Re: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

On Tue, Oct 8, 2019 at 9:55 PM Javier Martinez Canillas wrote: > Signed-off-by: Javier Martinez Canillas > Acked-by: Laszlo Ersek Acked-by: Matthew Garrett

Re: [PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

On 10/08/19 12:55, Javier Martinez Canillas wrote: > The driver exposes EFI runtime services to user-space through an IOCTL > interface, calling the EFI services function pointers directly without > using the efivar API. > > Disallow access to the /dev/efi_test character device when the kernel is

Re: [PATCH][next] efi/tpm: fix sanity check of unsigned tbl_size being less than zero

On 08/10/2019 17:15, Jerry Snitselaar wrote: > On Tue Oct 08 19, Dan Carpenter wrote: >> On Tue, Oct 08, 2019 at 11:01:53AM +0100, Colin King wrote: >>> From: Colin Ian King >>> >>> Currently the check for tbl_size being less than zero is always false >>> because tbl_size is unsigned. Fix this by

Re: [PATCH][next] efi/tpm: fix sanity check of unsigned tbl_size being less than zero

On Tue Oct 08 19, Dan Carpenter wrote: On Tue, Oct 08, 2019 at 11:01:53AM +0100, Colin King wrote: From: Colin Ian King Currently the check for tbl_size being less than zero is always false because tbl_size is unsigned. Fix this by making it a signed int. Addresses-Coverity: ("Unsigned compar

Re: [PATCH][next] efi/tpm: fix sanity check of unsigned tbl_size being less than zero

On Tue Oct 08 19, Colin King wrote: From: Colin Ian King Currently the check for tbl_size being less than zero is always false because tbl_size is unsigned. Fix this by making it a signed int. Addresses-Coverity: ("Unsigned compared against 0") Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_

Re: [PATCH v6 3/9] powerpc: add support to initialize ima policy rules

On 10/02/2019 05:49 PM, Mimi Zohar wrote: On Tue, 2019-10-01 at 12:07 -0400, Nayna wrote: On 09/30/2019 09:04 PM, Thiago Jung Bauermann wrote: Hello, Hi, diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c new file mode 100644 index ..39401b67f19e ---

Re: [PATCH][next] efi/tpm: fix sanity check of unsigned tbl_size being less than zero

On Tue, Oct 08, 2019 at 11:01:53AM +0100, Colin King wrote: > From: Colin Ian King > > Currently the check for tbl_size being less than zero is always false > because tbl_size is unsigned. Fix this by making it a signed int. > > Addresses-Coverity: ("Unsigned compared against 0") > Fixes: e658c8

[tip: efi/urgent] efi/tpm: Fix sanity check of unsigned tbl_size being less than zero

The following commit has been merged into the efi/urgent branch of tip: Commit-ID: be59d57f98065af0b8472f66a0a969207b168680 Gitweb: https://git.kernel.org/tip/be59d57f98065af0b8472f66a0a969207b168680 Author:Colin Ian King AuthorDate:Tue, 08 Oct 2019 11:01:53 +01:00 Committ

[PATCH v2] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

The driver exposes EFI runtime services to user-space through an IOCTL interface, calling the EFI services function pointers directly without using the efivar API. Disallow access to the /dev/efi_test character device when the kernel is locked down to prevent arbitrary user-space to call EFI runti

[PATCH][next] efi/tpm: fix sanity check of unsigned tbl_size being less than zero

From: Colin Ian King Currently the check for tbl_size being less than zero is always false because tbl_size is unsigned. Fix this by making it a signed int. Addresses-Coverity: ("Unsigned compared against 0") Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_final_log_size' after successful even