intel-kernel/security/integrity/evm · openEuler/intel-kernel - AtomGit

Ssanglipengevm: Complete description of evm_inode_setattr()

5a7f3ade创建于 2023年12月1日历史提交

文件	最后提交记录	最后更新时间
Kconfig	evm: Propagate choice of HMAC algorithm in evm_crypto.c hulk inclusion category: feature feature: IMA Digest Lists extension bugzilla: 46797 ------------------------------------------------- Commit 5feeb61183dd ("evm: Allow non-SHA1 digital signatures") introduced the possibility to use different hash algorithm for signatures, but kept the algorithm for the HMAC hard-coded (SHA1). Switching to a different algorithm for HMAC would require to change the code in different places. This patch introduces a new global variable called evm_hash_algo, and consistently uses it whenever EVM perform HMAC-related operations. It also introduces a new kernel configuration option called CONFIG_EVM_DEFAULT_HASH so that evm_hash_algo can be defined at kernel compilation time. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Acked-by: Hanjun Guo <guohanjun@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Tianxing Zhang <zhangtianxing3@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>	5 年前
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	6 年前
evm.h	ima: Add macros to isolate the IMA digest list euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7YT6U -------------------------------- Isolate the IMA digest list code by using macros. changelog v2: Exclude some macros for code that has already been merged into upstream kernel v3: add patch header and fix some simple code warnings v4: merge some duplicate code and add macro comments v5: format the code and update the issue number v6: merge duplicate code instead of isolating the entire function Signed-off-by: Zhou Shuiqing <zhoushuiqing2@huawei.com>	2 年前
evm_crypto.c	ima: fix the undefined value during the build euleros inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7ZBVQ CVE: NA -------------------------------- fix the undefined value during the build. Signed-off-by: Zhou Shuiqing <zhoushuiqing2@huawei.com>	2 年前
evm_main.c	evm: Complete description of evm_inode_setattr() stable inclusion from stable-v5.10.188 commit 16ec59c03ad258b716374946a6b1530921d0faf3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8KYFP Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=16ec59c03ad258b716374946a6b1530921d0faf3 -------------------------------- [ Upstream commit b1de86d4248b273cb12c4cd7d20c08d459519f7d ] Add the description for missing parameters of evm_inode_setattr() to avoid the warning arising with W=n compile option. Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") # v3.2+ Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") # v6.3+ Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: sanglipeng <sanglipeng1@jd.com>	2 年前
evm_posix_acl.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	6 年前
evm_secfs.c	evm: fix writing <securityfs>/evm overflow stable inclusion from stable-5.10.50 commit 912d16a2d730b98b8c9099a2d934dfc691a0a9c2 bugzilla: 174522 https://gitee.com/openeuler/kernel/issues/I4DNFY Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=912d16a2d730b98b8c9099a2d934dfc691a0a9c2 -------------------------------- [ Upstream commit 49219d9b8785ba712575c40e48ce0f7461254626 ] EVM_SETUP_COMPLETE is defined as 0x80000000, which is larger than INT_MAX. The "-fno-strict-overflow" compiler option properly prevents signaling EVM that the EVM policy setup is complete. Define and read an unsigned int. Fixes: f00d79750712 ("EVM: Allow userspace to signal an RSA key has been loaded") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Chen Jun <chenjun102@huawei.com> Acked-by: Weilong Chen <chenweilong@huawei.com> Signed-off-by: Chen Jun <chenjun102@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>	4 年前