summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2024-02-15 11:31:07 +0100
committerPaul Moore <paul@paul-moore.com>2024-02-16 05:43:45 +0100
commit06cca5110774f7b59a1685431ac697865588f4ca (patch)
tree292dbd06c75e079965767b9ff5c48bed9b4fded1 /Documentation
parentsecurity: Introduce key_post_create_or_update hook (diff)
downloadlinux-06cca5110774f7b59a1685431ac697865588f4ca.tar.xz
linux-06cca5110774f7b59a1685431ac697865588f4ca.zip
integrity: Move integrity_kernel_module_request() to IMA
In preparation for removing the 'integrity' LSM, move integrity_kernel_module_request() to IMA, and rename it to ima_kernel_module_request(). Rewrite the function documentation, to explain better what the problem is. Compile it conditionally if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled, and call it from security.c (removed afterwards with the move of IMA to the LSM infrastructure). Adding this hook cannot be avoided, since IMA has no control on the flags passed to crypto_alloc_sig() in public_key_verify_signature(), and thus cannot pass CRYPTO_NOLOAD, which solved the problem for EVM hashing with commit e2861fa71641 ("evm: Don't deadlock if a crypto algorithm is unavailable"). EVM alone does not need to implement this hook, first because there is no mutex to deadlock, and second because even if it had it, there should be a recursive call. However, since verification from EVM can be initiated only by setting inode metadata, deadlock would occur if modprobe would do the same while loading a kernel module (which is unlikely). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions