From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] integrity subsystem fixes for v5.7
Date: Mon, 18 May 2020 11:49:31 -0400 [thread overview]
Message-ID: <1589816971.5111.113.camel@linux.ibm.com> (raw)
Hi Linus,
Here are a couple of miscellaneous bug fixes for the integrity
subsystem:
IMA:
- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently. Don't differentiate between "enforce" and either
"log" or "fix" modes how the policy is loaded.
EVM:
- (2 patches) Fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list.
Mimi
The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936:
Linux 5.7-rc2 (2020-04-19 14:35:30 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
for you to fetch changes up to 8433856947217ebb5697a8ff9c4c9cad4639a2cf:
evm: Fix a small race in init_desc() (2020-05-14 19:55:54 -0400)
----------------------------------------------------------------
Dan Carpenter (1):
evm: Fix a small race in init_desc()
Madhuparna Bhowmik (1):
evm: Fix RCU list related warnings
Roberto Sassu (3):
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Fix return value of ima_write_policy()
security/integrity/evm/evm_crypto.c | 46 ++++++++++++++++++-------------------
security/integrity/evm/evm_main.c | 4 ++--
security/integrity/evm/evm_secfs.c | 9 +++++++-
security/integrity/ima/ima_crypto.c | 12 +++++-----
security/integrity/ima/ima_fs.c | 3 +--
5 files changed, 40 insertions(+), 34 deletions(-)
next reply other threads:[~2020-05-18 15:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-18 15:49 Mimi Zohar [this message]
2020-05-18 17:47 ` [GIT PULL] integrity subsystem fixes for v5.7 Linus Torvalds
2020-05-18 17:58 ` Mimi Zohar
2020-05-18 18:55 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1589816971.5111.113.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).