Commit 840e5bb3 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity updates from Mimi Zohar:
 "Continuing IMA policy rule cleanup and validation in particular for
  measuring keys, adding/removing/updating informational and error
  messages (e.g. "ima_appraise" boot command line option), and other bug
  fixes (e.g. minimal data size validation before use, return code and
  NULL pointer checking)"

* tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Fix NULL pointer dereference in ima_file_hash
  evm: Check size of security.evm before using it
  ima: Remove semicolon at the end of ima_get_binary_runtime_size()
  ima: Don't ignore errors from crypto_shash_update()
  ima: Use kmemdup rather than kmalloc+memcpy
  integrity: include keyring name for unknown key request
  ima: limit secure boot feedback scope for appraise
  integrity: invalid kernel parameters feedback
  ima: add check for enforced appraise option
  integrity: Use current_uid() in integrity_audit_message()
  ima: Fail rule parsing when asymmetric key measurement isn't supportable
  ima: Pre-parse the list of keyrings in a KEY_CHECK rule
parents fefa636d aa662fc0

security/integrity/digsig_asymmetric.c

+8 −2
Original line number Diff line number Diff line
@@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) 
	}



	if (IS_ERR(key)) {

		if (keyring)

			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",

					   name, keyring->description,

					   PTR_ERR(key));

		else

			pr_err_ratelimited("Request for unknown key '%s' err %ld\n",

					   name, PTR_ERR(key));



		switch (PTR_ERR(key)) {

			/* Hide some search errors */

		case -EACCES:

security/integrity/evm/evm_main.c

+9 −0
Original line number Diff line number Diff line
@@ -59,6 +59,9 @@ static int __init evm_set_fixmode(char *str) 
{

	if (strncmp(str, "fix", 3) == 0)

		evm_fixmode = 1;

	else

		pr_err("invalid \"%s\" mode", str);



	return 0;

}

__setup("evm=", evm_set_fixmode);
@@ -181,6 +184,12 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, 
		break;

	case EVM_IMA_XATTR_DIGSIG:

	case EVM_XATTR_PORTABLE_DIGSIG:

		/* accept xattr with non-empty signature field */

		if (xattr_len <= sizeof(struct signature_v2_hdr)) {

			evm_status = INTEGRITY_FAIL;

			goto out;

		}



		hdr = (struct signature_v2_hdr *)xattr_data;

		digest.hdr.algo = hdr->hash_algo;

		rc = evm_calc_hash(dentry, xattr_name, xattr_value,

security/integrity/ima/ima_appraise.c

+19 −8
Original line number Diff line number Diff line
@@ -19,18 +19,29 @@ 
static int __init default_appraise_setup(char *str)

{

#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM

	if (arch_ima_get_secureboot()) {

		pr_info("Secure boot enabled: ignoring ima_appraise=%s boot parameter option",

			str);

		return 1;

	}

	bool sb_state = arch_ima_get_secureboot();

	int appraisal_state = ima_appraise;



	if (strncmp(str, "off", 3) == 0)

		ima_appraise = 0;

		appraisal_state = 0;

	else if (strncmp(str, "log", 3) == 0)

		ima_appraise = IMA_APPRAISE_LOG;

		appraisal_state = IMA_APPRAISE_LOG;

	else if (strncmp(str, "fix", 3) == 0)

		ima_appraise = IMA_APPRAISE_FIX;

		appraisal_state = IMA_APPRAISE_FIX;

	else if (strncmp(str, "enforce", 7) == 0)

		appraisal_state = IMA_APPRAISE_ENFORCE;

	else

		pr_err("invalid \"%s\" appraise option", str);



	/* If appraisal state was changed, but secure boot is enabled,

	 * keep its default */

	if (sb_state) {

		if (!(appraisal_state & IMA_APPRAISE_ENFORCE))

			pr_info("Secure boot enabled: ignoring ima_appraise=%s option",

				str);

	} else {

		ima_appraise = appraisal_state;

	}

#endif

	return 1;

}

security/integrity/ima/ima_crypto.c

+2 −0
Original line number Diff line number Diff line
@@ -829,6 +829,8 @@ static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, 
		/* now accumulate with current aggregate */

		rc = crypto_shash_update(shash, d.digest,

					 crypto_shash_digestsize(tfm));

		if (rc != 0)

			return rc;

	}

	/*

	 * Extend cumulative digest over TPM registers 8-9, which contain

security/integrity/ima/ima_main.c

+19 −4
Original line number Diff line number Diff line
@@ -51,18 +51,23 @@ static int __init hash_setup(char *str) 
		return 1;



	if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {

		if (strncmp(str, "sha1", 4) == 0)

		if (strncmp(str, "sha1", 4) == 0) {

			ima_hash_algo = HASH_ALGO_SHA1;

		else if (strncmp(str, "md5", 3) == 0)

		} else if (strncmp(str, "md5", 3) == 0) {

			ima_hash_algo = HASH_ALGO_MD5;

		else

		} else {

			pr_err("invalid hash algorithm \"%s\" for template \"%s\"",

				str, IMA_TEMPLATE_IMA_NAME);

			return 1;

		}

		goto out;

	}



	i = match_string(hash_algo_name, HASH_ALGO__LAST, str);

	if (i < 0)

	if (i < 0) {

		pr_err("invalid hash algorithm \"%s\"", str);

		return 1;

	}



	ima_hash_algo = i;

out:
@@ -532,6 +537,16 @@ int ima_file_hash(struct file *file, char *buf, size_t buf_size) 
		return -EOPNOTSUPP;



	mutex_lock(&iint->mutex);



	/*

	 * ima_file_hash can be called when ima_collect_measurement has still

	 * not been called, we might not always have a hash.

	 */

	if (!iint->ima_hash) {

		mutex_unlock(&iint->mutex);

		return -EOPNOTSUPP;

	}



	if (buf) {

		size_t copied_size;

CRA Git | Maintained and supported by SUSTech CRA and CCSE