Seth Forshee [Thu, 12 Nov 2020 18:34:01 +0000 (12:34 -0600)]
UBUNTU: [Debian] Build linux-libc-dev for debian.master* branches
BugLink: https://bugs.launchpad.net/bugs/1904067
We don't build linux-libc-dev if $DEBIAN is not debian.master.
However, for a master kernel forward ported to the devel series
we do want to build linux-libc-dev. $DEBIAN will be named
debian.master-SERIES for these kernels, so allow building
linux-libc-dev for these kernels too.
Seth Forshee [Wed, 4 Nov 2020 22:25:00 +0000 (23:25 +0100)]
UBUNTU: [Debian] Update for leader included in BACKPORT_SUFFIX
BugLink: https://bugs.launchpad.net/bugs/1902957
Currently a ~ is always added to the version string before
BACKPORT_SUFFIX. Now we will also doing forward-ports to
development releases, which works exactly the same as a
backport, but we want to use + as the leader instead.
Our kernel source doesn't contain the information to determine
which leader is appropriate, but that information is available
when generating update.conf. Therefore the leader will be added
as part of BACKPORT_SUFFIX, and our packaging should not insert
any leader.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Seth Forshee [Mon, 30 Nov 2020 15:34:06 +0000 (09:34 -0600)]
UBUNTU: [Config] CONFIG_RCU_SCALE_TEST=n
BugLink: https://bugs.launchpad.net/bugs/1904906
This was enabled when rebasing to 5.10-rc1, but it is not an
option we would normally enable, and no justification was
provided for enabling it. The option also may be related to
ppc64el boot problems (though it is as of yet unclear how that
would be possible), so let's disable it.
UBUNTU: [Packaging]: linux-image should suggest linux-modules-extra
When installing linux-image, we don't want the linux-modules-extra to be
installed by default, so it should not be a Recommends. It can, however, be a
Suggests.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
UBUNTU: [Packaging]: linux-modules should depend on linux-image
When installing linux-modules package directly, it will not bring a linux-image
package as a dependency. linux-modules-extra, on the other hand, depend on a
linux-image package.
Make the linux-modules package depend on either the linux-image or the
linux-image-unsigned package.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1903293
When some changes have been already added to the changelog, like when using
insert-ubuntu-changes, and there are no other changes, we end up with two
newlines right after the stanza header.
Add a $skip_newline variable that allows us to skip that extra newline when
there are no other changes.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kelsey Skunberg <kelsey.skunberg@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Andrea Righi [Mon, 23 Nov 2020 07:43:31 +0000 (08:43 +0100)]
UBUNTU: [Config] add CONFIG_INFINIBAND_VIRT_DMA
Add CONFIG_INFINIBAND_VIRT_DMA, introduced after rebasing to 5.10-rc5.
NOTE: this config option can only be enabled if CONFIG_HIGHMEM is not
set and that is false in armhf, so it needs to be disabled in this
specific architecture.
As a consequence the following dependent config options are also
disabled (on armhf only):
- CONFIG_RDMA_RXE
- CONFIG_RDMA_SIW
This shouldn't be a problem, since these options are used by infiniband,
that is unlikely to be used with armhf.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Andrea Righi [Thu, 24 Sep 2020 12:49:32 +0000 (14:49 +0200)]
UBUNTU: [Packaging] reduce the size required to build packages
During the build we are removing flavor build directory, but this is not
applied until the end of the binary-% rule. This is too late as we have
to build, install, and generate dbgsyms for all flavors before this
triggers.
Removing the flavor build directory at the end of the install-% phase
allows to free up some space in advance and use less space overall to
build the packages.
Suggested-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Seth Forshee [Wed, 4 Nov 2020 20:46:21 +0000 (14:46 -0600)]
UBUNTU: [Config] Update CONFIG_E1000E for ppc64el in annotations
BugLink: https://bugs.launchpad.net/bugs/1902687
This option now depends on CONFIG_DMI, and thus is no longer
selectable for ppc64el. Update the annotations accordingly.
This is being submitted separately from released hardware in case of
a regression between pre-release and release hardware so this commit
can be reverted alone.
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com> Tested-by: Yijun Shen <Yijun.shen@dell.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: e1000e: Add Dell's Comet Lake systems into s0ix heuristics
BugLink: https://bugs.launchpad.net/bugs/1902687
Dell's Comet Lake Latitude and Precision systems containing i219LM are
properly configured and should use the s0ix flows.
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com> Tested-by: Yijun Shen <Yijun.shen@dell.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: e1000e: allow turning s0ix flows on for systems with ME
BugLink: https://bugs.launchpad.net/bugs/1902687
S0ix for GBE flows are needed for allowing the system to get into deepest
power state, but these require coordination of components outside of
control of Linux kernel. For systems that have confirmed to coordinate
this properly, allow turning on the s0ix flows at load time or runtime.
Fixes: e086ba2fccda ("e1000e: disable s0ix entry and exit flows for ME systems") Signed-off-by: Mario Limonciello <mario.limonciello@dell.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kan Liang [Thu, 29 Oct 2020 09:09:27 +0000 (11:09 +0200)]
UBUNTU: SAUCE: perf/x86/intel/uncore: Add Rocket Lake support
BugLink: https://bugs.launchpad.net/bugs/1902004
For Rocket Lake, the MSR uncore, e.g., CBOX, ARB and CLOCKBOX, are the
same as Tiger Lake. Share the perf code with it.
For Rocket Lake and Tiger Lake, the 8th CBOX is not mapped into a
different MSR space anymore. Add rkl_uncore_msr_init_box() to replace
skl_uncore_msr_init_box().
The IMC uncore is the similar to Ice Lake. Add new PCIIDs of IMC for
Rocket Lake.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kan Liang [Thu, 29 Oct 2020 09:09:25 +0000 (11:09 +0200)]
UBUNTU: SAUCE: perf/x86/cstate: Add Rocket Lake CPU support
BugLink: https://bugs.launchpad.net/bugs/1902004
From the perspective of Intel cstate residency counters, Rocket Lake is
the same as Ice Lake and Tiger Lake. Share the code with them. Update
the comments for Rocket Lake.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kan Liang [Thu, 29 Oct 2020 09:09:24 +0000 (11:09 +0200)]
UBUNTU: SAUCE: perf/x86/intel: Add Rocket Lake CPU support
BugLink: https://bugs.launchpad.net/bugs/1902004
From the perspective of Intel PMU, Rocket Lake is the same as Ice Lake
and Tiger Lake. Share the perf code with them.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Wed, 4 Nov 2020 00:12:45 +0000 (18:12 -0600)]
UBUNTU: [Debian] Include scripts/module.lds from builddir in headers package
The script which was previously named scripts/module-common.lds
has now been renamed to scripts/module.lds.S. We need the final
linker script in headers packages. Move it to the per-arch
headers packages since it may now differ between architectures.
Seth Forshee [Mon, 2 Nov 2020 18:05:57 +0000 (12:05 -0600)]
UBUNTU: [Config] Update numerous configs to conform with policy
When reviewing the annotations updates for the 5.10-rc2 rebase,
I noted a large number of options which did not conform to our
config policy. These have been updated. I suspect there may be
others from the 5.10-rc1 rebase which also do not conform to
policy, so further review is needed.
According to Intel, all CML root ports need this workaround, so add all
root ports from [1] to existing quirk.
[1] Intel® 400 Series Chipset Family Platform Controller Hub (PCH) Datasheet, Volume 1 of 2, Content ID: 620854 Version: 002
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1896801
Since upstream has removed python3-venv, update our build dependencies and let
linux-doc build outside a virtualenv.
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: dccp: avoid double free of ccid on child socket
When a dccp socket is cloned, the pointers to dccps_hc_rx_ccid and
dccps_hc_tx_ccid are copied. When CCID features are activated on the child
socket, the CCID objects are freed, leaving the parent socket with dangling
pointers.
During cloning, set dccps_hc_rx_ccid and dccps_hc_tx_ccid to NULL so the
parent objects are not freed.
Reported-by: Hadar Manor
CVE-2020-16119 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Juerg Haefliger <juerg.haefliger@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kai-Heng Feng [Wed, 7 Oct 2020 11:54:00 +0000 (19:54 +0800)]
UBUNTU: SAUCE: drm/i915/dpcd_bl: Skip testing control capability with force DPCD quirk
BugLink: https://bugs.launchpad.net/bugs/1898865
HP DreamColor panel needs to be controlled via AUX interface. However,
it has both DP_EDP_BACKLIGHT_BRIGHTNESS_AUX_SET_CAP and
DP_EDP_BACKLIGHT_BRIGHTNESS_PWM_PIN_CAP set, so it fails to pass
intel_dp_aux_display_control_capable() test.
Skip the test if the panel has force DPCD quirk.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: AppArmor: Remove the exclusive flag
With the inclusion of the "display" process attribute
mechanism AppArmor no longer needs to be treated as an
"exclusive" security module. Remove the flag that indicates
it is exclusive. Remove the stub getpeersec_dgram AppArmor
hook as it has no effect in the single LSM case and
interferes in the multiple LSM case.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 22:27:38 +0000 (15:27 -0700)]
UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context
Add an entry /proc/.../attr/context which displays the full
process security "context" in compound format:
lsm1\0value\0lsm2\0value\0...
This entry is not writable.
A security module may decide that its policy does not allow
this information to be displayed. In this case none of the
information will be displayed.
Casey Schaufler [Fri, 21 Aug 2020 21:59:03 +0000 (14:59 -0700)]
UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM
attributes
Create a new audit record type to contain the object information
when there are multiple security modules that require such data.
This record is emitted before the other records for the event, but
is linked with the same timestamp and serial number.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 21:29:19 +0000 (14:29 -0700)]
UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes
Create a new audit record type to contain the subject information
when there are multiple security modules that require such data.
This record is linked with the same timestamp and serial number.
The record is produced only in cases where there is more than one
security module with a process "context".
Before this change the only audit events that required multiple
records were syscall events. Several non-syscall events include
subject contexts, so the use of audit_context data has been expanded
as necessary.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-audit@redhat.com Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Fri, 21 Aug 2020 17:54:15 +0000 (10:54 -0700)]
UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob
Netlabel uses LSM interfaces requiring an lsmblob and
the internal storage is used to pass information between
these interfaces, so change the internal data from a secid
to a lsmblob. Update the netlabel interfaces and their
callers to accommodate the change. This requires that the
modules using netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 23:25:25 +0000 (16:25 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx
Change the security_inode_getsecctx() interface to fill
a lsmcontext structure instead of data and length pointers.
This provides the information about which LSM created the
context so that security_release_secctx() can use the
correct hook.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 22:19:52 +0000 (15:19 -0700)]
UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx
Replace the (secctx,seclen) pointer pair with a single
lsmcontext pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 18:47:01 +0000 (11:47 -0700)]
UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser
Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: linux-integrity@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 17:40:08 +0000 (10:40 -0700)]
UBUNTU: SAUCE: LSM: Specify which LSM to display
Create a new entry "display" in the procfs attr directory for
controlling which LSM security information is displayed for a
process. A process can only read or write its own display value.
The name of an active LSM that supplies hooks for
human readable data may be written to "display" to set the
value. The name of the LSM currently in use can be read from
"display". At this point there can only be one LSM capable
of display active. A helper function lsm_task_display() is
provided to get the display slot for a task_struct.
Setting the "display" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen <john.johansen@canonical.com>
SELinux hook provided by Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 16:24:21 +0000 (09:24 -0700)]
UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs
The IMA interfaces ima_get_action() and ima_match_policy()
call LSM functions that use lsmblobs. Change the IMA functions
to pass the lsmblob to be compatible with the LSM functions.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 15:43:21 +0000 (08:43 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid
Change the security_cred_getsecid() interface to fill in a
lsmblob instead of a u32 secid. The associated data elements
in the audit sub-system are changed from a secid to a lsmblob
to accommodate multiple possible LSM audit users.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 20 Aug 2020 00:28:57 +0000 (17:28 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid
Change the security_inode_getsecid() interface to fill in a
lsmblob structure instead of a u32 secid. This allows for its
callers to gather data from all registered LSMs. Data is provided
for IMA and audit.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Wed, 19 Aug 2020 23:06:37 +0000 (16:06 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid
Change the security_task_getsecid() interface to fill in
a lsmblob structure instead of a u32 secid in support of
LSM stacking. Audit interfaces will need to collect all
possible secids for possible reporting.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
cc: linux-integrity@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Thu, 19 Mar 2020 16:40:29 +0000 (09:40 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid
There may be more than one LSM that provides IPC data
for auditing. Change security_ipc_getsecid() to fill in
a lsmblob structure instead of the u32 secid. The
audit data structure containing the secid will be updated
later, so there is a bit of scaffolding here.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Wed, 19 Aug 2020 16:32:48 +0000 (09:32 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx
Change security_secid_to_secctx() to take a lsmblob as input
instead of a u32 secid. It will then call the LSM hooks
using the lsmblob element allocated for that module. The
callers have been updated as well. This allows for the
possibility that more than one module may be called upon
to translate a secid to a string, as can occur in the
audit code.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid
Change security_secctx_to_secid() to fill in a lsmblob instead
of a u32 secid. Multiple LSMs may be able to interpret the
string, and this allows for setting whichever secid is
appropriate. Change security_secmark_relabel_packet() to use a
lsmblob instead of a u32 secid. In some other cases there is
scaffolding where interfaces have yet to be converted.
UBUNTU: SAUCE: net: Prepare UDS for security module stacking
Change the data used in UDS SO_PEERSEC processing from a
secid to a more general struct lsmblob. Update the
security_socket_getpeersec_dgram() interface to use the
lsmblob. There is a small amount of scaffolding code
that will come out when the security_secid_to_secctx()
code is brought in line with the lsmblob.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Tue, 18 Aug 2020 17:12:56 +0000 (10:12 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as
Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.
The security module hook is unchanged, still taking a secid.
The infrastructure passes the correct entry from the lsmblob.
lsmblob_init() is used to fill the lsmblob structure, however
this will be removed later in the series when security_secctx_to_secid()
is undated to provide a lsmblob instead of a secid.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Tue, 18 Aug 2020 00:15:27 +0000 (17:15 -0700)]
UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match
Change the secid parameter of security_audit_rule_match
to a lsmblob structure pointer. Pass the entry from the
lsmblob structure for the approprite slot to the LSM hook.
Change the users of security_audit_rule_match to use the
lsmblob instead of a u32. The scaffolding function lsmblob_init()
fills the blob with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the blob structure later in the series.
At the point the use of lsmblob_init() is dropped.
Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Mon, 17 Aug 2020 23:02:56 +0000 (16:02 -0700)]
UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure.
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
The lsmblob structure is currently an array of
u32 "secids". There is an entry for each of the
security modules built into the system that would
use secids if active. The system assigns the module
a "slot" when it registers hooks. If modules are
compiled in but not registered there will be unused
slots.
A new lsm_id structure, which contains the name
of the LSM and its slot number, is created. There
is an instance for each LSM, which assigns the name
and passes it to the infrastructure to set the slot.
The audit rules data is expanded to use an array of
security module data rather than a single instance.
Because IMA uses the audit rule functions it is
affected as well.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com>
[ saf: resolve conflicts ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: LSM: Infrastructure management of the sock security
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
Acked-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Tue, 6 Oct 2020 21:29:39 +0000 (14:29 -0700)]
UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()
LSM: Infrastructure management of the sock security
changes apparmor to use aa_sock() instead of SK_CTX() but doesn't
update the apparmor unix mediation because that code is not upstream.
So make the change here instead of modifying the LSM patch.
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>