Merge tag 'hardening-v5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

L:	llvm@lists.linux.dev

S:	Supported

B:	https://github.com/ClangBuiltLinux/linux/issues

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/clang/features

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	include/linux/cfi.h

F:	kernel/cfi.c

M:	Kees Cook <keescook@chromium.org>

L:	linux-hardening@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	include/linux/fortify-string.h

F:	lib/test_fortify/*

F:	scripts/test_fortify.sh

M:	Kees Cook <keescook@chromium.org>

L:	linux-hardening@vger.kernel.org

S:	Maintained

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/kbuild/gcc-plugins.rst

F:	scripts/Makefile.gcc-plugins

F:	scripts/gcc-plugins/

F:	scripts/mod/

F:	scripts/package/

KERNEL HARDENING (not covered by other areas)

M:	Kees Cook <keescook@chromium.org>

L:	linux-hardening@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	include/linux/overflow.h

F:	include/linux/randomize_kstack.h

F:	mm/usercopy.c

K:	\b(add|choose)_random_kstack_offset\b

K:	\b__check_(object_size|heap_object)\b

KERNEL JANITORS

L:	kernel-janitors@vger.kernel.org

S:	Odd Fixes

LOADPIN SECURITY MODULE

M:	Kees Cook <keescook@chromium.org>

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/admin-guide/LSM/LoadPin.rst

F:	security/loadpin/

R:	Andy Lutomirski <luto@amacapital.net>

R:	Will Drewry <wad@chromium.org>

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/seccomp

F:	Documentation/userspace-api/seccomp_filter.rst

F:	include/linux/seccomp.h

F:	include/uapi/linux/seccomp.h

YAMA SECURITY MODULE

M:	Kees Cook <keescook@chromium.org>

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git yama/tip

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/admin-guide/LSM/Yama.rst

F:	security/yama/

obj-$(CONFIG_DM_INTEGRITY)	+= dm-integrity.o

obj-$(CONFIG_DM_ZONED)		+= dm-zoned.o

obj-$(CONFIG_DM_WRITECACHE)	+= dm-writecache.o

obj-$(CONFIG_SECURITY_LOADPIN_VERITY)	+= dm-verity-loadpin.o

ifeq ($(CONFIG_DM_INIT),y)

dm-mod-objs			+= dm-init.o

// SPDX-License-Identifier: GPL-2.0-only

#include <linux/list.h>

#include <linux/kernel.h>

#include <linux/dm-verity-loadpin.h>

#include "dm.h"

#include "dm-core.h"

#include "dm-verity.h"

#define DM_MSG_PREFIX	"verity-loadpin"

LIST_HEAD(dm_verity_loadpin_trusted_root_digests);

static bool is_trusted_verity_target(struct dm_target *ti)

{

	u8 *root_digest;

	unsigned int digest_size;

	struct dm_verity_loadpin_trusted_root_digest *trd;

	bool trusted = false;

	if (!dm_is_verity_target(ti))

		return false;

	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))

		return false;

	list_for_each_entry(trd, &dm_verity_loadpin_trusted_root_digests, node) {

		if ((trd->len == digest_size) &&

		    !memcmp(trd->data, root_digest, digest_size)) {

			trusted = true;

			break;

		}

	}

	kfree(root_digest);

	return trusted;

}

/*

 * Determines whether the file system of a superblock is located on

 * a verity device that is trusted by LoadPin.

 */

bool dm_verity_loadpin_is_bdev_trusted(struct block_device *bdev)

{

	struct mapped_device *md;

	struct dm_table *table;

	struct dm_target *ti;

	int srcu_idx;

	bool trusted = false;

	if (list_empty(&dm_verity_loadpin_trusted_root_digests))

		return false;

	md = dm_get_md(bdev->bd_dev);

	if (!md)

		return false;

	table = dm_get_live_table(md, &srcu_idx);

	if (table->num_targets != 1)

		goto out;

	ti = dm_table_get_target(table, 0);

	if (is_trusted_verity_target(ti))

		trusted = true;

out:

	dm_put_live_table(md, srcu_idx);

	dm_put(md);

	return trusted;

}

#include <linux/module.h>

#include <linux/reboot.h>

#include <linux/scatterlist.h>

#include <linux/string.h>

#define DM_MSG_PREFIX			"verity"

	return r;

}

/*

 * Check whether a DM target is a verity target.

 */

bool dm_is_verity_target(struct dm_target *ti)

{

	return ti->type->module == THIS_MODULE;

}

/*

 * Get the root digest of a verity target.

 *

 * Returns a copy of the root digest, the caller is responsible for

 * freeing the memory of the digest.

 */

int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)

{

	struct dm_verity *v = ti->private;

	if (!dm_is_verity_target(ti))

		return -EINVAL;

	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);

	if (*root_digest == NULL)

		return -ENOMEM;

	*digest_size = v->digest_size;

	return 0;

}

static struct target_type verity_target = {

	.name		= "verity",

	.features	= DM_TARGET_IMMUTABLE,

	.version	= {1, 8, 0},

	.version	= {1, 8, 1},

	.module		= THIS_MODULE,

	.ctr		= verity_ctr,

	.dtr		= verity_dtr,

extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,

				 sector_t block, u8 *digest, bool *is_zero);

extern bool dm_is_verity_target(struct dm_target *ti);

extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,

				     unsigned int *digest_size);

#endif /* DM_VERITY_H */