Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] integrity subsystem fixes for v5.7
Date: Mon, 18 May 2020 11:49:31 -0400
Message-ID: <1589816971.5111.113.camel@linux.ibm.com> (raw)

Hi Linus,

Here are a couple of miscellaneous bug fixes for the integrity
subsystem:

IMA:
- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently.  Don't differentiate between "enforce" and either
"log" or "fix" modes how the policy is loaded.

EVM:
- (2 patches) Fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list.

Mimi

The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936:

  Linux 5.7-rc2 (2020-04-19 14:35:30 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes

for you to fetch changes up to 8433856947217ebb5697a8ff9c4c9cad4639a2cf:

  evm: Fix a small race in init_desc() (2020-05-14 19:55:54 -0400)

----------------------------------------------------------------
Dan Carpenter (1):
      evm: Fix a small race in init_desc()

Madhuparna Bhowmik (1):
      evm: Fix RCU list related warnings

Roberto Sassu (3):
      ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
      evm: Check also if *tfm is an error pointer in init_desc()
      ima: Fix return value of ima_write_policy()

 security/integrity/evm/evm_crypto.c | 46 ++++++++++++++++++-------------------
 security/integrity/evm/evm_main.c   |  4 ++--
 security/integrity/evm/evm_secfs.c  |  9 +++++++-
 security/integrity/ima/ima_crypto.c | 12 +++++-----
 security/integrity/ima/ima_fs.c     |  3 +--
 5 files changed, 40 insertions(+), 34 deletions(-)

             reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-18 15:49 Mimi Zohar [this message]
2020-05-18 17:47 ` Linus Torvalds
2020-05-18 17:58   ` Mimi Zohar
2020-05-18 18:55 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1589816971.5111.113.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git