--- /dev/null
+From 5101a1850bb7ccbf107929dee9af0cd2f400940f Mon Sep 17 00:00:00 2001
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Date: Tue, 21 Apr 2015 13:59:31 -0400
+Subject: evm: labeling pseudo filesystems exception
+
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+
+commit 5101a1850bb7ccbf107929dee9af0cd2f400940f upstream.
+
+To prevent offline stripping of existing file xattrs and relabeling of
+them at runtime, EVM allows only newly created files to be labeled. As
+pseudo filesystems are not persistent, stripping of xattrs is not a
+concern.
+
+Some LSMs defer file labeling on pseudo filesystems. This patch
+permits the labeling of existing files on pseudo files systems.
+
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/evm/evm_main.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/security/integrity/evm/evm_main.c
++++ b/security/integrity/evm/evm_main.c
+@@ -275,6 +275,17 @@ static int evm_protect_xattr(struct dent
+ iint = integrity_iint_find(dentry->d_inode);
+ if (iint && (iint->flags & IMA_NEW_FILE))
+ return 0;
++
++ /* exception for pseudo filesystems */
++ if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
++ || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
++ return 0;
++
++ integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
++ dentry->d_inode, dentry->d_name.name,
++ "update_metadata",
++ integrity_status_msg[evm_status],
++ -EPERM, 0);
+ }
+ out:
+ if (evm_status != INTEGRITY_PASS)
--- /dev/null
+From 45b26133b97871896b8c5241d59f4ff7839db7b2 Mon Sep 17 00:00:00 2001
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Date: Thu, 11 Jun 2015 11:54:42 -0400
+Subject: ima: fix ima_show_template_data_ascii()
+
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+
+commit 45b26133b97871896b8c5241d59f4ff7839db7b2 upstream.
+
+This patch fixes a bug introduced in "4d7aeee ima: define new template
+ima-ng and template fields d-ng and n-ng".
+
+Changelog:
+- change int to uint32 (Roberto Sassu's suggestion)
+
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Roberto Sassu <rsassu@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima.h | 2 +-
+ security/integrity/ima/ima_fs.c | 4 ++--
+ security/integrity/ima/ima_template_lib.c | 3 ++-
+ 3 files changed, 5 insertions(+), 4 deletions(-)
+
+--- a/security/integrity/ima/ima.h
++++ b/security/integrity/ima/ima.h
+@@ -106,7 +106,7 @@ void ima_add_violation(struct file *file
+ const char *op, const char *cause);
+ int ima_init_crypto(void);
+ void ima_putc(struct seq_file *m, void *data, int datalen);
+-void ima_print_digest(struct seq_file *m, u8 *digest, int size);
++void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
+ struct ima_template_desc *ima_template_desc_current(void);
+ int ima_init_template(void);
+
+--- a/security/integrity/ima/ima_fs.c
++++ b/security/integrity/ima/ima_fs.c
+@@ -186,9 +186,9 @@ static const struct file_operations ima_
+ .release = seq_release,
+ };
+
+-void ima_print_digest(struct seq_file *m, u8 *digest, int size)
++void ima_print_digest(struct seq_file *m, u8 *digest, u32 size)
+ {
+- int i;
++ u32 i;
+
+ for (i = 0; i < size; i++)
+ seq_printf(m, "%02x", *(digest + i));
+--- a/security/integrity/ima/ima_template_lib.c
++++ b/security/integrity/ima/ima_template_lib.c
+@@ -79,7 +79,8 @@ static void ima_show_template_data_ascii
+ enum data_formats datafmt,
+ struct ima_field_data *field_data)
+ {
+- u8 *buf_ptr = field_data->data, buflen = field_data->len;
++ u8 *buf_ptr = field_data->data;
++ u32 buflen = field_data->len;
+
+ switch (datafmt) {
+ case DATA_FMT_DIGEST_WITH_ALGO:
--- /dev/null
+From ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Mon, 27 Jul 2015 15:23:43 +0100
+Subject: KEYS: ensure we free the assoc array edit if edit is valid
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 upstream.
+
+__key_link_end is not freeing the associated array edit structure
+and this leads to a 512 byte memory leak each time an identical
+existing key is added with add_key().
+
+The reason the add_key() system call returns okay is that
+key_create_or_update() calls __key_link_begin() before checking to see
+whether it can update a key directly rather than adding/replacing - which
+it turns out it can. Thus __key_link() is not called through
+__key_instantiate_and_link() and __key_link_end() must cancel the edit.
+
+CVE-2015-1333
+
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/keyring.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/security/keys/keyring.c
++++ b/security/keys/keyring.c
+@@ -1151,9 +1151,11 @@ void __key_link_end(struct key *keyring,
+ if (index_key->type == &key_type_keyring)
+ up_write(&keyring_serialise_link_sem);
+
+- if (edit && !edit->dead_leaf) {
+- key_payload_reserve(keyring,
+- keyring->datalen - KEYQUOTA_LINK_BYTES);
++ if (edit) {
++ if (!edit->dead_leaf) {
++ key_payload_reserve(keyring,
++ keyring->datalen - KEYQUOTA_LINK_BYTES);
++ }
+ assoc_array_cancel_edit(edit);
+ }
+ up_write(&keyring->sem);
drm-add-a-check-for-x-y-in-drm_mode_setcrtc.patch
xfs-fix-remote-symlinks-on-v5-crc-filesystems.patch
vtpm-set-virtual-device-before-passing-to-ibmvtpm_reset_crq.patch
+keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
+ima-fix-ima_show_template_data_ascii.patch
+evm-labeling-pseudo-filesystems-exception.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
