Hi Linus,
Here are a couple of miscellaneous bug fixes for the integrity
subsystem:
IMA:
- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently. Don't differentiate between "enforce" and either
"log" or "fix" modes how the policy is loaded.
EVM:
- (2 patches) Fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list.
Mimi
The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936:
Linux 5.7-rc2 (2020-04-19 14:35:30 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
for you to fetch changes up to 8433856947217ebb5697a8ff9c4c9cad4639a2cf:
evm: Fix a small race in init_desc() (2020-05-14 19:55:54 -0400)
----------------------------------------------------------------
Dan Carpenter (1):
evm: Fix a small race in init_desc()
Madhuparna Bhowmik (1):
evm: Fix RCU list related warnings
Roberto Sassu (3):
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Fix return value of ima_write_policy()
security/integrity/evm/evm_crypto.c | 46 ++++++++++++++++++-------------------
security/integrity/evm/evm_main.c | 4 ++--
security/integrity/evm/evm_secfs.c | 9 +++++++-
security/integrity/ima/ima_crypto.c | 12 +++++-----
security/integrity/ima/ima_fs.c | 3 +--
5 files changed, 40 insertions(+), 34 deletions(-)
On Mon, May 18, 2020 at 8:49 AM Mimi Zohar <[email protected]> wrote:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
No such head.
It looks like the plain 'fixes' branch has the same commit ID, but
there's no next-integrity.fixes.
Btw, any chance you could start using signed tags? I've been
encouraging people to do that even on kernel.org, and we've got fairly
high coverage these days..
Linus
The pull request you sent on Mon, 18 May 2020 11:49:31 -0400:
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/642b151f45dd54809ea00ecd3976a56c1ec9b53d
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
On Mon, 2020-05-18 at 10:47 -0700, Linus Torvalds wrote:
> On Mon, May 18, 2020 at 8:49 AM Mimi Zohar <[email protected]> wrote:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.fixes
>
> No such head.
>
> It looks like the plain 'fixes' branch has the same commit ID, but
> there's no next-integrity.fixes.
Ugh, that's the name of my local branch. The remote branch is "fixes"
as you figured out.
>
> Btw, any chance you could start using signed tags? I've been
> encouraging people to do that even on kernel.org, and we've got fairly
> high coverage these days..
Sure, will figure out how in time for the next open window, if that is
Ok.
Mimi