Merge 3bb156a556 ("Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux") into android-mainline

Steps on the way to 6.6-rc1

Change-Id: I5b478409bb52f4010f4ca61c3aceb025dac43837
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2023-09-17 19:46:46 +00:00
2 changed files with 24 additions and 0 deletions
+8
View File
@@ -226,6 +226,14 @@ void __init fsverity_check_hash_algs(void)
if (!alg->name)
continue;
/*
* 0 must never be allocated as an FS_VERITY_HASH_ALG_* value,
* as it is reserved for users that use 0 to mean unspecified or
* a default value. fs/verity/ itself doesn't care and doesn't
* have a default algorithm, but some users make use of this.
*/
BUG_ON(i == 0);
BUG_ON(alg->digest_size > FS_VERITY_MAX_DIGEST_SIZE);
/*
+16
View File
@@ -62,6 +62,22 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
return 0;
}
if (fsverity_keyring->keys.nr_leaves_on_tree == 0) {
/*
* The ".fs-verity" keyring is empty, due to builtin signatures
* being supported by the kernel but not actually being used.
* In this case, verify_pkcs7_signature() would always return an
* error, usually ENOKEY. It could also be EBADMSG if the
* PKCS#7 is malformed, but that isn't very important to
* distinguish. So, just skip to ENOKEY to avoid the attack
* surface of the PKCS#7 parser, which would otherwise be
* reachable by any task able to execute FS_IOC_ENABLE_VERITY.
*/
fsverity_err(inode,
"fs-verity keyring is empty, rejecting signed file!");
return -ENOKEY;
}
d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
if (!d)
return -ENOMEM;