1. 04 Jan, 2019 1 commit
    • Linus Torvalds's avatar
      Remove 'type' argument from access_ok() function · 96d4f267
      Linus Torvalds authored
      Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
      of the user address range verification function since we got rid of the
      old racy i386-only code to walk page tables by hand.
      It existed because the original 80386 would not honor the write protect
      bit when in kernel mode, so you had to do COW by hand before doing any
      user access.  But we haven't supported that in a long time, and these
      days the 'type' argument is a purely historical artifact.
      A discussion about extending 'user_access_begin()' to do the range
      checking resulted this patch, because there is no way we're going to
      move the old VERIFY_xyz interface to that model.  And it's best done at
      the end of the merge window when I've done most of my merges, so let's
      just get this done once and for all.
      This patch was mostly done with a sed-script, with manual fix-ups for
      the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
      There were a couple of notable cases:
       - csky still had the old "verify_area()" name as an alias.
       - the iter_iov code had magical hardcoded knowledge of the actual
         values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
         really used it)
       - microblaze used the type argument for a debug printout
      but other than those oddities this should be a total no-op patch.
      I tried to fix up all architectures, did fairly extensive grepping for
      access_ok() uses, and the changes are trivial, but I may have missed
      something.  Any missed conversion should be trivially fixable, though.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  2. 01 Jan, 2019 1 commit
    • Eric Biggers's avatar
      KEYS: fix parsing invalid pkey info string · 57b0e314
      Eric Biggers authored
      We need to check the return value of match_token() for Opt_err before
      doing anything with it.
      [ Not only did the old "-1" value for Opt_err cause problems for the
        __test_and_set_bit(), as fixed in commit 94c13f66 ("security:
        don't use a negative Opt_err token index"), but accessing
        "args[0].from" is invalid for the Opt_err case, as pointed out by Eric
        later.  - Linus ]
      Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com
      Fixes: 00d60fd3 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]")
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Cc: stable@kernel.org # 4.20
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  3. 28 Dec, 2018 1 commit
  4. 21 Dec, 2018 21 commits
  5. 20 Dec, 2018 3 commits
  6. 19 Dec, 2018 1 commit
  7. 18 Dec, 2018 2 commits
    • Mimi Zohar's avatar
      ima: cleanup the match_token policy code · 1a9430db
      Mimi Zohar authored
      Start the policy_tokens and the associated enumeration from zero,
      simplifying the pt macro.
      Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Linus Torvalds's avatar
      security: don't use a negative Opt_err token index · 94c13f66
      Linus Torvalds authored
      The code uses a bitmap to check for duplicate tokens during parsing, and
      that doesn't work at all for the negative Opt_err token case.
      There is absolutely no reason to make Opt_err be negative, and in fact
      it only confuses things, since some of the affected functions actually
      return a positive Opt_xyz enum _or_ a regular negative error code (eg
      -EINVAL), and using -1 for Opt_err makes no sense.
      There are similar problems in ima_policy.c and key encryption, but they
      don't have the immediate bug wrt bitmap handing, and ima_policy.c in
      particular needs a different patch to make the enum values match the
      token array index.  Mimi is sending that separately.
      Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com
      Reported-by: default avatarEric Biggers <ebiggers@kernel.org>
      Fixes: 5208cc83 ("keys, trusted: fix: *do not* allow duplicate key options")
      Fixes: 00d60fd3 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]")
      Cc: James Morris James Morris <jmorris@namei.org>
      Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
      Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Cc: Peter Huewe <peterhuewe@gmx.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  8. 17 Dec, 2018 1 commit
  9. 14 Dec, 2018 2 commits
  10. 13 Dec, 2018 7 commits