Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
 "In this release:

   - PKCS#7 parser for the key management subsystem from David Howells
   - appoint Kees Cook as seccomp maintainer
   - bugfixes and general maintenance across the subsystem"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (94 commits)
  X.509: Need to export x509_request_asymmetric_key()
  netlabel: shorter names for the NetLabel catmap funcs/structs
  netlabel: fix the catmap walking functions
  netlabel: fix the horribly broken catmap functions
  netlabel: fix a problem when setting bits below the previously lowest bit
  PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1
  tpm: simplify code by using %*phN specifier
  tpm: Provide a generic means to override the chip returned timeouts
  tpm: missing tpm_chip_put in tpm_get_random()
  tpm: Properly clean sysfs entries in error path
  tpm: Add missing tpm_do_selftest to ST33 I2C driver
  PKCS#7: Use x509_request_asymmetric_key()
  Revert "selinux: fix the default socket labeling in sock_graft()"
  X.509: x509_request_asymmetric_keys() doesn't need string length arguments
  PKCS#7: fix sparse non static symbol warning
  KEYS: revert encrypted key change
  ima: add support for measuring and appraising firmware
  firmware_class: perform new LSM checks
  security: introduce kernel_fw_from_file hook
  PKCS#7: Missing inclusion of linux/err.h
  ...

12 files changed, 531 insertions, 9 deletions

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 84b13ad67c1c..aa93e5ef594c 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -78,8 +78,11 @@ extern const kernel_cap_t __cap_init_eff_set;
 # error Fix up hand-coded capability macro initializers
 #else /* HAND-CODED capability initializers */
 
+#define CAP_LAST_U32                    ((_KERNEL_CAPABILITY_U32S) - 1)
+#define CAP_LAST_U32_VALID_MASK         (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
+
 # define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
-# define CAP_FULL_SET     ((kernel_cap_t){{ ~0, ~0 }})
+# define CAP_FULL_SET     ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
 # define CAP_FS_SET       ((kernel_cap_t){{ CAP_FS_MASK_B0 \
                                     | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
                                     CAP_FS_MASK_B1 } })
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 1b7f268cddce..7cf5e9b32550 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -19,6 +19,7 @@ extern int ima_file_check(struct file *file, int mask);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern int ima_module_check(struct file *file);
+extern int ima_fw_from_file(struct file *file, char *buf, size_t size);
 
 #else
 static inline int ima_bprm_check(struct linux_binprm *bprm)
@@ -46,6 +47,11 @@ static inline int ima_module_check(struct file *file)
         return 0;
 }
 
+static inline int ima_fw_from_file(struct file *file, char *buf, size_t size)
+{
+        return 0;
+}
+
 #endif /* CONFIG_IMA */
 
 #ifdef CONFIG_IMA_APPRAISE
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index a74c3a84dfdd..44792ee649de 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -41,10 +41,11 @@ struct key_construction {
 struct key_preparsed_payload {
         char            *description;   /* Proposed key description (or NULL) */
         void            *type_data[2];  /* Private key-type data */
-        void            *payload;       /* Proposed payload */
+        void            *payload[2];    /* Proposed payload */
         const void      *data;          /* Raw data */
         size_t          datalen;        /* Raw datalen */
         size_t          quotalen;       /* Quota length for proposed payload */
+        time_t          expiry;         /* Expiry time of key */
         bool            trusted;        /* True if key is trusted */
 };
 
@@ -159,5 +160,7 @@ static inline int key_negate_and_link(struct key *key,
         return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey);
 }
 
+extern int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep);
+
 #endif /* CONFIG_KEYS */
 #endif /* _LINUX_KEY_TYPE_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index 017b0826642f..e1d4715f3222 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -170,6 +170,8 @@ struct key {
 #define KEY_FLAG_INVALIDATED    7       /* set if key has been invalidated */
 #define KEY_FLAG_TRUSTED        8       /* set if key is trusted */
 #define KEY_FLAG_TRUSTED_ONLY   9       /* set if keyring only accepts links to trusted keys */
+#define KEY_FLAG_BUILTIN        10      /* set if key is builtin */
+#define KEY_FLAG_ROOT_CAN_INVAL 11      /* set if key can be invalidated by root without permission */
 
         /* the key type and key description string
          * - the desc is used to match a key against search criteria
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 6926db724258..c2bbf672b84e 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -52,9 +52,15 @@ enum OID {
         OID_md4,                        /* 1.2.840.113549.2.4 */
         OID_md5,                        /* 1.2.840.113549.2.5 */
 
-        OID_certAuthInfoAccess,         /* 1.3.6.1.5.5.7.1.1 */
+        /* Microsoft Authenticode & Software Publishing */
+        OID_msIndirectData,             /* 1.3.6.1.4.1.311.2.1.4 */
+        OID_msPeImageDataObjId,         /* 1.3.6.1.4.1.311.2.1.15 */
+        OID_msIndividualSPKeyPurpose,   /* 1.3.6.1.4.1.311.2.1.21 */
         OID_msOutlookExpress,           /* 1.3.6.1.4.1.311.16.4 */
+
+        OID_certAuthInfoAccess,         /* 1.3.6.1.5.5.7.1.1 */
         OID_sha1,                       /* 1.3.14.3.2.26 */
+        OID_sha256,                     /* 2.16.840.1.101.3.4.2.1 */
 
         /* Distinguished Name attribute IDs [RFC 2256] */
         OID_commonName,                 /* 2.5.4.3 */
diff --git a/include/linux/pe.h b/include/linux/pe.h
new file mode 100644
index 000000000000..e170b95e763b
--- /dev/null
+++ b/include/linux/pe.h
@@ -0,0 +1,448 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Author(s): Peter Jones <pjones@redhat.com>
+ */
+#ifndef __LINUX_PE_H
+#define __LINUX_PE_H
+
+#include <linux/types.h>
+
+#define MZ_MAGIC        0x5a4d  /* "MZ" */
+
+struct mz_hdr {
+        uint16_t magic;         /* MZ_MAGIC */
+        uint16_t lbsize;        /* size of last used block */
+        uint16_t blocks;        /* pages in file, 0x3 */
+        uint16_t relocs;        /* relocations */
+        uint16_t hdrsize;       /* header size in "paragraphs" */
+        uint16_t min_extra_pps; /* .bss */
+        uint16_t max_extra_pps; /* runtime limit for the arena size */
+        uint16_t ss;            /* relative stack segment */
+        uint16_t sp;            /* initial %sp register */
+        uint16_t checksum;      /* word checksum */
+        uint16_t ip;            /* initial %ip register */
+        uint16_t cs;            /* initial %cs relative to load segment */
+        uint16_t reloc_table_offset;    /* offset of the first relocation */
+        uint16_t overlay_num;   /* overlay number.  set to 0. */
+        uint16_t reserved0[4];  /* reserved */
+        uint16_t oem_id;        /* oem identifier */
+        uint16_t oem_info;      /* oem specific */
+        uint16_t reserved1[10]; /* reserved */
+        uint32_t peaddr;        /* address of pe header */
+        char     message[64];   /* message to print */
+};
+
+struct mz_reloc {
+        uint16_t offset;
+        uint16_t segment;
+};
+
+#define PE_MAGIC                0x00004550      /* "PE\0\0" */
+#define PE_OPT_MAGIC_PE32       0x010b
+#define PE_OPT_MAGIC_PE32_ROM   0x0107
+#define PE_OPT_MAGIC_PE32PLUS   0x020b
+
+/* machine type */
+#define IMAGE_FILE_MACHINE_UNKNOWN      0x0000
+#define IMAGE_FILE_MACHINE_AM33         0x01d3
+#define IMAGE_FILE_MACHINE_AMD64        0x8664
+#define IMAGE_FILE_MACHINE_ARM          0x01c0
+#define IMAGE_FILE_MACHINE_ARMV7        0x01c4
+#define IMAGE_FILE_MACHINE_EBC          0x0ebc
+#define IMAGE_FILE_MACHINE_I386         0x014c
+#define IMAGE_FILE_MACHINE_IA64         0x0200
+#define IMAGE_FILE_MACHINE_M32R         0x9041
+#define IMAGE_FILE_MACHINE_MIPS16       0x0266
+#define IMAGE_FILE_MACHINE_MIPSFPU      0x0366
+#define IMAGE_FILE_MACHINE_MIPSFPU16    0x0466
+#define IMAGE_FILE_MACHINE_POWERPC      0x01f0
+#define IMAGE_FILE_MACHINE_POWERPCFP    0x01f1
+#define IMAGE_FILE_MACHINE_R4000        0x0166
+#define IMAGE_FILE_MACHINE_SH3          0x01a2
+#define IMAGE_FILE_MACHINE_SH3DSP       0x01a3
+#define IMAGE_FILE_MACHINE_SH3E         0x01a4
+#define IMAGE_FILE_MACHINE_SH4          0x01a6
+#define IMAGE_FILE_MACHINE_SH5          0x01a8
+#define IMAGE_FILE_MACHINE_THUMB        0x01c2
+#define IMAGE_FILE_MACHINE_WCEMIPSV2    0x0169
+
+/* flags */
+#define IMAGE_FILE_RELOCS_STRIPPED           0x0001
+#define IMAGE_FILE_EXECUTABLE_IMAGE          0x0002
+#define IMAGE_FILE_LINE_NUMS_STRIPPED        0x0004
+#define IMAGE_FILE_LOCAL_SYMS_STRIPPED       0x0008
+#define IMAGE_FILE_AGGRESSIVE_WS_TRIM        0x0010
+#define IMAGE_FILE_LARGE_ADDRESS_AWARE       0x0020
+#define IMAGE_FILE_16BIT_MACHINE             0x0040
+#define IMAGE_FILE_BYTES_REVERSED_LO         0x0080
+#define IMAGE_FILE_32BIT_MACHINE             0x0100
+#define IMAGE_FILE_DEBUG_STRIPPED            0x0200
+#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP   0x0400
+#define IMAGE_FILE_NET_RUN_FROM_SWAP         0x0800
+#define IMAGE_FILE_SYSTEM                    0x1000
+#define IMAGE_FILE_DLL                       0x2000
+#define IMAGE_FILE_UP_SYSTEM_ONLY            0x4000
+#define IMAGE_FILE_BYTES_REVERSED_HI         0x8000
+
+struct pe_hdr {
+        uint32_t magic;         /* PE magic */
+        uint16_t machine;       /* machine type */
+        uint16_t sections;      /* number of sections */
+        uint32_t timestamp;     /* time_t */
+        uint32_t symbol_table;  /* symbol table offset */
+        uint32_t symbols;       /* number of symbols */
+        uint16_t opt_hdr_size;  /* size of optional header */
+        uint16_t flags;         /* flags */
+};
+
+#define IMAGE_FILE_OPT_ROM_MAGIC        0x107
+#define IMAGE_FILE_OPT_PE32_MAGIC       0x10b
+#define IMAGE_FILE_OPT_PE32_PLUS_MAGIC  0x20b
+
+#define IMAGE_SUBSYSTEM_UNKNOWN                  0
+#define IMAGE_SUBSYSTEM_NATIVE                   1
+#define IMAGE_SUBSYSTEM_WINDOWS_GUI              2
+#define IMAGE_SUBSYSTEM_WINDOWS_CUI              3
+#define IMAGE_SUBSYSTEM_POSIX_CUI                7
+#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI           9
+#define IMAGE_SUBSYSTEM_EFI_APPLICATION         10
+#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11
+#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER      12
+#define IMAGE_SUBSYSTEM_EFI_ROM_IMAGE           13
+#define IMAGE_SUBSYSTEM_XBOX                    14
+
+#define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE          0x0040
+#define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY       0x0080
+#define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT             0x0100
+#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION           0x0200
+#define IMAGE_DLLCHARACTERISTICS_NO_SEH                 0x0400
+#define IMAGE_DLLCHARACTERISTICS_NO_BIND                0x0800
+#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER             0x2000
+#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE  0x8000
+
+/* the fact that pe32 isn't padded where pe32+ is 64-bit means union won't
+ * work right.  vomit. */
+struct pe32_opt_hdr {
+        /* "standard" header */
+        uint16_t magic;         /* file type */
+        uint8_t  ld_major;      /* linker major version */
+        uint8_t  ld_minor;      /* linker minor version */
+        uint32_t text_size;     /* size of text section(s) */
+        uint32_t data_size;     /* size of data section(s) */
+        uint32_t bss_size;      /* size of bss section(s) */
+        uint32_t entry_point;   /* file offset of entry point */
+        uint32_t code_base;     /* relative code addr in ram */
+        uint32_t data_base;     /* relative data addr in ram */
+        /* "windows" header */
+        uint32_t image_base;    /* preferred load address */
+        uint32_t section_align; /* alignment in bytes */
+        uint32_t file_align;    /* file alignment in bytes */
+        uint16_t os_major;      /* major OS version */
+        uint16_t os_minor;      /* minor OS version */
+        uint16_t image_major;   /* major image version */
+        uint16_t image_minor;   /* minor image version */
+        uint16_t subsys_major;  /* major subsystem version */
+        uint16_t subsys_minor;  /* minor subsystem version */
+        uint32_t win32_version; /* reserved, must be 0 */
+        uint32_t image_size;    /* image size */
+        uint32_t header_size;   /* header size rounded up to
+                                   file_align */
+        uint32_t csum;          /* checksum */
+        uint16_t subsys;        /* subsystem */
+        uint16_t dll_flags;     /* more flags! */
+        uint32_t stack_size_req;/* amt of stack requested */
+        uint32_t stack_size;    /* amt of stack required */
+        uint32_t heap_size_req; /* amt of heap requested */
+        uint32_t heap_size;     /* amt of heap required */
+        uint32_t loader_flags;  /* reserved, must be 0 */
+        uint32_t data_dirs;     /* number of data dir entries */
+};
+
+struct pe32plus_opt_hdr {
+        uint16_t magic;         /* file type */
+        uint8_t  ld_major;      /* linker major version */
+        uint8_t  ld_minor;      /* linker minor version */
+        uint32_t text_size;     /* size of text section(s) */
+        uint32_t data_size;     /* size of data section(s) */
+        uint32_t bss_size;      /* size of bss section(s) */
+        uint32_t entry_point;   /* file offset of entry point */
+        uint32_t code_base;     /* relative code addr in ram */
+        /* "windows" header */
+        uint64_t image_base;    /* preferred load address */
+        uint32_t section_align; /* alignment in bytes */
+        uint32_t file_align;    /* file alignment in bytes */
+        uint16_t os_major;      /* major OS version */
+        uint16_t os_minor;      /* minor OS version */
+        uint16_t image_major;   /* major image version */
+        uint16_t image_minor;   /* minor image version */
+        uint16_t subsys_major;  /* major subsystem version */
+        uint16_t subsys_minor;  /* minor subsystem version */
+        uint32_t win32_version; /* reserved, must be 0 */
+        uint32_t image_size;    /* image size */
+        uint32_t header_size;   /* header size rounded up to
+                                   file_align */
+        uint32_t csum;          /* checksum */
+        uint16_t subsys;        /* subsystem */
+        uint16_t dll_flags;     /* more flags! */
+        uint64_t stack_size_req;/* amt of stack requested */
+        uint64_t stack_size;    /* amt of stack required */
+        uint64_t heap_size_req; /* amt of heap requested */
+        uint64_t heap_size;     /* amt of heap required */
+        uint32_t loader_flags;  /* reserved, must be 0 */
+        uint32_t data_dirs;     /* number of data dir entries */
+};
+
+struct data_dirent {
+        uint32_t virtual_address;       /* relative to load address */
+        uint32_t size;
+};
+
+struct data_directory {
+        struct data_dirent exports;             /* .edata */
+        struct data_dirent imports;             /* .idata */
+        struct data_dirent resources;           /* .rsrc */
+        struct data_dirent exceptions;          /* .pdata */
+        struct data_dirent certs;               /* certs */
+        struct data_dirent base_relocations;    /* .reloc */
+        struct data_dirent debug;               /* .debug */
+        struct data_dirent arch;                /* reservered */
+        struct data_dirent global_ptr;          /* global pointer reg. Size=0 */
+        struct data_dirent tls;                 /* .tls */
+        struct data_dirent load_config;         /* load configuration structure */
+        struct data_dirent bound_imports;       /* no idea */
+        struct data_dirent import_addrs;        /* import address table */
+        struct data_dirent delay_imports;       /* delay-load import table */
+        struct data_dirent clr_runtime_hdr;     /* .cor (object only) */
+        struct data_dirent reserved;
+};
+
+struct section_header {
+        char name[8];                   /* name or "/12\0" string tbl offset */
+        uint32_t virtual_size;          /* size of loaded section in ram */
+        uint32_t virtual_address;       /* relative virtual address */
+        uint32_t raw_data_size;         /* size of the section */
+        uint32_t data_addr;             /* file pointer to first page of sec */
+        uint32_t relocs;                /* file pointer to relocation entries */
+        uint32_t line_numbers;          /* line numbers! */
+        uint16_t num_relocs;            /* number of relocations */
+        uint16_t num_lin_numbers;       /* srsly. */
+        uint32_t flags;
+};
+
+/* they actually defined 0x00000000 as well, but I think we'll skip that one. */
+#define IMAGE_SCN_RESERVED_0    0x00000001
+#define IMAGE_SCN_RESERVED_1    0x00000002
+#define IMAGE_SCN_RESERVED_2    0x00000004
+#define IMAGE_SCN_TYPE_NO_PAD   0x00000008 /* don't pad - obsolete */
+#define IMAGE_SCN_RESERVED_3    0x00000010
+#define IMAGE_SCN_CNT_CODE      0x00000020 /* .text */
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* .data */
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* .bss */
+#define IMAGE_SCN_LNK_OTHER     0x00000100 /* reserved */
+#define IMAGE_SCN_LNK_INFO      0x00000200 /* .drectve comments */
+#define IMAGE_SCN_RESERVED_4    0x00000400
+#define IMAGE_SCN_LNK_REMOVE    0x00000800 /* .o only - scn to be rm'd*/
+#define IMAGE_SCN_LNK_COMDAT    0x00001000 /* .o only - COMDAT data */
+#define IMAGE_SCN_RESERVED_5    0x00002000 /* spec omits this */
+#define IMAGE_SCN_RESERVED_6    0x00004000 /* spec omits this */
+#define IMAGE_SCN_GPREL         0x00008000 /* global pointer referenced data */
+/* spec lists 0x20000 twice, I suspect they meant 0x10000 for one of them */
+#define IMAGE_SCN_MEM_PURGEABLE 0x00010000 /* reserved for "future" use */
+#define IMAGE_SCN_16BIT         0x00020000 /* reserved for "future" use */
+#define IMAGE_SCN_LOCKED        0x00040000 /* reserved for "future" use */
+#define IMAGE_SCN_PRELOAD       0x00080000 /* reserved for "future" use */
+/* and here they just stuck a 1-byte integer in the middle of a bitfield */
+#define IMAGE_SCN_ALIGN_1BYTES  0x00100000 /* it does what it says on the box */
+#define IMAGE_SCN_ALIGN_2BYTES  0x00200000
+#define IMAGE_SCN_ALIGN_4BYTES  0x00300000
+#define IMAGE_SCN_ALIGN_8BYTES  0x00400000
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
+#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
+#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
+#define IMAGE_SCN_ALIGN_512BYTES 0x00a00000
+#define IMAGE_SCN_ALIGN_1024BYTES 0x00b00000
+#define IMAGE_SCN_ALIGN_2048BYTES 0x00c00000
+#define IMAGE_SCN_ALIGN_4096BYTES 0x00d00000
+#define IMAGE_SCN_ALIGN_8192BYTES 0x00e00000
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* extended relocations */
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 /* scn can be discarded */
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* cannot be cached */
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* not pageable */
+#define IMAGE_SCN_MEM_SHARED    0x10000000 /* can be shared */
+#define IMAGE_SCN_MEM_EXECUTE   0x20000000 /* can be executed as code */
+#define IMAGE_SCN_MEM_READ      0x40000000 /* readable */
+#define IMAGE_SCN_MEM_WRITE     0x80000000 /* writeable */
+
+enum x64_coff_reloc_type {
+        IMAGE_REL_AMD64_ABSOLUTE = 0,
+        IMAGE_REL_AMD64_ADDR64,
+        IMAGE_REL_AMD64_ADDR32,
+        IMAGE_REL_AMD64_ADDR32N,
+        IMAGE_REL_AMD64_REL32,
+        IMAGE_REL_AMD64_REL32_1,
+        IMAGE_REL_AMD64_REL32_2,
+        IMAGE_REL_AMD64_REL32_3,
+        IMAGE_REL_AMD64_REL32_4,
+        IMAGE_REL_AMD64_REL32_5,
+        IMAGE_REL_AMD64_SECTION,
+        IMAGE_REL_AMD64_SECREL,
+        IMAGE_REL_AMD64_SECREL7,
+        IMAGE_REL_AMD64_TOKEN,
+        IMAGE_REL_AMD64_SREL32,
+        IMAGE_REL_AMD64_PAIR,
+        IMAGE_REL_AMD64_SSPAN32,
+};
+
+enum arm_coff_reloc_type {
+        IMAGE_REL_ARM_ABSOLUTE,
+        IMAGE_REL_ARM_ADDR32,
+        IMAGE_REL_ARM_ADDR32N,
+        IMAGE_REL_ARM_BRANCH2,
+        IMAGE_REL_ARM_BRANCH1,
+        IMAGE_REL_ARM_SECTION,
+        IMAGE_REL_ARM_SECREL,
+};
+
+enum sh_coff_reloc_type {
+        IMAGE_REL_SH3_ABSOLUTE,
+        IMAGE_REL_SH3_DIRECT16,
+        IMAGE_REL_SH3_DIRECT32,
+        IMAGE_REL_SH3_DIRECT8,
+        IMAGE_REL_SH3_DIRECT8_WORD,
+        IMAGE_REL_SH3_DIRECT8_LONG,
+        IMAGE_REL_SH3_DIRECT4,
+        IMAGE_REL_SH3_DIRECT4_WORD,
+        IMAGE_REL_SH3_DIRECT4_LONG,
+        IMAGE_REL_SH3_PCREL8_WORD,
+        IMAGE_REL_SH3_PCREL8_LONG,
+        IMAGE_REL_SH3_PCREL12_WORD,
+        IMAGE_REL_SH3_STARTOF_SECTION,
+        IMAGE_REL_SH3_SIZEOF_SECTION,
+        IMAGE_REL_SH3_SECTION,
+        IMAGE_REL_SH3_SECREL,
+        IMAGE_REL_SH3_DIRECT32_NB,
+        IMAGE_REL_SH3_GPREL4_LONG,
+        IMAGE_REL_SH3_TOKEN,
+        IMAGE_REL_SHM_PCRELPT,
+        IMAGE_REL_SHM_REFLO,
+        IMAGE_REL_SHM_REFHALF,
+        IMAGE_REL_SHM_RELLO,
+        IMAGE_REL_SHM_RELHALF,
+        IMAGE_REL_SHM_PAIR,
+        IMAGE_REL_SHM_NOMODE,
+};
+
+enum ppc_coff_reloc_type {
+        IMAGE_REL_PPC_ABSOLUTE,
+        IMAGE_REL_PPC_ADDR64,
+        IMAGE_REL_PPC_ADDR32,
+        IMAGE_REL_PPC_ADDR24,
+        IMAGE_REL_PPC_ADDR16,
+        IMAGE_REL_PPC_ADDR14,
+        IMAGE_REL_PPC_REL24,
+        IMAGE_REL_PPC_REL14,
+        IMAGE_REL_PPC_ADDR32N,
+        IMAGE_REL_PPC_SECREL,
+        IMAGE_REL_PPC_SECTION,
+        IMAGE_REL_PPC_SECREL16,
+        IMAGE_REL_PPC_REFHI,
+        IMAGE_REL_PPC_REFLO,
+        IMAGE_REL_PPC_PAIR,
+        IMAGE_REL_PPC_SECRELLO,
+        IMAGE_REL_PPC_GPREL,
+        IMAGE_REL_PPC_TOKEN,
+};
+
+enum x86_coff_reloc_type {
+        IMAGE_REL_I386_ABSOLUTE,
+        IMAGE_REL_I386_DIR16,
+        IMAGE_REL_I386_REL16,
+        IMAGE_REL_I386_DIR32,
+        IMAGE_REL_I386_DIR32NB,
+        IMAGE_REL_I386_SEG12,
+        IMAGE_REL_I386_SECTION,
+        IMAGE_REL_I386_SECREL,
+        IMAGE_REL_I386_TOKEN,
+        IMAGE_REL_I386_SECREL7,
+        IMAGE_REL_I386_REL32,
+};
+
+enum ia64_coff_reloc_type {
+        IMAGE_REL_IA64_ABSOLUTE,
+        IMAGE_REL_IA64_IMM14,
+        IMAGE_REL_IA64_IMM22,
+        IMAGE_REL_IA64_IMM64,
+        IMAGE_REL_IA64_DIR32,
+        IMAGE_REL_IA64_DIR64,
+        IMAGE_REL_IA64_PCREL21B,
+        IMAGE_REL_IA64_PCREL21M,
+        IMAGE_REL_IA64_PCREL21F,
+        IMAGE_REL_IA64_GPREL22,
+        IMAGE_REL_IA64_LTOFF22,
+        IMAGE_REL_IA64_SECTION,
+        IMAGE_REL_IA64_SECREL22,
+        IMAGE_REL_IA64_SECREL64I,
+        IMAGE_REL_IA64_SECREL32,
+        IMAGE_REL_IA64_DIR32NB,
+        IMAGE_REL_IA64_SREL14,
+        IMAGE_REL_IA64_SREL22,
+        IMAGE_REL_IA64_SREL32,
+        IMAGE_REL_IA64_UREL32,
+        IMAGE_REL_IA64_PCREL60X,
+        IMAGE_REL_IA64_PCREL60B,
+        IMAGE_REL_IA64_PCREL60F,
+        IMAGE_REL_IA64_PCREL60I,
+        IMAGE_REL_IA64_PCREL60M,
+        IMAGE_REL_IA64_IMMGPREL6,
+        IMAGE_REL_IA64_TOKEN,
+        IMAGE_REL_IA64_GPREL32,
+        IMAGE_REL_IA64_ADDEND,
+};
+
+struct coff_reloc {
+        uint32_t virtual_address;
+        uint32_t symbol_table_index;
+        union {
+                enum x64_coff_reloc_type  x64_type;
+                enum arm_coff_reloc_type  arm_type;
+                enum sh_coff_reloc_type   sh_type;
+                enum ppc_coff_reloc_type  ppc_type;
+                enum x86_coff_reloc_type  x86_type;
+                enum ia64_coff_reloc_type ia64_type;
+                uint16_t data;
+        };
+};
+
+/*
+ * Definitions for the contents of the certs data block
+ */
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA  0x0002
+#define WIN_CERT_TYPE_EFI_OKCS115       0x0EF0
+#define WIN_CERT_TYPE_EFI_GUID          0x0EF1
+
+#define WIN_CERT_REVISION_1_0   0x0100
+#define WIN_CERT_REVISION_2_0   0x0200
+
+struct win_certificate {
+        uint32_t length;
+        uint16_t revision;
+        uint16_t cert_type;
+};
+
+#endif /* __LINUX_PE_H */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 66124d63371a..7c19d552dc3f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1304,13 +1304,12 @@ struct task_struct {
                                  * execve */
         unsigned in_iowait:1;
 
-        /* task may not gain privileges */
-        unsigned no_new_privs:1;
-
         /* Revert to default priority/policy when forking */
         unsigned sched_reset_on_fork:1;
         unsigned sched_contributes_to_load:1;
 
+        unsigned long atomic_flags; /* Flags needing atomic access. */
+
         pid_t pid;
         pid_t tgid;
 
@@ -1962,6 +1961,19 @@ static inline void memalloc_noio_restore(unsigned int flags)
         current->flags = (current->flags & ~PF_MEMALLOC_NOIO) | flags;
 }
 
+/* Per-process atomic flags. */
+#define PFA_NO_NEW_PRIVS 0x00000001     /* May not gain new privileges. */
+
+static inline bool task_no_new_privs(struct task_struct *p)
+{
+        return test_bit(PFA_NO_NEW_PRIVS, &p->atomic_flags);
+}
+
+static inline void task_set_no_new_privs(struct task_struct *p)
+{
+        set_bit(PFA_NO_NEW_PRIVS, &p->atomic_flags);
+}
+
 /*
  * task->jobctl flags
  */
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 4054b0994071..5d586a45a319 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -3,6 +3,8 @@
 
 #include <uapi/linux/seccomp.h>
 
+#define SECCOMP_FILTER_FLAG_MASK        (SECCOMP_FILTER_FLAG_TSYNC)
+
 #ifdef CONFIG_SECCOMP
 
 #include <linux/thread_info.h>
@@ -14,11 +16,11 @@ struct seccomp_filter;
  *
  * @mode:  indicates one of the valid values above for controlled
  *         system calls available to a process.
- * @filter: The metadata and ruleset for determining what system calls
- *          are allowed for a task.
+ * @filter: must always point to a valid seccomp-filter or NULL as it is
+ *          accessed without locking during system call entry.
  *
  *          @filter must only be accessed from the context of current as there
- *          is no locking.
+ *          is no read locking.
  */
 struct seccomp {
         int mode;
diff --git a/include/linux/security.h b/include/linux/security.h
index 9c6b9722ff48..623f90e5f38d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -702,6 +702,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      @inode points to the inode to use as a reference.
  *      The current task must be the one that nominated @inode.
  *      Return 0 if successful.
+ * @kernel_fw_from_file:
+ *      Load firmware from userspace (not called for built-in firmware).
+ *      @file contains the file structure pointing to the file containing
+ *      the firmware to load. This argument will be NULL if the firmware
+ *      was loaded via the uevent-triggered blob-based interface exposed
+ *      by CONFIG_FW_LOADER_USER_HELPER.
+ *      @buf pointer to buffer containing firmware contents.
+ *      @size length of the firmware contents.
+ *      Return 0 if permission is granted.
  * @kernel_module_request:
  *      Ability to trigger the kernel to automatically upcall to userspace for
  *      userspace to load a kernel module with the given name.
@@ -1565,6 +1574,7 @@ struct security_operations {
         void (*cred_transfer)(struct cred *new, const struct cred *old);
         int (*kernel_act_as)(struct cred *new, u32 secid);
         int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
+        int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size);
         int (*kernel_module_request)(char *kmod_name);
         int (*kernel_module_from_file)(struct file *file);
         int (*task_fix_setuid) (struct cred *new, const struct cred *old,
@@ -1837,6 +1847,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
+int security_kernel_fw_from_file(struct file *file, char *buf, size_t size);
 int security_kernel_module_request(char *kmod_name);
 int security_kernel_module_from_file(struct file *file);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
@@ -2363,6 +2374,12 @@ static inline int security_kernel_create_files_as(struct cred *cred,
         return 0;
 }
 
+static inline int security_kernel_fw_from_file(struct file *file,
+                                               char *buf, size_t size)
+{
+        return 0;
+}
+
 static inline int security_kernel_module_request(char *kmod_name)
 {
         return 0;
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index b0881a0ed322..1713977ee26f 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -866,4 +866,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
 asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
                          unsigned long idx1, unsigned long idx2);
 asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags);
+asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
+                            const char __user *uargs);
 #endif
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index fff1d0976f80..8350c538b486 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -39,6 +39,9 @@ struct tpm_class_ops {
         int (*send) (struct tpm_chip *chip, u8 *buf, size_t len);
         void (*cancel) (struct tpm_chip *chip);
         u8 (*status) (struct tpm_chip *chip);
+        bool (*update_timeouts)(struct tpm_chip *chip,
+                                unsigned long *timeout_cap);
+
 };
 
 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
diff --git a/include/linux/verify_pefile.h b/include/linux/verify_pefile.h
new file mode 100644
index 000000000000..ac34819214f9
--- /dev/null
+++ b/include/linux/verify_pefile.h
@@ -0,0 +1,18 @@
+/* Signed PE file verification
+ *
+ * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_VERIFY_PEFILE_H
+#define _LINUX_VERIFY_PEFILE_H
+
+extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
+                                   struct key *trusted_keyring, bool *_trusted);
+
+#endif /* _LINUX_VERIFY_PEFILE_H */