[GIT,PULL] integrity subsystem fixes for v5.7
mbox series

Message ID 1589816971.5111.113.camel@linux.ibm.com
State New
Headers show
Series
  • [GIT,PULL] integrity subsystem fixes for v5.7
Related show

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes

Message

Mimi Zohar May 18, 2020, 3:49 p.m. UTC
Hi Linus,

Here are a couple of miscellaneous bug fixes for the integrity
subsystem:

IMA:
- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently.  Don't differentiate between "enforce" and either
"log" or "fix" modes how the policy is loaded.

EVM:
- (2 patches) Fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list.

Mimi

The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936:

  Linux 5.7-rc2 (2020-04-19 14:35:30 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes

for you to fetch changes up to 8433856947217ebb5697a8ff9c4c9cad4639a2cf:

  evm: Fix a small race in init_desc() (2020-05-14 19:55:54 -0400)

----------------------------------------------------------------
Dan Carpenter (1):
      evm: Fix a small race in init_desc()

Madhuparna Bhowmik (1):
      evm: Fix RCU list related warnings

Roberto Sassu (3):
      ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
      evm: Check also if *tfm is an error pointer in init_desc()
      ima: Fix return value of ima_write_policy()

 security/integrity/evm/evm_crypto.c | 46 ++++++++++++++++++-------------------
 security/integrity/evm/evm_main.c   |  4 ++--
 security/integrity/evm/evm_secfs.c  |  9 +++++++-
 security/integrity/ima/ima_crypto.c | 12 +++++-----
 security/integrity/ima/ima_fs.c     |  3 +--
 5 files changed, 40 insertions(+), 34 deletions(-)

Comments

Linus Torvalds May 18, 2020, 5:47 p.m. UTC | #1
On Mon, May 18, 2020 at 8:49 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
>
>   git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes

No such head.

It looks like the plain 'fixes' branch has the same commit ID, but
there's no next-integrity.fixes.

Btw, any chance you could start using signed tags? I've been
encouraging people to do that even on kernel.org, and we've got fairly
high coverage these days..

             Linus
Mimi Zohar May 18, 2020, 5:58 p.m. UTC | #2
On Mon, 2020-05-18 at 10:47 -0700, Linus Torvalds wrote:
> On Mon, May 18, 2020 at 8:49 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
> >
> >   git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
> 
> No such head.
> 
> It looks like the plain 'fixes' branch has the same commit ID, but
> there's no next-integrity.fixes.

Ugh, that's the name of my local branch.  The remote branch is "fixes"
as you figured out.

> 
> Btw, any chance you could start using signed tags? I've been
> encouraging people to do that even on kernel.org, and we've got fairly
> high coverage these days..

Sure, will figure out how in time for the next open window, if that is
Ok.

Mimi
pr-tracker-bot@kernel.org May 18, 2020, 6:55 p.m. UTC | #3
The pull request you sent on Mon, 18 May 2020 11:49:31 -0400:

> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/642b151f45dd54809ea00ecd3976a56c1ec9b53d

Thank you!