commits
  3. 30 Mar, 2017 1 commit
  4. 28 Mar, 2017 2 commits
    • Tetsuo Handa's avatar
      LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob. · e4e55b47
      Tetsuo Handa authored
      We switched from "struct task_struct"->security to "struct cred"->security
      in Linux 2.6.29. But not all LSM modules were happy with that change.
      TOMOYO LSM module is an example which want to use per "struct task_struct"
      security blob, for TOMOYO's security context is defined based on "struct
      task_struct" rather than "struct cred". AppArmor LSM module is another
      example which want to use it, for AppArmor is currently abusing the cred
      a little bit to store the change_hat and setexeccon info. Although
      security_task_free() hook was revived in Linux 3.4 because Yama LSM module
      wanted to release per "struct task_struct" security blob,
      security_task_alloc() hook and "struct task_struct"->security field were
      not revived. Nowadays, we are getting proposals of lightweight LSM modules
      which want to use per "struct task_struct" security blob.
      
      We are already allowing multiple concurrent LSM modules (up to one fully
      armored module which uses "struct cred"->security field or exclusive hooks
      like security_xfrm_state_pol_flow_match(), plus unlimited number of
      lightweight modules which do not use "struct cred"->security nor exclusive
      hooks) as long as they are built into the kernel. But this patch does not
      implement variable length "struct task_struct"->security field which will
      become needed when multiple LSM modules want to use "struct task_struct"->
      security field. Although it won't be difficult to implement variable length
      "struct task_struct"->security field, let's think about it after we merged
      this patch.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Tested-by: default avatarDjalal Harouni <tixxdz@gmail.com>
      Acked-by: default avatarJosé Bollo <jobol@nonadev.net>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: James Morris <james.l.morris@oracle.com>
      Cc: José Bollo <jobol@nonadev.net>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      e4e55b47
    • James Morris's avatar
      840c91dc
  5. 26 Mar, 2017 8 commits
    • Linus Torvalds's avatar
      Linux 4.11-rc4 · c02ed2e7
      Linus Torvalds authored
      c02ed2e7
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 0dc82fa5
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "A smattering of different small fixes for some random driver
        subsystems. Nothing all that major, just resolutions for reported
        issues and bugs.
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
        extcon: int3496: Set the id pin to direction-input if necessary
        extcon: int3496: Use gpiod_get instead of gpiod_get_index
        extcon: int3496: Add dependency on X86 as it's Intel specific
        extcon: int3496: Add GPIO ACPI mapping table
        extcon: int3496: Rename GPIO pins in accordance with binding
        vmw_vmci: handle the return value from pci_alloc_irq_vectors correctly
        ppdev: fix registering same device name
        parport: fix attempt to write duplicate procfiles
        auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
        Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
        Drivers: hv: vmbus: Don't leak channel ids
        Drivers: hv: util: don't forget to init host_ts.lock
        Drivers: hv: util: move waiting for release to hv_utils_transport itself
        vmbus: remove hv_event_tasklet_disable/enable
        vmbus: use rcu for per-cpu channel list
        mei: don't wait for os version message reply
        mei: fix deadlock on mei reset
        intel_th: pci: Add Gemini Lake support
        intel_th: pci: Add Denverton SOC support
        intel_th: Don't leak module refcount on failure to activate
        ...
      0dc82fa5
    • Linus Torvalds's avatar
      Merge tag 'driver-core-4.11-rc4' of... · 9e54ef9d
      Linus Torvalds authored
      Merge tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fix from Greg KH:
       "Here is a single kernfs fix for 4.11-rc4 that resolves a reported
        issue.
      
        It has been in linux-next with no reported issues"
      
      * tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file()
      9e54ef9d
    • Linus Torvalds's avatar
      Merge tag 'tty-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · f1638fc6
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some tty and serial driver fixes for 4.11-rc4.
      
        One of these fix a long-standing issue in the ldisc code that was
        found by Dmitry Vyukov with his great fuzzing work. The other fixes
        resolve other reported issues, and there is one revert of a patch in
        4.11-rc1 that wasn't correct.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: fix data race in tty_ldisc_ref_wait()
        tty: don't panic on OOM in tty_set_ldisc()
        Revert "tty: serial: pl011: add ttyAMA for matching pl011 console"
        tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision
        serial: 8250_dw: Fix breakage when HAVE_CLK=n
        serial: 8250_dw: Honor clk_round_rate errors in dw8250_set_termios
      f1638fc6
    • Linus Torvalds's avatar
      Merge tag 'staging-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 53b4d591
      Linus Torvalds authored
      Pull IIO driver fixes from Greg KH:
       "Here are some small IIO driver fixes for 4.11-rc4 that resolve a
        number of tiny reported issues. All of these have been in linux-next
        for a while with no reported issues"
      
      * tag 'staging-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        iio: imu: st_lsm6dsx: fix FIFO_CTRL2 overwrite during watermark configuration
        iio: adc: ti_am335x_adc: fix fifo overrun recovery
        iio: sw-device: Fix config group initialization
        iio: magnetometer: ak8974: remove incorrect __exit markups
        iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3
      53b4d591
    • Linus Torvalds's avatar
      Merge tag 'usb-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · e431e0e4
      Linus Torvalds authored
      Pull USB/PHY fixes from Greg KH:
       "Here are a number of small USB and PHY driver fixes for 4.11-rc4.
      
        Nothing major here, just an bunch of small fixes, and a handfull of
        good fixes from Johan for devices with crazy descriptors. There are a
        few new device ids in here as well.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits)
        usb: gadget: f_hid: fix: Don't access hidg->req without spinlock held
        usb: gadget: udc: remove pointer dereference after free
        usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
        usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
        usb: gadget: acm: fix endianness in notifications
        usb: dwc3: gadget: delay unmap of bounced requests
        USB: serial: qcserial: add Dell DW5811e
        usb: hub: Fix crash after failure to read BOS descriptor
        ACM gadget: fix endianness in notifications
        USB: usbtmc: fix probe error path
        USB: usbtmc: add missing endpoint sanity check
        USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
        usb: musb: fix possible spinlock deadlock
        usb: musb: dsps: fix iounmap in error and exit paths
        usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
        usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
        uwb: i1480-dfu: fix NULL-deref at probe
        uwb: hwa-rc: fix NULL-deref at probe
        USB: wusbcore: fix NULL-deref at probe
        USB: uss720: fix NULL-deref at probe
        ...
      e431e0e4
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.11-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 42234bf8
      Linus Torvalds authored
      Pull more powerpc fixes from Michael Ellerman:
       "These are all pretty minor. The fix for idle wakeup would be a bad bug
        but has not been observed in practice.
      
        The update to the gcc-plugins docs was Cc'ed to Kees and Jon, Kees
        OK'ed it going via powerpc and I didn't hear from Jon.
      
         - cxl: Route eeh events to all slices for pci_channel_io_perm_failure state
      
         - powerpc/64s: Fix idle wakeup potential to clobber registers
      
         - Revert "powerpc/64: Disable use of radix under a hypervisor"
      
         - gcc-plugins: update architecture list in documentation
      
        Thanks to: Andrew Donnellan, Nicholas Piggin, Paul Mackerras, Vaibhav
        Jain"
      
      * tag 'powerpc-4.11-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        gcc-plugins: update architecture list in documentation
        Revert "powerpc/64: Disable use of radix under a hypervisor"
        powerpc/64s: Fix idle wakeup potential to clobber registers
        cxl: Route eeh events to all slices for pci_channel_io_perm_failure state
      42234bf8
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 1c23de63
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix a memory leak on an error path, and two races when modifying
        inodes relating to the inline_data and metadata checksum features"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix two spelling nits
        ext4: lock the xattr block before checksuming it
        jbd2: don't leak memory if setting up journal fails
        ext4: mark inode dirty after converting inline directory
      1c23de63
  6. 25 Mar, 2017 12 commits