2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-12 15:24:00 +08:00

Merge branch 'next-loadpin' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull LoadPin updates from James Morris:
 "From Kees: This is a small reporting improvement and the param change
  needed for the ordering series (but since the loadpin change is
  desired and separable, I'm putting it here)"

* 'next-loadpin' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  LoadPin: Rename boot param "enabled" to "enforce"
  LoadPin: Report friendly block device name
This commit is contained in:
Linus Torvalds 2018-10-25 13:32:00 -07:00
commit 24ed334f33
2 changed files with 17 additions and 13 deletions

View File

@ -10,10 +10,10 @@ config SECURITY_LOADPIN
have a root filesystem backed by a read-only device such as
dm-verity or a CDROM.
config SECURITY_LOADPIN_ENABLED
config SECURITY_LOADPIN_ENFORCE
bool "Enforce LoadPin at boot"
depends on SECURITY_LOADPIN
help
If selected, LoadPin will enforce pinning at boot. If not
selected, it can be enabled at boot with the kernel parameter
"loadpin.enabled=1".
"loadpin.enforce=1".

View File

@ -44,7 +44,7 @@ static void report_load(const char *origin, struct file *file, char *operation)
kfree(pathname);
}
static int enabled = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENABLED);
static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE);
static struct super_block *pinned_root;
static DEFINE_SPINLOCK(pinned_root_spinlock);
@ -60,8 +60,8 @@ static struct ctl_path loadpin_sysctl_path[] = {
static struct ctl_table loadpin_sysctl_table[] = {
{
.procname = "enabled",
.data = &enabled,
.procname = "enforce",
.data = &enforce,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
@ -84,8 +84,11 @@ static void check_pinning_enforcement(struct super_block *mnt_sb)
* device, allow sysctl to change modes for testing.
*/
if (mnt_sb->s_bdev) {
char bdev[BDEVNAME_SIZE];
ro = bdev_read_only(mnt_sb->s_bdev);
pr_info("dev(%u,%u): %s\n",
bdevname(mnt_sb->s_bdev, bdev);
pr_info("%s (%u:%u): %s\n", bdev,
MAJOR(mnt_sb->s_bdev->bd_dev),
MINOR(mnt_sb->s_bdev->bd_dev),
ro ? "read-only" : "writable");
@ -97,7 +100,7 @@ static void check_pinning_enforcement(struct super_block *mnt_sb)
loadpin_sysctl_table))
pr_notice("sysctl registration failed!\n");
else
pr_info("load pinning can be disabled.\n");
pr_info("enforcement can be disabled.\n");
} else
pr_info("load pinning engaged.\n");
}
@ -128,7 +131,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
/* This handles the older init_module API that has a NULL file. */
if (!file) {
if (!enabled) {
if (!enforce) {
report_load(origin, NULL, "old-api-pinning-ignored");
return 0;
}
@ -151,7 +154,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
* Unlock now since it's only pinned_root we care about.
* In the worst case, we will (correctly) report pinning
* failures before we have announced that pinning is
* enabled. This would be purely cosmetic.
* enforcing. This would be purely cosmetic.
*/
spin_unlock(&pinned_root_spinlock);
check_pinning_enforcement(pinned_root);
@ -161,7 +164,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
}
if (IS_ERR_OR_NULL(pinned_root) || load_root != pinned_root) {
if (unlikely(!enabled)) {
if (unlikely(!enforce)) {
report_load(origin, file, "pinning-ignored");
return 0;
}
@ -186,10 +189,11 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
void __init loadpin_add_hooks(void)
{
pr_info("ready to pin (currently %sabled)", enabled ? "en" : "dis");
pr_info("ready to pin (currently %senforcing)\n",
enforce ? "" : "not ");
security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin");
}
/* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
module_param(enabled, int, 0);
MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)");
module_param(enforce, int, 0);
MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");