aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-06-17 17:30:23 -0400
committerPaul Moore <pmoore@redhat.com>2014-06-17 17:30:23 -0400
commit170b5910d9fbea79de1bb40df22eda5f98250c0c (patch)
treeca9560e878d2842d45c6f99077d0d8b8f8b0f9ba /security
parent47dd0b76ace953bd2c0479076db0d3e3b9594003 (diff)
parent1860e379875dfe7271c649058aeddffe5afd9d0d (diff)
Merge tag 'v3.15' into next
Linux 3.15
Diffstat (limited to 'security')
-rw-r--r--security/Makefile12
-rw-r--r--security/apparmor/include/apparmor.h1
-rw-r--r--security/apparmor/lib.c14
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/capability.c2
-rw-r--r--security/device_cgroup.c214
-rw-r--r--security/integrity/Makefile4
-rw-r--r--security/integrity/evm/Kconfig6
-rw-r--r--security/integrity/evm/evm.h28
-rw-r--r--security/integrity/evm/evm_crypto.c10
-rw-r--r--security/integrity/evm/evm_main.c8
-rw-r--r--security/integrity/evm/evm_secfs.c6
-rw-r--r--security/integrity/iint.c2
-rw-r--r--security/integrity/ima/ima.h2
-rw-r--r--security/integrity/ima/ima_api.c20
-rw-r--r--security/integrity/ima/ima_appraise.c4
-rw-r--r--security/integrity/ima/ima_crypto.c37
-rw-r--r--security/integrity/ima/ima_fs.c8
-rw-r--r--security/integrity/ima/ima_init.c9
-rw-r--r--security/integrity/ima/ima_main.c11
-rw-r--r--security/integrity/ima/ima_policy.c79
-rw-r--r--security/integrity/ima/ima_queue.c12
-rw-r--r--security/integrity/ima/ima_template.c19
-rw-r--r--security/integrity/ima/ima_template_lib.c29
-rw-r--r--security/integrity/integrity_audit.c9
-rw-r--r--security/keys/compat.c4
-rw-r--r--security/keys/encrypted-keys/encrypted.c2
-rw-r--r--security/keys/trusted.c6
-rw-r--r--security/lsm_audit.c11
-rw-r--r--security/security.c22
-rw-r--r--security/selinux/hooks.c7
-rw-r--r--security/selinux/include/xfrm.h5
-rw-r--r--security/selinux/selinuxfs.c2
-rw-r--r--security/tomoyo/realpath.c4
34 files changed, 376 insertions, 235 deletions
diff --git a/security/Makefile b/security/Makefile
index a5918e01a4f7..05f1c934d74b 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -16,14 +16,14 @@ obj-$(CONFIG_MMU) += min_addr.o
16# Object file lists 16# Object file lists
17obj-$(CONFIG_SECURITY) += security.o capability.o 17obj-$(CONFIG_SECURITY) += security.o capability.o
18obj-$(CONFIG_SECURITYFS) += inode.o 18obj-$(CONFIG_SECURITYFS) += inode.o
19obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o 19obj-$(CONFIG_SECURITY_SELINUX) += selinux/
20obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o 20obj-$(CONFIG_SECURITY_SMACK) += smack/
21obj-$(CONFIG_AUDIT) += lsm_audit.o 21obj-$(CONFIG_AUDIT) += lsm_audit.o
22obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o 22obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
23obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o 23obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
24obj-$(CONFIG_SECURITY_YAMA) += yama/built-in.o 24obj-$(CONFIG_SECURITY_YAMA) += yama/
25obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o 25obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
26 26
27# Object integrity file lists 27# Object integrity file lists
28subdir-$(CONFIG_INTEGRITY) += integrity 28subdir-$(CONFIG_INTEGRITY) += integrity
29obj-$(CONFIG_INTEGRITY) += integrity/built-in.o 29obj-$(CONFIG_INTEGRITY) += integrity/
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 8fb1488a3cd4..97130f88838b 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -66,7 +66,6 @@ extern int apparmor_initialized __initdata;
66char *aa_split_fqname(char *args, char **ns_name); 66char *aa_split_fqname(char *args, char **ns_name);
67void aa_info_message(const char *str); 67void aa_info_message(const char *str);
68void *__aa_kvmalloc(size_t size, gfp_t flags); 68void *__aa_kvmalloc(size_t size, gfp_t flags);
69void kvfree(void *buffer);
70 69
71static inline void *kvmalloc(size_t size) 70static inline void *kvmalloc(size_t size)
72{ 71{
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 69689922c491..c1827e068454 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -104,17 +104,3 @@ void *__aa_kvmalloc(size_t size, gfp_t flags)
104 } 104 }
105 return buffer; 105 return buffer;
106} 106}
107
108/**
109 * kvfree - free an allocation do by kvmalloc
110 * @buffer: buffer to free (MAYBE_NULL)
111 *
112 * Free a buffer allocated by kvmalloc
113 */
114void kvfree(void *buffer)
115{
116 if (is_vmalloc_addr(buffer))
117 vfree(buffer);
118 else
119 kfree(buffer);
120}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 4257b7e2796b..998100093332 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -751,7 +751,7 @@ module_param_named(enabled, apparmor_enabled, bool, S_IRUGO);
751static int __init apparmor_enabled_setup(char *str) 751static int __init apparmor_enabled_setup(char *str)
752{ 752{
753 unsigned long enabled; 753 unsigned long enabled;
754 int error = strict_strtoul(str, 0, &enabled); 754 int error = kstrtoul(str, 0, &enabled);
755 if (!error) 755 if (!error)
756 apparmor_enabled = enabled ? 1 : 0; 756 apparmor_enabled = enabled ? 1 : 0;
757 return 1; 757 return 1;
diff --git a/security/capability.c b/security/capability.c
index 21e2b9cae685..ad0d4de69944 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -116,7 +116,7 @@ static int cap_dentry_init_security(struct dentry *dentry, int mode,
116 struct qstr *name, void **ctx, 116 struct qstr *name, void **ctx,
117 u32 *ctxlen) 117 u32 *ctxlen)
118{ 118{
119 return 0; 119 return -EOPNOTSUPP;
120} 120}
121 121
122static int cap_inode_alloc_security(struct inode *inode) 122static int cap_inode_alloc_security(struct inode *inode)
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index d3b6d2cd3a06..9134dbf70d3e 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -58,11 +58,9 @@ static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
58 58
59static inline struct dev_cgroup *task_devcgroup(struct task_struct *task) 59static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
60{ 60{
61 return css_to_devcgroup(task_css(task, devices_subsys_id)); 61 return css_to_devcgroup(task_css(task, devices_cgrp_id));
62} 62}
63 63
64struct cgroup_subsys devices_subsys;
65
66/* 64/*
67 * called under devcgroup_mutex 65 * called under devcgroup_mutex
68 */ 66 */
@@ -308,57 +306,138 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
308} 306}
309 307
310/** 308/**
311 * may_access - verifies if a new exception is part of what is allowed 309 * match_exception - iterates the exception list trying to find a complete match
312 * by a dev cgroup based on the default policy + 310 * @exceptions: list of exceptions
313 * exceptions. This is used to make sure a child cgroup 311 * @type: device type (DEV_BLOCK or DEV_CHAR)
314 * won't have more privileges than its parent or to 312 * @major: device file major number, ~0 to match all
315 * verify if a certain access is allowed. 313 * @minor: device file minor number, ~0 to match all
316 * @dev_cgroup: dev cgroup to be tested against 314 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
317 * @refex: new exception 315 *
318 * @behavior: behavior of the exception 316 * It is considered a complete match if an exception is found that will
317 * contain the entire range of provided parameters.
318 *
319 * Return: true in case it matches an exception completely
319 */ 320 */
320static bool may_access(struct dev_cgroup *dev_cgroup, 321static bool match_exception(struct list_head *exceptions, short type,
321 struct dev_exception_item *refex, 322 u32 major, u32 minor, short access)
322 enum devcg_behavior behavior)
323{ 323{
324 struct dev_exception_item *ex; 324 struct dev_exception_item *ex;
325 bool match = false;
326 325
327 rcu_lockdep_assert(rcu_read_lock_held() || 326 list_for_each_entry_rcu(ex, exceptions, list) {
328 lockdep_is_held(&devcgroup_mutex), 327 if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
329 "device_cgroup::may_access() called without proper synchronization"); 328 continue;
329 if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
330 continue;
331 if (ex->major != ~0 && ex->major != major)
332 continue;
333 if (ex->minor != ~0 && ex->minor != minor)
334 continue;
335 /* provided access cannot have more than the exception rule */
336 if (access & (~ex->access))
337 continue;
338 return true;
339 }
340 return false;
341}
330 342
331 list_for_each_entry_rcu(ex, &dev_cgroup->exceptions, list) { 343/**
332 if ((refex->type & DEV_BLOCK) && !(ex->type & DEV_BLOCK)) 344 * match_exception_partial - iterates the exception list trying to find a partial match
345 * @exceptions: list of exceptions
346 * @type: device type (DEV_BLOCK or DEV_CHAR)
347 * @major: device file major number, ~0 to match all
348 * @minor: device file minor number, ~0 to match all
349 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD)
350 *
351 * It is considered a partial match if an exception's range is found to
352 * contain *any* of the devices specified by provided parameters. This is
353 * used to make sure no extra access is being granted that is forbidden by
354 * any of the exception list.
355 *
356 * Return: true in case the provided range mat matches an exception completely
357 */
358static bool match_exception_partial(struct list_head *exceptions, short type,
359 u32 major, u32 minor, short access)
360{
361 struct dev_exception_item *ex;
362
363 list_for_each_entry_rcu(ex, exceptions, list) {
364 if ((type & DEV_BLOCK) && !(ex->type & DEV_BLOCK))
333 continue; 365 continue;
334 if ((refex->type & DEV_CHAR) && !(ex->type & DEV_CHAR)) 366 if ((type & DEV_CHAR) && !(ex->type & DEV_CHAR))
335 continue; 367 continue;
336 if (ex->major != ~0 && ex->major != refex->major) 368 /*
369 * We must be sure that both the exception and the provided
370 * range aren't masking all devices
371 */
372 if (ex->major != ~0 && major != ~0 && ex->major != major)
337 continue; 373 continue;
338 if (ex->minor != ~0 && ex->minor != refex->minor) 374 if (ex->minor != ~0 && minor != ~0 && ex->minor != minor)
339 continue; 375 continue;
340 if (refex->access & (~ex->access)) 376 /*
377 * In order to make sure the provided range isn't matching
378 * an exception, all its access bits shouldn't match the
379 * exception's access bits
380 */
381 if (!(access & ex->access))
341 continue; 382 continue;
342 match = true; 383 return true;
343 break;
344 } 384 }
385 return false;
386}
387
388/**
389 * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
390 * @dev_cgroup: dev cgroup to be tested against
391 * @refex: new exception
392 * @behavior: behavior of the exception's dev_cgroup
393 *
394 * This is used to make sure a child cgroup won't have more privileges
395 * than its parent
396 */
397static bool verify_new_ex(struct dev_cgroup *dev_cgroup,
398 struct dev_exception_item *refex,
399 enum devcg_behavior behavior)
400{
401 bool match = false;
402
403 rcu_lockdep_assert(rcu_read_lock_held() ||
404 lockdep_is_held(&devcgroup_mutex),
405 "device_cgroup:verify_new_ex called without proper synchronization");
345 406
346 if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { 407 if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
347 if (behavior == DEVCG_DEFAULT_ALLOW) { 408 if (behavior == DEVCG_DEFAULT_ALLOW) {
348 /* the exception will deny access to certain devices */ 409 /*
410 * new exception in the child doesn't matter, only
411 * adding extra restrictions
412 */
349 return true; 413 return true;
350 } else { 414 } else {
351 /* the exception will allow access to certain devices */ 415 /*
416 * new exception in the child will add more devices
417 * that can be acessed, so it can't match any of
418 * parent's exceptions, even slightly
419 */
420 match = match_exception_partial(&dev_cgroup->exceptions,
421 refex->type,
422 refex->major,
423 refex->minor,
424 refex->access);
425
352 if (match) 426 if (match)
353 /*
354 * a new exception allowing access shouldn't
355 * match an parent's exception
356 */
357 return false; 427 return false;
358 return true; 428 return true;
359 } 429 }
360 } else { 430 } else {
361 /* only behavior == DEVCG_DEFAULT_DENY allowed here */ 431 /*
432 * Only behavior == DEVCG_DEFAULT_DENY allowed here, therefore
433 * the new exception will add access to more devices and must
434 * be contained completely in an parent's exception to be
435 * allowed
436 */
437 match = match_exception(&dev_cgroup->exceptions, refex->type,
438 refex->major, refex->minor,
439 refex->access);
440
362 if (match) 441 if (match)
363 /* parent has an exception that matches the proposed */ 442 /* parent has an exception that matches the proposed */
364 return true; 443 return true;
@@ -380,7 +459,38 @@ static int parent_has_perm(struct dev_cgroup *childcg,
380 459
381 if (!parent) 460 if (!parent)
382 return 1; 461 return 1;
383 return may_access(parent, ex, childcg->behavior); 462 return verify_new_ex(parent, ex, childcg->behavior);
463}
464
465/**
466 * parent_allows_removal - verify if it's ok to remove an exception
467 * @childcg: child cgroup from where the exception will be removed
468 * @ex: exception being removed
469 *
470 * When removing an exception in cgroups with default ALLOW policy, it must
471 * be checked if removing it will give the child cgroup more access than the
472 * parent.
473 *
474 * Return: true if it's ok to remove exception, false otherwise
475 */
476static bool parent_allows_removal(struct dev_cgroup *childcg,
477 struct dev_exception_item *ex)
478{
479 struct dev_cgroup *parent = css_to_devcgroup(css_parent(&childcg->css));
480
481 if (!parent)
482 return true;
483
484 /* It's always allowed to remove access to devices */
485 if (childcg->behavior == DEVCG_DEFAULT_DENY)
486 return true;
487
488 /*
489 * Make sure you're not removing part or a whole exception existing in
490 * the parent cgroup
491 */
492 return !match_exception_partial(&parent->exceptions, ex->type,
493 ex->major, ex->minor, ex->access);
384} 494}
385 495
386/** 496/**
@@ -498,7 +608,7 @@ static inline bool has_children(struct dev_cgroup *devcgroup)
498 * parent cgroup has the access you're asking for. 608 * parent cgroup has the access you're asking for.
499 */ 609 */
500static int devcgroup_update_access(struct dev_cgroup *devcgroup, 610static int devcgroup_update_access(struct dev_cgroup *devcgroup,
501 int filetype, const char *buffer) 611 int filetype, char *buffer)
502{ 612{
503 const char *b; 613 const char *b;
504 char temp[12]; /* 11 + 1 characters needed for a u32 */ 614 char temp[12]; /* 11 + 1 characters needed for a u32 */
@@ -618,17 +728,21 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
618 728
619 switch (filetype) { 729 switch (filetype) {
620 case DEVCG_ALLOW: 730 case DEVCG_ALLOW:
621 if (!parent_has_perm(devcgroup, &ex))
622 return -EPERM;
623 /* 731 /*
624 * If the default policy is to allow by default, try to remove 732 * If the default policy is to allow by default, try to remove
625 * an matching exception instead. And be silent about it: we 733 * an matching exception instead. And be silent about it: we
626 * don't want to break compatibility 734 * don't want to break compatibility
627 */ 735 */
628 if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) { 736 if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
737 /* Check if the parent allows removing it first */
738 if (!parent_allows_removal(devcgroup, &ex))
739 return -EPERM;
629 dev_exception_rm(devcgroup, &ex); 740 dev_exception_rm(devcgroup, &ex);
630 return 0; 741 break;
631 } 742 }
743
744 if (!parent_has_perm(devcgroup, &ex))
745 return -EPERM;
632 rc = dev_exception_add(devcgroup, &ex); 746 rc = dev_exception_add(devcgroup, &ex);
633 break; 747 break;
634 case DEVCG_DENY: 748 case DEVCG_DENY:
@@ -654,7 +768,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
654} 768}
655 769
656static int devcgroup_access_write(struct cgroup_subsys_state *css, 770static int devcgroup_access_write(struct cgroup_subsys_state *css,
657 struct cftype *cft, const char *buffer) 771 struct cftype *cft, char *buffer)
658{ 772{
659 int retval; 773 int retval;
660 774
@@ -684,13 +798,11 @@ static struct cftype dev_cgroup_files[] = {
684 { } /* terminate */ 798 { } /* terminate */
685}; 799};
686 800
687struct cgroup_subsys devices_subsys = { 801struct cgroup_subsys devices_cgrp_subsys = {
688 .name = "devices",
689 .css_alloc = devcgroup_css_alloc, 802 .css_alloc = devcgroup_css_alloc,
690 .css_free = devcgroup_css_free, 803 .css_free = devcgroup_css_free,
691 .css_online = devcgroup_online, 804 .css_online = devcgroup_online,
692 .css_offline = devcgroup_offline, 805 .css_offline = devcgroup_offline,
693 .subsys_id = devices_subsys_id,
694 .base_cftypes = dev_cgroup_files, 806 .base_cftypes = dev_cgroup_files,
695}; 807};
696 808
@@ -708,18 +820,18 @@ static int __devcgroup_check_permission(short type, u32 major, u32 minor,
708 short access) 820 short access)
709{ 821{
710 struct dev_cgroup *dev_cgroup; 822 struct dev_cgroup *dev_cgroup;
711 struct dev_exception_item ex; 823 bool rc;
712 int rc;
713
714 memset(&ex, 0, sizeof(ex));
715 ex.type = type;
716 ex.major = major;
717 ex.minor = minor;
718 ex.access = access;
719 824
720 rcu_read_lock(); 825 rcu_read_lock();
721 dev_cgroup = task_devcgroup(current); 826 dev_cgroup = task_devcgroup(current);
722 rc = may_access(dev_cgroup, &ex, dev_cgroup->behavior); 827 if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW)
828 /* Can't match any of the exceptions, even partially */
829 rc = !match_exception_partial(&dev_cgroup->exceptions,
830 type, major, minor, access);
831 else
832 /* Need to match completely one exception to be allowed */
833 rc = match_exception(&dev_cgroup->exceptions, type, major,
834 minor, access);
723 rcu_read_unlock(); 835 rcu_read_unlock();
724 836
725 if (!rc) 837 if (!rc)
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index 0f9cffb1f9ad..0793f4811cb7 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -10,6 +10,6 @@ obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
10integrity-y := iint.o 10integrity-y := iint.o
11 11
12subdir-$(CONFIG_IMA) += ima 12subdir-$(CONFIG_IMA) += ima
13obj-$(CONFIG_IMA) += ima/built-in.o 13obj-$(CONFIG_IMA) += ima/
14subdir-$(CONFIG_EVM) += evm 14subdir-$(CONFIG_EVM) += evm
15obj-$(CONFIG_EVM) += evm/built-in.o 15obj-$(CONFIG_EVM) += evm/
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index fea9749c3756..d35b4915b00d 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,10 +1,10 @@
1config EVM 1config EVM
2 boolean "EVM support" 2 boolean "EVM support"
3 depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n) 3 depends on SECURITY
4 select KEYS
5 select ENCRYPTED_KEYS
4 select CRYPTO_HMAC 6 select CRYPTO_HMAC
5 select CRYPTO_MD5
6 select CRYPTO_SHA1 7 select CRYPTO_SHA1
7 select ENCRYPTED_KEYS
8 default n 8 default n
9 help 9 help
10 EVM protects a file's security extended attributes against 10 EVM protects a file's security extended attributes against
diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
index 30bd1ec0232e..37c88ddb3cfe 100644
--- a/security/integrity/evm/evm.h
+++ b/security/integrity/evm/evm.h
@@ -32,19 +32,19 @@ extern struct crypto_shash *hash_tfm;
32/* List of EVM protected security xattrs */ 32/* List of EVM protected security xattrs */
33extern char *evm_config_xattrnames[]; 33extern char *evm_config_xattrnames[];
34 34
35extern int evm_init_key(void); 35int evm_init_key(void);
36extern int evm_update_evmxattr(struct dentry *dentry, 36int evm_update_evmxattr(struct dentry *dentry,
37 const char *req_xattr_name, 37 const char *req_xattr_name,
38 const char *req_xattr_value, 38 const char *req_xattr_value,
39 size_t req_xattr_value_len); 39 size_t req_xattr_value_len);
40extern int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, 40int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
41 const char *req_xattr_value, 41 const char *req_xattr_value,
42 size_t req_xattr_value_len, char *digest); 42 size_t req_xattr_value_len, char *digest);
43extern int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, 43int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
44 const char *req_xattr_value, 44 const char *req_xattr_value,
45 size_t req_xattr_value_len, char *digest); 45 size_t req_xattr_value_len, char *digest);
46extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr, 46int evm_init_hmac(struct inode *inode, const struct xattr *xattr,
47 char *hmac_val); 47 char *hmac_val);
48extern int evm_init_secfs(void); 48int evm_init_secfs(void);
49 49
50#endif 50#endif
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 3bab89eb21d6..6b540f1822e0 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -13,6 +13,8 @@
13 * Using root's kernel master key (kmk), calculate the HMAC 13 * Using root's kernel master key (kmk), calculate the HMAC
14 */ 14 */
15 15
16#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17
16#include <linux/module.h> 18#include <linux/module.h>
17#include <linux/crypto.h> 19#include <linux/crypto.h>
18#include <linux/xattr.h> 20#include <linux/xattr.h>
@@ -103,13 +105,13 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
103 umode_t mode; 105 umode_t mode;
104 } hmac_misc; 106 } hmac_misc;
105 107
106 memset(&hmac_misc, 0, sizeof hmac_misc); 108 memset(&hmac_misc, 0, sizeof(hmac_misc));
107 hmac_misc.ino = inode->i_ino; 109 hmac_misc.ino = inode->i_ino;
108 hmac_misc.generation = inode->i_generation; 110 hmac_misc.generation = inode->i_generation;
109 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); 111 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
110 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); 112 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
111 hmac_misc.mode = inode->i_mode; 113 hmac_misc.mode = inode->i_mode;
112 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc); 114 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
113 if (evm_hmac_version > 1) 115 if (evm_hmac_version > 1)
114 crypto_shash_update(desc, inode->i_sb->s_uuid, 116 crypto_shash_update(desc, inode->i_sb->s_uuid,
115 sizeof(inode->i_sb->s_uuid)); 117 sizeof(inode->i_sb->s_uuid));
@@ -137,7 +139,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry,
137 int error; 139 int error;
138 int size; 140 int size;
139 141
140 if (!inode->i_op || !inode->i_op->getxattr) 142 if (!inode->i_op->getxattr)
141 return -EOPNOTSUPP; 143 return -EOPNOTSUPP;
142 desc = init_desc(type); 144 desc = init_desc(type);
143 if (IS_ERR(desc)) 145 if (IS_ERR(desc))
@@ -221,7 +223,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
221 223
222 desc = init_desc(EVM_XATTR_HMAC); 224 desc = init_desc(EVM_XATTR_HMAC);
223 if (IS_ERR(desc)) { 225 if (IS_ERR(desc)) {
224 printk(KERN_INFO "init_desc failed\n"); 226 pr_info("init_desc failed\n");
225 return PTR_ERR(desc); 227 return PTR_ERR(desc);
226 } 228 }
227 229
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 336b3ddfe63f..6e0bd933b6a9 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -14,6 +14,8 @@
14 * evm_inode_removexattr, and evm_verifyxattr 14 * evm_inode_removexattr, and evm_verifyxattr
15 */ 15 */
16 16
17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
17#include <linux/module.h> 19#include <linux/module.h>
18#include <linux/crypto.h> 20#include <linux/crypto.h>
19#include <linux/audit.h> 21#include <linux/audit.h>
@@ -62,7 +64,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry)
62 int error; 64 int error;
63 int count = 0; 65 int count = 0;
64 66
65 if (!inode->i_op || !inode->i_op->getxattr) 67 if (!inode->i_op->getxattr)
66 return -EOPNOTSUPP; 68 return -EOPNOTSUPP;
67 69
68 for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) { 70 for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) {
@@ -432,7 +434,7 @@ static int __init init_evm(void)
432 434
433 error = evm_init_secfs(); 435 error = evm_init_secfs();
434 if (error < 0) { 436 if (error < 0) {
435 printk(KERN_INFO "EVM: Error registering secfs\n"); 437 pr_info("Error registering secfs\n");
436 goto err; 438 goto err;
437 } 439 }
438 440
@@ -449,7 +451,7 @@ static int __init evm_display_config(void)
449 char **xattrname; 451 char **xattrname;
450 452
451 for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) 453 for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++)
452 printk(KERN_INFO "EVM: %s\n", *xattrname); 454 pr_info("%s\n", *xattrname);
453 return 0; 455 return 0;
454} 456}
455 457
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 30f670ad6ac3..cf12a04717d3 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -13,6 +13,8 @@
13 * - Get the key and enable EVM 13 * - Get the key and enable EVM
14 */ 14 */
15 15
16#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17
16#include <linux/uaccess.h> 18#include <linux/uaccess.h>
17#include <linux/module.h> 19#include <linux/module.h>
18#include "evm.h" 20#include "evm.h"
@@ -79,9 +81,9 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
79 error = evm_init_key(); 81 error = evm_init_key();
80 if (!error) { 82 if (!error) {
81 evm_initialized = 1; 83 evm_initialized = 1;
82 pr_info("EVM: initialized\n"); 84 pr_info("initialized\n");
83 } else 85 } else
84 pr_err("EVM: initialization failed\n"); 86 pr_err("initialization failed\n");
85 return count; 87 return count;
86} 88}
87 89
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index c49d3f14cbec..a521edf4cbd6 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -151,7 +151,7 @@ static void init_once(void *foo)
151{ 151{
152 struct integrity_iint_cache *iint = foo; 152 struct integrity_iint_cache *iint = foo;
153 153
154 memset(iint, 0, sizeof *iint); 154 memset(iint, 0, sizeof(*iint));
155 iint->version = 0; 155 iint->version = 0;
156 iint->flags = 0UL; 156 iint->flags = 0UL;
157 iint->ima_file_status = INTEGRITY_UNKNOWN; 157 iint->ima_file_status = INTEGRITY_UNKNOWN;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 0356e1d437ca..f79fa8be203c 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -27,7 +27,7 @@
27#include "../integrity.h" 27#include "../integrity.h"
28 28
29enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN, 29enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
30 IMA_SHOW_ASCII }; 30 IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII };
31enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 31enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
32 32
33/* digest size for IMA, fits SHA1 or MD5 */ 33/* digest size for IMA, fits SHA1 or MD5 */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index c38bbce8c6a6..ba9e4d792dd5 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -92,8 +92,8 @@ int ima_store_template(struct ima_template_entry *entry,
92 int violation, struct inode *inode, 92 int violation, struct inode *inode,
93 const unsigned char *filename) 93 const unsigned char *filename)
94{ 94{
95 const char *op = "add_template_measure"; 95 static const char op[] = "add_template_measure";
96 const char *audit_cause = "hashing_error"; 96 static const char audit_cause[] = "hashing_error";
97 char *template_name = entry->template_desc->name; 97 char *template_name = entry->template_desc->name;
98 int result; 98 int result;
99 struct { 99 struct {
@@ -132,7 +132,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
132 const char *op, const char *cause) 132 const char *op, const char *cause)
133{ 133{
134 struct ima_template_entry *entry; 134 struct ima_template_entry *entry;
135 struct inode *inode = file->f_dentry->d_inode; 135 struct inode *inode = file_inode(file);
136 int violation = 1; 136 int violation = 1;
137 int result; 137 int result;
138 138
@@ -160,10 +160,10 @@ err_out:
160 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) 160 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
161 * 161 *
162 * The policy is defined in terms of keypairs: 162 * The policy is defined in terms of keypairs:
163 * subj=, obj=, type=, func=, mask=, fsmagic= 163 * subj=, obj=, type=, func=, mask=, fsmagic=
164 * subj,obj, and type: are LSM specific. 164 * subj,obj, and type: are LSM specific.
165 * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK 165 * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK
166 * mask: contains the permission mask 166 * mask: contains the permission mask
167 * fsmagic: hex value 167 * fsmagic: hex value
168 * 168 *
169 * Returns IMA_MEASURE, IMA_APPRAISE mask. 169 * Returns IMA_MEASURE, IMA_APPRAISE mask.
@@ -248,7 +248,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
248 * 248 *
249 * We only get here if the inode has not already been measured, 249 * We only get here if the inode has not already been measured,
250 * but the measurement could already exist: 250 * but the measurement could already exist:
251 * - multiple copies of the same file on either the same or 251 * - multiple copies of the same file on either the same or
252 * different filesystems. 252 * different filesystems.
253 * - the inode was previously flushed as well as the iint info, 253 * - the inode was previously flushed as well as the iint info,
254 * containing the hashing info. 254 * containing the hashing info.
@@ -260,8 +260,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
260 struct evm_ima_xattr_data *xattr_value, 260 struct evm_ima_xattr_data *xattr_value,
261 int xattr_len) 261 int xattr_len)
262{ 262{
263 const char *op = "add_template_measure"; 263 static const char op[] = "add_template_measure";
264 const char *audit_cause = "ENOMEM"; 264 static const char audit_cause[] = "ENOMEM";
265 int result = -ENOMEM; 265 int result = -ENOMEM;
266 struct inode *inode = file_inode(file); 266 struct inode *inode = file_inode(file);
267 struct ima_template_entry *entry; 267 struct ima_template_entry *entry;
@@ -332,5 +332,5 @@ const char *ima_d_path(struct path *path, char **pathbuf)
332 pathname = NULL; 332 pathname = NULL;
333 } 333 }
334 } 334 }
335 return pathname; 335 return pathname ?: (const char *)path->dentry->d_name.name;
336} 336}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 734e9468aca0..291bf0f3a46d 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -177,11 +177,11 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
177 struct evm_ima_xattr_data *xattr_value, 177 struct evm_ima_xattr_data *xattr_value,
178 int xattr_len) 178 int xattr_len)
179{ 179{
180 static const char op[] = "appraise_data";
181 char *cause = "unknown";
180 struct dentry *dentry = file->f_dentry; 182 struct dentry *dentry = file->f_dentry;
181 struct inode *inode = dentry->d_inode; 183 struct inode *inode = dentry->d_inode;
182 enum integrity_status status = INTEGRITY_UNKNOWN; 184 enum integrity_status status = INTEGRITY_UNKNOWN;
183 const char *op = "appraise_data";
184 char *cause = "unknown";
185 int rc = xattr_len, hash_start = 0; 185 int rc = xattr_len, hash_start = 0;
186 186
187 if (!ima_appraise) 187 if (!ima_appraise)
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index fdf60def52e9..1bde8e627766 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -10,9 +10,11 @@
10 * the Free Software Foundation, version 2 of the License. 10 * the Free Software Foundation, version 2 of the License.
11 * 11 *
12 * File: ima_crypto.c 12 * File: ima_crypto.c
13 * Calculates md5/sha1 file hash, template hash, boot-aggreate hash 13 * Calculates md5/sha1 file hash, template hash, boot-aggreate hash
14 */ 14 */
15 15
16#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17
16#include <linux/kernel.h> 18#include <linux/kernel.h>
17#include <linux/file.h> 19#include <linux/file.h>
18#include <linux/crypto.h> 20#include <linux/crypto.h>
@@ -85,16 +87,20 @@ static int ima_calc_file_hash_tfm(struct file *file,
85 if (rc != 0) 87 if (rc != 0)
86 return rc; 88 return rc;
87 89
88 rbuf = kzalloc(PAGE_SIZE, GFP_KERNEL); 90 i_size = i_size_read(file_inode(file));
89 if (!rbuf) { 91
90 rc = -ENOMEM; 92 if (i_size == 0)
91 goto out; 93 goto out;
92 } 94
95 rbuf = kzalloc(PAGE_SIZE, GFP_KERNEL);
96 if (!rbuf)
97 return -ENOMEM;
98
93 if (!(file->f_mode & FMODE_READ)) { 99 if (!(file->f_mode & FMODE_READ)) {
94 file->f_mode |= FMODE_READ; 100 file->f_mode |= FMODE_READ;
95 read = 1; 101 read = 1;
96 } 102 }
97 i_size = i_size_read(file_inode(file)); 103
98 while (offset < i_size) { 104 while (offset < i_size) {
99 int rbuf_len; 105 int rbuf_len;
100 106
@@ -111,12 +117,12 @@ static int ima_calc_file_hash_tfm(struct file *file,
111 if (rc) 117 if (rc)
112 break; 118 break;
113 } 119 }
114 kfree(rbuf);
115 if (!rc)
116 rc = crypto_shash_final(&desc.shash, hash->digest);
117 if (read) 120 if (read)
118 file->f_mode &= ~FMODE_READ; 121 file->f_mode &= ~FMODE_READ;
122 kfree(rbuf);
119out: 123out:
124 if (!rc)
125 rc = crypto_shash_final(&desc.shash, hash->digest);
120 return rc; 126 return rc;
121} 127}
122 128
@@ -161,15 +167,22 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
161 return rc; 167 return rc;
162 168
163 for (i = 0; i < num_fields; i++) { 169 for (i = 0; i < num_fields; i++) {
170 u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
171 u8 *data_to_hash = field_data[i].data;
172 u32 datalen = field_data[i].len;
173
164 if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) { 174 if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
165 rc = crypto_shash_update(&desc.shash, 175 rc = crypto_shash_update(&desc.shash,
166 (const u8 *) &field_data[i].len, 176 (const u8 *) &field_data[i].len,
167 sizeof(field_data[i].len)); 177 sizeof(field_data[i].len));
168 if (rc) 178 if (rc)
169 break; 179 break;
180 } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
181 memcpy(buffer, data_to_hash, datalen);
182 data_to_hash = buffer;
183 datalen = IMA_EVENT_NAME_LEN_MAX + 1;
170 } 184 }
171 rc = crypto_shash_update(&desc.shash, field_data[i].data, 185 rc = crypto_shash_update(&desc.shash, data_to_hash, datalen);
172 field_data[i].len);
173 if (rc) 186 if (rc)
174 break; 187 break;
175 } 188 }
@@ -205,7 +218,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
205 return; 218 return;
206 219
207 if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) 220 if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
208 pr_err("IMA: Error Communicating to TPM chip\n"); 221 pr_err("Error Communicating to TPM chip\n");
209} 222}
210 223
211/* 224/*
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index db01125926bd..da92fcc08d15 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -133,14 +133,14 @@ static int ima_measurements_show(struct seq_file *m, void *v)
133 * PCR used is always the same (config option) in 133 * PCR used is always the same (config option) in
134 * little-endian format 134 * little-endian format
135 */ 135 */
136 ima_putc(m, &pcr, sizeof pcr); 136 ima_putc(m, &pcr, sizeof(pcr));
137 137
138 /* 2nd: template digest */ 138 /* 2nd: template digest */
139 ima_putc(m, e->digest, TPM_DIGEST_SIZE); 139 ima_putc(m, e->digest, TPM_DIGEST_SIZE);
140 140
141 /* 3rd: template name size */ 141 /* 3rd: template name size */
142 namelen = strlen(e->template_desc->name); 142 namelen = strlen(e->template_desc->name);
143 ima_putc(m, &namelen, sizeof namelen); 143 ima_putc(m, &namelen, sizeof(namelen));
144 144
145 /* 4th: template name */ 145 /* 4th: template name */
146 ima_putc(m, e->template_desc->name, namelen); 146 ima_putc(m, e->template_desc->name, namelen);
@@ -160,6 +160,8 @@ static int ima_measurements_show(struct seq_file *m, void *v)
160 160
161 if (is_ima_template && strcmp(field->field_id, "d") == 0) 161 if (is_ima_template && strcmp(field->field_id, "d") == 0)
162 show = IMA_SHOW_BINARY_NO_FIELD_LEN; 162 show = IMA_SHOW_BINARY_NO_FIELD_LEN;
163 if (is_ima_template && strcmp(field->field_id, "n") == 0)
164 show = IMA_SHOW_BINARY_OLD_STRING_FMT;
163 field->field_show(m, show, &e->template_data[i]); 165 field->field_show(m, show, &e->template_data[i]);
164 } 166 }
165 return 0; 167 return 0;
@@ -290,7 +292,7 @@ static atomic_t policy_opencount = ATOMIC_INIT(1);
290/* 292/*
291 * ima_open_policy: sequentialize access to the policy file 293 * ima_open_policy: sequentialize access to the policy file
292 */ 294 */
293static int ima_open_policy(struct inode * inode, struct file * filp) 295static int ima_open_policy(struct inode *inode, struct file *filp)
294{ 296{
295 /* No point in being allowed to open it if you aren't going to write */ 297 /* No point in being allowed to open it if you aren't going to write */
296 if (!(filp->f_flags & O_WRONLY)) 298 if (!(filp->f_flags & O_WRONLY))
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 37122768554a..e8f9d70a465d 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -14,6 +14,9 @@
14 * File: ima_init.c 14 * File: ima_init.c
15 * initialization and cleanup functions 15 * initialization and cleanup functions
16 */ 16 */
17
18#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19
17#include <linux/module.h> 20#include <linux/module.h>
18#include <linux/scatterlist.h> 21#include <linux/scatterlist.h>
19#include <linux/slab.h> 22#include <linux/slab.h>
@@ -42,10 +45,10 @@ int ima_used_chip;
42 */ 45 */
43static void __init ima_add_boot_aggregate(void) 46static void __init ima_add_boot_aggregate(void)
44{ 47{
48 static const char op[] = "add_boot_aggregate";
49 const char *audit_cause = "ENOMEM";
45 struct ima_template_entry *entry; 50 struct ima_template_entry *entry;
46 struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; 51 struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
47 const char *op = "add_boot_aggregate";
48 const char *audit_cause = "ENOMEM";
49 int result = -ENOMEM; 52 int result = -ENOMEM;
50 int violation = 0; 53 int violation = 0;
51 struct { 54 struct {
@@ -93,7 +96,7 @@ int __init ima_init(void)
93 ima_used_chip = 1; 96 ima_used_chip = 1;
94 97
95 if (!ima_used_chip) 98 if (!ima_used_chip)
96 pr_info("IMA: No TPM chip found, activating TPM-bypass!\n"); 99 pr_info("No TPM chip found, activating TPM-bypass!\n");
97 100
98 rc = ima_init_crypto(); 101 rc = ima_init_crypto();
99 if (rc) 102 if (rc)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 149ee1119f87..52ac6cf41f88 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -71,15 +71,14 @@ __setup("ima_hash=", hash_setup);
71 * ima_rdwr_violation_check 71 * ima_rdwr_violation_check
72 * 72 *
73 * Only invalidate the PCR for measured files: 73 * Only invalidate the PCR for measured files:
74 * - Opening a file for write when already open for read, 74 * - Opening a file for write when already open for read,
75 * results in a time of measure, time of use (ToMToU) error. 75 * results in a time of measure, time of use (ToMToU) error.
76 * - Opening a file for read when already open for write, 76 * - Opening a file for read when already open for write,
77 * could result in a file measurement error. 77 * could result in a file measurement error.
78 * 78 *
79 */ 79 */
80static void ima_rdwr_violation_check(struct file *file) 80static void ima_rdwr_violation_check(struct file *file)
81{ 81{
82 struct dentry *dentry = file->f_path.dentry;
83 struct inode *inode = file_inode(file); 82 struct inode *inode = file_inode(file);
84 fmode_t mode = file->f_mode; 83 fmode_t mode = file->f_mode;
85 int must_measure; 84 int must_measure;
@@ -111,8 +110,6 @@ out:
111 return; 110 return;
112 111
113 pathname = ima_d_path(&file->f_path, &pathbuf); 112 pathname = ima_d_path(&file->f_path, &pathbuf);
114 if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
115 pathname = dentry->d_name.name;
116 113
117 if (send_tomtou) 114 if (send_tomtou)
118 ima_add_violation(file, pathname, "invalid_pcr", "ToMToU"); 115 ima_add_violation(file, pathname, "invalid_pcr", "ToMToU");
@@ -220,9 +217,7 @@ static int process_measurement(struct file *file, const char *filename,
220 if (rc != 0) 217 if (rc != 0)
221 goto out_digsig; 218 goto out_digsig;
222 219
223 pathname = !filename ? ima_d_path(&file->f_path, &pathbuf) : filename; 220 pathname = filename ?: ima_d_path(&file->f_path, &pathbuf);
224 if (!pathname)
225 pathname = (const char *)file->f_dentry->d_name.name;
226 221
227 if (action & IMA_MEASURE) 222 if (action & IMA_MEASURE)
228 ima_store_measurement(iint, file, pathname, 223 ima_store_measurement(iint, file, pathname,
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index a9c3d3cd1990..93873a450ff7 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -7,7 +7,7 @@
7 * the Free Software Foundation, version 2 of the License. 7 * the Free Software Foundation, version 2 of the License.
8 * 8 *
9 * ima_policy.c 9 * ima_policy.c
10 * - initialize default measure policy rules 10 * - initialize default measure policy rules
11 * 11 *
12 */ 12 */
13#include <linux/module.h> 13#include <linux/module.h>
@@ -21,8 +21,8 @@
21#include "ima.h" 21#include "ima.h"
22 22
23/* flags definitions */ 23/* flags definitions */
24#define IMA_FUNC 0x0001 24#define IMA_FUNC 0x0001
25#define IMA_MASK 0x0002 25#define IMA_MASK 0x0002
26#define IMA_FSMAGIC 0x0004 26#define IMA_FSMAGIC 0x0004
27#define IMA_UID 0x0008 27#define IMA_UID 0x0008
28#define IMA_FOWNER 0x0010 28#define IMA_FOWNER 0x0010
@@ -69,35 +69,35 @@ struct ima_rule_entry {
69 * and running executables. 69 * and running executables.
70 */ 70 */
71static struct ima_rule_entry default_rules[] = { 71static struct ima_rule_entry default_rules[] = {
72 {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 72 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
73 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, 73 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
74 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, 74 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
75 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, 75 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
76 {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 76 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
77 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 77 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
78 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 78 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
79 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, 79 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
80 {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC, 80 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
81 .flags = IMA_FUNC | IMA_MASK}, 81 .flags = IMA_FUNC | IMA_MASK},
82 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, 82 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
83 .flags = IMA_FUNC | IMA_MASK}, 83 .flags = IMA_FUNC | IMA_MASK},
84 {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = GLOBAL_ROOT_UID, 84 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, .uid = GLOBAL_ROOT_UID,
85 .flags = IMA_FUNC | IMA_MASK | IMA_UID}, 85 .flags = IMA_FUNC | IMA_MASK | IMA_UID},
86 {.action = MEASURE,.func = MODULE_CHECK, .flags = IMA_FUNC}, 86 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
87}; 87};
88 88
89static struct ima_rule_entry default_appraise_rules[] = { 89static struct ima_rule_entry default_appraise_rules[] = {
90 {.action = DONT_APPRAISE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 90 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
91 {.action = DONT_APPRAISE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, 91 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
92 {.action = DONT_APPRAISE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, 92 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
93 {.action = DONT_APPRAISE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, 93 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
94 {.action = DONT_APPRAISE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC}, 94 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
95 {.action = DONT_APPRAISE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 95 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
96 {.action = DONT_APPRAISE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 96 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
97 {.action = DONT_APPRAISE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 97 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
98 {.action = DONT_APPRAISE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, 98 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
99 {.action = DONT_APPRAISE,.fsmagic = CGROUP_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 99 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
100 {.action = APPRAISE,.fowner = GLOBAL_ROOT_UID,.flags = IMA_FOWNER}, 100 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .flags = IMA_FOWNER},
101}; 101};
102 102
103static LIST_HEAD(ima_default_rules); 103static LIST_HEAD(ima_default_rules);
@@ -122,12 +122,12 @@ static int __init default_appraise_policy_setup(char *str)
122} 122}
123__setup("ima_appraise_tcb", default_appraise_policy_setup); 123__setup("ima_appraise_tcb", default_appraise_policy_setup);
124 124
125/* 125/*
126 * Although the IMA policy does not change, the LSM policy can be 126 * Although the IMA policy does not change, the LSM policy can be
127 * reloaded, leaving the IMA LSM based rules referring to the old, 127 * reloaded, leaving the IMA LSM based rules referring to the old,
128 * stale LSM policy. 128 * stale LSM policy.
129 * 129 *
130 * Update the IMA LSM based rules to reflect the reloaded LSM policy. 130 * Update the IMA LSM based rules to reflect the reloaded LSM policy.
131 * We assume the rules still exist; and BUG_ON() if they don't. 131 * We assume the rules still exist; and BUG_ON() if they don't.
132 */ 132 */
133static void ima_lsm_update_rules(void) 133static void ima_lsm_update_rules(void)
@@ -167,9 +167,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
167 const struct cred *cred = current_cred(); 167 const struct cred *cred = current_cred();
168 int i; 168 int i;
169 169
170 if ((rule->flags & IMA_FUNC) && rule->func != func) 170 if ((rule->flags & IMA_FUNC) &&
171 (rule->func != func && func != POST_SETATTR))
171 return false; 172 return false;
172 if ((rule->flags & IMA_MASK) && rule->mask != mask) 173 if ((rule->flags & IMA_MASK) &&
174 (rule->mask != mask && func != POST_SETATTR))
173 return false; 175 return false;
174 if ((rule->flags & IMA_FSMAGIC) 176 if ((rule->flags & IMA_FSMAGIC)
175 && rule->fsmagic != inode->i_sb->s_magic) 177 && rule->fsmagic != inode->i_sb->s_magic)
@@ -216,7 +218,7 @@ retry:
216 retried = 1; 218 retried = 1;
217 ima_lsm_update_rules(); 219 ima_lsm_update_rules();
218 goto retry; 220 goto retry;
219 } 221 }
220 if (!rc) 222 if (!rc)
221 return false; 223 return false;
222 } 224 }
@@ -232,7 +234,7 @@ static int get_subaction(struct ima_rule_entry *rule, int func)
232 if (!(rule->flags & IMA_FUNC)) 234 if (!(rule->flags & IMA_FUNC))
233 return IMA_FILE_APPRAISE; 235 return IMA_FILE_APPRAISE;
234 236
235 switch(func) { 237 switch (func) {
236 case MMAP_CHECK: 238 case MMAP_CHECK:
237 return IMA_MMAP_APPRAISE; 239 return IMA_MMAP_APPRAISE;
238 case BPRM_CHECK: 240 case BPRM_CHECK:
@@ -304,7 +306,7 @@ void __init ima_init_policy(void)
304 measure_entries = ima_use_tcb ? ARRAY_SIZE(default_rules) : 0; 306 measure_entries = ima_use_tcb ? ARRAY_SIZE(default_rules) : 0;
305 appraise_entries = ima_use_appraise_tcb ? 307 appraise_entries = ima_use_appraise_tcb ?
306 ARRAY_SIZE(default_appraise_rules) : 0; 308 ARRAY_SIZE(default_appraise_rules) : 0;
307 309
308 for (i = 0; i < measure_entries + appraise_entries; i++) { 310 for (i = 0; i < measure_entries + appraise_entries; i++) {
309 if (i < measure_entries) 311 if (i < measure_entries)
310 list_add_tail(&default_rules[i].list, 312 list_add_tail(&default_rules[i].list,
@@ -329,7 +331,7 @@ void __init ima_init_policy(void)
329 */ 331 */
330void ima_update_policy(void) 332void ima_update_policy(void)
331{ 333{
332 const char *op = "policy_update"; 334 static const char op[] = "policy_update";
333 const char *cause = "already exists"; 335 const char *cause = "already exists";
334 int result = 1; 336 int result = 1;
335 int audit_info = 0; 337 int audit_info = 0;
@@ -520,8 +522,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
520 break; 522 break;
521 } 523 }
522 524
523 result = strict_strtoul(args[0].from, 16, 525 result = kstrtoul(args[0].from, 16, &entry->fsmagic);
524 &entry->fsmagic);
525 if (!result) 526 if (!result)
526 entry->flags |= IMA_FSMAGIC; 527 entry->flags |= IMA_FSMAGIC;
527 break; 528 break;
@@ -547,7 +548,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
547 break; 548 break;
548 } 549 }
549 550
550 result = strict_strtoul(args[0].from, 10, &lnum); 551 result = kstrtoul(args[0].from, 10, &lnum);
551 if (!result) { 552 if (!result) {
552 entry->uid = make_kuid(current_user_ns(), (uid_t)lnum); 553 entry->uid = make_kuid(current_user_ns(), (uid_t)lnum);
553 if (!uid_valid(entry->uid) || (((uid_t)lnum) != lnum)) 554 if (!uid_valid(entry->uid) || (((uid_t)lnum) != lnum))
@@ -564,7 +565,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
564 break; 565 break;
565 } 566 }
566 567
567 result = strict_strtoul(args[0].from, 10, &lnum); 568 result = kstrtoul(args[0].from, 10, &lnum);
568 if (!result) { 569 if (!result) {
569 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); 570 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum);
570 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) 571 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum))
@@ -645,7 +646,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
645 */ 646 */
646ssize_t ima_parse_add_rule(char *rule) 647ssize_t ima_parse_add_rule(char *rule)
647{ 648{
648 const char *op = "update_policy"; 649 static const char op[] = "update_policy";
649 char *p; 650 char *p;
650 struct ima_rule_entry *entry; 651 struct ima_rule_entry *entry;
651 ssize_t result, len; 652 ssize_t result, len;
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index d85e99761f4f..552705d5a78d 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -18,6 +18,9 @@
18 * The measurement list is append-only. No entry is 18 * The measurement list is append-only. No entry is
19 * ever removed or changed during the boot-cycle. 19 * ever removed or changed during the boot-cycle.
20 */ 20 */
21
22#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23
21#include <linux/module.h> 24#include <linux/module.h>
22#include <linux/rculist.h> 25#include <linux/rculist.h>
23#include <linux/slab.h> 26#include <linux/slab.h>
@@ -72,7 +75,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
72 75
73 qe = kmalloc(sizeof(*qe), GFP_KERNEL); 76 qe = kmalloc(sizeof(*qe), GFP_KERNEL);
74 if (qe == NULL) { 77 if (qe == NULL) {
75 pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n"); 78 pr_err("OUT OF MEMORY ERROR creating queue entry\n");
76 return -ENOMEM; 79 return -ENOMEM;
77 } 80 }
78 qe->entry = entry; 81 qe->entry = entry;
@@ -95,8 +98,7 @@ static int ima_pcr_extend(const u8 *hash)
95 98
96 result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); 99 result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
97 if (result != 0) 100 if (result != 0)
98 pr_err("IMA: Error Communicating to TPM chip, result: %d\n", 101 pr_err("Error Communicating to TPM chip, result: %d\n", result);
99 result);
100 return result; 102 return result;
101} 103}
102 104
@@ -115,7 +117,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
115 117
116 mutex_lock(&ima_extend_list_mutex); 118 mutex_lock(&ima_extend_list_mutex);
117 if (!violation) { 119 if (!violation) {
118 memcpy(digest, entry->digest, sizeof digest); 120 memcpy(digest, entry->digest, sizeof(digest));
119 if (ima_lookup_digest_entry(digest)) { 121 if (ima_lookup_digest_entry(digest)) {
120 audit_cause = "hash_exists"; 122 audit_cause = "hash_exists";
121 result = -EEXIST; 123 result = -EEXIST;
@@ -131,7 +133,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
131 } 133 }
132 134
133 if (violation) /* invalidate pcr */ 135 if (violation) /* invalidate pcr */
134 memset(digest, 0xff, sizeof digest); 136 memset(digest, 0xff, sizeof(digest));
135 137
136 tpmresult = ima_pcr_extend(digest); 138 tpmresult = ima_pcr_extend(digest);
137 if (tpmresult != 0) { 139 if (tpmresult != 0) {
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 635695f6a185..a076a967ec47 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -12,6 +12,9 @@
12 * File: ima_template.c 12 * File: ima_template.c
13 * Helpers to manage template descriptors. 13 * Helpers to manage template descriptors.
14 */ 14 */
15
16#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17
15#include <crypto/hash_info.h> 18#include <crypto/hash_info.h>
16 19
17#include "ima.h" 20#include "ima.h"
@@ -19,20 +22,20 @@
19 22
20static struct ima_template_desc defined_templates[] = { 23static struct ima_template_desc defined_templates[] = {
21 {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT}, 24 {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
22 {.name = "ima-ng",.fmt = "d-ng|n-ng"}, 25 {.name = "ima-ng", .fmt = "d-ng|n-ng"},
23 {.name = "ima-sig",.fmt = "d-ng|n-ng|sig"}, 26 {.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
24}; 27};
25 28
26static struct ima_template_field supported_fields[] = { 29static struct ima_template_field supported_fields[] = {
27 {.field_id = "d",.field_init = ima_eventdigest_init, 30 {.field_id = "d", .field_init = ima_eventdigest_init,
28 .field_show = ima_show_template_digest}, 31 .field_show = ima_show_template_digest},
29 {.field_id = "n",.field_init = ima_eventname_init, 32 {.field_id = "n", .field_init = ima_eventname_init,
30 .field_show = ima_show_template_string}, 33 .field_show = ima_show_template_string},
31 {.field_id = "d-ng",.field_init = ima_eventdigest_ng_init, 34 {.field_id = "d-ng", .field_init = ima_eventdigest_ng_init,
32 .field_show = ima_show_template_digest_ng}, 35 .field_show = ima_show_template_digest_ng},
33 {.field_id = "n-ng",.field_init = ima_eventname_ng_init, 36 {.field_id = "n-ng", .field_init = ima_eventname_ng_init,
34 .field_show = ima_show_template_string}, 37 .field_show = ima_show_template_string},
35 {.field_id = "sig",.field_init = ima_eventsig_init, 38 {.field_id = "sig", .field_init = ima_eventsig_init,
36 .field_show = ima_show_template_sig}, 39 .field_show = ima_show_template_sig},
37}; 40};
38 41
@@ -58,7 +61,7 @@ static int __init ima_template_setup(char *str)
58 */ 61 */
59 if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 && 62 if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 &&
60 ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) { 63 ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) {
61 pr_err("IMA: template does not support hash alg\n"); 64 pr_err("template does not support hash alg\n");
62 return 1; 65 return 1;
63 } 66 }
64 67
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 1683bbf289a4..1506f0248572 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -27,7 +27,6 @@ static bool ima_template_hash_algo_allowed(u8 algo)
27enum data_formats { 27enum data_formats {
28 DATA_FMT_DIGEST = 0, 28 DATA_FMT_DIGEST = 0,
29 DATA_FMT_DIGEST_WITH_ALGO, 29 DATA_FMT_DIGEST_WITH_ALGO,
30 DATA_FMT_EVENT_NAME,
31 DATA_FMT_STRING, 30 DATA_FMT_STRING,
32 DATA_FMT_HEX 31 DATA_FMT_HEX
33}; 32};
@@ -37,18 +36,10 @@ static int ima_write_template_field_data(const void *data, const u32 datalen,
37 struct ima_field_data *field_data) 36 struct ima_field_data *field_data)
38{ 37{
39 u8 *buf, *buf_ptr; 38 u8 *buf, *buf_ptr;
40 u32 buflen; 39 u32 buflen = datalen;
41 40
42 switch (datafmt) { 41 if (datafmt == DATA_FMT_STRING)
43 case DATA_FMT_EVENT_NAME:
44 buflen = IMA_EVENT_NAME_LEN_MAX + 1;
45 break;
46 case DATA_FMT_STRING:
47 buflen = datalen + 1; 42 buflen = datalen + 1;
48 break;
49 default:
50 buflen = datalen;
51 }
52 43
53 buf = kzalloc(buflen, GFP_KERNEL); 44 buf = kzalloc(buflen, GFP_KERNEL);
54 if (!buf) 45 if (!buf)
@@ -63,7 +54,7 @@ static int ima_write_template_field_data(const void *data, const u32 datalen,
63 * split into multiple template fields (the space is the delimitator 54 * split into multiple template fields (the space is the delimitator
64 * character for measurements lists in ASCII format). 55 * character for measurements lists in ASCII format).
65 */ 56 */
66 if (datafmt == DATA_FMT_EVENT_NAME || datafmt == DATA_FMT_STRING) { 57 if (datafmt == DATA_FMT_STRING) {
67 for (buf_ptr = buf; buf_ptr - buf < datalen; buf_ptr++) 58 for (buf_ptr = buf; buf_ptr - buf < datalen; buf_ptr++)
68 if (*buf_ptr == ' ') 59 if (*buf_ptr == ' ')
69 *buf_ptr = '_'; 60 *buf_ptr = '_';
@@ -109,13 +100,16 @@ static void ima_show_template_data_binary(struct seq_file *m,
109 enum data_formats datafmt, 100 enum data_formats datafmt,
110 struct ima_field_data *field_data) 101 struct ima_field_data *field_data)
111{ 102{
103 u32 len = (show == IMA_SHOW_BINARY_OLD_STRING_FMT) ?
104 strlen(field_data->data) : field_data->len;
105
112 if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) 106 if (show != IMA_SHOW_BINARY_NO_FIELD_LEN)
113 ima_putc(m, &field_data->len, sizeof(u32)); 107 ima_putc(m, &len, sizeof(len));
114 108
115 if (!field_data->len) 109 if (!len)
116 return; 110 return;
117 111
118 ima_putc(m, field_data->data, field_data->len); 112 ima_putc(m, field_data->data, len);
119} 113}
120 114
121static void ima_show_template_field_data(struct seq_file *m, 115static void ima_show_template_field_data(struct seq_file *m,
@@ -129,6 +123,7 @@ static void ima_show_template_field_data(struct seq_file *m,
129 break; 123 break;
130 case IMA_SHOW_BINARY: 124 case IMA_SHOW_BINARY:
131 case IMA_SHOW_BINARY_NO_FIELD_LEN: 125 case IMA_SHOW_BINARY_NO_FIELD_LEN:
126 case IMA_SHOW_BINARY_OLD_STRING_FMT:
132 ima_show_template_data_binary(m, show, datafmt, field_data); 127 ima_show_template_data_binary(m, show, datafmt, field_data);
133 break; 128 break;
134 default: 129 default:
@@ -277,8 +272,6 @@ static int ima_eventname_init_common(struct integrity_iint_cache *iint,
277{ 272{
278 const char *cur_filename = NULL; 273 const char *cur_filename = NULL;
279 u32 cur_filename_len = 0; 274 u32 cur_filename_len = 0;
280 enum data_formats fmt = size_limit ?
281 DATA_FMT_EVENT_NAME : DATA_FMT_STRING;
282 275
283 BUG_ON(filename == NULL && file == NULL); 276 BUG_ON(filename == NULL && file == NULL);
284 277
@@ -301,7 +294,7 @@ static int ima_eventname_init_common(struct integrity_iint_cache *iint,
301 cur_filename_len = IMA_EVENT_NAME_LEN_MAX; 294 cur_filename_len = IMA_EVENT_NAME_LEN_MAX;
302out: 295out:
303 return ima_write_template_field_data(cur_filename, cur_filename_len, 296 return ima_write_template_field_data(cur_filename, cur_filename_len,
304 fmt, field_data); 297 DATA_FMT_STRING, field_data);
305} 298}
306 299
307/* 300/*
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
index d7efb30404aa..90987d15b6fe 100644
--- a/security/integrity/integrity_audit.c
+++ b/security/integrity/integrity_audit.c
@@ -7,7 +7,7 @@
7 * the Free Software Foundation, version 2 of the License. 7 * the Free Software Foundation, version 2 of the License.
8 * 8 *
9 * File: integrity_audit.c 9 * File: integrity_audit.c
10 * Audit calls for the integrity subsystem 10 * Audit calls for the integrity subsystem
11 */ 11 */
12 12
13#include <linux/fs.h> 13#include <linux/fs.h>
@@ -22,7 +22,7 @@ static int __init integrity_audit_setup(char *str)
22{ 22{
23 unsigned long audit; 23 unsigned long audit;
24 24
25 if (!strict_strtoul(str, 0, &audit)) 25 if (!kstrtoul(str, 0, &audit))
26 integrity_audit_info = audit ? 1 : 0; 26 integrity_audit_info = audit ? 1 : 0;
27 return 1; 27 return 1;
28} 28}
@@ -33,13 +33,14 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
33 const char *cause, int result, int audit_info) 33 const char *cause, int result, int audit_info)
34{ 34{
35 struct audit_buffer *ab; 35 struct audit_buffer *ab;
36 char name[TASK_COMM_LEN];
36 37
37 if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ 38 if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
38 return; 39 return;
39 40
40 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); 41 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
41 audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", 42 audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
42 current->pid, 43 task_pid_nr(current),
43 from_kuid(&init_user_ns, current_cred()->uid), 44 from_kuid(&init_user_ns, current_cred()->uid),
44 from_kuid(&init_user_ns, audit_get_loginuid(current)), 45 from_kuid(&init_user_ns, audit_get_loginuid(current)),
45 audit_get_sessionid(current)); 46 audit_get_sessionid(current));
@@ -49,7 +50,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
49 audit_log_format(ab, " cause="); 50 audit_log_format(ab, " cause=");
50 audit_log_string(ab, cause); 51 audit_log_string(ab, cause);
51 audit_log_format(ab, " comm="); 52 audit_log_format(ab, " comm=");
52 audit_log_untrustedstring(ab, current->comm); 53 audit_log_untrustedstring(ab, get_task_comm(name, current));
53 if (fname) { 54 if (fname) {
54 audit_log_format(ab, " name="); 55 audit_log_format(ab, " name=");
55 audit_log_untrustedstring(ab, fname); 56 audit_log_untrustedstring(ab, fname);
diff --git a/security/keys/compat.c b/security/keys/compat.c
index bbd32c729dbb..347896548ad3 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -65,8 +65,8 @@ no_payload:
65 * taking a 32-bit syscall are zero. If you can, you should call sys_keyctl() 65 * taking a 32-bit syscall are zero. If you can, you should call sys_keyctl()
66 * directly. 66 * directly.
67 */ 67 */
68asmlinkage long compat_sys_keyctl(u32 option, 68COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
69 u32 arg2, u32 arg3, u32 arg4, u32 arg5) 69 u32, arg2, u32, arg3, u32, arg4, u32, arg5)
70{ 70{
71 switch (option) { 71 switch (option) {
72 case KEYCTL_GET_KEYRING_ID: 72 case KEYCTL_GET_KEYRING_ID:
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 9e1e005c7596..5fe443d120af 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -609,7 +609,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
609 long dlen; 609 long dlen;
610 int ret; 610 int ret;
611 611
612 ret = strict_strtol(datalen, 10, &dlen); 612 ret = kstrtol(datalen, 10, &dlen);
613 if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE) 613 if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
614 return ERR_PTR(-EINVAL); 614 return ERR_PTR(-EINVAL);
615 615
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index e13fcf7636f7..6b804aa4529a 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -753,7 +753,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
753 return -EINVAL; 753 return -EINVAL;
754 break; 754 break;
755 case Opt_keyhandle: 755 case Opt_keyhandle:
756 res = strict_strtoul(args[0].from, 16, &handle); 756 res = kstrtoul(args[0].from, 16, &handle);
757 if (res < 0) 757 if (res < 0)
758 return -EINVAL; 758 return -EINVAL;
759 opt->keytype = SEAL_keytype; 759 opt->keytype = SEAL_keytype;
@@ -782,7 +782,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
782 return -EINVAL; 782 return -EINVAL;
783 break; 783 break;
784 case Opt_pcrlock: 784 case Opt_pcrlock:
785 res = strict_strtoul(args[0].from, 10, &lock); 785 res = kstrtoul(args[0].from, 10, &lock);
786 if (res < 0) 786 if (res < 0)
787 return -EINVAL; 787 return -EINVAL;
788 opt->pcrlock = lock; 788 opt->pcrlock = lock;
@@ -820,7 +820,7 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
820 c = strsep(&datablob, " \t"); 820 c = strsep(&datablob, " \t");
821 if (!c) 821 if (!c)
822 return -EINVAL; 822 return -EINVAL;
823 ret = strict_strtol(c, 10, &keylen); 823 ret = kstrtol(c, 10, &keylen);
824 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) 824 if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE)
825 return -EINVAL; 825 return -EINVAL;
826 p->key_len = keylen; 826 p->key_len = keylen;
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 9a62045e6282..69fdf3bc765b 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
220 */ 220 */
221 BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); 221 BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
222 222
223 audit_log_format(ab, " pid=%d comm=", tsk->pid); 223 audit_log_format(ab, " pid=%d comm=", task_pid_nr(tsk));
224 audit_log_untrustedstring(ab, tsk->comm); 224 audit_log_untrustedstring(ab, tsk->comm);
225 225
226 switch (a->type) { 226 switch (a->type) {
@@ -278,9 +278,12 @@ static void dump_common_audit_data(struct audit_buffer *ab,
278 } 278 }
279 case LSM_AUDIT_DATA_TASK: 279 case LSM_AUDIT_DATA_TASK:
280 tsk = a->u.tsk; 280 tsk = a->u.tsk;
281 if (tsk && tsk->pid) { 281 if (tsk) {
282 audit_log_format(ab, " pid=%d comm=", tsk->pid); 282 pid_t pid = task_pid_nr(tsk);
283 audit_log_untrustedstring(ab, tsk->comm); 283 if (pid) {
284 audit_log_format(ab, " pid=%d comm=", pid);
285 audit_log_untrustedstring(ab, tsk->comm);
286 }
284 } 287 }
285 break; 288 break;
286 case LSM_AUDIT_DATA_NET: 289 case LSM_AUDIT_DATA_NET:
diff --git a/security/security.c b/security/security.c
index 919cad93ac82..8b774f362a3d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -433,11 +433,20 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
433} 433}
434 434
435int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 435int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
436 struct path *new_dir, struct dentry *new_dentry) 436 struct path *new_dir, struct dentry *new_dentry,
437 unsigned int flags)
437{ 438{
438 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 439 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
439 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 440 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
440 return 0; 441 return 0;
442
443 if (flags & RENAME_EXCHANGE) {
444 int err = security_ops->path_rename(new_dir, new_dentry,
445 old_dir, old_dentry);
446 if (err)
447 return err;
448 }
449
441 return security_ops->path_rename(old_dir, old_dentry, new_dir, 450 return security_ops->path_rename(old_dir, old_dentry, new_dir,
442 new_dentry); 451 new_dentry);
443} 452}
@@ -524,11 +533,20 @@ int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
524} 533}
525 534
526int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 535int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
527 struct inode *new_dir, struct dentry *new_dentry) 536 struct inode *new_dir, struct dentry *new_dentry,
537 unsigned int flags)
528{ 538{
529 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 539 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
530 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 540 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
531 return 0; 541 return 0;
542
543 if (flags & RENAME_EXCHANGE) {
544 int err = security_ops->inode_rename(new_dir, new_dentry,
545 old_dir, old_dentry);
546 if (err)
547 return err;
548 }
549
532 return security_ops->inode_rename(old_dir, old_dentry, 550 return security_ops->inode_rename(old_dir, old_dentry,
533 new_dir, new_dentry); 551 new_dir, new_dentry);
534} 552}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b03b0776955a..336f0a04450e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -106,7 +106,7 @@ int selinux_enforcing;
106static int __init enforcing_setup(char *str) 106static int __init enforcing_setup(char *str)
107{ 107{
108 unsigned long enforcing; 108 unsigned long enforcing;
109 if (!strict_strtoul(str, 0, &enforcing)) 109 if (!kstrtoul(str, 0, &enforcing))
110 selinux_enforcing = enforcing ? 1 : 0; 110 selinux_enforcing = enforcing ? 1 : 0;
111 return 1; 111 return 1;
112} 112}
@@ -119,7 +119,7 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
119static int __init selinux_enabled_setup(char *str) 119static int __init selinux_enabled_setup(char *str)
120{ 120{
121 unsigned long enabled; 121 unsigned long enabled;
122 if (!strict_strtoul(str, 0, &enabled)) 122 if (!kstrtoul(str, 0, &enabled))
123 selinux_enabled = enabled ? 1 : 0; 123 selinux_enabled = enabled ? 1 : 0;
124 return 1; 124 return 1;
125} 125}
@@ -3320,6 +3320,9 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3320 case F_GETLK: 3320 case F_GETLK:
3321 case F_SETLK: 3321 case F_SETLK:
3322 case F_SETLKW: 3322 case F_SETLKW:
3323 case F_OFD_GETLK:
3324 case F_OFD_SETLK:
3325 case F_OFD_SETLKW:
3323#if BITS_PER_LONG == 32 3326#if BITS_PER_LONG == 32
3324 case F_GETLK64: 3327 case F_GETLK64:
3325 case F_SETLK64: 3328 case F_SETLK64:
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 9f0584710c85..1450f85b946d 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -46,10 +46,11 @@ static inline void selinux_xfrm_notify_policyload(void)
46{ 46{
47 struct net *net; 47 struct net *net;
48 48
49 atomic_inc(&flow_cache_genid);
50 rtnl_lock(); 49 rtnl_lock();
51 for_each_net(net) 50 for_each_net(net) {
51 atomic_inc(&net->xfrm.flow_cache_genid);
52 rt_genid_bump_all(net); 52 rt_genid_bump_all(net);
53 }
53 rtnl_unlock(); 54 rtnl_unlock();
54} 55}
55#else 56#else
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d60c0ee66387..c71737f6d1cc 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -54,7 +54,7 @@ unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
54static int __init checkreqprot_setup(char *str) 54static int __init checkreqprot_setup(char *str)
55{ 55{
56 unsigned long checkreqprot; 56 unsigned long checkreqprot;
57 if (!strict_strtoul(str, 0, &checkreqprot)) 57 if (!kstrtoul(str, 0, &checkreqprot))
58 selinux_checkreqprot = checkreqprot ? 1 : 0; 58 selinux_checkreqprot = checkreqprot ? 1 : 0;
59 return 1; 59 return 1;
60} 60}
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 80a09c37cac8..a3386d119425 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -173,7 +173,7 @@ static char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer,
173 * Use filesystem name if filesystem does not support rename() 173 * Use filesystem name if filesystem does not support rename()
174 * operation. 174 * operation.
175 */ 175 */
176 if (inode->i_op && !inode->i_op->rename) 176 if (!inode->i_op->rename)
177 goto prepend_filesystem_name; 177 goto prepend_filesystem_name;
178 } 178 }
179 /* Prepend device name. */ 179 /* Prepend device name. */
@@ -282,7 +282,7 @@ char *tomoyo_realpath_from_path(struct path *path)
282 * Get local name for filesystems without rename() operation 282 * Get local name for filesystems without rename() operation
283 * or dentry without vfsmount. 283 * or dentry without vfsmount.
284 */ 284 */
285 if (!path->mnt || (inode->i_op && !inode->i_op->rename)) 285 if (!path->mnt || !inode->i_op->rename)
286 pos = tomoyo_get_local_path(path->dentry, buf, 286 pos = tomoyo_get_local_path(path->dentry, buf,
287 buf_len - 1); 287 buf_len - 1);
288 /* Get absolute name for the rest. */ 288 /* Get absolute name for the rest. */