diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 19:43:39 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 19:43:39 -0500 |
| commit | a25a2b84098eb5e001cb8086603d692aa95bf2ec (patch) | |
| tree | 02c01b36251f7b0afb1a98093e14efb17d015910 | |
| parent | f429ee3b808118591d1f3cdf3c0d0793911a5677 (diff) | |
| parent | f1be242c95257b199d8b679bc952ca33487c9af6 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
integrity: digital signature config option name change
lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts
lib: MPILIB Kconfig description update
lib: digital signature dependency fix
lib: digital signature config option name change
encrypted-keys: fix rcu and sparse messages
keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages
KEYS: Add missing smp_rmb() primitives to the keyring search code
TOMOYO: Accept \000 as a valid character.
security: update MAINTAINERS file with new git repo
| -rw-r--r-- | MAINTAINERS | 2 | ||||
| -rw-r--r-- | include/linux/digsig.h | 4 | ||||
| -rw-r--r-- | include/linux/key.h | 3 | ||||
| -rw-r--r-- | lib/Kconfig | 19 | ||||
| -rw-r--r-- | lib/Makefile | 2 | ||||
| -rw-r--r-- | security/integrity/Kconfig | 4 | ||||
| -rw-r--r-- | security/integrity/Makefile | 2 | ||||
| -rw-r--r-- | security/integrity/integrity.h | 4 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 6 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/masterkey_trusted.c | 4 | ||||
| -rw-r--r-- | security/keys/gc.c | 4 | ||||
| -rw-r--r-- | security/keys/keyring.c | 22 | ||||
| -rw-r--r-- | security/keys/trusted.c | 4 | ||||
| -rw-r--r-- | security/tomoyo/util.c | 6 |
14 files changed, 50 insertions, 36 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index 2a90101309d..ece8935025e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS | |||
| @@ -5846,7 +5846,7 @@ F: drivers/mmc/host/sdhci-spear.c | |||
| 5846 | SECURITY SUBSYSTEM | 5846 | SECURITY SUBSYSTEM |
| 5847 | M: James Morris <jmorris@namei.org> | 5847 | M: James Morris <jmorris@namei.org> |
| 5848 | L: linux-security-module@vger.kernel.org (suggested Cc:) | 5848 | L: linux-security-module@vger.kernel.org (suggested Cc:) |
| 5849 | T: git git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git | 5849 | T: git git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git |
| 5850 | W: http://security.wiki.kernel.org/ | 5850 | W: http://security.wiki.kernel.org/ |
| 5851 | S: Supported | 5851 | S: Supported |
| 5852 | F: security/ | 5852 | F: security/ |
diff --git a/include/linux/digsig.h b/include/linux/digsig.h index efae755017d..b01558b1581 100644 --- a/include/linux/digsig.h +++ b/include/linux/digsig.h | |||
| @@ -46,7 +46,7 @@ struct signature_hdr { | |||
| 46 | char mpi[0]; | 46 | char mpi[0]; |
| 47 | } __packed; | 47 | } __packed; |
| 48 | 48 | ||
| 49 | #if defined(CONFIG_DIGSIG) || defined(CONFIG_DIGSIG_MODULE) | 49 | #if defined(CONFIG_SIGNATURE) || defined(CONFIG_SIGNATURE_MODULE) |
| 50 | 50 | ||
| 51 | int digsig_verify(struct key *keyring, const char *sig, int siglen, | 51 | int digsig_verify(struct key *keyring, const char *sig, int siglen, |
| 52 | const char *digest, int digestlen); | 52 | const char *digest, int digestlen); |
| @@ -59,6 +59,6 @@ static inline int digsig_verify(struct key *keyring, const char *sig, | |||
| 59 | return -EOPNOTSUPP; | 59 | return -EOPNOTSUPP; |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | #endif /* CONFIG_DIGSIG */ | 62 | #endif /* CONFIG_SIGNATURE */ |
| 63 | 63 | ||
| 64 | #endif /* _DIGSIG_H */ | 64 | #endif /* _DIGSIG_H */ |
diff --git a/include/linux/key.h b/include/linux/key.h index 183a6af7715..bfc014c5735 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -293,6 +293,9 @@ static inline bool key_is_instantiated(const struct key *key) | |||
| 293 | (rcu_dereference_protected((KEY)->payload.rcudata, \ | 293 | (rcu_dereference_protected((KEY)->payload.rcudata, \ |
| 294 | rwsem_is_locked(&((struct key *)(KEY))->sem))) | 294 | rwsem_is_locked(&((struct key *)(KEY))->sem))) |
| 295 | 295 | ||
| 296 | #define rcu_assign_keypointer(KEY, PAYLOAD) \ | ||
| 297 | (rcu_assign_pointer((KEY)->payload.rcudata, PAYLOAD)) | ||
| 298 | |||
| 296 | #ifdef CONFIG_SYSCTL | 299 | #ifdef CONFIG_SYSCTL |
| 297 | extern ctl_table key_sysctls[]; | 300 | extern ctl_table key_sysctls[]; |
| 298 | #endif | 301 | #endif |
diff --git a/lib/Kconfig b/lib/Kconfig index 201e1b33d72..169eb7c598e 100644 --- a/lib/Kconfig +++ b/lib/Kconfig | |||
| @@ -286,25 +286,24 @@ config CORDIC | |||
| 286 | calculations are in fixed point. Module will be called cordic. | 286 | calculations are in fixed point. Module will be called cordic. |
| 287 | 287 | ||
| 288 | config MPILIB | 288 | config MPILIB |
| 289 | tristate "Multiprecision maths library" | 289 | tristate |
| 290 | help | 290 | help |
| 291 | Multiprecision maths library from GnuPG. | 291 | Multiprecision maths library from GnuPG. |
| 292 | It is used to implement RSA digital signature verification, | 292 | It is used to implement RSA digital signature verification, |
| 293 | which is used by IMA/EVM digital signature extension. | 293 | which is used by IMA/EVM digital signature extension. |
| 294 | 294 | ||
| 295 | config MPILIB_EXTRA | 295 | config MPILIB_EXTRA |
| 296 | bool "Multiprecision maths library - additional sources" | 296 | bool |
| 297 | depends on MPILIB | 297 | depends on MPILIB |
| 298 | help | 298 | help |
| 299 | Multiprecision maths library from GnuPG. | 299 | Additional sources of multiprecision maths library from GnuPG. |
| 300 | It is used to implement RSA digital signature verification, | 300 | This code is unnecessary for RSA digital signature verification, |
| 301 | which is used by IMA/EVM digital signature extension. | 301 | but can be compiled if needed. |
| 302 | This code in unnecessary for RSA digital signature verification, | ||
| 303 | and can be compiled if needed. | ||
| 304 | 302 | ||
| 305 | config DIGSIG | 303 | config SIGNATURE |
| 306 | tristate "In-kernel signature checker" | 304 | tristate |
| 307 | depends on KEYS | 305 | depends on KEYS && CRYPTO |
| 306 | select CRYPTO_SHA1 | ||
| 308 | select MPILIB | 307 | select MPILIB |
| 309 | help | 308 | help |
| 310 | Digital signature verification. Currently only RSA is supported. | 309 | Digital signature verification. Currently only RSA is supported. |
diff --git a/lib/Makefile b/lib/Makefile index dace162c7e1..d71aae1b01b 100644 --- a/lib/Makefile +++ b/lib/Makefile | |||
| @@ -119,7 +119,7 @@ obj-$(CONFIG_CORDIC) += cordic.o | |||
| 119 | obj-$(CONFIG_DQL) += dynamic_queue_limits.o | 119 | obj-$(CONFIG_DQL) += dynamic_queue_limits.o |
| 120 | 120 | ||
| 121 | obj-$(CONFIG_MPILIB) += mpi/ | 121 | obj-$(CONFIG_MPILIB) += mpi/ |
| 122 | obj-$(CONFIG_DIGSIG) += digsig.o | 122 | obj-$(CONFIG_SIGNATURE) += digsig.o |
| 123 | 123 | ||
| 124 | hostprogs-y := gen_crc32table | 124 | hostprogs-y := gen_crc32table |
| 125 | clean-files := crc32table.h | 125 | clean-files := crc32table.h |
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index d384ea92148..5bd1cc1b4a5 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig | |||
| @@ -3,11 +3,11 @@ config INTEGRITY | |||
| 3 | def_bool y | 3 | def_bool y |
| 4 | depends on IMA || EVM | 4 | depends on IMA || EVM |
| 5 | 5 | ||
| 6 | config INTEGRITY_DIGSIG | 6 | config INTEGRITY_SIGNATURE |
| 7 | boolean "Digital signature verification using multiple keyrings" | 7 | boolean "Digital signature verification using multiple keyrings" |
| 8 | depends on INTEGRITY && KEYS | 8 | depends on INTEGRITY && KEYS |
| 9 | default n | 9 | default n |
| 10 | select DIGSIG | 10 | select SIGNATURE |
| 11 | help | 11 | help |
| 12 | This option enables digital signature verification support | 12 | This option enables digital signature verification support |
| 13 | using multiple keyrings. It defines separate keyrings for each | 13 | using multiple keyrings. It defines separate keyrings for each |
diff --git a/security/integrity/Makefile b/security/integrity/Makefile index bece0563ee5..d43799cc14f 100644 --- a/security/integrity/Makefile +++ b/security/integrity/Makefile | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | # | 3 | # |
| 4 | 4 | ||
| 5 | obj-$(CONFIG_INTEGRITY) += integrity.o | 5 | obj-$(CONFIG_INTEGRITY) += integrity.o |
| 6 | obj-$(CONFIG_INTEGRITY_DIGSIG) += digsig.o | 6 | obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o |
| 7 | 7 | ||
| 8 | integrity-y := iint.o | 8 | integrity-y := iint.o |
| 9 | 9 | ||
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 4da6ba81d15..7a25ecec5aa 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h | |||
| @@ -51,7 +51,7 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode); | |||
| 51 | #define INTEGRITY_KEYRING_IMA 2 | 51 | #define INTEGRITY_KEYRING_IMA 2 |
| 52 | #define INTEGRITY_KEYRING_MAX 3 | 52 | #define INTEGRITY_KEYRING_MAX 3 |
| 53 | 53 | ||
| 54 | #ifdef CONFIG_INTEGRITY_DIGSIG | 54 | #ifdef CONFIG_INTEGRITY_SIGNATURE |
| 55 | 55 | ||
| 56 | int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, | 56 | int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, |
| 57 | const char *digest, int digestlen); | 57 | const char *digest, int digestlen); |
| @@ -65,7 +65,7 @@ static inline int integrity_digsig_verify(const unsigned int id, | |||
| 65 | return -EOPNOTSUPP; | 65 | return -EOPNOTSUPP; |
| 66 | } | 66 | } |
| 67 | 67 | ||
| 68 | #endif /* CONFIG_INTEGRITY_DIGSIG */ | 68 | #endif /* CONFIG_INTEGRITY_SIGNATURE */ |
| 69 | 69 | ||
| 70 | /* set during initialization */ | 70 | /* set during initialization */ |
| 71 | extern int iint_initialized; | 71 | extern int iint_initialized; |
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 41144f71d61..2d1bb8af769 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c | |||
| @@ -314,7 +314,7 @@ static struct key *request_user_key(const char *master_desc, u8 **master_key, | |||
| 314 | goto error; | 314 | goto error; |
| 315 | 315 | ||
| 316 | down_read(&ukey->sem); | 316 | down_read(&ukey->sem); |
| 317 | upayload = rcu_dereference(ukey->payload.data); | 317 | upayload = ukey->payload.data; |
| 318 | *master_key = upayload->data; | 318 | *master_key = upayload->data; |
| 319 | *master_keylen = upayload->datalen; | 319 | *master_keylen = upayload->datalen; |
| 320 | error: | 320 | error: |
| @@ -810,7 +810,7 @@ static int encrypted_instantiate(struct key *key, const void *data, | |||
| 810 | goto out; | 810 | goto out; |
| 811 | } | 811 | } |
| 812 | 812 | ||
| 813 | rcu_assign_pointer(key->payload.data, epayload); | 813 | rcu_assign_keypointer(key, epayload); |
| 814 | out: | 814 | out: |
| 815 | kfree(datablob); | 815 | kfree(datablob); |
| 816 | return ret; | 816 | return ret; |
| @@ -874,7 +874,7 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen) | |||
| 874 | memcpy(new_epayload->payload_data, epayload->payload_data, | 874 | memcpy(new_epayload->payload_data, epayload->payload_data, |
| 875 | epayload->payload_datalen); | ||
