Re: [PATCH 3/5] X.509: Support leap seconds

2015-12-18 Thread Arnd Bergmann 
On Friday 18 December 2015 00:02:09 David Howells wrote:
> The format of ASN.1 GeneralizedTime seems to be specified by ISO 8601
> [X.680 46.3] and this apparently supports leap seconds (ie. the seconds
> field is 60).  It's not entirely clear that ASN.1 expects it, but we can
> relax the seconds check slightly for GeneralizedTime.
> 
> This, however, results in us passing a time with sec as 60 to mktime64()
> which, unpatched, doesn't really handle such things.  What it will do is
> equate the 60th second of a minute to the 0th second of the next minute.
> 
> We can't really do otherwise without giving the kernel much greater
> knowledge of where all the leap seconds are.  Unfortunately, this would
> require change the mapping of the kernel's current-time-in-seconds.
> 
> UTCTime, however, only supports a seconds value in the range 00-59.
> 
> Without this patch, certain X.509 certificates will be rejected,
> potentially making a kernel unbootable.
> 
> Reported-by: Rudolf Polzer <rpol...@google.com>
> Signed-off-by: David Howells <dhowe...@redhat.com>
> cc: David Woodhouse <david.woodho...@intel.com>
> cc: John Stultz <john.stu...@linaro.org>
> cc: Arnd Bergmann <a...@arndb.de>
> cc: sta...@vger.kernel.org

Acked-by: Arnd Bergmann <a...@arndb.de>
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/5] Handle leap seconds in mktime64()

2015-12-18 Thread Arnd Bergmann 
On Friday 18 December 2015 00:02:02 David Howells wrote:
> Handle leap seconds in mktime64() - where the seconds parameter is the
> value 60 - by treating it the same as 59.
> 
> This facility will be used by the X.509 parser.  Doing it in mktime64()
> makes the policy common to the whole kernel and easier to find.
> 
> Whilst we're at it, remove the const markers from all the parameters since
> they don't really achieve anything and we do need to alter the sec
> parameter.
> 
> Signed-off-by: David Howells <dhowe...@redhat.com>
> cc: John Stultz <john.stu...@linaro.org>
> cc: Arnd Bergmann <a...@arndb.de>
> cc: sta...@vger.kernel.org
> 

Acked-by: Arnd Bergmann <a...@arndb.de>
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/5] Handle both ISO 8601 encodings of midnight in mktime64()

2015-12-18 Thread Arnd Bergmann 
On Friday 18 December 2015 00:02:17 David Howells wrote:
> ISO 8601 format dates permit two different encodings of midnight - 00:00:00
> and 24:00:00 - the first is midnight today and the second is midnight
> tomorrow and is exactly equivalent to the first with tomorrow's date.
> 
> Note that the implementation of mktime64() doesn't actually need to be
> changed to handle this - the multiplication by 3600 of the hour will take
> care of it automatically.  However, we should document that this handling
> is done in mktime64() and is thus in a common place in the kernel.
> 
> This handling is required for X.509 certificate parsing which can be given
> ISO 8601 dates.
> 
> Signed-off-by: David Howells <dhowe...@redhat.com>
> cc: John Stultz <john.stu...@linaro.org>
> cc: Arnd Bergmann <a...@arndb.de>
> cc: sta...@vger.kernel.org
> 

Acked-by: Arnd Bergmann <a...@arndb.de>
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] af_unix: introduce unix_sk_const helper

2015-10-08 Thread Arnd Bergmann 
On Thursday 08 October 2015 04:03:32 David Miller wrote:
> From: Arnd Bergmann <a...@arndb.de>
> Date: Tue, 06 Oct 2015 22:52:46 +0200
> 
> > Commit 124613012db1 ("af_unix: Convert the unix_sk macro to an inline
> > function for type safety") was recently added to catch incorrect
> > uses of the unix_sk helper using compiler warnings.
> > 
> > It has now caught one such case in lsm_audit.c. The code is technically
> > correct, but as it converts a const pointer to a non-const pointer,
> > the annotation got lost, which gcc now warns about.
> > 
> > This patch avoids the warning by introducing an additional helper
> > that has const input and output, which makes the lsm_audit code build
> > cleanly again.
> > 
> > Signed-off-by: Arnd Bergmann <a...@arndb.de>
> > ---
> > I'm not entirely happy with this workaround myself, but could not come
> > up with a better one.
> 
> You can make the argument unconditionally const, as Paul Moore has done
> in a separate patch submission.

Ok, I see now how Paul's "audit: constify parts of common_audit_data and 
lsm_network_audit" patch caused the problem and is now gone from linux-next.
That seems nicer indeed.

Arnd
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] af_unix: introduce unix_sk_const helper

2015-10-06 Thread Arnd Bergmann 
Commit 124613012db1 ("af_unix: Convert the unix_sk macro to an inline
function for type safety") was recently added to catch incorrect
uses of the unix_sk helper using compiler warnings.

It has now caught one such case in lsm_audit.c. The code is technically
correct, but as it converts a const pointer to a non-const pointer,
the annotation got lost, which gcc now warns about.

This patch avoids the warning by introducing an additional helper
that has const input and output, which makes the lsm_audit code build
cleanly again.

Signed-off-by: Arnd Bergmann <a...@arndb.de>
---
I'm not entirely happy with this workaround myself, but could not come
up with a better one.

diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index cb1b9bbda332..1871b6436ee9 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -69,6 +69,11 @@ static inline struct unix_sock *unix_sk(struct sock *sk)
return (struct unix_sock *)sk;
 }
 
+static inline const struct unix_sock *unix_sk_const(const struct sock *sk)
+{
+   return (const struct unix_sock *)sk;
+}
+
 #define peer_wait peer_wq.wait
 
 long unix_inq_len(struct sock *sk);
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 2deace208db2..cb07f1318a27 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -307,7 +307,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
case LSM_AUDIT_DATA_NET:
if (a->u.net->sk) {
const struct sock *sk = a->u.net->sk;
-   struct unix_sock *u;
+   const struct unix_sock *u;
int len = 0;
char *p = NULL;
 
@@ -337,7 +337,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
}
 #endif
case AF_UNIX:
-   u = unix_sk(sk);
+   u = unix_sk_const(sk);
if (u->path.dentry) {
audit_log_d_path(ab, " path=", 
>path);
break;

--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html