Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.4.68 2019-09-28T02:37:27Z 2019-09-28T02:37:27Z Linus Torvalds torvalds@linux-foundation.org 2019-09-28T02:37:27Z urn:sha1:f1f2f614d535564992f32e720739cb53cf03489f Pull integrity updates from Mimi Zohar: "The major feature in this time is IMA support for measuring and appraising appended file signatures. In addition are a couple of bug fixes and code cleanup to use struct_size(). In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image may be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. Similarly, the initramfs may contain an appended signature. This contained a lot of refactoring of the existing appended signature verification code, so that IMA could retain the existing framework of calculating the file hash once, storing it in the IMA measurement list and extending the TPM, verifying the file's integrity based on a file hash or signature (eg. xattrs), and adding an audit record containing the file hash, all based on policy. (The IMA support for appended signatures patch set was posted and reviewed 11 times.) The support for appended signature paves the way for adding other signature verification methods, such as fs-verity, based on a single system-wide policy. The file hash used for verifying the signature and the signature, itself, can be included in the IMA measurement list" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: ima_api: Use struct_size() in kzalloc() ima: use struct_size() in kzalloc() sefltest/ima: support appended signatures (modsig) ima: Fix use after free in ima_read_modsig() MODSIGN: make new include file self contained ima: fix freeing ongoing ahash_request ima: always return negative code for error ima: Store the measurement again when appraising a modsig ima: Define ima-modsig template ima: Collect modsig ima: Implement support for module-style appended signatures ima: Factor xattr_verify() out of ima_appraise_measurement() ima: Add modsig appraise_type option for module-style appended signatures integrity: Select CONFIG_KEYS instead of depending on it PKCS#7: Introduce pkcs7_get_digest() PKCS#7: Refactor verify_pkcs7_signature() MODSIGN: Export module signature definitions ima: initialize the "template" field with the default template 2019-09-22T18:15:14Z Linus Torvalds torvalds@linux-foundation.org 2019-09-22T18:15:14Z urn:sha1:3e4d890a26d5411d0b64e5e8ecfdcdb435c1d3f8 It's an unusual configuration, and was apparently never tested, and not caught in linux-next because of a combination of travels and it making it into the tree too late. The fix is to simply move the #define to outside the CONFIG_MODULE section, since MODULE_INFO() will do the right thing. Cc: Martijn Coenen <maco@android.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Matthias Maennich <maennich@google.com> Cc: Jessica Yu <jeyu@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-09-10T08:30:17Z Matthias Maennich maennich@google.com 2019-09-06T10:32:27Z urn:sha1:8651ec01daedad26290f76beeb4736f9d2da4b87 The EXPORT_SYMBOL_NS() and EXPORT_SYMBOL_NS_GPL() macros can be used to export a symbol to a specific namespace. There are no _GPL_FUTURE and _UNUSED variants because these are currently unused, and I'm not sure they are necessary. I didn't add EXPORT_SYMBOL_NS() for ASM exports; this patch sets the namespace of ASM exports to NULL by default. In case of relative references, it will be relocatable to NULL. If there's a need, this should be pretty easy to add. A module that wants to use a symbol exported to a namespace must add a MODULE_IMPORT_NS() statement to their module code; otherwise, modpost will complain when building the module, and the kernel module loader will emit an error and fail when loading the module. MODULE_IMPORT_NS() adds a modinfo tag 'import_ns' to the module. That tag can be observed by the modinfo command, modpost and kernel/module.c at the time of loading the module. The ELF symbols are renamed to include the namespace with an asm label; for example, symbol 'usb_stor_suspend' in namespace USB_STORAGE becomes 'usb_stor_suspend.USB_STORAGE'. This allows modpost to do namespace checking, without having to go through all the effort of parsing ELF and relocation records just to get to the struct kernel_symbols. On x86_64 I saw no difference in binary size (compression), but at runtime this will require a word of memory per export to hold the namespace. An alternative could be to store namespaced symbols in their own section and use a separate 'struct namespaced_kernel_symbol' for that section, at the cost of making the module loader more complex. Co-developed-by: Martijn Coenen <maco@android.com> Signed-off-by: Martijn Coenen <maco@android.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Matthias Maennich <maennich@google.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> 2019-08-05T22:39:56Z Thiago Jung Bauermann bauerman@linux.ibm.com 2019-07-04T18:57:34Z urn:sha1:c8424e776b093280d3fdd104d850706b3b229ac8 IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. s390 duplicated the definition of struct module_signature so now they can use the new <linux/module_signature.h> header instead. Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Acked-by: Jessica Yu <jeyu@kernel.org> Reviewed-by: Philipp Rudo <prudo@linux.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 2019-05-28T16:03:35Z Paul E. McKenney paulmck@linux.ibm.com 2019-04-05T23:15:00Z urn:sha1:fe15b50cdeeebd9248bf27e3c31278668f08bc04 Adding DEFINE_SRCU() or DEFINE_STATIC_SRCU() to a loadable module requires that the size of the reserved region be increased, which is not something we want to be doing all that often. One approach would be to require that loadable modules define an srcu_struct and invoke init_srcu_struct() from their module_init function and cleanup_srcu_struct() from their module_exit function. However, this is more than a bit user unfriendly. This commit therefore creates an ___srcu_struct_ptrs linker section, and pointers to srcu_struct structures created by DEFINE_SRCU() and DEFINE_STATIC_SRCU() within a module are placed into that module's ___srcu_struct_ptrs section. The required init_srcu_struct() and cleanup_srcu_struct() functions are then automatically invoked as needed when that module is loaded and unloaded, thus allowing modules to continue to use DEFINE_SRCU() and DEFINE_STATIC_SRCU() while avoiding the need to increase the size of the reserved region. Many of the algorithms and some of the code was cheerfully cherry-picked from other code making use of linker sections, perhaps most notably from tracepoints. All bugs are nevertheless the sole property of the author. Suggested-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> [ paulmck: Use __section() and use "default" in srcu_module_notify()'s "switch" statement as suggested by Joel Fernandes. ] Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com> Tested-by: Joel Fernandes (Google) <joel@joelfernandes.org> 2019-05-14T17:55:54Z Linus Torvalds torvalds@linux-foundation.org 2019-05-14T17:55:54Z urn:sha1:280664f558c9d973315d48f125eb664cc607d089 Pull modules updates from Jessica Yu: - Use a separate table to store symbol types instead of hijacking fields in struct Elf_Sym - Trivial code cleanups * tag 'modules-for-v5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: add stubs for within_module functions kallsyms: store type information in its own array vmlinux.lds.h: drop unused __vermagic 2019-05-09T19:54:40Z Linus Torvalds torvalds@linux-foundation.org 2019-05-09T19:54:40Z urn:sha1:7664cd6e3a0b2709f04c07435e96c7c85e7d7324 Pull intgrity updates from James Morris: "This contains just three patches, the remainder were either included in other pull requests (eg. audit, lockdown) or will be upstreamed via other subsystems (eg. kselftests, Power). Included here is one bug fix, one documentation update, and extending the x86 IMA arch policy rules to coordinate the different kernel module signature verification methods" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: doc/kernel-parameters.txt: Deprecate ima_appraise_tcb x86/ima: add missing include x86/ima: require signed kernel modules 2019-05-08T19:25:12Z Linus Torvalds torvalds@linux-foundation.org 2019-05-08T19:25:12Z urn:sha1:2646719a48c21ba0cae82a3f57382a9573fd8400 Pull Kbuild updates from Masahiro Yamada: - allow users to invoke 'make' out of the source tree - refactor scripts/mkmakefile - deprecate KBUILD_SRC, which was used to track the source tree location for O= build. - fix recordmcount.pl in case objdump output is localized - turn unresolved symbols in external modules to errors from warnings by default; pass KBUILD_MODPOST_WARN=1 to get them back to warnings - generate modules.builtin.modinfo to collect .modinfo data from built-in modules - misc Makefile cleanups * tag 'kbuild-v5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (21 commits) .gitignore: add more all*.config patterns moduleparam: Save information about built-in modules in separate file Remove MODULE_ALIAS() calls that take undefined macro .gitignore: add leading and trailing slashes to generated directories scripts/tags.sh: fix direct execution of scripts/tags.sh scripts: override locale from environment when running recordmcount.pl samples: kobject: allow CONFIG_SAMPLE_KOBJECT to become y samples: seccomp: turn CONFIG_SAMPLE_SECCOMP into a bool option kbuild: move Documentation to vmlinux-alldirs kbuild: move samples/ to KBUILD_VMLINUX_OBJS modpost: make KBUILD_MODPOST_WARN also configurable for external modules kbuild: check arch/$(SRCARCH)/include/generated before out-of-tree build kbuild: remove unneeded dependency for include/config/kernel.release memory: squash drivers/memory/Makefile.asm-offsets kbuild: use $(srctree) instead of KBUILD_SRC to check out-of-tree build kbuild: mkmakefile: generate a simple wrapper of top Makefile kbuild: mkmakefile: do not check the generated Makefile marker kbuild: allow Kbuild to start from any directory kbuild: pass $(MAKECMDGOALS) to sub-make as is kbuild: fix warning "overriding recipe for target 'Makefile'" ... 2019-05-07T12:50:24Z Alexey Gladkov gladkov.alexey@gmail.com 2019-04-29T16:11:14Z urn:sha1:898490c010b5d2e499e03b7e815fc214209ac583 Problem: When a kernel module is compiled as a separate module, some important information about the kernel module is available via .modinfo section of the module. In contrast, when the kernel module is compiled into the kernel, that information is not available. Information about built-in modules is necessary in the following cases: 1. When it is necessary to find out what additional parameters can be passed to the kernel at boot time. 2. When you need to know which module names and their aliases are in the kernel. This is very useful for creating an initrd image. Proposal: The proposed patch does not remove .modinfo section with module information from the vmlinux at the build time and saves it into a separate file after kernel linking. So, the kernel does not increase in size and no additional information remains in it. Information is stored in the same format as in the separate modules (null-terminated string array). Because the .modinfo section is already exported with a separate modules, we are not creating a new API. It can be easily read in the userspace: $ tr '\0' '\n' < modules.builtin.modinfo ext4.softdep=pre: crc32c ext4.license=GPL ext4.description=Fourth Extended Filesystem ext4.author=Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others ext4.alias=fs-ext4 ext4.alias=ext3 ext4.alias=fs-ext3 ext4.alias=ext2 ext4.alias=fs-ext2 md_mod.alias=block-major-9-* md_mod.alias=md md_mod.description=MD RAID framework md_mod.license=GPL md_mod.parmtype=create_on_open:bool md_mod.parmtype=start_dirty_degraded:int ... Co-Developed-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org> Signed-off-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org> Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com> Acked-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 2019-05-02T14:32:29Z Tri Vo trong@android.com 2019-04-15T18:18:33Z urn:sha1:dadec066d8fa7da227f623f632ea114690fecaf8 Provide stubs for within_module_core(), within_module_init(), and within_module() to prevent build errors when !CONFIG_MODULES. Suggested-by: Matthew Wilcox <willy@infradead.org> Reported-by: Randy Dunlap <rdunlap@infradead.org> Reported-by: kbuild test robot <lkp@intel.com> Link: https://marc.info/?l=linux-mm&m=155384681109231&w=2 Signed-off-by: Tri Vo <trong@android.com> Signed-off-by: Jessica Yu <jeyu@kernel.org>