Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

Michael Ellerman <m...@ellerman.id.au> writes: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > >> This test exercises read and write access to the AMR, IAMR and UAMOR. >> >> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.

Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

Michael Ellerman writes: > Thiago Jung Bauermann writes: > >> This test exercises read and write access to the AMR, IAMR and UAMOR. >> >> Signed-off-by: Thiago Jung Bauermann >> --- >> tools/testing/selftests/powerpc/include/reg.h | 1 + >&g

[PATCH v2 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

This test exercises read and write access to the AMR, IAMR and UAMOR. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- tools/testing/selftests/powerpc/include/reg.h | 1 + tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/

[PATCH v2 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

This test exercises read and write access to the AMR, IAMR and UAMOR. Signed-off-by: Thiago Jung Bauermann --- tools/testing/selftests/powerpc/include/reg.h | 1 + tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/child.h | 139

[PATCH v2 2/2] selftests/powerpc: Add core file test for Protection Key registers

This test verifies that the AMR, IAMR and UAMOR are being written to a process' core file. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/core-pkey.c

[PATCH v2 2/2] selftests/powerpc: Add core file test for Protection Key registers

This test verifies that the AMR, IAMR and UAMOR are being written to a process' core file. Signed-off-by: Thiago Jung Bauermann --- tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/core-pkey.c | 461 + 2 files changed, 465

[PATCH v7 01/14] MODSIGN: Export module signature definitions

() without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Jessica Yu <j...@kernel.org> --- include/linux/module.h | 3 -- include/linux/modul

[PATCH v7 01/14] MODSIGN: Export module signature definitions

() without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: Jessica Yu --- include/linux/module.h | 3 -- include/linux/module_signature.h | 44 +++ init/Kconfig | 6 +++- kernel/Makefile

[PATCH v7 04/14] integrity: Introduce struct evm_xattr

ost places the array doesn't hold a digest. A separate struct evm_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/

[PATCH v7 04/14] integrity: Introduce struct evm_xattr

ost places the array doesn't hold a digest. A separate struct evm_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann --- security/integrity/evm/evm_crypto.c | 4 ++--

[PATCH v7 10/14] ima: Add modsig appraise_type option for module-style appended signatures

egrity/ima/ima_modsig.c new file mode 100644 index ..d8ea811b6f74 --- /dev/null +++ b/security/integrity/ima/ima_modsig.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * IMA support for appraising module-style appended signatures. + * + * Copyright (C) 2018 IBM Corporatio

[PATCH v7 10/14] ima: Add modsig appraise_type option for module-style appended signatures

a signature stored in the extended attribute or an appended signature. For now, the rule above will behave exactly the same as if appraise_type=imasig was specified. The actual modsig implementation will be introduced separately. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann

[PATCH v7 13/14] ima: Write modsig to the measurement list

Add modsig support to the "sig" template field, allowing the the contents of the modsig to be included in the measurement list. Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/ima/i

[PATCH v7 13/14] ima: Write modsig to the measurement list

Add modsig support to the "sig" template field, allowing the the contents of the modsig to be included in the measurement list. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h | 7 +++ security/integrity/ima/im

[PATCH v7 14/14] ima: Store the measurement again when appraising a modsig

with the modsig. This is done by defining the appraise subaction flag IMA_READ_MEASURE and testing for it in process_measurement(). Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/ima/ima.h

[PATCH v7 14/14] ima: Store the measurement again when appraising a modsig

with the modsig. This is done by defining the appraise subaction flag IMA_READ_MEASURE and testing for it in process_measurement(). Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_api.c | 8

[PATCH v7 11/14] ima: Implement support for module-style appended signatures

-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/ima/Kconfig| 3 + security/integrity/ima/ima.h | 36 - security/integrity/ima/ima_appraise.c | 64 +-- security/integrity/ima/ima_main.c | 17 +++- security/integri

[PATCH v7 11/14] ima: Implement support for module-style appended signatures

-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig| 3 + security/integrity/ima/ima.h | 36 - security/integrity/ima/ima_appraise.c | 64 +-- security/integrity/ima/ima_main.c | 17 +++- security/integrity/ima/ima_modsig.c | 145

[PATCH v7 12/14] ima: Add new "d-sig" template field

Define new "d-sig" template field which holds the digest that is expected to match the one contained in the modsig. Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- Documentation/security/IMA-templates.rst

[PATCH v7 12/14] ima: Add new "d-sig" template field

Define new "d-sig" template field which holds the digest that is expected to match the one contained in the modsig. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann --- Documentation/security/IMA-templates.rst | 5 + security/integrity/ima/ima.h

[PATCH v7 09/14] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff

[PATCH v7 09/14] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima

[PATCH v7 07/14] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in soon-to-be-introduced CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann <ba

[PATCH v7 05/14] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/digs

[PATCH v7 08/14] ima: Introduce is_signed()

ed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> --- security/integrity/ima/ima.h | 5 + security/integrity/ima/ima_appraise.c | 7 +++ security/integrity/ima/ima_template_lib.c | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/security/integrity

[PATCH v7 06/14] integrity: Introduce asymmetric_sig_has_known_key()

function. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/digsig_asymmetric.c | 44 +- security/integrity/integrity.h | 8 +++ 2 files changed, 41 inser

[PATCH v7 07/14] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in soon-to-be-introduced CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi

[PATCH v7 05/14] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar --- security/integrity/digsig.c| 28 +--- security/integrity

[PATCH v7 08/14] ima: Introduce is_signed()

With the introduction of another IMA signature type (modsig), some places will need to check for both of them. It is cleaner to do that if there's a helper function to tell whether an xattr_value represents an IMA signature. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann

[PATCH v7 06/14] integrity: Introduce asymmetric_sig_has_known_key()

function. Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar --- security/integrity/digsig_asymmetric.c | 44 +- security/integrity/integrity.h | 8 +++ 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/security/integrity

[PATCH v7 02/14] PKCS#7: Refactor verify_pkcs7_signature() and add pkcs7_get_message_sig()

message, so add pkcs7_get_message_sig(). Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: David Howells <dhowe...@redhat.com> Cc: David Woodhouse <dw...@infradead.org> Cc: Herbert Xu <herb...@gondor

[PATCH v7 03/14] PKCS#7: Introduce pkcs7_get_digest()

. Verifying that sinfo->sig->digest isn't NULL is sufficient because both places which allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info()) use kzalloc() so sig->digest is always initialized to zero. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com> Revie

[PATCH v7 02/14] PKCS#7: Refactor verify_pkcs7_signature() and add pkcs7_get_message_sig()

message, so add pkcs7_get_message_sig(). Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: David Howells Cc: David Woodhouse Cc: Herbert Xu Cc: "David S. Miller" --- certs/system_keyring.c| 61 ++- crypto/asymm

[PATCH v7 03/14] PKCS#7: Introduce pkcs7_get_digest()

. Verifying that sinfo->sig->digest isn't NULL is sufficient because both places which allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info()) use kzalloc() so sig->digest is always initialized to zero. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: David

[PATCH v7 00/14] Appended signatures support for IMA appraisal

t;ima: Write modsig to the measurement list" - Since now we determine whether we'll use an xattr sig or a modsig at the time they are read, there's no need to store a measurement again in the modsig case. Thus, this patch doesn't need to change ima_store_measurement() nor proces

[PATCH v7 00/14] Appended signatures support for IMA appraisal

t;ima: Write modsig to the measurement list" - Since now we determine whether we'll use an xattr sig or a modsig at the time they are read, there's no need to store a measurement again in the modsig case. Thus, this patch doesn't need to change ima_store_measurement() nor proces

Re: [PATCH v2] powerpc, pkey: make protection key 0 less special

Ram Pai <linux...@us.ibm.com> writes: > On Wed, Apr 04, 2018 at 06:41:01PM -0300, Thiago Jung Bauermann wrote: >> >> Hello Ram, >> >> Ram Pai <linux...@us.ibm.com> writes: >> >> > Applications need the ability to associate an address-ran

Re: [PATCH v2] powerpc, pkey: make protection key 0 less special

Ram Pai writes: > On Wed, Apr 04, 2018 at 06:41:01PM -0300, Thiago Jung Bauermann wrote: >> >> Hello Ram, >> >> Ram Pai writes: >> >> > Applications need the ability to associate an address-range with some >> > key and latter re

Re: [PATCH v2] powerpc, pkey: make protection key 0 less special

pkey_iamr_mask &= ~(0x1ul << pkeyshift(i)); > @@ -145,7 +147,9 @@ void pkey_mm_init(struct mm_struct *mm) > { > if (static_branch_likely(_disabled)) > return; > - mm_pkey_allocation_map(mm) = initial_allocation_mask; > + > + /* allocate key-0

Re: [PATCH v2] powerpc, pkey: make protection key 0 less special

turn; > - mm_pkey_allocation_map(mm) = initial_allocation_mask; > + > + /* allocate key-0 by default */ > + mm_pkey_allocation_map(mm) = initial_allocation_mask | 0x1; > /* -1 means unallocated or invalid */ > mm->context.execute_only_pkey = -1; > } I think we should also set the AMOR and UAMOR bits for key 0. Otherwise, key 0 will be in allocated-but-not-enabled state which is yet another subtle way in which it will be special. Also, pkey_access_permitted() has a special case for key 0. Should it? -- Thiago Jung Bauermann IBM Linux Technology Center

[PATCH] powerpc: kexec_file: Fix error code when trying to load kdump kernel

not supported Fixes: a0458284f062 ("powerpc: Add support code for kexec_file_load()") Reported-by: Dave Young <dyo...@redhat.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/kernel/machine_kexec_file_64.c | 2 +- 1 file changed, 1 in

[PATCH] powerpc: kexec_file: Fix error code when trying to load kdump kernel

not supported Fixes: a0458284f062 ("powerpc: Add support code for kexec_file_load()") Reported-by: Dave Young Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/kernel/machine_kexec_file_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) This is a minor issue, but since it'

Re: [PATCH v12 07/22] selftests/vm: fixed bugs in pkey_disable_clear()

Dave Hansen <dave.han...@intel.com> writes: > On 03/28/2018 01:47 PM, Thiago Jung Bauermann wrote: >>>>if (flags) >>>> - assert(rdpkey_reg() > orig_pkey_reg); >>>> + assert(rdpkey_reg() < orig_pkey_reg); >>>>

Re: [PATCH v12 07/22] selftests/vm: fixed bugs in pkey_disable_clear()

Dave Hansen writes: > On 03/28/2018 01:47 PM, Thiago Jung Bauermann wrote: >>>>if (flags) >>>> - assert(rdpkey_reg() > orig_pkey_reg); >>>> + assert(rdpkey_reg() < orig_pkey_reg); >>>> } >>>> >>

Re: [PATCH v12 07/22] selftests/vm: fixed bugs in pkey_disable_clear()

t; +assert(rdpkey_reg() < orig_pkey_reg); >> } >> >> void pkey_write_allow(int pkey) > > This seems so horribly wrong that I wonder how it worked in the first > place. Any idea? The code simply wasn't used. pkey_disable_clear() is called by pkey_write_allow() and pkey_access_allow(), but before this patch series nothing called either of these functions. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v12 07/22] selftests/vm: fixed bugs in pkey_disable_clear()

dpkey_reg() < orig_pkey_reg); >> } >> >> void pkey_write_allow(int pkey) > > This seems so horribly wrong that I wonder how it worked in the first > place. Any idea? The code simply wasn't used. pkey_disable_clear() is called by pkey_write_allow() and pkey_access_allow(), but before this patch series nothing called either of these functions. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

Ram Pai <linux...@us.ibm.com> writes: > On Fri, Feb 23, 2018 at 03:33:43PM -0300, Thiago Jung Bauermann wrote: >> This test exercises read and write access to the AMR, IAMR and UAMOR. >> > > Tested-by: Ram Pai <linux...@us.ibm.com> > Acked-by: Ram

Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

Ram Pai writes: > On Fri, Feb 23, 2018 at 03:33:43PM -0300, Thiago Jung Bauermann wrote: >> This test exercises read and write access to the AMR, IAMR and UAMOR. >> > > Tested-by: Ram Pai > Acked-by: Ram Pai Ping? Can this and patch 2/2 go in v4.17? >> Signed

Re: [PATCH v12 04/22] selftests/vm: typecast the pkey register

dprintf4("read_pkey_reg(line=%d) pkey_reg: %016lx shadow: %016lx\n", + dprintf4("read_pkey_reg(line=%d) pkey_reg: "PKEY_REG_FMT + " shadow: "PKEY_REG_FMT"\n", line, pkey_reg, shadow_pkey_reg); assert(pkey_reg == shadow_pkey_reg); -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v12 04/22] selftests/vm: typecast the pkey register

ead_pkey_reg(line=%d) pkey_reg: %016lx shadow: %016lx\n", + dprintf4("read_pkey_reg(line=%d) pkey_reg: "PKEY_REG_FMT + " shadow: "PKEY_REG_FMT"\n", line, pkey_reg, shadow_pkey_reg); assert(pkey_reg == shadow_pkey_reg); -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v6 00/12] Appended signatures support for IMA appraisal

Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > Now the modsig is only ignored if it references a signature that is not > present in IMA's keyring (or if there's a parsing error, obviously). If the The above should read "Now the modsig is only ignored if it

Re: [PATCH v6 00/12] Appended signatures support for IMA appraisal

Thiago Jung Bauermann writes: > Now the modsig is only ignored if it references a signature that is not > present in IMA's keyring (or if there's a parsing error, obviously). If the The above should read "Now the modsig is only ignored if it references a *key* that is not prese

[PATCH v6 10/12] ima: Add functions to read and verify a modsig signature

This is the code needed by IMA-appraise to work with modsig signatures. It will be used by the next two patches. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/ima/Kconfig | 3 + security/integrity/ima/ima.h| 41 se

[PATCH v6 10/12] ima: Add functions to read and verify a modsig signature

This is the code needed by IMA-appraise to work with modsig signatures. It will be used by the next two patches. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig | 3 + security/integrity/ima/ima.h| 41 security/integrity/ima/ima_modsig.c | 181

[PATCH v6 00/12] Appended signatures support for IMA appraisal

n fails. - Pass NULL xattr_value to evm_verifyxattr even in the case of xattr signature in ima_appraise_measurement (suggested by Mimi Zohar). - Use switch statement provided by Mimi Zohar to check result of evm_verifyxattr. - If the modsig verification succeeds, copy the hash calculated during

[PATCH v6 00/12] Appended signatures support for IMA appraisal

n fails. - Pass NULL xattr_value to evm_verifyxattr even in the case of xattr signature in ima_appraise_measurement (suggested by Mimi Zohar). - Use switch statement provided by Mimi Zohar to check result of evm_verifyxattr. - If the modsig verification succeeds, copy the hash calculated during

[PATCH v6 03/12] PKCS#7: Introduce pkcs7_get_digest()

. Verifying that sinfo->sig->digest isn't NULL is sufficient because both places which allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info()) use kzalloc() so sig->digest is always initialized to zero. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>

[PATCH v6 03/12] PKCS#7: Introduce pkcs7_get_digest()

. Verifying that sinfo->sig->digest isn't NULL is sufficient because both places which allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info()) use kzalloc() so sig->digest is always initialized to zero. Signed-off-by: Thiago Jung Bauermann Cc: David Howells Cc: Herbert Xu

[PATCH v6 07/12] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v6 07/12] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v6 05/12] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/digsig.c| 28 +--- security/int

[PATCH v6 05/12] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +--- security/integrity/integrity.h | 6 ++ 2 files

[PATCH v6 09/12] ima: Add modsig appraise_type option for module-style appended signatures

com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- Documentation/ABI/testing/ima_policy | 6 +- security/integrity/ima/Kconfig | 10 ++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 9 + security/i

[PATCH v6 09/12] ima: Add modsig appraise_type option for module-style appended signatures

ew file mode 100644 index ..d8ea811b6f74 --- /dev/null +++ b/security/integrity/ima/ima_modsig.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * IMA support for appraising module-style appended signatures. + * + * Copyright (C) 2018 IBM Corporation + * + * Author: + * Thiago J

[PATCH v6 06/12] integrity: Introduce asymmetric_sig_has_known_key()

function. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/digsig_asymmetric.c | 44 +- security/integrity/integrity.h | 8 +++ 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/security/int

[PATCH v6 06/12] integrity: Introduce asymmetric_sig_has_known_key()

function. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig_asymmetric.c | 44 +- security/integrity/integrity.h | 8 +++ 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security

[PATCH v6 11/12] ima: Implement support for module-style appended signatures

signature. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 11 +++- security/integrity/ima/ima_appraise.c | 53 +++ security/integrity/ima/ima_main.c | 21 +++--- 3 files chang

[PATCH v6 11/12] ima: Implement support for module-style appended signatures

signature. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h | 11 +++- security/integrity/ima/ima_appraise.c | 53 +++ security/integrity/ima/ima_main.c | 21 +++--- 3 files changed, 74 insertions(+), 11 deletions

[PATCH v6 12/12] ima: Write modsig to the measurement list

d-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- Documentation/security/IMA-templates.rst | 5 security/integrity/ima/ima_template.c | 4 ++- security/integrity/ima/ima_template_lib.c | 47 +++

[PATCH v6 12/12] ima: Write modsig to the measurement list

igned-off-by: Thiago Jung Bauermann --- Documentation/security/IMA-templates.rst | 5 security/integrity/ima/ima_template.c | 4 ++- security/integrity/ima/ima_template_lib.c | 47 +-- security/integrity/ima/ima_template_lib.h | 2 ++ 4 files changed,

[PATCH v6 08/12] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-)

[PATCH v6 08/12] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima

[PATCH v6 02/12] PKCS#7: Introduce pkcs7_get_message_sig() and verify_pkcs7_message_sig()

that verify_pkcs7_signature() takes. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Cc: David Howells <dhowe...@redhat.com> Cc: David Woodhouse <dw...@infradead.org> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davem

[PATCH v6 04/12] ima: Introduce is_ima_sig()

ed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 5 + security/integrity/ima/ima_appraise.c | 7 +++ security/integrity/ima/ima_template_lib.c | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/security/i

[PATCH v6 04/12] ima: Introduce is_ima_sig()

With the introduction of another IMA signature type (modsig), some places will need to check for both of them. It is cleaner to do that if there's a helper function to tell whether an xattr_value represents an IMA signature. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann

[PATCH v6 02/12] PKCS#7: Introduce pkcs7_get_message_sig() and verify_pkcs7_message_sig()

that verify_pkcs7_signature() takes. Signed-off-by: Thiago Jung Bauermann Cc: David Howells Cc: David Woodhouse Cc: Herbert Xu Cc: "David S. Miller" --- certs/system_keyring.c| 61 ++- crypto/asymmetric_keys/pkcs7_parser.c | 16 + incl

[PATCH v6 01/12] MODSIGN: Export module signature definitions

() without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Jessica Yu <j...@kernel.org> --- include/linux/module.h | 3 -- include/linux/modul

[PATCH v6 01/12] MODSIGN: Export module signature definitions

() without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: Jessica Yu --- include/linux/module.h | 3 -- include/linux/module_signature.h | 44 +++ init/Kconfig | 6 +++- kernel/Makefile

Re: [PATCH 3/4] ima: Improvements in ima_appraise_measurement()

Mimi Zohar <zo...@linux.vnet.ibm.com> writes: > On Wed, 2018-03-14 at 21:03 -0300, Thiago Jung Bauermann wrote: >> Hello Serge, >> >> Thanks for quickly reviewing these patches! >> >> Serge E. Hallyn <se...@hallyn.com> writes: >> >> >

Re: [PATCH 3/4] ima: Improvements in ima_appraise_measurement()

Mimi Zohar writes: > On Wed, 2018-03-14 at 21:03 -0300, Thiago Jung Bauermann wrote: >> Hello Serge, >> >> Thanks for quickly reviewing these patches! >> >> Serge E. Hallyn writes: >> >> > Quoting Thiago Jung Bauermann (bauer...@linux.vnet.ib

Re: [PATCH] powerpc: Use common error handling code in setup_new_fdt()

Joe Perches <j...@perches.com> writes: > On Thu, 2018-03-15 at 14:57 +0300, Dan Carpenter wrote: >> On Wed, Mar 14, 2018 at 06:22:07PM -0300, Thiago Jung Bauermann wrote: >> > >> > SF Markus Elfring <elfr...@users.sourceforge.net> writes:

Re: [PATCH] powerpc: Use common error handling code in setup_new_fdt()

Joe Perches writes: > On Thu, 2018-03-15 at 14:57 +0300, Dan Carpenter wrote: >> On Wed, Mar 14, 2018 at 06:22:07PM -0300, Thiago Jung Bauermann wrote: >> > >> > SF Markus Elfring writes: >> > >> > > From: Markus Elfring >> > > Dat

Re: [PATCH 3/4] ima: Improvements in ima_appraise_measurement()

Hello Serge, Thanks for quickly reviewing these patches! Serge E. Hallyn <se...@hallyn.com> writes: > Quoting Thiago Jung Bauermann (bauer...@linux.vnet.ibm.com): >> From: Mimi Zohar <zo...@linux.vnet.ibm.com> >> @@ -241,16 +241,20 @@ int ima_appraise_meas

Re: [PATCH 3/4] ima: Improvements in ima_appraise_measurement()

Hello Serge, Thanks for quickly reviewing these patches! Serge E. Hallyn writes: > Quoting Thiago Jung Bauermann (bauer...@linux.vnet.ibm.com): >> From: Mimi Zohar >> @@ -241,16 +241,20 @@ int ima_appraise_measurement(enum ima_hooks func, >> } >> >&

Re: [PATCH] powerpc: Use common error handling code in setup_new_fdt()

> > This issue was detected by using the Coccinelle software. > > Signed-off-by: Markus Elfring <elfr...@users.sourceforge.net> > --- > arch/powerpc/kernel/machine_kexec_file_64.c | 28 > 1 file changed, 12 insertions(+), 16 deletions(-) I liked

Re: [PATCH] powerpc: Use common error handling code in setup_new_fdt()

gned-off-by: Markus Elfring > --- > arch/powerpc/kernel/machine_kexec_file_64.c | 28 > 1 file changed, 12 insertions(+), 16 deletions(-) I liked it. Thanks! Reviewed-by: Thiago Jung Bauermann -- Thiago Jung Bauermann IBM Linux Technology Center

[PATCH 2/4] ima: Simplify ima_eventsig_init()

The "goto out" statement doesn't have any purpose since there's no cleanup to be done when returning early, so remove it. This also makes the rc variable unnecessary so remove it as well. Also, the xattr_len and fmt variables are redundant so remove them as well. Signed-off-by: T

[PATCH 2/4] ima: Simplify ima_eventsig_init()

The "goto out" statement doesn't have any purpose since there's no cleanup to be done when returning early, so remove it. This also makes the rc variable unnecessary so remove it as well. Also, the xattr_len and fmt variables are redundant so remove them as well. Signed-off-by: T

[PATCH 3/4] ima: Improvements in ima_appraise_measurement()

ar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/ima/ima_appraise.c | 33 - 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/secu

[PATCH 1/4] integrity: Remove unused macro IMA_ACTION_RULE_FLAGS

This macro isn't used anymore since commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock"), so remove it. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/integrity.h | 1 - 1 file changed, 1 deletion(-) diff --git a/se

[PATCH 3/4] ima: Improvements in ima_appraise_measurement()

From: Mimi Zohar Replace nested ifs in the EVM xattr verification logic with a switch statement, making the code easier to understand. Also, add comments to the if statements in the out section and constify the cause variable. Signed-off-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann

[PATCH 1/4] integrity: Remove unused macro IMA_ACTION_RULE_FLAGS

This macro isn't used anymore since commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock"), so remove it. Signed-off-by: Thiago Jung Bauermann --- security/integrity/integrity.h | 1 - 1 file changed, 1 deletion(-) diff --git a/security/integrity/integrity.h b/security

[PATCH 4/4] integrity: Introduce struct evm_xattr

ata, since in most places the array doesn't hold a digest. A separate struct evm_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- securi

[PATCH 0/4] Code improvements in integrity and IMA

h "ima: Improvements in ima_appraise_measurement()" - Moved is_ima_sig() to its own patch (not in this series). Mimi Zohar (1): ima: Improvements in ima_appraise_measurement() Thiago Jung Bauermann (3): integrity: Remove unused macro IMA_ACTION_RULE_FLAGS ima: Simplify ima_eventsig_init() integri

[PATCH 4/4] integrity: Introduce struct evm_xattr

ata, since in most places the array doesn't hold a digest. A separate struct evm_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann --- security/integrity/evm/evm_crypt

[PATCH 0/4] Code improvements in integrity and IMA

h "ima: Improvements in ima_appraise_measurement()" - Moved is_ima_sig() to its own patch (not in this series). Mimi Zohar (1): ima: Improvements in ima_appraise_measurement() Thiago Jung Bauermann (3): integrity: Remove unused macro IMA_ACTION_RULE_FLAGS ima: Simplify ima_eventsig_init() integri

Re: [PATCH v2 2/7] kexec_file,x86,powerpc: factor out kexec_file_ops functions

Baoquan He <b...@redhat.com> >> Cc: Michael Ellerman <m...@ellerman.id.au> >> Cc: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> >> --- >> arch/powerpc/include/asm/kexec.h| 2 +- >> arch/powerpc/kernel/kexec_elf_64.c | 2

Re: [PATCH v2 2/7] kexec_file,x86,powerpc: factor out kexec_file_ops functions

gt; an architecture-defined kexec_file_ops array. So let's factor them out. >> >> Signed-off-by: AKASHI Takahiro >> Cc: Dave Young >> Cc: Vivek Goyal >> Cc: Baoquan He >> Cc: Michael Ellerman >> Cc: Thiago Jung Bauermann >> --- >> arch/powe

[PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

This test exercises read and write access to the AMR, IAMR and UAMOR. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- tools/testing/selftests/powerpc/include/reg.h | 1 + tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/p

[PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

This test exercises read and write access to the AMR, IAMR and UAMOR. Signed-off-by: Thiago Jung Bauermann --- tools/testing/selftests/powerpc/include/reg.h | 1 + tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- tools/testing/selftests/powerpc/ptrace/child.h | 130

<    1   2   3   4   5   6   7   8   9   10   >