Commit 353ad6c0 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity updates from Mimi Zohar:
 "Two IMA changes, one EVM change, a use after free bug fix, and a code
  cleanup to address "-Wflex-array-member-not-at-end" warnings:

   - The existing IMA {ascii, binary}_runtime_measurements lists include
     a hard coded SHA1 hash. To address this limitation, define per TPM
     enabled hash algorithm {ascii, binary}_runtime_measurements lists

   - Close an IMA integrity init_module syscall measurement gap by
     defining a new critical-data record

   - Enable (partial) EVM support on stacked filesystems (overlayfs).
     Only EVM portable & immutable file signatures are copied up, since
     they do not contain filesystem specific metadata"

* tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: add crypto agility support for template-hash algorithm
  evm: Rename is_unsupported_fs to is_unsupported_hmac_fs
  fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
  evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
  ima: re-evaluate file integrity on file metadata change
  evm: Store and detect metadata inode attributes changes
  ima: Move file-change detection variables into new structure
  evm: Use the metadata inode to calculate metadata hash
  evm: Implement per signature type decision in security_inode_copy_up_xattr
  security: allow finer granularity in permitting copy-up of security xattrs
  ima: Rename backing_inode to real_inode
  integrity: Avoid -Wflex-array-member-not-at-end warnings
  ima: define an init_module critical data record
  ima: Fix use-after-free on a dentry's dname.name
parents ccae19c6 9fa8e762

fs/overlayfs/copy_up.c

+1 −1
Original line number Diff line number Diff line
@@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de 
		if (ovl_is_private_xattr(sb, name))

			continue;



		error = security_inode_copy_up_xattr(name);

		error = security_inode_copy_up_xattr(old, name);

		if (error < 0 && error != -EOPNOTSUPP)

			break;

		if (error == 1) {

fs/overlayfs/super.c

+1 −1
Original line number Diff line number Diff line
@@ -1460,7 +1460,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc) 
	 * lead to unexpected results.

	 */

	sb->s_iflags |= SB_I_NOUMASK;

	sb->s_iflags |= SB_I_EVM_UNSUPPORTED;

	sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED;



	err = -ENOMEM;

	root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe);

include/linux/evm.h

+8 −0
Original line number Diff line number Diff line
@@ -26,6 +26,8 @@ extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); 
extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,

				     int buffer_size, char type,

				     bool canonical_fmt);

extern bool evm_metadata_changed(struct inode *inode,

				 struct inode *metadata_inode);

#ifdef CONFIG_FS_POSIX_ACL

extern int posix_xattr_acl(const char *xattrname);

#else
@@ -76,5 +78,11 @@ static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 
	return -EOPNOTSUPP;

}



static inline bool evm_metadata_changed(struct inode *inode,

					struct inode *metadata_inode)

{

	return false;

}



#endif /* CONFIG_EVM */

#endif /* LINUX_EVM_H */

include/linux/fs.h

+1 −1
Original line number Diff line number Diff line
@@ -1174,7 +1174,7 @@ extern int send_sigurg(struct fown_struct *fown); 
#define SB_I_USERNS_VISIBLE		0x00000010 /* fstype already mounted */

#define SB_I_IMA_UNVERIFIABLE_SIGNATURE	0x00000020

#define SB_I_UNTRUSTED_MOUNTER		0x00000040

#define SB_I_EVM_UNSUPPORTED		0x00000080

#define SB_I_EVM_HMAC_UNSUPPORTED	0x00000080



#define SB_I_SKIP_SYNC	0x00000100	/* Skip superblock at global sync */

#define SB_I_PERSB_BDI	0x00000200	/* has a per-sb bdi */

include/linux/integrity.h

+34 −0
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ 
#define _LINUX_INTEGRITY_H



#include <linux/fs.h>

#include <linux/iversion.h>



enum integrity_status {

	INTEGRITY_PASS = 0,
@@ -28,4 +29,37 @@ static inline void integrity_load_keys(void) 
}

#endif /* CONFIG_INTEGRITY */



/* An inode's attributes for detection of changes */

struct integrity_inode_attributes {

	u64 version;		/* track inode changes */

	unsigned long ino;

	dev_t dev;

};



/*

 * On stacked filesystems the i_version alone is not enough to detect file data

 * or metadata change. Additional metadata is required.

 */

static inline void

integrity_inode_attrs_store(struct integrity_inode_attributes *attrs,

			    u64 i_version, const struct inode *inode)

{

	attrs->version = i_version;

	attrs->dev = inode->i_sb->s_dev;

	attrs->ino = inode->i_ino;

}



/*

 * On stacked filesystems detect whether the inode or its content has changed.

 */

static inline bool

integrity_inode_attrs_changed(const struct integrity_inode_attributes *attrs,

			      const struct inode *inode)

{

	return (inode->i_sb->s_dev != attrs->dev ||

		inode->i_ino != attrs->ino ||

		!inode_eq_iversion(inode, attrs->version));

}





#endif /* _LINUX_INTEGRITY_H */