brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/security
History
Matthew Garrett eddbab1384 evm: Don't deadlock if a crypto algorithm is unavailable 
[ Upstream commit e2861fa716 ]

When EVM attempts to appraise a file signed with a crypto algorithm the
kernel doesn't have support for, it will cause the kernel to trigger a
module load. If the EVM policy includes appraisal of kernel modules this
will in turn call back into EVM - since EVM is holding a lock until the
crypto initialisation is complete, this triggers a deadlock. Add a
CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag
in the EVM case in order to fail gracefully with an error message
instead of deadlocking.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-09-26 08:36:37 +02:00
..
apparmor apparmor: Make path_max parameter readonly 2018-03-22 09:17:48 +01:00
integrity evm: Don't deadlock if a crypto algorithm is unavailable 2018-09-26 08:36:37 +02:00
keys security/keys: BIG_KEY requires CONFIG_CRYPTO 2018-02-25 11:05:53 +01:00
loadpin LSM: LoadPin: provide enablement CONFIG 2016-05-17 20:10:30 +10:00
selinux selinux: use GFP_NOWAIT in the AVC kmem_caches 2018-09-19 22:47:11 +02:00
smack Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets 2018-09-26 08:36:33 +02:00
tomoyo mm: replace get_user_pages_remote() write/force parameters with gup_flags 2016-10-19 08:12:02 -07:00
yama Yama: fix double-spinlock and user access in atomic context 2016-05-26 09:56:18 +10:00
Kconfig KPTI: Rename to PAGE_TABLE_ISOLATION 2018-01-05 15:46:35 +01:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
commoncap.c xattr: Add __vfs_{get,set,remove}xattr helpers 2016-10-07 20:10:44 -04:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 20:16:43 -07:00
lsm_audit.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-10-04 14:48:27 -07:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security, overlayfs: Provide hook to correctly label newly created files 2016-08-08 20:46:46 -04:00