brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/security
History
Jarkko Sakkinen 2910038c09 KEYS: trusted: Fix migratable=1 failing 
commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.

Consider the following transcript:

$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument

The documentation has the following description:

  migratable=   0|1 indicating permission to reseal to new PCR values,
                default 1 (resealing allowed)

The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.

[*] Documentation/security/keys/trusted-encrypted.rst

Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72f7 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-03-04 10:26:44 +01:00
..
apparmor apparmor: ensure that dfa state tables have entries 2020-07-22 09:33:05 +02:00
integrity certs: Fix blacklist flag type confusion 2021-03-04 10:26:29 +01:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-04 10:26:44 +01:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: Allow unprivileged users to see lockdown status 2020-06-22 09:30:53 +02:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling 2020-12-30 11:51:05 +01:00
smack Smack: prevent underflow in smk_set_cipso() 2020-08-19 08:16:16 +02:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 21:22:41 +00:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
commoncap.c capabilities: Don't allow writing ambiguous v3 file capabilities 2021-03-04 10:26:26 +01:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-10-01 13:18:13 +02:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:26:16 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00