)]}' { "log": [ { "commit": "b67bfe0d42cac56c512dd5da4b1b347a23f4b70a", "tree": "3d465aea12b97683f26ffa38eba8744469de9997", "parents": [ "1e142b29e210b5dfb2deeb6ce2210b60af16d2a6" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Wed Feb 27 17:06:00 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Feb 27 19:10:24 2013 -0800" }, "message": "hlist: drop the node parameter from iterators\n\nI\u0027m not sure why, but the hlist for each entry iterators were conceived\n\n list_for_each_entry(pos, head, member)\n\nThe hlist ones were greedy and wanted an extra parameter:\n\n hlist_for_each_entry(tpos, pos, head, member)\n\nWhy did they need an extra pos parameter? I\u0027m not quite sure. Not only\nthey don\u0027t really need it, it also prevents the iterator from looking\nexactly like the list iterator, which is unfortunate.\n\nBesides the semantic patch, there was some manual work required:\n\n - Fix up the actual hlist iterators in linux/list.h\n - Fix up the declaration of other iterators based on the hlist ones.\n - A very small amount of places were using the \u0027node\u0027 parameter, this\n was modified to use \u0027obj-\u003emember\u0027 instead.\n - Coccinelle didn\u0027t handle the hlist_for_each_entry_safe iterator\n properly, so those had to be fixed up manually.\n\nThe semantic patch which is mostly the work of Peter Senna Tschudin is here:\n\n@@\niterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;\n\ntype T;\nexpression a,c,d,e;\nidentifier b;\nstatement S;\n@@\n\n-T b;\n \u003c+... when !\u003d b\n(\nhlist_for_each_entry(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue(a,\n- b,\nc) S\n|\nhlist_for_each_entry_from(a,\n- b,\nc) S\n|\nhlist_for_each_entry_rcu(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_rcu_bh(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue_rcu_bh(a,\n- b,\nc) S\n|\nfor_each_busy_worker(a, c,\n- b,\nd) S\n|\nax25_uid_for_each(a,\n- b,\nc) S\n|\nax25_for_each(a,\n- b,\nc) S\n|\ninet_bind_bucket_for_each(a,\n- b,\nc) S\n|\nsctp_for_each_hentry(a,\n- b,\nc) S\n|\nsk_for_each(a,\n- b,\nc) S\n|\nsk_for_each_rcu(a,\n- b,\nc) S\n|\nsk_for_each_from\n-(a, b)\n+(a)\nS\n+ sk_for_each_from(a) S\n|\nsk_for_each_safe(a,\n- b,\nc, d) S\n|\nsk_for_each_bound(a,\n- b,\nc) S\n|\nhlist_for_each_entry_safe(a,\n- b,\nc, d, e) S\n|\nhlist_for_each_entry_continue_rcu(a,\n- b,\nc) S\n|\nnr_neigh_for_each(a,\n- b,\nc) S\n|\nnr_neigh_for_each_safe(a,\n- b,\nc, d) S\n|\nnr_node_for_each(a,\n- b,\nc) S\n|\nnr_node_for_each_safe(a,\n- b,\nc, d) S\n|\n- for_each_gfn_sp(a, c, d, b) S\n+ for_each_gfn_sp(a, c, d) S\n|\n- for_each_gfn_indirect_valid_sp(a, c, d, b) S\n+ for_each_gfn_indirect_valid_sp(a, c, d) S\n|\nfor_each_host(a,\n- b,\nc) S\n|\nfor_each_host_safe(a,\n- b,\nc, d) S\n|\nfor_each_mesh_entry(a,\n- b,\nc, d) S\n)\n ...+\u003e\n\n[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]\n[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]\n[akpm@linux-foundation.org: checkpatch fixes]\n[akpm@linux-foundation.org: fix warnings]\n[akpm@linux-foudnation.org: redo intrusive kvm changes]\nTested-by: Peter Senna Tschudin \u003cpeter.senna@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nCc: Wu Fengguang \u003cfengguang.wu@intel.com\u003e\nCc: Marcelo Tosatti \u003cmtosatti@redhat.com\u003e\nCc: Gleb Natapov \u003cgleb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d895cb1af15c04c522a25c79cc429076987c089b", "tree": "895dc9157e28f603d937a58be664e4e440d5530c", "parents": [ "9626357371b519f2b955fef399647181034a77fe", "d3d009cb965eae7e002ea5badf603ea8f4c34915" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile (part one) from Al Viro:\n \"Assorted stuff - cleaning namei.c up a bit, fixing -\u003ed_name/-\u003ed_parent\n locking violations, etc.\n\n The most visible changes here are death of FS_REVAL_DOT (replaced with\n \"has -\u003ed_weak_revalidate()\") and a new helper getting from struct file\n to inode. Some bits of preparation to xattr method interface changes.\n\n Misc patches by various people sent this cycle *and* ocfs2 fixes from\n several cycles ago that should\u0027ve been upstream right then.\n\n PS: the next vfs pile will be xattr stuff.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)\n saner proc_get_inode() calling conventions\n proc: avoid extra pde_put() in proc_fill_super()\n fs: change return values from -EACCES to -EPERM\n fs/exec.c: make bprm_mm_init() static\n ocfs2/dlm: use GFP_ATOMIC inside a spin_lock\n ocfs2: fix possible use-after-free with AIO\n ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path\n get_empty_filp()/alloc_file() leave both -\u003ef_pos and -\u003ef_version zero\n target: writev() on single-element vector is pointless\n export kernel_write(), convert open-coded instances\n fs: encode_fh: return FILEID_INVALID if invalid fid_type\n kill f_vfsmnt\n vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op\n nfsd: handle vfs_getattr errors in acl protocol\n switch vfs_getattr() to struct path\n default SET_PERSONALITY() in linux/elf.h\n ceph: prepopulate inodes only when request is aborted\n d_hash_and_lookup(): export, switch open-coded instances\n 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()\n 9p: split dropping the acls from v9fs_set_create_acl()\n ...\n" }, { "commit": "446d64e3e1154806092ac27de198dff1225797d9", "tree": "6ae7509b776f88bf7c28254e63ba34ddcd091a92", "parents": [ "a2c2c3a71c25627e4840795b3c269918d0e71b28" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:37 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 03:10:52 2013 +1100" }, "message": "block: fix part_pack_uuid() build error\n\nCommit \"85865c1 ima: add policy support for file system uuid\"\nintroduced a CONFIG_BLOCK dependency. This patch defines a\nwrapper called blk_part_pack_uuid(), which returns -EINVAL,\nwhen CONFIG_BLOCK is not defined.\n\nsecurity/integrity/ima/ima_policy.c:538:4: error: implicit declaration\nof function \u0027part_pack_uuid\u0027 [-Werror\u003dimplicit-function-declaration]\n\nChangelog v2:\n- Reference commit number in patch description\nChangelog v1:\n- rename ima_part_pack_uuid() to blk_part_pack_uuid()\n- resolve scripts/checkpatch.pl warnings\nChangelog v0:\n- fix UUID scripts/Lindent msgs\n\nReported-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nReported-by: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: David Rientjes \u003crientjes@google.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nCc: Jens Axboe \u003caxboe@kernel.dk\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a2c2c3a71c25627e4840795b3c269918d0e71b28", "tree": "f643772b0087e7bf5a9801ed07580ee8d5ce93c9", "parents": [ "ab7826595e9ec51a51f622c5fc91e2f59440481a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:36 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 02:46:38 2013 +1100" }, "message": "ima: \"remove enforce checking duplication\" merge fix\n\nCommit \"750943a ima: remove enforce checking duplication\" combined\nthe \u0027in IMA policy\u0027 and \u0027enforcing file integrity\u0027 checks. For\nthe non-file, kernel module verification, a specific check for\n\u0027enforcing file integrity\u0027 was not added. This patch adds the\ncheck.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "33673dcb372b5d8179c22127ca71deb5f3dc7016", "tree": "d182e9dc6aa127375a92b5eb619d6cd2ddc23ce7", "parents": [ "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "5b2660326039a32b28766cb4c1a8b1bdcfadc375" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"This is basically a maintenance update for the TPM driver and EVM/IMA\"\n\nFix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)\n tpm/ibmvtpm: build only when IBM pseries is configured\n ima: digital signature verification using asymmetric keys\n ima: rename hash calculation functions\n ima: use new crypto_shash API instead of old crypto_hash\n ima: add policy support for file system uuid\n evm: add file system uuid to EVM hmac\n tpm_tis: check pnp_acpi_device return code\n char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value\n char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe\n char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute\n char/tpm/tpm_i2c_stm_st33: Don\u0027t use memcpy for one byte assignment\n tpm_i2c_stm_st33: removed unused variables/code\n TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup\n tpm: Fix cancellation of TPM commands (interrupt mode)\n tpm: Fix cancellation of TPM commands (polling mode)\n tpm: Store TPM vendor ID\n TPM: Work around buggy TPMs that block during continue self test\n tpm_i2c_stm_st33: fix oops when i2c client is unavailable\n char/tpm: Use struct dev_pm_ops for power management\n TPM: STMicroelectronics ST33 I2C BUILD STUFF\n ...\n" }, { "commit": "50af554466804bf51a52fa3d1d0a76f96bd33929", "tree": "b7a3737c726a690ddefa60fdc01427d46d1d08b2", "parents": [ "76bb28f6126f20ee987b9d2570fa653d95d30ae9" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon May 14 14:13:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:13 2013 -0500" }, "message": "ima: rename hash calculation functions\n\nRename hash calculation functions to reflect meaning\nand change argument order in conventional way.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "76bb28f6126f20ee987b9d2570fa653d95d30ae9", "tree": "d03a184b5fb611544519662784ec50fee55bac72", "parents": [ "85865c1fa189fcba49089e6254a0226f2269bebc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 10:42:30 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:12 2013 -0500" }, "message": "ima: use new crypto_shash API instead of old crypto_hash\n\nOld crypto hash API internally uses shash API.\nUsing shash API directly is more efficient.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "85865c1fa189fcba49089e6254a0226f2269bebc", "tree": "e3bcc153e1218302a3bccd30f55295361396a781", "parents": [ "74de66842473bdafa798010e58f1999ec70a8983" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 23:23:13 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:29 2013 -0500" }, "message": "ima: add policy support for file system uuid\n\nThe IMA policy permits specifying rules to enable or disable\nmeasurement/appraisal/audit based on the file system magic number.\nIf, for example, the policy contains an ext4 measurement rule,\nthe rule is enabled for all ext4 partitions.\n\nSometimes it might be necessary to enable measurement/appraisal/audit\nonly for one partition and disable it for another partition of the\nsame type. With the existing IMA policy syntax, this can not be done.\n\nThis patch provides support for IMA policy rules to specify the file\nsystem by its UUID (eg. fsuuid\u003d397449cd-687d-4145-8698-7fed4a3e0363).\n\nFor partitions not being appraised, it might be a good idea to mount\nfile systems with the \u0027noexec\u0027 option to prevent executing non-verified\nbinaries.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a73fcfa8875a94c2956e7ff8fba54d31a3e2854", "tree": "4f7a55a1f4c7524aaa422fc216717c1c0424d48e", "parents": [ "d79d72e02485c00b886179538dc8deaffa3be507" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 15:14:38 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:39 2013 -0500" }, "message": "ima: differentiate appraise status only for hook specific rules\n\nDifferent hooks can require different methods for appraising a\nfile\u0027s integrity. As a result, an integrity appraisal status is\ncached on a per hook basis.\n\nOnly a hook specific rule, requires the inode to be re-appraised.\nThis patch eliminates unnecessary appraisals.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "d79d72e02485c00b886179538dc8deaffa3be507", "tree": "92690d5cbd6e4a0a3bee369033fe18d9b2d065f7", "parents": [ "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 03 17:08:11 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:36 2013 -0500" }, "message": "ima: per hook cache integrity appraisal status\n\nWith the new IMA policy \u0027appraise_type\u003d\u0027 option, different hooks\ncan require different methods for appraising a file\u0027s integrity.\n\nFor example, the existing \u0027ima_appraise_tcb\u0027 policy defines a\ngeneric rule, requiring all root files to be appraised, without\nspecfying the appraisal method. A more specific rule could require\nall kernel modules, for example, to be signed.\n\nappraise fowner\u003d0 func\u003dMODULE_CHECK appraise_type\u003dimasig\nappraise fowner\u003d0\n\nAs a result, the integrity appraisal results for the same inode, but\nfor different hooks, could differ. This patch caches the integrity\nappraisal results on a per hook basis.\n\nChangelog v2:\n- Rename ima_cache_status() to ima_set_cache_status()\n- Rename and move get_appraise_status() to ima_get_cache_status()\nChangelog v0:\n- include IMA_APPRAISE/APPRAISED_SUBMASK in IMA_DO/DONE_MASK (Dmitry)\n- Support independent MODULE_CHECK appraise status.\n- fixed IMA_XXXX_APPRAISE/APPRAISED flags\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "0e5a247cb37a97d843ef76d09d5f80deb7893ba3", "tree": "7206abaf6d20e69a89584046ed7dc9970ba2da12", "parents": [ "a175b8bb29ebbad380ab4788f307fbfc47997b19" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 13:58:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:31 2013 -0500" }, "message": "ima: added policy support for \u0027security.ima\u0027 type\n\nThe \u0027security.ima\u0027 extended attribute may contain either the file data\u0027s\nhash or a digital signature. This patch adds support for requiring a\nspecific extended attribute type. It extends the IMA policy with a new\nkeyword \u0027appraise_type\u003dimasig\u0027. (Default is hash.)\n\nChangelog v2:\n- Fixed Documentation/ABI/testing/ima_policy option syntax\nChangelog v1:\n- Differentiate between \u0027required\u0027 vs. \u0027actual\u0027 extended attribute\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "a175b8bb29ebbad380ab4788f307fbfc47997b19", "tree": "8e0dbb1def59d05412e57ff2f9fc089bb304bffa", "parents": [ "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:06:28 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:05 2013 -0500" }, "message": "ima: forbid write access to files with digital signatures\n\nThis patch forbids write access to files with digital signatures, as they\nare considered immutable.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0", "tree": "5779ef0eadc9b871f0b1b06cc0107d0c28dfc726", "parents": [ "ee866331749b07373743ce18ceaffb1dd841d855" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Sep 04 00:40:17 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:03 2013 -0500" }, "message": "ima: move full pathname resolution to separate function\n\nDefine a new function ima_d_path(), which returns the full pathname.\nThis function will be used further, for example, by the directory\nverification code.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "16cac49f727621c6b0467ffe15ed72c2febb1296", "tree": "dc9b4914116ad2ecb1831184192470900e609a27", "parents": [ "b51524635b73cfa27cc393859b277cee9c042820" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Dec 13 11:15:04 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:59 2013 -0500" }, "message": "ima: rename FILE_MMAP to MMAP_CHECK\n\nRename FILE_MMAP hook to MMAP_CHECK to be consistent with the other\nhook names.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "b51524635b73cfa27cc393859b277cee9c042820", "tree": "c4fae16b423b732dce39b28faca4ae4f1dadc3f9", "parents": [ "750943a30714b7e9a5a2b0e08eeef7a808b5a869" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 01:01:29 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:57 2013 -0500" }, "message": "ima: remove security.ima hexdump\n\nHexdump is not really helping. Audit messages prints error messages.\nRemove it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "750943a30714b7e9a5a2b0e08eeef7a808b5a869", "tree": "a75f963abc43a13e3d1a558b2f8c3d47b018b63d", "parents": [ "def3e8b9ee23cb69036910e48ec4e3eff40e04cb" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:57:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:44 2013 -0500" }, "message": "ima: remove enforce checking duplication\n\nBased on the IMA appraisal policy, files are appraised. For those\nfiles appraised, the IMA hooks return the integrity appraisal result,\nassuming IMA-appraisal is in enforcing mode. This patch combines\nboth of these criteria (in policy and enforcing file integrity),\nremoving the checking duplication.\n\nChangelog v1:\n- Update hook comments\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "def3e8b9ee23cb69036910e48ec4e3eff40e04cb", "tree": "0840ab9e618f15f4c3c5e8ee6fafe5a17c814af2", "parents": [ "e90805656d4683f84d360276102ae63adc777a38" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 20 22:38:53 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:07 2013 -0500" }, "message": "ima: set appraise status in fix mode only when xattr is fixed\n\nWhen a file system is mounted read-only, setting the xattr value in\nfix mode fails with an error code -EROFS. The xattr should be fixed\nafter the file system is remounted read-write. This patch verifies\nthat the set xattr succeeds, before setting the appraise status value\nto INTEGRITY_PASS.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7163a993840f0906d4ce1e3f193575c99dac21e1", "tree": "3c1c04f5da24cf2492b20b861c9974549978436c", "parents": [ "cf9ce948f47640797bd19980e1d99c6d17d0bdc3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 03 14:19:09 2013 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:03 2013 -0500" }, "message": "ima: re-initialize IMA policy LSM info\n\nAlthough the IMA policy does not change, the LSM policy can be\nreloaded, leaving the IMA LSM based rules referring to the old,\nstale LSM policy. This patch updates the IMA LSM based rules\nto reflect the reloaded LSM policy.\n\nReported-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\ntested-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "a7f2a366f62319dfebf8d4dfe8b211f631c78457", "tree": "67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2", "parents": [ "a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Dec 21 08:34:21 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 24 09:35:48 2012 -0500" }, "message": "ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall\n\nThe new kernel module syscall appraises kernel modules based\non policy. If the IMA policy requires kernel module checking,\nfallback to module signature enforcing for the existing syscall.\nWithout CONFIG_MODULE_SIG_FORCE enabled, the kernel module\u0027s\nintegrity is unknown, return -EACCES.\n\nChangelog v1:\n- Fix ima_module_check() return result (Tetsuo Handa)\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "fdf90729e57812cb12d7938e2dee7c71e875fb08", "tree": "0ec17c765406dedc37ac278823d50587d53d1525", "parents": [ "1625cee56f8e6193b5a0809a414dfa395bd9cf1e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Oct 16 12:40:08 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:26 2012 +1030" }, "message": "ima: support new kernel module syscall\n\nWith the addition of the new kernel module syscall, which defines two\narguments - a file descriptor to the kernel module and a pointer to a NULL\nterminated string of module arguments - it is now possible to measure and\nappraise kernel modules like any other file on the file system.\n\nThis patch adds support to measure and appraise kernel modules in an\nextensible and consistent manner.\n\nTo support filesystems without extended attribute support, additional\npatches could pass the signature as the first parameter.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "d26e1936227b538a1691b978566ef269aef10853", "tree": "c1b803d6177f6c39932a159c7bdb2c557497e16f", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 18:26:53 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Oct 05 22:32:16 2012 +1000" }, "message": "ima: fix bug in argument order\n\nmask argument goes first, then func, like ima_must_measure\nand ima_get_action. ima_inode_post_setattr() assumes that.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "8b94eea4bfb8df693c5b35d08b74f13cfb92f3de", "tree": "908ffbf4f0bb117ca47346712dc0e57f6434cda1", "parents": [ "cf9c93526f4517581a9e8f1c0d9093a4c7748ec6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri May 25 18:24:12 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:24 2012 -0700" }, "message": "userns: Add user namespace support to IMA\n\nUse kuid\u0027s in the IMA rules.\n\nWhen reporting the current uid in audit logs use from_kuid\nto get a usable value.\n\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8", "tree": "f920b77b98c38e28dd2974564db102160e59f3e9", "parents": [ "45e2472e67bf66f794d507b52e82af92e0614e49" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Thu Jun 14 10:04:36 2012 -0700" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:48:44 2012 -0400" }, "message": "ima: audit log hashes\n\nThis adds an \u0027audit\u0027 policy action which audit logs file measurements.\n\nChangelog v6:\n - use new action flag handling (Dmitry Kasatkin).\n - removed whitespace (Mimi)\n\nChangelog v5:\n - use audit_log_untrustedstring.\n\nChangelog v4:\n - cleanup digest -\u003e hash conversion.\n - use filename rather than d_path in ima_audit_measurement.\n\nChangelog v3:\n - Use newly exported audit_log_task_info for logging pid/ppid/uid/etc.\n - Update the ima_policy ABI documentation.\n\nChangelog v2:\n - Use \u0027audit\u0027 action rather than \u0027measure_and_audit\u0027 to permit\n auditing in the absence of measuring..\n\nChangelog v1:\n - Initial posting.\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "45e2472e67bf66f794d507b52e82af92e0614e49", "tree": "4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac", "parents": [ "d9d300cdb6f233c4c591348919c758062198a4f4" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Sep 12 20:51:32 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:23:57 2012 -0400" }, "message": "ima: generic IMA action flag handling\n\nMake the IMA action flag handling generic in order to support\nadditional new actions, without requiring changes to the base\nimplementation. New actions, like audit logging, will only\nneed to modify the define statements.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "d9d300cdb6f233c4c591348919c758062198a4f4", "tree": "2a00e8e9100b1d799e5b779008ad0081e7fe5264", "parents": [ "e23eb920b0f3978687c497de2ac3eb9e281dab32" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Jun 27 11:26:14 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 12 07:28:05 2012 -0400" }, "message": "ima: rename ima_must_appraise_or_measure\n\nWhen AUDIT action support is added to the IMA,\nima_must_appraise_or_measure() does not reflect the real meaning anymore.\nRename it to ima_get_action().\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "8606404fa555c2ee691376fcc640ab89fe752035", "tree": "4b2d2e43b7ad196b46757faff10d04803381a543", "parents": [ "5a44b41207174e1882ce0c24a752f4cfb65dab07" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Aug 31 14:07:06 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:48 2012 -0400" }, "message": "ima: digital signature verification support\n\nThis patch adds support for digital signature based integrity appraisal.\nWith this patch, \u0027security.ima\u0027 contains either the file data hash or\na digital signature of the file data hash. The file data hash provides\nthe security attribute of file integrity. In addition to file integrity,\na digital signature provides the security attribute of authenticity.\n\nUnlike EVM, when the file metadata changes, the digital signature is\nreplaced with an HMAC, modification of the file data does not cause the\n\u0027security.ima\u0027 digital signature to be replaced with a hash. As a\nresult, after any modification, subsequent file integrity appraisals\nwould fail.\n\nAlthough digitally signed files can be modified, but by not updating\n\u0027security.ima\u0027 to reflect these modifications, in essence digitally\nsigned files could be considered \u0027immutable\u0027.\n\nIMA uses a different keyring than EVM. While the EVM keyring should not\nbe updated after initialization and locked, the IMA keyring should allow\nupdating or adding new keys when upgrading or installing packages.\n\nChangelog v4:\n- Change IMA_DIGSIG to hex equivalent\nChangelog v3:\n- Permit files without any \u0027security.ima\u0027 xattr to be labeled properly.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a44b41207174e1882ce0c24a752f4cfb65dab07", "tree": "a5426be63a4f165f3ce15d1e61d8fd10f37fd8c3", "parents": [ "42c63330f2b05aa6077c1bfc2798c04afe54f6b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jan 09 22:59:36 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add support for different security.ima data types\n\nIMA-appraisal currently verifies the integrity of a file based on a\nknown \u0027good\u0027 measurement value. This patch reserves the first byte\nof \u0027security.ima\u0027 as a place holder for the type of method used for\nverifying file data integrity.\n\nChangelog v1:\n- Use the newly defined \u0027struct evm_ima_xattr_data\u0027\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "42c63330f2b05aa6077c1bfc2798c04afe54f6b2", "tree": "bbd7d212ba9c686b2b649718b8b919bdd2eecea4", "parents": [ "9957a5043e7b0b7361cdf48eea22b2900293e63a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Mar 10 18:54:15 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add ima_inode_setxattr/removexattr function and calls\n\nBased on xattr_permission comments, the restriction to modify \u0027security\u0027\nxattr is left up to the underlying fs or lsm. Ensure that not just anyone\ncan modify or remove \u0027security.ima\u0027.\n\nChangelog v1:\n- Unless IMA-APPRAISE is configured, use stub ima_inode_removexattr()/setxattr()\n functions. (Moved ima_inode_removexattr()/setxattr() to ima_appraise.c)\n\nChangelog:\n - take i_mutex to fix locking (Dmitry Kasatkin)\n - ima_reset_appraise_flags should only be called when modifying or\n removing the \u0027security.ima\u0027 xattr. Requires CAP_SYS_ADMIN privilege.\n (Incorporated fix from Roberto Sassu)\n - Even if allowed to update security.ima, reset the appraisal flags,\n forcing re-appraisal.\n - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN\n - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs\n - ima_protect_xattr should be static\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "bf2276d10ce58ff44ab8857266a6718024496af6", "tree": "7be39c026fd30856248f68c964d0f1e2ae703c25", "parents": [ "07f6a79415d7d502ee0c7d02ace6594a7be7429a" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Oct 19 12:04:40 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: allocating iint improvements\n\nWith IMA-appraisal\u0027s removal of the iint mutex and taking the i_mutex\ninstead, allocating the iint becomes a lot simplier, as we don\u0027t need\nto be concerned with two processes racing to allocate the iint. This\npatch cleans up and improves performance for allocating the iint.\n\n- removed redundant double i_mutex locking\n- combined iint allocation with tree search\n\nChangelog v2:\n- removed the rwlock/read_lock changes from this patch\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "07f6a79415d7d502ee0c7d02ace6594a7be7429a", "tree": "af2a9b3bb84ab621cbf11ab609dd8cc3566f2b12", "parents": [ "2fe5d6def1672ae6635dd71867bf36dcfaa7434b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 22:25:48 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: add appraise action keywords and default rules\n\nUnlike the IMA measurement policy, the appraise policy can not be dependent\non runtime process information, such as the task uid, as the \u0027security.ima\u0027\nxattr is written on file close and must be updated each time the file changes,\nregardless of the current task uid.\n\nThis patch extends the policy language with \u0027fowner\u0027, defines an appraise\npolicy, which appraises all files owned by root, and defines \u0027ima_appraise_tcb\u0027,\na new boot command line option, to enable the appraise policy.\n\nChangelog v3:\n- separate the measure from the appraise rules in order to support measuring\n without appraising and appraising without measuring.\n- change appraisal default for filesystems without xattr support to fail\n- update default appraise policy for cgroups\n\nChangelog v1:\n- don\u0027t appraise RAMFS (Dmitry Kasatkin)\n- merged rest of \"ima: ima_must_appraise_or_measure API change\" commit\n (Dmtiry Kasatkin)\n\n ima_must_appraise_or_measure() called ima_match_policy twice, which\n searched the policy for a matching rule. Once for a matching measurement\n rule and subsequently for an appraisal rule. Searching the policy twice\n is unnecessary overhead, which could be noticeable with a large policy.\n\n The new version of ima_must_appraise_or_measure() does everything in a\n single iteration using a new version of ima_match_policy(). It returns\n IMA_MEASURE, IMA_APPRAISE mask.\n\n With the use of action mask only one efficient matching function\n is enough. Removed other specific versions of matching functions.\n\nChangelog:\n- change \u0027owner\u0027 to \u0027fowner\u0027 to conform to the new LSM conditions posted by\n Roberto Sassu.\n- fix calls to ima_log_string()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b", "tree": "f83878d309605440b5bc2d2d43a16ccece64c645", "parents": [ "4199d35cbc90c15db447d115bd96ffa5f1d60d3a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Feb 13 10:15:05 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:44 2012 -0400" }, "message": "ima: integrity appraisal extension\n\nIMA currently maintains an integrity measurement list used to assert the\nintegrity of the running system to a third party. The IMA-appraisal\nextension adds local integrity validation and enforcement of the\nmeasurement against a \"good\" value stored as an extended attribute\n\u0027security.ima\u0027. The initial methods for validating \u0027security.ima\u0027 are\nhashed based, which provides file data integrity, and digital signature\nbased, which in addition to providing file data integrity, provides\nauthenticity.\n\nThis patch creates and maintains the \u0027security.ima\u0027 xattr, containing\nthe file data hash measurement. Protection of the xattr is provided by\nEVM, if enabled and configured.\n\nBased on policy, IMA calls evm_verifyxattr() to verify a file\u0027s metadata\nintegrity and, assuming success, compares the file\u0027s current hash value\nwith the one stored as an extended attribute in \u0027security.ima\u0027.\n\nChangelov v4:\n- changed iint cache flags to hex values\n\nChangelog v3:\n- change appraisal default for filesystems without xattr support to fail\n\nChangelog v2:\n- fix audit msg \u0027res\u0027 value\n- removed unused \u0027ima_appraise\u003d\u0027 values\n\nChangelog v1:\n- removed unused iint mutex (Dmitry Kasatkin)\n- setattr hook must not reset appraised (Dmitry Kasatkin)\n- evm_verifyxattr() now differentiates between no \u0027security.evm\u0027 xattr\n (INTEGRITY_NOLABEL) and no EVM \u0027protected\u0027 xattrs included in the\n \u0027security.evm\u0027 (INTEGRITY_NOXATTRS).\n- replace hash_status with ima_status (Dmitry Kasatkin)\n- re-initialize slab element ima_status on free (Dmitry Kasatkin)\n- include \u0027security.ima\u0027 in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA\n- merged half \"ima: ima_must_appraise_or_measure API change\" (Dmitry Kasatkin)\n- removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)\n- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured\n (moved ima_inode_post_setattr() to ima_appraise.c)\n- make sure ima_collect_measurement() can read file\n\nChangelog:\n- add \u0027iint\u0027 to evm_verifyxattr() call (Dimitry Kasatkin)\n- fix the race condition between chmod, which takes the i_mutex and then\n iint-\u003emutex, and ima_file_free() and process_measurement(), which take\n the locks in the reverse order, by eliminating iint-\u003emutex. (Dmitry Kasatkin)\n- cleanup of ima_appraise_measurement() (Dmitry Kasatkin)\n- changes as a result of the iint not allocated for all regular files, but\n only for those measured/appraised.\n- don\u0027t try to appraise new/empty files\n- expanded ima_appraisal description in ima/Kconfig\n- IMA appraise definitions required even if IMA_APPRAISE not enabled\n- add return value to ima_must_appraise() stub\n- unconditionally set status \u003d INTEGRITY_PASS *after* testing status,\n not before. (Found by Joe Perches)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "20328b56cdf8fcc79f28c6c50ad8190fc0779e80", "tree": "e8c38d27456bda5b112f0edccf63757e7098d997", "parents": [ "c5df39262dd59dbbffb1017fca0f1661408ac9d5" ], "author": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 15:01:47 2012 -0500" }, "committer": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 16:23:23 2012 -0500" }, "message": "ima: enable the IBM vTPM as the default TPM in the PPC64 case\n\nEnable tpm_ibmvtpm driver by default when IMA is enabled on PPC64\n\nSigned-off-by: Kent Yoder \u003ckey@linux.vnet.ibm.com\u003e\n" }, { "commit": "417c6c8ee2eb6975f357d8975af94ba5fbeaf82d", "tree": "02af1e4363f415bfaa45c50a530cee78ecdf87b8", "parents": [ "7ff2267af595e642f1009198ab49e86a239148fa" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:21 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:43:59 2012 -0400" }, "message": "ima: audit is compiled only when enabled\n\nIMA auditing code was compiled even when CONFIG_AUDIT was not enabled.\nThis patch compiles auditing code only when possible and enabled.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7ff2267af595e642f1009198ab49e86a239148fa", "tree": "bd9187795ee24b4a339593caff40ea677e706e17", "parents": [ "8445d64dd761440fb5c73a2abba25009f4bf0e4c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:11 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:43:57 2012 -0400" }, "message": "ima: ima_initialized is set only if successful\n\nSet ima_initialized only if initialization was successful.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "8445d64dd761440fb5c73a2abba25009f4bf0e4c", "tree": "1529319b3b3fed827a02b5b8fafcd367045d540c", "parents": [ "c7de7adc18241a0eb10a6e1fed7cb1e01f53c85a" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:09 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jul 05 16:42:33 2012 -0400" }, "message": "ima: add policy for pseudo fs\n\nExclude DEVPTS and BINFMT filesystems from the measurement policy.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "c7de7adc18241a0eb10a6e1fed7cb1e01f53c85a", "tree": "2b79a44399e29c7d20397ec5188b42528f8c90d5", "parents": [ "0ea4f8ae416a9e8d15f4e20680879358f620e8b8" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Jun 25 12:18:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:30 2012 -0400" }, "message": "ima: remove unused cleanup functions\n\nIMA cannot be used as module and does not need __exit functions.\nRemoved them.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "0ea4f8ae416a9e8d15f4e20680879358f620e8b8", "tree": "68c03378249e4d3c543f5c6bf3833774a3c58adb", "parents": [ "08e1b76ae399a010c0d0916b125d75aed6961d16" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Sun Jan 29 19:19:08 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:30 2012 -0400" }, "message": "ima: free securityfs violations file\n\nOn ima_fs_init() error, free securityfs violations file.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "08e1b76ae399a010c0d0916b125d75aed6961d16", "tree": "88806da1802a75d3edbb46436bb509150177eb76", "parents": [ "659b5e76521c10331495cbd9acb7217e38ff9750" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jun 20 09:32:55 2012 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 02 16:43:29 2012 -0400" }, "message": "ima: use full pathnames in measurement list\n\nThe IMA measurement list contains filename hints, which can be\nambigious without the full pathname. This patch replaces the\nfilename hint with the full pathname, simplifying for userspace\nthe correlating of file hash measurements with files.\n\nChange log v1:\n- Revert to short filenames, when full pathname is longer than IMA\n measurement buffer size. (Based on Dmitry\u0027s review)\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "fbbb456347b21279a379b42eeb31151c33d8dd49", "tree": "d1d5debe01e000fd38f2af8232d342a054b754a4", "parents": [ "12fa8a2732e6d0bb42c311f76250f7871d042df8" ], "author": { "name": "Mimi Zohar", "email": "zohar@us.ibm.com", "time": "Mon May 14 21:50:11 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 10:36:41 2012 +1000" }, "message": "ima: fix filename hint to reflect script interpreter name\n\nWhen IMA was first upstreamed, the bprm filename and interp were\nalways the same. Currently, the bprm-\u003efilename and bprm-\u003einterp\nare the same, except for when only bprm-\u003einterp contains the\ninterpreter name. So instead of using the bprm-\u003efilename as\nthe IMA filename hint in the measurement list, we could replace\nit with bprm-\u003einterp, but this feels too fragil.\n\nThe following patch is not much better, but at least there is some\nindication that sometimes we\u0027re passing the filename and other times\nthe interpreter name.\n\nReported-by: Andrew Lunn \u003candrew@lunn.ch\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a69f15890292b5449f9056b4bb322b044e6ce0c6", "tree": "7a37f3826e958787ca7d78603c9031d29558f43f", "parents": [ "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Fri Feb 24 11:28:05 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 28 11:01:15 2012 +1100" }, "message": "security: fix ima kconfig warning\n\nFix IMA kconfig warning on non-X86 architectures:\n\nwarning: (IMA) selects TCG_TIS which has unmet direct dependencies\n(TCG_TPM \u0026\u0026 X86)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nAcked-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1", "tree": "08213154dd13ab28eac64e9a87b3a8b7e5660381", "parents": [ "bf06189e4d14641c0148bea16e9dd24943862215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 14 17:11:07 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 12:01:42 2012 +1100" }, "message": "IMA: fix audit res field to indicate 1 for success and 0 for failure\n\nThe audit res field ususally indicates success with a 1 and 0 for a\nfailure. So make IMA do it the same way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c", "tree": "2750d9fc94b8fb78d9982ea4a62d586e7f0a7862", "parents": [ "2eb6038c51034bf7f9335b15ce9238a028fdd2d6", "4c2c392763a682354fac65b6a569adec4e4b5387" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "4c2c392763a682354fac65b6a569adec4e4b5387", "tree": "490b840399ed1e010561f4b97018f3c0a3caf8b6", "parents": [ "f4a0391dfa91155bd961673b31eb42d9d45c799d" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Oct 18 14:16:28 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:21 2012 -0500" }, "message": "ima: policy for RAMFS\n\nDon\u0027t measure ramfs files.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f4a0391dfa91155bd961673b31eb42d9d45c799d", "tree": "21186b7a48986afa47115cefaf9d385fb9f8dcf7", "parents": [ "700920eb5ba4de5417b446c9a8bb008df2b973e0" ], "author": { "name": "Fabio Estevam", "email": "festevam@gmail.com", "time": "Thu Jan 05 12:49:54 2012 -0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:09 2012 -0500" }, "message": "ima: fix Kconfig dependencies\n\nFix the following build warning:\nwarning: (IMA) selects TCG_TPM which has unmet direct dependencies\n(HAS_IOMEM \u0026\u0026 EXPERIMENTAL)\n\nSuggested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: Fabio Estevam \u003cfabio.estevam@freescale.com\u003e\nSigned-off-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "3db59dd93309710c40aaf1571c607cb0feef3ecb", "tree": "6a224a855aad0e5207abae573456b2d2ec381f7c", "parents": [ "4bf1924c008dffdc154f82507b4052e49263a6f4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 22:11:28 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 15:59:11 2012 +1100" }, "message": "ima: fix cred sparse warning\n\nFix ima_policy.c sparse \"warning: dereference of noderef expression\"\nmessage, by accessing cred-\u003euid using current_cred().\n\nChangelog v1:\n- Change __cred to just cred (based on David Howell\u0027s comment)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "41fdc3054e23e3229edea27053522fe052d02ec2", "tree": "00bb62aef2288df07eae059f344d11d32b004f69", "parents": [ "5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Sat Jan 07 10:41:04 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:03 2012 -0500" }, "message": "audit: treat s_id as an untrusted string\n\nThe use of s_id should go through the untrusted string path, just to be\nextra careful.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da", "tree": "af324024e68047b9fff7ddf49c3e8f8e6024792e", "parents": [ "45fae7493970d7c45626ccd96d4a74f5f1eea5a9" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:28 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:07:54 2011 -0500" }, "message": "ima: fix invalid memory reference\n\nDon\u0027t free a valid measurement entry on TPM PCR extend failure.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "45fae7493970d7c45626ccd96d4a74f5f1eea5a9", "tree": "0c7bdd82bfcb4bd921a64abb441ca5c20c82a3df", "parents": [ "114d6e9c103736487c967060d0a7aec9a7fce967" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:27 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:04:32 2011 -0500" }, "message": "ima: free duplicate measurement memory\n\nInfo about new measurements are cached in the iint for performance. When\nthe inode is flushed from cache, the associated iint is flushed as well.\nSubsequent access to the inode will cause the inode to be re-measured and\nwill attempt to add a duplicate entry to the measurement list.\n\nThis patch frees the duplicate measurement memory, fixing a memory leak.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "de0a5345a55b8dd5a4695181275df0e691176830", "tree": "17530e824f7f46ce0b1757657179fb5957a6add5", "parents": [ "994c0e992522c123298b4a91b72f5e67ba2d1123", "8535639810e578960233ad39def3ac2157b0c3ec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://github.com/richardweinberger/linux\n\n* \u0027for-linus\u0027 of git://github.com/richardweinberger/linux: (90 commits)\n um: fix ubd cow size\n um: Fix kmalloc argument order in um/vdso/vma.c\n um: switch to use of drivers/Kconfig\n UserModeLinux-HOWTO.txt: fix a typo\n UserModeLinux-HOWTO.txt: remove ^H characters\n um: we need sys/user.h only on i386\n um: merge delay_{32,64}.c\n um: distribute exports to where exported stuff is defined\n um: kill system-um.h\n um: generic ftrace.h will do...\n um: segment.h is x86-only and needed only there\n um: asm/pda.h is not needed anymore\n um: hw_irq.h can go generic as well\n um: switch to generic-y\n um: clean Kconfig up a bit\n um: a couple of missing dependencies...\n um: kill useless argument of free_chan() and free_one_chan()\n um: unify ptrace_user.h\n um: unify KSTK_...\n um: fix gcov build breakage\n ...\n" }, { "commit": "3369465ed1a6a9aa9b885a6d7d8e074ecbd782da", "tree": "ac60be76e1d363caab63156c1390f1ab0c4ee96c", "parents": [ "c039aff672a540f8976770e74599d350de1805cb" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Thu Aug 18 20:11:59 2011 +0100" }, "committer": { "name": "Richard Weinberger", "email": "richard@nod.at", "time": "Wed Nov 02 14:15:41 2011 +0100" }, "message": "um: switch to use of drivers/Kconfig\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Richard Weinberger \u003crichard@nod.at\u003e\n" }, { "commit": "d5813a571876c72766f125b1c6e63414f6822c28", "tree": "fe688a7aa64fa890741e5a87800a3f95ddcaaee6", "parents": [ "b97e14520207dccb5cdf93f322e571bf907df104" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:19:50 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "ima: sparse fix: include linux/ima.h in ima_main.c\n\nFixes sparse warnings:\nsecurity/integrity/ima/ima_main.c:105:6: warning: symbol \u0027ima_file_free\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:167:5: warning: symbol \u0027ima_file_mmap\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:192:5: warning: symbol \u0027ima_bprm_check\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:211:5: warning: symbol \u0027ima_file_check\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b97e14520207dccb5cdf93f322e571bf907df104", "tree": "1757e5541378136752d608ecde87e1c7251afbb0", "parents": [ "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:18:30 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "ima: sparse fix: make ima_open_policy static\n\nFixes sparse warning:\nsecurity/integrity/ima/ima_fs.c:290:5: warning: symbol \u0027ima_open_policy\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4892722e06694fda1928bac4aa5af5505bd26a4c", "tree": "eaeeb90d98ad1ad35bf32c75a579d28a70b722e2", "parents": [ "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 10:34:33 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:24 2011 -0700" }, "message": "integrity: sparse fix: move iint_initialized to integrity.h\n\nSparse fix: move iint_initialized to integrity.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a2f3a02aea164f4f59c0c3497772090a411b462", "tree": "d3ebe03d4f97575290087843960baa01de3acd0a", "parents": [ "1d568ab068c021672d6cd7f50f92a3695a921ffb", "817b54aa45db03437c6d09a7693fc6926eb8e822" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next\n\nConflicts:\n\tfs/attr.c\n\nResolve conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b2a2c67415f1ab128f1d0b340fe6d13363335e5", "tree": "4553a90b12550980ac1dc40288458865e3eb186f", "parents": [ "ed476418394f12d47f27a75424c237a94d244f10" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:35 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 13:04:32 2011 -0400" }, "message": "ima: fmode_t misspelled as mode_t...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f381c272224f5f158f5cff64f8f3481fa0eee8b3", "tree": "a003dc4c6635c9d2fa90f31577ba5e7ea7bc71b1", "parents": [ "9d8f13ba3f4833219e50767b022b82cd0da930eb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 14:13:22 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jul 18 12:29:38 2011 -0400" }, "message": "integrity: move ima inode integrity data management\n\nMove the inode integrity data(iint) management up to the integrity directory\nin order to share the iint among the different integrity models.\n\nChangelog:\n- don\u0027t define MAX_DIGEST_SIZE\n- rename several globally visible \u0027ima_\u0027 prefixed functions, structs,\n locks, etc to \u0027integrity_\u0027\n- replace \u002720\u0027 with SHA1_DIGEST_SIZE\n- reflect location change in appropriate Kconfig and Makefiles\n- remove unnecessary initialization of iint_initialized to 0\n- rebased on current ima_iint.c\n- define integrity_iint_store/lock as static\n\nThere should be no other functional changes.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@ubuntu.com\u003e\n" }, { "commit": "1adace9bb04a5f4a4dea9e642089102661bb0ceb", "tree": "2396099935c50d838899a01da1438b8a441619de", "parents": [ "854fdd55bfdd56cfc61bd30f2062a9268fcebba6" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Feb 22 10:19:43 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 23 16:38:52 2011 -0500" }, "message": "ima: remove unnecessary call to ima_must_measure\n\nThe original ima_must_measure() function based its results on cached\niint information, which required an iint be allocated for all files.\nCurrently, an iint is allocated only for files in policy. As a result,\nfor those files in policy, ima_must_measure() is now called twice: once\nto determine if the inode is in the measurement policy and, the second\ntime, to determine if it needs to be measured/re-measured.\n\nThe second call to ima_must_measure() unnecessarily checks to see if\nthe file is in policy. As we already know the file is in policy, this\npatch removes the second unnecessary call to ima_must_measure(), removes\nthe vestige iint parameter, and just checks the iint directly to determine\nif the inode has been measured or needs to be measured/re-measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "854fdd55bfdd56cfc61bd30f2062a9268fcebba6", "tree": "139af793bf7395002e6e68978b603d47f28f7dc2", "parents": [ "890275b5eb79e9933d12290473eab9ac38da0051" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:14:22 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: remove IMA imbalance checking\n\nNow that i_readcount is maintained by the VFS layer, remove the\nimbalance checking in IMA. Cleans up the IMA code nicely.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "890275b5eb79e9933d12290473eab9ac38da0051", "tree": "8fa529a6fdfa7647ed4e14287658b71df8636ddd", "parents": [ "a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:13:07 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:44 2011 -0500" }, "message": "IMA: maintain i_readcount in the VFS layer\n\nima_counts_get() updated the readcount and invalidated the PCR,\nas necessary. Only update the i_readcount in the VFS layer.\nMove the PCR invalidation checks to ima_file_check(), where it\nbelongs.\n\nMaintaining the i_readcount in the VFS layer, will allow other\nsubsystems to use i_readcount.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a68a27b6f2354273bacc39c3dd06456edb202230", "tree": "d73396dab134842ecd1e86d665718e75012e7e78", "parents": [ "75a25637bf8a1b8fbed2368c0a3ec15c66a534f1" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 02 10:10:56 2010 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Feb 10 07:51:43 2011 -0500" }, "message": "IMA: convert i_readcount to atomic\n\nConvert the inode\u0027s i_readcount from an unsigned int to atomic.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "867c20265459d30a01b021a9c1e81fb4c5832aa9", "tree": "7873555d6a0e100fb1faa90da6e6366a430c3403", "parents": [ "03ed6a3aa600c48593c3984812fda2d5945ddb46" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jan 03 14:59:10 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 03 16:36:33 2011 -0800" }, "message": "ima: fix add LSM rule bug\n\nIf security_filter_rule_init() doesn\u0027t return a rule, then not everything\nis as fine as the return code implies.\n\nThis bug only occurs when the LSM (eg. SELinux) is disabled at runtime.\n\nAdding an empty LSM rule causes ima_match_rules() to always succeed,\nignoring any remaining rules.\n\n default IMA TCB policy:\n # PROC_SUPER_MAGIC\n dont_measure fsmagic\u003d0x9fa0\n # SYSFS_MAGIC\n dont_measure fsmagic\u003d0x62656572\n # DEBUGFS_MAGIC\n dont_measure fsmagic\u003d0x64626720\n # TMPFS_MAGIC\n dont_measure fsmagic\u003d0x01021994\n # SECURITYFS_MAGIC\n dont_measure fsmagic\u003d0x73636673\n\n \u003c LSM specific rule \u003e\n dont_measure obj_type\u003dvar_log_t\n\n measure func\u003dBPRM_CHECK\n measure func\u003dFILE_MMAP mask\u003dMAY_EXEC\n measure func\u003dFILE_CHECK mask\u003dMAY_READ uid\u003d0\n\nThus without the patch, with the boot parameters \u0027tcb selinux\u003d0\u0027, adding\nthe above \u0027dont_measure obj_type\u003dvar_log_t\u0027 rule to the default IMA TCB\nmeasurement policy, would result in nothing being measured. The patch\nprevents the default TCB policy from being replaced.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: David Safford \u003csafford@watson.ibm.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bade72d607c4eb1b1d6c7852c493b75f065a56b5", "tree": "95aafb198d9a8a08e6b7813de0403658e6a1b04a", "parents": [ "196f518128d2ee6e0028b50e6fec0313640db142" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:42:25 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:19 2010 -0700" }, "message": "IMA: fix the ToMToU logic\n\nCurrent logic looks like this:\n\n rc \u003d ima_must_measure(NULL, inode, MAY_READ, FILE_CHECK);\n if (rc \u003c 0)\n goto out;\n\n if (mode \u0026 FMODE_WRITE) {\n if (inode-\u003ei_readcount)\n send_tomtou \u003d true;\n goto out;\n }\n\n if (atomic_read(\u0026inode-\u003ei_writecount) \u003e 0)\n send_writers \u003d true;\n\nLets assume we have a policy which states that all files opened for read\nby root must be measured.\n\nLets assume the file has permissions 777.\n\nLets assume that root has the given file open for read.\n\nLets assume that a non-root process opens the file write.\n\nThe non-root process will get to ima_counts_get() and will check the\nima_must_measure(). Since it is not supposed to measure it will goto\nout.\n\nWe should check the i_readcount no matter what since we might be causing\na ToMToU voilation!\n\nThis is close to correct, but still not quite perfect. The situation\ncould have been that root, which was interested in the mesurement opened\nand closed the file and another process which is not interested in the\nmeasurement is the one holding the i_readcount ATM. This is just overly\nstrict on ToMToU violations, which is better than not strict enough...\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "196f518128d2ee6e0028b50e6fec0313640db142", "tree": "43a1d76bee477dbaa682233979e86f58a98369f0", "parents": [ "64c62f06bef8314a64d3189cb9c78062d54169b3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:42:19 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:19 2010 -0700" }, "message": "IMA: explicit IMA i_flag to remove global lock on inode_delete\n\nCurrently for every removed inode IMA must take a global lock and search\nthe IMA rbtree looking for an associated integrity structure. Instead\nwe explicitly mark an inode when we add an integrity structure so we\nonly have to take the global lock and do the removal if it exists.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "64c62f06bef8314a64d3189cb9c78062d54169b3", "tree": "63f542bf6a0de4eb2c9742376f7c314ac78e65ec", "parents": [ "bc7d2a3e66b40477270c3cbe3b89b47093276e7a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:42:12 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:19 2010 -0700" }, "message": "IMA: drop refcnt from ima_iint_cache since it isn\u0027t needed\n\nSince finding a struct ima_iint_cache requires a valid struct inode, and\nthe struct ima_iint_cache is supposed to have the same lifetime as a\nstruct inode (technically they die together but don\u0027t need to be created\nat the same time) we don\u0027t have to worry about the ima_iint_cache\noutliving or dieing before the inode. So the refcnt isn\u0027t useful. Just\nget rid of it and free the structure when the inode is freed.\n\nSigned-off-by: Eric Paris \u003ceapris@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bc7d2a3e66b40477270c3cbe3b89b47093276e7a", "tree": "8f0198b8ad455fde11b24e32a2e32c008a5ececb", "parents": [ "a178d2027d3198b0a04517d764326ab71cd73da2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:42:05 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: only allocate iint when needed\n\nIMA always allocates an integrity structure to hold information about\nevery inode, but only needed this structure to track the number of\nreaders and writers currently accessing a given inode. Since that\ninformation was moved into struct inode instead of the integrity struct\nthis patch stops allocating the integrity stucture until it is needed.\nThus greatly reducing memory usage.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a178d2027d3198b0a04517d764326ab71cd73da2", "tree": "d81b9336328ba1741231b318a6f8187f627581fd", "parents": [ "b9593d309d17c57e9ddc3934d641902533896ca9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:59 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: move read counter into struct inode\n\nIMA currently allocated an inode integrity structure for every inode in\ncore. This stucture is about 120 bytes long. Most files however\n(especially on a system which doesn\u0027t make use of IMA) will never need\nany of this space. The problem is that if IMA is enabled we need to\nknow information about the number of readers and the number of writers\nfor every inode on the box. At the moment we collect that information\nin the per inode iint structure and waste the rest of the space. This\npatch moves those counters into the struct inode so we can eventually\nstop allocating an IMA integrity structure except when absolutely\nneeded.\n\nThis patch does the minimum needed to move the location of the data.\nFurther cleanups, especially the location of counter updates, may still\nbe possible.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b9593d309d17c57e9ddc3934d641902533896ca9", "tree": "fa7fd9ced4a79f102e653ee4a5dc348aa1a41c21", "parents": [ "ad16ad00c34d3f320a5876b3d711ef6bc81362e1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:52 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: use i_writecount rather than a private counter\n\nIMA tracks the number of struct files which are holding a given inode\nreadonly and the number which are holding the inode write or r/w. It\nneeds this information so when a new reader or writer comes in it can\ntell if this new file will be able to invalidate results it already made\nabout existing files.\n\naka if a task is holding a struct file open RO, IMA measured the file\nand recorded those measurements and then a task opens the file RW IMA\nneeds to note in the logs that the old measurement may not be correct.\nIt\u0027s called a \"Time of Measure Time of Use\" (ToMToU) issue. The same is\ntrue is a RO file is opened to an inode which has an open writer. We\ncannot, with any validity, measure the file in question since it could\nbe changing.\n\nThis patch attempts to use the i_writecount field to track writers. The\ni_writecount field actually embeds more information in it\u0027s value than\nIMA needs but it should work for our purposes and allow us to shrink the\nstruct inode even more.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad16ad00c34d3f320a5876b3d711ef6bc81362e1", "tree": "7cf3b755567fde2850d2ea7f4a186a0dcea6b80f", "parents": [ "15aac676778f206b42c4d7782b08f89246680485" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:45 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: use inode-\u003ei_lock to protect read and write counters\n\nCurrently IMA used the iint-\u003emutex to protect the i_readcount and\ni_writecount. This patch uses the inode-\u003ei_lock since we are going to\nstart using in inode objects and that is the most appropriate lock.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "15aac676778f206b42c4d7782b08f89246680485", "tree": "d4d2625139f8a52ffa7bd0cb1848a446518652ec", "parents": [ "497f32337073a2da102c49a53779097b5394711b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:39 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: convert internal flags from long to char\n\nThe IMA flags is an unsigned long but there is only 1 flag defined.\nLets save a little space and make it a char. This packs nicely next to\nthe array of u8\u0027s.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "497f32337073a2da102c49a53779097b5394711b", "tree": "203cbcd3f9462737d872e24fb2c847ce9a69de45", "parents": [ "b575156dafef208415ff0842c392733d16d4ccf1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:32 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:18 2010 -0700" }, "message": "IMA: use unsigned int instead of long for counters\n\nCurrently IMA uses 2 longs in struct inode. To save space (and as it\nseems impossible to overflow 32 bits) we switch these to unsigned int.\nThe switch to unsigned does require slightly different checks for\nunderflow, but it isn\u0027t complex.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b575156dafef208415ff0842c392733d16d4ccf1", "tree": "52e4afd6a1969a975bd9e4b882d97d5ab659fa20", "parents": [ "8549164143a5431f9d9ea846acaa35a862410d9c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:26 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:17 2010 -0700" }, "message": "IMA: drop the inode opencount since it isn\u0027t needed for operation\n\nThe opencount was used to help debugging to make sure that everything\nwhich created a struct file also correctly made the IMA calls. Since we\nmoved all of that into the VFS this isn\u0027t as necessary. We should be\nable to get the same amount of debugging out of just the reader and\nwrite count.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8549164143a5431f9d9ea846acaa35a862410d9c", "tree": "79b0d2aeb2674f221854866cb067947dc47f2203", "parents": [ "f6f94e2ab1b33f0082ac22d71f66385a60d8157f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Oct 25 14:41:18 2010 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 26 11:37:17 2010 -0700" }, "message": "IMA: use rbtree instead of radix tree for inode information cache\n\nThe IMA code needs to store the number of tasks which have an open fd\ngranting permission to write a file even when IMA is not in use. It\nneeds this information in order to be enabled at a later point in time\nwithout losing it\u0027s integrity garantees.\n\nAt the moment that means we store a little bit of data about every inode\nin a cache. We use a radix tree key\u0027d on the inode\u0027s memory address.\nDave Chinner pointed out that a radix tree is a terrible data structure\nfor such a sparse key space. This patch switches to using an rbtree\nwhich should be more efficient.\n\nBug report from Dave:\n\n \"I just noticed that slabtop was reporting an awfully high usage of\n radix tree nodes:\n\n OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME\n 4200331 2778082 66% 0.55K 144839 29 2317424K radix_tree_node\n 2321500 2060290 88% 1.00K 72581 32 2322592K xfs_inode\n 2235648 2069791 92% 0.12K 69864 32 279456K iint_cache\n\n That is, 2.7M radix tree nodes are allocated, and the cache itself is\n consuming 2.3GB of RAM. I know that the XFS inodei caches are indexed\n by radix tree node, but for 2 million cached inodes that would mean a\n density of 1 inode per radix tree node, which for a system with 16M\n inodes in the filsystems is an impossibly low density. The worst I\u0027ve\n seen in a production system like kernel.org is about 20-25% density,\n which would mean about 150-200k radix tree nodes for that many inodes.\n So it\u0027s not the inode cache.\n\n So I looked up what the iint_cache was. It appears to used for\n storing per-inode IMA information, and uses a radix tree for indexing.\n It uses the *address* of the struct inode as the indexing key. That\n means the key space is extremely sparse - for XFS the struct inode\n addresses are approximately 1000 bytes apart, which means the closest\n the radix tree index keys get is ~1000. Which means that there is a\n single entry per radix tree leaf node, so the radix tree is using\n roughly 550 bytes for every 120byte structure being cached. For the\n above example, it\u0027s probably wasting close to 1GB of RAM....\"\n\nReported-by: Dave Chinner \u003cdavid@fromorbit.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e950598d43dce8d97e7d5270808393425d1e5cbd", "tree": "916c8a6c5dc63cd3486aa7200964269ea31b4d42", "parents": [ "999b4f0aa2314b76857775334cb94bafa053db64" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Aug 31 09:38:51 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 08 09:51:41 2010 +1000" }, "message": "ima: always maintain counters\n\ncommit 8262bb85da allocated the inode integrity struct (iint) before any\ninodes were created. Only after IMA was initialized in late_initcall were\nthe counters updated. This patch updates the counters, whether or not IMA\nhas been initialized, to resolve \u0027imbalance\u0027 messages.\n\nThis patch fixes the bug as reported in bugzilla: 15673. When the i915\nis builtin, the ring_buffer is initialized before IMA, causing the\nimbalance message on suspend.\n\nReported-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nTested-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nTested-by: David Safford\u003csafford@watson.ibm.com\u003e\nCc: Stable Kernel \u003cstable@kernel.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cdcd90f9e450d4edb5fab0490119f9540874e882", "tree": "5b1a5b5d00d19d6fa9ba13261ff22ffb0b8aa154", "parents": [ "7e2deb7ce8f662bce877dbfd3b0053e9559c25a3" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Jul 07 23:40:15 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:58 2010 +1000" }, "message": "ima: use generic_file_llseek for securityfs\n\nThe default for llseek will change to no_llseek,\nso securityfs users need to add explicit .llseek\nassignments. Since we\u0027re dealing with regular\nfiles from a VFS perspective, use generic_file_llseek.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "db1afffab0b5d9f6d31f8f4bea44c9cb3bc59351", "tree": "5ba8fd7a5018c0772d999b8c3aa945c0efb929e0", "parents": [ "dd336c554d8926c3348a2d5f2a5ef5597f6d1a06" ], "author": { "name": "NeilBrown", "email": "neilb@suse.de", "time": "Tue Mar 16 15:14:51 2010 +1100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri May 21 09:37:29 2010 -0700" }, "message": "kref: remove kref_set\n\nOf the three uses of kref_set in the kernel:\n\n One really should be kref_put as the code is letting go of a\n reference,\n Two really should be kref_init because the kref is being\n initialised.\n\nThis suggests that making kref_set available encourages bad code.\nSo fix the three uses and remove kref_set completely.\n\nSigned-off-by: NeilBrown \u003cneilb@suse.de\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\n\n" }, { "commit": "ba0c1709f4946a5ca1a678f4318ed72c0d409b3c", "tree": "22c60e909f1dccf1fa6f0c0b51b9e3163d66cfc1", "parents": [ "7f2ab000c6f2ae46070807a3bf645c45d8639460" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 04 18:16:30 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 17 09:21:58 2010 +1000" }, "message": "ima: remove ACPI dependency\n\nThe ACPI dependency moved to the TPM, where it belongs. Although\nIMA per-se does not require access to the bios measurement log,\nverifying the IMA boot aggregate does, which requires ACPI.\n\nThis patch prereq\u0027s \u0027TPM: ACPI/PNP dependency removal\u0027\nhttp://lkml.org/lkml/2010/5/4/378.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nReported-by: Jean-Christophe Dubois \u003cjcd@tribudubois.net\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nTested-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "83c36ccfe4d849f482ea0a62402c7624f4e59f0e", "tree": "381c005c107bc5cf8db594308c5a3b0ec2bd1d34", "parents": [ "ec4a162af388a2716c5314c4aff7029071d09f57" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 07 09:20:03 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 07 09:20:03 2010 +1000" }, "message": "Revert \"ima: remove ACPI dependency\"\n\nThis reverts commit a674fa46c79ffa37995bd1c8e4daa2b3be5a95ae.\n\nPrevious revert was a prereq.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ffbe2699cda6afbe08501098dff8a8c2fe6ae09", "tree": "81b1a2305d16c873371b65c5a863c0268036cefe", "parents": [ "4e5d6f7ec3833c0da9cf34fa5c53c6058c5908b6", "7ebd467551ed6ae200d7835a84bbda0dcadaa511" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu May 06 10:56:07 2010 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "a674fa46c79ffa37995bd1c8e4daa2b3be5a95ae", "tree": "4f2b0d0b89310cc93e9ae9377cdbba80b0554814", "parents": [ "b89e66e1e396f7b5436af154e58209320cc08aed" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue May 04 18:16:30 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 05 10:00:06 2010 +1000" }, "message": "ima: remove ACPI dependency\n\nThe ACPI dependency moved to the TPM, where it belongs. Although\nIMA per-se does not require access to the bios measurement log,\nverifying the IMA boot aggregate does, which requires ACPI.\n\nThis patch prereq\u0027s \u0027TPM: ACPI/PNP dependency removal\u0027\nhttp://lkml.org/lkml/2010/5/4/378.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nReported-by: Jean-Christophe Dubois \u003cjcd@tribudubois.net\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nTested-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "eb8dae9607901fd3fc181325ff3f30dce8f574c5", "tree": "1b6a0af7a1cd6b32a8cbb1512d91232895733bc5", "parents": [ "34c111f626e91adb23f90a91d2c7cd4dac9fa4b1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 22 10:49:36 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 23 08:47:53 2010 +1000" }, "message": "IMA: include the word IMA in printk messages\n\nAs an example IMA emits a warning when it can\u0027t find a TPM chip:\n\n\"No TPM chip found, activating TPM-bypass!\"\n\nThis patch prefaces that message with IMA so we know what subsystem is\nbypassing the TPM. Do this for all pr_info and pr_err messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "34c111f626e91adb23f90a91d2c7cd4dac9fa4b1", "tree": "3ca16731ab7e9b6cc1848dd28852503506dd97e1", "parents": [ "2f1506cd82e0725ba00c7146a9a9b47824a5edcf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:36 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:18 2010 +1000" }, "message": "IMA: drop the word integrity in the audit message\n\nintegrity_audit_msg() uses \"integrity:\" in the audit message. This\nviolates the (loosely defined) audit system requirements that everything be\na key\u003dvalue pair and it doesn\u0027t provide additional information. This can\nbe obviously gleaned from the message type. Just drop it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2f1506cd82e0725ba00c7146a9a9b47824a5edcf", "tree": "ac92c983ab10842e82e229c00b697566c6f20028", "parents": [ "7233e3ee22b1506723411fe437bcf69f678e8cdd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:30 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:17 2010 +1000" }, "message": "IMA: use audit_log_untrusted_string rather than %s\n\nConvert all of the places IMA calls audit_log_format with %s into\naudit_log_untrusted_string(). This is going to cause them all to get\nquoted, but it should make audit log injection harder.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7233e3ee22b1506723411fe437bcf69f678e8cdd", "tree": "3d84d037890a9918ed02b89fde875fd6e6cd3b10", "parents": [ "28ef4002ec7b4be27f1110b83e255df8159c786a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:24 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:16 2010 +1000" }, "message": "IMA: handle comments in policy\n\nIMA policy load parser will reject any policies with a comment. This patch\nwill allow the parser to just ignore lines which start with a #. This is not\nvery robust. # can ONLY be used at the very beginning of a line. Inline\ncomments are not allowed.\n\nSigned-off-by: Eric Paris\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "28ef4002ec7b4be27f1110b83e255df8159c786a", "tree": "e7b32aeb36ecf2d76235aa7d436a7578738a98cc", "parents": [ "e9d393bf8660fbbbe00617015224342bac3ea6fc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:18 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:16 2010 +1000" }, "message": "IMA: handle whitespace better\n\nIMA parser will fail if whitespace is used in any way other than a single\nspace. Using a tab or even using 2 spaces in a row will result in a policy\nbeing rejected. This patch makes the kernel ignore whitespace a bit better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e9d393bf8660fbbbe00617015224342bac3ea6fc", "tree": "b127189c4b598774ef467b599bd8bfe08b3c71d4", "parents": [ "b9035b1fd7933c11e68dbbf49b530cc43bf1da65" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:13 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:15 2010 +1000" }, "message": "IMA: reject policies with unknown entries\n\nCurrently the ima policy load code will print what it doesn\u0027t understand\nbut really I think it should reject any policy it doesn\u0027t understand. This\npatch makes it so!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b9035b1fd7933c11e68dbbf49b530cc43bf1da65", "tree": "b2f6846ee36422db9a58705e902054d4dac1c438", "parents": [ "7b62e162129c3b28d51016774e0c7c57c710c452" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:07 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:14 2010 +1000" }, "message": "IMA: set entry-\u003eaction to UNKNOWN rather than hard coding\n\nima_parse_rule currently sets entry-\u003eaction \u003d -1 and then later tests\nif (entry-\u003eaction \u003d\u003d UNKNOWN). It is true that UNKNOWN \u003d\u003d -1 but actually\nsetting it to UNKNOWN makes a lot more sense in case things change in the\nfuture.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b62e162129c3b28d51016774e0c7c57c710c452", "tree": "c6d18b649b70bb684b2a648a4a00956f2d1e62e2", "parents": [ "6ccd045630054c99ba1bb35673db12cfcf1eea58" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:21:01 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:14 2010 +1000" }, "message": "IMA: do not allow the same rule to specify the same thing twice\n\nIMA will accept rules which specify things twice and will only pay\nattention to the last one. We should reject such rules.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6ccd045630054c99ba1bb35673db12cfcf1eea58", "tree": "bce41e39722ae178807abe2213fd94e582842bae", "parents": [ "a200005038955057063fc8ea82129ebc785df41c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:20:54 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 09:58:13 2010 +1000" }, "message": "ima: handle multiple rules per write\n\nCurrently IMA will only accept one rule per write(). This patch allows IMA to\naccept writes which contain multiple rules but only processes one rule per\nwrite. \\n is used as the delimiter between rules. IMA will return a short\nwrite indicating that it only accepted up to the first \\n.\n\nThis allows simple userspace utilities like cat to be used to load an IMA\npolicy instead of needing a special userspace utility that understood \u0027one\nwrite per rule\u0027\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "a19c5bbefb37ebe22fb42bd3861a8d3b2a2652a1", "tree": "4850853aca5c1ac564af02cd3240748579f32ba8", "parents": [ "512ea3bc30c0e052a961e1abce8e783f3e28c92a" ], "author": { "name": "H Hartley Sweeten", "email": "hartleys@visionengravers.com", "time": "Tue Mar 09 17:59:59 2010 -0600" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 10 15:59:54 2010 +1100" }, "message": "security/ima: replace gcc specific __FUNCTION__ with __func__\n\nAs noted by checkpatch.pl, __func__ should be used instead of gcc\nspecific __FUNCTION__.\n\nSigned-off-by: H Hartley Sweeten \u003chsweeten@visionengravers.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "baac35c4155a8aa826c70acee6553368ca5243a2", "tree": "3a930979c48c83e4f07234ed05ef67caeb869bac", "parents": [ "60b341b778cc2929df16c0a504c91621b3c6a4ad" ], "author": { "name": "Xiaotian Feng", "email": "dfeng@redhat.com", "time": "Wed Feb 24 18:39:02 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 25 07:54:33 2010 +1100" }, "message": "security: fix error return path in ima_inode_alloc\n\nIf radix_tree_preload is failed in ima_inode_alloc, we don\u0027t need\nradix_tree_preload_end because kernel is alread preempt enabled\n\nSigned-off-by: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e93d0052d9a6b3d0b382eedceb18b519d603baf", "tree": "b47cb67cdfd98e257c4d7fb7ed75f6930a1bf005", "parents": [ "9bbb6cad0173e6220f3ac609e26beb48dab3b7cd" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 26 17:02:41 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Feb 07 03:06:23 2010 -0500" }, "message": "ima: rename PATH_CHECK to FILE_CHECK\n\nWith the movement of the ima hooks functions were renamed from *path* to\n*file* since they always deal with struct file. This patch renames some of\nthe ima internal flags to make them consistent with the rest of the code.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9bbb6cad0173e6220f3ac609e26beb48dab3b7cd", "tree": "680e0de3071c938ca9858fa9ed5bd5ca8ff2f20f", "parents": [ "54bb6552bd9405dc7685653157a4ec260c77a71c" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 26 17:02:40 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Feb 07 03:06:22 2010 -0500" }, "message": "ima: rename ima_path_check to ima_file_check\n\nima_path_check actually deals with files! call it ima_file_check instead.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "54bb6552bd9405dc7685653157a4ec260c77a71c", "tree": "7baad9e6cfacd055fd8076d52748a2d3f71d7551", "parents": [ "8eb988c70e7709b7bd1a69f0ec53d19ac20dea84" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Dec 09 15:29:01 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Feb 07 03:06:22 2010 -0500" }, "message": "ima: initialize ima before inodes can be allocated\n\nima wants to create an inode information struct (iint) when inodes are\nallocated. This means that at least the part of ima which does this\nallocation (the allocation is filled with information later) should\nbefore any inodes are created. To accomplish this we split the ima\ninitialization routine placing the kmem cache allocator inside a\nsecurity_initcall() function. Since this makes use of radix trees we also\nneed to make sure that is initialized before security_initcall().\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8eb988c70e7709b7bd1a69f0ec53d19ac20dea84", "tree": "6d0283a9fbca5cc104f591b9cc628edf39bc0b05", "parents": [ "1e41568d7378d1ba8c64ba137b9ddd00b59f893a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 20 15:35:41 2010 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Feb 07 03:06:22 2010 -0500" }, "message": "fix ima breakage\n\nThe \"Untangling ima mess, part 2 with counters\" patch messed\nup the counters. Based on conversations with Al Viro, this patch\nstreamlines ima_path_check() by removing the counter maintaince.\nThe counters are now updated independently, from measuring the file,\nin __dentry_open() and alloc_file() by calling ima_counts_get().\nima_path_check() is called from nfsd and do_filp_open().\nIt also did not measure all files that should have been measured.\nReason: ima_path_check() got bogus value passed as mask.\n[AV: mea culpa]\n[AV: add missing nfsd bits]\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d1625436b4fe526fa463bc0519ba37d7e4b37bbc", "tree": "a609c4bcd671190b039ddd4bd0f9bd63df588a22", "parents": [ "1429b3eca23818f87f9fa569a15d9816de81f698" ], "author": { "name": "Mimi Zohar", "email": "zohar@us.ibm.com", "time": "Fri Dec 04 15:48:40 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 12:16:48 2009 -0500" }, "message": "ima: limit imbalance msg\n\nLimit the number of imbalance messages to once per filesystem type instead of\nonce per system boot. (it\u0027s actually slightly racy and could give you a\ncouple per fs, but this isn\u0027t a real issue)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1429b3eca23818f87f9fa569a15d9816de81f698", "tree": "3100f009ec8863ee4692ee197b8e0c16c11258e6", "parents": [ "b65a9cfc2c38eebc33533280b8ad5841caee8b6e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 06:38:01 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 12:16:47 2009 -0500" }, "message": "Untangling ima mess, part 3: kill dead code in ima\n\nKill the \u0027update\u0027 argument of ima_path_check(), kill\ndead code in ima.\n\nCurrent rules: ima counters are bumped at the same time\nwhen the file switches from put_filp() fodder to fput()\none. Which happens exactly in two places - alloc_file()\nand __dentry_open(). Nothing else needs to do that at\nall.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "85a17f552dfe77efb44b971615e4f221a5f28f37", "tree": "bf9639dc2bb2dab926624a49a8b5aa1159876059", "parents": [ "e0d5bd2aec4e69e720ee86958503923cafb45be5" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Dec 04 15:48:08 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 12:16:46 2009 -0500" }, "message": "ima: call ima_inode_free ima_inode_free\n\nima_inode_free() has some funky #define just to confuse the crap out of me.\n\nvoid ima_iint_delete(struct inode *inode)\n\nand then things actually call ima_inode_free() and nothing calls\nima_iint_delete().\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" } ], "next": "e0d5bd2aec4e69e720ee86958503923cafb45be5" }