mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
c535ee76cd
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluVXrMACgkQONu9yGCS
aT5AyA//TMltTkpcS08FE8gUSgPT7ZjJdoeS0yUD7Sh8H0GV6MSn12QGgr8UWyUS
t9a01U2erwz1Ua3I+CjBxLOBfw6c5on87C9nM4ruhV4zA/umFi+odBTnXPkc1fnM
JtRgqlf5Gsy0Tp/CjcABot8P2RwyXOQBwGN544yU1GAq7WYbNg2o4YyuKd8W1epu
lro06RCS4gsmguKaxYgFxwJFYvCbhGKlS3GDLz/v0XXMkaHIzbTdUduedA/7DiIc
ZOAOaFXYLdbx2gTmodMuEWVOWUeReZnegAOQXswfjbqID0HxvNlYWCFrNAX9zDw0
JLwX2hE4LC+ptBr8AwzBbz2yhm2smcSiGENohra9MyxyNrRrlVvFBqGIOHZGl5Dm
+XPeVk1Prg/nubZ8K+1OMBMPGjrIfYESrl3JRSw3TOhF58jRSExoFSHQwKciAFbZ
6huV41/eBRYBPXKiZPv01jluZc/u05n0gHZDz6tnJSBDKICUeoHoDq3oX78tjMvK
3Qj+CZJS6DUczgz6azLx80Bnt/clEfCtQ/lC+h4SEdvnClPoOtUs7q4j74fxKG/8
bkEVVOJMFtAXTpj7VcxHL1QMoYMMqNGmheWMhzHw3CsC2TTkuAdHfY5KF70ggjH7
AN0a2BZCKj9KfsI5/IzytzfuzwMXfj6bZ9NWwKmLm37gzWLLxEg=
=z4Ok
-----END PGP SIGNATURE-----
Merge 4.14.69 into android-4.14-p
Changes in 4.14.69
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.14.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
310 lines
8.5 KiB
C
310 lines
8.5 KiB
C
/* System trusted keyring for trusted public keys
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/cred.h>
|
|
#include <linux/err.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/verification.h>
|
|
#include <keys/asymmetric-type.h>
|
|
#include <keys/system_keyring.h>
|
|
#include <crypto/pkcs7.h>
|
|
|
|
static struct key *builtin_trusted_keys;
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
static struct key *secondary_trusted_keys;
|
|
#endif
|
|
|
|
extern __initconst const u8 system_certificate_list[];
|
|
extern __initconst const unsigned long system_certificate_list_size;
|
|
|
|
/**
|
|
* restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
|
|
*
|
|
* Restrict the addition of keys into a keyring based on the key-to-be-added
|
|
* being vouched for by a key in the built in system keyring.
|
|
*/
|
|
int restrict_link_by_builtin_trusted(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *restriction_key)
|
|
{
|
|
return restrict_link_by_signature(dest_keyring, type, payload,
|
|
builtin_trusted_keys);
|
|
}
|
|
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
/**
|
|
* restrict_link_by_builtin_and_secondary_trusted - Restrict keyring
|
|
* addition by both builtin and secondary keyrings
|
|
*
|
|
* Restrict the addition of keys into a keyring based on the key-to-be-added
|
|
* being vouched for by a key in either the built-in or the secondary system
|
|
* keyrings.
|
|
*/
|
|
int restrict_link_by_builtin_and_secondary_trusted(
|
|
struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *restrict_key)
|
|
{
|
|
/* If we have a secondary trusted keyring, then that contains a link
|
|
* through to the builtin keyring and the search will follow that link.
|
|
*/
|
|
if (type == &key_type_keyring &&
|
|
dest_keyring == secondary_trusted_keys &&
|
|
payload == &builtin_trusted_keys->payload)
|
|
/* Allow the builtin keyring to be added to the secondary */
|
|
return 0;
|
|
|
|
return restrict_link_by_signature(dest_keyring, type, payload,
|
|
secondary_trusted_keys);
|
|
}
|
|
|
|
/**
|
|
* Allocate a struct key_restriction for the "builtin and secondary trust"
|
|
* keyring. Only for use in system_trusted_keyring_init().
|
|
*/
|
|
static __init struct key_restriction *get_builtin_and_secondary_restriction(void)
|
|
{
|
|
struct key_restriction *restriction;
|
|
|
|
restriction = kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
|
|
|
|
if (!restriction)
|
|
panic("Can't allocate secondary trusted keyring restriction\n");
|
|
|
|
restriction->check = restrict_link_by_builtin_and_secondary_trusted;
|
|
|
|
return restriction;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Create the trusted keyrings
|
|
*/
|
|
static __init int system_trusted_keyring_init(void)
|
|
{
|
|
pr_notice("Initialise system trusted keyrings\n");
|
|
|
|
builtin_trusted_keys =
|
|
keyring_alloc(".builtin_trusted_keys",
|
|
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
|
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
|
|
KEY_ALLOC_NOT_IN_QUOTA,
|
|
NULL, NULL);
|
|
if (IS_ERR(builtin_trusted_keys))
|
|
panic("Can't allocate builtin trusted keyring\n");
|
|
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
secondary_trusted_keys =
|
|
keyring_alloc(".secondary_trusted_keys",
|
|
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
|
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
|
|
KEY_USR_WRITE),
|
|
KEY_ALLOC_NOT_IN_QUOTA,
|
|
get_builtin_and_secondary_restriction(),
|
|
NULL);
|
|
if (IS_ERR(secondary_trusted_keys))
|
|
panic("Can't allocate secondary trusted keyring\n");
|
|
|
|
if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
|
|
panic("Can't link trusted keyrings\n");
|
|
#endif
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Must be initialised before we try and load the keys into the keyring.
|
|
*/
|
|
device_initcall(system_trusted_keyring_init);
|
|
|
|
/*
|
|
* Load the compiled-in list of X.509 certificates.
|
|
*/
|
|
static __init int load_system_certificate_list(void)
|
|
{
|
|
key_ref_t key;
|
|
const u8 *p, *end;
|
|
size_t plen;
|
|
|
|
pr_notice("Loading compiled-in X.509 certificates\n");
|
|
|
|
p = system_certificate_list;
|
|
end = p + system_certificate_list_size;
|
|
while (p < end) {
|
|
/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
|
|
* than 256 bytes in size.
|
|
*/
|
|
if (end - p < 4)
|
|
goto dodgy_cert;
|
|
if (p[0] != 0x30 &&
|
|
p[1] != 0x82)
|
|
goto dodgy_cert;
|
|
plen = (p[2] << 8) | p[3];
|
|
plen += 4;
|
|
if (plen > end - p)
|
|
goto dodgy_cert;
|
|
|
|
key = key_create_or_update(make_key_ref(builtin_trusted_keys, 1),
|
|
"asymmetric",
|
|
NULL,
|
|
p,
|
|
plen,
|
|
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
KEY_USR_VIEW | KEY_USR_READ),
|
|
KEY_ALLOC_NOT_IN_QUOTA |
|
|
KEY_ALLOC_BUILT_IN |
|
|
KEY_ALLOC_BYPASS_RESTRICTION);
|
|
if (IS_ERR(key)) {
|
|
pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
|
PTR_ERR(key));
|
|
} else {
|
|
pr_notice("Loaded X.509 cert '%s'\n",
|
|
key_ref_to_ptr(key)->description);
|
|
key_ref_put(key);
|
|
}
|
|
p += plen;
|
|
}
|
|
|
|
return 0;
|
|
|
|
dodgy_cert:
|
|
pr_err("Problem parsing in-kernel X.509 certificate list\n");
|
|
return 0;
|
|
}
|
|
late_initcall(load_system_certificate_list);
|
|
|
|
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
|
|
|
|
/**
|
|
* verify_pkcs7_signature - Verify a PKCS#7-based signature on system data.
|
|
* @data: The data to be verified (NULL if expecting internal data).
|
|
* @len: Size of @data.
|
|
* @raw_pkcs7: The PKCS#7 message that is the signature.
|
|
* @pkcs7_len: The size of @raw_pkcs7.
|
|
* @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
|
|
* (void *)1UL for all trusted keys).
|
|
* @usage: The use to which the key is being put.
|
|
* @view_content: Callback to gain access to content.
|
|
* @ctx: Context for callback.
|
|
*/
|
|
int verify_pkcs7_signature(const void *data, size_t len,
|
|
const void *raw_pkcs7, size_t pkcs7_len,
|
|
struct key *trusted_keys,
|
|
enum key_being_used_for usage,
|
|
int (*view_content)(void *ctx,
|
|
const void *data, size_t len,
|
|
size_t asn1hdrlen),
|
|
void *ctx)
|
|
{
|
|
struct pkcs7_message *pkcs7;
|
|
int ret;
|
|
|
|
pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
|
|
if (IS_ERR(pkcs7))
|
|
return PTR_ERR(pkcs7);
|
|
|
|
/* The data should be detached - so we need to supply it. */
|
|
if (data && pkcs7_supply_detached_data(pkcs7, data, len) < 0) {
|
|
pr_err("PKCS#7 signature with non-detached data\n");
|
|
ret = -EBADMSG;
|
|
goto error;
|
|
}
|
|
|
|
ret = pkcs7_verify(pkcs7, usage);
|
|
if (ret < 0)
|
|
goto error;
|
|
|
|
if (!trusted_keys) {
|
|
trusted_keys = builtin_trusted_keys;
|
|
} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
trusted_keys = secondary_trusted_keys;
|
|
#else
|
|
trusted_keys = builtin_trusted_keys;
|
|
#endif
|
|
}
|
|
ret = pkcs7_validate_trust(pkcs7, trusted_keys);
|
|
if (ret < 0) {
|
|
if (ret == -ENOKEY)
|
|
pr_err("PKCS#7 signature not signed with a trusted key\n");
|
|
goto error;
|
|
}
|
|
|
|
if (view_content) {
|
|
size_t asn1hdrlen;
|
|
|
|
ret = pkcs7_get_content_data(pkcs7, &data, &len, &asn1hdrlen);
|
|
if (ret < 0) {
|
|
if (ret == -ENODATA)
|
|
pr_devel("PKCS#7 message does not contain data\n");
|
|
goto error;
|
|
}
|
|
|
|
ret = view_content(ctx, data, len, asn1hdrlen);
|
|
}
|
|
|
|
error:
|
|
pkcs7_free_message(pkcs7);
|
|
pr_devel("<==%s() = %d\n", __func__, ret);
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
|
|
#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
|
|
|
|
/**
|
|
* verify_signature_one - Verify a signature with keys from given keyring
|
|
* @sig: The signature to be verified
|
|
* @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
|
|
* (void *)1UL for all trusted keys).
|
|
* @keyid: key description (not partial)
|
|
*/
|
|
int verify_signature_one(const struct public_key_signature *sig,
|
|
struct key *trusted_keys, const char *keyid)
|
|
{
|
|
key_ref_t ref;
|
|
struct key *key;
|
|
int ret;
|
|
|
|
if (!sig)
|
|
return -EBADMSG;
|
|
if (!trusted_keys) {
|
|
trusted_keys = builtin_trusted_keys;
|
|
} else if (trusted_keys == (void *)1UL) {
|
|
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
trusted_keys = secondary_trusted_keys;
|
|
#else
|
|
trusted_keys = builtin_trusted_keys;
|
|
#endif
|
|
}
|
|
|
|
ref = keyring_search(make_key_ref(trusted_keys, 1),
|
|
&key_type_asymmetric, keyid);
|
|
if (IS_ERR(ref)) {
|
|
pr_err("Asymmetric key (%s) not found in keyring(%s)\n",
|
|
keyid, trusted_keys->description);
|
|
return -ENOKEY;
|
|
}
|
|
|
|
key = key_ref_to_ptr(ref);
|
|
ret = verify_signature(key, sig);
|
|
key_put(key);
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(verify_signature_one);
|
|
|