Linux kernel source tree https://git.amat.us/linux/atom/security/keys?h=v3.3 2012-01-23T16:59:49Z 2012-01-23T16:59:49Z Linus Torvalds torvalds@linux-foundation.org 2012-01-23T16:59:49Z urn:sha1:7908b3ef6809e49c77d914342dfaa4b946476d7a * git://git.samba.org/sfrench/cifs-2.6: CIFS: Rename *UCS* functions to *UTF16* [CIFS] ACL and FSCACHE support no longer EXPERIMENTAL [CIFS] Fix build break with multiuser patch when LANMAN disabled cifs: warn about impending deprecation of legacy MultiuserMount code cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts cifs: sanitize username handling keys: add a "logon" key type cifs: lower default wsize when unix extensions are not used cifs: better instrumentation for coalesce_t2 cifs: integer overflow in parse_dacl() cifs: Fix sparse warning when calling cifs_strtoUCS CIFS: Add descriptions to the brlock cache functions 2012-01-19T05:16:29Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-18T10:03:14Z urn:sha1:f6b24579d099ebb67f39cd7924a72a7eec0ce6ae Replace the rcu_assign_pointer() calls with rcu_assign_keypointer(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-18T04:39:40Z Jeff Layton jlayton@redhat.com 2012-01-17T21:09:11Z urn:sha1:9f6ed2ca257fa8650b876377833e6f14e272848b For CIFS, we want to be able to store NTLM credentials (aka username and password) in the keyring. We do not, however want to allow users to fetch those keys back out of the keyring since that would be a security risk. Unfortunately, due to the nuances of key permission bits, it's not possible to do this. We need to grant search permissions so the kernel can find these keys, but that also implies permissions to read the payload. Resolve this by adding a new key_type. This key type is essentially the same as key_type_user, but does not define a .read op. This prevents the payload from ever being visible from userspace. This key type also vets the description to ensure that it's "qualified" by checking to ensure that it has a ':' in it that is preceded by other characters. Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> 2012-01-17T23:41:30Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-17T20:40:02Z urn:sha1:6ac6172a935d1faf7ef259802267657bc0007a62 Enabling CONFIG_PROVE_RCU and CONFIG_SPARSE_RCU_POINTER resulted in "suspicious rcu_dereference_check() usage!" and "incompatible types in comparison expression (different address spaces)" messages. Access the masterkey directly when holding the rwsem. Changelog v1: - Use either rcu_read_lock()/rcu_derefence_key()/rcu_read_unlock() or remove the unnecessary rcu_derefence() - David Howells Reported-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17T23:41:29Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-17T20:39:51Z urn:sha1:ee0b31a25a010116f44fca6c96f4516d417793dd Define rcu_assign_keypointer(), which uses the key payload.rcudata instead of payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message: "incompatible types in comparison expression (different address spaces)" Replace the rcu_assign_pointer() calls in encrypted/trusted keys with rcu_assign_keypointer(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17T23:41:27Z David Howells dhowells@redhat.com 2012-01-17T20:39:40Z urn:sha1:efde8b6e16f11e7d1681c68d86c7fd51053cada7 Add missing smp_rmb() primitives to the keyring search code. When keyring payloads are appended to without replacement (thus using up spare slots in the key pointer array), an smp_wmb() is issued between the pointer assignment and the increment of the key count (nkeys). There should be corresponding read barriers between the read of nkeys and dereferences of keys[n] when n is dependent on the value of nkeys. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-09T01:16:48Z James Morris jmorris@namei.org 2012-01-09T01:16:48Z urn:sha1:8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8 Conflicts: security/integrity/evm/evm_crypto.c Resolved upstream fix vs. next conflict manually. Signed-off-by: James Morris <jmorris@namei.org> 2011-11-16T22:35:32Z David Howells dhowells@redhat.com 2011-11-16T11:15:54Z urn:sha1:7845bc3964756240863ae453ffe4f7ee27ddc954 Give keys their own lockdep class to differentiate them from each other in case a key of one type has to refer to a key of another type. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2011-11-16T19:23:14Z Mimi Zohar zohar@linux.vnet.ibm.com 2011-10-16T23:17:48Z urn:sha1:9c69898783a0121399ec078d40d4ccc00e3cb0df Encrypted keys are encrypted/decrypted using either a trusted or user-defined key type, which is referred to as the 'master' key. The master key may be of type trusted iff the trusted key is builtin or both the trusted key and encrypted keys are built as modules. This patch resolves the build dependency problem. - Use "masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS)" construct to encapsulate the above logic. (Suggested by Dimtry Kasatkin.) - Fixing the encrypted-keys Makefile, results in a module name change from encrypted.ko to encrypted-keys.ko. - Add module dependency for request_trusted_key() definition Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2011-11-16T19:23:13Z Mimi Zohar zohar@linux.vnet.ibm.com 2011-10-24T12:17:42Z urn:sha1:f4a0d5abef14562c37dee5a1d49180f494106230 Fix request_master_key() error return code. Signed-off-by: Mimi Zohar <zohar@us.ibm.com>