kernel_optimize_test/Documentation
Roberto Sassu 53124265fc evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
commit 9acc89d31f0c94c8e573ed61f3e4340bbd526d0c upstream.

EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to
temporarily disable metadata verification until all xattrs/attrs necessary
to verify an EVM portable signature are copied to the file. This flag is
cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is
calculated on unverified xattrs/attrs.

Currently EVM unnecessarily denies setting this flag if EVM is initialized
with a public key, which is not a concern as it cannot be used to trust
xattrs/attrs updates. This patch removes this limitation.

Fixes: ae1ba1676b ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org # 4.16.x
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-07-14 16:55:46 +02:00
..
ABI evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 2021-07-14 16:55:46 +02:00
accounting
admin-guide drivers/base/memory: don't store phys_device in memory blocks 2021-03-17 17:06:25 +01:00
arm ARM: 9012/1: move device tree mapping out of linear region 2021-05-19 10:13:18 +02:00
arm64 arm64: Add workaround for Arm Cortex-A77 erratum 1508412 2020-10-29 12:56:01 +00:00
block
bpf
cdrom
core-api
cpu-freq
crypto
dev-tools linux-kselftest-kunit-fixes-5.10-rc5 2020-11-18 11:57:55 -08:00
devicetree ASoC: meson: gx-card: fix sound-dai dt schema 2021-06-16 12:01:45 +02:00
doc-guide
driver-api firmware: xilinx: Remove zynqmp_pm_get_eemi_ops() in IS_REACHABLE(CONFIG_ZYNQMP_FIRMWARE) 2021-05-14 09:50:05 +02:00
fault-injection
fb
features
filesystems seq_file: document how per-entry resources are managed. 2021-03-04 11:38:37 +01:00
firmware_class
firmware-guide Documentation: ACPI: fix spelling mistakes 2020-11-10 18:48:56 +01:00
fpga
gpu drm: Use USB controller's DMA mask when importing dmabufs 2021-03-17 17:06:19 +01:00
hid
hwmon
i2c
ia64
ide
iio
infiniband
input
isdn
kbuild kbuild: remove unused OBJSIZE 2020-11-02 11:31:00 +09:00
kernel-hacking
leds docs: leds: index.rst: add a missing file 2020-11-02 13:45:37 +01:00
litmus-tests
livepatch
locking Documentation: seqlock: s/LOCKTYPE/LOCKNAME/g 2020-12-30 11:54:11 +01:00
m68k
maintainer
mhi
mips
misc-devices Documentation: remove mic/index from misc-devices/index.rst 2020-11-04 11:38:32 +01:00
netlabel
networking docs: networking: drop special stable handling 2021-03-17 17:06:13 +01:00
nios2
nvdimm
openrisc
parisc
PCI
pcmcia
power
powerpc powerpc/64s/syscall: Use pt_regs.trap to distinguish syscall ABI difference between sc and scv syscalls 2021-05-26 12:06:53 +02:00
process docs: networking: drop special stable handling 2021-03-17 17:06:13 +01:00
RCU
riscv
s390
scheduler
scsi scsi: libsas: Introduce a _gfp() variant of event notifiers 2021-03-25 09:04:11 +01:00
security watch_queue: Drop references to /dev/watch_queue 2021-03-04 11:37:59 +01:00
sh
sound ALSA: doc: Fix reference to mixart.rst 2021-01-19 18:27:17 +01:00
sparc
sphinx tweewide: Fix most Shebang lines 2021-05-22 11:40:55 +02:00
sphinx-static
spi
staging
target tweewide: Fix most Shebang lines 2021-05-22 11:40:55 +02:00
timers
trace tweewide: Fix most Shebang lines 2021-05-22 11:40:55 +02:00
translations net: switch to the kernel.org patchwork instance 2020-11-11 17:12:00 -08:00
usb
userspace-api Documentation: seccomp: Fix user notification documentation 2021-06-03 09:00:31 +02:00
virt KVM: X86: MMU: Use the correct inherited permissions to get shadow page 2021-06-16 12:01:40 +02:00
vm mm/slub: clarify verification reporting 2021-06-23 14:42:53 +02:00
w1
watchdog
x86 x86/CPU/AMD: Save AMD NodeId as cpu_die_id 2020-12-30 11:54:29 +01:00
xtensa xtensa: fix TLBTEMP area placement 2020-11-16 02:13:15 -08:00
.gitignore
asm-annotations.rst x86/entry: Emit a symbol for register restoring thunk 2021-02-03 23:28:40 +01:00
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py This pull contains a series of warning fixes from Mauro; once applied, the 2020-11-03 13:14:14 -08:00
COPYING-logo
docutils.conf
dontdiff kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
index.rst
Kconfig docs: Kconfig/Makefile: add a check for broken ABI files 2020-10-30 13:08:07 +01:00
logo.gif
Makefile A small number of fixes, plus a build tweak to respect the desire for 2020-11-03 09:57:30 -08:00
memory-barriers.txt
SubmittingPatches
watch_queue.rst