system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-07-21 02:23:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/security/integrity
History
Roberto Sassu 06cca51107 integrity: Move integrity_kernel_module_request() to IMA 
In preparation for removing the 'integrity' LSM, move
integrity_kernel_module_request() to IMA, and rename it to
ima_kernel_module_request(). Rewrite the function documentation, to explain
better what the problem is.

Compile it conditionally if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled,
and call it from security.c (removed afterwards with the move of IMA to the
LSM infrastructure).

Adding this hook cannot be avoided, since IMA has no control on the flags
passed to crypto_alloc_sig() in public_key_verify_signature(), and thus
cannot pass CRYPTO_NOLOAD, which solved the problem for EVM hashing with
commit e2861fa716 ("evm: Don't deadlock if a crypto algorithm is
unavailable").

EVM alone does not need to implement this hook, first because there is no
mutex to deadlock, and second because even if it had it, there should be a
recursive call. However, since verification from EVM can be initiated only
by setting inode metadata, deadlock would occur if modprobe would do the
same while loading a kernel module (which is unlikely).

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 23:43:45 -05:00
..
evm evm: Align evm_inode_post_setxattr() definition with LSM infrastructure 2024-02-15 23:43:41 -05:00
ima integrity: Move integrity_kernel_module_request() to IMA 2024-02-15 23:43:45 -05:00
platform_certs Hi, 2023-08-29 08:05:18 -07:00
digsig.c integrity: check whether imputed trust is enabled 2023-08-17 20:12:35 +00:00
digsig_asymmetric.c integrity: Move integrity_kernel_module_request() to IMA 2024-02-15 23:43:45 -05:00
iint.c As usual, lots of singleton and doubleton patches all over the tree and 2023-11-02 20:53:31 -10:00
integrity.h ima: detect changes to the backing overlay file 2023-10-31 08:22:36 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
Kconfig integrity-v6.7 2023-11-02 06:53:22 -10:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00