mirror of
https://github.com/torvalds/linux.git
synced 2024-10-31 01:01:52 +00:00
78dc53c422
Pull security subsystem updates from James Morris: "In this patchset, we finally get an SELinux update, with Paul Moore taking over as maintainer of that code. Also a significant update for the Keys subsystem, as well as maintenance updates to Smack, IMA, TPM, and Apparmor" and since I wanted to know more about the updates to key handling, here's the explanation from David Howells on that: "Okay. There are a number of separate bits. I'll go over the big bits and the odd important other bit, most of the smaller bits are just fixes and cleanups. If you want the small bits accounting for, I can do that too. (1) Keyring capacity expansion. KEYS: Consolidate the concept of an 'index key' for key access KEYS: Introduce a search context structure KEYS: Search for auth-key by name rather than target key ID Add a generic associative array implementation. KEYS: Expand the capacity of a keyring Several of the patches are providing an expansion of the capacity of a keyring. Currently, the maximum size of a keyring payload is one page. Subtract a small header and then divide up into pointers, that only gives you ~500 pointers on an x86_64 box. However, since the NFS idmapper uses a keyring to store ID mapping data, that has proven to be insufficient to the cause. Whatever data structure I use to handle the keyring payload, it can only store pointers to keys, not the keys themselves because several keyrings may point to a single key. This precludes inserting, say, and rb_node struct into the key struct for this purpose. I could make an rbtree of records such that each record has an rb_node and a key pointer, but that would use four words of space per key stored in the keyring. It would, however, be able to use much existing code. I selected instead a non-rebalancing radix-tree type approach as that could have a better space-used/key-pointer ratio. I could have used the radix tree implementation that we already have and insert keys into it by their serial numbers, but that means any sort of search must iterate over the whole radix tree. Further, its nodes are a bit on the capacious side for what I want - especially given that key serial numbers are randomly allocated, thus leaving a lot of empty space in the tree. So what I have is an associative array that internally is a radix-tree with 16 pointers per node where the index key is constructed from the key type pointer and the key description. This means that an exact lookup by type+description is very fast as this tells us how to navigate directly to the target key. I made the data structure general in lib/assoc_array.c as far as it is concerned, its index key is just a sequence of bits that leads to a pointer. It's possible that someone else will be able to make use of it also. FS-Cache might, for example. (2) Mark keys as 'trusted' and keyrings as 'trusted only'. KEYS: verify a certificate is signed by a 'trusted' key KEYS: Make the system 'trusted' keyring viewable by userspace KEYS: Add a 'trusted' flag and a 'trusted only' flag KEYS: Separate the kernel signature checking keyring from module signing These patches allow keys carrying asymmetric public keys to be marked as being 'trusted' and allow keyrings to be marked as only permitting the addition or linkage of trusted keys. Keys loaded from hardware during kernel boot or compiled into the kernel during build are marked as being trusted automatically. New keys can be loaded at runtime with add_key(). They are checked against the system keyring contents and if their signatures can be validated with keys that are already marked trusted, then they are marked trusted also and can thus be added into the master keyring. Patches from Mimi Zohar make this usable with the IMA keyrings also. (3) Remove the date checks on the key used to validate a module signature. X.509: Remove certificate date checks It's not reasonable to reject a signature just because the key that it was generated with is no longer valid datewise - especially if the kernel hasn't yet managed to set the system clock when the first module is loaded - so just remove those checks. (4) Make it simpler to deal with additional X.509 being loaded into the kernel. KEYS: Load *.x509 files into kernel keyring KEYS: Have make canonicalise the paths of the X.509 certs better to deduplicate The builder of the kernel now just places files with the extension ".x509" into the kernel source or build trees and they're concatenated by the kernel build and stuffed into the appropriate section. (5) Add support for userspace kerberos to use keyrings. KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches KEYS: Implement a big key type that can save to tmpfs Fedora went to, by default, storing kerberos tickets and tokens in tmpfs. We looked at storing it in keyrings instead as that confers certain advantages such as tickets being automatically deleted after a certain amount of time and the ability for the kernel to get at these tokens more easily. To make this work, two things were needed: (a) A way for the tickets to persist beyond the lifetime of all a user's sessions so that cron-driven processes can still use them. The problem is that a user's session keyrings are deleted when the session that spawned them logs out and the user's user keyring is deleted when the UID is deleted (typically when the last log out happens), so neither of these places is suitable. I've added a system keyring into which a 'persistent' keyring is created for each UID on request. Each time a user requests their persistent keyring, the expiry time on it is set anew. If the user doesn't ask for it for, say, three days, the keyring is automatically expired and garbage collected using the existing gc. All the kerberos tokens it held are then also gc'd. (b) A key type that can hold really big tickets (up to 1MB in size). The problem is that Active Directory can return huge tickets with lots of auxiliary data attached. We don't, however, want to eat up huge tracts of unswappable kernel space for this, so if the ticket is greater than a certain size, we create a swappable shmem file and dump the contents in there and just live with the fact we then have an inode and a dentry overhead. If the ticket is smaller than that, we slap it in a kmalloc()'d buffer" * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (121 commits) KEYS: Fix keyring content gc scanner KEYS: Fix error handling in big_key instantiation KEYS: Fix UID check in keyctl_get_persistent() KEYS: The RSA public key algorithm needs to select MPILIB ima: define '_ima' as a builtin 'trusted' keyring ima: extend the measurement list to include the file signature kernel/system_certificate.S: use real contents instead of macro GLOBAL() KEYS: fix error return code in big_key_instantiate() KEYS: Fix keyring quota misaccounting on key replacement and unlink KEYS: Fix a race between negating a key and reading the error set KEYS: Make BIG_KEYS boolean apparmor: remove the "task" arg from may_change_ptraced_domain() apparmor: remove parent task info from audit logging apparmor: remove tsk field from the apparmor_audit_struct apparmor: fix capability to not use the current task, during reporting Smack: Ptrace access check mode ima: provide hash algo info in the xattr ima: enable support for larger default filedata hash algorithms ima: define kernel parameter 'ima_template=' to change configured default ima: add Kconfig default measurement list template ...
455 lines
9.8 KiB
Plaintext
455 lines
9.8 KiB
Plaintext
#
|
|
# Library configuration
|
|
#
|
|
|
|
config BINARY_PRINTF
|
|
def_bool n
|
|
|
|
menu "Library routines"
|
|
|
|
config RAID6_PQ
|
|
tristate
|
|
|
|
config BITREVERSE
|
|
tristate
|
|
|
|
config RATIONAL
|
|
boolean
|
|
|
|
config GENERIC_STRNCPY_FROM_USER
|
|
bool
|
|
|
|
config GENERIC_STRNLEN_USER
|
|
bool
|
|
|
|
config GENERIC_NET_UTILS
|
|
bool
|
|
|
|
config GENERIC_FIND_FIRST_BIT
|
|
bool
|
|
|
|
config NO_GENERIC_PCI_IOPORT_MAP
|
|
bool
|
|
|
|
config GENERIC_PCI_IOMAP
|
|
bool
|
|
|
|
config GENERIC_IOMAP
|
|
bool
|
|
select GENERIC_PCI_IOMAP
|
|
|
|
config GENERIC_IO
|
|
boolean
|
|
default n
|
|
|
|
config STMP_DEVICE
|
|
bool
|
|
|
|
config PERCPU_RWSEM
|
|
boolean
|
|
|
|
config ARCH_USE_CMPXCHG_LOCKREF
|
|
bool
|
|
|
|
config CRC_CCITT
|
|
tristate "CRC-CCITT functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC-CCITT functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC-CCITT
|
|
functions require M here.
|
|
|
|
config CRC16
|
|
tristate "CRC16 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC16 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC16
|
|
functions require M here.
|
|
|
|
config CRC_T10DIF
|
|
tristate "CRC calculation for the T10 Data Integrity Field"
|
|
select CRYPTO
|
|
select CRYPTO_CRCT10DIF
|
|
help
|
|
This option is only needed if a module that's not in the
|
|
kernel tree needs to calculate CRC checks for use with the
|
|
SCSI data integrity subsystem.
|
|
|
|
config CRC_ITU_T
|
|
tristate "CRC ITU-T V.41 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC ITU-T V.41 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC ITU-T V.41
|
|
functions require M here.
|
|
|
|
config CRC32
|
|
tristate "CRC32/CRC32c functions"
|
|
default y
|
|
select BITREVERSE
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32/CRC32c functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC32/CRC32c
|
|
functions require M here.
|
|
|
|
config CRC32_SELFTEST
|
|
bool "CRC32 perform self test on init"
|
|
default n
|
|
depends on CRC32
|
|
help
|
|
This option enables the CRC32 library functions to perform a
|
|
self test on initialization. The self test computes crc32_le
|
|
and crc32_be over byte strings with random alignment and length
|
|
and computes the total elapsed time and number of bytes processed.
|
|
|
|
choice
|
|
prompt "CRC32 implementation"
|
|
depends on CRC32
|
|
default CRC32_SLICEBY8
|
|
help
|
|
This option allows a kernel builder to override the default choice
|
|
of CRC32 algorithm. Choose the default ("slice by 8") unless you
|
|
know that you need one of the others.
|
|
|
|
config CRC32_SLICEBY8
|
|
bool "Slice by 8 bytes"
|
|
help
|
|
Calculate checksum 8 bytes at a time with a clever slicing algorithm.
|
|
This is the fastest algorithm, but comes with a 8KiB lookup table.
|
|
Most modern processors have enough cache to hold this table without
|
|
thrashing the cache.
|
|
|
|
This is the default implementation choice. Choose this one unless
|
|
you have a good reason not to.
|
|
|
|
config CRC32_SLICEBY4
|
|
bool "Slice by 4 bytes"
|
|
help
|
|
Calculate checksum 4 bytes at a time with a clever slicing algorithm.
|
|
This is a bit slower than slice by 8, but has a smaller 4KiB lookup
|
|
table.
|
|
|
|
Only choose this option if you know what you are doing.
|
|
|
|
config CRC32_SARWATE
|
|
bool "Sarwate's Algorithm (one byte at a time)"
|
|
help
|
|
Calculate checksum a byte at a time using Sarwate's algorithm. This
|
|
is not particularly fast, but has a small 256 byte lookup table.
|
|
|
|
Only choose this option if you know what you are doing.
|
|
|
|
config CRC32_BIT
|
|
bool "Classic Algorithm (one bit at a time)"
|
|
help
|
|
Calculate checksum one bit at a time. This is VERY slow, but has
|
|
no lookup table. This is provided as a debugging option.
|
|
|
|
Only choose this option if you are debugging crc32.
|
|
|
|
endchoice
|
|
|
|
config CRC7
|
|
tristate "CRC7 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC7 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC7
|
|
functions require M here.
|
|
|
|
config LIBCRC32C
|
|
tristate "CRC32c (Castagnoli, et al) Cyclic Redundancy-Check"
|
|
select CRYPTO
|
|
select CRYPTO_CRC32C
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32c functions, but a module built outside the
|
|
kernel tree does. Such modules that use library CRC32c functions
|
|
require M here. See Castagnoli93.
|
|
Module will be libcrc32c.
|
|
|
|
config CRC8
|
|
tristate "CRC8 function"
|
|
help
|
|
This option provides CRC8 function. Drivers may select this
|
|
when they need to do cyclic redundancy check according CRC8
|
|
algorithm. Module will be called crc8.
|
|
|
|
config AUDIT_GENERIC
|
|
bool
|
|
depends on AUDIT && !AUDIT_ARCH
|
|
default y
|
|
|
|
config RANDOM32_SELFTEST
|
|
bool "PRNG perform self test on init"
|
|
default n
|
|
help
|
|
This option enables the 32 bit PRNG library functions to perform a
|
|
self test on initialization.
|
|
|
|
#
|
|
# compression support is select'ed if needed
|
|
#
|
|
config ZLIB_INFLATE
|
|
tristate
|
|
|
|
config ZLIB_DEFLATE
|
|
tristate
|
|
|
|
config LZO_COMPRESS
|
|
tristate
|
|
|
|
config LZO_DECOMPRESS
|
|
tristate
|
|
|
|
config LZ4_COMPRESS
|
|
tristate
|
|
|
|
config LZ4HC_COMPRESS
|
|
tristate
|
|
|
|
config LZ4_DECOMPRESS
|
|
tristate
|
|
|
|
source "lib/xz/Kconfig"
|
|
|
|
#
|
|
# These all provide a common interface (hence the apparent duplication with
|
|
# ZLIB_INFLATE; DECOMPRESS_GZIP is just a wrapper.)
|
|
#
|
|
config DECOMPRESS_GZIP
|
|
select ZLIB_INFLATE
|
|
tristate
|
|
|
|
config DECOMPRESS_BZIP2
|
|
tristate
|
|
|
|
config DECOMPRESS_LZMA
|
|
tristate
|
|
|
|
config DECOMPRESS_XZ
|
|
select XZ_DEC
|
|
tristate
|
|
|
|
config DECOMPRESS_LZO
|
|
select LZO_DECOMPRESS
|
|
tristate
|
|
|
|
config DECOMPRESS_LZ4
|
|
select LZ4_DECOMPRESS
|
|
tristate
|
|
|
|
#
|
|
# Generic allocator support is selected if needed
|
|
#
|
|
config GENERIC_ALLOCATOR
|
|
boolean
|
|
|
|
#
|
|
# reed solomon support is select'ed if needed
|
|
#
|
|
config REED_SOLOMON
|
|
tristate
|
|
|
|
config REED_SOLOMON_ENC8
|
|
boolean
|
|
|
|
config REED_SOLOMON_DEC8
|
|
boolean
|
|
|
|
config REED_SOLOMON_ENC16
|
|
boolean
|
|
|
|
config REED_SOLOMON_DEC16
|
|
boolean
|
|
|
|
#
|
|
# BCH support is selected if needed
|
|
#
|
|
config BCH
|
|
tristate
|
|
|
|
config BCH_CONST_PARAMS
|
|
boolean
|
|
help
|
|
Drivers may select this option to force specific constant
|
|
values for parameters 'm' (Galois field order) and 't'
|
|
(error correction capability). Those specific values must
|
|
be set by declaring default values for symbols BCH_CONST_M
|
|
and BCH_CONST_T.
|
|
Doing so will enable extra compiler optimizations,
|
|
improving encoding and decoding performance up to 2x for
|
|
usual (m,t) values (typically such that m*t < 200).
|
|
When this option is selected, the BCH library supports
|
|
only a single (m,t) configuration. This is mainly useful
|
|
for NAND flash board drivers requiring known, fixed BCH
|
|
parameters.
|
|
|
|
config BCH_CONST_M
|
|
int
|
|
range 5 15
|
|
help
|
|
Constant value for Galois field order 'm'. If 'k' is the
|
|
number of data bits to protect, 'm' should be chosen such
|
|
that (k + m*t) <= 2**m - 1.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
config BCH_CONST_T
|
|
int
|
|
help
|
|
Constant value for error correction capability in bits 't'.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
#
|
|
# Textsearch support is select'ed if needed
|
|
#
|
|
config TEXTSEARCH
|
|
boolean
|
|
|
|
config TEXTSEARCH_KMP
|
|
tristate
|
|
|
|
config TEXTSEARCH_BM
|
|
tristate
|
|
|
|
config TEXTSEARCH_FSM
|
|
tristate
|
|
|
|
config BTREE
|
|
boolean
|
|
|
|
config ASSOCIATIVE_ARRAY
|
|
bool
|
|
help
|
|
Generic associative array. Can be searched and iterated over whilst
|
|
it is being modified. It is also reasonably quick to search and
|
|
modify. The algorithms are non-recursive, and the trees are highly
|
|
capacious.
|
|
|
|
See:
|
|
|
|
Documentation/assoc_array.txt
|
|
|
|
for more information.
|
|
|
|
config HAS_IOMEM
|
|
boolean
|
|
depends on !NO_IOMEM
|
|
select GENERIC_IO
|
|
default y
|
|
|
|
config HAS_IOPORT
|
|
boolean
|
|
depends on HAS_IOMEM && !NO_IOPORT
|
|
default y
|
|
|
|
config HAS_DMA
|
|
boolean
|
|
depends on !NO_DMA
|
|
default y
|
|
|
|
config CHECK_SIGNATURE
|
|
bool
|
|
|
|
config CPUMASK_OFFSTACK
|
|
bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS
|
|
help
|
|
Use dynamic allocation for cpumask_var_t, instead of putting
|
|
them on the stack. This is a bit more expensive, but avoids
|
|
stack overflow.
|
|
|
|
config DISABLE_OBSOLETE_CPUMASK_FUNCTIONS
|
|
bool "Disable obsolete cpumask functions" if DEBUG_PER_CPU_MAPS
|
|
depends on BROKEN
|
|
|
|
config CPU_RMAP
|
|
bool
|
|
depends on SMP
|
|
|
|
config DQL
|
|
bool
|
|
|
|
#
|
|
# Netlink attribute parsing support is select'ed if needed
|
|
#
|
|
config NLATTR
|
|
bool
|
|
|
|
#
|
|
# Generic 64-bit atomic support is selected if needed
|
|
#
|
|
config GENERIC_ATOMIC64
|
|
bool
|
|
|
|
config ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
|
|
def_bool y if GENERIC_ATOMIC64
|
|
|
|
config LRU_CACHE
|
|
tristate
|
|
|
|
config AVERAGE
|
|
bool "Averaging functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require averaging functions, but a module built outside
|
|
the kernel tree does. Such modules that use library averaging
|
|
functions require Y here.
|
|
|
|
If unsure, say N.
|
|
|
|
config CLZ_TAB
|
|
bool
|
|
|
|
config CORDIC
|
|
tristate "CORDIC algorithm"
|
|
help
|
|
This option provides an implementation of the CORDIC algorithm;
|
|
calculations are in fixed point. Module will be called cordic.
|
|
|
|
config DDR
|
|
bool "JEDEC DDR data"
|
|
help
|
|
Data from JEDEC specs for DDR SDRAM memories,
|
|
particularly the AC timing parameters and addressing
|
|
information. This data is useful for drivers handling
|
|
DDR SDRAM controllers.
|
|
|
|
config MPILIB
|
|
tristate
|
|
select CLZ_TAB
|
|
help
|
|
Multiprecision maths library from GnuPG.
|
|
It is used to implement RSA digital signature verification,
|
|
which is used by IMA/EVM digital signature extension.
|
|
|
|
config SIGNATURE
|
|
tristate
|
|
depends on KEYS && CRYPTO
|
|
select CRYPTO_SHA1
|
|
select MPILIB
|
|
help
|
|
Digital signature verification. Currently only RSA is supported.
|
|
Implementation is done using GnuPG MPI library
|
|
|
|
#
|
|
# libfdt files, only selected if needed.
|
|
#
|
|
config LIBFDT
|
|
bool
|
|
|
|
config OID_REGISTRY
|
|
tristate
|
|
help
|
|
Enable fast lookup object identifier registry.
|
|
|
|
config UCS2_STRING
|
|
tristate
|
|
|
|
source "lib/fonts/Kconfig"
|
|
|
|
endmenu
|