diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 16:25:04 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 16:25:04 -0400 |
| commit | 3556485f1595e3964ba539e39ea682acbb835cee (patch) | |
| tree | 7f5ee254f425b1427ac0059b5f347a307f8538a1 /drivers/char | |
| parent | b8716614a7cc2fc15ea2a518edd04755fb08d922 (diff) | |
| parent | 09f61cdbb32a9d812c618d3922db533542736bb0 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris:
"The main addition here is the new Yama security module from Kees Cook,
which was discussed at the Linux Security Summit last year. Its
purpose is to collect miscellaneous DAC security enhancements in one
place. This also marks a departure in policy for LSM modules, which
were previously limited to being standalone access control systems.
Chromium OS is using Yama, and I believe there are plans for Ubuntu,
at least.
This patchset also includes maintenance updates for AppArmor, TOMOYO
and others."
Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
rename.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
AppArmor: Fix location of const qualifier on generated string tables
TOMOYO: Return error if fails to delete a domain
AppArmor: add const qualifiers to string arrays
AppArmor: Add ability to load extended policy
TOMOYO: Return appropriate value to poll().
AppArmor: Move path failure information into aa_get_name and rename
AppArmor: Update dfa matching routines.
AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
AppArmor: Add const qualifiers to generated string tables
AppArmor: Fix oops in policy unpack auditing
AppArmor: Fix error returned when a path lookup is disconnected
KEYS: testing wrong bit for KEY_FLAG_REVOKED
TOMOYO: Fix mount flags checking order.
security: fix ima kconfig warning
AppArmor: Fix the error case for chroot relative path name lookup
AppArmor: fix mapping of META_READ to audit and quiet flags
AppArmor: Fix underflow in xindex calculation
AppArmor: Fix dropping of allowed operations that are force audited
AppArmor: Add mising end of structure test to caps unpacking
...
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/tpm/Kconfig | 1 | ||||
| -rw-r--r-- | drivers/char/tpm/tpm.c | 3 | ||||
| -rw-r--r-- | drivers/char/tpm/tpm.h | 2 | ||||
| -rw-r--r-- | drivers/char/tpm/tpm_tis.c | 17 |
4 files changed, 14 insertions, 9 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 7fc75e47e6d0..a048199ce866 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig | |||
| @@ -5,7 +5,6 @@ | |||
| 5 | menuconfig TCG_TPM | 5 | menuconfig TCG_TPM |
| 6 | tristate "TPM Hardware Support" | 6 | tristate "TPM Hardware Support" |
| 7 | depends on HAS_IOMEM | 7 | depends on HAS_IOMEM |
| 8 | depends on EXPERIMENTAL | ||
| 9 | select SECURITYFS | 8 | select SECURITYFS |
| 10 | ---help--- | 9 | ---help--- |
| 11 | If you have a TPM security chip in your system, which | 10 | If you have a TPM security chip in your system, which |
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 32362cf35b8d..ad7c7320dd1b 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c | |||
| @@ -1221,12 +1221,13 @@ ssize_t tpm_read(struct file *file, char __user *buf, | |||
| 1221 | ret_size = atomic_read(&chip->data_pending); | 1221 | ret_size = atomic_read(&chip->data_pending); |
| 1222 | atomic_set(&chip->data_pending, 0); | 1222 | atomic_set(&chip->data_pending, 0); |
| 1223 | if (ret_size > 0) { /* relay data */ | 1223 | if (ret_size > 0) { /* relay data */ |
| 1224 | ssize_t orig_ret_size = ret_size; | ||
| 1224 | if (size < ret_size) | 1225 | if (size < ret_size) |
| 1225 | ret_size = size; | 1226 | ret_size = size; |
| 1226 | 1227 | ||
| 1227 | mutex_lock(&chip->buffer_mutex); | 1228 | mutex_lock(&chip->buffer_mutex); |
| 1228 | rc = copy_to_user(buf, chip->data_buffer, ret_size); | 1229 | rc = copy_to_user(buf, chip->data_buffer, ret_size); |
| 1229 | memset(chip->data_buffer, 0, ret_size); | 1230 | memset(chip->data_buffer, 0, orig_ret_size); |
| 1230 | if (rc) | 1231 | if (rc) |
| 1231 | ret_size = -EFAULT; | 1232 | ret_size = -EFAULT; |
| 1232 | 1233 | ||
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 010547138281..b1c5280ac159 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h | |||
| @@ -99,6 +99,8 @@ struct tpm_vendor_specific { | |||
| 99 | wait_queue_head_t int_queue; | 99 | wait_queue_head_t int_queue; |
| 100 | }; | 100 | }; |
| 101 | 101 | ||
| 102 | #define TPM_VID_INTEL 0x8086 | ||
| 103 | |||
| 102 | struct tpm_chip { | 104 | struct tpm_chip { |
| 103 | struct device *dev; /* Device stuff */ | 105 | struct device *dev; /* Device stuff */ |
| 104 | 106 | ||
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 70fac9abb0e2..d2a70cae76df 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c | |||
| @@ -367,7 +367,12 @@ static int probe_itpm(struct tpm_chip *chip) | |||
| 367 | 0x00, 0x00, 0x00, 0xf1 | 367 | 0x00, 0x00, 0x00, 0xf1 |
| 368 | }; | 368 | }; |
| 369 | size_t len = sizeof(cmd_getticks); | 369 | size_t len = sizeof(cmd_getticks); |
| 370 | int rem_itpm = itpm; | 370 | bool rem_itpm = itpm; |
| 371 | u16 vendor = ioread16(chip->vendor.iobase + TPM_DID_VID(0)); | ||
| 372 | |||
| 373 | /* probe only iTPMS */ | ||
| 374 | if (vendor != TPM_VID_INTEL) | ||
| 375 | return 0; | ||
| 371 | 376 | ||
| 372 | itpm = 0; | 377 | itpm = 0; |
| 373 | 378 | ||
| @@ -390,9 +395,6 @@ static int probe_itpm(struct tpm_chip *chip) | |||
| 390 | out: | 395 | out: |
| 391 | itpm = rem_itpm; | 396 | itpm = rem_itpm; |
| 392 | tpm_tis_ready(chip); | 397 | tpm_tis_ready(chip); |
| 393 | /* some TPMs need a break here otherwise they will not work | ||
| 394 | * correctly on the immediately subsequent command */ | ||
| 395 | msleep(chip->vendor.timeout_b); | ||
| 396 | release_locality(chip, chip->vendor.locality, 0); | 398 | release_locality(chip, chip->vendor.locality, 0); |
| 397 | 399 | ||
| 398 | return rc; | 400 | return rc; |
| @@ -508,7 +510,7 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, | |||
| 508 | resource_size_t len, unsigned int irq) | 510 | resource_size_t len, unsigned int irq) |
| 509 | { | 511 | { |
| 510 | u32 vendor, intfcaps, intmask; | 512 | u32 vendor, intfcaps, intmask; |
| 511 | int rc, i, irq_s, irq_e; | 513 | int rc, i, irq_s, irq_e, probe; |
| 512 | struct tpm_chip *chip; | 514 | struct tpm_chip *chip; |
| 513 | 515 | ||
| 514 | if (!(chip = tpm_register_hardware(dev, &tpm_tis))) | 516 | if (!(chip = tpm_register_hardware(dev, &tpm_tis))) |
| @@ -538,11 +540,12 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, | |||
| 538 | vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); | 540 | vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); |
| 539 | 541 | ||
| 540 | if (!itpm) { | 542 | if (!itpm) { |
| 541 | itpm = probe_itpm(chip); | 543 | probe = probe_itpm(chip); |
| 542 | if (itpm < 0) { | 544 | if (probe < 0) { |
| 543 | rc = -ENODEV; | 545 | rc = -ENODEV; |
| 544 | goto out_err; | 546 | goto out_err; |
| 545 | } | 547 | } |
| 548 | itpm = (probe == 0) ? 0 : 1; | ||
| 546 | } | 549 | } |
| 547 | 550 | ||
| 548 | if (itpm) | 551 | if (itpm) |