- 09 Nov, 2015 1 commit
-
-
Martin Wilck authored
Release IRQs used for probing only. Otherwise the TPM will end up with all IRQs 3-15 assigned. Fixes: afb5abc2 ("tpm: two-phase chip management functions") Signed-off-by:
Martin Wilck <Martin.Wilck@ts.fujitsu.com> Reviewed-by:
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by:
Peter Huewe <PeterHuewe@gmx.de>
-
- 23 Oct, 2015 1 commit
-
-
James Morris authored
Merge tag 'keys-next-20151021' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
-
- 22 Oct, 2015 2 commits
-
-
-
Arnd Bergmann authored
The crypto framework can be built as a loadable module, but the apparmor hash code can only be built-in, which then causes a link error: security/built-in.o: In function `aa_calc_profile_hash': integrity_audit.c:(.text+0x21610): undefined reference to `crypto_shash_update' security/built-in.o: In function `init_profile_hash': integrity_audit.c:(.init.text+0xb4c): undefined reference to `crypto_alloc_shash' This changes Apparmor to use 'select CRYPTO' like a lot of other subsystems do. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Acked-by:
John Johansen <john.johansen@canonical.com> Signed-off-by:
James Morris <james.l.morris@oracle.com>
-
- 21 Oct, 2015 15 commits
-
-
Sangwoo authored
The size of struct file_security_struct is 16byte at my setup. But, the real allocation size for per each file_security_struct is 64bytes in my setup that kmalloc min size is 64bytes because ARCH_DMA_MINALIGN is 64. This allocation is called every times at file allocation(alloc_file()). So, the total slack memory size(allocated size - request size) is increased exponentially. E.g) Min Kmalloc Size : 64bytes, Unit : bytes Allocated Size | Request Size | Slack Size | Allocation Count --------------------------------------------------------------- 770048 | 192512 | 577536 | 12032 At the result, this change reduce memory usage 42bytes per each file_security_struct Signed-off-by:Sangwoo <sangwoo2.park@lge.com> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> [PM: removed extra subject prefix] Signed-off-by:
Paul Moore <pmoore@redhat.com>
-
Geliang Tang authored
Fixes the following sparse warning: security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was not declared. Should it be static? Signed-off-by:
Geliang Tang <geliangtang@163.com> Acked-by:
Jeff Vander Stoep <jeffv@google.com> Acked-by:
-
Rasmus Villemoes authored
sprintf returns the number of characters printed (excluding '\0'), so we can use that and avoid duplicating the length computation. Signed-off-by:
Rasmus Villemoes <linux@rasmusvillemoes.dk> Acked-by:
-
Rasmus Villemoes authored
This is much simpler. Signed-off-by:
-
Rasmus Villemoes authored
Signed-off-by:
-
Rasmus Villemoes authored
security_context_to_sid() expects a const char* argument, so there's no point in casting away the const qualifier of value. Signed-off-by:
-
Rasmus Villemoes authored
There seems to be a little confusion as to whether the scontext_len parameter of security_context_to_sid() includes the nul-byte or not. Reading security_context_to_sid_core(), it seems that the expectation is that it does not (both the string copying and the test for scontext_len being zero hint at that). Introduce the helper security_context_str_to_sid() to do the strlen() call and fix all callers. Signed-off-by:
-
Jeff Vander Stoep authored
Use the ATTR_FILE attribute to distinguish between truncate() and ftruncate() system calls. The two other cases where do_truncate is called with a filp (and therefore ATTR_FILE is set) are for coredump files and for open(O_TRUNC). In both of those cases the open permission has already been checked during file open and therefore does not need to be repeated. Commit 95dbf739 ("SELinux: check OPEN on truncate calls") fixed a major issue where domains were allowed to truncate files without the open permission. However, it introduced a new bug where a domain with the write permission can no longer ftruncate files without the open permission, even when they receive an already open file. Signed-off-by:
-
Paul Moore authored
Change the SELinux checkreqprot default value to 0 so that SELinux performs access control checking on the actual memory protections used by the kernel and not those requested by the application. Signed-off-by: -
David Howells authored
Merge the type-specific data with the payload data into one four-word chunk as it seems pointless to keep them separate. Use user_key_payload() for accessing the payloads of overloaded user-defined keys. Signed-off-by:David Howells <dhowells@redhat.com> cc: linux-cifs@vger.kernel.org cc: ecryptfs@vger.kernel.org cc: linux-ext4@vger.kernel.org cc: linux-f2fs-devel@lists.sourceforge.net cc: linux-nfs@vger.kernel.org cc: ceph-devel@vger.kernel.org cc: linux-ima-devel@lists.sourceforge.net
-
David Howells authored
The supplied script takes a signed module file and extracts the tailmost signature (there could theoretically be more than one) and dumps all or part of it or the unsigned file to stdout. Call as: scripts/extract-module-sig.pl -[0adnks] module-file >out where the initial flag indicates which bit of the signed file you want dumping to stdout: (*) "-0". Dumps the unsigned data with the signature stripped. (*) "-a". Dumps all of the signature data, including the magic number. (*) "-d". Dumps the signature information block as a sequence of decimal numbers in text form with spaces between (crypto algorithm type, hash type, identifier type, signer's name length, key identifier length and signature length). (*) "-n". Dumps the signer's name contents. (*) "-k". Dumps the key identifier contents. (*) "-s". Dumps the cryptographic signature contents. In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will print a warning to stderr and dump nothing to stdout, but will otherwise complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d" will show "0 0 2 0 0 <pkcs#7-msg-len>". Signed-off-by: -
David Howells authored
The supplied script takes a vmlinux file - and if necessary a System.map file - locates the system certificates list and extracts it to the named file. Call as: ./scripts/extract-sys-certs vmlinux certs if vmlinux contains symbols and: ./scripts/extract-sys-certs -s System.map vmlinux certs if it does not. It prints something like the following to stdout: Have 27 sections No symbols in vmlinux, trying System.map Have 80088 symbols Have 1346 bytes of certs at VMA 0xffffffff8201c540 Certificate list in section .init.data Certificate list at file offset 0x141c540 If vmlinux contains symbols then that is used rather than System.map - even if one is given. Signed-off-by: -
Insu Yun authored
key->description and key->index_key.description are same because they are unioned. But, for readability, using same name for duplication and validation seems better. Signed-off-by:
Insu Yun <wuninsu@gmail.com> Signed-off-by:
-
Paul Gortmaker authored
Currently we see this in "git status" if we build in the source dir: Untracked files: (use "git add <file>..." to include in what will be committed) certs/x509_certificate_list It looks like it used to live in kernel/ so we squash that .gitignore entry at the same time. I didn't bother to dig through git history to see when it moved, since it is just a minor annoyance at most. Cc: David Woodhouse <dwmw2@infradead.org> Cc: keyrings@linux-nfs.org Signed-off-by:Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by:
-
Geliang Tang authored
There is no need to make a flag to tell that this memory is allocated by kmalloc or vmalloc. Just use kvfree to free the memory. Signed-off-by:
-
- 20 Oct, 2015 2 commits
-
-
-
James Morris authored
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
-
- 19 Oct, 2015 1 commit
-
-
Zbigniew Jasinski authored
This feature introduces new kernel interface: - <smack_fs>/relabel-self - for setting transition labels list This list is used to control smack label transition mechanism. List is set by, and per process. Process can transit to new label only if label is on the list. Only process with CAP_MAC_ADMIN capability can add labels to this list. With this list, process can change it's label without CAP_MAC_ADMIN but only once. After label changing, list is unset. Changes in v2: * use list_for_each_entry instead of _rcu during label write * added missing description in security/Smack.txt Changes in v3: * squashed into one commit Changes in v4: * switch from global list to per-task list * since the per-task list is accessed only by the task itself there is no need to use synchronization mechanisms on it Changes in v5: * change smackfs interface of relabel-self to the one used for onlycap multiple labels are accepted, separated by space, which replace the previous list upon write Signed-off-by:
Zbigniew Jasinski <z.jasinski@samsung.com> Signed-off-by:
Rafal Krypa <r.krypa@samsung.com> Acked-by:
Casey Schaufler <casey@schaufler-ca.com>
-
- 18 Oct, 2015 18 commits
-
-
Hon Ching \(Vicky\) Lo authored
The base pointer for the event log is allocated in the local kernel (in prom_instantiate_sml()), therefore it is already in the host's endian byte order and requires no conversion. The content of the 'basep' pointer in read_log() stores the base address of the log. This patch ensures that it is correctly implemented. Signed-off-by:
Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com> Signed-off-by:
Joy Latten <jmlatten@linux.vnet.ibm.com> Reviewed-by:
Ashley Lai <ashley@ahsleylai.com> Signed-off-by:
-
Hon Ching \(Vicky\) Lo authored
This patch makes the code endianness independent. We defined a macro do_endian_conversion to apply endianness to raw integers in the event entries so that they will be displayed properly. tpm_binary_bios_measurements_show() is modified for the display. Signed-off-by:
-
Krzysztof Kozlowski authored
i2c_driver does not need to set an owner because i2c_register_driver() will set it. Signed-off-by:
Krzysztof Kozlowski <k.kozlowski@samsung.com> Reviewed-by:
-
Hon Ching \(Vicky\) Lo authored
The OS should ask Power Firmware (PFW) for the size of the buffer allocated for the event log, instead of the size of the actual event log. It then passes the buffer adddress and size to PFW in the handover process, into which PFW copies the log. Signed-off-by:
-
Hon Ching \(Vicky\) Lo authored
The event log generated by OpenFirmware in PowerPC is 4-byte aligned. This patch reformats the log to be byte-aligned for the Linux client. Signed-off-by:
-
Hon Ching \(Vicky\) Lo authored
Replace all occurrences of '/ibm,vtpm' with '/vdevice/vtpm', as only the latter is guanranteed to be available for the client OS. The '/ibm,vtpm' node should only be used by Open Firmware, which is susceptible to changes. Signed-off-by:
-
Jarkko Sakkinen authored
At the moment, no one has time to pay enough attention to this subsystem so that patches get eventually merged into linux-next. Even critical bug fixes can lie for weeks. I'm happy to continue with the current maintainers if they are able to do their job but if this is not the case I cannot find any other solution but apply myself for the job. If there is someone more experienced and/or competent, I'm also happy to let one take the stand. Anything works as long as it works. I just want a solution for this bottleneck. Signed-off-by:
-
Jarkko Sakkinen authored
Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips. We require explicit 'keyhandle=' option because there's no a fixed storage root key inside TPM2 chips. Signed-off-by:
Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de> Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com> (on TPM 1.2) Tested-by:
Chris J Arges <chris.j.arges@canonical.com> Tested-by:
Colin Ian King <colin.king@canonical.com> Tested-by:
Kevin Strasser <kevin.strasser@intel.com> Signed-off-by:
-
Jarkko Sakkinen authored
Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing trusted keys. This patch implements basic sealing and unsealing functionality for TPM 2.0: * Seal with a parent key using a 20 byte auth value. * Unseal with a parent key using a 20 byte auth value. Signed-off-by:
-
Jarkko Sakkinen authored
Moved struct trusted_key_options to trustes-type.h so that the fields can be accessed from drivers/char/tpm. Signed-off-by:
-
Jarkko Sakkinen authored
This patch introduces struct tpm_buf that provides a string buffer for constructing TPM commands. This allows to construct variable sized TPM commands. For the buffer a page is allocated and mapped, which limits maximum size to PAGE_SIZE. Variable sized TPM commands are needed in order to add algorithmic agility. Signed-off-by:
-
Jarkko Sakkinen authored
Updated Documentation/ABI/testing/sysfs-driver-ppi in order to explain where PPI attributes are located and how backwards compatibility is addressed. Signed-off-by:
-
Jarkko Sakkinen authored
Moved PPI attributes to the character device directory. This aligns with the sysfs guidelines and makes them race free because they are created atomically with the character device as part of device_register().The character device and the sysfs attributes appear at the same time to the user space. As part of this change we enable PPI attributes also for TPM 2.0 devices. In order to retain backwards compatibility with TPM 1.x devices, a symlink is created to the platform device directory. Signed-off-by:
Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com> (on TPM 1.2) Tested-by:
-
Jarkko Sakkinen authored
Added a new function __compat_only_sysfs_link_group_to_kobj() that adds a symlink from attribute or group to a kobject. This needed for maintaining backwards compatibility with PPI attributes in the TPM driver. Signed-off-by:
-
Jarkko Sakkinen authored
Both for FIFO and CRB interface TCG has decided to use the same HID MSFT0101. They can be differentiated by looking at the start method from TPM2 ACPI table. This patches makes necessary fixes to tpm_tis and tpm_crb modules in order to correctly detect, which module should be used. For MSFT0101 we must use struct acpi_driver because struct pnp_driver has a 7 character limitation. It turned out that the root cause in b371616b was not correct for https://bugzilla.kernel.org/show_bug.cgi?id=98181. v2: * One fixup was missing from v1: is_tpm2_fifo -> is_fifo v3: * Use pnp_driver for existing HIDs and acpi_driver only for MSFT0101 in order ensure backwards compatibility. v4: * Check for FIFO before doing *anything* in crb_acpi_add(). * There was return immediately after acpi_bus_unregister_driver() in cleanup_tis(). This caused pnp_unregister_driver() not to be called. Cc: stable@kernel.org Reported-by:
Michael Saunders <mick.saunders@gmail.com> Reported-by:
Michael Marley <michael@michaelmarley.com> Reported-by:
Jethro Beekman <kernel@jbeekman.nl> Reported-by:
Matthew Garrett <mjg59@srcf.ucam.org> Signed-off-by:
-
Jarkko Sakkinen authored
The command buffer address must be read with exactly two 32-bit reads. Otherwise, on some HW platforms, it seems that HW will abort the read operation, which causes CPU to fill the read bytes with 1's. Therefore, we cannot rely on memcpy_fromio() but must call ioread32() two times instead. Also, this matches the PC Client Platform TPM Profile specification, which defines command buffer address with two 32-bit fields. Cc: stable@kernel.org Signed-off-by:
-
Hon Ching \(Vicky\) Lo authored
At ibm vtpm initialzation, tpm_ibmvtpm_probe() registers its interrupt handler, ibmvtpm_interrupt, which calls ibmvtpm_crq_process to allocate memory for rtce buffer. The current code uses 'GFP_KERNEL' as the type of kernel memory allocation, which resulted a warning at kernel/lockdep.c. This patch uses 'GFP_ATOMIC' instead so that the allocation is high-priority and does not sleep. Cc: stable@kernel.org Signed-off-by:
-
Geert Uytterhoeven authored
The GPIO subsystem provides dummy GPIO consumer functions if GPIOLIB is not enabled. Hence drivers that depend on GPIOLIB, but use GPIO consumer functionality only, can still be compiled if GPIOLIB is not enabled. Relax the dependency on GPIOLIB if COMPILE_TEST is enabled, where appropriate. Signed-off-by:
Geert Uytterhoeven <geert@linux-m68k.org> Acked-by:
Linus Walleij <linus.walleij@linaro.org> Reviewed-by:
-
