From 634c21bb9867e06221ee1527c5e157e01cd7712c Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Fri, 20 Nov 2020 12:32:20 -0600 Subject: security: keys: Fix fall-through warnings for Clang In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen Reviewed-by: Ben Boeckel --- security/keys/process_keys.c | 1 + 1 file changed, 1 insertion(+) (limited to 'security') diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 1fe8b934f656..e3d79a7b6db6 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -783,6 +783,7 @@ try_again: if (need_perm != KEY_AUTHTOKEN_OVERRIDE && need_perm != KEY_DEFER_PERM_CHECK) goto invalid_key; + break; case 0: break; } -- cgit From 796e46f9e2cb2d823578044598ee8fe77f86e3f7 Mon Sep 17 00:00:00 2001 From: Jann Horn Date: Tue, 24 Nov 2020 00:54:00 +0100 Subject: keys: Remove outdated __user annotations When the semantics of the ->read() handlers were changed such that "buffer" is a kernel pointer, some __user annotations survived. Since they're wrong now, get rid of them. Fixes: d3ec10aa9581 ("KEYS: Don't write out to userspace while holding key semaphore") Signed-off-by: Jann Horn Signed-off-by: David Howells Reviewed-by: Ben Boeckel --- security/keys/keyring.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 14abfe765b7e..977066208387 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -452,7 +452,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m) struct keyring_read_iterator_context { size_t buflen; size_t count; - key_serial_t __user *buffer; + key_serial_t *buffer; }; static int keyring_read_iterator(const void *object, void *data) @@ -479,7 +479,7 @@ static int keyring_read_iterator(const void *object, void *data) * times. */ static long keyring_read(const struct key *keyring, - char __user *buffer, size_t buflen) + char *buffer, size_t buflen) { struct keyring_read_iterator_context ctx; long ret; @@ -491,7 +491,7 @@ static long keyring_read(const struct key *keyring, /* Copy as many key IDs as fit into the buffer */ if (buffer && buflen) { - ctx.buffer = (key_serial_t __user *)buffer; + ctx.buffer = (key_serial_t *)buffer; ctx.buflen = buflen; ctx.count = 0; ret = assoc_array_iterate(&keyring->keys, -- cgit From 8fe62e0c0e2efa5437f3ee81b65d69e70a45ecd2 Mon Sep 17 00:00:00 2001 From: Gabriel Krisman Bertazi Date: Tue, 24 Nov 2020 15:28:02 -0500 Subject: watch_queue: Drop references to /dev/watch_queue The merged API doesn't use a watch_queue device, but instead relies on pipes, so let the documentation reflect that. Fixes: f7e47677e39a ("watch_queue: Add a key/keyring notification facility") Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: David Howells Acked-by: Jarkko Sakkinen Reviewed-by: Ben Boeckel --- security/keys/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'security') diff --git a/security/keys/Kconfig b/security/keys/Kconfig index 83bc23409164..c161642a8484 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -119,7 +119,7 @@ config KEY_NOTIFICATIONS bool "Provide key/keyring change notifications" depends on KEYS && WATCH_QUEUE help - This option provides support for getting change notifications on keys - and keyrings on which the caller has View permission. This makes use - of the /dev/watch_queue misc device to handle the notification - buffer and provides KEYCTL_WATCH_KEY to enable/disable watches. + This option provides support for getting change notifications + on keys and keyrings on which the caller has View permission. + This makes use of pipes to handle the notification buffer and + provides KEYCTL_WATCH_KEY to enable/disable watches. -- cgit From 272a121940a286d7abaf7ac3ec5a37c5dbfa7b89 Mon Sep 17 00:00:00 2001 From: Denis Efremov Date: Thu, 27 Aug 2020 10:29:23 +0300 Subject: security/keys: use kvfree_sensitive() Use kvfree_sensitive() instead of open-coding it. Signed-off-by: Denis Efremov Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen Reviewed-by: Ben Boeckel --- security/keys/big_key.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'security') diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 691347dea3c1..d17e5f09eeb8 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -121,8 +121,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) *path = file->f_path; path_get(path); fput(file); - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); } else { /* Just store the data in a buffer */ void *data = kmalloc(datalen, GFP_KERNEL); @@ -140,8 +139,7 @@ err_fput: err_enckey: kfree_sensitive(enckey); error: - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); return ret; } @@ -273,8 +271,7 @@ long big_key_read(const struct key *key, char *buffer, size_t buflen) err_fput: fput(file); error: - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); } else { ret = datalen; memcpy(buffer, key->payload.data[big_key_data], datalen); -- cgit From 328c95db01df9d8875f77e49ee4322e60e1337cd Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Fri, 7 Aug 2020 09:51:23 -0700 Subject: security: keys: delete repeated words in comments Drop repeated words in comments. {to, will, the} Signed-off-by: Randy Dunlap Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen Reviewed-by: Ben Boeckel Cc: keyrings@vger.kernel.org Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org --- security/keys/keyctl.c | 2 +- security/keys/keyring.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 61a614c21b9b..96a92a645216 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -506,7 +506,7 @@ error: * keyring, otherwise replace the link to the matching key with a link to the * new key. * - * The key must grant the caller Link permission and the the keyring must grant + * The key must grant the caller Link permission and the keyring must grant * the caller Write permission. Furthermore, if an additional link is created, * the keyring's quota will be extended. * diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 977066208387..5e6a90760753 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -881,7 +881,7 @@ found: * * Keys are matched to the type provided and are then filtered by the match * function, which is given the description to use in any way it sees fit. The - * match function may use any attributes of a key that it wishes to to + * match function may use any attributes of a key that it wishes to * determine the match. Normally the match function from the key type would be * used. * @@ -1204,7 +1204,7 @@ static int keyring_detect_cycle_iterator(const void *object, } /* - * See if a cycle will will be created by inserting acyclic tree B in acyclic + * See if a cycle will be created by inserting acyclic tree B in acyclic * tree A at the topmost level (ie: as a direct child of A). * * Since we are adding B to A at the top level, checking for cycles should just -- cgit From c224926edfc2f774df6aefa865e31a0a00e24dde Mon Sep 17 00:00:00 2001 From: Tom Rix Date: Wed, 22 Jul 2020 06:46:10 -0700 Subject: KEYS: remove redundant memset Reviewing use of memset in keyctl_pkey.c keyctl_pkey_params_get prologue code to set params up memset(params, 0, sizeof(*params)); params->encoding = "raw"; keyctl_pkey_query has the same prologue and calls keyctl_pkey_params_get. So remove the prologue. Signed-off-by: Tom Rix Signed-off-by: David Howells Reviewed-by: Ben Boeckel --- security/keys/keyctl_pkey.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'security') diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 931d8dfb4a7f..5de0d599a274 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -166,8 +166,6 @@ long keyctl_pkey_query(key_serial_t id, struct kernel_pkey_query res; long ret; - memset(¶ms, 0, sizeof(params)); - ret = keyctl_pkey_params_get(id, _info, ¶ms); if (ret < 0) goto error; -- cgit From 4993e1f9479a4161fd7d93e2b8b30b438f00cb0f Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 20 Nov 2020 19:04:23 +0100 Subject: certs: Fix blacklist flag type confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(), as these only take KEY_ALLOC_* flags. KEY_FLAG_KEEP has the same value as KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update() uses it. LSMs using the key_alloc hook don't check that flag. KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot write to the blacklist keyring, so it is not possible to remove a key/hash from it. Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set KEY_FLAG_KEEP on the new key. blacklist_init() can then, correctly, pass this to keyring_alloc(). We can also use this in ima_mok_init() rather than setting the flag manually. Note that this doesn't fix an observable bug with the current implementation but it is required to allow addition of new hashes to the blacklist in the future without making it possible for them to be removed. Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring") Reported-by: Mickaël Salaün Signed-off-by: David Howells cc: Mickaël Salaün cc: Mimi Zohar Cc: David Woodhouse --- security/integrity/ima/ima_mok.c | 5 ++--- security/keys/key.c | 2 ++ 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c index 36cadadbfba4..1e5c01916173 100644 --- a/security/integrity/ima/ima_mok.c +++ b/security/integrity/ima/ima_mok.c @@ -38,13 +38,12 @@ __init int ima_mok_init(void) (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE | KEY_USR_SEARCH, - KEY_ALLOC_NOT_IN_QUOTA, + KEY_ALLOC_NOT_IN_QUOTA | + KEY_ALLOC_SET_KEEP, restriction, NULL); if (IS_ERR(ima_blacklist_keyring)) panic("Can't allocate IMA blacklist keyring."); - - set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags); return 0; } device_initcall(ima_mok_init); diff --git a/security/keys/key.c b/security/keys/key.c index ebe752b137aa..c45afdd1dfbb 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -303,6 +303,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, key->flags |= 1 << KEY_FLAG_BUILTIN; if (flags & KEY_ALLOC_UID_KEYRING) key->flags |= 1 << KEY_FLAG_UID_KEYRING; + if (flags & KEY_ALLOC_SET_KEEP) + key->flags |= 1 << KEY_FLAG_KEEP; #ifdef KEY_DEBUGGING key->magic = KEY_DEBUG_MAGIC; -- cgit