mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/arch/x86/kernel
History
Linus Torvalds f218a29c25 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 
Pull integrity updates from James Morris:
 "In Linux 4.19, a new LSM hook named security_kernel_load_data was
  upstreamed, allowing LSMs and IMA to prevent the kexec_load syscall.
  Different signature verification methods exist for verifying the
  kexec'ed kernel image. This adds additional support in IMA to prevent
  loading unsigned kernel images via the kexec_load syscall,
  independently of the IMA policy rules, based on the runtime "secure
  boot" flag. An initial IMA kselftest is included.

  In addition, this pull request defines a new, separate keyring named
  ".platform" for storing the preboot/firmware keys needed for verifying
  the kexec'ed kernel image's signature and includes the associated IMA
  kexec usage of the ".platform" keyring.

  (David Howell's and Josh Boyer's patches for reading the
  preboot/firmware keys, which were previously posted for a different
  use case scenario, are included here)"

* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  integrity: Remove references to module keyring
  ima: Use inode_is_open_for_write
  ima: Support platform keyring for kernel appraisal
  efi: Allow the "db" UEFI variable to be suppressed
  efi: Import certificates from UEFI Secure Boot
  efi: Add an EFI signature blob parser
  efi: Add EFI signature data types
  integrity: Load certs to the platform keyring
  integrity: Define a trusted platform keyring
  selftests/ima: kexec_load syscall test
  ima: don't measure/appraise files on efivarfs
  x86/ima: retry detecting secure boot mode
  docs: Extend trusted keys documentation for TPM 2.0
  x86/ima: define arch_get_ima_policy() for x86
  ima: add support for arch specific policies
  ima: refactor ima_init_policy()
  ima: prevent kexec_load syscall based on runtime secureboot flag
  x86/ima: define arch_ima_get_secureboot
  integrity: support new struct public_key_signature encoding field
 		2019-01-02 09:43:14 -08:00
..
acpi x86: Fix various typos in comments 2018-12-03 10:49:13 +01:00
apic x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
cpu mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
fpu Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 17:37:51 -08:00
kprobes Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 17:03:51 -08:00
.gitignore
Makefile x86/ima: retry detecting secure boot mode 2018-12-11 07:19:45 -05:00
alternative.c Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 17:54:58 +01:00
amd_gart_64.c x86/dma/amd-gart: Stop resizing dma_debug_entry pool 2018-12-11 14:32:12 +01:00
amd_nb.c x86/amd_nb: Add PCI device IDs for family 17h, model 30h 2018-11-07 21:36:09 +01:00
apb_timer.c
aperture_64.c x86/gart: Rewrite early_gart_iommu_check() comment 2018-11-05 21:18:31 +01:00
apm_32.c x86/APM: Fix build warning when PROC_FS is not enabled 2018-09-15 10:16:25 +02:00
asm-offsets.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
asm-offsets_32.c x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler 2018-07-20 01:11:36 +02:00
asm-offsets_64.c x86/paravirt: Move the pv_irq_ops under the PARAVIRT_XXL umbrella 2018-09-03 16:50:36 +02:00
audit_64.c
bootflag.c
check.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
cpuid.c x86/cpuid: Allow cpuid_read() to schedule 2018-03-27 12:01:48 +02:00
crash.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
crash_dump_32.c
crash_dump_64.c x86: Fix various typos in comments 2018-12-03 10:49:13 +01:00
devicetree.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
doublefault.c
dumpstack.c x86/process: Don't mix user/kernel regs in 64bit __show_regs() 2018-09-06 14:33:12 +02:00
dumpstack_32.c x86/dumpstack: Unify show_regs() 2018-03-08 12:04:59 +01:00
dumpstack_64.c x86/dumpstack: Unify show_regs() 2018-03-08 12:04:59 +01:00
e820.c memblock: stop using implicit alignment to SMP_CACHE_BYTES 2018-10-31 08:54:16 -07:00
early-quirks.c On GEM side: 2018-07-20 12:29:24 +10:00
early_printk.c x86/earlyprintk: Add a force option for pciserial device 2018-10-02 21:02:47 +02:00
ebda.c
eisa.c x86/EISA: Don't probe EISA bus for Xen PV guests 2018-09-11 23:36:50 +02:00
espfix_64.c x86/espfix: Document use of _PAGE_GLOBAL 2018-04-09 18:27:33 +02:00
ftrace.c x86/ftrace: Do not call function graph from dynamic trampolines 2018-12-19 22:43:37 -05:00
ftrace_32.S
ftrace_64.S x86/ftrace: Do not call function graph from dynamic trampolines 2018-12-19 22:43:37 -05:00
head32.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head64.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head_32.S x86/pgtable/32: Allocate 8k page-tables when PTI is enabled 2018-07-20 01:11:41 +02:00
head_64.S xen/pvh: Split CONFIG_XEN_PVH into CONFIG_PVH and CONFIG_XEN_PVH 2018-12-13 13:41:49 -05:00
hpet.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
hw_breakpoint.c perf/arch/x86: Implement hw_breakpoint_arch_parse() 2018-06-26 09:07:55 +02:00
i8237.c x86/i8237: Register device based on FADT legacy boot flag 2018-04-27 16:44:29 +02:00
i8253.c
i8259.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
idt.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
ima_arch.c x86/ima: retry detecting secure boot mode 2018-12-11 07:19:45 -05:00
io_delay.c
ioport.c x86/ioport: add ksys_ioperm() helper; remove in-kernel calls to sys_ioperm() 2018-04-02 20:16:12 +02:00
irq.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irq_32.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irq_64.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irq_work.c
irqflags.S x86/paravirt: Make native_save_fl() extern inline 2018-07-03 10:56:27 +02:00
irqinit.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
itmt.c
jailhouse.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
jump_label.c x86/jump_label: Switch to jump_entry accessors 2018-09-27 17:56:48 +02:00
kdebugfs.c
kexec-bzimage64.c Fix kexec forbidding kernels signed with keys in the secondary keyring to boot 2018-08-16 09:57:20 -07:00
kgdb.c kgdb/treewide: constify struct kgdb_arch arch_kgdb_ops 2018-12-30 08:33:06 +00:00
ksysfs.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
kvm.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
kvmclock.c x86/kvmclock: convert to SPDX identifiers 2018-12-21 11:28:25 +01:00
ldt.c x86/ldt: Remove unused variable in map_ldt_struct() 2018-11-06 21:35:11 +01:00
livepatch.c
machine_kexec_32.c x86/kexec: Allocate 8k PGDs for PTI 2018-07-30 13:53:48 +02:00
machine_kexec_64.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
mmconf-fam10h_64.c
module.c x86: Add support for 64-bit place relative relocations 2018-09-27 17:56:47 +02:00
mpparse.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
msr.c x86: Clean up 'sizeof x' => 'sizeof(x)' 2018-10-29 07:13:28 +01:00
nmi.c
nmi_selftest.c
paravirt-spinlocks.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
paravirt.c x86/paravirt: Remove unused _paravirt_ident_32 2018-10-30 09:55:31 +01:00
paravirt_patch_32.c x86/paravirt: Remove unused _paravirt_ident_32 2018-10-30 09:55:31 +01:00
paravirt_patch_64.c x86/paravirt: Remove unused _paravirt_ident_32 2018-10-30 09:55:31 +01:00
pci-calgary_64.c x86/calgary: remove the mapping_error dma_map_ops method 2018-12-06 06:56:46 -08:00
pci-dma.c dma-mapping: bypass indirect calls for dma-direct 2018-12-13 21:06:18 +01:00
pci-iommu_table.c x86/iommu: Use NULL instead of 0 2018-08-02 14:33:19 +02:00
pci-swiotlb.c dma-direct: merge swiotlb_dma_ops into the dma_direct code 2018-12-13 21:06:17 +01:00
pcspeaker.c x86/platform/pcspeaker: Use PTR_ERR_OR_ZERO() to fix ptr_ret.cocci warning 2018-07-24 09:46:42 +02:00
perf_regs.c perf/x86: Store user space frame-pointer value on a sample 2018-05-25 08:11:12 +02:00
platform-quirks.c x86/i8237: Register device based on FADT legacy boot flag 2018-04-27 16:44:29 +02:00
pmem.c
probe_roms.c
process.c Linux 4.20-rc5 2018-12-03 10:47:53 +01:00
process.h x86/speculation: Change misspelled STIPB to STIBP 2018-12-06 11:49:15 +01:00
process_32.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 17:37:51 -08:00
process_64.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 18:08:18 -08:00
ptrace.c x86/fsgsbase/64: Fix the base write helper functions 2018-12-18 14:26:09 +01:00
pvclock.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
quirks.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
reboot.c x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump 2018-02-17 11:47:45 +01:00
reboot_fixups_32.c
relocate_kernel_32.S
relocate_kernel_64.S x86/kexec: Make kexec (mostly) work in 5-level paging mode 2018-01-31 08:39:40 +01:00
resource.c
rtc.c x86: Convert x86_platform_ops to timespec64 2018-05-19 14:03:14 +02:00
setup.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
setup_percpu.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
signal.c rseq: Avoid infinite recursion when delivering SIGSEGV 2018-06-22 19:04:22 +02:00
signal_compat.c signal: Add TRAP_UNK si_code for undiagnosted trap exceptions 2018-04-25 10:40:56 -05:00
smp.c x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d 2018-08-05 09:53:13 +02:00
smpboot.c x86/topology: Use total_cpus for max logical packages calculation 2018-12-18 13:38:37 +01:00
stacktrace.c x86/stacktrace: Do not fail for ORC with regs on stack 2018-06-21 16:34:56 +02:00
step.c
sys_x86_64.c x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT 2018-11-01 12:59:25 +01:00
sysfb.c
sysfb_efi.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
sysfb_simplefb.c
tboot.c iommu/vtd: Cleanup dma_remapping.h header 2018-11-12 14:22:56 +01:00
tce_64.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
time.c Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 19:07:25 +01:00
tls.c
tls.h
topology.c x86/xen: Disable CPU0 hotplug for Xen PV 2018-09-12 21:15:02 +02:00
trace_clock.c
tracepoint.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
traps.c x86/traps: Use format string with panic() call 2018-10-29 07:19:26 +01:00
tsc.c Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 17:54:58 +01:00
tsc_msr.c x86/cpu: Sanitize FAM6_ATOM naming 2018-10-02 10:14:32 +02:00
tsc_sync.c
umip.c signal/x86: Use force_sig_fault where appropriate 2018-09-21 15:30:54 +02:00
unwind_frame.c
unwind_guess.c
unwind_orc.c x86/unwind/orc: Detect the end of the stack 2018-06-21 16:34:56 +02:00
uprobes.c signal: Properly deliver SIGSEGV from x86 uprobes 2018-09-11 21:18:53 +02:00
verify_cpu.S
vm86_32.c x86/mm/tlb: Add freed_tables argument to flush_tlb_mm_range 2018-10-09 16:51:12 +02:00
vmlinux.lds.S Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 18:43:04 +01:00
vsmp_64.c x86/vsmp: Remove dependency on pv_irq_ops 2018-11-06 21:35:11 +01:00
x86_init.c x86/acpi, x86/boot: Take RSDP address for boot params if available 2018-10-10 10:44:22 +02:00