AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-20 13:08:08 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
975,075 Commits 1 Branch 0 Tags 2 GiB
C 97.7%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
53124265fc
Go to file
Roberto Sassu 53124265fc evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 
commit 9acc89d31f0c94c8e573ed61f3e4340bbd526d0c upstream.

EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to
temporarily disable metadata verification until all xattrs/attrs necessary
to verify an EVM portable signature are copied to the file. This flag is
cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is
calculated on unverified xattrs/attrs.

Currently EVM unnecessarily denies setting this flag if EVM is initialized
with a public key, which is not a concern as it cannot be used to trust
xattrs/attrs updates. This patch removes this limitation.

Fixes: ae1ba1676b ("EVM: Allow userland to permit modification of EVM-protected metadata")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org # 4.16.x
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-07-14 16:55:46 +02:00
arch powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() 2021-07-14 16:55:46 +02:00
block blk-mq: Swap two calls in blk_mq_exit_queue() 2021-05-19 10:13:14 +02:00
certs certs: Add ability to preload revocation certs 2021-06-30 08:47:30 -04:00
crypto async_xor: check src_offs is not NULL before updating it 2021-06-16 12:01:40 +02:00
Documentation evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 2021-07-14 16:55:46 +02:00
drivers loop: Fix missing discard support when using LOOP_CONFIGURE 2021-07-14 16:55:46 +02:00
fs f2fs: Prevent swap file in LFS mode 2021-07-14 16:55:43 +02:00
include tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:55:46 +02:00
init pid: take a reference when initializing cad_pid 2021-06-10 13:39:26 +02:00
ipc ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry 2021-05-26 12:06:54 +02:00
kernel tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:55:46 +02:00
lib seq_buf: Make trace_seq_putmem_hex() support data longer than 8 2021-07-14 16:55:46 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm mm/gup: fix try_grab_compound_head() race with split_huge_page() 2021-07-14 16:55:42 +02:00
net SUNRPC: Should wake up the privileged task firstly. 2021-07-14 16:55:42 +02:00
samples samples: vfio-mdev: fix error handing in mdpy_fb_probe() 2021-06-10 13:39:15 +02:00
scripts certs: Add ability to preload revocation certs 2021-06-30 08:47:30 -04:00
security evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded 2021-07-14 16:55:46 +02:00
sound ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC 2021-07-14 16:55:37 +02:00
tools selftests/lkdtm: Avoid needing explicit sub-shell 2021-07-14 16:55:38 +02:00
usr Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
virt KVM: do not allow mapping valid but non-reference-counted pages 2021-06-30 08:47:25 -04:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS f2fs: move ioctl interface definitions to separated file 2021-05-19 10:13:00 +02:00
Makefile Linux 5.10.49 2021-07-11 12:53:32 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.