Add patch set to fix MMC on AM33xx, Add basic support for BeagleBone Black

This commit is contained in:
Peter Robinson 2013-09-04 02:45:18 +01:00
commit 82dce80b93
16 changed files with 9760 additions and 317 deletions

200
arm-highbank-for-3.12.patch Normal file
View File

@ -0,0 +1,200 @@
diff --git a/arch/arm/include/asm/mach/arch.h b/arch/arm/include/asm/mach/arch.h
index 441efc4..d91b168 100644
--- a/arch/arm/include/asm/mach/arch.h
+++ b/arch/arm/include/asm/mach/arch.h
@@ -35,7 +35,7 @@ struct machine_desc {
unsigned int nr_irqs; /* number of IRQs */
#ifdef CONFIG_ZONE_DMA
- unsigned long dma_zone_size; /* size of DMA-able area */
+ phys_addr_t dma_zone_size; /* size of DMA-able area */
#endif
unsigned int video_start; /* start of video RAM */
diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h
index 12f71a1..f94784f 100644
--- a/arch/arm/include/asm/outercache.h
+++ b/arch/arm/include/asm/outercache.h
@@ -37,10 +37,10 @@ struct outer_cache_fns {
void (*resume)(void);
};
-#ifdef CONFIG_OUTER_CACHE
-
extern struct outer_cache_fns outer_cache;
+#ifdef CONFIG_OUTER_CACHE
+
static inline void outer_inv_range(phys_addr_t start, phys_addr_t end)
{
if (outer_cache.inv_range)
diff --git a/arch/arm/mach-highbank/Kconfig b/arch/arm/mach-highbank/Kconfig
index cd9fcb1..b9dd13a 100644
--- a/arch/arm/mach-highbank/Kconfig
+++ b/arch/arm/mach-highbank/Kconfig
@@ -1,9 +1,14 @@
config ARCH_HIGHBANK
bool "Calxeda ECX-1000/2000 (Highbank/Midway)" if ARCH_MULTI_V7
+ select ARCH_DMA_ADDR_T_64BIT if ARM_LPAE
select ARCH_HAS_CPUFREQ
+ select ARCH_HAS_HOLES_MEMORYMODEL
select ARCH_HAS_OPP
select ARCH_WANT_OPTIONAL_GPIOLIB
select ARM_AMBA
+ select ARM_ERRATA_764369
+ select ARM_ERRATA_775420
+ select ARM_ERRATA_798181
select ARM_GIC
select ARM_TIMER_SP804
select CACHE_L2X0
@@ -18,3 +23,4 @@ config ARCH_HIGHBANK
select PL320_MBOX
select SPARSE_IRQ
select USE_OF
+ select ZONE_DMA if ARM_LPAE
diff --git a/arch/arm/mach-highbank/highbank.c b/arch/arm/mach-highbank/highbank.c
index 8881579..8e63ccd 100644
--- a/arch/arm/mach-highbank/highbank.c
+++ b/arch/arm/mach-highbank/highbank.c
@@ -18,14 +18,11 @@
#include <linux/clocksource.h>
#include <linux/dma-mapping.h>
#include <linux/io.h>
-#include <linux/irq.h>
#include <linux/irqchip.h>
-#include <linux/irqdomain.h>
#include <linux/of.h>
#include <linux/of_irq.h>
#include <linux/of_platform.h>
#include <linux/of_address.h>
-#include <linux/smp.h>
#include <linux/amba/bus.h>
#include <linux/clk-provider.h>
@@ -35,7 +32,6 @@
#include <asm/hardware/cache-l2x0.h>
#include <asm/mach/arch.h>
#include <asm/mach/map.h>
-#include <asm/mach/time.h>
#include "core.h"
#include "sysregs.h"
@@ -65,13 +61,11 @@ void highbank_set_cpu_jump(int cpu, void *jump_addr)
HB_JUMP_TABLE_PHYS(cpu) + 15);
}
-#ifdef CONFIG_CACHE_L2X0
static void highbank_l2x0_disable(void)
{
/* Disable PL310 L2 Cache controller */
highbank_smc1(0x102, 0x0);
}
-#endif
static void __init highbank_init_irq(void)
{
@@ -80,12 +74,13 @@ static void __init highbank_init_irq(void)
if (of_find_compatible_node(NULL, NULL, "arm,cortex-a9"))
highbank_scu_map_io();
-#ifdef CONFIG_CACHE_L2X0
/* Enable PL310 L2 Cache controller */
- highbank_smc1(0x102, 0x1);
- l2x0_of_init(0, ~0UL);
- outer_cache.disable = highbank_l2x0_disable;
-#endif
+ if (IS_ENABLED(CONFIG_CACHE_L2X0) &&
+ of_find_compatible_node(NULL, NULL, "arm,pl310-cache")) {
+ highbank_smc1(0x102, 0x1);
+ l2x0_of_init(0, ~0UL);
+ outer_cache.disable = highbank_l2x0_disable;
+ }
}
static void __init highbank_timer_init(void)
@@ -176,6 +171,9 @@ static const char *highbank_match[] __initconst = {
};
DT_MACHINE_START(HIGHBANK, "Highbank")
+#if defined(CONFIG_ZONE_DMA) && defined(CONFIG_ARM_LPAE)
+ .dma_zone_size = (4ULL * SZ_1G),
+#endif
.smp = smp_ops(highbank_smp_ops),
.init_irq = highbank_init_irq,
.init_time = highbank_timer_init,
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index 15225d8..c0bb66e 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -207,7 +207,7 @@ static void __init arm_bootmem_init(unsigned long start_pfn,
#ifdef CONFIG_ZONE_DMA
-unsigned long arm_dma_zone_size __read_mostly;
+phys_addr_t arm_dma_zone_size __read_mostly;
EXPORT_SYMBOL(arm_dma_zone_size);
/*
diff --git a/drivers/dma/amba-pl08x.c b/drivers/dma/amba-pl08x.c
index 06fe45c..bff41d4 100644
--- a/drivers/dma/amba-pl08x.c
+++ b/drivers/dma/amba-pl08x.c
@@ -133,6 +133,8 @@ struct pl08x_bus_data {
u8 buswidth;
};
+#define IS_BUS_ALIGNED(bus) IS_ALIGNED((bus)->addr, (bus)->buswidth)
+
/**
* struct pl08x_phy_chan - holder for the physical channels
* @id: physical index to this channel
@@ -845,10 +847,13 @@ static int pl08x_fill_llis_for_desc(struct pl08x_driver_data *pl08x,
pl08x_choose_master_bus(&bd, &mbus, &sbus, cctl);
- dev_vdbg(&pl08x->adev->dev, "src=0x%08x%s/%u dst=0x%08x%s/%u len=%zu\n",
- bd.srcbus.addr, cctl & PL080_CONTROL_SRC_INCR ? "+" : "",
+ dev_vdbg(&pl08x->adev->dev,
+ "src=0x%08llx%s/%u dst=0x%08llx%s/%u len=%zu\n",
+ (u64)bd.srcbus.addr,
+ cctl & PL080_CONTROL_SRC_INCR ? "+" : "",
bd.srcbus.buswidth,
- bd.dstbus.addr, cctl & PL080_CONTROL_DST_INCR ? "+" : "",
+ (u64)bd.dstbus.addr,
+ cctl & PL080_CONTROL_DST_INCR ? "+" : "",
bd.dstbus.buswidth,
bd.remainder);
dev_vdbg(&pl08x->adev->dev, "mbus=%s sbus=%s\n",
@@ -886,8 +891,8 @@ static int pl08x_fill_llis_for_desc(struct pl08x_driver_data *pl08x,
return 0;
}
- if ((bd.srcbus.addr % bd.srcbus.buswidth) ||
- (bd.dstbus.addr % bd.dstbus.buswidth)) {
+ if (!IS_BUS_ALIGNED(&bd.srcbus) ||
+ !IS_BUS_ALIGNED(&bd.dstbus)) {
dev_err(&pl08x->adev->dev,
"%s src & dst address must be aligned to src"
" & dst width if peripheral is flow controller",
@@ -908,9 +913,9 @@ static int pl08x_fill_llis_for_desc(struct pl08x_driver_data *pl08x,
*/
if (bd.remainder < mbus->buswidth)
early_bytes = bd.remainder;
- else if ((mbus->addr) % (mbus->buswidth)) {
- early_bytes = mbus->buswidth - (mbus->addr) %
- (mbus->buswidth);
+ else if (!IS_BUS_ALIGNED(mbus)) {
+ early_bytes = mbus->buswidth -
+ (mbus->addr & (mbus->buswidth - 1));
if ((bd.remainder - early_bytes) < mbus->buswidth)
early_bytes = bd.remainder;
}
@@ -928,7 +933,7 @@ static int pl08x_fill_llis_for_desc(struct pl08x_driver_data *pl08x,
* Master now aligned
* - if slave is not then we must set its width down
*/
- if (sbus->addr % sbus->buswidth) {
+ if (!IS_BUS_ALIGNED(sbus)) {
dev_dbg(&pl08x->adev->dev,
"%s set down bus width to one byte\n",
__func__);

View File

@ -82,3 +82,5 @@ CONFIG_VM_EVENT_COUNTERS=y
# weird include chain resulting in missing u64 type # weird include chain resulting in missing u64 type
# CONFIG_USB_SPEEDTOUCH is not set # CONFIG_USB_SPEEDTOUCH is not set
# dma issues in headers # dma issues in headers
# CONFIG_PARPORT_PC is not set
# CONFIG_VGA_CONSOLE is not set

View File

@ -201,6 +201,7 @@ CONFIG_SPI_DAVINCI=m
CONFIG_SPI_OMAP24XX=m CONFIG_SPI_OMAP24XX=m
CONFIG_MFD_TI_SSP=m CONFIG_MFD_TI_SSP=m
CONFIG_SPI_TI_SSP=m CONFIG_SPI_TI_SSP=m
CONFIG_SPI_TI_QSPI=m
CONFIG_INPUT_TWL4030_PWRBUTTON=m CONFIG_INPUT_TWL4030_PWRBUTTON=m
CONFIG_INPUT_TWL4030_VIBRA=m CONFIG_INPUT_TWL4030_VIBRA=m
@ -567,6 +568,7 @@ CONFIG_REGULATOR_FAN53555=m
# CONFIG_REGULATOR_DUMMY is not set # CONFIG_REGULATOR_DUMMY is not set
# CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set # CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set
# CONFIG_REGULATOR_USERSPACE_CONSUMER is not set # CONFIG_REGULATOR_USERSPACE_CONSUMER is not set
# CONFIG_REGULATOR_88PM800 is not set
CONFIG_REGULATOR_AD5398=m CONFIG_REGULATOR_AD5398=m
CONFIG_REGULATOR_ISL6271A=m CONFIG_REGULATOR_ISL6271A=m
CONFIG_REGULATOR_MAX1586=m CONFIG_REGULATOR_MAX1586=m

View File

@ -320,6 +320,10 @@ CONFIG_REGULATOR_TPS65023=m
CONFIG_REGULATOR_TPS6507X=m CONFIG_REGULATOR_TPS6507X=m
CONFIG_REGULATOR_TPS6524X=m CONFIG_REGULATOR_TPS6524X=m
CONFIG_REGULATOR_TPS65912=m CONFIG_REGULATOR_TPS65912=m
CONFIG_REGULATOR_DA9210=m
CONFIG_REGULATOR_LP872X=m
CONFIG_REGULATOR_PFUZE100=m
CONFIG_SENSORS_AD7314=m CONFIG_SENSORS_AD7314=m
CONFIG_SENSORS_ADCXX=m CONFIG_SENSORS_ADCXX=m
@ -434,6 +438,7 @@ CONFIG_BPF_JIT=y
# CONFIG_COMMON_CLK_AXI_CLKGEN is not set # CONFIG_COMMON_CLK_AXI_CLKGEN is not set
# CONFIG_SPI_TOPCLIFF_PCH is not set # CONFIG_SPI_TOPCLIFF_PCH is not set
# CONFIG_SPI_PXA2XX is not set # CONFIG_SPI_PXA2XX is not set
# CONFIG_SPI_FSL_DSPI is not set
# these modules all fail with missing __bad_udelay # these modules all fail with missing __bad_udelay
# http://www.spinics.net/lists/arm/msg15615.html provides some background # http://www.spinics.net/lists/arm/msg15615.html provides some background

View File

@ -135,3 +135,5 @@ CONFIG_S3C_LOWLEVEL_UART_PORT=1
# CONFIG_S3C2410_WATCHDOG is not set # CONFIG_S3C2410_WATCHDOG is not set
# CONFIG_MMC_SDHCI_S3C is not set # CONFIG_MMC_SDHCI_S3C is not set
# CONFIG_TEGRA_HOST1X is not set # CONFIG_TEGRA_HOST1X is not set
CONFIG_SPI_DAVINCI=m

View File

@ -1593,13 +1593,13 @@ CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y CONFIG_B43_BCMA=y
# CONFIG_B43_BCMA_EXTRA is not set # CONFIG_B43_BCMA_EXTRA is not set
CONFIG_B43_BCMA_PIO=y CONFIG_B43_BCMA_PIO=y
# CONFIG_B43_DEBUG is not set CONFIG_B43_DEBUG=y
CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y CONFIG_B43_PHY_HT=y
# CONFIG_B43_FORCE_PIO is not set # CONFIG_B43_FORCE_PIO is not set
CONFIG_B43LEGACY=m CONFIG_B43LEGACY=m
# CONFIG_B43LEGACY_DEBUG is not set CONFIG_B43LEGACY_DEBUG=y
CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@ -2341,6 +2341,7 @@ CONFIG_SENSORS_GL518SM=m
CONFIG_SENSORS_GL520SM=m CONFIG_SENSORS_GL520SM=m
CONFIG_SENSORS_HDAPS=m CONFIG_SENSORS_HDAPS=m
# CONFIG_SENSORS_HIH6130 is not set # CONFIG_SENSORS_HIH6130 is not set
# CONFIG_SENSORS_HTU21 is not set
# CONFIG_SENSORS_I5K_AMB is not set # CONFIG_SENSORS_I5K_AMB is not set
# FIXME: IBMAEM x86 only? # FIXME: IBMAEM x86 only?
CONFIG_SENSORS_IBMAEM=m CONFIG_SENSORS_IBMAEM=m
@ -3267,7 +3268,7 @@ CONFIG_USB_STORAGE_REALTEK=m
CONFIG_REALTEK_AUTOPM=y CONFIG_REALTEK_AUTOPM=y
CONFIG_USB_STORAGE_ENE_UB6250=m CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_LIBUSUAL is not set # CONFIG_USB_LIBUSUAL is not set
# CONFIG_USB_UAS is not set CONFIG_USB_UAS=m
# #
@ -4203,6 +4204,8 @@ CONFIG_ZLIB_DEFLATE=m
CONFIG_INITRAMFS_SOURCE="" CONFIG_INITRAMFS_SOURCE=""
CONFIG_KEYS=y CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=m
CONFIG_TRUSTED_KEYS=m CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m
CONFIG_KEYS_DEBUG_PROC_KEYS=y CONFIG_KEYS_DEBUG_PROC_KEYS=y
@ -4294,7 +4297,7 @@ CONFIG_PM_STD_PARTITION=""
CONFIG_PM_DEBUG=y CONFIG_PM_DEBUG=y
CONFIG_PM_TRACE=y CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y CONFIG_PM_TRACE_RTC=y
# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_TEST_SUSPEND=y
CONFIG_PM_RUNTIME=y CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set # CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set # CONFIG_PM_AUTOSLEEP is not set

View File

@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y
# CONFIG_DEBUG_ATOMIC_SLEEP is not set CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_MUTEXES is not set CONFIG_DEBUG_MUTEXES=y
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y
# CONFIG_DEBUG_RT_MUTEXES is not set CONFIG_DEBUG_RT_MUTEXES=y
# CONFIG_DEBUG_LOCK_ALLOC is not set CONFIG_DEBUG_LOCK_ALLOC=y
# CONFIG_PROVE_LOCKING is not set CONFIG_PROVE_LOCKING=y
# CONFIG_DEBUG_SPINLOCK is not set CONFIG_DEBUG_SPINLOCK=y
# CONFIG_PROVE_RCU is not set CONFIG_PROVE_RCU=y
# CONFIG_PROVE_RCU_REPEATEDLY is not set # CONFIG_PROVE_RCU_REPEATEDLY is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_DEBUG_PER_CPU_MAPS=y
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
# CONFIG_FAULT_INJECTION is not set CONFIG_FAULT_INJECTION=y
# CONFIG_FAILSLAB is not set CONFIG_FAILSLAB=y
# CONFIG_FAIL_PAGE_ALLOC is not set CONFIG_FAIL_PAGE_ALLOC=y
# CONFIG_FAIL_MAKE_REQUEST is not set CONFIG_FAIL_MAKE_REQUEST=y
# CONFIG_FAULT_INJECTION_DEBUG_FS is not set CONFIG_FAULT_INJECTION_DEBUG_FS=y
# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
# CONFIG_FAIL_IO_TIMEOUT is not set CONFIG_FAIL_IO_TIMEOUT=y
# CONFIG_FAIL_MMC_REQUEST is not set CONFIG_FAIL_MMC_REQUEST=y
# CONFIG_SLUB_DEBUG_ON is not set CONFIG_SLUB_DEBUG_ON=y
# CONFIG_LOCK_STAT is not set CONFIG_LOCK_STAT=y
# CONFIG_DEBUG_STACK_USAGE is not set CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set # CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
# CONFIG_DEBUG_SG is not set CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_WRITECOUNT is not set CONFIG_DEBUG_WRITECOUNT=y
# CONFIG_DEBUG_OBJECTS is not set CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set # CONFIG_DEBUG_OBJECTS_SELFTEST is not set
# CONFIG_DEBUG_OBJECTS_FREE is not set CONFIG_DEBUG_OBJECTS_FREE=y
# CONFIG_DEBUG_OBJECTS_TIMERS is not set CONFIG_DEBUG_OBJECTS_TIMERS=y
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_X86_PTDUMP is not set CONFIG_X86_PTDUMP=y
# CONFIG_CAN_DEBUG_DEVICES is not set CONFIG_CAN_DEBUG_DEVICES=y
# CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODULE_FORCE_UNLOAD=y
# CONFIG_SYSCTL_SYSCALL_CHECK is not set CONFIG_SYSCTL_SYSCALL_CHECK=y
# CONFIG_DEBUG_NOTIFIERS is not set CONFIG_DEBUG_NOTIFIERS=y
# CONFIG_DMA_API_DEBUG is not set CONFIG_DMA_API_DEBUG=y
# CONFIG_MMIOTRACE is not set CONFIG_MMIOTRACE=y
# CONFIG_DEBUG_CREDENTIALS is not set CONFIG_DEBUG_CREDENTIALS=y
# off in both production debug and nodebug builds, # off in both production debug and nodebug builds,
# on in rawhide nodebug builds # on in rawhide nodebug builds
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
# CONFIG_EXT4_DEBUG is not set CONFIG_EXT4_DEBUG=y
# CONFIG_XFS_WARN is not set # CONFIG_XFS_WARN is not set
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_DEBUG_PERF_USE_VMALLOC=y
# CONFIG_JBD2_DEBUG is not set CONFIG_JBD2_DEBUG=y
# CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_NFSD_FAULT_INJECTION=y
# CONFIG_DEBUG_BLK_CGROUP is not set CONFIG_DEBUG_BLK_CGROUP=y
# CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_DRBD_FAULT_INJECTION=y
# CONFIG_ATH_DEBUG is not set CONFIG_ATH_DEBUG=y
# CONFIG_CARL9170_DEBUGFS is not set CONFIG_CARL9170_DEBUGFS=y
# CONFIG_IWLWIFI_DEVICE_TRACING is not set CONFIG_IWLWIFI_DEVICE_TRACING=y
# CONFIG_RTLWIFI_DEBUG is not set # CONFIG_RTLWIFI_DEBUG is not set
# CONFIG_DEBUG_OBJECTS_WORK is not set CONFIG_DEBUG_OBJECTS_WORK=y
# CONFIG_DMADEVICES_DEBUG is not set CONFIG_DMADEVICES_DEBUG=y
# CONFIG_DMADEVICES_VDEBUG is not set CONFIG_DMADEVICES_VDEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set CONFIG_CEPH_LIB_PRETTYDEBUG=y
# CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_DEBUG=y
CONFIG_PCI_DEFAULT_USE_CRS=y CONFIG_PCI_DEFAULT_USE_CRS=y
@ -103,17 +103,17 @@ CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
# CONFIG_TEST_LIST_SORT is not set CONFIG_TEST_LIST_SORT=y
# CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_DETECT_HUNG_TASK is not set CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
# CONFIG_DEBUG_KMEMLEAK is not set CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set # CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@ -124,7 +124,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
# CONFIG_SPI_DEBUG is not set # CONFIG_SPI_DEBUG is not set
# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
# CONFIG_SCHEDSTATS is not set # CONFIG_SCHEDSTATS is not set
# CONFIG_LATENCYTOP is not set # CONFIG_LATENCYTOP is not set

View File

@ -320,7 +320,7 @@ CONFIG_SP5100_TCO=m
# CONFIG_MEMTEST is not set # CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_MAXSMP is not set CONFIG_MAXSMP=y
CONFIG_HP_ILO=m CONFIG_HP_ILO=m
@ -441,12 +441,13 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_XZ_DEC_X86=y CONFIG_XZ_DEC_X86=y
CONFIG_MPILIB=y CONFIG_MPILIB=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA1 is not set
CONFIG_MODULE_SIG_SHA256=y CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_FORCE is not set # CONFIG_MODULE_SIG_FORCE is not set
CONFIG_MODULE_SIG_BLACKLIST=y
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y CONFIG_EFI_SIGNATURE_LIST_PARSER=y

View File

@ -6,7 +6,7 @@ Summary: The Linux kernel
# For a stable, released kernel, released_kernel should be 1. For rawhide # For a stable, released kernel, released_kernel should be 1. For rawhide
# and/or a kernel built from an rc or git snapshot, released_kernel should # and/or a kernel built from an rc or git snapshot, released_kernel should
# be 0. # be 0.
%global released_kernel 1 %global released_kernel 0
# Sign modules on x86. Make sure the config files match this setting if more # Sign modules on x86. Make sure the config files match this setting if more
# architectures are added. # architectures are added.
@ -95,7 +95,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%define rcrev 0 %define rcrev 0
# The git snapshot level # The git snapshot level
%define gitrev 0 %define gitrev 1
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0 %define rpmversion 3.%{upstream_sublevel}.0
%endif %endif
@ -122,6 +122,8 @@ Summary: The Linux kernel
%define with_doc %{?_without_doc: 0} %{?!_without_doc: 1} %define with_doc %{?_without_doc: 0} %{?!_without_doc: 1}
# kernel-headers # kernel-headers
%define with_headers %{?_without_headers: 0} %{?!_without_headers: 1} %define with_headers %{?_without_headers: 0} %{?!_without_headers: 1}
# kernel-modules-extra
%define with_extra %{?_without_extra: 0} %{?!_without_extra: 1}
# perf # perf
%define with_perf %{?_without_perf: 0} %{?!_without_perf: 1} %define with_perf %{?_without_perf: 0} %{?!_without_perf: 1}
# tools # tools
@ -156,7 +158,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels) # Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels). # and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'. # See also 'make debug' and 'make release'.
%define debugbuildsenabled 1 %define debugbuildsenabled 0
# Want to build a vanilla kernel build without any non-upstream patches? # Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@ -169,7 +171,7 @@ Summary: The Linux kernel
%define doc_build_fail true %define doc_build_fail true
%endif %endif
%define rawhide_skip_docs 0 %define rawhide_skip_docs 1
%if 0%{?rawhide_skip_docs} %if 0%{?rawhide_skip_docs}
%define with_doc 0 %define with_doc 0
%define doc_build_fail true %define doc_build_fail true
@ -646,6 +648,11 @@ Patch800: crash-driver.patch
# crypto/ # crypto/
# keys
Patch900: keys-expand-keyring.patch
Patch901: keys-krb-support.patch
Patch902: keys-x509-improv.patch
# secure boot # secure boot
Patch1000: secure-modules.patch Patch1000: secure-modules.patch
Patch1001: modsign-uefi.patch Patch1001: modsign-uefi.patch
@ -698,6 +705,7 @@ Patch21001: arm-lpae-ax88796.patch
Patch21003: arm-dma-amba_pl08x-avoid-64bit-division.patch Patch21003: arm-dma-amba_pl08x-avoid-64bit-division.patch
Patch21004: arm-sound-soc-samsung-dma-avoid-another-64bit-division.patch Patch21004: arm-sound-soc-samsung-dma-avoid-another-64bit-division.patch
Patch21005: arm-exynos-mp.patch Patch21005: arm-exynos-mp.patch
Patch21006: arm-highbank-for-3.12.patch
# ARM omap # ARM omap
Patch21010: arm-omap-load-tfp410.patch Patch21010: arm-omap-load-tfp410.patch
@ -993,14 +1001,18 @@ Summary: %{variant_summary}\
Group: System Environment/Kernel\ Group: System Environment/Kernel\
%kernel_reqprovconf\ %kernel_reqprovconf\
%{expand:%%kernel_devel_package %1 %{!?-n:%1}%{?-n:%{-n*}}}\ %{expand:%%kernel_devel_package %1 %{!?-n:%1}%{?-n:%{-n*}}}\
%if %{with_extra}\
%{expand:%%kernel_modules_extra_package %1 %{!?-n:%1}%{?-n:%{-n*}}}\ %{expand:%%kernel_modules_extra_package %1 %{!?-n:%1}%{?-n:%{-n*}}}\
%endif\
%{expand:%%kernel_debuginfo_package %1}\ %{expand:%%kernel_debuginfo_package %1}\
%{nil} %{nil}
# First the auxiliary packages of the main kernel package. # First the auxiliary packages of the main kernel package.
%kernel_devel_package %kernel_devel_package
%if %{with_extra}
%kernel_modules_extra_package %kernel_modules_extra_package
%endif
%kernel_debuginfo_package %kernel_debuginfo_package
@ -1324,9 +1336,10 @@ ApplyPatch debug-bad-pte-modules.patch
# ARM # ARM
# #
ApplyPatch arm-lpae-ax88796.patch ApplyPatch arm-lpae-ax88796.patch
ApplyPatch arm-dma-amba_pl08x-avoid-64bit-division.patch #ApplyPatch arm-dma-amba_pl08x-avoid-64bit-division.patch
ApplyPatch arm-sound-soc-samsung-dma-avoid-another-64bit-division.patch ApplyPatch arm-sound-soc-samsung-dma-avoid-another-64bit-division.patch
ApplyPatch arm-exynos-mp.patch ApplyPatch arm-exynos-mp.patch
ApplyPatch arm-highbank-for-3.12.patch
ApplyPatch arm-omap-load-tfp410.patch ApplyPatch arm-omap-load-tfp410.patch
ApplyPatch arm-tegra-usb-no-reset-linux33.patch ApplyPatch arm-tegra-usb-no-reset-linux33.patch
ApplyPatch arm-wandboard-quad.patch ApplyPatch arm-wandboard-quad.patch
@ -1414,6 +1427,11 @@ ApplyPatch crash-driver.patch
# crypto/ # crypto/
# keys
ApplyPatch keys-expand-keyring.patch
ApplyPatch keys-krb-support.patch
ApplyPatch keys-x509-improv.patch
# secure boot # secure boot
ApplyPatch secure-modules.patch ApplyPatch secure-modules.patch
ApplyPatch modsign-uefi.patch ApplyPatch modsign-uefi.patch
@ -1630,11 +1648,11 @@ BuildKernel() {
%{make} -s ARCH=$Arch V=1 %{?_smp_mflags} $MakeTarget %{?sparse_mflags} %{?kernel_mflags} %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} $MakeTarget %{?sparse_mflags} %{?kernel_mflags}
%{make} -s ARCH=$Arch V=1 %{?_smp_mflags} modules %{?sparse_mflags} || exit 1 %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} modules %{?sparse_mflags} || exit 1
%ifarch %{arm} %ifarch %{arm} aarch64
%{make} -s ARCH=$Arch V=1 dtbs %{make} -s ARCH=$Arch V=1 dtbs
mkdir -p $RPM_BUILD_ROOT/%{image_install_path}/dtb-$KernelVer mkdir -p $RPM_BUILD_ROOT/%{image_install_path}/dtb-$KernelVer
install -m 644 arch/arm/boot/dts/*.dtb $RPM_BUILD_ROOT/boot/dtb-$KernelVer/ install -m 644 arch/$Arch/boot/dts/*.dtb $RPM_BUILD_ROOT/%{image_install_path}/dtb-$KernelVer/
rm -f arch/arm/boot/dts/*.dtb rm -f arch/$Arch/boot/dts/*.dtb
%endif %endif
# Start installing the results # Start installing the results
@ -1791,8 +1809,10 @@ BuildKernel() {
rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep} rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep}
popd popd
%if %{with_extra}
# Call the modules-extra script to move things around # Call the modules-extra script to move things around
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16}
%endif
%if %{signmodules} %if %{signmodules}
# Save the signing keys so we can sign the modules in __modsign_install_post # Save the signing keys so we can sign the modules in __modsign_install_post
@ -2102,7 +2122,9 @@ fi\
# #
%define kernel_variant_post(v:r:) \ %define kernel_variant_post(v:r:) \
%{expand:%%kernel_devel_post %{?-v*}}\ %{expand:%%kernel_devel_post %{?-v*}}\
%if %{with_extra}\
%{expand:%%kernel_modules_extra_post %{?-v*}}\ %{expand:%%kernel_modules_extra_post %{?-v*}}\
%endif\
%{expand:%%kernel_variant_posttrans %{?-v*}}\ %{expand:%%kernel_variant_posttrans %{?-v*}}\
%{expand:%%post %{?-v*}}\ %{expand:%%post %{?-v*}}\
%{-r:\ %{-r:\
@ -2241,7 +2263,7 @@ fi
%defattr(-,root,root)\ %defattr(-,root,root)\
/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:+%{2}}\ /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:+%{2}}\
/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:+%{2}}.hmac \ /%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:+%{2}}.hmac \
%ifarch %{arm}\ %ifarch %{arm} aarch64\
/%{image_install_path}/dtb-%{KVERREL}%{?2:+%{2}} \ /%{image_install_path}/dtb-%{KVERREL}%{?2:+%{2}} \
%endif\ %endif\
%attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:+%{2}}\ %attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:+%{2}}\
@ -2260,7 +2282,9 @@ fi
%{expand:%%files %{?2:%{2}-}devel}\ %{expand:%%files %{?2:%{2}-}devel}\
%defattr(-,root,root)\ %defattr(-,root,root)\
/usr/src/kernels/%{KVERREL}%{?2:+%{2}}\ /usr/src/kernels/%{KVERREL}%{?2:+%{2}}\
%if %{with_extra}\
%{expand:%%files %{?2:%{2}-}modules-extra}\ %{expand:%%files %{?2:%{2}-}modules-extra}\
%endif\
%defattr(-,root,root)\ %defattr(-,root,root)\
/lib/modules/%{KVERREL}%{?2:+%{2}}/extra\ /lib/modules/%{KVERREL}%{?2:+%{2}}/extra\
%if %{with_debuginfo}\ %if %{with_debuginfo}\
@ -2293,10 +2317,31 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Tue Sep 3 2013 Peter Robinson <pbrobinson@fedoraproject.org> * Wed Sep 4 2013 Peter Robinson <pbrobinson@fedoraproject.org>
- Add patch set to fix MMC on AM33xx - Add patch set to fix MMC on AM33xx
- Add support for BeagleBone Black (very basic!) - Add support for BeagleBone Black (very basic!)
* Wed Sep 04 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.12.0-0.rc0.git1.1
- Linux v3.11-351-g1ccfd5e
- Reenable debugging options.
* Tue Sep 03 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.11.0-3
- Add system_keyring patches back in
* Tue Sep 03 2013 Kyle McMartin <kyle@redhat.com>
- Pull in some Calxeda highbank fixes that are destined for 3.12
- Add a %with_extra twiddle to disable building kernel-modules-extra
subpackages.
- Fix dtbs install path to use %install_image_path (not that it's different
at the moment.)
* Tue Sep 03 2013 Josh Boyer <jwboyer@fedoraproject.org>
- Add keyring patches to support krb5 (rhbz 1003043)
* Tue Sep 03 2013 Kyle McMartin <kyle@redhat.com>
- [arm64] disable VGA_CONSOLE and PARPORT_PC
- [arm64] install dtb as on %{arm}
* Tue Sep 03 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.11.0-1 * Tue Sep 03 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.11.0-1
- Linux v3.11 - Linux v3.11
- Disable debugging options. - Disable debugging options.

6834
keys-expand-keyring.patch Normal file

File diff suppressed because it is too large Load Diff

747
keys-krb-support.patch Normal file
View File

@ -0,0 +1,747 @@
From 64160c504842a359801cff17464931fa028ff164 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 30 Aug 2013 15:37:54 +0100
Subject: [PATCH 1/2] KEYS: Implement a big key type that can save to tmpfs
Implement a big key type that can save its contents to tmpfs and thus
swapspace when memory is tight. This is useful for Kerberos ticket caches.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Simo Sorce <simo@redhat.com>
---
include/keys/big_key-type.h | 25 ++++++
include/linux/key.h | 1 +
security/keys/Kconfig | 11 +++
security/keys/Makefile | 1 +
security/keys/big_key.c | 204 ++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 242 insertions(+)
create mode 100644 include/keys/big_key-type.h
create mode 100644 security/keys/big_key.c
diff --git a/include/keys/big_key-type.h b/include/keys/big_key-type.h
new file mode 100644
index 0000000..d69bc8a
--- /dev/null
+++ b/include/keys/big_key-type.h
@@ -0,0 +1,25 @@
+/* Big capacity key type.
+ *
+ * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _KEYS_BIG_KEY_TYPE_H
+#define _KEYS_BIG_KEY_TYPE_H
+
+#include <linux/key-type.h>
+
+extern struct key_type key_type_big_key;
+
+extern int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep);
+extern void big_key_revoke(struct key *key);
+extern void big_key_destroy(struct key *key);
+extern void big_key_describe(const struct key *big_key, struct seq_file *m);
+extern long big_key_read(const struct key *key, char __user *buffer, size_t buflen);
+
+#endif /* _KEYS_BIG_KEY_TYPE_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index 2417f78..010dbb6 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -201,6 +201,7 @@ struct key {
unsigned long value;
void __rcu *rcudata;
void *data;
+ void *data2[2];
} payload;
struct assoc_array keys;
};
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 15e0dfe..b563622 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -20,6 +20,17 @@ config KEYS
If you are unsure as to whether this is required, answer N.
+config BIG_KEYS
+ tristate "Large payload keys"
+ depends on KEYS
+ depends on TMPFS
+ help
+ This option provides support for holding large keys within the kernel
+ (for example Kerberos ticket caches). The data may be stored out to
+ swapspace by tmpfs.
+
+ If you are unsure as to whether this is required, answer N.
+
config TRUSTED_KEYS
tristate "TRUSTED KEYS"
depends on KEYS && TCG_TPM
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 504aaa0..c487c77 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -22,5 +22,6 @@ obj-$(CONFIG_SYSCTL) += sysctl.o
#
# Key types
#
+obj-$(CONFIG_BIG_KEYS) += big_key.o
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
new file mode 100644
index 0000000..5f9defc
--- /dev/null
+++ b/security/keys/big_key.c
@@ -0,0 +1,204 @@
+/* Large capacity key type
+ *
+ * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/seq_file.h>
+#include <linux/file.h>
+#include <linux/shmem_fs.h>
+#include <linux/err.h>
+#include <keys/user-type.h>
+#include <keys/big_key-type.h>
+
+MODULE_LICENSE("GPL");
+
+/*
+ * If the data is under this limit, there's no point creating a shm file to
+ * hold it as the permanently resident metadata for the shmem fs will be at
+ * least as large as the data.
+ */
+#define BIG_KEY_FILE_THRESHOLD (sizeof(struct inode) + sizeof(struct dentry))
+
+/*
+ * big_key defined keys take an arbitrary string as the description and an
+ * arbitrary blob of data as the payload
+ */
+struct key_type key_type_big_key = {
+ .name = "big_key",
+ .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
+ .instantiate = big_key_instantiate,
+ .match = user_match,
+ .revoke = big_key_revoke,
+ .destroy = big_key_destroy,
+ .describe = big_key_describe,
+ .read = big_key_read,
+};
+
+/*
+ * Instantiate a big key
+ */
+int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
+{
+ struct path *path = (struct path *)&key->payload.data2;
+ struct file *file;
+ ssize_t written;
+ size_t datalen = prep->datalen;
+ int ret;
+
+ ret = -EINVAL;
+ if (datalen <= 0 || datalen > 1024 * 1024 || !prep->data)
+ goto error;
+
+ /* Set an arbitrary quota */
+ ret = key_payload_reserve(key, 16);
+ if (ret < 0)
+ goto error;
+
+ key->type_data.x[1] = datalen;
+
+ if (datalen > BIG_KEY_FILE_THRESHOLD) {
+ /* Create a shmem file to store the data in. This will permit the data
+ * to be swapped out if needed.
+ *
+ * TODO: Encrypt the stored data with a temporary key.
+ */
+ file = shmem_file_setup("", datalen, 0);
+ if (IS_ERR(file))
+ goto err_quota;
+
+ written = kernel_write(file, prep->data, prep->datalen, 0);
+ if (written != datalen) {
+ if (written >= 0)
+ ret = -ENOMEM;
+ goto err_fput;
+ }
+
+ /* Pin the mount and dentry to the key so that we can open it again
+ * later
+ */
+ *path = file->f_path;
+ path_get(path);
+ fput(file);
+ } else {
+ /* Just store the data in a buffer */
+ void *data = kmalloc(datalen, GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto err_quota;
+ }
+
+ key->payload.data = memcpy(data, prep->data, prep->datalen);
+ }
+ return 0;
+
+err_fput:
+ fput(file);
+err_quota:
+ key_payload_reserve(key, 0);
+error:
+ return ret;
+}
+
+/*
+ * dispose of the links from a revoked keyring
+ * - called with the key sem write-locked
+ */
+void big_key_revoke(struct key *key)
+{
+ struct path *path = (struct path *)&key->payload.data2;
+
+ /* clear the quota */
+ key_payload_reserve(key, 0);
+ if (key_is_instantiated(key) && key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD)
+ vfs_truncate(path, 0);
+}
+
+/*
+ * dispose of the data dangling from the corpse of a big_key key
+ */
+void big_key_destroy(struct key *key)
+{
+ if (key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) {
+ struct path *path = (struct path *)&key->payload.data2;
+ path_put(path);
+ path->mnt = NULL;
+ path->dentry = NULL;
+ } else {
+ kfree(key->payload.data);
+ key->payload.data = NULL;
+ }
+}
+
+/*
+ * describe the big_key key
+ */
+void big_key_describe(const struct key *key, struct seq_file *m)
+{
+ unsigned long datalen = key->type_data.x[1];
+
+ seq_puts(m, key->description);
+
+ if (key_is_instantiated(key))
+ seq_printf(m, ": %lu [%s]",
+ datalen,
+ datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff");
+}
+
+/*
+ * read the key data
+ * - the key's semaphore is read-locked
+ */
+long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
+{
+ unsigned long datalen = key->type_data.x[1];
+ long ret;
+
+ if (!buffer || buflen < datalen)
+ return datalen;
+
+ if (datalen > BIG_KEY_FILE_THRESHOLD) {
+ struct path *path = (struct path *)&key->payload.data2;
+ struct file *file;
+ loff_t pos;
+
+ file = dentry_open(path, O_RDONLY, current_cred());
+ if (IS_ERR(file))
+ return PTR_ERR(file);
+
+ pos = 0;
+ ret = vfs_read(file, buffer, datalen, &pos);
+ fput(file);
+ if (ret >= 0 && ret != datalen)
+ ret = -EIO;
+ } else {
+ ret = datalen;
+ if (copy_to_user(buffer, key->payload.data, datalen) != 0)
+ ret = -EFAULT;
+ }
+
+ return ret;
+}
+
+/*
+ * Module stuff
+ */
+static int __init big_key_init(void)
+{
+ return register_key_type(&key_type_big_key);
+}
+
+static void __exit big_key_cleanup(void)
+{
+ unregister_key_type(&key_type_big_key);
+}
+
+module_init(big_key_init);
+module_exit(big_key_cleanup);
--
1.8.3.1
From b1e5b74e060add16de8d6005802644fa1700167f Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 30 Aug 2013 15:37:54 +0100
Subject: [PATCH 2/2] KEYS: Add per-user_namespace registers for persistent
per-UID kerberos caches
Add support for per-user_namespace registers of persistent per-UID kerberos
caches held within the kernel.
This allows the kerberos cache to be retained beyond the life of all a user's
processes so that the user's cron jobs can work.
The kerberos cache is envisioned as a keyring/key tree looking something like:
struct user_namespace
\___ .krb_cache keyring - The register
\___ _krb.0 keyring - Root's Kerberos cache
\___ _krb.5000 keyring - User 5000's Kerberos cache
\___ _krb.5001 keyring - User 5001's Kerberos cache
\___ tkt785 big_key - A ccache blob
\___ tkt12345 big_key - Another ccache blob
Or possibly:
struct user_namespace
\___ .krb_cache keyring - The register
\___ _krb.0 keyring - Root's Kerberos cache
\___ _krb.5000 keyring - User 5000's Kerberos cache
\___ _krb.5001 keyring - User 5001's Kerberos cache
\___ tkt785 keyring - A ccache
\___ krbtgt/REDHAT.COM@REDHAT.COM big_key
\___ http/REDHAT.COM@REDHAT.COM user
\___ afs/REDHAT.COM@REDHAT.COM user
\___ nfs/REDHAT.COM@REDHAT.COM user
\___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key
\___ http/KERNEL.ORG@KERNEL.ORG big_key
What goes into a particular Kerberos cache is entirely up to userspace. Kernel
support is limited to giving you the Kerberos cache keyring that you want.
The user asks for their Kerberos cache by:
krb_cache = keyctl_get_krbcache(uid, dest_keyring);
The uid is -1 or the user's own UID for the user's own cache or the uid of some
other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to
mess with the cache.
The cache returned is a keyring named "_krb.<uid>" that the possessor can read,
search, clear, invalidate, unlink from and add links to. Active LSMs get a
chance to rule on whether the caller is permitted to make a link.
Each uid's cache keyring is created when it first accessed and is given a
timeout that is extended each time this function is called so that the keyring
goes away after a while. The timeout is configurable by sysctl but defaults to
three days.
Each user_namespace struct gets a lazily-created keyring that serves as the
register. The cache keyrings are added to it. This means that standard key
search and garbage collection facilities are available.
The user_namespace struct's register goes away when it does and anything left
in it is then automatically gc'd.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Simo Sorce <simo@redhat.com>
cc: Serge E. Hallyn <serge.hallyn@ubuntu.com>
cc: Eric W. Biederman <ebiederm@xmission.com>
---
include/linux/user_namespace.h | 6 ++
include/uapi/linux/keyctl.h | 1 +
kernel/user.c | 4 +
kernel/user_namespace.c | 6 ++
security/keys/Kconfig | 17 +++++
security/keys/Makefile | 1 +
security/keys/compat.c | 3 +
security/keys/internal.h | 9 +++
security/keys/keyctl.c | 3 +
security/keys/persistent.c | 169 +++++++++++++++++++++++++++++++++++++++++
security/keys/sysctl.c | 11 +++
11 files changed, 230 insertions(+)
create mode 100644 security/keys/persistent.c
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index b6b215f..cf21958 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -28,6 +28,12 @@ struct user_namespace {
unsigned int proc_inum;
bool may_mount_sysfs;
bool may_mount_proc;
+
+ /* Register of per-UID persistent keyrings for this namespace */
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+ struct key *persistent_keyring_register;
+ struct rw_semaphore persistent_keyring_register_sem;
+#endif
};
extern struct user_namespace init_user_ns;
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h
index c9b7f4fa..840cb99 100644
--- a/include/uapi/linux/keyctl.h
+++ b/include/uapi/linux/keyctl.h
@@ -56,5 +56,6 @@
#define KEYCTL_REJECT 19 /* reject a partially constructed key */
#define KEYCTL_INSTANTIATE_IOV 20 /* instantiate a partially constructed key */
#define KEYCTL_INVALIDATE 21 /* invalidate a key */
+#define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */
#endif /* _LINUX_KEYCTL_H */
diff --git a/kernel/user.c b/kernel/user.c
index 69b4c3d..6c9e1b9 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -53,6 +53,10 @@ struct user_namespace init_user_ns = {
.proc_inum = PROC_USER_INIT_INO,
.may_mount_sysfs = true,
.may_mount_proc = true,
+#ifdef CONFIG_KEYS_KERBEROS_CACHE
+ .krb_cache_register_sem =
+ __RWSEM_INITIALIZER(init_user_ns.krb_cache_register_sem),
+#endif
};
EXPORT_SYMBOL_GPL(init_user_ns);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index d8c30db..ef7985e 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -99,6 +99,9 @@ int create_user_ns(struct cred *new)
update_mnt_policy(ns);
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+ rwsem_init(&ns->persistent_keyring_register_sem);
+#endif
return 0;
}
@@ -123,6 +126,9 @@ void free_user_ns(struct user_namespace *ns)
do {
parent = ns->parent;
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+ key_put(ns->persistent_keyring_register);
+#endif
proc_free_inum(ns->proc_inum);
kmem_cache_free(user_ns_cachep, ns);
ns = parent;
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index b563622..53d8748 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -20,6 +20,23 @@ config KEYS
If you are unsure as to whether this is required, answer N.
+config PERSISTENT_KEYRINGS
+ bool "Enable register of persistent per-UID keyrings"
+ depends on KEYS
+ help
+ This option provides a register of persistent per-UID keyrings,
+ primarily aimed at Kerberos key storage. The keyrings are persistent
+ in the sense that they stay around after all processes of that UID
+ have exited, not that they survive the machine being rebooted.
+
+ A particular keyring may be accessed by either the user whose keyring
+ it is or by a process with administrative privileges. The active
+ LSMs gets to rule on which admin-level processes get to access the
+ cache.
+
+ Keyrings are created and added into the register upon demand and get
+ removed if they expire (a default timeout is set upon creation).
+
config BIG_KEYS
tristate "Large payload keys"
depends on KEYS
diff --git a/security/keys/Makefile b/security/keys/Makefile
index c487c77..dfb3a7b 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -18,6 +18,7 @@ obj-y := \
obj-$(CONFIG_KEYS_COMPAT) += compat.o
obj-$(CONFIG_PROC_FS) += proc.o
obj-$(CONFIG_SYSCTL) += sysctl.o
+obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o
#
# Key types
diff --git a/security/keys/compat.c b/security/keys/compat.c
index d65fa7f..bbd32c7 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -138,6 +138,9 @@ asmlinkage long compat_sys_keyctl(u32 option,
case KEYCTL_INVALIDATE:
return keyctl_invalidate_key(arg2);
+ case KEYCTL_GET_PERSISTENT:
+ return keyctl_get_persistent(arg2, arg3);
+
default:
return -EOPNOTSUPP;
}
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 581c6f6..80b2aac 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -255,6 +255,15 @@ extern long keyctl_invalidate_key(key_serial_t);
extern long keyctl_instantiate_key_common(key_serial_t,
const struct iovec *,
unsigned, size_t, key_serial_t);
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+extern long keyctl_get_persistent(uid_t, key_serial_t);
+extern unsigned persistent_keyring_expiry;
+#else
+static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
+{
+ return -EOPNOTSUPP;
+}
+#endif
/*
* Debugging key validation
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 33cfd27..cee72ce 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1667,6 +1667,9 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
case KEYCTL_INVALIDATE:
return keyctl_invalidate_key((key_serial_t) arg2);
+ case KEYCTL_GET_PERSISTENT:
+ return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3);
+
default:
return -EOPNOTSUPP;
}
diff --git a/security/keys/persistent.c b/security/keys/persistent.c
new file mode 100644
index 0000000..631a022
--- /dev/null
+++ b/security/keys/persistent.c
@@ -0,0 +1,169 @@
+/* General persistent per-UID keyrings register
+ *
+ * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <linux/user_namespace.h>
+#include "internal.h"
+
+unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */
+
+/*
+ * Create the persistent keyring register for the current user namespace.
+ *
+ * Called with the namespace's sem locked for writing.
+ */
+static int key_create_persistent_register(struct user_namespace *ns)
+{
+ struct key *reg = keyring_alloc(".persistent_register",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ),
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(reg))
+ return PTR_ERR(reg);
+
+ ns->persistent_keyring_register = reg;
+ return 0;
+}
+
+/*
+ * Create the persistent keyring for the specified user.
+ *
+ * Called with the namespace's sem locked for writing.
+ */
+static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid,
+ struct keyring_index_key *index_key)
+{
+ struct key *persistent;
+ key_ref_t reg_ref, persistent_ref;
+
+ if (!ns->persistent_keyring_register) {
+ long err = key_create_persistent_register(ns);
+ if (err < 0)
+ return ERR_PTR(err);
+ } else {
+ reg_ref = make_key_ref(ns->persistent_keyring_register, true);
+ persistent_ref = find_key_to_update(reg_ref, index_key);
+ if (persistent_ref)
+ return persistent_ref;
+ }
+
+ persistent = keyring_alloc(index_key->description,
+ uid, INVALID_GID, current_cred(),
+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ),
+ KEY_ALLOC_NOT_IN_QUOTA,
+ ns->persistent_keyring_register);
+ if (IS_ERR(persistent))
+ return ERR_CAST(persistent);
+
+ return make_key_ref(persistent, true);
+}
+
+/*
+ * Get the persistent keyring for a specific UID and link it to the nominated
+ * keyring.
+ */
+static long key_get_persistent(struct user_namespace *ns, kuid_t uid,
+ key_ref_t dest_ref)
+{
+ struct keyring_index_key index_key;
+ struct key *persistent;
+ key_ref_t reg_ref, persistent_ref;
+ char buf[32];
+ long ret;
+
+ /* Look in the register if it exists */
+ index_key.type = &key_type_keyring;
+ index_key.description = buf;
+ index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid));
+
+ if (ns->persistent_keyring_register) {
+ reg_ref = make_key_ref(ns->persistent_keyring_register, true);
+ down_read(&ns->persistent_keyring_register_sem);
+ persistent_ref = find_key_to_update(reg_ref, &index_key);
+ up_read(&ns->persistent_keyring_register_sem);
+
+ if (persistent_ref)
+ goto found;
+ }
+
+ /* It wasn't in the register, so we'll need to create it. We might
+ * also need to create the register.
+ */
+ down_write(&ns->persistent_keyring_register_sem);
+ persistent_ref = key_create_persistent(ns, uid, &index_key);
+ up_write(&ns->persistent_keyring_register_sem);
+ if (!IS_ERR(persistent_ref))
+ goto found;
+
+ return PTR_ERR(persistent_ref);
+
+found:
+ ret = key_task_permission(persistent_ref, current_cred(), KEY_LINK);
+ if (ret == 0) {
+ persistent = key_ref_to_ptr(persistent_ref);
+ ret = key_link(key_ref_to_ptr(dest_ref), persistent);
+ if (ret == 0) {
+ key_set_timeout(persistent, persistent_keyring_expiry);
+ ret = persistent->serial;
+ }
+ }
+
+ key_ref_put(persistent_ref);
+ return ret;
+}
+
+/*
+ * Get the persistent keyring for a specific UID and link it to the nominated
+ * keyring.
+ */
+long keyctl_get_persistent(uid_t _uid, key_serial_t destid)
+{
+ struct user_namespace *ns = current_user_ns();
+ key_ref_t dest_ref;
+ kuid_t uid;
+ long ret;
+
+ /* -1 indicates the current user */
+ if (_uid == (uid_t)-1) {
+ uid = current_uid();
+ } else {
+ uid = make_kuid(ns, _uid);
+ if (!uid_valid(uid))
+ return -EINVAL;
+
+ /* You can only see your own persistent cache if you're not
+ * sufficiently privileged.
+ */
+ if (uid != current_uid() &&
+ uid != current_suid() &&
+ uid != current_euid() &&
+ uid != current_fsuid() &&
+ !ns_capable(ns, CAP_SETUID))
+ return -EPERM;
+ }
+
+ /* There must be a destination keyring */
+ dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_WRITE);
+ if (IS_ERR(dest_ref))
+ return PTR_ERR(dest_ref);
+ if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) {
+ ret = -ENOTDIR;
+ goto out_put_dest;
+ }
+
+ ret = key_get_persistent(ns, uid, dest_ref);
+
+out_put_dest:
+ key_ref_put(dest_ref);
+ return ret;
+}
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
index ee32d18..8c0af08 100644
--- a/security/keys/sysctl.c
+++ b/security/keys/sysctl.c
@@ -61,5 +61,16 @@ ctl_table key_sysctls[] = {
.extra1 = (void *) &zero,
.extra2 = (void *) &max,
},
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+ {
+ .procname = "persistent_keyring_expiry",
+ .data = &persistent_keyring_expiry,
+ .maxlen = sizeof(unsigned),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = (void *) &zero,
+ .extra2 = (void *) &max,
+ },
+#endif
{ }
};
--
1.8.3.1

1580
keys-x509-improv.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,4 +1,4 @@
From cff9d37c9529fca5ff853f0050c7f0de0e819ea7 Mon Sep 17 00:00:00 2001 From 725d7e7fb9ca1065102e640cf8af606169e63075 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com> From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400 Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 1/4] Add EFI signature data types Subject: [PATCH 1/4] Add EFI signature data types
@ -53,7 +53,7 @@ index eed2202..1da1b3c 100644
1.8.3.1 1.8.3.1
From 2ce1c1d0d7110c4b06d65e4c8506f6c54aa72628 Mon Sep 17 00:00:00 2001 From f204253a34b477c5d68df711326a694b58e51c76 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com> From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400 Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 2/4] Add an EFI signature blob parser and key loader. Subject: [PATCH 2/4] Add an EFI signature blob parser and key loader.
@ -65,9 +65,9 @@ Signed-off-by: David Howells <dhowells@redhat.com>
--- ---
crypto/asymmetric_keys/Kconfig | 8 +++ crypto/asymmetric_keys/Kconfig | 8 +++
crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++ crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 4 ++ include/linux/efi.h | 4 ++
4 files changed, 121 insertions(+) 4 files changed, 122 insertions(+)
create mode 100644 crypto/asymmetric_keys/efi_parser.c create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
@ -101,10 +101,10 @@ index 0727204..cd8388e 100644
# X.509 Certificate handling # X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
new file mode 100644 new file mode 100644
index 0000000..636feb1 index 0000000..424896a
--- /dev/null --- /dev/null
+++ b/crypto/asymmetric_keys/efi_parser.c +++ b/crypto/asymmetric_keys/efi_parser.c
@@ -0,0 +1,108 @@ @@ -0,0 +1,109 @@
+/* EFI signature/key/certificate list parser +/* EFI signature/key/certificate list parser
+ * + *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
@ -195,7 +195,8 @@ index 0000000..636feb1
+ esize - sizeof(*elem), + esize - sizeof(*elem),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | + (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW, + KEY_USR_VIEW,
+ KEY_ALLOC_NOT_IN_QUOTA); + KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_TRUSTED);
+ +
+ if (IS_ERR(key)) + if (IS_ERR(key))
+ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", + pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
@ -232,10 +233,10 @@ index 1da1b3c..42a1d25 100644
1.8.3.1 1.8.3.1
From 0e4e8acfd0932bbf6b02112218092c810d9469a5 Mon Sep 17 00:00:00 2001 From cebc8870a8f0b97b2585a07d9957ead0f21cdc8a Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400 Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 3/4] MODSIGN: Add module certificate blacklist keyring Subject: [PATCH 3/4] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules are blacklisted. This keyring is searched first when loading signed modules
@ -244,86 +245,57 @@ useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
--- ---
init/Kconfig | 8 ++++++++ include/keys/system_keyring.h | 4 ++++
kernel/modsign_pubkey.c | 14 ++++++++++++++ init/Kconfig | 9 +++++++++
kernel/module-internal.h | 3 +++ kernel/module_signing.c | 12 ++++++++++++
kernel/module_signing.c | 12 ++++++++++++ kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 37 insertions(+) 4 files changed, 42 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 8dabc39..e466de1 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,6 +18,10 @@
extern struct key *system_trusted_keyring;
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig diff --git a/init/Kconfig b/init/Kconfig
index fed81b5..b4fa2d1 100644 index 9f3cfdc..547f617 100644
--- a/init/Kconfig --- a/init/Kconfig
+++ b/init/Kconfig +++ b/init/Kconfig
@@ -1772,6 +1772,14 @@ config MODULE_SIG_ALL @@ -1676,6 +1676,15 @@ config SYSTEM_TRUSTED_KEYRING
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_BLACKLIST Keys in this keyring are used by module signature checking.
+ bool "Support for blacklisting module signature certificates"
+ depends on MODULE_SIG +config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help + help
+ This adds support for keeping a blacklist of certificates that + Provide a system keyring to which blacklisted keys can be added. Keys
+ should not pass module signature verification. If a module is + in the keyring are considered entirely untrusted. Keys in this keyring
+ signed with something in this keyring, the load will be rejected. + are used by the module signature checking to reject loading of modules
+ signed with a blacklisted key.
+ +
choice menuconfig MODULES
prompt "Which hash algorithm should modules be signed with?" bool "Enable loadable module support"
depends on MODULE_SIG help
diff --git a/kernel/modsign_pubkey.c b/kernel/modsign_pubkey.c
index 2b6e699..4cd408d 100644
--- a/kernel/modsign_pubkey.c
+++ b/kernel/modsign_pubkey.c
@@ -17,6 +17,9 @@
#include "module-internal.h"
struct key *modsign_keyring;
+#ifdef CONFIG_MODULE_SIG_BLACKLIST
+struct key *modsign_blacklist;
+#endif
extern __initdata const u8 modsign_certificate_list[];
extern __initdata const u8 modsign_certificate_list_end[];
@@ -43,6 +46,17 @@ static __init int module_verify_init(void)
if (IS_ERR(modsign_keyring))
panic("Can't allocate module signing keyring\n");
+#ifdef CONFIG_MODULE_SIG_BLACKLIST
+ modsign_blacklist = keyring_alloc(".modsign_blacklist",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(modsign_blacklist))
+ panic("Can't allocate module signing blacklist keyring\n");
+#endif
+
return 0;
}
diff --git a/kernel/module-internal.h b/kernel/module-internal.h
index 24f9247..51a8380 100644
--- a/kernel/module-internal.h
+++ b/kernel/module-internal.h
@@ -10,5 +10,8 @@
*/
extern struct key *modsign_keyring;
+#ifdef CONFIG_MODULE_SIG_BLACKLIST
+extern struct key *modsign_blacklist;
+#endif
extern int mod_verify_sig(const void *mod, unsigned long *_modlen);
diff --git a/kernel/module_signing.c b/kernel/module_signing.c diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index f2970bd..5423195 100644 index 0b6b870..0a29b40 100644
--- a/kernel/module_signing.c --- a/kernel/module_signing.c
+++ b/kernel/module_signing.c +++ b/kernel/module_signing.c
@@ -157,6 +157,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len, @@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id); pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_MODULE_SIG_BLACKLIST +#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(modsign_blacklist, 1), + key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id); + &key_type_asymmetric, id);
+ if (!IS_ERR(key)) { + if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */ + /* module is signed with a cert in the blacklist. reject */
@ -334,20 +306,55 @@ index f2970bd..5423195 100644
+ } + }
+#endif +#endif
+ +
key = keyring_search(make_key_ref(modsign_keyring, 1), key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id); &key_type_asymmetric, id);
if (IS_ERR(key)) if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 4ca7072..b19cc6e 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
EXPORT_SYMBOL_GPL(system_trusted_keyring);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+struct key *system_blacklist_keyring;
+#endif
extern __initdata const u8 system_certificate_list[];
extern __initdata const u8 system_certificate_list_end[];
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
+ (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+ KEY_USR_VIEW | KEY_USR_READ,
+ KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ if (IS_ERR(system_blacklist_keyring))
+ panic("Can't allocate system blacklist keyring\n");
+
+ set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
+#endif
+
return 0;
}
-- --
1.8.3.1 1.8.3.1
From c558b46370e850851a94795df67b7c57aecc48ea Mon Sep 17 00:00:00 2001 From aa4f39ac51f8b9f589c13766e5e32a5b7794ed68 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400 Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 4/4] MODSIGN: Import certificates from UEFI Secure Boot Subject: [PATCH 4/4] MODSIGN: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable. Secure Boot stores a list of allowed certificates in the 'db' variable.
This imports those certificates into the module signing keyring. This This imports those certificates into the system trusted keyring. This
allows for a third party signing certificate to be used in conjunction allows for a third party signing certificate to be used in conjunction
with signed modules. By importing the public certificate into the 'db' with signed modules. By importing the public certificate into the 'db'
variable, a user can allow a module signed with that certificate to variable, a user can allow a module signed with that certificate to
@ -356,7 +363,7 @@ in the 'MokListRT' variable. We import those as well.
In the opposite case, Secure Boot maintains a list of disallowed In the opposite case, Secure Boot maintains a list of disallowed
certificates in the 'dbx' variable. We load those certificates into certificates in the 'dbx' variable. We load those certificates into
the newly introduced module blacklist keyring and forbid any module the newly introduced system blacklist keyring and forbid any module
signed with those from loading. signed with those from loading.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
@ -364,8 +371,8 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
include/linux/efi.h | 6 ++++ include/linux/efi.h | 6 ++++
init/Kconfig | 9 +++++ init/Kconfig | 9 +++++
kernel/Makefile | 3 ++ kernel/Makefile | 3 ++
kernel/modsign_uefi.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++ kernel/modsign_uefi.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 109 insertions(+) 4 files changed, 110 insertions(+)
create mode 100644 kernel/modsign_uefi.c create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h diff --git a/include/linux/efi.h b/include/linux/efi.h
@ -386,16 +393,16 @@ index 42a1d25..d3e6036 100644
efi_guid_t guid; efi_guid_t guid;
u64 table; u64 table;
diff --git a/init/Kconfig b/init/Kconfig diff --git a/init/Kconfig b/init/Kconfig
index b4fa2d1..94ce526 100644 index 547f617..8e943bf 100644
--- a/init/Kconfig --- a/init/Kconfig
+++ b/init/Kconfig +++ b/init/Kconfig
@@ -1780,6 +1780,15 @@ config MODULE_SIG_BLACKLIST @@ -1794,6 +1794,15 @@ config MODULE_SIG_ALL
should not pass module signature verification. If a module is comment "Do not forget to sign required modules with scripts/sign-file"
signed with something in this keyring, the load will be rejected. depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI +config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI" + bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && MODULE_SIG_BLACKLIST && EFI + depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER + select EFI_SIGNATURE_LIST_PARSER
+ help + help
+ This will import certificates stored in UEFI and allow modules + This will import certificates stored in UEFI and allow modules
@ -406,18 +413,18 @@ index b4fa2d1..94ce526 100644
prompt "Which hash algorithm should modules be signed with?" prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile diff --git a/kernel/Makefile b/kernel/Makefile
index 35ef118..6ca1fea 100644 index 1ff5e3b..f9b9998 100644
--- a/kernel/Makefile --- a/kernel/Makefile
+++ b/kernel/Makefile +++ b/kernel/Makefile
@@ -55,6 +55,7 @@ obj-$(CONFIG_PROVE_LOCKING) += spinlock.o @@ -56,6 +56,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o modsign_pubkey.o modsign_certificate.o obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o +obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o obj-$(CONFIG_KEXEC) += kexec.o
@@ -114,6 +115,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o @@ -115,6 +116,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
$(obj)/configs.o: $(obj)/config_data.h $(obj)/configs.o: $(obj)/config_data.h
@ -428,10 +435,10 @@ index 35ef118..6ca1fea 100644
targets += config_data.gz targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644 new file mode 100644
index 0000000..7eae5b4 index 0000000..94b0eb3
--- /dev/null --- /dev/null
+++ b/kernel/modsign_uefi.c +++ b/kernel/modsign_uefi.c
@@ -0,0 +1,91 @@ @@ -0,0 +1,92 @@
+#include <linux/kernel.h> +#include <linux/kernel.h>
+#include <linux/sched.h> +#include <linux/sched.h>
+#include <linux/cred.h> +#include <linux/cred.h>
@ -439,6 +446,7 @@ index 0000000..7eae5b4
+#include <linux/efi.h> +#include <linux/efi.h>
+#include <linux/slab.h> +#include <linux/slab.h>
+#include <keys/asymmetric-type.h> +#include <keys/asymmetric-type.h>
+#include <keys/system_keyring.h>
+#include "module-internal.h" +#include "module-internal.h"
+ +
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size) +static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
@ -493,7 +501,7 @@ index 0000000..7eae5b4
+ if (!db) { + if (!db) {
+ pr_err("MODSIGN: Couldn't get UEFI db list\n"); + pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ } else { + } else {
+ rc = parse_efi_signature_list(db, dbsize, modsign_keyring); + rc = parse_efi_signature_list(db, dbsize, system_trusted_keyring);
+ if (rc) + if (rc)
+ pr_err("Couldn't parse db signatures: %d\n", rc); + pr_err("Couldn't parse db signatures: %d\n", rc);
+ kfree(db); + kfree(db);
@ -503,7 +511,7 @@ index 0000000..7eae5b4
+ if (!mok) { + if (!mok) {
+ pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); + pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+ } else { + } else {
+ rc = parse_efi_signature_list(mok, moksize, modsign_keyring); + rc = parse_efi_signature_list(mok, moksize, system_trusted_keyring);
+ if (rc) + if (rc)
+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc); + pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
+ kfree(mok); + kfree(mok);
@ -514,7 +522,7 @@ index 0000000..7eae5b4
+ pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); + pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+ } else { + } else {
+ rc = parse_efi_signature_list(dbx, dbxsize, + rc = parse_efi_signature_list(dbx, dbxsize,
+ modsign_blacklist); + system_blacklist_keyring);
+ if (rc) + if (rc)
+ pr_err("Couldn't parse dbx signatures: %d\n", rc); + pr_err("Couldn't parse dbx signatures: %d\n", rc);
+ kfree(dbx); + kfree(dbx);

View File

@ -1,4 +1,4 @@
From 4fe6d11d21b548d6e8272cc8cad5fcc6150ef081 Mon Sep 17 00:00:00 2001 From ffe1ee94d526900ce1e5191cdd38934477dd209a Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 14:02:09 -0400 Date: Fri, 26 Oct 2012 14:02:09 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment Subject: [PATCH] hibernate: Disable in a signed modules environment
@ -12,8 +12,8 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
--- ---
kernel/power/hibernate.c | 16 +++++++++++++++- kernel/power/hibernate.c | 16 +++++++++++++++-
kernel/power/main.c | 7 ++++++- kernel/power/main.c | 7 ++++++-
kernel/power/user.c | 5 +++++ kernel/power/user.c | 1 +
3 files changed, 26 insertions(+), 2 deletions(-) 3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index b26f5f1..e65228b 100644 index b26f5f1..e65228b 100644
@ -96,28 +96,17 @@ index 1d1bf63..300f300 100644
if (s != buf) if (s != buf)
/* convert the last space to a newline */ /* convert the last space to a newline */
diff --git a/kernel/power/user.c b/kernel/power/user.c diff --git a/kernel/power/user.c b/kernel/power/user.c
index 4ed81e7..b714ee6 100644 index 15cb72f..fa85ed5 100644
--- a/kernel/power/user.c --- a/kernel/power/user.c
+++ b/kernel/power/user.c +++ b/kernel/power/user.c
@@ -24,6 +24,8 @@ @@ -25,6 +25,7 @@
#include <linux/console.h>
#include <linux/cpu.h> #include <linux/cpu.h>
#include <linux/freezer.h> #include <linux/freezer.h>
#include <linux/module.h>
+#include <linux/efi.h> +#include <linux/efi.h>
+#include <linux/module.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
@@ -48,6 +50,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
struct snapshot_data *data;
int error;
+ if (secure_modules())
+ return -EPERM;
+
lock_system_sleep();
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
-- --
1.8.3.1 1.8.3.1

View File

@ -1,7 +1,7 @@
From 17832506ee9b52bc8e00c2ec89b49257998171ed Mon Sep 17 00:00:00 2001 From 8dea807503a1ba88d9e27595daae7f86ec968711 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:02 -0400 Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/13] Add secure_modules() call Subject: [PATCH 01/14] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load has been configured to either disable module loading entirely or to load
@ -39,7 +39,7 @@ index 46f1ea0..0c266b2 100644
#ifdef CONFIG_SYSFS #ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c diff --git a/kernel/module.c b/kernel/module.c
index 2069158..499ee57 100644 index 2069158..0e94acf 100644
--- a/kernel/module.c --- a/kernel/module.c
+++ b/kernel/module.c +++ b/kernel/module.c
@@ -3852,3 +3852,13 @@ void module_layout(struct module *mod, @@ -3852,3 +3852,13 @@ void module_layout(struct module *mod,
@ -55,15 +55,15 @@ index 2069158..499ee57 100644
+ return modules_disabled; + return modules_disabled;
+#endif +#endif
+} +}
+EXPORT_SYMBOL_GPL(secure_modules); +EXPORT_SYMBOL(secure_modules);
-- --
1.8.3.1 1.8.3.1
From e347503648ace6a4b71dfb566365f1aa19657746 Mon Sep 17 00:00:00 2001 From 9b7b3f6283bf784e4ea1c34e52646b12971b2823 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:03 -0400 Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH 02/13] PCI: Lock down BAR access when module security is Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
enabled enabled
Any hardware that can potentially generate DMA has to be locked down from Any hardware that can potentially generate DMA has to be locked down from
@ -179,10 +179,10 @@ index e1c1ec5..bffbf71 100644
1.8.3.1 1.8.3.1
From b846e3958d3f4ff875ec958efba8b681ccbae04e Mon Sep 17 00:00:00 2001 From aac2425a2664c09c2a369e1eec6e7a5bc2713cb1 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:04 -0400 Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH 03/13] x86: Lock down IO port access when module security is Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
enabled enabled
IO port access would permit users to gain access to PCI configuration IO port access would permit users to gain access to PCI configuration
@ -252,10 +252,10 @@ index f895a8c..1af8664 100644
1.8.3.1 1.8.3.1
From 8c11e2cc989eece2d4978cfbc83f9b898f3cd1aa Mon Sep 17 00:00:00 2001 From e7f9789c7eedf291972666befee726ff8e7126f6 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:05 -0400 Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH 04/13] ACPI: Limit access to custom_method Subject: [PATCH 04/14] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading. it possible for an attacker to circumvent restrictions on module loading.
@ -263,22 +263,14 @@ Disable it if any such restrictions have been enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
--- ---
drivers/acpi/custom_method.c | 4 ++++ drivers/acpi/custom_method.c | 3 +++
1 file changed, 4 insertions(+) 1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index 12b62f2..55a013f 100644 index 12b62f2..50647b3 100644
--- a/drivers/acpi/custom_method.c --- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c
@@ -7,6 +7,7 @@ @@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
#include <linux/kernel.h>
#include <linux/uaccess.h>
#include <linux/debugfs.h>
+#include <linux/module.h>
#include <acpi/acpi_drivers.h>
#include "internal.h"
@@ -29,6 +30,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table; struct acpi_table_header table;
acpi_status status; acpi_status status;
@ -292,10 +284,10 @@ index 12b62f2..55a013f 100644
1.8.3.1 1.8.3.1
From 968ccfb32df5d5c9673c57641ebf90b25c0df880 Mon Sep 17 00:00:00 2001 From d81cd6628c821d47bd086354cbc57b1474f3c1a8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:06 -0400 Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH 05/13] asus-wmi: Restrict debugfs interface when module Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
loading is restricted loading is restricted
We have no way of validating what all of the Asus WMI methods do on a We have no way of validating what all of the Asus WMI methods do on a
@ -347,10 +339,10 @@ index 19c313b..db18ef66 100644
1.8.3.1 1.8.3.1
From e492d0a80bb591c34391757f97fc5aa8eb198e4f Mon Sep 17 00:00:00 2001 From df75e984729ef50bb691b4d15472529fcd81580b Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:07 -0400 Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH 06/13] Restrict /dev/mem and /dev/kmem when module loading is Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
restricted restricted
Allowing users to write to address space makes it possible for the kernel Allowing users to write to address space makes it possible for the kernel
@ -390,10 +382,10 @@ index 1af8664..61406c8 100644
1.8.3.1 1.8.3.1
From 145913d656bfe8216032b38a576ac150699521e5 Mon Sep 17 00:00:00 2001 From 78955913cc46cc5e5c7f2c71c1b07a5c18e06456 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com> From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 19 Aug 2013 13:26:08 -0400 Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH 07/13] acpi: Ignore acpi_rsdp kernel parameter when module Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
loading is restricted loading is restricted
This option allows userspace to pass the RSDP address to the kernel, which This option allows userspace to pass the RSDP address to the kernel, which
@ -430,10 +422,95 @@ index 6ab2c35..e4c4410 100644
1.8.3.1 1.8.3.1
From 012ac79f54ab746114d8276d8858a3df18b10e22 Mon Sep 17 00:00:00 2001 From 23aae9143fbece326b3a26bf5ba48956c99cabe4 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:10 -0400 Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/13] x86: Restrict MSR access when module loading is Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 59f7b55..3e2b63a 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -32,6 +32,7 @@
#include <linux/vmalloc.h>
#include <linux/swap.h>
#include <linux/syscore_ops.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -943,6 +944,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
+ /*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
1.8.3.1
From 218cd49aa2d6a085c5c4edc0396200864f0b54ad Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Tue, 3 Sep 2013 11:23:29 -0400
Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted
uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to avoid module loading restrictions. Prevent this when
any restrictions have been imposed on loading modules.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/power/user.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/power/user.c b/kernel/power/user.c
index 4ed81e7..15cb72f 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -24,6 +24,7 @@
#include <linux/console.h>
#include <linux/cpu.h>
#include <linux/freezer.h>
+#include <linux/module.h>
#include <asm/uaccess.h>
@@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
struct snapshot_data *data;
int error;
+ if (secure_modules())
+ return -EPERM;
+
lock_system_sleep();
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
--
1.8.3.1
From beeaac053d4ae57dc65be1da8b46e5d4bc6542b8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is
restricted restricted
Writing to MSRs should not be allowed if module loading is restricted, Writing to MSRs should not be allowed if module loading is restricted,
@ -475,51 +552,10 @@ index 88458fa..d08f7e3 100644
1.8.3.1 1.8.3.1
From a44d2968968fd667c8cbeba7c043f674d17e7ce7 Mon Sep 17 00:00:00 2001 From b4331711c52aff0a6a9cef0f4b52fe261874d6f2 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:09 -0400 Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 09/13] kexec: Disable at runtime if the kernel enforces module Subject: [PATCH 11/14] Add option to automatically enforce module signatures
loading restrictions
kexec permits the loading and execution of arbitrary code in ring 0, which
is something that module signing enforcement is meant to prevent. It makes
sense to disable kexec in this situation.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
---
kernel/kexec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 59f7b55..1a7690f 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -32,6 +32,7 @@
#include <linux/vmalloc.h>
#include <linux/swap.h>
#include <linux/syscore_ops.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -1645,6 +1646,9 @@ int kernel_kexec(void)
goto Unlock;
}
+ if (secure_modules())
+ return -EPERM;
+
#ifdef CONFIG_KEXEC_JUMP
if (kexec_image->preserve_context) {
lock_system_sleep();
--
1.8.3.1
From f8f879da5dcc060a990a3b660aa5f340429cc4ed Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Mon, 19 Aug 2013 13:26:11 -0400
Subject: [PATCH 10/13] Add option to automatically enforce module signatures
when in Secure Boot mode when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will UEFI Secure Boot provides a mechanism for ensuring that the firmware will
@ -528,17 +564,15 @@ require that all kernel modules also be signed. Add a configuration option
that enforces this automatically when enabled. that enforces this automatically when enabled.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
--- ---
Documentation/x86/zero-page.txt | 2 ++ Documentation/x86/zero-page.txt | 2 ++
arch/x86/Kconfig | 10 ++++++++++ arch/x86/Kconfig | 10 ++++++++++
arch/x86/boot/compressed/eboot.c | 33 +++++++++++++++++++++++++++++++++ arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++
arch/x86/include/asm/bootparam_utils.h | 8 ++++++-- arch/x86/include/uapi/asm/bootparam.h | 3 ++-
arch/x86/include/uapi/asm/bootparam.h | 3 ++- arch/x86/kernel/setup.c | 6 ++++++
arch/x86/kernel/setup.c | 6 ++++++ include/linux/module.h | 6 ++++++
include/linux/module.h | 6 ++++++ kernel/module.c | 7 +++++++
kernel/module.c | 7 +++++++ 7 files changed, 69 insertions(+), 1 deletion(-)
8 files changed, 72 insertions(+), 3 deletions(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453..ec38acf 100644 index 199f453..ec38acf 100644
@ -575,14 +609,22 @@ index b32ebf9..6a6c19b 100644
def_bool y def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode" prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index b7388a4..145294d 100644 index b7388a4..53bfe4f 100644
--- a/arch/x86/boot/compressed/eboot.c --- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c
@@ -861,6 +861,37 @@ fail: @@ -12,6 +12,7 @@
#include <asm/efi.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#undef memcpy /* Use memcpy from misc.c */
@@ -861,6 +862,37 @@ fail:
return status; return status;
} }
+static int get_secure_boot(efi_system_table_t *_table) +static int get_secure_boot(void)
+{ +{
+ u8 sb, setup; + u8 sb, setup;
+ unsigned long datasize = sizeof(sb); + unsigned long datasize = sizeof(sb);
@ -616,37 +658,19 @@ index b7388a4..145294d 100644
/* /*
* Because the x86 boot code expects to be passed a boot_params we * Because the x86 boot code expects to be passed a boot_params we
* need to create one ourselves (usually the bootloader would create * need to create one ourselves (usually the bootloader would create
@@ -1169,6 +1200,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, @@ -1169,6 +1201,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
goto fail; goto fail;
+ boot_params->secure_boot = get_secure_boot(sys_table); + sanitize_boot_params(boot_params);
+
+ boot_params->secure_boot = get_secure_boot();
+ +
setup_graphics(boot_params); setup_graphics(boot_params);
setup_efi_pci(boot_params); setup_efi_pci(boot_params);
diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h
index 4a8cb8d..25f9cf1 100644
--- a/arch/x86/include/asm/bootparam_utils.h
+++ b/arch/x86/include/asm/bootparam_utils.h
@@ -38,9 +38,13 @@ static void sanitize_boot_params(struct boot_params *boot_params)
memset(&boot_params->ext_ramdisk_image, 0,
(char *)&boot_params->efi_info -
(char *)&boot_params->ext_ramdisk_image);
- memset(&boot_params->kbd_status, 0,
+ memset(&boot_params->kbd_status, 0, sizeof(boot_params->kbd_status));
+ /* don't clear boot_params->secure_boot. we set that ourselves
+ * earlier.
+ */
+ memset(&boot_params->_pad5[0], 0,
(char *)&boot_params->hdr -
- (char *)&boot_params->kbd_status);
+ (char *)&boot_params->_pad5[0]);
memset(&boot_params->_pad7[0], 0,
(char *)&boot_params->edd_mbr_sig_buffer[0] -
(char *)&boot_params->_pad7[0]);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index c15ddaf..d35da96 100644 index c15ddaf..85d7685 100644
--- a/arch/x86/include/uapi/asm/bootparam.h --- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -131,7 +131,8 @@ struct boot_params { @@ -131,7 +131,8 @@ struct boot_params {
@ -655,7 +679,7 @@ index c15ddaf..d35da96 100644
__u8 kbd_status; /* 0x1eb */ __u8 kbd_status; /* 0x1eb */
- __u8 _pad5[3]; /* 0x1ec */ - __u8 _pad5[3]; /* 0x1ec */
+ __u8 secure_boot; /* 0x1ec */ + __u8 secure_boot; /* 0x1ec */
+ __u8 _pad5[2]; /* 0x1ec */ + __u8 _pad5[2]; /* 0x1ed */
/* /*
* The sentinel is set to a nonzero value (0xff) in header.S. * The sentinel is set to a nonzero value (0xff) in header.S.
* *
@ -694,7 +718,7 @@ index 0c266b2..5a6374a 100644
extern int modules_disabled; /* for sysctl */ extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c diff --git a/kernel/module.c b/kernel/module.c
index 499ee57..bc7c987 100644 index 0e94acf..974139b 100644
--- a/kernel/module.c --- a/kernel/module.c
+++ b/kernel/module.c +++ b/kernel/module.c
@@ -3853,6 +3853,13 @@ void module_layout(struct module *mod, @@ -3853,6 +3853,13 @@ void module_layout(struct module *mod,
@ -715,10 +739,10 @@ index 499ee57..bc7c987 100644
1.8.3.1 1.8.3.1
From b1604407fff69b17b598af03888a9efda0d58f2b Mon Sep 17 00:00:00 2001 From bb28516d346e6511f1e012321c48eb142763e539 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com> From: Josh Boyer <jwboyer@redhat.com>
Date: Tue, 5 Feb 2013 19:25:05 -0500 Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 11/13] efi: Disable secure boot if shim is in insecure mode Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called images it loads. When a user does this, it creates a UEFI variable called
@ -732,12 +756,12 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 19 insertions(+), 1 deletion(-) 1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 145294d..545d4a6 100644 index 53bfe4f..946028b 100644
--- a/arch/x86/boot/compressed/eboot.c --- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c
@@ -863,8 +863,9 @@ fail: @@ -864,8 +864,9 @@ fail:
static int get_secure_boot(efi_system_table_t *_table) static int get_secure_boot(void)
{ {
- u8 sb, setup; - u8 sb, setup;
+ u8 sb, setup, moksbstate; + u8 sb, setup, moksbstate;
@ -746,7 +770,7 @@ index 145294d..545d4a6 100644
efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
efi_status_t status; efi_status_t status;
@@ -888,6 +889,23 @@ static int get_secure_boot(efi_system_table_t *_table) @@ -889,6 +890,23 @@ static int get_secure_boot(void)
if (setup == 1) if (setup == 1)
return 0; return 0;
@ -774,10 +798,10 @@ index 145294d..545d4a6 100644
1.8.3.1 1.8.3.1
From 4d8b5cab923a2df15e1f33b3f0511366f9f98756 Mon Sep 17 00:00:00 2001 From 4c8824bac8d4284e66c39c365ba84151f2d78e87 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400 Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH 12/13] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps. UEFI based. Reflect this in the config deps.
@ -805,10 +829,10 @@ index 6a6c19b..10498ec 100644
1.8.3.1 1.8.3.1
From a87ca6498b8a9f8e3c1d7e6ef7ef4e233ec8639d Mon Sep 17 00:00:00 2001 From 871b0ed1847c3c5413a4ca72ecf18735858f7708 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org> From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400 Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/13] efi: Add EFI_SECURE_BOOT bit Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled. for use with efi_enabled.

View File

@ -1 +1,2 @@
fea363551ff45fbe4cb88497b863b261 linux-3.11.tar.xz fea363551ff45fbe4cb88497b863b261 linux-3.11.tar.xz
91b5f56f18ff94ed394ab021297f74da patch-3.11-git1.xz