Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

+1

Documentation/ABI/testing/ima_policy

··· 27 27 28 28 base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK] 29 29 [FIRMWARE_CHECK] 30 + [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] 30 31 mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] 31 32 [[^]MAY_EXEC] 32 33 fsmagic:= hex value

+2 -2

MAINTAINERS

··· 11126 11126 R: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> 11127 11127 W: http://tpmdd.sourceforge.net 11128 11128 L: tpmdd-devel@lists.sourceforge.net (moderated for non-subscribers) 11129 - Q: git git://github.com/PeterHuewe/linux-tpmdd.git 11130 - T: git https://github.com/PeterHuewe/linux-tpmdd 11129 + Q: https://patchwork.kernel.org/project/tpmdd-devel/list/ 11130 + T: git git://git.infradead.org/users/jjs/linux-tpmdd.git 11131 11131 S: Maintained 11132 11132 F: drivers/char/tpm/ 11133 11133

-1

arch/arm/configs/colibri_pxa270_defconfig

··· 166 166 CONFIG_DEBUG_ERRORS=y 167 167 CONFIG_DEBUG_LL=y 168 168 CONFIG_KEYS=y 169 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 170 169 CONFIG_SECURITY=y 171 170 CONFIG_CRYPTO_PCBC=m 172 171 CONFIG_CRYPTO_SHA1=m

-1

arch/arm/configs/iop13xx_defconfig

··· 95 95 CONFIG_NLS=y 96 96 CONFIG_DEBUG_USER=y 97 97 CONFIG_KEYS=y 98 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 99 98 CONFIG_CRYPTO_NULL=y 100 99 CONFIG_CRYPTO_LRW=y 101 100 CONFIG_CRYPTO_PCBC=m

-1

arch/arm/configs/iop32x_defconfig

··· 108 108 CONFIG_DEBUG_LL=y 109 109 CONFIG_DEBUG_LL_UART_8250=y 110 110 CONFIG_KEYS=y 111 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 112 111 CONFIG_CRYPTO_NULL=y 113 112 CONFIG_CRYPTO_LRW=y 114 113 CONFIG_CRYPTO_PCBC=m

-1

arch/arm/configs/trizeps4_defconfig

··· 214 214 CONFIG_DEBUG_FS=y 215 215 CONFIG_DEBUG_USER=y 216 216 CONFIG_KEYS=y 217 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 218 217 CONFIG_SECURITY=y 219 218 CONFIG_CRYPTO_PCBC=m 220 219 CONFIG_CRYPTO_SHA256=m

-1

arch/microblaze/configs/mmu_defconfig

··· 87 87 CONFIG_EARLY_PRINTK=y 88 88 CONFIG_KEYS=y 89 89 CONFIG_ENCRYPTED_KEYS=y 90 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 91 90 # CONFIG_CRYPTO_ANSI_CPRNG is not set

-1

arch/microblaze/configs/nommu_defconfig

··· 92 92 CONFIG_EARLY_PRINTK=y 93 93 CONFIG_KEYS=y 94 94 CONFIG_ENCRYPTED_KEYS=y 95 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 96 95 CONFIG_CRYPTO_ECB=y 97 96 CONFIG_CRYPTO_MD4=y 98 97 CONFIG_CRYPTO_MD5=y

-1

arch/mips/configs/bigsur_defconfig

··· 247 247 CONFIG_DEBUG_MEMORY_INIT=y 248 248 CONFIG_DEBUG_LIST=y 249 249 CONFIG_KEYS=y 250 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 251 250 CONFIG_SECURITY=y 252 251 CONFIG_SECURITY_NETWORK=y 253 252 CONFIG_SECURITY_NETWORK_XFRM=y

-1

arch/mips/configs/ip22_defconfig

··· 358 358 CONFIG_DEBUG_MEMORY_INIT=y 359 359 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 360 360 CONFIG_KEYS=y 361 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 362 361 CONFIG_CRYPTO_FIPS=y 363 362 CONFIG_CRYPTO_NULL=m 364 363 CONFIG_CRYPTO_CRYPTD=m

-1

arch/mips/configs/ip27_defconfig

··· 346 346 CONFIG_DLM=m 347 347 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 348 348 CONFIG_KEYS=y 349 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 350 349 CONFIG_SECURITYFS=y 351 350 CONFIG_CRYPTO_FIPS=y 352 351 CONFIG_CRYPTO_NULL=m

-1

arch/mips/configs/ip32_defconfig

··· 181 181 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 182 182 CONFIG_SYSCTL_SYSCALL_CHECK=y 183 183 CONFIG_KEYS=y 184 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 185 184 CONFIG_CRYPTO_NULL=y 186 185 CONFIG_CRYPTO_CBC=y 187 186 CONFIG_CRYPTO_ECB=y

-1

arch/mips/configs/jazz_defconfig

··· 362 362 CONFIG_NLS_KOI8_U=m 363 363 CONFIG_NLS_UTF8=m 364 364 CONFIG_DLM=m 365 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 366 365 CONFIG_CRYPTO_NULL=m 367 366 CONFIG_CRYPTO_ECB=m 368 367 CONFIG_CRYPTO_LRW=m

-1

arch/mips/configs/lemote2f_defconfig

··· 412 412 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 413 413 CONFIG_SYSCTL_SYSCALL_CHECK=y 414 414 CONFIG_KEYS=y 415 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 416 415 CONFIG_CRYPTO_FIPS=y 417 416 CONFIG_CRYPTO_NULL=m 418 417 CONFIG_CRYPTO_CRYPTD=m

-1

arch/mips/configs/rm200_defconfig

··· 453 453 CONFIG_NLS_KOI8_U=m 454 454 CONFIG_NLS_UTF8=m 455 455 CONFIG_DLM=m 456 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 457 456 CONFIG_CRYPTO_NULL=m 458 457 CONFIG_CRYPTO_ECB=m 459 458 CONFIG_CRYPTO_LRW=m

-1

arch/mips/configs/sb1250_swarm_defconfig

··· 87 87 CONFIG_ROOT_NFS=y 88 88 CONFIG_DLM=m 89 89 CONFIG_KEYS=y 90 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 91 90 CONFIG_CRYPTO_NULL=m 92 91 CONFIG_CRYPTO_CRYPTD=m 93 92 CONFIG_CRYPTO_AUTHENC=m

-1

arch/parisc/configs/712_defconfig

··· 183 183 CONFIG_DEBUG_MUTEXES=y 184 184 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 185 185 CONFIG_DEBUG_RODATA=y 186 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 187 186 CONFIG_CRYPTO_NULL=m 188 187 CONFIG_CRYPTO_TEST=m 189 188 CONFIG_CRYPTO_HMAC=y

-1

arch/parisc/configs/a500_defconfig

··· 193 193 CONFIG_DEBUG_KERNEL=y 194 194 # CONFIG_DEBUG_BUGVERBOSE is not set 195 195 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 196 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 197 196 CONFIG_CRYPTO_NULL=m 198 197 CONFIG_CRYPTO_TEST=m 199 198 CONFIG_CRYPTO_HMAC=y

-1

arch/parisc/configs/default_defconfig

··· 211 211 CONFIG_DEBUG_MUTEXES=y 212 212 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 213 213 CONFIG_KEYS=y 214 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 215 214 CONFIG_CRYPTO_NULL=m 216 215 CONFIG_CRYPTO_TEST=m 217 216 CONFIG_CRYPTO_MD4=m

-1

arch/parisc/configs/generic-32bit_defconfig

··· 301 301 CONFIG_LATENCYTOP=y 302 302 CONFIG_LKDTM=m 303 303 CONFIG_KEYS=y 304 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 305 304 CONFIG_CRYPTO_NULL=m 306 305 CONFIG_CRYPTO_TEST=m 307 306 CONFIG_CRYPTO_HMAC=y

-1

arch/powerpc/configs/c2k_defconfig

··· 387 387 CONFIG_DEBUG_SPINLOCK=y 388 388 CONFIG_BOOTX_TEXT=y 389 389 CONFIG_PPC_EARLY_DEBUG=y 390 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 391 390 CONFIG_SECURITY=y 392 391 CONFIG_SECURITY_NETWORK=y 393 392 CONFIG_SECURITY_SELINUX=y

-1

arch/powerpc/configs/ppc6xx_defconfig

··· 1175 1175 CONFIG_XMON=y 1176 1176 CONFIG_BOOTX_TEXT=y 1177 1177 CONFIG_PPC_EARLY_DEBUG=y 1178 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 1179 1178 CONFIG_SECURITY=y 1180 1179 CONFIG_SECURITY_NETWORK=y 1181 1180 CONFIG_SECURITY_NETWORK_XFRM=y

-1

arch/score/configs/spct6600_defconfig

··· 70 70 CONFIG_NFSD_V3_ACL=y 71 71 CONFIG_NFSD_V4=y 72 72 # CONFIG_RCU_CPU_STALL_DETECTOR is not set 73 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 74 73 CONFIG_SECURITY=y 75 74 CONFIG_SECURITY_NETWORK=y 76 75 CONFIG_CRYPTO_NULL=y

-1

arch/tile/configs/tilegx_defconfig

··· 374 374 CONFIG_RCU_CPU_STALL_TIMEOUT=60 375 375 CONFIG_ASYNC_RAID6_TEST=m 376 376 CONFIG_KGDB=y 377 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 378 377 CONFIG_SECURITY=y 379 378 CONFIG_SECURITYFS=y 380 379 CONFIG_SECURITY_NETWORK=y

-1

arch/tile/configs/tilepro_defconfig

··· 486 486 CONFIG_DEBUG_CREDENTIALS=y 487 487 CONFIG_RCU_CPU_STALL_TIMEOUT=60 488 488 CONFIG_ASYNC_RAID6_TEST=m 489 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 490 489 CONFIG_SECURITY=y 491 490 CONFIG_SECURITYFS=y 492 491 CONFIG_SECURITY_NETWORK=y

-1

arch/x86/configs/i386_defconfig

··· 303 303 # CONFIG_DEBUG_RODATA_TEST is not set 304 304 CONFIG_DEBUG_BOOT_PARAMS=y 305 305 CONFIG_OPTIMIZE_INLINING=y 306 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 307 306 CONFIG_SECURITY=y 308 307 CONFIG_SECURITY_NETWORK=y 309 308 CONFIG_SECURITY_SELINUX=y

-1

arch/x86/configs/x86_64_defconfig

··· 300 300 # CONFIG_DEBUG_RODATA_TEST is not set 301 301 CONFIG_DEBUG_BOOT_PARAMS=y 302 302 CONFIG_OPTIMIZE_INLINING=y 303 - CONFIG_KEYS_DEBUG_PROC_KEYS=y 304 303 CONFIG_SECURITY=y 305 304 CONFIG_SECURITY_NETWORK=y 306 305 CONFIG_SECURITY_SELINUX=y

+16

certs/Kconfig

··· 39 39 form of DER-encoded *.x509 files in the top-level build directory, 40 40 those are no longer used. You will need to set this option instead. 41 41 42 + config SYSTEM_EXTRA_CERTIFICATE 43 + bool "Reserve area for inserting a certificate without recompiling" 44 + depends on SYSTEM_TRUSTED_KEYRING 45 + help 46 + If set, space for an extra certificate will be reserved in the kernel 47 + image. This allows introducing a trusted certificate to the default 48 + system keyring without recompiling the kernel. 49 + 50 + config SYSTEM_EXTRA_CERTIFICATE_SIZE 51 + int "Number of bytes to reserve for the extra certificate" 52 + depends on SYSTEM_EXTRA_CERTIFICATE 53 + default 4096 54 + help 55 + This is the number of bytes reserved in the kernel image for a 56 + certificate to be inserted. 57 + 42 58 endmenu

+19 -14

certs/Makefile

··· 36 36 $(error Could not determine digest type to use from kernel config) 37 37 endif 38 38 39 + redirect_openssl = 2>&1 40 + quiet_redirect_openssl = 2>&1 41 + silent_redirect_openssl = 2>/dev/null 42 + 39 43 # We do it this way rather than having a boolean option for enabling an 40 44 # external private key, because 'make randconfig' might enable such a 41 45 # boolean option and we unfortunately can't make it depend on !RANDCONFIG. 42 46 ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") 43 47 $(obj)/signing_key.pem: $(obj)/x509.genkey 44 - @echo "###" 45 - @echo "### Now generating an X.509 key pair to be used for signing modules." 46 - @echo "###" 47 - @echo "### If this takes a long time, you might wish to run rngd in the" 48 - @echo "### background to keep the supply of entropy topped up. It" 49 - @echo "### needs to be run as root, and uses a hardware random" 50 - @echo "### number generator if one is available." 51 - @echo "###" 52 - openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 48 + @$(kecho) "###" 49 + @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." 50 + @$(kecho) "###" 51 + @$(kecho) "### If this takes a long time, you might wish to run rngd in the" 52 + @$(kecho) "### background to keep the supply of entropy topped up. It" 53 + @$(kecho) "### needs to be run as root, and uses a hardware random" 54 + @$(kecho) "### number generator if one is available." 55 + @$(kecho) "###" 56 + $(Q)openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 53 57 -batch -x509 -config $(obj)/x509.genkey \ 54 58 -outform PEM -out $(obj)/signing_key.pem \ 55 - -keyout $(obj)/signing_key.pem 2>&1 56 - @echo "###" 57 - @echo "### Key pair generated." 58 - @echo "###" 59 + -keyout $(obj)/signing_key.pem \ 60 + $($(quiet)redirect_openssl) 61 + @$(kecho) "###" 62 + @$(kecho) "### Key pair generated." 63 + @$(kecho) "###" 59 64 60 65 $(obj)/x509.genkey: 61 - @echo Generating X.509 key generation config 66 + @$(kecho) Generating X.509 key generation config 62 67 @echo >$@ "[ req ]" 63 68 @echo >>$@ "default_bits = 4096" 64 69 @echo >>$@ "distinguished_name = req_distinguished_name"

+13

certs/system_certificates.S

··· 13 13 .incbin "certs/x509_certificate_list" 14 14 __cert_list_end: 15 15 16 + #ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE 17 + .globl VMLINUX_SYMBOL(system_extra_cert) 18 + .size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 19 + VMLINUX_SYMBOL(system_extra_cert): 20 + .fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0 21 + 22 + .align 4 23 + .globl VMLINUX_SYMBOL(system_extra_cert_used) 24 + VMLINUX_SYMBOL(system_extra_cert_used): 25 + .int 0 26 + 27 + #endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */ 28 + 16 29 .align 8 17 30 .globl VMLINUX_SYMBOL(system_certificate_list_size) 18 31 VMLINUX_SYMBOL(system_certificate_list_size):

+2 -2

certs/system_keyring.c

··· 84 84 ((KEY_POS_ALL & ~KEY_POS_SETATTR) | 85 85 KEY_USR_VIEW | KEY_USR_READ), 86 86 KEY_ALLOC_NOT_IN_QUOTA | 87 - KEY_ALLOC_TRUSTED); 87 + KEY_ALLOC_TRUSTED | 88 + KEY_ALLOC_BUILT_IN); 88 89 if (IS_ERR(key)) { 89 90 pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", 90 91 PTR_ERR(key)); 91 92 } else { 92 - set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags); 93 93 pr_notice("Loaded X.509 cert '%s'\n", 94 94 key_ref_to_ptr(key)->description); 95 95 key_ref_put(key);

-7

crypto/asymmetric_keys/Kconfig

··· 12 12 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 13 13 tristate "Asymmetric public-key crypto algorithm subtype" 14 14 select MPILIB 15 - select PUBLIC_KEY_ALGO_RSA 16 15 select CRYPTO_HASH_INFO 17 16 help 18 17 This option provides support for asymmetric public key type handling. 19 18 If signature generation and/or verification are to be used, 20 19 appropriate hash algorithms (such as SHA-1) must be available. 21 20 ENOPKG will be reported if the requisite algorithm is unavailable. 22 - 23 - config PUBLIC_KEY_ALGO_RSA 24 - tristate "RSA public-key algorithm" 25 - select MPILIB 26 - help 27 - This option enables support for the RSA algorithm (PKCS#1, RFC3447). 28 21 29 22 config X509_CERTIFICATE_PARSER 30 23 tristate "X.509 certificate parser"

+2 -6

crypto/asymmetric_keys/Makefile

··· 7 7 asymmetric_keys-y := asymmetric_type.o signature.o 8 8 9 9 obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o 10 - obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o 11 10 12 11 # 13 12 # X.509 Certificate handling ··· 15 16 x509_key_parser-y := \ 16 17 x509-asn1.o \ 17 18 x509_akid-asn1.o \ 18 - x509_rsakey-asn1.o \ 19 19 x509_cert_parser.o \ 20 20 x509_public_key.o 21 21 22 22 $(obj)/x509_cert_parser.o: \ 23 23 $(obj)/x509-asn1.h \ 24 - $(obj)/x509_akid-asn1.h \ 25 - $(obj)/x509_rsakey-asn1.h 24 + $(obj)/x509_akid-asn1.h 25 + 26 26 $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h 27 27 $(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h 28 - $(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h 29 28 30 29 clean-files += x509-asn1.c x509-asn1.h 31 30 clean-files += x509_akid-asn1.c x509_akid-asn1.h 32 - clean-files += x509_rsakey-asn1.c x509_rsakey-asn1.h 33 31 34 32 # 35 33 # PKCS#7 message handling

+7 -7

crypto/asymmetric_keys/mscode_parser.c

··· 86 86 oid = look_up_OID(value, vlen); 87 87 switch (oid) { 88 88 case OID_md4: 89 - ctx->digest_algo = HASH_ALGO_MD4; 89 + ctx->digest_algo = "md4"; 90 90 break; 91 91 case OID_md5: 92 - ctx->digest_algo = HASH_ALGO_MD5; 92 + ctx->digest_algo = "md5"; 93 93 break; 94 94 case OID_sha1: 95 - ctx->digest_algo = HASH_ALGO_SHA1; 95 + ctx->digest_algo = "sha1"; 96 96 break; 97 97 case OID_sha256: 98 - ctx->digest_algo = HASH_ALGO_SHA256; 98 + ctx->digest_algo = "sha256"; 99 99 break; 100 100 case OID_sha384: 101 - ctx->digest_algo = HASH_ALGO_SHA384; 101 + ctx->digest_algo = "sha384"; 102 102 break; 103 103 case OID_sha512: 104 - ctx->digest_algo = HASH_ALGO_SHA512; 104 + ctx->digest_algo = "sha512"; 105 105 break; 106 106 case OID_sha224: 107 - ctx->digest_algo = HASH_ALGO_SHA224; 107 + ctx->digest_algo = "sha224"; 108 108 break; 109 109 110 110 case OID__NR:

+14 -18

crypto/asymmetric_keys/pkcs7_parser.c

··· 15 15 #include <linux/slab.h> 16 16 #include <linux/err.h> 17 17 #include <linux/oid_registry.h> 18 - #include "public_key.h" 18 + #include <crypto/public_key.h> 19 19 #include "pkcs7_parser.h" 20 20 #include "pkcs7-asn1.h" 21 21 ··· 44 44 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo) 45 45 { 46 46 if (sinfo) { 47 - mpi_free(sinfo->sig.mpi[0]); 47 + kfree(sinfo->sig.s); 48 48 kfree(sinfo->sig.digest); 49 49 kfree(sinfo->signing_cert_id); 50 50 kfree(sinfo); ··· 87 87 static int pkcs7_check_authattrs(struct pkcs7_message *msg) 88 88 { 89 89 struct pkcs7_signed_info *sinfo; 90 - bool want; 90 + bool want = false; 91 91 92 92 sinfo = msg->signed_infos; 93 93 if (sinfo->authattrs) { ··· 218 218 219 219 switch (ctx->last_oid) { 220 220 case OID_md4: 221 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD4; 221 + ctx->sinfo->sig.hash_algo = "md4"; 222 222 break; 223 223 case OID_md5: 224 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD5; 224 + ctx->sinfo->sig.hash_algo = "md5"; 225 225 break; 226 226 case OID_sha1: 227 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA1; 227 + ctx->sinfo->sig.hash_algo = "sha1"; 228 228 break; 229 229 case OID_sha256: 230 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA256; 230 + ctx->sinfo->sig.hash_algo = "sha256"; 231 231 break; 232 232 case OID_sha384: 233 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA384; 233 + ctx->sinfo->sig.hash_algo = "sha384"; 234 234 break; 235 235 case OID_sha512: 236 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA512; 236 + ctx->sinfo->sig.hash_algo = "sha512"; 237 237 break; 238 238 case OID_sha224: 239 - ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA224; 239 + ctx->sinfo->sig.hash_algo = "sha224"; 240 240 default: 241 241 printk("Unsupported digest algo: %u\n", ctx->last_oid); 242 242 return -ENOPKG; ··· 255 255 256 256 switch (ctx->last_oid) { 257 257 case OID_rsaEncryption: 258 - ctx->sinfo->sig.pkey_algo = PKEY_ALGO_RSA; 258 + ctx->sinfo->sig.pkey_algo = "rsa"; 259 259 break; 260 260 default: 261 261 printk("Unsupported pkey algo: %u\n", ctx->last_oid); ··· 614 614 const void *value, size_t vlen) 615 615 { 616 616 struct pkcs7_parse_context *ctx = context; 617 - MPI mpi; 618 617 619 - BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA); 620 - 621 - mpi = mpi_read_raw_data(value, vlen); 622 - if (!mpi) 618 + ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL); 619 + if (!ctx->sinfo->sig.s) 623 620 return -ENOMEM; 624 621 625 - ctx->sinfo->sig.mpi[0] = mpi; 626 - ctx->sinfo->sig.nr_mpi = 1; 622 + ctx->sinfo->sig.s_size = vlen; 627 623 return 0; 628 624 } 629 625

+1 -1

crypto/asymmetric_keys/pkcs7_trust.c

··· 17 17 #include <linux/asn1.h> 18 18 #include <linux/key.h> 19 19 #include <keys/asymmetric-type.h> 20 - #include "public_key.h" 20 + #include <crypto/public_key.h> 21 21 #include "pkcs7_parser.h" 22 22 23 23 /**

+4 -6

crypto/asymmetric_keys/pkcs7_verify.c

··· 16 16 #include <linux/err.h> 17 17 #include <linux/asn1.h> 18 18 #include <crypto/hash.h> 19 - #include "public_key.h" 19 + #include <crypto/public_key.h> 20 20 #include "pkcs7_parser.h" 21 21 22 22 /* ··· 31 31 void *digest; 32 32 int ret; 33 33 34 - kenter(",%u,%u", sinfo->index, sinfo->sig.pkey_hash_algo); 34 + kenter(",%u,%s", sinfo->index, sinfo->sig.hash_algo); 35 35 36 - if (sinfo->sig.pkey_hash_algo >= PKEY_HASH__LAST || 37 - !hash_algo_name[sinfo->sig.pkey_hash_algo]) 36 + if (!sinfo->sig.hash_algo) 38 37 return -ENOPKG; 39 38 40 39 /* Allocate the hashing algorithm we're going to need and find out how 41 40 * big the hash operational data will be. 42 41 */ 43 - tfm = crypto_alloc_shash(hash_algo_name[sinfo->sig.pkey_hash_algo], 44 - 0, 0); 42 + tfm = crypto_alloc_shash(sinfo->sig.hash_algo, 0, 0); 45 43 if (IS_ERR(tfm)) 46 44 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); 47 45

+96 -50

crypto/asymmetric_keys/public_key.c

··· 17 17 #include <linux/kernel.h> 18 18 #include <linux/slab.h> 19 19 #include <linux/seq_file.h> 20 + #include <linux/scatterlist.h> 20 21 #include <keys/asymmetric-subtype.h> 21 - #include "public_key.h" 22 + #include <crypto/public_key.h> 23 + #include <crypto/akcipher.h> 22 24 23 25 MODULE_LICENSE("GPL"); 24 - 25 - const char *const pkey_algo_name[PKEY_ALGO__LAST] = { 26 - [PKEY_ALGO_DSA] = "DSA", 27 - [PKEY_ALGO_RSA] = "RSA", 28 - }; 29 - EXPORT_SYMBOL_GPL(pkey_algo_name); 30 - 31 - const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = { 32 - #if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \ 33 - defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE) 34 - [PKEY_ALGO_RSA] = &RSA_public_key_algorithm, 35 - #endif 36 - }; 37 - EXPORT_SYMBOL_GPL(pkey_algo); 38 - 39 - const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = { 40 - [PKEY_ID_PGP] = "PGP", 41 - [PKEY_ID_X509] = "X509", 42 - [PKEY_ID_PKCS7] = "PKCS#7", 43 - }; 44 - EXPORT_SYMBOL_GPL(pkey_id_type_name); 45 26 46 27 /* 47 28 * Provide a part of a description of the key for /proc/keys. ··· 33 52 struct public_key *key = asymmetric_key->payload.data[asym_crypto]; 34 53 35 54 if (key) 36 - seq_printf(m, "%s.%s", 37 - pkey_id_type_name[key->id_type], key->algo->name); 55 + seq_printf(m, "%s.%s", key->id_type, key->pkey_algo); 38 56 } 39 57 40 58 /* ··· 42 62 void public_key_destroy(void *payload) 43 63 { 44 64 struct public_key *key = payload; 45 - int i; 46 65 47 - if (key) { 48 - for (i = 0; i < ARRAY_SIZE(key->mpi); i++) 49 - mpi_free(key->mpi[i]); 50 - kfree(key); 51 - } 66 + if (key) 67 + kfree(key->key); 68 + kfree(key); 52 69 } 53 70 EXPORT_SYMBOL_GPL(public_key_destroy); 71 + 72 + struct public_key_completion { 73 + struct completion completion; 74 + int err; 75 + }; 76 + 77 + static void public_key_verify_done(struct crypto_async_request *req, int err) 78 + { 79 + struct public_key_completion *compl = req->data; 80 + 81 + if (err == -EINPROGRESS) 82 + return; 83 + 84 + compl->err = err; 85 + complete(&compl->completion); 86 + } 54 87 55 88 /* 56 89 * Verify a signature using a public key. 57 90 */ 58 - int public_key_verify_signature(const struct public_key *pk, 91 + int public_key_verify_signature(const struct public_key *pkey, 59 92 const struct public_key_signature *sig) 60 93 { 61 - const struct public_key_algorithm *algo; 94 + struct public_key_completion compl; 95 + struct crypto_akcipher *tfm; 96 + struct akcipher_request *req; 97 + struct scatterlist sig_sg, digest_sg; 98 + const char *alg_name; 99 + char alg_name_buf[CRYPTO_MAX_ALG_NAME]; 100 + void *output; 101 + unsigned int outlen; 102 + int ret = -ENOMEM; 62 103 63 - BUG_ON(!pk); 64 - BUG_ON(!pk->mpi[0]); 65 - BUG_ON(!pk->mpi[1]); 104 + pr_devel("==>%s()\n", __func__); 105 + 106 + BUG_ON(!pkey); 66 107 BUG_ON(!sig); 67 108 BUG_ON(!sig->digest); 68 - BUG_ON(!sig->mpi[0]); 109 + BUG_ON(!sig->s); 69 110 70 - algo = pk->algo; 71 - if (!algo) { 72 - if (pk->pkey_algo >= PKEY_ALGO__LAST) 73 - return -ENOPKG; 74 - algo = pkey_algo[pk->pkey_algo]; 75 - if (!algo) 76 - return -ENOPKG; 111 + alg_name = sig->pkey_algo; 112 + if (strcmp(sig->pkey_algo, "rsa") == 0) { 113 + /* The data wangled by the RSA algorithm is typically padded 114 + * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 115 + * sec 8.2]. 116 + */ 117 + if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME, 118 + "pkcs1pad(rsa,%s)", sig->hash_algo 119 + ) >= CRYPTO_MAX_ALG_NAME) 120 + return -EINVAL; 121 + alg_name = alg_name_buf; 77 122 } 78 123 79 - if (!algo->verify_signature) 80 - return -ENOTSUPP; 124 + tfm = crypto_alloc_akcipher(alg_name, 0, 0); 125 + if (IS_ERR(tfm)) 126 + return PTR_ERR(tfm); 81 127 82 - if (sig->nr_mpi != algo->n_sig_mpi) { 83 - pr_debug("Signature has %u MPI not %u\n", 84 - sig->nr_mpi, algo->n_sig_mpi); 85 - return -EINVAL; 128 + req = akcipher_request_alloc(tfm, GFP_KERNEL); 129 + if (!req) 130 + goto error_free_tfm; 131 + 132 + ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); 133 + if (ret) 134 + goto error_free_req; 135 + 136 + outlen = crypto_akcipher_maxsize(tfm); 137 + output = kmalloc(outlen, GFP_KERNEL); 138 + if (!output) 139 + goto error_free_req; 140 + 141 + sg_init_one(&sig_sg, sig->s, sig->s_size); 142 + sg_init_one(&digest_sg, output, outlen); 143 + akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size, 144 + outlen); 145 + init_completion(&compl.completion); 146 + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | 147 + CRYPTO_TFM_REQ_MAY_SLEEP, 148 + public_key_verify_done, &compl); 149 + 150 + /* Perform the verification calculation. This doesn't actually do the 151 + * verification, but rather calculates the hash expected by the 152 + * signature and returns that to us. 153 + */ 154 + ret = crypto_akcipher_verify(req); 155 + if (ret == -EINPROGRESS) { 156 + wait_for_completion(&compl.completion); 157 + ret = compl.err; 86 158 } 159 + if (ret < 0) 160 + goto out_free_output; 87 161 88 - return algo->verify_signature(pk, sig); 162 + /* Do the actual verification step. */ 163 + if (req->dst_len != sig->digest_size || 164 + memcmp(sig->digest, output, sig->digest_size) != 0) 165 + ret = -EKEYREJECTED; 166 + 167 + out_free_output: 168 + kfree(output); 169 + error_free_req: 170 + akcipher_request_free(req); 171 + error_free_tfm: 172 + crypto_free_akcipher(tfm); 173 + pr_devel("<==%s() = %d\n", __func__, ret); 174 + return ret; 89 175 } 90 176 EXPORT_SYMBOL_GPL(public_key_verify_signature); 91 177

-36

crypto/asymmetric_keys/public_key.h

··· 1 - /* Public key algorithm internals 2 - * 3 - * See Documentation/crypto/asymmetric-keys.txt 4 - * 5 - * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6 - * Written by David Howells (dhowells@redhat.com) 7 - * 8 - * This program is free software; you can redistribute it and/or 9 - * modify it under the terms of the GNU General Public Licence 10 - * as published by the Free Software Foundation; either version 11 - * 2 of the Licence, or (at your option) any later version. 12 - */ 13 - 14 - #include <crypto/public_key.h> 15 - 16 - extern struct asymmetric_key_subtype public_key_subtype; 17 - 18 - /* 19 - * Public key algorithm definition. 20 - */ 21 - struct public_key_algorithm { 22 - const char *name; 23 - u8 n_pub_mpi; /* Number of MPIs in public key */ 24 - u8 n_sec_mpi; /* Number of MPIs in secret key */ 25 - u8 n_sig_mpi; /* Number of MPIs in a signature */ 26 - int (*verify_signature)(const struct public_key *key, 27 - const struct public_key_signature *sig); 28 - }; 29 - 30 - extern const struct public_key_algorithm RSA_public_key_algorithm; 31 - 32 - /* 33 - * public_key.c 34 - */ 35 - extern int public_key_verify_signature(const struct public_key *pk, 36 - const struct public_key_signature *sig);

-278

crypto/asymmetric_keys/rsa.c

··· 1 - /* RSA asymmetric public-key algorithm [RFC3447] 2 - * 3 - * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4 - * Written by David Howells (dhowells@redhat.com) 5 - * 6 - * This program is free software; you can redistribute it and/or 7 - * modify it under the terms of the GNU General Public Licence 8 - * as published by the Free Software Foundation; either version 9 - * 2 of the Licence, or (at your option) any later version. 10 - */ 11 - 12 - #define pr_fmt(fmt) "RSA: "fmt 13 - #include <linux/module.h> 14 - #include <linux/kernel.h> 15 - #include <linux/slab.h> 16 - #include <crypto/algapi.h> 17 - #include "public_key.h" 18 - 19 - MODULE_LICENSE("GPL"); 20 - MODULE_DESCRIPTION("RSA Public Key Algorithm"); 21 - 22 - #define kenter(FMT, ...) \ 23 - pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) 24 - #define kleave(FMT, ...) \ 25 - pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 26 - 27 - /* 28 - * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2]. 29 - */ 30 - static const u8 RSA_digest_info_MD5[] = { 31 - 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 32 - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* OID */ 33 - 0x05, 0x00, 0x04, 0x10 34 - }; 35 - 36 - static const u8 RSA_digest_info_SHA1[] = { 37 - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 38 - 0x2B, 0x0E, 0x03, 0x02, 0x1A, 39 - 0x05, 0x00, 0x04, 0x14 40 - }; 41 - 42 - static const u8 RSA_digest_info_RIPE_MD_160[] = { 43 - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 44 - 0x2B, 0x24, 0x03, 0x02, 0x01, 45 - 0x05, 0x00, 0x04, 0x14 46 - }; 47 - 48 - static const u8 RSA_digest_info_SHA224[] = { 49 - 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 50 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 51 - 0x05, 0x00, 0x04, 0x1C 52 - }; 53 - 54 - static const u8 RSA_digest_info_SHA256[] = { 55 - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 56 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 57 - 0x05, 0x00, 0x04, 0x20 58 - }; 59 - 60 - static const u8 RSA_digest_info_SHA384[] = { 61 - 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 62 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 63 - 0x05, 0x00, 0x04, 0x30 64 - }; 65 - 66 - static const u8 RSA_digest_info_SHA512[] = { 67 - 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 68 - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 69 - 0x05, 0x00, 0x04, 0x40 70 - }; 71 - 72 - static const struct { 73 - const u8 *data; 74 - size_t size; 75 - } RSA_ASN1_templates[PKEY_HASH__LAST] = { 76 - #define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) } 77 - [HASH_ALGO_MD5] = _(MD5), 78 - [HASH_ALGO_SHA1] = _(SHA1), 79 - [HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160), 80 - [HASH_ALGO_SHA256] = _(SHA256), 81 - [HASH_ALGO_SHA384] = _(SHA384), 82 - [HASH_ALGO_SHA512] = _(SHA512), 83 - [HASH_ALGO_SHA224] = _(SHA224), 84 - #undef _ 85 - }; 86 - 87 - /* 88 - * RSAVP1() function [RFC3447 sec 5.2.2] 89 - */ 90 - static int RSAVP1(const struct public_key *key, MPI s, MPI *_m) 91 - { 92 - MPI m; 93 - int ret; 94 - 95 - /* (1) Validate 0 <= s < n */ 96 - if (mpi_cmp_ui(s, 0) < 0) { 97 - kleave(" = -EBADMSG [s < 0]"); 98 - return -EBADMSG; 99 - } 100 - if (mpi_cmp(s, key->rsa.n) >= 0) { 101 - kleave(" = -EBADMSG [s >= n]"); 102 - return -EBADMSG; 103 - } 104 - 105 - m = mpi_alloc(0); 106 - if (!m) 107 - return -ENOMEM; 108 - 109 - /* (2) m = s^e mod n */ 110 - ret = mpi_powm(m, s, key->rsa.e, key->rsa.n); 111 - if (ret < 0) { 112 - mpi_free(m); 113 - return ret; 114 - } 115 - 116 - *_m = m; 117 - return 0; 118 - } 119 - 120 - /* 121 - * Integer to Octet String conversion [RFC3447 sec 4.1] 122 - */ 123 - static int RSA_I2OSP(MPI x, size_t xLen, u8 **pX) 124 - { 125 - unsigned X_size, x_size; 126 - int X_sign; 127 - u8 *X; 128 - 129 - /* Make sure the string is the right length. The number should begin 130 - * with { 0x00, 0x01, ... } so we have to account for 15 leading zero 131 - * bits not being reported by MPI. 132 - */ 133 - x_size = mpi_get_nbits(x); 134 - pr_devel("size(x)=%u xLen*8=%zu\n", x_size, xLen * 8); 135 - if (x_size != xLen * 8 - 15) 136 - return -ERANGE; 137 - 138 - X = mpi_get_buffer(x, &X_size, &X_sign); 139 - if (!X) 140 - return -ENOMEM; 141 - if (X_sign < 0) { 142 - kfree(X); 143 - return -EBADMSG; 144 - } 145 - if (X_size != xLen - 1) { 146 - kfree(X); 147 - return -EBADMSG; 148 - } 149 - 150 - *pX = X; 151 - return 0; 152 - } 153 - 154 - /* 155 - * Perform the RSA signature verification. 156 - * @H: Value of hash of data and metadata 157 - * @EM: The computed signature value 158 - * @k: The size of EM (EM[0] is an invalid location but should hold 0x00) 159 - * @hash_size: The size of H 160 - * @asn1_template: The DigestInfo ASN.1 template 161 - * @asn1_size: Size of asm1_template[] 162 - */ 163 - static int RSA_verify(const u8 *H, const u8 *EM, size_t k, size_t hash_size, 164 - const u8 *asn1_template, size_t asn1_size) 165 - { 166 - unsigned PS_end, T_offset, i; 167 - 168 - kenter(",,%zu,%zu,%zu", k, hash_size, asn1_size); 169 - 170 - if (k < 2 + 1 + asn1_size + hash_size) 171 - return -EBADMSG; 172 - 173 - /* Decode the EMSA-PKCS1-v1_5 */ 174 - if (EM[1] != 0x01) { 175 - kleave(" = -EBADMSG [EM[1] == %02u]", EM[1]); 176 - return -EBADMSG; 177 - } 178 - 179 - T_offset = k - (asn1_size + hash_size); 180 - PS_end = T_offset - 1; 181 - if (EM[PS_end] != 0x00) { 182 - kleave(" = -EBADMSG [EM[T-1] == %02u]", EM[PS_end]); 183 - return -EBADMSG; 184 - } 185 - 186 - for (i = 2; i < PS_end; i++) { 187 - if (EM[i] != 0xff) { 188 - kleave(" = -EBADMSG [EM[PS%x] == %02u]", i - 2, EM[i]); 189 - return -EBADMSG; 190 - } 191 - } 192 - 193 - if (crypto_memneq(asn1_template, EM + T_offset, asn1_size) != 0) { 194 - kleave(" = -EBADMSG [EM[T] ASN.1 mismatch]"); 195 - return -EBADMSG; 196 - } 197 - 198 - if (crypto_memneq(H, EM + T_offset + asn1_size, hash_size) != 0) { 199 - kleave(" = -EKEYREJECTED [EM[T] hash mismatch]"); 200 - return -EKEYREJECTED; 201 - } 202 - 203 - kleave(" = 0"); 204 - return 0; 205 - } 206 - 207 - /* 208 - * Perform the verification step [RFC3447 sec 8.2.2]. 209 - */ 210 - static int RSA_verify_signature(const struct public_key *key, 211 - const struct public_key_signature *sig) 212 - { 213 - size_t tsize; 214 - int ret; 215 - 216 - /* Variables as per RFC3447 sec 8.2.2 */ 217 - const u8 *H = sig->digest; 218 - u8 *EM = NULL; 219 - MPI m = NULL; 220 - size_t k; 221 - 222 - kenter(""); 223 - 224 - if (!RSA_ASN1_templates[sig->pkey_hash_algo].data) 225 - return -ENOTSUPP; 226 - 227 - /* (1) Check the signature size against the public key modulus size */ 228 - k = mpi_get_nbits(key->rsa.n); 229 - tsize = mpi_get_nbits(sig->rsa.s); 230 - 231 - /* According to RFC 4880 sec 3.2, length of MPI is computed starting 232 - * from most significant bit. So the RFC 3447 sec 8.2.2 size check 233 - * must be relaxed to conform with shorter signatures - so we fail here 234 - * only if signature length is longer than modulus size. 235 - */ 236 - pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize); 237 - if (k < tsize) { 238 - ret = -EBADMSG; 239 - goto error; 240 - } 241 - 242 - /* Round up and convert to octets */ 243 - k = (k + 7) / 8; 244 - 245 - /* (2b) Apply the RSAVP1 verification primitive to the public key */ 246 - ret = RSAVP1(key, sig->rsa.s, &m); 247 - if (ret < 0) 248 - goto error; 249 - 250 - /* (2c) Convert the message representative (m) to an encoded message 251 - * (EM) of length k octets. 252 - * 253 - * NOTE! The leading zero byte is suppressed by MPI, so we pass a 254 - * pointer to the _preceding_ byte to RSA_verify()! 255 - */ 256 - ret = RSA_I2OSP(m, k, &EM); 257 - if (ret < 0) 258 - goto error; 259 - 260 - ret = RSA_verify(H, EM - 1, k, sig->digest_size, 261 - RSA_ASN1_templates[sig->pkey_hash_algo].data, 262 - RSA_ASN1_templates[sig->pkey_hash_algo].size); 263 - 264 - error: 265 - kfree(EM); 266 - mpi_free(m); 267 - kleave(" = %d", ret); 268 - return ret; 269 - } 270 - 271 - const struct public_key_algorithm RSA_public_key_algorithm = { 272 - .name = "RSA", 273 - .n_pub_mpi = 2, 274 - .n_sec_mpi = 3, 275 - .n_sig_mpi = 1, 276 - .verify_signature = RSA_verify_signature, 277 - }; 278 - EXPORT_SYMBOL_GPL(RSA_public_key_algorithm);

+2 -2

crypto/asymmetric_keys/verify_pefile.c

··· 328 328 void *digest; 329 329 int ret; 330 330 331 - kenter(",%u", ctx->digest_algo); 331 + kenter(",%s", ctx->digest_algo); 332 332 333 333 /* Allocate the hashing algorithm we're going to need and find out how 334 334 * big the hash operational data will be. 335 335 */ 336 - tfm = crypto_alloc_shash(hash_algo_name[ctx->digest_algo], 0, 0); 336 + tfm = crypto_alloc_shash(ctx->digest_algo, 0, 0); 337 337 if (IS_ERR(tfm)) 338 338 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); 339 339

+1 -1

crypto/asymmetric_keys/verify_pefile.h

··· 28 28 /* PKCS#7 MS Individual Code Signing content */ 29 29 const void *digest; /* Digest */ 30 30 unsigned digest_len; /* Digest length */ 31 - enum hash_algo digest_algo; /* Digest algorithm */ 31 + const char *digest_algo; /* Digest algorithm */ 32 32 }; 33 33 34 34 #define kenter(FMT, ...) \

+26 -49

crypto/asymmetric_keys/x509_cert_parser.c

··· 15 15 #include <linux/slab.h> 16 16 #include <linux/err.h> 17 17 #include <linux/oid_registry.h> 18 - #include "public_key.h" 18 + #include <crypto/public_key.h> 19 19 #include "x509_parser.h" 20 20 #include "x509-asn1.h" 21 21 #include "x509_akid-asn1.h" 22 - #include "x509_rsakey-asn1.h" 23 22 24 23 struct x509_parse_context { 25 24 struct x509_certificate *cert; /* Certificate being constructed */ ··· 55 56 kfree(cert->akid_id); 56 57 kfree(cert->akid_skid); 57 58 kfree(cert->sig.digest); 58 - mpi_free(cert->sig.rsa.s); 59 + kfree(cert->sig.s); 59 60 kfree(cert); 60 61 } 61 62 } ··· 102 103 } 103 104 } 104 105 105 - /* Decode the public key */ 106 - ret = asn1_ber_decoder(&x509_rsakey_decoder, ctx, 107 - ctx->key, ctx->key_size); 108 - if (ret < 0) 106 + cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); 107 + if (!cert->pub->key) 109 108 goto error_decode; 109 + 110 + cert->pub->keylen = ctx->key_size; 110 111 111 112 /* Generate cert issuer + serial number key ID */ 112 113 kid = asymmetric_key_generate_id(cert->raw_serial, ··· 123 124 return cert; 124 125 125 126 error_decode: 127 + kfree(cert->pub->key); 126 128 kfree(ctx); 127 129 error_no_ctx: 128 130 x509_free_certificate(cert); ··· 188 188 return -ENOPKG; /* Unsupported combination */ 189 189 190 190 case OID_md4WithRSAEncryption: 191 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5; 192 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 191 + ctx->cert->sig.hash_algo = "md4"; 192 + ctx->cert->sig.pkey_algo = "rsa"; 193 193 break; 194 194 195 195 case OID_sha1WithRSAEncryption: 196 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1; 197 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 196 + ctx->cert->sig.hash_algo = "sha1"; 197 + ctx->cert->sig.pkey_algo = "rsa"; 198 198 break; 199 199 200 200 case OID_sha256WithRSAEncryption: 201 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256; 202 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 201 + ctx->cert->sig.hash_algo = "sha256"; 202 + ctx->cert->sig.pkey_algo = "rsa"; 203 203 break; 204 204 205 205 case OID_sha384WithRSAEncryption: 206 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384; 207 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 206 + ctx->cert->sig.hash_algo = "sha384"; 207 + ctx->cert->sig.pkey_algo = "rsa"; 208 208 break; 209 209 210 210 case OID_sha512WithRSAEncryption: 211 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512; 212 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 211 + ctx->cert->sig.hash_algo = "sha512"; 212 + ctx->cert->sig.pkey_algo = "rsa"; 213 213 break; 214 214 215 215 case OID_sha224WithRSAEncryption: 216 - ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224; 217 - ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 216 + ctx->cert->sig.hash_algo = "sha224"; 217 + ctx->cert->sig.pkey_algo = "rsa"; 218 218 break; 219 219 } 220 220 ··· 396 396 if (ctx->last_oid != OID_rsaEncryption) 397 397 return -ENOPKG; 398 398 399 - ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA; 399 + ctx->cert->pub->pkey_algo = "rsa"; 400 400 401 401 /* Discard the BIT STRING metadata */ 402 402 ctx->key = value + 1; 403 403 ctx->key_size = vlen - 1; 404 - return 0; 405 - } 406 - 407 - /* 408 - * Extract a RSA public key value 409 - */ 410 - int rsa_extract_mpi(void *context, size_t hdrlen, 411 - unsigned char tag, 412 - const void *value, size_t vlen) 413 - { 414 - struct x509_parse_context *ctx = context; 415 - MPI mpi; 416 - 417 - if (ctx->nr_mpi >= ARRAY_SIZE(ctx->cert->pub->mpi)) { 418 - pr_err("Too many public key MPIs in certificate\n"); 419 - return -EBADMSG; 420 - } 421 - 422 - mpi = mpi_read_raw_data(value, vlen); 423 - if (!mpi) 424 - return -ENOMEM; 425 - 426 - ctx->cert->pub->mpi[ctx->nr_mpi++] = mpi; 427 404 return 0; 428 405 } 429 406 ··· 471 494 unsigned char tag, 472 495 const unsigned char *value, size_t vlen) 473 496 { 474 - static const unsigned char month_lengths[] = { 31, 29, 31, 30, 31, 30, 497 + static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, 475 498 31, 31, 30, 31, 30, 31 }; 476 499 const unsigned char *p = value; 477 500 unsigned year, mon, day, hour, min, sec, mon_len; ··· 517 540 if (year % 4 == 0) { 518 541 mon_len = 29; 519 542 if (year % 100 == 0) { 520 - year /= 100; 521 - if (year % 4 != 0) 522 - mon_len = 28; 543 + mon_len = 28; 544 + if (year % 400 == 0) 545 + mon_len = 29; 523 546 } 524 547 } 525 548 } 526 549 527 550 if (day < 1 || day > mon_len || 528 - hour > 23 || 551 + hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ 529 552 min > 59 || 530 - sec > 59) 553 + sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ 531 554 goto invalid_time; 532 555 533 556 *_t = mktime64(year, mon, day, hour, min, sec);

+14 -20

crypto/asymmetric_keys/x509_public_key.c

··· 13 13 #include <linux/module.h> 14 14 #include <linux/kernel.h> 15 15 #include <linux/slab.h> 16 - #include <linux/err.h> 17 - #include <linux/mpi.h> 18 - #include <linux/asn1_decoder.h> 19 16 #include <keys/asymmetric-subtype.h> 20 17 #include <keys/asymmetric-parser.h> 21 18 #include <keys/system_keyring.h> 22 19 #include <crypto/hash.h> 23 20 #include "asymmetric_keys.h" 24 - #include "public_key.h" 25 21 #include "x509_parser.h" 26 22 27 23 static bool use_builtin_keys; ··· 163 167 164 168 if (cert->unsupported_crypto) 165 169 return -ENOPKG; 166 - if (cert->sig.rsa.s) 170 + if (cert->sig.s) 167 171 return 0; 168 172 169 - cert->sig.rsa.s = mpi_read_raw_data(cert->raw_sig, cert->raw_sig_size); 170 - if (!cert->sig.rsa.s) 173 + cert->sig.s = kmemdup(cert->raw_sig, cert->raw_sig_size, 174 + GFP_KERNEL); 175 + if (!cert->sig.s) 171 176 return -ENOMEM; 172 - cert->sig.nr_mpi = 1; 177 + 178 + cert->sig.s_size = cert->raw_sig_size; 173 179 174 180 /* Allocate the hashing algorithm we're going to need and find out how 175 181 * big the hash operational data will be. 176 182 */ 177 - tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0); 183 + tfm = crypto_alloc_shash(cert->sig.hash_algo, 0, 0); 178 184 if (IS_ERR(tfm)) { 179 185 if (PTR_ERR(tfm) == -ENOENT) { 180 186 cert->unsupported_crypto = true; ··· 291 293 pr_devel("Cert Issuer: %s\n", cert->issuer); 292 294 pr_devel("Cert Subject: %s\n", cert->subject); 293 295 294 - if (cert->pub->pkey_algo >= PKEY_ALGO__LAST || 295 - cert->sig.pkey_algo >= PKEY_ALGO__LAST || 296 - cert->sig.pkey_hash_algo >= PKEY_HASH__LAST || 297 - !pkey_algo[cert->pub->pkey_algo] || 298 - !pkey_algo[cert->sig.pkey_algo] || 299 - !hash_algo_name[cert->sig.pkey_hash_algo]) { 296 + if (!cert->pub->pkey_algo || 297 + !cert->sig.pkey_algo || 298 + !cert->sig.hash_algo) { 300 299 ret = -ENOPKG; 301 300 goto error_free_cert; 302 301 } 303 302 304 - pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]); 303 + pr_devel("Cert Key Algo: %s\n", cert->pub->pkey_algo); 305 304 pr_devel("Cert Valid period: %lld-%lld\n", cert->valid_from, cert->valid_to); 306 305 pr_devel("Cert Signature: %s + %s\n", 307 - pkey_algo_name[cert->sig.pkey_algo], 308 - hash_algo_name[cert->sig.pkey_hash_algo]); 306 + cert->sig.pkey_algo, 307 + cert->sig.hash_algo); 309 308 310 - cert->pub->algo = pkey_algo[cert->pub->pkey_algo]; 311 - cert->pub->id_type = PKEY_ID_X509; 309 + cert->pub->id_type = "X509"; 312 310 313 311 /* Check the signature on the key if it appears to be self-signed */ 314 312 if ((!cert->akid_skid && !cert->akid_id) ||

-4

crypto/asymmetric_keys/x509_rsakey.asn1

··· 1 - RSAPublicKey ::= SEQUENCE { 2 - modulus INTEGER ({ rsa_extract_mpi }), -- n 3 - publicExponent INTEGER ({ rsa_extract_mpi }) -- e 4 - }

+156 -26

crypto/rsa-pkcs1pad.c

··· 18 18 #include <linux/module.h> 19 19 #include <linux/random.h> 20 20 21 + /* 22 + * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2]. 23 + */ 24 + static const u8 rsa_digest_info_md5[] = { 25 + 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 26 + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */ 27 + 0x05, 0x00, 0x04, 0x10 28 + }; 29 + 30 + static const u8 rsa_digest_info_sha1[] = { 31 + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 32 + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 33 + 0x05, 0x00, 0x04, 0x14 34 + }; 35 + 36 + static const u8 rsa_digest_info_rmd160[] = { 37 + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 38 + 0x2b, 0x24, 0x03, 0x02, 0x01, 39 + 0x05, 0x00, 0x04, 0x14 40 + }; 41 + 42 + static const u8 rsa_digest_info_sha224[] = { 43 + 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 44 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 45 + 0x05, 0x00, 0x04, 0x1c 46 + }; 47 + 48 + static const u8 rsa_digest_info_sha256[] = { 49 + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 50 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 51 + 0x05, 0x00, 0x04, 0x20 52 + }; 53 + 54 + static const u8 rsa_digest_info_sha384[] = { 55 + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 56 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 57 + 0x05, 0x00, 0x04, 0x30 58 + }; 59 + 60 + static const u8 rsa_digest_info_sha512[] = { 61 + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 62 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 63 + 0x05, 0x00, 0x04, 0x40 64 + }; 65 + 66 + static const struct rsa_asn1_template { 67 + const char *name; 68 + const u8 *data; 69 + size_t size; 70 + } rsa_asn1_templates[] = { 71 + #define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) } 72 + _(md5), 73 + _(sha1), 74 + _(rmd160), 75 + _(sha256), 76 + _(sha384), 77 + _(sha512), 78 + _(sha224), 79 + { NULL } 80 + #undef _ 81 + }; 82 + 83 + static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name) 84 + { 85 + const struct rsa_asn1_template *p; 86 + 87 + for (p = rsa_asn1_templates; p->name; p++) 88 + if (strcmp(name, p->name) == 0) 89 + return p; 90 + return NULL; 91 + } 92 + 21 93 struct pkcs1pad_ctx { 22 94 struct crypto_akcipher *child; 23 - 95 + const char *hash_name; 24 96 unsigned int key_size; 97 + }; 98 + 99 + struct pkcs1pad_inst_ctx { 100 + struct crypto_akcipher_spawn spawn; 101 + const char *hash_name; 25 102 }; 26 103 27 104 struct pkcs1pad_request { ··· 416 339 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 417 340 struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm); 418 341 struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req); 342 + const struct rsa_asn1_template *digest_info = NULL; 419 343 int err; 420 - unsigned int ps_end; 344 + unsigned int ps_end, digest_size = 0; 421 345 422 346 if (!ctx->key_size) 423 347 return -EINVAL; 424 348 425 - if (req->src_len > ctx->key_size - 11) 349 + if (ctx->hash_name) { 350 + digest_info = rsa_lookup_asn1(ctx->hash_name); 351 + if (!digest_info) 352 + return -EINVAL; 353 + 354 + digest_size = digest_info->size; 355 + } 356 + 357 + if (req->src_len + digest_size > ctx->key_size - 11) 426 358 return -EOVERFLOW; 427 359 428 360 if (req->dst_len < ctx->key_size) { ··· 457 371 if (!req_ctx->in_buf) 458 372 return -ENOMEM; 459 373 460 - ps_end = ctx->key_size - req->src_len - 2; 374 + ps_end = ctx->key_size - digest_size - req->src_len - 2; 461 375 req_ctx->in_buf[0] = 0x01; 462 376 memset(req_ctx->in_buf + 1, 0xff, ps_end - 1); 463 377 req_ctx->in_buf[ps_end] = 0x00; 378 + 379 + if (digest_info) { 380 + memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data, 381 + digest_info->size); 382 + } 464 383 465 384 pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf, 466 385 ctx->key_size - 1 - req->src_len, req->src); ··· 499 408 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 500 409 struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm); 501 410 struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req); 411 + const struct rsa_asn1_template *digest_info; 502 412 unsigned int pos; 503 413 504 414 if (err == -EOVERFLOW) ··· 514 422 goto done; 515 423 } 516 424 517 - if (req_ctx->out_buf[0] != 0x01) { 518 - err = -EINVAL; 425 + err = -EBADMSG; 426 + if (req_ctx->out_buf[0] != 0x01) 519 427 goto done; 520 - } 428 + 521 429 for (pos = 1; pos < req_ctx->child_req.dst_len; pos++) 522 430 if (req_ctx->out_buf[pos] != 0xff) 523 431 break; 432 + 524 433 if (pos < 9 || pos == req_ctx->child_req.dst_len || 525 - req_ctx->out_buf[pos] != 0x00) { 526 - err = -EINVAL; 434 + req_ctx->out_buf[pos] != 0x00) 527 435 goto done; 528 - } 529 436 pos++; 437 + 438 + if (ctx->hash_name) { 439 + digest_info = rsa_lookup_asn1(ctx->hash_name); 440 + if (!digest_info) 441 + goto done; 442 + 443 + if (memcmp(req_ctx->out_buf + pos, digest_info->data, 444 + digest_info->size)) 445 + goto done; 446 + 447 + pos += digest_info->size; 448 + } 449 + 450 + err = 0; 530 451 531 452 if (req->dst_len < req_ctx->child_req.dst_len - pos) 532 453 err = -EOVERFLOW; ··· 549 444 sg_copy_from_buffer(req->dst, 550 445 sg_nents_for_len(req->dst, req->dst_len), 551 446 req_ctx->out_buf + pos, req->dst_len); 552 - 553 447 done: 554 448 kzfree(req_ctx->out_buf); 555 449 ··· 585 481 struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req); 586 482 int err; 587 483 588 - if (!ctx->key_size || req->src_len != ctx->key_size) 484 + if (!ctx->key_size || req->src_len < ctx->key_size) 589 485 return -EINVAL; 590 486 591 487 if (ctx->key_size > PAGE_SIZE) ··· 622 518 static int pkcs1pad_init_tfm(struct crypto_akcipher *tfm) 623 519 { 624 520 struct akcipher_instance *inst = akcipher_alg_instance(tfm); 521 + struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst); 625 522 struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm); 626 523 struct crypto_akcipher *child_tfm; 627 524 ··· 631 526 return PTR_ERR(child_tfm); 632 527 633 528 ctx->child = child_tfm; 634 - 529 + ctx->hash_name = ictx->hash_name; 635 530 return 0; 636 531 } 637 532 ··· 644 539 645 540 static void pkcs1pad_free(struct akcipher_instance *inst) 646 541 { 647 - struct crypto_akcipher_spawn *spawn = akcipher_instance_ctx(inst); 542 + struct pkcs1pad_inst_ctx *ctx = akcipher_instance_ctx(inst); 543 + struct crypto_akcipher_spawn *spawn = &ctx->spawn; 648 544 649 545 crypto_drop_akcipher(spawn); 650 - 546 + kfree(ctx->hash_name); 651 547 kfree(inst); 652 548 } 653 549 ··· 656 550 { 657 551 struct crypto_attr_type *algt; 658 552 struct akcipher_instance *inst; 553 + struct pkcs1pad_inst_ctx *ctx; 659 554 struct crypto_akcipher_spawn *spawn; 660 555 struct akcipher_alg *rsa_alg; 661 556 const char *rsa_alg_name; 557 + const char *hash_name; 662 558 int err; 663 559 664 560 algt = crypto_get_attr_type(tb); ··· 674 566 if (IS_ERR(rsa_alg_name)) 675 567 return PTR_ERR(rsa_alg_name); 676 568 677 - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 569 + hash_name = crypto_attr_alg_name(tb[2]); 570 + if (IS_ERR(hash_name)) 571 + hash_name = NULL; 572 + 573 + inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 678 574 if (!inst) 679 575 return -ENOMEM; 680 576 681 - spawn = akcipher_instance_ctx(inst); 577 + ctx = akcipher_instance_ctx(inst); 578 + spawn = &ctx->spawn; 579 + ctx->hash_name = hash_name ? kstrdup(hash_name, GFP_KERNEL) : NULL; 580 + 682 581 crypto_set_spawn(&spawn->base, akcipher_crypto_instance(inst)); 683 582 err = crypto_grab_akcipher(spawn, rsa_alg_name, 0, 684 583 crypto_requires_sync(algt->type, algt->mask)); ··· 695 580 rsa_alg = crypto_spawn_akcipher_alg(spawn); 696 581 697 582 err = -ENAMETOOLONG; 698 - if (snprintf(inst->alg.base.cra_name, 699 - CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", 700 - rsa_alg->base.cra_name) >= 701 - CRYPTO_MAX_ALG_NAME || 702 - snprintf(inst->alg.base.cra_driver_name, 703 - CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", 704 - rsa_alg->base.cra_driver_name) >= 705 - CRYPTO_MAX_ALG_NAME) 583 + 584 + if (!hash_name) { 585 + if (snprintf(inst->alg.base.cra_name, 586 + CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", 587 + rsa_alg->base.cra_name) >= 588 + CRYPTO_MAX_ALG_NAME || 589 + snprintf(inst->alg.base.cra_driver_name, 590 + CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)", 591 + rsa_alg->base.cra_driver_name) >= 592 + CRYPTO_MAX_ALG_NAME) 706 593 goto out_drop_alg; 594 + } else { 595 + if (snprintf(inst->alg.base.cra_name, 596 + CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)", 597 + rsa_alg->base.cra_name, hash_name) >= 598 + CRYPTO_MAX_ALG_NAME || 599 + snprintf(inst->alg.base.cra_driver_name, 600 + CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)", 601 + rsa_alg->base.cra_driver_name, hash_name) >= 602 + CRYPTO_MAX_ALG_NAME) 603 + goto out_free_hash; 604 + } 707 605 708 606 inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC; 709 607 inst->alg.base.cra_priority = rsa_alg->base.cra_priority; ··· 738 610 739 611 err = akcipher_register_instance(tmpl, inst); 740 612 if (err) 741 - goto out_drop_alg; 613 + goto out_free_hash; 742 614 743 615 return 0; 744 616 617 + out_free_hash: 618 + kfree(ctx->hash_name); 745 619 out_drop_alg: 746 620 crypto_drop_akcipher(spawn); 747 621 out_free_inst:

+27 -51

drivers/base/firmware_class.c

··· 23 23 #include <linux/sched.h> 24 24 #include <linux/file.h> 25 25 #include <linux/list.h> 26 + #include <linux/fs.h> 26 27 #include <linux/async.h> 27 28 #include <linux/pm.h> 28 29 #include <linux/suspend.h> ··· 292 291 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644); 293 292 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path"); 294 293 295 - static int fw_read_file_contents(struct file *file, struct firmware_buf *fw_buf) 294 + static void fw_finish_direct_load(struct device *device, 295 + struct firmware_buf *buf) 296 296 { 297 - int size; 298 - char *buf; 299 - int rc; 300 - 301 - if (!S_ISREG(file_inode(file)->i_mode)) 302 - return -EINVAL; 303 - size = i_size_read(file_inode(file)); 304 - if (size <= 0) 305 - return -EINVAL; 306 - buf = vmalloc(size); 307 - if (!buf) 308 - return -ENOMEM; 309 - rc = kernel_read(file, 0, buf, size); 310 - if (rc != size) { 311 - if (rc > 0) 312 - rc = -EIO; 313 - goto fail; 314 - } 315 - rc = security_kernel_fw_from_file(file, buf, size); 316 - if (rc) 317 - goto fail; 318 - fw_buf->data = buf; 319 - fw_buf->size = size; 320 - return 0; 321 - fail: 322 - vfree(buf); 323 - return rc; 297 + mutex_lock(&fw_lock); 298 + set_bit(FW_STATUS_DONE, &buf->status); 299 + complete_all(&buf->completion); 300 + mutex_unlock(&fw_lock); 324 301 } 325 302 326 303 static int fw_get_filesystem_firmware(struct device *device, 327 304 struct firmware_buf *buf) 328 305 { 306 + loff_t size; 329 307 int i, len; 330 308 int rc = -ENOENT; 331 309 char *path; ··· 314 334 return -ENOMEM; 315 335 316 336 for (i = 0; i < ARRAY_SIZE(fw_path); i++) { 317 - struct file *file; 318 - 319 337 /* skip the unset customized path */ 320 338 if (!fw_path[i][0]) 321 339 continue; ··· 325 347 break; 326 348 } 327 349 328 - file = filp_open(path, O_RDONLY, 0); 329 - if (IS_ERR(file)) 350 + buf->size = 0; 351 + rc = kernel_read_file_from_path(path, &buf->data, &size, 352 + INT_MAX, READING_FIRMWARE); 353 + if (rc) { 354 + if (rc == -ENOENT) 355 + dev_dbg(device, "loading %s failed with error %d\n", 356 + path, rc); 357 + else 358 + dev_warn(device, "loading %s failed with error %d\n", 359 + path, rc); 330 360 continue; 331 - rc = fw_read_file_contents(file, buf); 332 - fput(file); 333 - if (rc) 334 - dev_warn(device, "firmware, attempted to load %s, but failed with error %d\n", 335 - path, rc); 336 - else 337 - break; 361 + } 362 + dev_dbg(device, "direct-loading %s\n", buf->fw_id); 363 + buf->size = size; 364 + fw_finish_direct_load(device, buf); 365 + break; 338 366 } 339 367 __putname(path); 340 - 341 - if (!rc) { 342 - dev_dbg(device, "firmware: direct-loading firmware %s\n", 343 - buf->fw_id); 344 - mutex_lock(&fw_lock); 345 - set_bit(FW_STATUS_DONE, &buf->status); 346 - complete_all(&buf->completion); 347 - mutex_unlock(&fw_lock); 348 - } 349 368 350 369 return rc; 351 370 } ··· 660 685 dev_err(dev, "%s: map pages failed\n", 661 686 __func__); 662 687 else 663 - rc = security_kernel_fw_from_file(NULL, 664 - fw_buf->data, fw_buf->size); 688 + rc = security_kernel_post_read_file(NULL, 689 + fw_buf->data, fw_buf->size, 690 + READING_FIRMWARE); 665 691 666 692 /* 667 693 * Same logic as fw_load_abort, only the DONE bit ··· 1027 1051 } 1028 1052 1029 1053 if (fw_get_builtin_firmware(firmware, name)) { 1030 - dev_dbg(device, "firmware: using built-in firmware %s\n", name); 1054 + dev_dbg(device, "using built-in %s\n", name); 1031 1055 return 0; /* assigned */ 1032 1056 } 1033 1057

+13 -6

drivers/char/tpm/tpm-chip.c

··· 88 88 const struct tpm_class_ops *ops) 89 89 { 90 90 struct tpm_chip *chip; 91 + int rc; 91 92 92 93 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 93 94 if (chip == NULL) ··· 137 136 chip->cdev.owner = chip->pdev->driver->owner; 138 137 chip->cdev.kobj.parent = &chip->dev.kobj; 139 138 139 + rc = devm_add_action(dev, (void (*)(void *)) put_device, &chip->dev); 140 + if (rc) { 141 + put_device(&chip->dev); 142 + return ERR_PTR(rc); 143 + } 144 + 140 145 return chip; 141 146 } 142 147 EXPORT_SYMBOL_GPL(tpmm_chip_alloc); 143 148 144 - static int tpm_dev_add_device(struct tpm_chip *chip) 149 + static int tpm_add_char_device(struct tpm_chip *chip) 145 150 { 146 151 int rc; 147 152 ··· 158 151 chip->devname, MAJOR(chip->dev.devt), 159 152 MINOR(chip->dev.devt), rc); 160 153 161 - device_unregister(&chip->dev); 162 154 return rc; 163 155 } 164 156 ··· 168 162 chip->devname, MAJOR(chip->dev.devt), 169 163 MINOR(chip->dev.devt), rc); 170 164 165 + cdev_del(&chip->cdev); 171 166 return rc; 172 167 } 173 168 174 169 return rc; 175 170 } 176 171 177 - static void tpm_dev_del_device(struct tpm_chip *chip) 172 + static void tpm_del_char_device(struct tpm_chip *chip) 178 173 { 179 174 cdev_del(&chip->cdev); 180 - device_unregister(&chip->dev); 175 + device_del(&chip->dev); 181 176 } 182 177 183 178 static int tpm1_chip_register(struct tpm_chip *chip) ··· 229 222 230 223 tpm_add_ppi(chip); 231 224 232 - rc = tpm_dev_add_device(chip); 225 + rc = tpm_add_char_device(chip); 233 226 if (rc) 234 227 goto out_err; 235 228 ··· 281 274 sysfs_remove_link(&chip->pdev->kobj, "ppi"); 282 275 283 276 tpm1_chip_unregister(chip); 284 - tpm_dev_del_device(chip); 277 + tpm_del_char_device(chip); 285 278 } 286 279 EXPORT_SYMBOL_GPL(tpm_chip_unregister);

-7

drivers/char/tpm/tpm.h

··· 128 128 TPM2_SU_STATE = 0x0001, 129 129 }; 130 130 131 - enum tpm2_start_method { 132 - TPM2_START_ACPI = 2, 133 - TPM2_START_FIFO = 6, 134 - TPM2_START_CRB = 7, 135 - TPM2_START_CRB_WITH_ACPI = 8, 136 - }; 137 - 138 131 struct tpm_chip; 139 132 140 133 struct tpm_vendor_specific {

+11 -11

drivers/char/tpm/tpm2-cmd.c

··· 20 20 #include <keys/trusted-type.h> 21 21 22 22 enum tpm2_object_attributes { 23 - TPM2_ATTR_USER_WITH_AUTH = BIT(6), 23 + TPM2_OA_USER_WITH_AUTH = BIT(6), 24 + }; 25 + 26 + enum tpm2_session_attributes { 27 + TPM2_SA_CONTINUE_SESSION = BIT(0), 24 28 }; 25 29 26 30 struct tpm2_startup_in { ··· 482 478 tpm_buf_append_u8(&buf, payload->migratable); 483 479 484 480 /* public */ 485 - if (options->policydigest) 486 - tpm_buf_append_u16(&buf, 14 + options->digest_len); 487 - else 488 - tpm_buf_append_u16(&buf, 14); 489 - 481 + tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 490 482 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); 491 483 tpm_buf_append_u16(&buf, hash); 492 484 493 485 /* policy */ 494 - if (options->policydigest) { 486 + if (options->policydigest_len) { 495 487 tpm_buf_append_u32(&buf, 0); 496 - tpm_buf_append_u16(&buf, options->digest_len); 488 + tpm_buf_append_u16(&buf, options->policydigest_len); 497 489 tpm_buf_append(&buf, options->policydigest, 498 - options->digest_len); 490 + options->policydigest_len); 499 491 } else { 500 - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); 492 + tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); 501 493 tpm_buf_append_u16(&buf, 0); 502 494 } 503 495 ··· 631 631 options->policyhandle ? 632 632 options->policyhandle : TPM2_RS_PW, 633 633 NULL /* nonce */, 0, 634 - 0 /* session_attributes */, 634 + TPM2_SA_CONTINUE_SESSION, 635 635 options->blobauth /* hmac */, 636 636 TPM_DIGEST_SIZE); 637 637

+130 -88

drivers/char/tpm/tpm_crb.c

··· 34 34 CRB_ACPI_START_INDEX = 1, 35 35 }; 36 36 37 - struct acpi_tpm2 { 38 - struct acpi_table_header hdr; 39 - u16 platform_class; 40 - u16 reserved; 41 - u64 control_area_pa; 42 - u32 start_method; 43 - } __packed; 44 - 45 37 enum crb_ca_request { 46 38 CRB_CA_REQ_GO_IDLE = BIT(0), 47 39 CRB_CA_REQ_CMD_READY = BIT(1), ··· 77 85 78 86 struct crb_priv { 79 87 unsigned int flags; 88 + struct resource res; 89 + void __iomem *iobase; 80 90 struct crb_control_area __iomem *cca; 81 91 u8 __iomem *cmd; 82 92 u8 __iomem *rsp; ··· 91 97 struct crb_priv *priv = chip->vendor.priv; 92 98 u8 sts = 0; 93 99 94 - if ((le32_to_cpu(ioread32(&priv->cca->start)) & CRB_START_INVOKE) != 100 + if ((ioread32(&priv->cca->start) & CRB_START_INVOKE) != 95 101 CRB_START_INVOKE) 96 102 sts |= CRB_STS_COMPLETE; 97 103 ··· 107 113 if (count < 6) 108 114 return -EIO; 109 115 110 - if (le32_to_cpu(ioread32(&priv->cca->sts)) & CRB_CA_STS_ERROR) 116 + if (ioread32(&priv->cca->sts) & CRB_CA_STS_ERROR) 111 117 return -EIO; 112 118 113 119 memcpy_fromio(buf, priv->rsp, 6); ··· 143 149 struct crb_priv *priv = chip->vendor.priv; 144 150 int rc = 0; 145 151 146 - if (len > le32_to_cpu(ioread32(&priv->cca->cmd_size))) { 152 + if (len > ioread32(&priv->cca->cmd_size)) { 147 153 dev_err(&chip->dev, 148 154 "invalid command count value %x %zx\n", 149 155 (unsigned int) len, 150 - (size_t) le32_to_cpu(ioread32(&priv->cca->cmd_size))); 156 + (size_t) ioread32(&priv->cca->cmd_size)); 151 157 return -E2BIG; 152 158 } 153 159 ··· 183 189 static bool crb_req_canceled(struct tpm_chip *chip, u8 status) 184 190 { 185 191 struct crb_priv *priv = chip->vendor.priv; 186 - u32 cancel = le32_to_cpu(ioread32(&priv->cca->cancel)); 192 + u32 cancel = ioread32(&priv->cca->cancel); 187 193 188 194 return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE; 189 195 } ··· 198 204 .req_complete_val = CRB_STS_COMPLETE, 199 205 }; 200 206 201 - static int crb_acpi_add(struct acpi_device *device) 207 + static int crb_init(struct acpi_device *device, struct crb_priv *priv) 202 208 { 203 209 struct tpm_chip *chip; 204 - struct acpi_tpm2 *buf; 205 - struct crb_priv *priv; 206 - struct device *dev = &device->dev; 207 - acpi_status status; 208 - u32 sm; 209 - u64 pa; 210 210 int rc; 211 211 212 - status = acpi_get_table(ACPI_SIG_TPM2, 1, 213 - (struct acpi_table_header **) &buf); 214 - if (ACPI_FAILURE(status)) { 215 - dev_err(dev, "failed to get TPM2 ACPI table\n"); 216 - return -ENODEV; 217 - } 218 - 219 - /* Should the FIFO driver handle this? */ 220 - if (buf->start_method == TPM2_START_FIFO) 221 - return -ENODEV; 222 - 223 - chip = tpmm_chip_alloc(dev, &tpm_crb); 212 + chip = tpmm_chip_alloc(&device->dev, &tpm_crb); 224 213 if (IS_ERR(chip)) 225 214 return PTR_ERR(chip); 226 215 227 - chip->flags = TPM_CHIP_FLAG_TPM2; 228 - 229 - if (buf->hdr.length < sizeof(struct acpi_tpm2)) { 230 - dev_err(dev, "TPM2 ACPI table has wrong size"); 231 - return -EINVAL; 232 - } 233 - 234 - priv = (struct crb_priv *) devm_kzalloc(dev, sizeof(struct crb_priv), 235 - GFP_KERNEL); 236 - if (!priv) { 237 - dev_err(dev, "failed to devm_kzalloc for private data\n"); 238 - return -ENOMEM; 239 - } 240 - 241 - sm = le32_to_cpu(buf->start_method); 242 - 243 - /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs 244 - * report only ACPI start but in practice seems to require both 245 - * ACPI start and CRB start. 246 - */ 247 - if (sm == TPM2_START_CRB || sm == TPM2_START_FIFO || 248 - !strcmp(acpi_device_hid(device), "MSFT0101")) 249 - priv->flags |= CRB_FL_CRB_START; 250 - 251 - if (sm == TPM2_START_ACPI || sm == TPM2_START_CRB_WITH_ACPI) 252 - priv->flags |= CRB_FL_ACPI_START; 253 - 254 - priv->cca = (struct crb_control_area __iomem *) 255 - devm_ioremap_nocache(dev, buf->control_area_pa, 0x1000); 256 - if (!priv->cca) { 257 - dev_err(dev, "ioremap of the control area failed\n"); 258 - return -ENOMEM; 259 - } 260 - 261 - pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) | 262 - (u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low)); 263 - priv->cmd = devm_ioremap_nocache(dev, pa, 264 - ioread32(&priv->cca->cmd_size)); 265 - if (!priv->cmd) { 266 - dev_err(dev, "ioremap of the command buffer failed\n"); 267 - return -ENOMEM; 268 - } 269 - 270 - memcpy_fromio(&pa, &priv->cca->rsp_pa, 8); 271 - pa = le64_to_cpu(pa); 272 - priv->rsp = devm_ioremap_nocache(dev, pa, 273 - ioread32(&priv->cca->rsp_size)); 274 - if (!priv->rsp) { 275 - dev_err(dev, "ioremap of the response buffer failed\n"); 276 - return -ENOMEM; 277 - } 278 - 279 216 chip->vendor.priv = priv; 217 + chip->acpi_dev_handle = device->handle; 218 + chip->flags = TPM_CHIP_FLAG_TPM2; 280 219 281 220 rc = tpm_get_timeouts(chip); 282 221 if (rc) 283 222 return rc; 284 - 285 - chip->acpi_dev_handle = device->handle; 286 223 287 224 rc = tpm2_do_selftest(chip); 288 225 if (rc) ··· 222 297 return tpm_chip_register(chip); 223 298 } 224 299 300 + static int crb_check_resource(struct acpi_resource *ares, void *data) 301 + { 302 + struct crb_priv *priv = data; 303 + struct resource res; 304 + 305 + if (acpi_dev_resource_memory(ares, &res)) { 306 + priv->res = res; 307 + priv->res.name = NULL; 308 + } 309 + 310 + return 1; 311 + } 312 + 313 + static void __iomem *crb_map_res(struct device *dev, struct crb_priv *priv, 314 + u64 start, u32 size) 315 + { 316 + struct resource new_res = { 317 + .start = start, 318 + .end = start + size - 1, 319 + .flags = IORESOURCE_MEM, 320 + }; 321 + 322 + /* Detect a 64 bit address on a 32 bit system */ 323 + if (start != new_res.start) 324 + return ERR_PTR(-EINVAL); 325 + 326 + if (!resource_contains(&priv->res, &new_res)) 327 + return devm_ioremap_resource(dev, &new_res); 328 + 329 + return priv->iobase + (new_res.start - priv->res.start); 330 + } 331 + 332 + static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, 333 + struct acpi_table_tpm2 *buf) 334 + { 335 + struct list_head resources; 336 + struct device *dev = &device->dev; 337 + u64 pa; 338 + int ret; 339 + 340 + INIT_LIST_HEAD(&resources); 341 + ret = acpi_dev_get_resources(device, &resources, crb_check_resource, 342 + priv); 343 + if (ret < 0) 344 + return ret; 345 + acpi_dev_free_resource_list(&resources); 346 + 347 + if (resource_type(&priv->res) != IORESOURCE_MEM) { 348 + dev_err(dev, 349 + FW_BUG "TPM2 ACPI table does not define a memory resource\n"); 350 + return -EINVAL; 351 + } 352 + 353 + priv->iobase = devm_ioremap_resource(dev, &priv->res); 354 + if (IS_ERR(priv->iobase)) 355 + return PTR_ERR(priv->iobase); 356 + 357 + priv->cca = crb_map_res(dev, priv, buf->control_address, 0x1000); 358 + if (IS_ERR(priv->cca)) 359 + return PTR_ERR(priv->cca); 360 + 361 + pa = ((u64) ioread32(&priv->cca->cmd_pa_high) << 32) | 362 + (u64) ioread32(&priv->cca->cmd_pa_low); 363 + priv->cmd = crb_map_res(dev, priv, pa, ioread32(&priv->cca->cmd_size)); 364 + if (IS_ERR(priv->cmd)) 365 + return PTR_ERR(priv->cmd); 366 + 367 + memcpy_fromio(&pa, &priv->cca->rsp_pa, 8); 368 + pa = le64_to_cpu(pa); 369 + priv->rsp = crb_map_res(dev, priv, pa, ioread32(&priv->cca->rsp_size)); 370 + return PTR_ERR_OR_ZERO(priv->rsp); 371 + } 372 + 373 + static int crb_acpi_add(struct acpi_device *device) 374 + { 375 + struct acpi_table_tpm2 *buf; 376 + struct crb_priv *priv; 377 + struct device *dev = &device->dev; 378 + acpi_status status; 379 + u32 sm; 380 + int rc; 381 + 382 + status = acpi_get_table(ACPI_SIG_TPM2, 1, 383 + (struct acpi_table_header **) &buf); 384 + if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) { 385 + dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n"); 386 + return -EINVAL; 387 + } 388 + 389 + /* Should the FIFO driver handle this? */ 390 + sm = buf->start_method; 391 + if (sm == ACPI_TPM2_MEMORY_MAPPED) 392 + return -ENODEV; 393 + 394 + priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL); 395 + if (!priv) 396 + return -ENOMEM; 397 + 398 + /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs 399 + * report only ACPI start but in practice seems to require both 400 + * ACPI start and CRB start. 401 + */ 402 + if (sm == ACPI_TPM2_COMMAND_BUFFER || sm == ACPI_TPM2_MEMORY_MAPPED || 403 + !strcmp(acpi_device_hid(device), "MSFT0101")) 404 + priv->flags |= CRB_FL_CRB_START; 405 + 406 + if (sm == ACPI_TPM2_START_METHOD || 407 + sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) 408 + priv->flags |= CRB_FL_ACPI_START; 409 + 410 + rc = crb_map_io(device, priv, buf); 411 + if (rc) 412 + return rc; 413 + 414 + return crb_init(device, priv); 415 + } 416 + 225 417 static int crb_acpi_remove(struct acpi_device *device) 226 418 { 227 419 struct device *dev = &device->dev; 228 420 struct tpm_chip *chip = dev_get_drvdata(dev); 229 421 230 - tpm_chip_unregister(chip); 231 - 232 422 if (chip->flags & TPM_CHIP_FLAG_TPM2) 233 423 tpm2_shutdown(chip, TPM2_SU_CLEAR); 424 + 425 + tpm_chip_unregister(chip); 234 426 235 427 return 0; 236 428 }

+10 -4

drivers/char/tpm/tpm_eventlog.c

··· 232 232 { 233 233 struct tcpa_event *event = v; 234 234 struct tcpa_event temp_event; 235 - char *tempPtr; 235 + char *temp_ptr; 236 236 int i; 237 237 238 238 memcpy(&temp_event, event, sizeof(struct tcpa_event)); ··· 242 242 temp_event.event_type = do_endian_conversion(event->event_type); 243 243 temp_event.event_size = do_endian_conversion(event->event_size); 244 244 245 - tempPtr = (char *)&temp_event; 245 + temp_ptr = (char *) &temp_event; 246 246 247 - for (i = 0; i < sizeof(struct tcpa_event) + temp_event.event_size; i++) 248 - seq_putc(m, tempPtr[i]); 247 + for (i = 0; i < (sizeof(struct tcpa_event) - 1) ; i++) 248 + seq_putc(m, temp_ptr[i]); 249 + 250 + temp_ptr = (char *) v; 251 + 252 + for (i = (sizeof(struct tcpa_event) - 1); 253 + i < (sizeof(struct tcpa_event) + temp_event.event_size); i++) 254 + seq_putc(m, temp_ptr[i]); 249 255 250 256 return 0; 251 257

+147 -112

drivers/char/tpm/tpm_tis.c

··· 28 28 #include <linux/wait.h> 29 29 #include <linux/acpi.h> 30 30 #include <linux/freezer.h> 31 - #include <acpi/actbl2.h> 32 31 #include "tpm.h" 33 32 34 33 enum tis_access { ··· 59 60 }; 60 61 61 62 enum tis_defaults { 62 - TIS_MEM_BASE = 0xFED40000, 63 63 TIS_MEM_LEN = 0x5000, 64 64 TIS_SHORT_TIMEOUT = 750, /* ms */ 65 65 TIS_LONG_TIMEOUT = 2000, /* 2 sec */ 66 66 }; 67 67 68 68 struct tpm_info { 69 - unsigned long start; 70 - unsigned long len; 71 - unsigned int irq; 72 - }; 73 - 74 - static struct tpm_info tis_default_info = { 75 - .start = TIS_MEM_BASE, 76 - .len = TIS_MEM_LEN, 77 - .irq = 0, 69 + struct resource res; 70 + /* irq > 0 means: use irq $irq; 71 + * irq = 0 means: autoprobe for an irq; 72 + * irq = -1 means: no irq support 73 + */ 74 + int irq; 78 75 }; 79 76 80 77 /* Some timeout values are needed before it is known whether the chip is ··· 113 118 { 114 119 return has_hid(dev, "INTC0102"); 115 120 } 116 - 117 - static inline int is_fifo(struct acpi_device *dev) 118 - { 119 - struct acpi_table_tpm2 *tbl; 120 - acpi_status st; 121 - 122 - /* TPM 1.2 FIFO */ 123 - if (!has_hid(dev, "MSFT0101")) 124 - return 1; 125 - 126 - st = acpi_get_table(ACPI_SIG_TPM2, 1, 127 - (struct acpi_table_header **) &tbl); 128 - if (ACPI_FAILURE(st)) { 129 - dev_err(&dev->dev, "failed to get TPM2 ACPI table\n"); 130 - return 0; 131 - } 132 - 133 - if (le32_to_cpu(tbl->start_method) != TPM2_START_FIFO) 134 - return 0; 135 - 136 - /* TPM 2.0 FIFO */ 137 - return 1; 138 - } 139 121 #else 140 122 static inline int is_itpm(struct acpi_device *dev) 141 123 { 142 124 return 0; 143 - } 144 - 145 - static inline int is_fifo(struct acpi_device *dev) 146 - { 147 - return 1; 148 125 } 149 126 #endif 150 127 ··· 683 716 chip->acpi_dev_handle = acpi_dev_handle; 684 717 #endif 685 718 686 - chip->vendor.iobase = devm_ioremap(dev, tpm_info->start, tpm_info->len); 687 - if (!chip->vendor.iobase) 688 - return -EIO; 719 + chip->vendor.iobase = devm_ioremap_resource(dev, &tpm_info->res); 720 + if (IS_ERR(chip->vendor.iobase)) 721 + return PTR_ERR(chip->vendor.iobase); 689 722 690 723 /* Maximum timeouts */ 691 724 chip->vendor.timeout_a = TIS_TIMEOUT_A_MAX; ··· 774 807 /* INTERRUPT Setup */ 775 808 init_waitqueue_head(&chip->vendor.read_queue); 776 809 init_waitqueue_head(&chip->vendor.int_queue); 777 - if (interrupts) { 810 + if (interrupts && tpm_info->irq != -1) { 778 811 if (tpm_info->irq) { 779 812 tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED, 780 813 tpm_info->irq); ··· 860 893 861 894 static SIMPLE_DEV_PM_OPS(tpm_tis_pm, tpm_pm_suspend, tpm_tis_resume); 862 895 863 - #ifdef CONFIG_PNP 864 896 static int tpm_tis_pnp_init(struct pnp_dev *pnp_dev, 865 - const struct pnp_device_id *pnp_id) 897 + const struct pnp_device_id *pnp_id) 866 898 { 867 - struct tpm_info tpm_info = tis_default_info; 899 + struct tpm_info tpm_info = {}; 868 900 acpi_handle acpi_dev_handle = NULL; 901 + struct resource *res; 869 902 870 - tpm_info.start = pnp_mem_start(pnp_dev, 0); 871 - tpm_info.len = pnp_mem_len(pnp_dev, 0); 903 + res = pnp_get_resource(pnp_dev, IORESOURCE_MEM, 0); 904 + if (!res) 905 + return -ENODEV; 906 + tpm_info.res = *res; 872 907 873 908 if (pnp_irq_valid(pnp_dev, 0)) 874 909 tpm_info.irq = pnp_irq(pnp_dev, 0); 875 910 else 876 - interrupts = false; 911 + tpm_info.irq = -1; 877 912 878 - #ifdef CONFIG_ACPI 879 913 if (pnp_acpi_device(pnp_dev)) { 880 914 if (is_itpm(pnp_acpi_device(pnp_dev))) 881 915 itpm = true; 882 916 883 - acpi_dev_handle = pnp_acpi_device(pnp_dev)->handle; 917 + acpi_dev_handle = ACPI_HANDLE(&pnp_dev->dev); 884 918 } 885 - #endif 886 919 887 920 return tpm_tis_init(&pnp_dev->dev, &tpm_info, acpi_dev_handle); 888 921 } ··· 923 956 module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id, 924 957 sizeof(tpm_pnp_tbl[TIS_HID_USR_IDX].id), 0444); 925 958 MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe"); 926 - #endif 927 959 928 960 #ifdef CONFIG_ACPI 929 961 static int tpm_check_resource(struct acpi_resource *ares, void *data) ··· 930 964 struct tpm_info *tpm_info = (struct tpm_info *) data; 931 965 struct resource res; 932 966 933 - if (acpi_dev_resource_interrupt(ares, 0, &res)) { 967 + if (acpi_dev_resource_interrupt(ares, 0, &res)) 934 968 tpm_info->irq = res.start; 935 - } else if (acpi_dev_resource_memory(ares, &res)) { 936 - tpm_info->start = res.start; 937 - tpm_info->len = resource_size(&res); 969 + else if (acpi_dev_resource_memory(ares, &res)) { 970 + tpm_info->res = res; 971 + tpm_info->res.name = NULL; 938 972 } 939 973 940 974 return 1; ··· 942 976 943 977 static int tpm_tis_acpi_init(struct acpi_device *acpi_dev) 944 978 { 979 + struct acpi_table_tpm2 *tbl; 980 + acpi_status st; 945 981 struct list_head resources; 946 - struct tpm_info tpm_info = tis_default_info; 982 + struct tpm_info tpm_info = {}; 947 983 int ret; 948 984 949 - if (!is_fifo(acpi_dev)) 985 + st = acpi_get_table(ACPI_SIG_TPM2, 1, 986 + (struct acpi_table_header **) &tbl); 987 + if (ACPI_FAILURE(st) || tbl->header.length < sizeof(*tbl)) { 988 + dev_err(&acpi_dev->dev, 989 + FW_BUG "failed to get TPM2 ACPI table\n"); 990 + return -EINVAL; 991 + } 992 + 993 + if (tbl->start_method != ACPI_TPM2_MEMORY_MAPPED) 950 994 return -ENODEV; 951 995 952 996 INIT_LIST_HEAD(&resources); 997 + tpm_info.irq = -1; 953 998 ret = acpi_dev_get_resources(acpi_dev, &resources, tpm_check_resource, 954 999 &tpm_info); 955 1000 if (ret < 0) ··· 968 991 969 992 acpi_dev_free_resource_list(&resources); 970 993 971 - if (!tpm_info.irq) 972 - interrupts = false; 994 + if (resource_type(&tpm_info.res) != IORESOURCE_MEM) { 995 + dev_err(&acpi_dev->dev, 996 + FW_BUG "TPM2 ACPI table does not define a memory resource\n"); 997 + return -EINVAL; 998 + } 973 999 974 1000 if (is_itpm(acpi_dev)) 975 1001 itpm = true; ··· 1011 1031 }; 1012 1032 #endif 1013 1033 1034 + static struct platform_device *force_pdev; 1035 + 1036 + static int tpm_tis_plat_probe(struct platform_device *pdev) 1037 + { 1038 + struct tpm_info tpm_info = {}; 1039 + struct resource *res; 1040 + 1041 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 1042 + if (res == NULL) { 1043 + dev_err(&pdev->dev, "no memory resource defined\n"); 1044 + return -ENODEV; 1045 + } 1046 + tpm_info.res = *res; 1047 + 1048 + res = platform_get_resource(pdev, IORESOURCE_IRQ, 0); 1049 + if (res) { 1050 + tpm_info.irq = res->start; 1051 + } else { 1052 + if (pdev == force_pdev) 1053 + tpm_info.irq = -1; 1054 + else 1055 + /* When forcing auto probe the IRQ */ 1056 + tpm_info.irq = 0; 1057 + } 1058 + 1059 + return tpm_tis_init(&pdev->dev, &tpm_info, NULL); 1060 + } 1061 + 1062 + static int tpm_tis_plat_remove(struct platform_device *pdev) 1063 + { 1064 + struct tpm_chip *chip = dev_get_drvdata(&pdev->dev); 1065 + 1066 + tpm_chip_unregister(chip); 1067 + tpm_tis_remove(chip); 1068 + 1069 + return 0; 1070 + } 1071 + 1014 1072 static struct platform_driver tis_drv = { 1073 + .probe = tpm_tis_plat_probe, 1074 + .remove = tpm_tis_plat_remove, 1015 1075 .driver = { 1016 1076 .name = "tpm_tis", 1017 1077 .pm = &tpm_tis_pm, 1018 1078 }, 1019 1079 }; 1020 1080 1021 - static struct platform_device *pdev; 1022 - 1023 1081 static bool force; 1082 + #ifdef CONFIG_X86 1024 1083 module_param(force, bool, 0444); 1025 1084 MODULE_PARM_DESC(force, "Force device probe rather than using ACPI entry"); 1026 - static int __init init_tis(void) 1085 + #endif 1086 + 1087 + static int tpm_tis_force_device(void) 1027 1088 { 1028 - int rc; 1029 - #ifdef CONFIG_PNP 1030 - if (!force) { 1031 - rc = pnp_register_driver(&tis_pnp_driver); 1032 - if (rc) 1033 - return rc; 1034 - } 1035 - #endif 1036 - #ifdef CONFIG_ACPI 1037 - if (!force) { 1038 - rc = acpi_bus_register_driver(&tis_acpi_driver); 1039 - if (rc) { 1040 - #ifdef CONFIG_PNP 1041 - pnp_unregister_driver(&tis_pnp_driver); 1042 - #endif 1043 - return rc; 1044 - } 1045 - } 1046 - #endif 1089 + struct platform_device *pdev; 1090 + static const struct resource x86_resources[] = { 1091 + { 1092 + .start = 0xFED40000, 1093 + .end = 0xFED40000 + TIS_MEM_LEN - 1, 1094 + .flags = IORESOURCE_MEM, 1095 + }, 1096 + }; 1097 + 1047 1098 if (!force) 1048 1099 return 0; 1049 1100 1050 - rc = platform_driver_register(&tis_drv); 1051 - if (rc < 0) 1052 - return rc; 1053 - pdev = platform_device_register_simple("tpm_tis", -1, NULL, 0); 1054 - if (IS_ERR(pdev)) { 1055 - rc = PTR_ERR(pdev); 1056 - goto err_dev; 1057 - } 1058 - rc = tpm_tis_init(&pdev->dev, &tis_default_info, NULL); 1059 - if (rc) 1060 - goto err_init; 1101 + /* The driver core will match the name tpm_tis of the device to 1102 + * the tpm_tis platform driver and complete the setup via 1103 + * tpm_tis_plat_probe 1104 + */ 1105 + pdev = platform_device_register_simple("tpm_tis", -1, x86_resources, 1106 + ARRAY_SIZE(x86_resources)); 1107 + if (IS_ERR(pdev)) 1108 + return PTR_ERR(pdev); 1109 + force_pdev = pdev; 1110 + 1061 1111 return 0; 1062 - err_init: 1063 - platform_device_unregister(pdev); 1064 - err_dev: 1065 - platform_driver_unregister(&tis_drv); 1112 + } 1113 + 1114 + static int __init init_tis(void) 1115 + { 1116 + int rc; 1117 + 1118 + rc = tpm_tis_force_device(); 1119 + if (rc) 1120 + goto err_force; 1121 + 1122 + rc = platform_driver_register(&tis_drv); 1123 + if (rc) 1124 + goto err_platform; 1125 + 1126 + #ifdef CONFIG_ACPI 1127 + rc = acpi_bus_register_driver(&tis_acpi_driver); 1128 + if (rc) 1129 + goto err_acpi; 1130 + #endif 1131 + 1132 + if (IS_ENABLED(CONFIG_PNP)) { 1133 + rc = pnp_register_driver(&tis_pnp_driver); 1134 + if (rc) 1135 + goto err_pnp; 1136 + } 1137 + 1138 + return 0; 1139 + 1140 + err_pnp: 1141 + #ifdef CONFIG_ACPI 1142 + acpi_bus_unregister_driver(&tis_acpi_driver); 1143 + err_acpi: 1144 + #endif 1145 + platform_device_unregister(force_pdev); 1146 + err_platform: 1147 + if (force_pdev) 1148 + platform_device_unregister(force_pdev); 1149 + err_force: 1066 1150 return rc; 1067 1151 } 1068 1152 1069 1153 static void __exit cleanup_tis(void) 1070 1154 { 1071 - struct tpm_chip *chip; 1072 - #if defined(CONFIG_PNP) || defined(CONFIG_ACPI) 1073 - if (!force) { 1155 + pnp_unregister_driver(&tis_pnp_driver); 1074 1156 #ifdef CONFIG_ACPI 1075 - acpi_bus_unregister_driver(&tis_acpi_driver); 1157 + acpi_bus_unregister_driver(&tis_acpi_driver); 1076 1158 #endif 1077 - #ifdef CONFIG_PNP 1078 - pnp_unregister_driver(&tis_pnp_driver); 1079 - #endif 1080 - return; 1081 - } 1082 - #endif 1083 - chip = dev_get_drvdata(&pdev->dev); 1084 - tpm_chip_unregister(chip); 1085 - tpm_tis_remove(chip); 1086 - platform_device_unregister(pdev); 1087 1159 platform_driver_unregister(&tis_drv); 1160 + 1161 + if (force_pdev) 1162 + platform_device_unregister(force_pdev); 1088 1163 } 1089 1164 1090 1165 module_init(init_tis);

+92

fs/exec.c

··· 56 56 #include <linux/pipe_fs_i.h> 57 57 #include <linux/oom.h> 58 58 #include <linux/compat.h> 59 + #include <linux/vmalloc.h> 59 60 60 61 #include <asm/uaccess.h> 61 62 #include <asm/mmu_context.h> ··· 831 830 } 832 831 833 832 EXPORT_SYMBOL(kernel_read); 833 + 834 + int kernel_read_file(struct file *file, void **buf, loff_t *size, 835 + loff_t max_size, enum kernel_read_file_id id) 836 + { 837 + loff_t i_size, pos; 838 + ssize_t bytes = 0; 839 + int ret; 840 + 841 + if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) 842 + return -EINVAL; 843 + 844 + ret = security_kernel_read_file(file, id); 845 + if (ret) 846 + return ret; 847 + 848 + i_size = i_size_read(file_inode(file)); 849 + if (max_size > 0 && i_size > max_size) 850 + return -EFBIG; 851 + if (i_size <= 0) 852 + return -EINVAL; 853 + 854 + *buf = vmalloc(i_size); 855 + if (!*buf) 856 + return -ENOMEM; 857 + 858 + pos = 0; 859 + while (pos < i_size) { 860 + bytes = kernel_read(file, pos, (char *)(*buf) + pos, 861 + i_size - pos); 862 + if (bytes < 0) { 863 + ret = bytes; 864 + goto out; 865 + } 866 + 867 + if (bytes == 0) 868 + break; 869 + pos += bytes; 870 + } 871 + 872 + if (pos != i_size) { 873 + ret = -EIO; 874 + goto out; 875 + } 876 + 877 + ret = security_kernel_post_read_file(file, *buf, i_size, id); 878 + if (!ret) 879 + *size = pos; 880 + 881 + out: 882 + if (ret < 0) { 883 + vfree(*buf); 884 + *buf = NULL; 885 + } 886 + return ret; 887 + } 888 + EXPORT_SYMBOL_GPL(kernel_read_file); 889 + 890 + int kernel_read_file_from_path(char *path, void **buf, loff_t *size, 891 + loff_t max_size, enum kernel_read_file_id id) 892 + { 893 + struct file *file; 894 + int ret; 895 + 896 + if (!path || !*path) 897 + return -EINVAL; 898 + 899 + file = filp_open(path, O_RDONLY, 0); 900 + if (IS_ERR(file)) 901 + return PTR_ERR(file); 902 + 903 + ret = kernel_read_file(file, buf, size, max_size, id); 904 + fput(file); 905 + return ret; 906 + } 907 + EXPORT_SYMBOL_GPL(kernel_read_file_from_path); 908 + 909 + int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, 910 + enum kernel_read_file_id id) 911 + { 912 + struct fd f = fdget(fd); 913 + int ret = -EBADF; 914 + 915 + if (!f.file) 916 + goto out; 917 + 918 + ret = kernel_read_file(f.file, buf, size, max_size, id); 919 + out: 920 + fdput(f); 921 + return ret; 922 + } 923 + EXPORT_SYMBOL_GPL(kernel_read_file_from_fd); 834 924 835 925 ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len) 836 926 {

+13 -63

include/crypto/public_key.h

··· 14 14 #ifndef _LINUX_PUBLIC_KEY_H 15 15 #define _LINUX_PUBLIC_KEY_H 16 16 17 - #include <linux/mpi.h> 18 - #include <crypto/hash_info.h> 19 - 20 - enum pkey_algo { 21 - PKEY_ALGO_DSA, 22 - PKEY_ALGO_RSA, 23 - PKEY_ALGO__LAST 24 - }; 25 - 26 - extern const char *const pkey_algo_name[PKEY_ALGO__LAST]; 27 - extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST]; 28 - 29 - /* asymmetric key implementation supports only up to SHA224 */ 30 - #define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1) 31 - 32 - enum pkey_id_type { 33 - PKEY_ID_PGP, /* OpenPGP generated key ID */ 34 - PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ 35 - PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ 36 - PKEY_ID_TYPE__LAST 37 - }; 38 - 39 - extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST]; 40 - 41 17 /* 42 18 * The use to which an asymmetric key is being put. 43 19 */ ··· 35 59 * part. 36 60 */ 37 61 struct public_key { 38 - const struct public_key_algorithm *algo; 39 - u8 capabilities; 40 - #define PKEY_CAN_ENCRYPT 0x01 41 - #define PKEY_CAN_DECRYPT 0x02 42 - #define PKEY_CAN_SIGN 0x04 43 - #define PKEY_CAN_VERIFY 0x08 44 - enum pkey_algo pkey_algo : 8; 45 - enum pkey_id_type id_type : 8; 46 - union { 47 - MPI mpi[5]; 48 - struct { 49 - MPI p; /* DSA prime */ 50 - MPI q; /* DSA group order */ 51 - MPI g; /* DSA group generator */ 52 - MPI y; /* DSA public-key value = g^x mod p */ 53 - MPI x; /* DSA secret exponent (if present) */ 54 - } dsa; 55 - struct { 56 - MPI n; /* RSA public modulus */ 57 - MPI e; /* RSA public encryption exponent */ 58 - MPI d; /* RSA secret encryption exponent (if present) */ 59 - MPI p; /* RSA secret prime (if present) */ 60 - MPI q; /* RSA secret prime (if present) */ 61 - } rsa; 62 - }; 62 + void *key; 63 + u32 keylen; 64 + const char *id_type; 65 + const char *pkey_algo; 63 66 }; 64 67 65 68 extern void public_key_destroy(void *payload); ··· 47 92 * Public key cryptography signature data 48 93 */ 49 94 struct public_key_signature { 95 + u8 *s; /* Signature */ 96 + u32 s_size; /* Number of bytes in signature */ 50 97 u8 *digest; 51 - u8 digest_size; /* Number of bytes in digest */ 52 - u8 nr_mpi; /* Occupancy of mpi[] */ 53 - enum pkey_algo pkey_algo : 8; 54 - enum hash_algo pkey_hash_algo : 8; 55 - union { 56 - MPI mpi[2]; 57 - struct { 58 - MPI s; /* m^d mod n */ 59 - } rsa; 60 - struct { 61 - MPI r; 62 - MPI s; 63 - } dsa; 64 - }; 98 + u8 digest_size; /* Number of bytes in digest */ 99 + const char *pkey_algo; 100 + const char *hash_algo; 65 101 }; 66 102 103 + extern struct asymmetric_key_subtype public_key_subtype; 67 104 struct key; 68 105 extern int verify_signature(const struct key *key, 69 106 const struct public_key_signature *sig); ··· 65 118 const struct asymmetric_key_id *id, 66 119 const struct asymmetric_key_id *skid, 67 120 bool partial); 121 + 122 + int public_key_verify_signature(const struct public_key *pkey, 123 + const struct public_key_signature *sig); 68 124 69 125 #endif /* _LINUX_PUBLIC_KEY_H */

+1 -1

include/keys/trusted-type.h

··· 38 38 unsigned char pcrinfo[MAX_PCRINFO_SIZE]; 39 39 int pcrlock; 40 40 uint32_t hash; 41 - uint32_t digest_len; 41 + uint32_t policydigest_len; 42 42 unsigned char policydigest[MAX_DIGEST_SIZE]; 43 43 uint32_t policyhandle; 44 44 };

+15

include/linux/fs.h

··· 2576 2576 #endif 2577 2577 extern int do_pipe_flags(int *, int); 2578 2578 2579 + enum kernel_read_file_id { 2580 + READING_FIRMWARE = 1, 2581 + READING_MODULE, 2582 + READING_KEXEC_IMAGE, 2583 + READING_KEXEC_INITRAMFS, 2584 + READING_POLICY, 2585 + READING_MAX_ID 2586 + }; 2587 + 2579 2588 extern int kernel_read(struct file *, loff_t, char *, unsigned long); 2589 + extern int kernel_read_file(struct file *, void **, loff_t *, loff_t, 2590 + enum kernel_read_file_id); 2591 + extern int kernel_read_file_from_path(char *, void **, loff_t *, loff_t, 2592 + enum kernel_read_file_id); 2593 + extern int kernel_read_file_from_fd(int, void **, loff_t *, loff_t, 2594 + enum kernel_read_file_id); 2580 2595 extern ssize_t kernel_write(struct file *, const char *, size_t, loff_t); 2581 2596 extern ssize_t __kernel_write(struct file *, const char *, size_t, loff_t *); 2582 2597 extern struct file * open_exec(const char *);

+6 -4

include/linux/ima.h

··· 18 18 extern int ima_file_check(struct file *file, int mask, int opened); 19 19 extern void ima_file_free(struct file *file); 20 20 extern int ima_file_mmap(struct file *file, unsigned long prot); 21 - extern int ima_module_check(struct file *file); 22 - extern int ima_fw_from_file(struct file *file, char *buf, size_t size); 21 + extern int ima_read_file(struct file *file, enum kernel_read_file_id id); 22 + extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 23 + enum kernel_read_file_id id); 23 24 24 25 #else 25 26 static inline int ima_bprm_check(struct linux_binprm *bprm) ··· 43 42 return 0; 44 43 } 45 44 46 - static inline int ima_module_check(struct file *file) 45 + static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) 47 46 { 48 47 return 0; 49 48 } 50 49 51 - static inline int ima_fw_from_file(struct file *file, char *buf, size_t size) 50 + static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 51 + enum kernel_read_file_id id) 52 52 { 53 53 return 0; 54 54 }

+1

include/linux/key.h

··· 219 219 #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ 220 220 #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ 221 221 #define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */ 222 + #define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */ 222 223 223 224 extern void key_revoke(struct key *key); 224 225 extern void key_invalidate(struct key *key);

+18 -17

include/linux/lsm_hooks.h

··· 541 541 * @inode points to the inode to use as a reference. 542 542 * The current task must be the one that nominated @inode. 543 543 * Return 0 if successful. 544 - * @kernel_fw_from_file: 545 - * Load firmware from userspace (not called for built-in firmware). 546 - * @file contains the file structure pointing to the file containing 547 - * the firmware to load. This argument will be NULL if the firmware 548 - * was loaded via the uevent-triggered blob-based interface exposed 549 - * by CONFIG_FW_LOADER_USER_HELPER. 550 - * @buf pointer to buffer containing firmware contents. 551 - * @size length of the firmware contents. 552 - * Return 0 if permission is granted. 553 544 * @kernel_module_request: 554 545 * Ability to trigger the kernel to automatically upcall to userspace for 555 546 * userspace to load a kernel module with the given name. 556 547 * @kmod_name name of the module requested by the kernel 557 548 * Return 0 if successful. 558 - * @kernel_module_from_file: 559 - * Load a kernel module from userspace. 560 - * @file contains the file structure pointing to the file containing 561 - * the kernel module to load. If the module is being loaded from a blob, 562 - * this argument will be NULL. 549 + * @kernel_read_file: 550 + * Read a file specified by userspace. 551 + * @file contains the file structure pointing to the file being read 552 + * by the kernel. 553 + * @id kernel read file identifier 554 + * Return 0 if permission is granted. 555 + * @kernel_post_read_file: 556 + * Read a file specified by userspace. 557 + * @file contains the file structure pointing to the file being read 558 + * by the kernel. 559 + * @buf pointer to buffer containing the file contents. 560 + * @size length of the file contents. 561 + * @id kernel read file identifier 563 562 * Return 0 if permission is granted. 564 563 * @task_fix_setuid: 565 564 * Update the module's state after setting one or more of the user ··· 1453 1454 void (*cred_transfer)(struct cred *new, const struct cred *old); 1454 1455 int (*kernel_act_as)(struct cred *new, u32 secid); 1455 1456 int (*kernel_create_files_as)(struct cred *new, struct inode *inode); 1456 - int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size); 1457 1457 int (*kernel_module_request)(char *kmod_name); 1458 1458 int (*kernel_module_from_file)(struct file *file); 1459 + int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id); 1460 + int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size, 1461 + enum kernel_read_file_id id); 1459 1462 int (*task_fix_setuid)(struct cred *new, const struct cred *old, 1460 1463 int flags); 1461 1464 int (*task_setpgid)(struct task_struct *p, pid_t pgid); ··· 1716 1715 struct list_head cred_transfer; 1717 1716 struct list_head kernel_act_as; 1718 1717 struct list_head kernel_create_files_as; 1719 - struct list_head kernel_fw_from_file; 1718 + struct list_head kernel_read_file; 1719 + struct list_head kernel_post_read_file; 1720 1720 struct list_head kernel_module_request; 1721 - struct list_head kernel_module_from_file; 1722 1721 struct list_head task_fix_setuid; 1723 1722 struct list_head task_setpgid; 1724 1723 struct list_head task_getpgid;

+14 -8

include/linux/security.h

··· 24 24 25 25 #include <linux/key.h> 26 26 #include <linux/capability.h> 27 + #include <linux/fs.h> 27 28 #include <linux/slab.h> 28 29 #include <linux/err.h> 29 30 #include <linux/string.h> 30 31 #include <linux/mm.h> 32 + #include <linux/fs.h> 31 33 32 34 struct linux_binprm; 33 35 struct cred; ··· 300 298 void security_transfer_creds(struct cred *new, const struct cred *old); 301 299 int security_kernel_act_as(struct cred *new, u32 secid); 302 300 int security_kernel_create_files_as(struct cred *new, struct inode *inode); 303 - int security_kernel_fw_from_file(struct file *file, char *buf, size_t size); 304 301 int security_kernel_module_request(char *kmod_name); 305 302 int security_kernel_module_from_file(struct file *file); 303 + int security_kernel_read_file(struct file *file, enum kernel_read_file_id id); 304 + int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 305 + enum kernel_read_file_id id); 306 306 int security_task_fix_setuid(struct cred *new, const struct cred *old, 307 307 int flags); 308 308 int security_task_setpgid(struct task_struct *p, pid_t pgid); ··· 854 850 return 0; 855 851 } 856 852 857 - static inline int security_kernel_fw_from_file(struct file *file, 858 - char *buf, size_t size) 859 - { 860 - return 0; 861 - } 862 - 863 853 static inline int security_kernel_module_request(char *kmod_name) 864 854 { 865 855 return 0; 866 856 } 867 857 868 - static inline int security_kernel_module_from_file(struct file *file) 858 + static inline int security_kernel_read_file(struct file *file, 859 + enum kernel_read_file_id id) 860 + { 861 + return 0; 862 + } 863 + 864 + static inline int security_kernel_post_read_file(struct file *file, 865 + char *buf, loff_t size, 866 + enum kernel_read_file_id id) 869 867 { 870 868 return 0; 871 869 }

+1 -1

init/Kconfig

··· 1779 1779 select SYSTEM_TRUSTED_KEYRING 1780 1780 select KEYS 1781 1781 select CRYPTO 1782 + select CRYPTO_RSA 1782 1783 select ASYMMETRIC_KEY_TYPE 1783 1784 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1784 - select PUBLIC_KEY_ALGO_RSA 1785 1785 select ASN1 1786 1786 select OID_REGISTRY 1787 1787 select X509_CERTIFICATE_PARSER

+9 -64

kernel/kexec_file.c

··· 18 18 #include <linux/kexec.h> 19 19 #include <linux/mutex.h> 20 20 #include <linux/list.h> 21 + #include <linux/fs.h> 21 22 #include <crypto/hash.h> 22 23 #include <crypto/sha.h> 23 24 #include <linux/syscalls.h> ··· 33 32 size_t __weak kexec_purgatory_size = 0; 34 33 35 34 static int kexec_calculate_store_digests(struct kimage *image); 36 - 37 - static int copy_file_from_fd(int fd, void **buf, unsigned long *buf_len) 38 - { 39 - struct fd f = fdget(fd); 40 - int ret; 41 - struct kstat stat; 42 - loff_t pos; 43 - ssize_t bytes = 0; 44 - 45 - if (!f.file) 46 - return -EBADF; 47 - 48 - ret = vfs_getattr(&f.file->f_path, &stat); 49 - if (ret) 50 - goto out; 51 - 52 - if (stat.size > INT_MAX) { 53 - ret = -EFBIG; 54 - goto out; 55 - } 56 - 57 - /* Don't hand 0 to vmalloc, it whines. */ 58 - if (stat.size == 0) { 59 - ret = -EINVAL; 60 - goto out; 61 - } 62 - 63 - *buf = vmalloc(stat.size); 64 - if (!*buf) { 65 - ret = -ENOMEM; 66 - goto out; 67 - } 68 - 69 - pos = 0; 70 - while (pos < stat.size) { 71 - bytes = kernel_read(f.file, pos, (char *)(*buf) + pos, 72 - stat.size - pos); 73 - if (bytes < 0) { 74 - vfree(*buf); 75 - ret = bytes; 76 - goto out; 77 - } 78 - 79 - if (bytes == 0) 80 - break; 81 - pos += bytes; 82 - } 83 - 84 - if (pos != stat.size) { 85 - ret = -EBADF; 86 - vfree(*buf); 87 - goto out; 88 - } 89 - 90 - *buf_len = pos; 91 - out: 92 - fdput(f); 93 - return ret; 94 - } 95 35 96 36 /* Architectures can provide this probe function */ 97 37 int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf, ··· 124 182 { 125 183 int ret = 0; 126 184 void *ldata; 185 + loff_t size; 127 186 128 - ret = copy_file_from_fd(kernel_fd, &image->kernel_buf, 129 - &image->kernel_buf_len); 187 + ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf, 188 + &size, INT_MAX, READING_KEXEC_IMAGE); 130 189 if (ret) 131 190 return ret; 191 + image->kernel_buf_len = size; 132 192 133 193 /* Call arch image probe handlers */ 134 194 ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, 135 195 image->kernel_buf_len); 136 - 137 196 if (ret) 138 197 goto out; 139 198 ··· 149 206 #endif 150 207 /* It is possible that there no initramfs is being loaded */ 151 208 if (!(flags & KEXEC_FILE_NO_INITRAMFS)) { 152 - ret = copy_file_from_fd(initrd_fd, &image->initrd_buf, 153 - &image->initrd_buf_len); 209 + ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf, 210 + &size, INT_MAX, 211 + READING_KEXEC_INITRAMFS); 154 212 if (ret) 155 213 goto out; 214 + image->initrd_buf_len = size; 156 215 } 157 216 158 217 if (cmdline_len) {

+8 -60

kernel/module.c

··· 2675 2675 if (info->len < sizeof(*(info->hdr))) 2676 2676 return -ENOEXEC; 2677 2677 2678 - err = security_kernel_module_from_file(NULL); 2678 + err = security_kernel_read_file(NULL, READING_MODULE); 2679 2679 if (err) 2680 2680 return err; 2681 2681 ··· 2691 2691 } 2692 2692 2693 2693 return 0; 2694 - } 2695 - 2696 - /* Sets info->hdr and info->len. */ 2697 - static int copy_module_from_fd(int fd, struct load_info *info) 2698 - { 2699 - struct fd f = fdget(fd); 2700 - int err; 2701 - struct kstat stat; 2702 - loff_t pos; 2703 - ssize_t bytes = 0; 2704 - 2705 - if (!f.file) 2706 - return -ENOEXEC; 2707 - 2708 - err = security_kernel_module_from_file(f.file); 2709 - if (err) 2710 - goto out; 2711 - 2712 - err = vfs_getattr(&f.file->f_path, &stat); 2713 - if (err) 2714 - goto out; 2715 - 2716 - if (stat.size > INT_MAX) { 2717 - err = -EFBIG; 2718 - goto out; 2719 - } 2720 - 2721 - /* Don't hand 0 to vmalloc, it whines. */ 2722 - if (stat.size == 0) { 2723 - err = -EINVAL; 2724 - goto out; 2725 - } 2726 - 2727 - info->hdr = vmalloc(stat.size); 2728 - if (!info->hdr) { 2729 - err = -ENOMEM; 2730 - goto out; 2731 - } 2732 - 2733 - pos = 0; 2734 - while (pos < stat.size) { 2735 - bytes = kernel_read(f.file, pos, (char *)(info->hdr) + pos, 2736 - stat.size - pos); 2737 - if (bytes < 0) { 2738 - vfree(info->hdr); 2739 - err = bytes; 2740 - goto out; 2741 - } 2742 - if (bytes == 0) 2743 - break; 2744 - pos += bytes; 2745 - } 2746 - info->len = pos; 2747 - 2748 - out: 2749 - fdput(f); 2750 - return err; 2751 2694 } 2752 2695 2753 2696 static void free_copy(struct load_info *info) ··· 3554 3611 3555 3612 SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) 3556 3613 { 3557 - int err; 3558 3614 struct load_info info = { }; 3615 + loff_t size; 3616 + void *hdr; 3617 + int err; 3559 3618 3560 3619 err = may_init_module(); 3561 3620 if (err) ··· 3569 3624 |MODULE_INIT_IGNORE_VERMAGIC)) 3570 3625 return -EINVAL; 3571 3626 3572 - err = copy_module_from_fd(fd, &info); 3627 + err = kernel_read_file_from_fd(fd, &hdr, &size, INT_MAX, 3628 + READING_MODULE); 3573 3629 if (err) 3574 3630 return err; 3631 + info.hdr = hdr; 3632 + info.len = size; 3575 3633 3576 3634 return load_module(&info, uargs, flags); 3577 3635 }

+7

kernel/module_signing.c

··· 11 11 12 12 #include <linux/kernel.h> 13 13 #include <linux/errno.h> 14 + #include <linux/string.h> 14 15 #include <keys/system_keyring.h> 15 16 #include <crypto/public_key.h> 16 17 #include "module-internal.h" 18 + 19 + enum pkey_id_type { 20 + PKEY_ID_PGP, /* OpenPGP generated key ID */ 21 + PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ 22 + PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ 23 + }; 17 24 18 25 /* 19 26 * Module signature information block.

+8 -1

kernel/time/time.c

··· 322 322 * -year/100+year/400 terms, and add 10.] 323 323 * 324 324 * This algorithm was first published by Gauss (I think). 325 + * 326 + * A leap second can be indicated by calling this function with sec as 327 + * 60 (allowable under ISO 8601). The leap second is treated the same 328 + * as the following second since they don't exist in UNIX time. 329 + * 330 + * An encoding of midnight at the end of the day as 24:00:00 - ie. midnight 331 + * tomorrow - (allowable under ISO 8601) is supported. 325 332 */ 326 333 time64_t mktime64(const unsigned int year0, const unsigned int mon0, 327 334 const unsigned int day, const unsigned int hour, ··· 345 338 return ((((time64_t) 346 339 (year/4 - year/100 + year/400 + 367*mon/12 + day) + 347 340 year*365 - 719499 348 - )*24 + hour /* now have hours */ 341 + )*24 + hour /* now have hours - midnight tomorrow handled here */ 349 342 )*60 + min /* now have minutes */ 350 343 )*60 + sec; /* finally seconds */ 351 344 }

+1

scripts/.gitignore

··· 13 13 asn1_compiler 14 14 extract-cert 15 15 sign-file 16 + insert-sys-cert

+1

scripts/Makefile

··· 19 19 hostprogs-$(CONFIG_ASN1) += asn1_compiler 20 20 hostprogs-$(CONFIG_MODULE_SIG) += sign-file 21 21 hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert 22 + hostprogs-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert 22 23 23 24 HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include 24 25 HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include

+21 -8

scripts/extract-sys-certs.pl

··· 91 91 92 92 die "Can't find system certificate list" 93 93 unless (exists($symbols{"__cert_list_start"}) && 94 - exists($symbols{"__cert_list_end"})); 94 + exists($symbols{"system_certificate_list_size"})); 95 95 96 96 my $start = Math::BigInt->new($symbols{"__cert_list_start"}); 97 - my $end = Math::BigInt->new($symbols{"__cert_list_end"}); 98 - my $size = $end - $start; 97 + my $end; 98 + my $size; 99 + my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"}); 99 100 100 - printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; 101 + open FD, "<$vmlinux" || die $vmlinux; 102 + binmode(FD); 101 103 102 104 my $s = undef; 103 105 foreach my $sec (@sections) { ··· 112 110 next unless ($start >= $s_vma); 113 111 next if ($start >= $s_vend); 114 112 115 - die "Cert object partially overflows section $s_name\n" 116 - if ($end > $s_vend); 113 + die "Certificate list size was not found on the same section\n" 114 + if ($size_sym < $s_vma || $size_sym > $s_vend); 117 115 118 116 die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" 119 117 if ($s); 118 + 119 + my $size_off = $size_sym -$s_vma + $s_foff; 120 + my $packed; 121 + die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET))); 122 + sysread(FD, $packed, 8); 123 + $size = unpack 'L!', $packed; 124 + $end = $start + $size; 125 + 126 + printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; 127 + 128 + die "Cert object partially overflows section $s_name\n" 129 + if ($end > $s_vend); 130 + 120 131 $s = $sec; 121 132 } 122 133 ··· 142 127 143 128 printf "Certificate list at file offset 0x%x\n", $foff; 144 129 145 - open FD, "<$vmlinux" || die $vmlinux; 146 - binmode(FD); 147 130 die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); 148 131 my $buf = ""; 149 132 my $len = sysread(FD, $buf, $size);

+410

scripts/insert-sys-cert.c

··· 1 + /* Write the contents of the <certfile> into kernel symbol system_extra_cert 2 + * 3 + * Copyright (C) IBM Corporation, 2015 4 + * 5 + * Author: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> 6 + * 7 + * This software may be used and distributed according to the terms 8 + * of the GNU General Public License, incorporated herein by reference. 9 + * 10 + * Usage: insert-sys-cert [-s <System.map> -b <vmlinux> -c <certfile> 11 + */ 12 + 13 + #define _GNU_SOURCE 14 + #include <stdio.h> 15 + #include <ctype.h> 16 + #include <string.h> 17 + #include <limits.h> 18 + #include <stdbool.h> 19 + #include <errno.h> 20 + #include <stdlib.h> 21 + #include <stdarg.h> 22 + #include <sys/types.h> 23 + #include <sys/stat.h> 24 + #include <sys/mman.h> 25 + #include <fcntl.h> 26 + #include <unistd.h> 27 + #include <elf.h> 28 + 29 + #define CERT_SYM "system_extra_cert" 30 + #define USED_SYM "system_extra_cert_used" 31 + #define LSIZE_SYM "system_certificate_list_size" 32 + 33 + #define info(format, args...) fprintf(stderr, "INFO: " format, ## args) 34 + #define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args) 35 + #define err(format, args...) fprintf(stderr, "ERROR: " format, ## args) 36 + 37 + #if UINTPTR_MAX == 0xffffffff 38 + #define CURRENT_ELFCLASS ELFCLASS32 39 + #define Elf_Ehdr Elf32_Ehdr 40 + #define Elf_Shdr Elf32_Shdr 41 + #define Elf_Sym Elf32_Sym 42 + #else 43 + #define CURRENT_ELFCLASS ELFCLASS64 44 + #define Elf_Ehdr Elf64_Ehdr 45 + #define Elf_Shdr Elf64_Shdr 46 + #define Elf_Sym Elf64_Sym 47 + #endif 48 + 49 + static unsigned char endianness(void) 50 + { 51 + uint16_t two_byte = 0x00FF; 52 + uint8_t low_address = *((uint8_t *)&two_byte); 53 + 54 + if (low_address == 0) 55 + return ELFDATA2MSB; 56 + else 57 + return ELFDATA2LSB; 58 + } 59 + 60 + struct sym { 61 + char *name; 62 + unsigned long address; 63 + unsigned long offset; 64 + void *content; 65 + int size; 66 + }; 67 + 68 + static unsigned long get_offset_from_address(Elf_Ehdr *hdr, unsigned long addr) 69 + { 70 + Elf_Shdr *x; 71 + unsigned int i, num_sections; 72 + 73 + x = (void *)hdr + hdr->e_shoff; 74 + if (hdr->e_shnum == SHN_UNDEF) 75 + num_sections = x[0].sh_size; 76 + else 77 + num_sections = hdr->e_shnum; 78 + 79 + for (i = 1; i < num_sections; i++) { 80 + unsigned long start = x[i].sh_addr; 81 + unsigned long end = start + x[i].sh_size; 82 + unsigned long offset = x[i].sh_offset; 83 + 84 + if (addr >= start && addr <= end) 85 + return addr - start + offset; 86 + } 87 + return 0; 88 + } 89 + 90 + 91 + #define LINE_SIZE 100 92 + 93 + static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name, 94 + struct sym *s) 95 + { 96 + char l[LINE_SIZE]; 97 + char *w, *p, *n; 98 + 99 + s->size = 0; 100 + s->address = 0; 101 + s->offset = 0; 102 + if (fseek(f, 0, SEEK_SET) != 0) { 103 + perror("File seek failed"); 104 + exit(EXIT_FAILURE); 105 + } 106 + while (fgets(l, LINE_SIZE, f)) { 107 + p = strchr(l, '\n'); 108 + if (!p) { 109 + err("Missing line ending.\n"); 110 + return; 111 + } 112 + n = strstr(l, name); 113 + if (n) 114 + break; 115 + } 116 + if (!n) { 117 + err("Unable to find symbol: %s\n", name); 118 + return; 119 + } 120 + w = strchr(l, ' '); 121 + if (!w) 122 + return; 123 + 124 + *w = '\0'; 125 + s->address = strtoul(l, NULL, 16); 126 + if (s->address == 0) 127 + return; 128 + s->offset = get_offset_from_address(hdr, s->address); 129 + s->name = name; 130 + s->content = (void *)hdr + s->offset; 131 + } 132 + 133 + static Elf_Sym *find_elf_symbol(Elf_Ehdr *hdr, Elf_Shdr *symtab, char *name) 134 + { 135 + Elf_Sym *sym, *symtab_start; 136 + char *strtab, *symname; 137 + unsigned int link; 138 + Elf_Shdr *x; 139 + int i, n; 140 + 141 + x = (void *)hdr + hdr->e_shoff; 142 + link = symtab->sh_link; 143 + symtab_start = (void *)hdr + symtab->sh_offset; 144 + n = symtab->sh_size / symtab->sh_entsize; 145 + strtab = (void *)hdr + x[link].sh_offset; 146 + 147 + for (i = 0; i < n; i++) { 148 + sym = &symtab_start[i]; 149 + symname = strtab + sym->st_name; 150 + if (strcmp(symname, name) == 0) 151 + return sym; 152 + } 153 + err("Unable to find symbol: %s\n", name); 154 + return NULL; 155 + } 156 + 157 + static void get_symbol_from_table(Elf_Ehdr *hdr, Elf_Shdr *symtab, 158 + char *name, struct sym *s) 159 + { 160 + Elf_Shdr *sec; 161 + int secndx; 162 + Elf_Sym *elf_sym; 163 + Elf_Shdr *x; 164 + 165 + x = (void *)hdr + hdr->e_shoff; 166 + s->size = 0; 167 + s->address = 0; 168 + s->offset = 0; 169 + elf_sym = find_elf_symbol(hdr, symtab, name); 170 + if (!elf_sym) 171 + return; 172 + secndx = elf_sym->st_shndx; 173 + if (!secndx) 174 + return; 175 + sec = &x[secndx]; 176 + s->size = elf_sym->st_size; 177 + s->address = elf_sym->st_value; 178 + s->offset = s->address - sec->sh_addr 179 + + sec->sh_offset; 180 + s->name = name; 181 + s->content = (void *)hdr + s->offset; 182 + } 183 + 184 + static Elf_Shdr *get_symbol_table(Elf_Ehdr *hdr) 185 + { 186 + Elf_Shdr *x; 187 + unsigned int i, num_sections; 188 + 189 + x = (void *)hdr + hdr->e_shoff; 190 + if (hdr->e_shnum == SHN_UNDEF) 191 + num_sections = x[0].sh_size; 192 + else 193 + num_sections = hdr->e_shnum; 194 + 195 + for (i = 1; i < num_sections; i++) 196 + if (x[i].sh_type == SHT_SYMTAB) 197 + return &x[i]; 198 + return NULL; 199 + } 200 + 201 + static void *map_file(char *file_name, int *size) 202 + { 203 + struct stat st; 204 + void *map; 205 + int fd; 206 + 207 + fd = open(file_name, O_RDWR); 208 + if (fd < 0) { 209 + perror(file_name); 210 + return NULL; 211 + } 212 + if (fstat(fd, &st)) { 213 + perror("Could not determine file size"); 214 + close(fd); 215 + return NULL; 216 + } 217 + *size = st.st_size; 218 + map = mmap(NULL, *size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 219 + if (map == MAP_FAILED) { 220 + perror("Mapping to memory failed"); 221 + close(fd); 222 + return NULL; 223 + } 224 + close(fd); 225 + return map; 226 + } 227 + 228 + static char *read_file(char *file_name, int *size) 229 + { 230 + struct stat st; 231 + char *buf; 232 + int fd; 233 + 234 + fd = open(file_name, O_RDONLY); 235 + if (fd < 0) { 236 + perror(file_name); 237 + return NULL; 238 + } 239 + if (fstat(fd, &st)) { 240 + perror("Could not determine file size"); 241 + close(fd); 242 + return NULL; 243 + } 244 + *size = st.st_size; 245 + buf = malloc(*size); 246 + if (!buf) { 247 + perror("Allocating memory failed"); 248 + close(fd); 249 + return NULL; 250 + } 251 + if (read(fd, buf, *size) != *size) { 252 + perror("File read failed"); 253 + close(fd); 254 + return NULL; 255 + } 256 + close(fd); 257 + return buf; 258 + } 259 + 260 + static void print_sym(Elf_Ehdr *hdr, struct sym *s) 261 + { 262 + info("sym: %s\n", s->name); 263 + info("addr: 0x%lx\n", s->address); 264 + info("size: %d\n", s->size); 265 + info("offset: 0x%lx\n", (unsigned long)s->offset); 266 + } 267 + 268 + static void print_usage(char *e) 269 + { 270 + printf("Usage %s [-s <System.map>] -b <vmlinux> -c <certfile>\n", e); 271 + } 272 + 273 + int main(int argc, char **argv) 274 + { 275 + char *system_map_file = NULL; 276 + char *vmlinux_file = NULL; 277 + char *cert_file = NULL; 278 + int vmlinux_size; 279 + int cert_size; 280 + Elf_Ehdr *hdr; 281 + char *cert; 282 + FILE *system_map; 283 + unsigned long *lsize; 284 + int *used; 285 + int opt; 286 + Elf_Shdr *symtab = NULL; 287 + struct sym cert_sym, lsize_sym, used_sym; 288 + 289 + while ((opt = getopt(argc, argv, "b:c:s:")) != -1) { 290 + switch (opt) { 291 + case 's': 292 + system_map_file = optarg; 293 + break; 294 + case 'b': 295 + vmlinux_file = optarg; 296 + break; 297 + case 'c': 298 + cert_file = optarg; 299 + break; 300 + default: 301 + break; 302 + } 303 + } 304 + 305 + if (!vmlinux_file || !cert_file) { 306 + print_usage(argv[0]); 307 + exit(EXIT_FAILURE); 308 + } 309 + 310 + cert = read_file(cert_file, &cert_size); 311 + if (!cert) 312 + exit(EXIT_FAILURE); 313 + 314 + hdr = map_file(vmlinux_file, &vmlinux_size); 315 + if (!hdr) 316 + exit(EXIT_FAILURE); 317 + 318 + if (vmlinux_size < sizeof(*hdr)) { 319 + err("Invalid ELF file.\n"); 320 + exit(EXIT_FAILURE); 321 + } 322 + 323 + if ((hdr->e_ident[EI_MAG0] != ELFMAG0) || 324 + (hdr->e_ident[EI_MAG1] != ELFMAG1) || 325 + (hdr->e_ident[EI_MAG2] != ELFMAG2) || 326 + (hdr->e_ident[EI_MAG3] != ELFMAG3)) { 327 + err("Invalid ELF magic.\n"); 328 + exit(EXIT_FAILURE); 329 + } 330 + 331 + if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) { 332 + err("ELF class mismatch.\n"); 333 + exit(EXIT_FAILURE); 334 + } 335 + 336 + if (hdr->e_ident[EI_DATA] != endianness()) { 337 + err("ELF endian mismatch.\n"); 338 + exit(EXIT_FAILURE); 339 + } 340 + 341 + if (hdr->e_shoff > vmlinux_size) { 342 + err("Could not find section header.\n"); 343 + exit(EXIT_FAILURE); 344 + } 345 + 346 + symtab = get_symbol_table(hdr); 347 + if (!symtab) { 348 + warn("Could not find the symbol table.\n"); 349 + if (!system_map_file) { 350 + err("Please provide a System.map file.\n"); 351 + print_usage(argv[0]); 352 + exit(EXIT_FAILURE); 353 + } 354 + 355 + system_map = fopen(system_map_file, "r"); 356 + if (!system_map) { 357 + perror(system_map_file); 358 + exit(EXIT_FAILURE); 359 + } 360 + get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym); 361 + get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym); 362 + get_symbol_from_map(hdr, system_map, LSIZE_SYM, &lsize_sym); 363 + cert_sym.size = used_sym.address - cert_sym.address; 364 + } else { 365 + info("Symbol table found.\n"); 366 + if (system_map_file) 367 + warn("System.map is ignored.\n"); 368 + get_symbol_from_table(hdr, symtab, CERT_SYM, &cert_sym); 369 + get_symbol_from_table(hdr, symtab, USED_SYM, &used_sym); 370 + get_symbol_from_table(hdr, symtab, LSIZE_SYM, &lsize_sym); 371 + } 372 + 373 + if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset) 374 + exit(EXIT_FAILURE); 375 + 376 + print_sym(hdr, &cert_sym); 377 + print_sym(hdr, &used_sym); 378 + print_sym(hdr, &lsize_sym); 379 + 380 + lsize = (unsigned long *)lsize_sym.content; 381 + used = (int *)used_sym.content; 382 + 383 + if (cert_sym.size < cert_size) { 384 + err("Certificate is larger than the reserved area!\n"); 385 + exit(EXIT_FAILURE); 386 + } 387 + 388 + /* If the existing cert is the same, don't overwrite */ 389 + if (cert_size == *used && 390 + strncmp(cert_sym.content, cert, cert_size) == 0) { 391 + warn("Certificate was already inserted.\n"); 392 + exit(EXIT_SUCCESS); 393 + } 394 + 395 + if (*used > 0) 396 + warn("Replacing previously inserted certificate.\n"); 397 + 398 + memcpy(cert_sym.content, cert, cert_size); 399 + if (cert_size < cert_sym.size) 400 + memset(cert_sym.content + cert_size, 401 + 0, cert_sym.size - cert_size); 402 + 403 + *lsize = *lsize + cert_size - *used; 404 + *used = cert_size; 405 + info("Inserted the contents of %s into %lx.\n", cert_file, 406 + cert_sym.address); 407 + info("Used %d bytes out of %d bytes reserved.\n", *used, 408 + cert_sym.size); 409 + exit(EXIT_SUCCESS); 410 + }

+154 -98

scripts/sign-file.c

··· 2 2 * 3 3 * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. 4 4 * Copyright © 2015 Intel Corporation. 5 + * Copyright © 2016 Hewlett Packard Enterprise Development LP 5 6 * 6 7 * Authors: David Howells <dhowells@redhat.com> 7 8 * David Woodhouse <dwmw2@infradead.org> 9 + * Juerg Haefliger <juerg.haefliger@hpe.com> 8 10 * 9 11 * This program is free software; you can redistribute it and/or 10 12 * modify it under the terms of the GNU Lesser General Public License ··· 41 39 * signing with anything other than SHA1 - so we're stuck with that if such is 42 40 * the case. 43 41 */ 44 - #if OPENSSL_VERSION_NUMBER < 0x10000000L 42 + #if OPENSSL_VERSION_NUMBER < 0x10000000L || defined(OPENSSL_NO_CMS) 45 43 #define USE_PKCS7 46 44 #endif 47 45 #ifndef USE_PKCS7 ··· 69 67 { 70 68 fprintf(stderr, 71 69 "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n"); 70 + fprintf(stderr, 71 + " scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n"); 72 72 exit(2); 73 73 } 74 74 ··· 130 126 return pwlen; 131 127 } 132 128 129 + static EVP_PKEY *read_private_key(const char *private_key_name) 130 + { 131 + EVP_PKEY *private_key; 132 + 133 + if (!strncmp(private_key_name, "pkcs11:", 7)) { 134 + ENGINE *e; 135 + 136 + ENGINE_load_builtin_engines(); 137 + drain_openssl_errors(); 138 + e = ENGINE_by_id("pkcs11"); 139 + ERR(!e, "Load PKCS#11 ENGINE"); 140 + if (ENGINE_init(e)) 141 + drain_openssl_errors(); 142 + else 143 + ERR(1, "ENGINE_init"); 144 + if (key_pass) 145 + ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), 146 + "Set PKCS#11 PIN"); 147 + private_key = ENGINE_load_private_key(e, private_key_name, 148 + NULL, NULL); 149 + ERR(!private_key, "%s", private_key_name); 150 + } else { 151 + BIO *b; 152 + 153 + b = BIO_new_file(private_key_name, "rb"); 154 + ERR(!b, "%s", private_key_name); 155 + private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, 156 + NULL); 157 + ERR(!private_key, "%s", private_key_name); 158 + BIO_free(b); 159 + } 160 + 161 + return private_key; 162 + } 163 + 164 + static X509 *read_x509(const char *x509_name) 165 + { 166 + X509 *x509; 167 + BIO *b; 168 + 169 + b = BIO_new_file(x509_name, "rb"); 170 + ERR(!b, "%s", x509_name); 171 + x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */ 172 + if (!x509) { 173 + ERR(BIO_reset(b) != 1, "%s", x509_name); 174 + x509 = PEM_read_bio_X509(b, NULL, NULL, 175 + NULL); /* PEM encoded X.509 */ 176 + if (x509) 177 + drain_openssl_errors(); 178 + } 179 + BIO_free(b); 180 + ERR(!x509, "%s", x509_name); 181 + 182 + return x509; 183 + } 184 + 133 185 int main(int argc, char **argv) 134 186 { 135 187 struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; 136 188 char *hash_algo = NULL; 137 - char *private_key_name, *x509_name, *module_name, *dest_name; 189 + char *private_key_name = NULL, *raw_sig_name = NULL; 190 + char *x509_name, *module_name, *dest_name; 138 191 bool save_sig = false, replace_orig; 139 192 bool sign_only = false; 193 + bool raw_sig = false; 140 194 unsigned char buf[4096]; 141 195 unsigned long module_size, sig_size; 142 196 unsigned int use_signed_attrs; 143 197 const EVP_MD *digest_algo; 144 198 EVP_PKEY *private_key; 145 199 #ifndef USE_PKCS7 146 - CMS_ContentInfo *cms; 200 + CMS_ContentInfo *cms = NULL; 147 201 unsigned int use_keyid = 0; 148 202 #else 149 - PKCS7 *pkcs7; 203 + PKCS7 *pkcs7 = NULL; 150 204 #endif 151 205 X509 *x509; 152 - BIO *b, *bd = NULL, *bm; 206 + BIO *bd, *bm; 153 207 int opt, n; 154 208 OpenSSL_add_all_algorithms(); 155 209 ERR_load_crypto_strings(); ··· 222 160 #endif 223 161 224 162 do { 225 - opt = getopt(argc, argv, "dpk"); 163 + opt = getopt(argc, argv, "sdpk"); 226 164 switch (opt) { 165 + case 's': raw_sig = true; break; 227 166 case 'p': save_sig = true; break; 228 167 case 'd': sign_only = true; save_sig = true; break; 229 168 #ifndef USE_PKCS7 ··· 240 177 if (argc < 4 || argc > 5) 241 178 format(); 242 179 243 - hash_algo = argv[0]; 244 - private_key_name = argv[1]; 180 + if (raw_sig) { 181 + raw_sig_name = argv[0]; 182 + hash_algo = argv[1]; 183 + } else { 184 + hash_algo = argv[0]; 185 + private_key_name = argv[1]; 186 + } 245 187 x509_name = argv[2]; 246 188 module_name = argv[3]; 247 189 if (argc == 5) { ··· 266 198 } 267 199 #endif 268 200 269 - /* Read the private key and the X.509 cert the PKCS#7 message 270 - * will point to. 271 - */ 272 - if (!strncmp(private_key_name, "pkcs11:", 7)) { 273 - ENGINE *e; 201 + /* Open the module file */ 202 + bm = BIO_new_file(module_name, "rb"); 203 + ERR(!bm, "%s", module_name); 274 204 275 - ENGINE_load_builtin_engines(); 276 - drain_openssl_errors(); 277 - e = ENGINE_by_id("pkcs11"); 278 - ERR(!e, "Load PKCS#11 ENGINE"); 279 - if (ENGINE_init(e)) 280 - drain_openssl_errors(); 281 - else 282 - ERR(1, "ENGINE_init"); 283 - if (key_pass) 284 - ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); 285 - private_key = ENGINE_load_private_key(e, private_key_name, NULL, 286 - NULL); 287 - ERR(!private_key, "%s", private_key_name); 288 - } else { 289 - b = BIO_new_file(private_key_name, "rb"); 290 - ERR(!b, "%s", private_key_name); 291 - private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, NULL); 292 - ERR(!private_key, "%s", private_key_name); 293 - BIO_free(b); 294 - } 205 + if (!raw_sig) { 206 + /* Read the private key and the X.509 cert the PKCS#7 message 207 + * will point to. 208 + */ 209 + private_key = read_private_key(private_key_name); 210 + x509 = read_x509(x509_name); 295 211 296 - b = BIO_new_file(x509_name, "rb"); 297 - ERR(!b, "%s", x509_name); 298 - x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */ 299 - if (!x509) { 300 - ERR(BIO_reset(b) != 1, "%s", x509_name); 301 - x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); /* PEM encoded X.509 */ 302 - if (x509) 303 - drain_openssl_errors(); 212 + /* Digest the module data. */ 213 + OpenSSL_add_all_digests(); 214 + display_openssl_errors(__LINE__); 215 + digest_algo = EVP_get_digestbyname(hash_algo); 216 + ERR(!digest_algo, "EVP_get_digestbyname"); 217 + 218 + #ifndef USE_PKCS7 219 + /* Load the signature message from the digest buffer. */ 220 + cms = CMS_sign(NULL, NULL, NULL, NULL, 221 + CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY | 222 + CMS_DETACHED | CMS_STREAM); 223 + ERR(!cms, "CMS_sign"); 224 + 225 + ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, 226 + CMS_NOCERTS | CMS_BINARY | 227 + CMS_NOSMIMECAP | use_keyid | 228 + use_signed_attrs), 229 + "CMS_add1_signer"); 230 + ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, 231 + "CMS_final"); 232 + 233 + #else 234 + pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, 235 + PKCS7_NOCERTS | PKCS7_BINARY | 236 + PKCS7_DETACHED | use_signed_attrs); 237 + ERR(!pkcs7, "PKCS7_sign"); 238 + #endif 239 + 240 + if (save_sig) { 241 + char *sig_file_name; 242 + BIO *b; 243 + 244 + ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, 245 + "asprintf"); 246 + b = BIO_new_file(sig_file_name, "wb"); 247 + ERR(!b, "%s", sig_file_name); 248 + #ifndef USE_PKCS7 249 + ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, 250 + "%s", sig_file_name); 251 + #else 252 + ERR(i2d_PKCS7_bio(b, pkcs7) < 0, 253 + "%s", sig_file_name); 254 + #endif 255 + BIO_free(b); 256 + } 257 + 258 + if (sign_only) { 259 + BIO_free(bm); 260 + return 0; 261 + } 304 262 } 305 - BIO_free(b); 306 - ERR(!x509, "%s", x509_name); 307 263 308 264 /* Open the destination file now so that we can shovel the module data 309 265 * across as we read it. 310 266 */ 311 - if (!sign_only) { 312 - bd = BIO_new_file(dest_name, "wb"); 313 - ERR(!bd, "%s", dest_name); 314 - } 315 - 316 - /* Digest the module data. */ 317 - OpenSSL_add_all_digests(); 318 - display_openssl_errors(__LINE__); 319 - digest_algo = EVP_get_digestbyname(hash_algo); 320 - ERR(!digest_algo, "EVP_get_digestbyname"); 321 - 322 - bm = BIO_new_file(module_name, "rb"); 323 - ERR(!bm, "%s", module_name); 324 - 325 - #ifndef USE_PKCS7 326 - /* Load the signature message from the digest buffer. */ 327 - cms = CMS_sign(NULL, NULL, NULL, NULL, 328 - CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY | CMS_DETACHED | CMS_STREAM); 329 - ERR(!cms, "CMS_sign"); 330 - 331 - ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, 332 - CMS_NOCERTS | CMS_BINARY | CMS_NOSMIMECAP | 333 - use_keyid | use_signed_attrs), 334 - "CMS_add1_signer"); 335 - ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, 336 - "CMS_final"); 337 - 338 - #else 339 - pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, 340 - PKCS7_NOCERTS | PKCS7_BINARY | 341 - PKCS7_DETACHED | use_signed_attrs); 342 - ERR(!pkcs7, "PKCS7_sign"); 343 - #endif 344 - 345 - if (save_sig) { 346 - char *sig_file_name; 347 - 348 - ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, 349 - "asprintf"); 350 - b = BIO_new_file(sig_file_name, "wb"); 351 - ERR(!b, "%s", sig_file_name); 352 - #ifndef USE_PKCS7 353 - ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, 354 - "%s", sig_file_name); 355 - #else 356 - ERR(i2d_PKCS7_bio(b, pkcs7) < 0, 357 - "%s", sig_file_name); 358 - #endif 359 - BIO_free(b); 360 - } 361 - 362 - if (sign_only) 363 - return 0; 267 + bd = BIO_new_file(dest_name, "wb"); 268 + ERR(!bd, "%s", dest_name); 364 269 365 270 /* Append the marker and the PKCS#7 message to the destination file */ 366 271 ERR(BIO_reset(bm) < 0, "%s", module_name); ··· 341 300 n > 0) { 342 301 ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); 343 302 } 303 + BIO_free(bm); 344 304 ERR(n < 0, "%s", module_name); 345 305 module_size = BIO_number_written(bd); 346 306 307 + if (!raw_sig) { 347 308 #ifndef USE_PKCS7 348 - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); 309 + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); 349 310 #else 350 - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); 311 + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); 351 312 #endif 313 + } else { 314 + BIO *b; 315 + 316 + /* Read the raw signature file and write the data to the 317 + * destination file 318 + */ 319 + b = BIO_new_file(raw_sig_name, "rb"); 320 + ERR(!b, "%s", raw_sig_name); 321 + while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) 322 + ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); 323 + BIO_free(b); 324 + } 325 + 352 326 sig_size = BIO_number_written(bd) - module_size; 353 327 sig_info.sig_len = htonl(sig_size); 354 328 ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);

+1 -1

security/integrity/Kconfig

··· 36 36 select ASYMMETRIC_KEY_TYPE 37 37 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 38 38 select PUBLIC_KEY_ALGO_RSA 39 + select CRYPTO_RSA 39 40 select X509_CERTIFICATE_PARSER 40 41 help 41 42 This option enables digital signature verification using ··· 46 45 bool "Require all keys on the integrity keyrings be signed" 47 46 depends on SYSTEM_TRUSTED_KEYRING 48 47 depends on INTEGRITY_ASYMMETRIC_KEYS 49 - select KEYS_DEBUG_PROC_KEYS 50 48 default y 51 49 help 52 50 This option requires that all keys added to the .ima and

+7 -9

security/integrity/digsig_asymmetric.c

··· 16 16 #include <linux/ratelimit.h> 17 17 #include <linux/key-type.h> 18 18 #include <crypto/public_key.h> 19 + #include <crypto/hash_info.h> 19 20 #include <keys/asymmetric-type.h> 20 21 #include <keys/system_keyring.h> 21 22 ··· 95 94 if (siglen != __be16_to_cpu(hdr->sig_size)) 96 95 return -EBADMSG; 97 96 98 - if (hdr->hash_algo >= PKEY_HASH__LAST) 97 + if (hdr->hash_algo >= HASH_ALGO__LAST) 99 98 return -ENOPKG; 100 99 101 100 key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); ··· 104 103 105 104 memset(&pks, 0, sizeof(pks)); 106 105 107 - pks.pkey_hash_algo = hdr->hash_algo; 106 + pks.pkey_algo = "rsa"; 107 + pks.hash_algo = hash_algo_name[hdr->hash_algo]; 108 108 pks.digest = (u8 *)data; 109 109 pks.digest_size = datalen; 110 - pks.nr_mpi = 1; 111 - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); 112 - 113 - if (pks.rsa.s) 114 - ret = verify_signature(key, &pks); 115 - 116 - mpi_free(pks.rsa.s); 110 + pks.s = hdr->sig; 111 + pks.s_size = siglen; 112 + ret = verify_signature(key, &pks); 117 113 key_put(key); 118 114 pr_debug("%s() = %d\n", __func__, ret); 119 115 return ret;

+2 -2

security/integrity/iint.c

··· 77 77 iint->ima_file_status = INTEGRITY_UNKNOWN; 78 78 iint->ima_mmap_status = INTEGRITY_UNKNOWN; 79 79 iint->ima_bprm_status = INTEGRITY_UNKNOWN; 80 - iint->ima_module_status = INTEGRITY_UNKNOWN; 80 + iint->ima_read_status = INTEGRITY_UNKNOWN; 81 81 iint->evm_status = INTEGRITY_UNKNOWN; 82 82 kmem_cache_free(iint_cache, iint); 83 83 } ··· 157 157 iint->ima_file_status = INTEGRITY_UNKNOWN; 158 158 iint->ima_mmap_status = INTEGRITY_UNKNOWN; 159 159 iint->ima_bprm_status = INTEGRITY_UNKNOWN; 160 - iint->ima_module_status = INTEGRITY_UNKNOWN; 160 + iint->ima_read_status = INTEGRITY_UNKNOWN; 161 161 iint->evm_status = INTEGRITY_UNKNOWN; 162 162 } 163 163

+33 -16

security/integrity/ima/ima.h

··· 19 19 20 20 #include <linux/types.h> 21 21 #include <linux/crypto.h> 22 + #include <linux/fs.h> 22 23 #include <linux/security.h> 23 24 #include <linux/hash.h> 24 25 #include <linux/tpm.h> 25 26 #include <linux/audit.h> 27 + #include <crypto/hash_info.h> 26 28 27 29 #include "../integrity.h" 28 30 ··· 108 106 const char *op, struct inode *inode, 109 107 const unsigned char *filename); 110 108 int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); 109 + int ima_calc_buffer_hash(const void *buf, loff_t len, 110 + struct ima_digest_data *hash); 111 111 int ima_calc_field_array_hash(struct ima_field_data *field_data, 112 112 struct ima_template_desc *desc, int num_fields, 113 113 struct ima_digest_data *hash); ··· 140 136 return hash_long(*digest, IMA_HASH_BITS); 141 137 } 142 138 139 + enum ima_hooks { 140 + FILE_CHECK = 1, 141 + MMAP_CHECK, 142 + BPRM_CHECK, 143 + POST_SETATTR, 144 + MODULE_CHECK, 145 + FIRMWARE_CHECK, 146 + KEXEC_KERNEL_CHECK, 147 + KEXEC_INITRAMFS_CHECK, 148 + POLICY_CHECK, 149 + MAX_CHECK 150 + }; 151 + 143 152 /* LIM API function definitions */ 144 - int ima_get_action(struct inode *inode, int mask, int function); 145 - int ima_must_measure(struct inode *inode, int mask, int function); 153 + int ima_get_action(struct inode *inode, int mask, enum ima_hooks func); 154 + int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 146 155 int ima_collect_measurement(struct integrity_iint_cache *iint, 147 - struct file *file, 148 - struct evm_ima_xattr_data **xattr_value, 149 - int *xattr_len); 156 + struct file *file, void *buf, loff_t size, 157 + enum hash_algo algo); 150 158 void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 151 159 const unsigned char *filename, 152 160 struct evm_ima_xattr_data *xattr_value, ··· 173 157 const char *ima_d_path(struct path *path, char **pathbuf); 174 158 175 159 /* IMA policy related functions */ 176 - enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, FIRMWARE_CHECK, POST_SETATTR }; 177 - 178 160 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 179 161 int flags); 180 162 void ima_init_policy(void); ··· 192 178 #define IMA_APPRAISE_LOG 0x04 193 179 #define IMA_APPRAISE_MODULES 0x08 194 180 #define IMA_APPRAISE_FIRMWARE 0x10 181 + #define IMA_APPRAISE_POLICY 0x20 195 182 196 183 #ifdef CONFIG_IMA_APPRAISE 197 - int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 184 + int ima_appraise_measurement(enum ima_hooks func, 185 + struct integrity_iint_cache *iint, 198 186 struct file *file, const unsigned char *filename, 199 187 struct evm_ima_xattr_data *xattr_value, 200 188 int xattr_len, int opened); 201 189 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 202 190 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 203 191 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 204 - int func); 205 - void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len, 206 - struct ima_digest_data *hash); 192 + enum ima_hooks func); 193 + enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, 194 + int xattr_len); 207 195 int ima_read_xattr(struct dentry *dentry, 208 196 struct evm_ima_xattr_data **xattr_value); 209 197 210 198 #else 211 - static inline int ima_appraise_measurement(int func, 199 + static inline int ima_appraise_measurement(enum ima_hooks func, 212 200 struct integrity_iint_cache *iint, 213 201 struct file *file, 214 202 const unsigned char *filename, ··· 232 216 } 233 217 234 218 static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache 235 - *iint, int func) 219 + *iint, 220 + enum ima_hooks func) 236 221 { 237 222 return INTEGRITY_UNKNOWN; 238 223 } 239 224 240 - static inline void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, 241 - int xattr_len, 242 - struct ima_digest_data *hash) 225 + static inline enum hash_algo 226 + ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len) 243 227 { 228 + return ima_hash_algo; 244 229 } 245 230 246 231 static inline int ima_read_xattr(struct dentry *dentry,

+9 -16

security/integrity/ima/ima_api.c

··· 18 18 #include <linux/fs.h> 19 19 #include <linux/xattr.h> 20 20 #include <linux/evm.h> 21 - #include <crypto/hash_info.h> 21 + 22 22 #include "ima.h" 23 23 24 24 /* ··· 156 156 * ima_get_action - appraise & measure decision based on policy. 157 157 * @inode: pointer to inode to measure 158 158 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) 159 - * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) 159 + * @func: caller identifier 160 160 * 161 161 * The policy is defined in terms of keypairs: 162 162 * subj=, obj=, type=, func=, mask=, fsmagic= ··· 168 168 * Returns IMA_MEASURE, IMA_APPRAISE mask. 169 169 * 170 170 */ 171 - int ima_get_action(struct inode *inode, int mask, int function) 171 + int ima_get_action(struct inode *inode, int mask, enum ima_hooks func) 172 172 { 173 173 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE; 174 174 175 175 flags &= ima_policy_flag; 176 176 177 - return ima_match_policy(inode, function, mask, flags); 177 + return ima_match_policy(inode, func, mask, flags); 178 178 } 179 179 180 180 /* ··· 188 188 * Return 0 on success, error code otherwise 189 189 */ 190 190 int ima_collect_measurement(struct integrity_iint_cache *iint, 191 - struct file *file, 192 - struct evm_ima_xattr_data **xattr_value, 193 - int *xattr_len) 191 + struct file *file, void *buf, loff_t size, 192 + enum hash_algo algo) 194 193 { 195 194 const char *audit_cause = "failed"; 196 195 struct inode *inode = file_inode(file); ··· 200 201 char digest[IMA_MAX_DIGEST_SIZE]; 201 202 } hash; 202 203 203 - if (xattr_value) 204 - *xattr_len = ima_read_xattr(file->f_path.dentry, xattr_value); 205 - 206 204 if (!(iint->flags & IMA_COLLECTED)) { 207 205 u64 i_version = file_inode(file)->i_version; 208 206 ··· 209 213 goto out; 210 214 } 211 215 212 - /* use default hash algorithm */ 213 - hash.hdr.algo = ima_hash_algo; 216 + hash.hdr.algo = algo; 214 217 215 - if (xattr_value) 216 - ima_get_hash_algo(*xattr_value, *xattr_len, &hash.hdr); 217 - 218 - result = ima_calc_file_hash(file, &hash.hdr); 218 + result = (!buf) ? ima_calc_file_hash(file, &hash.hdr) : 219 + ima_calc_buffer_hash(buf, size, &hash.hdr); 219 220 if (!result) { 220 221 int length = sizeof(hash.hdr) + hash.hdr.length; 221 222 void *tmpbuf = krealloc(iint->ima_hash, length,

+35 -34

security/integrity/ima/ima_appraise.c

··· 15 15 #include <linux/magic.h> 16 16 #include <linux/ima.h> 17 17 #include <linux/evm.h> 18 - #include <crypto/hash_info.h> 19 18 20 19 #include "ima.h" 21 20 ··· 67 68 68 69 /* Return specific func appraised cached result */ 69 70 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 70 - int func) 71 + enum ima_hooks func) 71 72 { 72 73 switch (func) { 73 74 case MMAP_CHECK: 74 75 return iint->ima_mmap_status; 75 76 case BPRM_CHECK: 76 77 return iint->ima_bprm_status; 77 - case MODULE_CHECK: 78 - return iint->ima_module_status; 79 - case FIRMWARE_CHECK: 80 - return iint->ima_firmware_status; 81 78 case FILE_CHECK: 82 - default: 79 + case POST_SETATTR: 83 80 return iint->ima_file_status; 81 + case MODULE_CHECK ... MAX_CHECK - 1: 82 + default: 83 + return iint->ima_read_status; 84 84 } 85 85 } 86 86 87 87 static void ima_set_cache_status(struct integrity_iint_cache *iint, 88 - int func, enum integrity_status status) 88 + enum ima_hooks func, 89 + enum integrity_status status) 89 90 { 90 91 switch (func) { 91 92 case MMAP_CHECK: ··· 94 95 case BPRM_CHECK: 95 96 iint->ima_bprm_status = status; 96 97 break; 97 - case MODULE_CHECK: 98 - iint->ima_module_status = status; 99 - break; 100 - case FIRMWARE_CHECK: 101 - iint->ima_firmware_status = status; 102 - break; 103 98 case FILE_CHECK: 104 - default: 99 + case POST_SETATTR: 105 100 iint->ima_file_status = status; 101 + break; 102 + case MODULE_CHECK ... MAX_CHECK - 1: 103 + default: 104 + iint->ima_read_status = status; 106 105 break; 107 106 } 108 107 } 109 108 110 - static void ima_cache_flags(struct integrity_iint_cache *iint, int func) 109 + static void ima_cache_flags(struct integrity_iint_cache *iint, 110 + enum ima_hooks func) 111 111 { 112 112 switch (func) { 113 113 case MMAP_CHECK: ··· 115 117 case BPRM_CHECK: 116 118 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); 117 119 break; 118 - case MODULE_CHECK: 119 - iint->flags |= (IMA_MODULE_APPRAISED | IMA_APPRAISED); 120 - break; 121 - case FIRMWARE_CHECK: 122 - iint->flags |= (IMA_FIRMWARE_APPRAISED | IMA_APPRAISED); 123 - break; 124 120 case FILE_CHECK: 125 - default: 121 + case POST_SETATTR: 126 122 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); 123 + break; 124 + case MODULE_CHECK ... MAX_CHECK - 1: 125 + default: 126 + iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); 127 127 break; 128 128 } 129 129 } 130 130 131 - void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len, 132 - struct ima_digest_data *hash) 131 + enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, 132 + int xattr_len) 133 133 { 134 134 struct signature_v2_hdr *sig; 135 135 136 136 if (!xattr_value || xattr_len < 2) 137 - return; 137 + /* return default hash algo */ 138 + return ima_hash_algo; 138 139 139 140 switch (xattr_value->type) { 140 141 case EVM_IMA_XATTR_DIGSIG: 141 142 sig = (typeof(sig))xattr_value; 142 143 if (sig->version != 2 || xattr_len <= sizeof(*sig)) 143 - return; 144 - hash->algo = sig->hash_algo; 144 + return ima_hash_algo; 145 + return sig->hash_algo; 145 146 break; 146 147 case IMA_XATTR_DIGEST_NG: 147 - hash->algo = xattr_value->digest[0]; 148 + return xattr_value->digest[0]; 148 149 break; 149 150 case IMA_XATTR_DIGEST: 150 151 /* this is for backward compatibility */ 151 152 if (xattr_len == 21) { 152 153 unsigned int zero = 0; 153 154 if (!memcmp(&xattr_value->digest[16], &zero, 4)) 154 - hash->algo = HASH_ALGO_MD5; 155 + return HASH_ALGO_MD5; 155 156 else 156 - hash->algo = HASH_ALGO_SHA1; 157 + return HASH_ALGO_SHA1; 157 158 } else if (xattr_len == 17) 158 - hash->algo = HASH_ALGO_MD5; 159 + return HASH_ALGO_MD5; 159 160 break; 160 161 } 162 + 163 + /* return default hash algo */ 164 + return ima_hash_algo; 161 165 } 162 166 163 167 int ima_read_xattr(struct dentry *dentry, ··· 182 182 * 183 183 * Return 0 on success, error code otherwise 184 184 */ 185 - int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 185 + int ima_appraise_measurement(enum ima_hooks func, 186 + struct integrity_iint_cache *iint, 186 187 struct file *file, const unsigned char *filename, 187 188 struct evm_ima_xattr_data *xattr_value, 188 189 int xattr_len, int opened) ··· 297 296 if (iint->flags & IMA_DIGSIG) 298 297 return; 299 298 300 - rc = ima_collect_measurement(iint, file, NULL, NULL); 299 + rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo); 301 300 if (rc < 0) 302 301 return; 303 302

+119 -1

security/integrity/ima/ima_crypto.c

··· 24 24 #include <linux/err.h> 25 25 #include <linux/slab.h> 26 26 #include <crypto/hash.h> 27 - #include <crypto/hash_info.h> 27 + 28 28 #include "ima.h" 29 29 30 30 struct ahash_completion { ··· 517 517 ima_free_tfm(tfm); 518 518 519 519 return rc; 520 + } 521 + 522 + static int calc_buffer_ahash_atfm(const void *buf, loff_t len, 523 + struct ima_digest_data *hash, 524 + struct crypto_ahash *tfm) 525 + { 526 + struct ahash_request *req; 527 + struct scatterlist sg; 528 + struct ahash_completion res; 529 + int rc, ahash_rc = 0; 530 + 531 + hash->length = crypto_ahash_digestsize(tfm); 532 + 533 + req = ahash_request_alloc(tfm, GFP_KERNEL); 534 + if (!req) 535 + return -ENOMEM; 536 + 537 + init_completion(&res.completion); 538 + ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | 539 + CRYPTO_TFM_REQ_MAY_SLEEP, 540 + ahash_complete, &res); 541 + 542 + rc = ahash_wait(crypto_ahash_init(req), &res); 543 + if (rc) 544 + goto out; 545 + 546 + sg_init_one(&sg, buf, len); 547 + ahash_request_set_crypt(req, &sg, NULL, len); 548 + 549 + ahash_rc = crypto_ahash_update(req); 550 + 551 + /* wait for the update request to complete */ 552 + rc = ahash_wait(ahash_rc, &res); 553 + if (!rc) { 554 + ahash_request_set_crypt(req, NULL, hash->digest, 0); 555 + rc = ahash_wait(crypto_ahash_final(req), &res); 556 + } 557 + out: 558 + ahash_request_free(req); 559 + return rc; 560 + } 561 + 562 + static int calc_buffer_ahash(const void *buf, loff_t len, 563 + struct ima_digest_data *hash) 564 + { 565 + struct crypto_ahash *tfm; 566 + int rc; 567 + 568 + tfm = ima_alloc_atfm(hash->algo); 569 + if (IS_ERR(tfm)) 570 + return PTR_ERR(tfm); 571 + 572 + rc = calc_buffer_ahash_atfm(buf, len, hash, tfm); 573 + 574 + ima_free_atfm(tfm); 575 + 576 + return rc; 577 + } 578 + 579 + static int calc_buffer_shash_tfm(const void *buf, loff_t size, 580 + struct ima_digest_data *hash, 581 + struct crypto_shash *tfm) 582 + { 583 + SHASH_DESC_ON_STACK(shash, tfm); 584 + unsigned int len; 585 + int rc; 586 + 587 + shash->tfm = tfm; 588 + shash->flags = 0; 589 + 590 + hash->length = crypto_shash_digestsize(tfm); 591 + 592 + rc = crypto_shash_init(shash); 593 + if (rc != 0) 594 + return rc; 595 + 596 + while (size) { 597 + len = size < PAGE_SIZE ? size : PAGE_SIZE; 598 + rc = crypto_shash_update(shash, buf, len); 599 + if (rc) 600 + break; 601 + buf += len; 602 + size -= len; 603 + } 604 + 605 + if (!rc) 606 + rc = crypto_shash_final(shash, hash->digest); 607 + return rc; 608 + } 609 + 610 + static int calc_buffer_shash(const void *buf, loff_t len, 611 + struct ima_digest_data *hash) 612 + { 613 + struct crypto_shash *tfm; 614 + int rc; 615 + 616 + tfm = ima_alloc_tfm(hash->algo); 617 + if (IS_ERR(tfm)) 618 + return PTR_ERR(tfm); 619 + 620 + rc = calc_buffer_shash_tfm(buf, len, hash, tfm); 621 + 622 + ima_free_tfm(tfm); 623 + return rc; 624 + } 625 + 626 + int ima_calc_buffer_hash(const void *buf, loff_t len, 627 + struct ima_digest_data *hash) 628 + { 629 + int rc; 630 + 631 + if (ima_ahash_minsize && len >= ima_ahash_minsize) { 632 + rc = calc_buffer_ahash(buf, len, hash); 633 + if (!rc) 634 + return 0; 635 + } 636 + 637 + return calc_buffer_shash(buf, len, hash); 520 638 } 521 639 522 640 static void __init ima_pcrread(int idx, u8 *pcr)

+51 -2

security/integrity/ima/ima_fs.c

··· 22 22 #include <linux/rculist.h> 23 23 #include <linux/rcupdate.h> 24 24 #include <linux/parser.h> 25 + #include <linux/vmalloc.h> 25 26 26 27 #include "ima.h" 27 28 ··· 259 258 .release = seq_release, 260 259 }; 261 260 261 + static ssize_t ima_read_policy(char *path) 262 + { 263 + void *data; 264 + char *datap; 265 + loff_t size; 266 + int rc, pathlen = strlen(path); 267 + 268 + char *p; 269 + 270 + /* remove \n */ 271 + datap = path; 272 + strsep(&datap, "\n"); 273 + 274 + rc = kernel_read_file_from_path(path, &data, &size, 0, READING_POLICY); 275 + if (rc < 0) { 276 + pr_err("Unable to open file: %s (%d)", path, rc); 277 + return rc; 278 + } 279 + 280 + datap = data; 281 + while (size > 0 && (p = strsep(&datap, "\n"))) { 282 + pr_debug("rule: %s\n", p); 283 + rc = ima_parse_add_rule(p); 284 + if (rc < 0) 285 + break; 286 + size -= rc; 287 + } 288 + 289 + vfree(data); 290 + if (rc < 0) 291 + return rc; 292 + else if (size) 293 + return -EINVAL; 294 + else 295 + return pathlen; 296 + } 297 + 262 298 static ssize_t ima_write_policy(struct file *file, const char __user *buf, 263 299 size_t datalen, loff_t *ppos) 264 300 { ··· 324 286 result = mutex_lock_interruptible(&ima_write_mutex); 325 287 if (result < 0) 326 288 goto out_free; 327 - result = ima_parse_add_rule(data); 328 - mutex_unlock(&ima_write_mutex); 329 289 290 + if (data[0] == '/') { 291 + result = ima_read_policy(data); 292 + } else if (ima_appraise & IMA_APPRAISE_POLICY) { 293 + pr_err("IMA: signed policy file (specified as an absolute pathname) required\n"); 294 + integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, 295 + "policy_update", "signed policy required", 296 + 1, 0); 297 + if (ima_appraise & IMA_APPRAISE_ENFORCE) 298 + result = -EACCES; 299 + } else { 300 + result = ima_parse_add_rule(data); 301 + } 302 + mutex_unlock(&ima_write_mutex); 330 303 out_free: 331 304 kfree(data); 332 305 out:

+1 -1

security/integrity/ima/ima_init.c

··· 21 21 #include <linux/scatterlist.h> 22 22 #include <linux/slab.h> 23 23 #include <linux/err.h> 24 - #include <crypto/hash_info.h> 24 + 25 25 #include "ima.h" 26 26 27 27 /* name for boot aggregate entry */

+67 -25

security/integrity/ima/ima_main.c

··· 24 24 #include <linux/slab.h> 25 25 #include <linux/xattr.h> 26 26 #include <linux/ima.h> 27 - #include <crypto/hash_info.h> 28 27 29 28 #include "ima.h" 30 29 ··· 153 154 ima_check_last_writer(iint, inode, file); 154 155 } 155 156 156 - static int process_measurement(struct file *file, int mask, int function, 157 - int opened) 157 + static int process_measurement(struct file *file, char *buf, loff_t size, 158 + int mask, enum ima_hooks func, int opened) 158 159 { 159 160 struct inode *inode = file_inode(file); 160 161 struct integrity_iint_cache *iint = NULL; ··· 162 163 char *pathbuf = NULL; 163 164 const char *pathname = NULL; 164 165 int rc = -ENOMEM, action, must_appraise; 165 - struct evm_ima_xattr_data *xattr_value = NULL, **xattr_ptr = NULL; 166 + struct evm_ima_xattr_data *xattr_value = NULL; 166 167 int xattr_len = 0; 167 168 bool violation_check; 169 + enum hash_algo hash_algo; 168 170 169 171 if (!ima_policy_flag || !S_ISREG(inode->i_mode)) 170 172 return 0; ··· 174 174 * bitmask based on the appraise/audit/measurement policy. 175 175 * Included is the appraise submask. 176 176 */ 177 - action = ima_get_action(inode, mask, function); 178 - violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) && 177 + action = ima_get_action(inode, mask, func); 178 + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && 179 179 (ima_policy_flag & IMA_MEASURE)); 180 180 if (!action && !violation_check) 181 181 return 0; ··· 184 184 185 185 /* Is the appraise rule hook specific? */ 186 186 if (action & IMA_FILE_APPRAISE) 187 - function = FILE_CHECK; 187 + func = FILE_CHECK; 188 188 189 189 inode_lock(inode); 190 190 ··· 214 214 /* Nothing to do, just return existing appraised status */ 215 215 if (!action) { 216 216 if (must_appraise) 217 - rc = ima_get_cache_status(iint, function); 217 + rc = ima_get_cache_status(iint, func); 218 218 goto out_digsig; 219 219 } 220 220 221 221 template_desc = ima_template_desc_current(); 222 222 if ((action & IMA_APPRAISE_SUBMASK) || 223 223 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) 224 - xattr_ptr = &xattr_value; 224 + /* read 'security.ima' */ 225 + xattr_len = ima_read_xattr(file->f_path.dentry, &xattr_value); 225 226 226 - rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len); 227 + hash_algo = ima_get_hash_algo(xattr_value, xattr_len); 228 + 229 + rc = ima_collect_measurement(iint, file, buf, size, hash_algo); 227 230 if (rc != 0) { 228 231 if (file->f_flags & O_DIRECT) 229 232 rc = (iint->flags & IMA_PERMIT_DIRECTIO) ? 0 : -EACCES; ··· 240 237 ima_store_measurement(iint, file, pathname, 241 238 xattr_value, xattr_len); 242 239 if (action & IMA_APPRAISE_SUBMASK) 243 - rc = ima_appraise_measurement(function, iint, file, pathname, 240 + rc = ima_appraise_measurement(func, iint, file, pathname, 244 241 xattr_value, xattr_len, opened); 245 242 if (action & IMA_AUDIT) 246 243 ima_audit_measurement(iint, pathname); ··· 273 270 int ima_file_mmap(struct file *file, unsigned long prot) 274 271 { 275 272 if (file && (prot & PROT_EXEC)) 276 - return process_measurement(file, MAY_EXEC, MMAP_CHECK, 0); 273 + return process_measurement(file, NULL, 0, MAY_EXEC, 274 + MMAP_CHECK, 0); 277 275 return 0; 278 276 } 279 277 ··· 293 289 */ 294 290 int ima_bprm_check(struct linux_binprm *bprm) 295 291 { 296 - return process_measurement(bprm->file, MAY_EXEC, BPRM_CHECK, 0); 292 + return process_measurement(bprm->file, NULL, 0, MAY_EXEC, 293 + BPRM_CHECK, 0); 297 294 } 298 295 299 296 /** ··· 309 304 */ 310 305 int ima_file_check(struct file *file, int mask, int opened) 311 306 { 312 - return process_measurement(file, 307 + return process_measurement(file, NULL, 0, 313 308 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 314 309 FILE_CHECK, opened); 315 310 } 316 311 EXPORT_SYMBOL_GPL(ima_file_check); 317 312 318 313 /** 319 - * ima_module_check - based on policy, collect/store/appraise measurement. 320 - * @file: pointer to the file to be measured/appraised 314 + * ima_read_file - pre-measure/appraise hook decision based on policy 315 + * @file: pointer to the file to be measured/appraised/audit 316 + * @read_id: caller identifier 321 317 * 322 - * Measure/appraise kernel modules based on policy. 318 + * Permit reading a file based on policy. The policy rules are written 319 + * in terms of the policy identifier. Appraising the integrity of 320 + * a file requires a file descriptor. 323 321 * 324 - * On success return 0. On integrity appraisal error, assuming the file 325 - * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 322 + * For permission return 0, otherwise return -EACCES. 326 323 */ 327 - int ima_module_check(struct file *file) 324 + int ima_read_file(struct file *file, enum kernel_read_file_id read_id) 328 325 { 329 - if (!file) { 326 + if (!file && read_id == READING_MODULE) { 330 327 #ifndef CONFIG_MODULE_SIG_FORCE 331 328 if ((ima_appraise & IMA_APPRAISE_MODULES) && 332 329 (ima_appraise & IMA_APPRAISE_ENFORCE)) ··· 336 329 #endif 337 330 return 0; /* We rely on module signature checking */ 338 331 } 339 - return process_measurement(file, MAY_EXEC, MODULE_CHECK, 0); 332 + return 0; 340 333 } 341 334 342 - int ima_fw_from_file(struct file *file, char *buf, size_t size) 335 + static int read_idmap[READING_MAX_ID] = { 336 + [READING_FIRMWARE] = FIRMWARE_CHECK, 337 + [READING_MODULE] = MODULE_CHECK, 338 + [READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK, 339 + [READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK, 340 + [READING_POLICY] = POLICY_CHECK 341 + }; 342 + 343 + /** 344 + * ima_post_read_file - in memory collect/appraise/audit measurement 345 + * @file: pointer to the file to be measured/appraised/audit 346 + * @buf: pointer to in memory file contents 347 + * @size: size of in memory file contents 348 + * @read_id: caller identifier 349 + * 350 + * Measure/appraise/audit in memory file based on policy. Policy rules 351 + * are written in terms of a policy identifier. 352 + * 353 + * On success return 0. On integrity appraisal error, assuming the file 354 + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 355 + */ 356 + int ima_post_read_file(struct file *file, void *buf, loff_t size, 357 + enum kernel_read_file_id read_id) 343 358 { 344 - if (!file) { 359 + enum ima_hooks func; 360 + 361 + if (!file && read_id == READING_FIRMWARE) { 345 362 if ((ima_appraise & IMA_APPRAISE_FIRMWARE) && 346 363 (ima_appraise & IMA_APPRAISE_ENFORCE)) 347 364 return -EACCES; /* INTEGRITY_UNKNOWN */ 348 365 return 0; 349 366 } 350 - return process_measurement(file, MAY_EXEC, FIRMWARE_CHECK, 0); 367 + 368 + if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */ 369 + return 0; 370 + 371 + if (!file || !buf || size == 0) { /* should never happen */ 372 + if (ima_appraise & IMA_APPRAISE_ENFORCE) 373 + return -EACCES; 374 + return 0; 375 + } 376 + 377 + func = read_idmap[read_id] ?: FILE_CHECK; 378 + return process_measurement(file, buf, size, MAY_READ, func, 0); 351 379 } 352 380 353 381 static int __init init_ima(void)

+78 -37

security/integrity/ima/ima_policy.c

··· 12 12 */ 13 13 #include <linux/module.h> 14 14 #include <linux/list.h> 15 + #include <linux/fs.h> 15 16 #include <linux/security.h> 16 17 #include <linux/magic.h> 17 18 #include <linux/parser.h> ··· 114 113 .uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_INMASK | IMA_UID}, 115 114 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 116 115 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 116 + {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC}, 117 117 }; 118 118 119 119 static struct ima_rule_entry default_appraise_rules[] = { ··· 129 127 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 130 128 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, 131 129 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 130 + #ifdef CONFIG_IMA_WRITE_POLICY 131 + {.action = APPRAISE, .func = POLICY_CHECK, 132 + .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 133 + #endif 132 134 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT 133 135 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .flags = IMA_FOWNER}, 134 136 #else ··· 213 207 * 214 208 * Returns true on rule match, false on failure. 215 209 */ 216 - static bool ima_match_rules(struct ima_rule_entry *rule, 217 - struct inode *inode, enum ima_hooks func, int mask) 210 + static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, 211 + enum ima_hooks func, int mask) 218 212 { 219 213 struct task_struct *tsk = current; 220 214 const struct cred *cred = current_cred(); ··· 295 289 * In addition to knowing that we need to appraise the file in general, 296 290 * we need to differentiate between calling hooks, for hook specific rules. 297 291 */ 298 - static int get_subaction(struct ima_rule_entry *rule, int func) 292 + static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) 299 293 { 300 294 if (!(rule->flags & IMA_FUNC)) 301 295 return IMA_FILE_APPRAISE; ··· 305 299 return IMA_MMAP_APPRAISE; 306 300 case BPRM_CHECK: 307 301 return IMA_BPRM_APPRAISE; 308 - case MODULE_CHECK: 309 - return IMA_MODULE_APPRAISE; 310 - case FIRMWARE_CHECK: 311 - return IMA_FIRMWARE_APPRAISE; 312 302 case FILE_CHECK: 313 - default: 303 + case POST_SETATTR: 314 304 return IMA_FILE_APPRAISE; 305 + case MODULE_CHECK ... MAX_CHECK - 1: 306 + default: 307 + return IMA_READ_APPRAISE; 315 308 } 316 309 } 317 310 ··· 416 411 for (i = 0; i < appraise_entries; i++) { 417 412 list_add_tail(&default_appraise_rules[i].list, 418 413 &ima_default_rules); 414 + if (default_appraise_rules[i].func == POLICY_CHECK) 415 + temp_ima_appraise |= IMA_APPRAISE_POLICY; 419 416 } 420 417 421 418 ima_rules = &ima_default_rules; 419 + ima_update_policy_flag(); 422 420 } 423 421 424 422 /* Make sure we have a valid policy, at least containing some rules. */ 425 - int ima_check_policy() 423 + int ima_check_policy(void) 426 424 { 427 425 if (list_empty(&ima_temp_rules)) 428 426 return -EINVAL; ··· 620 612 entry->func = MMAP_CHECK; 621 613 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 622 614 entry->func = BPRM_CHECK; 615 + else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") == 616 + 0) 617 + entry->func = KEXEC_KERNEL_CHECK; 618 + else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK") 619 + == 0) 620 + entry->func = KEXEC_INITRAMFS_CHECK; 621 + else if (strcmp(args[0].from, "POLICY_CHECK") == 0) 622 + entry->func = POLICY_CHECK; 623 623 else 624 624 result = -EINVAL; 625 625 if (!result) ··· 786 770 temp_ima_appraise |= IMA_APPRAISE_MODULES; 787 771 else if (entry->func == FIRMWARE_CHECK) 788 772 temp_ima_appraise |= IMA_APPRAISE_FIRMWARE; 773 + else if (entry->func == POLICY_CHECK) 774 + temp_ima_appraise |= IMA_APPRAISE_POLICY; 789 775 audit_log_format(ab, "res=%d", !result); 790 776 audit_log_end(ab); 791 777 return result; ··· 873 855 874 856 enum { 875 857 func_file = 0, func_mmap, func_bprm, 876 - func_module, func_firmware, func_post 858 + func_module, func_firmware, func_post, 859 + func_kexec_kernel, func_kexec_initramfs, 860 + func_policy 877 861 }; 878 862 879 863 static char *func_tokens[] = { ··· 884 864 "BPRM_CHECK", 885 865 "MODULE_CHECK", 886 866 "FIRMWARE_CHECK", 867 + "KEXEC_KERNEL_CHECK", 868 + "KEXEC_INITRAMFS_CHECK", 869 + "POLICY_CHECK", 887 870 "POST_SETATTR" 888 871 }; 889 872 ··· 926 903 #define mt(token) mask_tokens[token] 927 904 #define ft(token) func_tokens[token] 928 905 906 + /* 907 + * policy_func_show - display the ima_hooks policy rule 908 + */ 909 + static void policy_func_show(struct seq_file *m, enum ima_hooks func) 910 + { 911 + char tbuf[64] = {0,}; 912 + 913 + switch (func) { 914 + case FILE_CHECK: 915 + seq_printf(m, pt(Opt_func), ft(func_file)); 916 + break; 917 + case MMAP_CHECK: 918 + seq_printf(m, pt(Opt_func), ft(func_mmap)); 919 + break; 920 + case BPRM_CHECK: 921 + seq_printf(m, pt(Opt_func), ft(func_bprm)); 922 + break; 923 + case MODULE_CHECK: 924 + seq_printf(m, pt(Opt_func), ft(func_module)); 925 + break; 926 + case FIRMWARE_CHECK: 927 + seq_printf(m, pt(Opt_func), ft(func_firmware)); 928 + break; 929 + case POST_SETATTR: 930 + seq_printf(m, pt(Opt_func), ft(func_post)); 931 + break; 932 + case KEXEC_KERNEL_CHECK: 933 + seq_printf(m, pt(Opt_func), ft(func_kexec_kernel)); 934 + break; 935 + case KEXEC_INITRAMFS_CHECK: 936 + seq_printf(m, pt(Opt_func), ft(func_kexec_initramfs)); 937 + break; 938 + case POLICY_CHECK: 939 + seq_printf(m, pt(Opt_func), ft(func_policy)); 940 + break; 941 + default: 942 + snprintf(tbuf, sizeof(tbuf), "%d", func); 943 + seq_printf(m, pt(Opt_func), tbuf); 944 + break; 945 + } 946 + seq_puts(m, " "); 947 + } 948 + 929 949 int ima_policy_show(struct seq_file *m, void *v) 930 950 { 931 951 struct ima_rule_entry *entry = v; ··· 990 924 991 925 seq_puts(m, " "); 992 926 993 - if (entry->flags & IMA_FUNC) { 994 - switch (entry->func) { 995 - case FILE_CHECK: 996 - seq_printf(m, pt(Opt_func), ft(func_file)); 997 - break; 998 - case MMAP_CHECK: 999 - seq_printf(m, pt(Opt_func), ft(func_mmap)); 1000 - break; 1001 - case BPRM_CHECK: 1002 - seq_printf(m, pt(Opt_func), ft(func_bprm)); 1003 - break; 1004 - case MODULE_CHECK: 1005 - seq_printf(m, pt(Opt_func), ft(func_module)); 1006 - break; 1007 - case FIRMWARE_CHECK: 1008 - seq_printf(m, pt(Opt_func), ft(func_firmware)); 1009 - break; 1010 - case POST_SETATTR: 1011 - seq_printf(m, pt(Opt_func), ft(func_post)); 1012 - break; 1013 - default: 1014 - snprintf(tbuf, sizeof(tbuf), "%d", entry->func); 1015 - seq_printf(m, pt(Opt_func), tbuf); 1016 - break; 1017 - } 1018 - seq_puts(m, " "); 1019 - } 927 + if (entry->flags & IMA_FUNC) 928 + policy_func_show(m, entry->func); 1020 929 1021 930 if (entry->flags & IMA_MASK) { 1022 931 if (entry->mask & MAY_EXEC)

-2

security/integrity/ima/ima_template.c

··· 15 15 16 16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 17 17 18 - #include <crypto/hash_info.h> 19 - 20 18 #include "ima.h" 21 19 #include "ima_template_lib.h" 22 20

-1

security/integrity/ima/ima_template_lib.c

··· 12 12 * File: ima_template_lib.c 13 13 * Library of supported template fields. 14 14 */ 15 - #include <crypto/hash_info.h> 16 15 17 16 #include "ima_template_lib.h" 18 17

+6 -11

security/integrity/integrity.h

··· 45 45 #define IMA_MMAP_APPRAISED 0x00000800 46 46 #define IMA_BPRM_APPRAISE 0x00001000 47 47 #define IMA_BPRM_APPRAISED 0x00002000 48 - #define IMA_MODULE_APPRAISE 0x00004000 49 - #define IMA_MODULE_APPRAISED 0x00008000 50 - #define IMA_FIRMWARE_APPRAISE 0x00010000 51 - #define IMA_FIRMWARE_APPRAISED 0x00020000 48 + #define IMA_READ_APPRAISE 0x00004000 49 + #define IMA_READ_APPRAISED 0x00008000 52 50 #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 53 - IMA_BPRM_APPRAISE | IMA_MODULE_APPRAISE | \ 54 - IMA_FIRMWARE_APPRAISE) 51 + IMA_BPRM_APPRAISE | IMA_READ_APPRAISE) 55 52 #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 56 - IMA_BPRM_APPRAISED | IMA_MODULE_APPRAISED | \ 57 - IMA_FIRMWARE_APPRAISED) 53 + IMA_BPRM_APPRAISED | IMA_READ_APPRAISED) 58 54 59 55 enum evm_ima_xattr_type { 60 56 IMA_XATTR_DIGEST = 0x01, ··· 90 94 struct signature_v2_hdr { 91 95 uint8_t type; /* xattr type */ 92 96 uint8_t version; /* signature format version */ 93 - uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */ 97 + uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 94 98 uint32_t keyid; /* IMA key identifier - not X509/PGP specific */ 95 99 uint16_t sig_size; /* signature size */ 96 100 uint8_t sig[0]; /* signature payload */ ··· 105 109 enum integrity_status ima_file_status:4; 106 110 enum integrity_status ima_mmap_status:4; 107 111 enum integrity_status ima_bprm_status:4; 108 - enum integrity_status ima_module_status:4; 109 - enum integrity_status ima_firmware_status:4; 112 + enum integrity_status ima_read_status:4; 110 113 enum integrity_status evm_status:4; 111 114 struct ima_digest_data *ima_hash; 112 115 };

+1 -14

security/keys/big_key.c

··· 9 9 * 2 of the Licence, or (at your option) any later version. 10 10 */ 11 11 12 - #include <linux/module.h> 13 12 #include <linux/init.h> 14 13 #include <linux/seq_file.h> 15 14 #include <linux/file.h> ··· 16 17 #include <linux/err.h> 17 18 #include <keys/user-type.h> 18 19 #include <keys/big_key-type.h> 19 - 20 - MODULE_LICENSE("GPL"); 21 20 22 21 /* 23 22 * Layout of key payload words. ··· 209 212 return ret; 210 213 } 211 214 212 - /* 213 - * Module stuff 214 - */ 215 215 static int __init big_key_init(void) 216 216 { 217 217 return register_key_type(&key_type_big_key); 218 218 } 219 - 220 - static void __exit big_key_cleanup(void) 221 - { 222 - unregister_key_type(&key_type_big_key); 223 - } 224 - 225 - module_init(big_key_init); 226 - module_exit(big_key_cleanup); 219 + device_initcall(big_key_init);

+2

security/keys/key.c

··· 296 296 key->flags |= 1 << KEY_FLAG_IN_QUOTA; 297 297 if (flags & KEY_ALLOC_TRUSTED) 298 298 key->flags |= 1 << KEY_FLAG_TRUSTED; 299 + if (flags & KEY_ALLOC_BUILT_IN) 300 + key->flags |= 1 << KEY_FLAG_BUILTIN; 299 301 300 302 #ifdef KEY_DEBUGGING 301 303 key->magic = KEY_DEBUG_MAGIC;

+5 -6

security/keys/trusted.c

··· 744 744 unsigned long handle; 745 745 unsigned long lock; 746 746 unsigned long token_mask = 0; 747 + unsigned int digest_len; 747 748 int i; 748 749 int tpm2; 749 750 ··· 753 752 return tpm2; 754 753 755 754 opt->hash = tpm2 ? HASH_ALGO_SHA256 : HASH_ALGO_SHA1; 756 - opt->digest_len = hash_digest_size[opt->hash]; 757 755 758 756 while ((p = strsep(&c, " \t"))) { 759 757 if (*p == '\0' || *p == ' ' || *p == '\t') ··· 812 812 for (i = 0; i < HASH_ALGO__LAST; i++) { 813 813 if (!strcmp(args[0].from, hash_algo_name[i])) { 814 814 opt->hash = i; 815 - opt->digest_len = 816 - hash_digest_size[opt->hash]; 817 815 break; 818 816 } 819 817 } ··· 823 825 } 824 826 break; 825 827 case Opt_policydigest: 826 - if (!tpm2 || 827 - strlen(args[0].from) != (2 * opt->digest_len)) 828 + digest_len = hash_digest_size[opt->hash]; 829 + if (!tpm2 || strlen(args[0].from) != (2 * digest_len)) 828 830 return -EINVAL; 829 831 res = hex2bin(opt->policydigest, args[0].from, 830 - opt->digest_len); 832 + digest_len); 831 833 if (res < 0) 832 834 return -EINVAL; 835 + opt->policydigest_len = digest_len; 833 836 break; 834 837 case Opt_policyhandle: 835 838 if (!tpm2)

+20 -18

security/security.c

··· 884 884 return call_int_hook(kernel_create_files_as, 0, new, inode); 885 885 } 886 886 887 - int security_kernel_fw_from_file(struct file *file, char *buf, size_t size) 888 - { 889 - int ret; 890 - 891 - ret = call_int_hook(kernel_fw_from_file, 0, file, buf, size); 892 - if (ret) 893 - return ret; 894 - return ima_fw_from_file(file, buf, size); 895 - } 896 - EXPORT_SYMBOL_GPL(security_kernel_fw_from_file); 897 - 898 887 int security_kernel_module_request(char *kmod_name) 899 888 { 900 889 return call_int_hook(kernel_module_request, 0, kmod_name); 901 890 } 902 891 903 - int security_kernel_module_from_file(struct file *file) 892 + int security_kernel_read_file(struct file *file, enum kernel_read_file_id id) 904 893 { 905 894 int ret; 906 895 907 - ret = call_int_hook(kernel_module_from_file, 0, file); 896 + ret = call_int_hook(kernel_read_file, 0, file, id); 908 897 if (ret) 909 898 return ret; 910 - return ima_module_check(file); 899 + return ima_read_file(file, id); 911 900 } 901 + EXPORT_SYMBOL_GPL(security_kernel_read_file); 902 + 903 + int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 904 + enum kernel_read_file_id id) 905 + { 906 + int ret; 907 + 908 + ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id); 909 + if (ret) 910 + return ret; 911 + return ima_post_read_file(file, buf, size, id); 912 + } 913 + EXPORT_SYMBOL_GPL(security_kernel_post_read_file); 912 914 913 915 int security_task_fix_setuid(struct cred *new, const struct cred *old, 914 916 int flags) ··· 1693 1691 LIST_HEAD_INIT(security_hook_heads.kernel_act_as), 1694 1692 .kernel_create_files_as = 1695 1693 LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as), 1696 - .kernel_fw_from_file = 1697 - LIST_HEAD_INIT(security_hook_heads.kernel_fw_from_file), 1698 1694 .kernel_module_request = 1699 1695 LIST_HEAD_INIT(security_hook_heads.kernel_module_request), 1700 - .kernel_module_from_file = 1701 - LIST_HEAD_INIT(security_hook_heads.kernel_module_from_file), 1696 + .kernel_read_file = 1697 + LIST_HEAD_INIT(security_hook_heads.kernel_read_file), 1698 + .kernel_post_read_file = 1699 + LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file), 1702 1700 .task_fix_setuid = 1703 1701 LIST_HEAD_INIT(security_hook_heads.task_fix_setuid), 1704 1702 .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),

+1 -1

security/selinux/Makefile

··· 13 13 14 14 selinux-$(CONFIG_NETLABEL) += netlabel.o 15 15 16 - ccflags-y := -Isecurity/selinux -Isecurity/selinux/include 16 + ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include 17 17 18 18 $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h 19 19

+14 -32

security/smack/smack_lsm.c

··· 1442 1442 * Don't do anything special for these. 1443 1443 * XATTR_NAME_SMACKIPIN 1444 1444 * XATTR_NAME_SMACKIPOUT 1445 - * XATTR_NAME_SMACKEXEC 1446 1445 */ 1447 - if (strcmp(name, XATTR_NAME_SMACK) == 0) 1446 + if (strcmp(name, XATTR_NAME_SMACK) == 0) { 1447 + struct super_block *sbp = d_backing_inode(dentry)->i_sb; 1448 + struct superblock_smack *sbsp = sbp->s_security; 1449 + 1450 + isp->smk_inode = sbsp->smk_default; 1451 + } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) 1448 1452 isp->smk_task = NULL; 1449 1453 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) 1450 1454 isp->smk_mmap = NULL; ··· 1549 1545 * File Hooks 1550 1546 */ 1551 1547 1552 - /** 1553 - * smack_file_permission - Smack check on file operations 1554 - * @file: unused 1555 - * @mask: unused 1556 - * 1557 - * Returns 0 1548 + /* 1549 + * There is no smack_file_permission hook 1558 1550 * 1559 1551 * Should access checks be done on each read or write? 1560 1552 * UNICOS and SELinux say yes. ··· 1559 1559 * I'll say no for now. Smack does not do the frequent 1560 1560 * label changing that SELinux does. 1561 1561 */ 1562 - static int smack_file_permission(struct file *file, int mask) 1563 - { 1564 - return 0; 1565 - } 1566 1562 1567 1563 /** 1568 1564 * smack_file_alloc_security - assign a file security blob ··· 4499 4503 return 0; 4500 4504 } 4501 4505 4502 - /** 4503 - * smack_audit_rule_free - free smack rule representation 4504 - * @vrule: rule to be freed. 4505 - * 4506 + /* 4507 + * There is no need for a smack_audit_rule_free hook. 4506 4508 * No memory was allocated. 4507 4509 */ 4508 - static void smack_audit_rule_free(void *vrule) 4509 - { 4510 - /* No-op */ 4511 - } 4512 4510 4513 4511 #endif /* CONFIG_AUDIT */ 4514 4512 ··· 4553 4563 return 0; 4554 4564 } 4555 4565 4556 - /** 4557 - * smack_release_secctx - don't do anything. 4558 - * @secdata: unused 4559 - * @seclen: unused 4560 - * 4561 - * Exists to make sure nothing gets done, and properly 4566 + /* 4567 + * There used to be a smack_release_secctx hook 4568 + * that did nothing back when hooks were in a vector. 4569 + * Now that there's a list such a hook adds cost. 4562 4570 */ 4563 - static void smack_release_secctx(char *secdata, u32 seclen) 4564 - { 4565 - } 4566 4571 4567 4572 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 4568 4573 { ··· 4616 4631 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), 4617 4632 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), 4618 4633 4619 - LSM_HOOK_INIT(file_permission, smack_file_permission), 4620 4634 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), 4621 4635 LSM_HOOK_INIT(file_free_security, smack_file_free_security), 4622 4636 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), ··· 4710 4726 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), 4711 4727 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), 4712 4728 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), 4713 - LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), 4714 4729 #endif /* CONFIG_AUDIT */ 4715 4730 4716 4731 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), 4717 4732 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), 4718 4733 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), 4719 - LSM_HOOK_INIT(release_secctx, smack_release_secctx), 4720 4734 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), 4721 4735 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), 4722 4736 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),