-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluVX/YACgkQONu9yGCS
aT5cHhAApha2JGf7uUZP9pVDBIWh/9il4jkA6w2Fs8pj5RFwTCDtxBe9iNMOloLV
j9mPd2ToEPI4H6Je5clOiLQxkM/tZ2/MQVITLpCM+9lahWB5pOxqC9buAlEYzN0v
NQ9ppUJIakeAJwJJqFxtqhb4tL+hng9BifL57+PPFykFb2xLEcmj8zMXZL5TvaCh
MF+bckiRZgZ8HgoQ2HUC3Jl5x/4QqUjhNBEzCNJ2iC8+h94lE7LoBMiRoC+QF1th
5c3Uqg+vNS/s6FOYlFGEeL2/VvzPYboIqWUFTNb39lws+hGaQ/9Ba5soFpPMuHz4
wLS+fFWuUSWi3XO1Id1imHWFaVAnbAro5vFJ/qvM6j2m3feryI6NCWEyQsEJpoLH
SRt+Lv4lllNgm1I9ieVfEldqyVfHsW6rtp0cV9uRBCgdVMOnOktO0ra1sN25IIA4
97JgOKmrFD/OAOzr5Yz0b3WKseZw+gD4iJwVAFClX9F2n0dWbPHqPPitmxu6iafu
Z1+Pw7V2HmAT2KkaLeSFSOFBa28zbXLzkzdKSabqDr5rPS7tbz4M+Gne7D803K//
sLbRfAm4YM/OirroGVDcFpugGtu4xDmqvkVVpXvjc83CNrqKkX60Jc3kJY9gweiv
v2s+gfTrK0s+tiUcIyKjtBqlBa9jHPfbzkorq3g0ia9ioO8fSWI=
=22ds
-----END PGP SIGNATURE-----
Merge 4.9.126 into android-4.9
Changes in 4.9.126
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
uart: fix race between uart_put_char() and uart_shutdown()
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
9p: fix multiple NULL-pointer-dereferences
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
osf_getdomainname(): use copy_to_user()
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
printk/tracing: Do not trace printk_nmi_enter()
bcache: release dc->writeback_lock properly in bch_writeback_thread()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam/jr - fix descriptor DMA unmapping
fs/quota: Fix spectre gadget in do_quotactl
Linux 4.9.126
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream.
Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The builtin keyring was exported prior to this which allowed
android-verity to simply lookup the key in the builtin keyring and
verify the signature of the verity metadata.
This is now broken as the kernel expects the signature to be
in pkcs#7 format (same used for module signing). Obviously, this doesn't
work with the verity metadata as we just append the raw signature in the
metadata .. sigh.
*This one time*, add an API to accept arbitrary signature and verify
that with a key from system's trusted keyring.
Bug: 72722987
Test:
$ adb push verity_fs.img /data/local/tmp/
$ adb root && adb shell
> cd /data/local/tmp
> losetup /dev/block/loop0 verity_fs.img
> dmctl create verity-fs android-verity 0 4200 Android:#7e4333f9bba00adfe0ede979e28ed1920492b40f 7:0
> mount -t ext4 /dev/block/dm-0 temp/
> cat temp/foo.txt temp/bar.txt
Change-Id: I0c14f3cb2b587b73a4c75907367769688756213e
Signed-off-by: Sandeep Patil <sspatil@google.com>
Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.
verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.
Signed-off-by: David Howells <dhowells@redhat.com>
Generalise system_verify_data() to provide access to internal content
through a callback. This allows all the PKCS#7 stuff to be hidden inside
this function and removed from the PE file parser and the PKCS#7 test key.
If external content is not required, NULL should be passed as data to the
function. If the callback is not required, that can be set to NULL.
The function is now called verify_pkcs7_signature() to contrast with
verify_pefile_signature() and the definitions of both have been moved into
linux/verification.h along with the key_being_used_for enum.
Signed-off-by: David Howells <dhowells@redhat.com>
