xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
29d3c1c8dfe752c01b7115ecd5a3142b232a38e1
android_kernel_xiaomi_sm8450/kernel
History
Matthew Garrett 29d3c1c8df kexec: Allow kexec_file() with appropriate IMA policy when locked down 
Systems in lockdown mode should block the kexec of untrusted kernels.
For x86 and ARM we can ensure that a kernel is trustworthy by validating
a PE signature, but this isn't possible on other architectures. On those
platforms we can use IMA digital signatures instead. Add a function to
determine whether IMA has or will verify signatures for a given event type,
and if so permit kexec_file() even if the kernel is otherwise locked down.
This is restricted to cases where CONFIG_INTEGRITY_TRUSTED_KEYRING is set
in order to prevent an attacker from loading additional keys at runtime.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:16 -07:00
..
bpf
Merge tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx
2019-06-21 09:58:42 -07:00
cgroup
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 451
2019-06-19 17:09:08 +02:00
configs
kvm_config: add CONFIG_VIRTIO_MENU
2018-10-24 20:55:56 -04:00
debug
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
dma
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
events
lockdown: Lock down perf when in confidentiality mode
2019-08-19 21:54:16 -07:00
gcov
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
irq
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
livepatch
Merge tag 'trace-v5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2019-06-15 07:24:11 -10:00
locking
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 436
2019-06-05 17:37:17 +02:00
power
hibernate: Disable when the kernel is locked down
2019-08-19 21:54:15 -07:00
printk
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
rcu
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
sched
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
time
timekeeping: Repair ktime_get_coarse*() granularity
2019-06-14 11:51:44 +02:00
trace
bpf: Restrict bpf when kernel lockdown is in confidentiality mode
2019-08-19 21:54:16 -07:00
.gitignore
Provide in-kernel headers to make extending kernel easier
2019-04-29 16:48:03 +02:00
acct.c
acct_on(): don't mess with freeze protection
2019-04-04 21:04:13 -04:00
async.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
audit_fsnotify.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
audit_tree.c
fsnotify: switch send_to_group() and ->handle_event to const struct qstr *
2019-04-26 13:51:03 -04:00
audit_watch.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
audit.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
audit.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
auditfilter.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
auditsc.c
Merge branch 'work.dcache' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-05-07 20:03:32 -07:00
backtracetest.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
bounds.c
kbuild: fix kernel/bounds.c 'W=1' warning
2018-10-31 08:54:14 -07:00
capability.c
LSM: add SafeSetID module that gates setid calls
2019-01-25 11:22:43 -08:00
compat.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
configs.c
kernel/configs: use .incbin directive to embed config_data.gz
2019-03-07 18:32:02 -08:00
context_tracking.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
cpu_pm.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
2019-06-05 17:36:37 +02:00
cpu.c
cpu/hotplug: Fix out-of-bounds read when setting fail state
2019-06-27 09:34:04 +02:00
crash_core.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230
2019-06-19 17:09:06 +02:00
crash_dump.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
cred.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2019-06-11 15:44:45 -10:00
delayacct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
dma.c
proc: introduce proc_create_single{,_data}
2018-05-16 07:23:35 +02:00
elfcore.c
exec_domain.c
proc: introduce proc_create_single{,_data}
2018-05-16 07:23:35 +02:00
exit.c
cgroup: Call cgroup_release() before __exit_signal()
2019-05-31 10:38:57 -07:00
extable.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
fail_function.c
treewide: Switch printk users from %pf and %pF to %ps and %pS, respectively
2019-04-09 14:19:06 +02:00
fork.c
fork: return proper negative error code
2019-07-01 16:43:30 +02:00
freezer.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
futex.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
gen_kheaders.sh
kheaders: Do not regenerate archive if config is not changed
2019-05-24 20:16:01 +02:00
groups.c
hung_task.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
iomem.c
mm/resource: Use resource_overlaps() to simplify region_intersects()
2019-04-19 12:59:36 +02:00
irq_work.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
jump_label.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
kallsyms.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
kcmp.c
Kconfig.freezer
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.hz
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.locks
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.preempt
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
kcov.c
kcov: convert kcov.refcount to refcount_t
2019-03-07 18:32:02 -08:00
kexec_core.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230
2019-06-19 17:09:06 +02:00
kexec_file.c
kexec: Allow kexec_file() with appropriate IMA policy when locked down
2019-08-19 21:54:16 -07:00
kexec_internal.h
kexec.c
kexec_load: Disable at runtime if the kernel is locked down
2019-08-19 21:54:15 -07:00
kheaders.c
kheaders: Move from proc to sysfs
2019-05-24 20:16:01 +02:00
kmod.c
kprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
ksysfs.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 170
2019-05-30 11:26:39 -07:00
kthread.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
latencytop.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
Makefile
kheaders: Move from proc to sysfs
2019-05-24 20:16:01 +02:00
memremap.c
mm/devm_memremap_pages: fix final page put race
2019-06-13 17:34:56 -10:00
module_signing.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
module-internal.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
module.c
lockdown: Enforce module signatures if the kernel is locked down
2019-08-19 21:54:15 -07:00
notifier.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
nsproxy.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
padata.c
padata: Replace padata_attr_type default_attrs field with groups
2019-04-25 22:06:11 +02:00
panic.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
params.c
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
2019-08-19 21:54:16 -07:00
pid_namespace.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
pid.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
profile.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
ptrace.c
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
2019-07-05 02:00:41 +09:00
range.c
reboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
relay.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
resource.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
rseq.c
rseq: Remove superfluous rseq_len from task_struct
2019-04-19 12:39:32 +02:00
seccomp.c
Merge tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
2019-05-07 19:06:04 -07:00
signal.c
signal: remove the wrong signal_pending() check in restore_user_sigmask()
2019-06-29 16:43:45 +08:00
smp.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
smpboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
smpboot.h
softirq.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 430
2019-06-05 17:37:16 +02:00
stackleak.c
stackleak: Mark stackleak_track_stack() as notrace
2018-12-05 19:31:44 -08:00
stacktrace.c
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-06-02 11:04:42 -07:00
stop_machine.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 38
2019-05-24 17:27:11 +02:00
sys_ni.c
signal: support CLONE_PIDFD with pidfd_send_signal
2019-05-07 14:31:03 +02:00
sys.c
prctl_set_mm: downgrade mmap_sem to read lock
2019-06-01 15:51:31 -07:00
sysctl_binary.c
kernel/sysctl: add panic_print into sysctl
2019-01-04 13:13:47 -08:00
sysctl.c
sysctl: define proc_do_static_key()
2019-06-14 20:18:27 -07:00
task_work.c
taskstats.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
test_kprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
torture.c
torture: Don't try to offline the last CPU
2019-03-26 14:42:53 -07:00
tracepoint.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
tsacct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
ucount.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
uid16.c
uid16.h
umh.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
up.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
user_namespace.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
user-return-notifier.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
user.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
utsname_sysctl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
utsname.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
watchdog_hld.c
kernel/watchdog_hld.c: hard lockup message should end with a newline
2019-04-19 09:46:05 -07:00
watchdog.c
watchdog: Fix typo in comment
2019-04-18 14:05:51 +02:00
workqueue_internal.h
sched/core, workqueues: Distangle worker accounting from rq lock
2019-04-16 16:55:15 +02:00
workqueue.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00