From patchwork Tue Mar 19 06:06:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 730CA13B5 for ; Tue, 19 Mar 2019 06:19:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 511A029540 for ; Tue, 19 Mar 2019 06:19:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 44DC329556; Tue, 19 Mar 2019 06:19:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4139E29540 for ; Tue, 19 Mar 2019 06:19:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 28677211DF22E; Mon, 18 Mar 2019 23:19:02 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 388D2211DC092 for ; Mon, 18 Mar 2019 23:19:00 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:18:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="126620568" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by orsmga008.jf.intel.com with ESMTP; 18 Mar 2019 23:18:59 -0700 Subject: [PATCH 1/6] security/keys/encrypted: Allow operation without trusted.ko From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:20 -0700 Message-ID: <155297558061.2276575.9485856950730059730.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org, James Bottomley , Roberto Sassu , linux-kernel@vger.kernel.org, Mimi Zohar , David Howells , Jarkko Sakkinen Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP The trusted.ko module may fail to load. In the common case this failure is simply due to the platform missing a TPM. Teach the encrypted_keys implementation to lookup the key type by name rather than having a module dependency. Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...") Suggested-by: James Bottomley Cc: Roberto Sassu Cc: Jarkko Sakkinen Cc: Mimi Zohar Cc: David Howells Signed-off-by: Dan Williams --- security/keys/encrypted-keys/masterkey_trusted.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c index dc3d18cae642..7560aea6438d 100644 --- a/security/keys/encrypted-keys/masterkey_trusted.c +++ b/security/keys/encrypted-keys/masterkey_trusted.c @@ -19,6 +19,7 @@ #include #include #include "encrypted.h" +#include "../internal.h" /* * request_trusted_key - request the trusted key @@ -31,9 +32,15 @@ struct key *request_trusted_key(const char *trusted_desc, const u8 **master_key, size_t *master_keylen) { struct trusted_key_payload *tpayload; + struct key_type *type; struct key *tkey; - tkey = request_key(&key_type_trusted, trusted_desc, NULL); + type = key_type_lookup("trusted"); + if (IS_ERR(type)) { + tkey = (struct key *)type; + goto error; + } + tkey = request_key(type, trusted_desc, NULL); if (IS_ERR(tkey)) goto error; @@ -44,3 +51,5 @@ struct key *request_trusted_key(const char *trusted_desc, error: return tkey; } + +MODULE_SOFTDEP("pre: trusted"); From patchwork Tue Mar 19 06:06:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858845 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3302B13B5 for ; Tue, 19 Mar 2019 06:19:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D30B29556 for ; Tue, 19 Mar 2019 06:19:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 00FBA29557; Tue, 19 Mar 2019 06:19:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4995D29555 for ; Tue, 19 Mar 2019 06:19:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 40998211DF243; Mon, 18 Mar 2019 23:19:05 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C7CFB211DC092 for ; Mon, 18 Mar 2019 23:19:04 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:19:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="123843229" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by orsmga007.jf.intel.com with ESMTP; 18 Mar 2019 23:19:04 -0700 Subject: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key() From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:25 -0700 Message-ID: <155297558570.2276575.11731393787282486177.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org, James Bottomley , linux-kernel@vger.kernel.org, Mimi Zohar , David Howells Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Now that the trusted key type is looked up by name rather than direct symbol there is no need to play games with detecting the build configuration. Make request_trusted_key() a static facility internal to the encrypted-keys implementation. Suggested-by: James Bottomley Cc: Mimi Zohar Cc: David Howells Signed-off-by: Dan Williams --- include/linux/key.h | 1 security/keys/encrypted-keys/Makefile | 3 - security/keys/encrypted-keys/encrypted.c | 32 +++++++++++++ security/keys/encrypted-keys/encrypted.h | 12 ----- security/keys/encrypted-keys/masterkey_trusted.c | 55 ---------------------- security/keys/internal.h | 2 - security/keys/key.c | 1 7 files changed, 34 insertions(+), 72 deletions(-) delete mode 100644 security/keys/encrypted-keys/masterkey_trusted.c diff --git a/include/linux/key.h b/include/linux/key.h index 7099985e35a9..e7bfd037d26f 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -270,6 +270,7 @@ static inline void key_ref_put(key_ref_t key_ref) key_put(key_ref_to_ptr(key_ref)); } +extern struct key_type *key_type_lookup(const char *type); extern struct key *request_key(struct key_type *type, const char *description, const char *callout_info); diff --git a/security/keys/encrypted-keys/Makefile b/security/keys/encrypted-keys/Makefile index 7a44dce6f69d..d42487bb3d8a 100644 --- a/security/keys/encrypted-keys/Makefile +++ b/security/keys/encrypted-keys/Makefile @@ -6,6 +6,3 @@ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o encrypted-keys-y := encrypted.o ecryptfs_format.o -masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o -masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o -encrypted-keys-y += $(masterkey-y) $(masterkey-m-m) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 347108f660a1..06925d3b30c9 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -423,6 +423,37 @@ static struct skcipher_request *init_skcipher_req(const u8 *key, return req; } +/* + * request_trusted_key - request the trusted key + * + * Trusted keys are sealed to PCRs and other metadata. Although userspace + * manages both trusted/encrypted key-types, like the encrypted key type + * data, trusted key type data is not visible decrypted from userspace. + */ +static struct key *request_trusted_key(const char *trusted_desc, + const u8 **master_key, size_t *master_keylen) +{ + struct trusted_key_payload *tpayload; + struct key_type *type; + struct key *tkey; + + type = key_type_lookup("trusted"); + if (IS_ERR(type)) { + tkey = (struct key *)type; + goto error; + } + tkey = request_key(type, trusted_desc, NULL); + if (IS_ERR(tkey)) + goto error; + + down_read(&tkey->sem); + tpayload = tkey->payload.data[0]; + *master_key = tpayload->key; + *master_keylen = tpayload->key_len; +error: + return tkey; +} + static struct key *request_master_key(struct encrypted_key_payload *epayload, const u8 **master_key, size_t *master_keylen) { @@ -1025,3 +1056,4 @@ late_initcall(init_encrypted); module_exit(cleanup_encrypted); MODULE_LICENSE("GPL"); +MODULE_SOFTDEP("pre: trusted"); diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h index 1809995db452..0ae67824a24a 100644 --- a/security/keys/encrypted-keys/encrypted.h +++ b/security/keys/encrypted-keys/encrypted.h @@ -3,18 +3,6 @@ #define __ENCRYPTED_KEY_H #define ENCRYPTED_DEBUG 0 -#if defined(CONFIG_TRUSTED_KEYS) || \ - (defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE)) -extern struct key *request_trusted_key(const char *trusted_desc, - const u8 **master_key, size_t *master_keylen); -#else -static inline struct key *request_trusted_key(const char *trusted_desc, - const u8 **master_key, - size_t *master_keylen) -{ - return ERR_PTR(-EOPNOTSUPP); -} -#endif #if ENCRYPTED_DEBUG static inline void dump_master_key(const u8 *master_key, size_t master_keylen) diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c deleted file mode 100644 index 7560aea6438d..000000000000 --- a/security/keys/encrypted-keys/masterkey_trusted.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2010 IBM Corporation - * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it - * - * Authors: - * Mimi Zohar - * Roberto Sassu - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, version 2 of the License. - * - * See Documentation/security/keys/trusted-encrypted.rst - */ - -#include -#include -#include -#include -#include "encrypted.h" -#include "../internal.h" - -/* - * request_trusted_key - request the trusted key - * - * Trusted keys are sealed to PCRs and other metadata. Although userspace - * manages both trusted/encrypted key-types, like the encrypted key type - * data, trusted key type data is not visible decrypted from userspace. - */ -struct key *request_trusted_key(const char *trusted_desc, - const u8 **master_key, size_t *master_keylen) -{ - struct trusted_key_payload *tpayload; - struct key_type *type; - struct key *tkey; - - type = key_type_lookup("trusted"); - if (IS_ERR(type)) { - tkey = (struct key *)type; - goto error; - } - tkey = request_key(type, trusted_desc, NULL); - if (IS_ERR(tkey)) - goto error; - - down_read(&tkey->sem); - tpayload = tkey->payload.data[0]; - *master_key = tpayload->key; - *master_keylen = tpayload->key_len; -error: - return tkey; -} - -MODULE_SOFTDEP("pre: trusted"); diff --git a/security/keys/internal.h b/security/keys/internal.h index 8f533c81aa8d..ea2eb78459bf 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -89,8 +89,6 @@ extern spinlock_t key_serial_lock; extern struct mutex key_construction_mutex; extern wait_queue_head_t request_key_conswq; - -extern struct key_type *key_type_lookup(const char *type); extern void key_type_put(struct key_type *ktype); extern int __key_link_begin(struct key *keyring, diff --git a/security/keys/key.c b/security/keys/key.c index 696f1c092c50..9045b62afb04 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -706,6 +706,7 @@ struct key_type *key_type_lookup(const char *type) found_kernel_type: return ktype; } +EXPORT_SYMBOL_GPL(key_type_lookup); void key_set_timeout(struct key *key, unsigned timeout) { From patchwork Tue Mar 19 06:06:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858847 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E6B1F15AC for ; Tue, 19 Mar 2019 06:19:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5C43292C7 for ; Tue, 19 Mar 2019 06:19:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B72232930A; Tue, 19 Mar 2019 06:19:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5FF99292F1 for ; Tue, 19 Mar 2019 06:19:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 58A26211DF246; Mon, 18 Mar 2019 23:19:11 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6BBC7211DC092 for ; Mon, 18 Mar 2019 23:19:10 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:19:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="328537480" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by fmsmga006.fm.intel.com with ESMTP; 18 Mar 2019 23:19:09 -0700 Subject: [PATCH 3/6] libnvdimm/security: Drop direct dependency on key_type_encrypted From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:30 -0700 Message-ID: <155297559082.2276575.2158004875457450595.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Lookup the key type by name and protect libnvdimm from encrypted_keys.ko module load failures. Cc: Vishal Verma Cc: Dave Jiang Cc: Keith Busch Cc: Ira Weiny Signed-off-by: Dan Williams Reviewed-by: Dave Jiang --- drivers/nvdimm/security.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index f8bb746a549f..7f9e412f743a 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -48,12 +48,17 @@ static void nvdimm_put_key(struct key *key) static struct key *nvdimm_request_key(struct nvdimm *nvdimm) { struct key *key = NULL; + struct key_type *type; static const char NVDIMM_PREFIX[] = "nvdimm:"; char desc[NVDIMM_KEY_DESC_LEN + sizeof(NVDIMM_PREFIX)]; struct device *dev = &nvdimm->dev; sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id); - key = request_key(&key_type_encrypted, desc, ""); + type = key_type_lookup("encrypted"); + if (IS_ERR(type)) + return (struct key *) type; + + key = request_key(type, desc, ""); if (IS_ERR(key)) { if (PTR_ERR(key) == -ENOKEY) dev_dbg(dev, "request_key() found no key\n"); @@ -88,7 +93,7 @@ static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm, return NULL; key = key_ref_to_ptr(keyref); - if (key->type != &key_type_encrypted) { + if (strcmp(key->type->name, "encrypted") != 0) { key_put(key); return NULL; } @@ -452,3 +457,5 @@ void nvdimm_security_overwrite_query(struct work_struct *work) __nvdimm_security_overwrite_query(nvdimm); nvdimm_bus_unlock(&nvdimm->dev); } + +MODULE_SOFTDEP("pre: encrypted_keys"); From patchwork Tue Mar 19 06:06:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858849 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F20C315AC for ; Tue, 19 Mar 2019 06:19:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE5282914A for ; Tue, 19 Mar 2019 06:19:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C2A732930A; Tue, 19 Mar 2019 06:19:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 775B42914A for ; Tue, 19 Mar 2019 06:19:17 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6E39A211DF242; Mon, 18 Mar 2019 23:19:17 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 63C43211DC092 for ; Mon, 18 Mar 2019 23:19:16 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:19:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="132778389" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by fmsmga008.fm.intel.com with ESMTP; 18 Mar 2019 23:19:15 -0700 Subject: [PATCH 4/6] security/keys/ecryptfs: Drop direct dependency on key_type_encrypted From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:36 -0700 Message-ID: <155297559625.2276575.11539296499176067525.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org, ecryptfs@vger.kernel.org, linux-kernel@vger.kernel.org, Tyler Hicks Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Lookup the key type by name and protect ecryptfs from encrypted_keys.ko module load failures, and cleanup the configuration dependencies on the definition of the ecryptfs_get_encrypted_key() helper. Cc: Tyler Hicks Cc: Signed-off-by: Dan Williams --- fs/ecryptfs/ecryptfs_kernel.h | 22 +--------------------- fs/ecryptfs/keystore.c | 12 ++++++++++++ 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index e74cb2a0b299..3106d23d95f0 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -87,13 +87,12 @@ struct ecryptfs_page_crypt_context { } param; }; -#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) static inline struct ecryptfs_auth_tok * ecryptfs_get_encrypted_key_payload_data(struct key *key) { struct encrypted_key_payload *payload; - if (key->type != &key_type_encrypted) + if (strcmp(key->type->name, "encrypted") != 0) return NULL; payload = key->payload.data[0]; @@ -103,25 +102,6 @@ ecryptfs_get_encrypted_key_payload_data(struct key *key) return (struct ecryptfs_auth_tok *)payload->payload_data; } -static inline struct key *ecryptfs_get_encrypted_key(char *sig) -{ - return request_key(&key_type_encrypted, sig, NULL); -} - -#else -static inline struct ecryptfs_auth_tok * -ecryptfs_get_encrypted_key_payload_data(struct key *key) -{ - return NULL; -} - -static inline struct key *ecryptfs_get_encrypted_key(char *sig) -{ - return ERR_PTR(-ENOKEY); -} - -#endif /* CONFIG_ENCRYPTED_KEYS */ - static inline struct ecryptfs_auth_tok * ecryptfs_get_key_payload_data(struct key *key) { diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e74fe84d0886..52a01dd57f4a 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1619,6 +1619,17 @@ parse_tag_11_packet(unsigned char *data, unsigned char *contents, return rc; } +static struct key *ecryptfs_get_encrypted_key(char *sig) +{ + struct key_type *type; + struct key *key; + + type = key_type_lookup("encrypted"); + if (IS_ERR(type)) + return (struct key *) type; + return request_key(type, sig, NULL); +} + int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, struct ecryptfs_auth_tok **auth_tok, char *sig) @@ -2542,3 +2553,4 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, return 0; } +MODULE_SOFTDEP("pre: encrypted_keys"); From patchwork Tue Mar 19 06:06:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858851 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1759F17E0 for ; Tue, 19 Mar 2019 06:19:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E256A292F1 for ; Tue, 19 Mar 2019 06:19:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D6EEC29343; Tue, 19 Mar 2019 06:19:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 91885292F1 for ; Tue, 19 Mar 2019 06:19:22 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 873F3211DF24A; Mon, 18 Mar 2019 23:19:22 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8596C211DC092 for ; Mon, 18 Mar 2019 23:19:21 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:19:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="152984724" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by fmsmga002.fm.intel.com with ESMTP; 18 Mar 2019 23:19:21 -0700 Subject: [PATCH 5/6] security/integrity/evm: Drop direct dependency on key_type_encrypted From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:41 -0700 Message-ID: <155297560193.2276575.1761562049509563946.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Mimi Zohar , linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Lookup the key type by name and protect evm from encrypted_keys.ko module load failures. Cc: Mimi Zohar Cc: Signed-off-by: Dan Williams --- security/integrity/evm/evm_crypto.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index c37d08118af5..5c65c3aef427 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -354,10 +354,15 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, int evm_init_key(void) { struct key *evm_key; + struct key_type *type; struct encrypted_key_payload *ekp; int rc; - evm_key = request_key(&key_type_encrypted, EVMKEY, NULL); + type = key_type_lookup("encrypted"); + if (IS_ERR(type)) + return PTR_ERR(type); + + evm_key = request_key(type, EVMKEY, NULL); if (IS_ERR(evm_key)) return -ENOENT; @@ -372,3 +377,5 @@ int evm_init_key(void) key_put(evm_key); return rc; } + +MODULE_SOFTDEP("pre: encrypted_keys"); From patchwork Tue Mar 19 06:06:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10858855 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 385C917E9 for ; Tue, 19 Mar 2019 06:19:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1779A29186 for ; Tue, 19 Mar 2019 06:19:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0B95229338; Tue, 19 Mar 2019 06:19:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C291029186 for ; Tue, 19 Mar 2019 06:19:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A7913211DF24D; Mon, 18 Mar 2019 23:19:27 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D5D41211DCDB8 for ; Mon, 18 Mar 2019 23:19:26 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Mar 2019 23:19:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,496,1544515200"; d="scan'208";a="156246127" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by fmsmga001.fm.intel.com with ESMTP; 18 Mar 2019 23:19:26 -0700 Subject: [PATCH 6/6] security/keys/encrypted: Drop export of key_type_encrypted From: Dan Williams To: keyrings@vger.kernel.org Date: Mon, 18 Mar 2019 23:06:47 -0700 Message-ID: <155297560738.2276575.13044997734939158888.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Howells , linux-kernel@vger.kernel.org, Mimi Zohar , linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Now that all users lookup the key type by name, drop the export and the direct module dependency. Cc: Mimi Zohar Cc: David Howells Signed-off-by: Dan Williams --- include/keys/encrypted-type.h | 2 -- security/keys/encrypted-keys/encrypted.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h index 1d4541370a64..dd509835b4a4 100644 --- a/include/keys/encrypted-type.h +++ b/include/keys/encrypted-type.h @@ -33,6 +33,4 @@ struct encrypted_key_payload { u8 payload_data[0]; /* payload data + datablob + hmac */ }; -extern struct key_type key_type_encrypted; - #endif /* _KEYS_ENCRYPTED_TYPE_H */ diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 06925d3b30c9..c3999d5e2a19 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -1012,7 +1012,7 @@ static void encrypted_destroy(struct key *key) kzfree(key->payload.data[0]); } -struct key_type key_type_encrypted = { +static struct key_type key_type_encrypted = { .name = "encrypted", .instantiate = encrypted_instantiate, .update = encrypted_update, @@ -1020,7 +1020,6 @@ struct key_type key_type_encrypted = { .describe = user_describe, .read = encrypted_read, }; -EXPORT_SYMBOL_GPL(key_type_encrypted); static int __init init_encrypted(void) {