diff for duplicates of <20181116200712.14154-12-bauerman@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 07ee179..e25eddf 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -37,9 +37,9 @@ index 69c06e2d7bd6..312d60cee702 100644 static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value) { -- return xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG; -+ return xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -+ xattr_value->type = IMA_MODSIG); +- return xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG; ++ return xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG || ++ xattr_value->type == IMA_MODSIG); } /* @@ -131,10 +131,10 @@ index c6459408e6b2..27a1dbb52544 100644 { @@ -198,6 +214,14 @@ int ima_read_xattr(struct dentry *dentry, 0, GFP_NOFS); - if (ret = -EOPNOTSUPP) + if (ret == -EOPNOTSUPP) ret = 0; + /* IMA_MODSIG is only allowed when appended to files. */ -+ else if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) { ++ else if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) { + ret = -EINVAL; + + kfree(*xattr_value); @@ -153,7 +153,7 @@ index c6459408e6b2..27a1dbb52544 100644 - if (!(inode->i_opflags & IOP_XATTR)) + /* If not appraising a modsig, we need an xattr. */ -+ if ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) && ++ if ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) && + !(inode->i_opflags & IOP_XATTR)) return INTEGRITY_UNKNOWN; @@ -167,7 +167,7 @@ index c6459408e6b2..27a1dbb52544 100644 + * If it's a modsig, we don't have the xattr contents to pass to + * evm_verifyxattr(). + */ -+ if (xattr_value->type = IMA_MODSIG) { ++ if (xattr_value->type == IMA_MODSIG) { + xattr_contents = NULL; + xattr_contents_len = 0; + } else { @@ -184,7 +184,7 @@ index c6459408e6b2..27a1dbb52544 100644 break; case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */ + /* It's fine not to have xattrs when using a modsig. */ -+ if (xattr_value->type = IMA_MODSIG) ++ if (xattr_value->type == IMA_MODSIG) + break; + /* fall through */ case INTEGRITY_NOLABEL: /* No security.evm xattr. */ @@ -200,7 +200,7 @@ index c6459408e6b2..27a1dbb52544 100644 - (const char *)xattr_value, rc, - iint->ima_hash->digest, - iint->ima_hash->length); -+ if (xattr_value->type = EVM_IMA_XATTR_DIGSIG) ++ if (xattr_value->type == EVM_IMA_XATTR_DIGSIG) + rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, + (const char *)xattr_value, + rc, iint->ima_hash->digest, @@ -208,15 +208,15 @@ index c6459408e6b2..27a1dbb52544 100644 + else + rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, + xattr_value); - if (rc = -EOPNOTSUPP) { + if (rc == -EOPNOTSUPP) { status = INTEGRITY_UNKNOWN; } else if (rc) { @@ -444,7 +494,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); - if (result = 1) { + if (result == 1) { - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) -+ if (!xattr_value_len || xvalue->type = IMA_MODSIG || ++ if (!xattr_value_len || xvalue->type == IMA_MODSIG || + xvalue->type >= IMA_XATTR_LAST) return -EINVAL; ima_reset_appraise_flags(d_backing_inode(dentry), @@ -422,7 +422,7 @@ index 84d428cbbca8..e095d35d804d 100644 + if (!hdr) + return; + -+ if (hdr->type = IMA_MODSIG) { ++ if (hdr->type == IMA_MODSIG) { + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; + + pkcs7_free_message(modsig->pkcs7_msg); diff --git a/a/content_digest b/N1/content_digest index 2aa917c..cbee9bf 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020181116200712.14154-1-bauerman@linux.ibm.com\0" "From\0Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" "Subject\0[PATCH v8 11/14] ima: Implement support for module-style appended signatures\0" - "Date\0Fri, 16 Nov 2018 20:07:09 +0000\0" + "Date\0Fri, 16 Nov 2018 18:07:09 -0200\0" "To\0linux-integrity@vger.kernel.org\0" "Cc\0linux-security-module@vger.kernel.org" keyrings@vger.kernel.org @@ -63,9 +63,9 @@ " \n" " static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value)\n" " {\n" - "-\treturn xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG;\n" - "+\treturn xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "+\t\t\t xattr_value->type = IMA_MODSIG);\n" + "-\treturn xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG;\n" + "+\treturn xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "+\t\t\t xattr_value->type == IMA_MODSIG);\n" " }\n" " \n" " /*\n" @@ -157,10 +157,10 @@ " {\n" "@@ -198,6 +214,14 @@ int ima_read_xattr(struct dentry *dentry,\n" " \t\t\t\t 0, GFP_NOFS);\n" - " \tif (ret = -EOPNOTSUPP)\n" + " \tif (ret == -EOPNOTSUPP)\n" " \t\tret = 0;\n" "+\t/* IMA_MODSIG is only allowed when appended to files. */\n" - "+\telse if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) {\n" + "+\telse if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) {\n" "+\t\tret = -EINVAL;\n" "+\n" "+\t\tkfree(*xattr_value);\n" @@ -179,7 +179,7 @@ " \n" "-\tif (!(inode->i_opflags & IOP_XATTR))\n" "+\t/* If not appraising a modsig, we need an xattr. */\n" - "+\tif ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) &&\n" + "+\tif ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) &&\n" "+\t !(inode->i_opflags & IOP_XATTR))\n" " \t\treturn INTEGRITY_UNKNOWN;\n" " \n" @@ -193,7 +193,7 @@ "+\t * If it's a modsig, we don't have the xattr contents to pass to\n" "+\t * evm_verifyxattr().\n" "+\t */\n" - "+\tif (xattr_value->type = IMA_MODSIG) {\n" + "+\tif (xattr_value->type == IMA_MODSIG) {\n" "+\t\txattr_contents = NULL;\n" "+\t\txattr_contents_len = 0;\n" "+\t} else {\n" @@ -210,7 +210,7 @@ " \t\tbreak;\n" " \tcase INTEGRITY_NOXATTRS:\t/* No EVM protected xattrs. */\n" "+\t\t/* It's fine not to have xattrs when using a modsig. */\n" - "+\t\tif (xattr_value->type = IMA_MODSIG)\n" + "+\t\tif (xattr_value->type == IMA_MODSIG)\n" "+\t\t\tbreak;\n" "+\t\t/* fall through */\n" " \tcase INTEGRITY_NOLABEL:\t\t/* No security.evm xattr. */\n" @@ -226,7 +226,7 @@ "-\t\t\t\t\t (const char *)xattr_value, rc,\n" "-\t\t\t\t\t iint->ima_hash->digest,\n" "-\t\t\t\t\t iint->ima_hash->length);\n" - "+\t\tif (xattr_value->type = EVM_IMA_XATTR_DIGSIG)\n" + "+\t\tif (xattr_value->type == EVM_IMA_XATTR_DIGSIG)\n" "+\t\t\trc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,\n" "+\t\t\t\t\t\t (const char *)xattr_value,\n" "+\t\t\t\t\t\t rc, iint->ima_hash->digest,\n" @@ -234,15 +234,15 @@ "+\t\telse\n" "+\t\t\trc = ima_modsig_verify(INTEGRITY_KEYRING_IMA,\n" "+\t\t\t\t\t xattr_value);\n" - " \t\tif (rc = -EOPNOTSUPP) {\n" + " \t\tif (rc == -EOPNOTSUPP) {\n" " \t\t\tstatus = INTEGRITY_UNKNOWN;\n" " \t\t} else if (rc) {\n" "@@ -444,7 +494,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" " \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" " \t\t\t\t xattr_value_len);\n" - " \tif (result = 1) {\n" + " \tif (result == 1) {\n" "-\t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" - "+\t\tif (!xattr_value_len || xvalue->type = IMA_MODSIG ||\n" + "+\t\tif (!xattr_value_len || xvalue->type == IMA_MODSIG ||\n" "+\t\t xvalue->type >= IMA_XATTR_LAST)\n" " \t\t\treturn -EINVAL;\n" " \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" @@ -448,7 +448,7 @@ "+\tif (!hdr)\n" "+\t\treturn;\n" "+\n" - "+\tif (hdr->type = IMA_MODSIG) {\n" + "+\tif (hdr->type == IMA_MODSIG) {\n" "+\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "+\n" "+\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -468,4 +468,4 @@ " \tIMA_XATTR_LAST\n" }; -1e0ee8b6f5f0b76e6d38d5ca7d4073fd094427bdd5f3bd46685405141e59c97d +b0242e96bec7aa9a5127e5874f87b5814aeb4906591773fdfedabae8f859192d
diff --git a/a/1.txt b/N2/1.txt index 07ee179..e25eddf 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -37,9 +37,9 @@ index 69c06e2d7bd6..312d60cee702 100644 static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value) { -- return xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG; -+ return xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -+ xattr_value->type = IMA_MODSIG); +- return xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG; ++ return xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG || ++ xattr_value->type == IMA_MODSIG); } /* @@ -131,10 +131,10 @@ index c6459408e6b2..27a1dbb52544 100644 { @@ -198,6 +214,14 @@ int ima_read_xattr(struct dentry *dentry, 0, GFP_NOFS); - if (ret = -EOPNOTSUPP) + if (ret == -EOPNOTSUPP) ret = 0; + /* IMA_MODSIG is only allowed when appended to files. */ -+ else if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) { ++ else if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) { + ret = -EINVAL; + + kfree(*xattr_value); @@ -153,7 +153,7 @@ index c6459408e6b2..27a1dbb52544 100644 - if (!(inode->i_opflags & IOP_XATTR)) + /* If not appraising a modsig, we need an xattr. */ -+ if ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) && ++ if ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) && + !(inode->i_opflags & IOP_XATTR)) return INTEGRITY_UNKNOWN; @@ -167,7 +167,7 @@ index c6459408e6b2..27a1dbb52544 100644 + * If it's a modsig, we don't have the xattr contents to pass to + * evm_verifyxattr(). + */ -+ if (xattr_value->type = IMA_MODSIG) { ++ if (xattr_value->type == IMA_MODSIG) { + xattr_contents = NULL; + xattr_contents_len = 0; + } else { @@ -184,7 +184,7 @@ index c6459408e6b2..27a1dbb52544 100644 break; case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */ + /* It's fine not to have xattrs when using a modsig. */ -+ if (xattr_value->type = IMA_MODSIG) ++ if (xattr_value->type == IMA_MODSIG) + break; + /* fall through */ case INTEGRITY_NOLABEL: /* No security.evm xattr. */ @@ -200,7 +200,7 @@ index c6459408e6b2..27a1dbb52544 100644 - (const char *)xattr_value, rc, - iint->ima_hash->digest, - iint->ima_hash->length); -+ if (xattr_value->type = EVM_IMA_XATTR_DIGSIG) ++ if (xattr_value->type == EVM_IMA_XATTR_DIGSIG) + rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, + (const char *)xattr_value, + rc, iint->ima_hash->digest, @@ -208,15 +208,15 @@ index c6459408e6b2..27a1dbb52544 100644 + else + rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, + xattr_value); - if (rc = -EOPNOTSUPP) { + if (rc == -EOPNOTSUPP) { status = INTEGRITY_UNKNOWN; } else if (rc) { @@ -444,7 +494,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); - if (result = 1) { + if (result == 1) { - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) -+ if (!xattr_value_len || xvalue->type = IMA_MODSIG || ++ if (!xattr_value_len || xvalue->type == IMA_MODSIG || + xvalue->type >= IMA_XATTR_LAST) return -EINVAL; ima_reset_appraise_flags(d_backing_inode(dentry), @@ -422,7 +422,7 @@ index 84d428cbbca8..e095d35d804d 100644 + if (!hdr) + return; + -+ if (hdr->type = IMA_MODSIG) { ++ if (hdr->type == IMA_MODSIG) { + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; + + pkcs7_free_message(modsig->pkcs7_msg); diff --git a/a/content_digest b/N2/content_digest index 2aa917c..53dcdc5 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,27 +1,27 @@ "ref\020181116200712.14154-1-bauerman@linux.ibm.com\0" "From\0Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" "Subject\0[PATCH v8 11/14] ima: Implement support for module-style appended signatures\0" - "Date\0Fri, 16 Nov 2018 20:07:09 +0000\0" + "Date\0Fri, 16 Nov 2018 18:07:09 -0200\0" "To\0linux-integrity@vger.kernel.org\0" - "Cc\0linux-security-module@vger.kernel.org" - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org + "Cc\0Herbert Xu <herbert@gondor.apana.org.au>" linux-doc@vger.kernel.org + Dmitry Kasatkin <dmitry.kasatkin@gmail.com> + David S. Miller <davem@davemloft.net> + Jonathan Corbet <corbet@lwn.net> linux-kernel@vger.kernel.org Mimi Zohar <zohar@linux.ibm.com> - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> James Morris <jmorris@namei.org> - Serge E. Hallyn <serge@hallyn.com> David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@kernel.org> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - Jonathan Corbet <corbet@lwn.net> AKASHI Takahiro <takahiro.akashi@linaro.org> - " Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" + linux-security-module@vger.kernel.org + keyrings@vger.kernel.org + linux-crypto@vger.kernel.org + Jessica Yu <jeyu@kernel.org> + linuxppc-dev@lists.ozlabs.org + David Woodhouse <dwmw2@infradead.org> + Thiago Jung Bauermann <bauerman@linux.ibm.com> + " Serge E. Hallyn <serge@hallyn.com>\0" "\00:1\0" "b\0" "Implement the appraise_type=imasig|modsig option, allowing IMA to read and\n" @@ -63,9 +63,9 @@ " \n" " static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value)\n" " {\n" - "-\treturn xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG;\n" - "+\treturn xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "+\t\t\t xattr_value->type = IMA_MODSIG);\n" + "-\treturn xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG;\n" + "+\treturn xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "+\t\t\t xattr_value->type == IMA_MODSIG);\n" " }\n" " \n" " /*\n" @@ -157,10 +157,10 @@ " {\n" "@@ -198,6 +214,14 @@ int ima_read_xattr(struct dentry *dentry,\n" " \t\t\t\t 0, GFP_NOFS);\n" - " \tif (ret = -EOPNOTSUPP)\n" + " \tif (ret == -EOPNOTSUPP)\n" " \t\tret = 0;\n" "+\t/* IMA_MODSIG is only allowed when appended to files. */\n" - "+\telse if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) {\n" + "+\telse if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) {\n" "+\t\tret = -EINVAL;\n" "+\n" "+\t\tkfree(*xattr_value);\n" @@ -179,7 +179,7 @@ " \n" "-\tif (!(inode->i_opflags & IOP_XATTR))\n" "+\t/* If not appraising a modsig, we need an xattr. */\n" - "+\tif ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) &&\n" + "+\tif ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) &&\n" "+\t !(inode->i_opflags & IOP_XATTR))\n" " \t\treturn INTEGRITY_UNKNOWN;\n" " \n" @@ -193,7 +193,7 @@ "+\t * If it's a modsig, we don't have the xattr contents to pass to\n" "+\t * evm_verifyxattr().\n" "+\t */\n" - "+\tif (xattr_value->type = IMA_MODSIG) {\n" + "+\tif (xattr_value->type == IMA_MODSIG) {\n" "+\t\txattr_contents = NULL;\n" "+\t\txattr_contents_len = 0;\n" "+\t} else {\n" @@ -210,7 +210,7 @@ " \t\tbreak;\n" " \tcase INTEGRITY_NOXATTRS:\t/* No EVM protected xattrs. */\n" "+\t\t/* It's fine not to have xattrs when using a modsig. */\n" - "+\t\tif (xattr_value->type = IMA_MODSIG)\n" + "+\t\tif (xattr_value->type == IMA_MODSIG)\n" "+\t\t\tbreak;\n" "+\t\t/* fall through */\n" " \tcase INTEGRITY_NOLABEL:\t\t/* No security.evm xattr. */\n" @@ -226,7 +226,7 @@ "-\t\t\t\t\t (const char *)xattr_value, rc,\n" "-\t\t\t\t\t iint->ima_hash->digest,\n" "-\t\t\t\t\t iint->ima_hash->length);\n" - "+\t\tif (xattr_value->type = EVM_IMA_XATTR_DIGSIG)\n" + "+\t\tif (xattr_value->type == EVM_IMA_XATTR_DIGSIG)\n" "+\t\t\trc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,\n" "+\t\t\t\t\t\t (const char *)xattr_value,\n" "+\t\t\t\t\t\t rc, iint->ima_hash->digest,\n" @@ -234,15 +234,15 @@ "+\t\telse\n" "+\t\t\trc = ima_modsig_verify(INTEGRITY_KEYRING_IMA,\n" "+\t\t\t\t\t xattr_value);\n" - " \t\tif (rc = -EOPNOTSUPP) {\n" + " \t\tif (rc == -EOPNOTSUPP) {\n" " \t\t\tstatus = INTEGRITY_UNKNOWN;\n" " \t\t} else if (rc) {\n" "@@ -444,7 +494,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" " \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" " \t\t\t\t xattr_value_len);\n" - " \tif (result = 1) {\n" + " \tif (result == 1) {\n" "-\t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" - "+\t\tif (!xattr_value_len || xvalue->type = IMA_MODSIG ||\n" + "+\t\tif (!xattr_value_len || xvalue->type == IMA_MODSIG ||\n" "+\t\t xvalue->type >= IMA_XATTR_LAST)\n" " \t\t\treturn -EINVAL;\n" " \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" @@ -448,7 +448,7 @@ "+\tif (!hdr)\n" "+\t\treturn;\n" "+\n" - "+\tif (hdr->type = IMA_MODSIG) {\n" + "+\tif (hdr->type == IMA_MODSIG) {\n" "+\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "+\n" "+\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -468,4 +468,4 @@ " \tIMA_XATTR_LAST\n" }; -1e0ee8b6f5f0b76e6d38d5ca7d4073fd094427bdd5f3bd46685405141e59c97d +d31f5e8c780b407509c478bb7bfc91a436609419f27012a7f4185e91d9562309
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.