diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-05-19 12:21:36 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-05-19 12:21:36 -0400 |
| commit | f4f27d0028aabce57e44c16c2fdefccd6310d2f3 (patch) | |
| tree | 09f25601316d22b64165c19042da51c101bde3c4 /arch/x86/kernel | |
| parent | 2600a46ee0ed57c0e0a382c2a37ebac64d374d20 (diff) | |
| parent | b937190c40de0f6f07f592042e3097b16c6b0130 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- A new LSM, "LoadPin", from Kees Cook is added, which allows forcing
of modules and firmware to be loaded from a specific device (this
is from ChromeOS, where the device as a whole is verified
cryptographically via dm-verity).
This is disabled by default but can be configured to be enabled by
default (don't do this if you don't know what you're doing).
- Keys: allow authentication data to be stored in an asymmetric key.
Lots of general fixes and updates.
- SELinux: add restrictions for loading of kernel modules via
finit_module(). Distinguish non-init user namespace capability
checks. Apply execstack check on thread stacks"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits)
LSM: LoadPin: provide enablement CONFIG
Yama: use atomic allocations when reporting
seccomp: Fix comment typo
ima: add support for creating files using the mknodat syscall
ima: fix ima_inode_post_setattr
vfs: forbid write access when reading a file into memory
fs: fix over-zealous use of "const"
selinux: apply execstack check on thread stacks
selinux: distinguish non-init user namespace capability checks
LSM: LoadPin for kernel file loading restrictions
fs: define a string representation of the kernel_read_file_id enumeration
Yama: consolidate error reporting
string_helpers: add kstrdup_quotable_file
string_helpers: add kstrdup_quotable_cmdline
string_helpers: add kstrdup_quotable
selinux: check ss_initialized before revalidating an inode label
selinux: delay inode label lookup as long as possible
selinux: don't revalidate an inode's label when explicitly setting it
selinux: Change bool variable name to index.
KEYS: Add KEYCTL_DH_COMPUTE command
...
Diffstat (limited to 'arch/x86/kernel')
| -rw-r--r-- | arch/x86/kernel/kexec-bzimage64.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 2af478e3fd4e..f2356bda2b05 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c | |||
| @@ -19,8 +19,7 @@ | |||
| 19 | #include <linux/kernel.h> | 19 | #include <linux/kernel.h> |
| 20 | #include <linux/mm.h> | 20 | #include <linux/mm.h> |
| 21 | #include <linux/efi.h> | 21 | #include <linux/efi.h> |
| 22 | #include <linux/verify_pefile.h> | 22 | #include <linux/verification.h> |
| 23 | #include <keys/system_keyring.h> | ||
| 24 | 23 | ||
| 25 | #include <asm/bootparam.h> | 24 | #include <asm/bootparam.h> |
| 26 | #include <asm/setup.h> | 25 | #include <asm/setup.h> |
| @@ -529,18 +528,9 @@ static int bzImage64_cleanup(void *loader_data) | |||
| 529 | #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG | 528 | #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG |
| 530 | static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) | 529 | static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) |
| 531 | { | 530 | { |
| 532 | bool trusted; | 531 | return verify_pefile_signature(kernel, kernel_len, |
| 533 | int ret; | 532 | NULL, |
| 534 | 533 | VERIFYING_KEXEC_PE_SIGNATURE); | |
| 535 | ret = verify_pefile_signature(kernel, kernel_len, | ||
| 536 | system_trusted_keyring, | ||
| 537 | VERIFYING_KEXEC_PE_SIGNATURE, | ||
| 538 | &trusted); | ||
| 539 | if (ret < 0) | ||
| 540 | return ret; | ||
| 541 | if (!trusted) | ||
| 542 | return -EKEYREJECTED; | ||
| 543 | return 0; | ||
| 544 | } | 534 | } |
| 545 | #endif | 535 | #endif |
| 546 | 536 | ||