Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: SELinux: do not destroy the avc_cache_nodep KEYS: Have the garbage collector set its timer for live expired keys tpm-fixup-pcrs-sysfs-file-update creds_are_invalid() needs to be exported for use by modules: include/linux/cred.h: fix build Fix trivial BUILD_BUG_ON-induced conflicts in drivers/char/tpm/tpm.c
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-23 18:18:57 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-23 18:18:57 -0400
commit: c82ffab9a857f8286ed2b559624b7005a367b638 (patch)
tree: a5d0895a0b55c2db1bf36f517ca273e7e0abdf71 /kernel
parent: a724eada8c2a7b62463b73ccf73fd0bb6e928aeb (diff)
parent: 5224ee086321fec78970e2f2805892d2b34e8957 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/kernel/cred.c b/kernel/cred.c
index d7f7a01082eb..dd76cfe5f5b0 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -782,6 +782,25 @@ EXPORT_SYMBOL(set_create_files_as);
 #ifdef CONFIG_DEBUG_CREDENTIALS
+bool creds_are_invalid(const struct cred *cred)
+{
+        if (cred->magic != CRED_MAGIC)
+                return true;
+        if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
+                return true;
+#ifdef CONFIG_SECURITY_SELINUX
+        if (selinux_is_enabled()) {
+                if ((unsigned long) cred->security < PAGE_SIZE)
+                        return true;
+                if ((*(u32 *)cred->security & 0xffffff00) ==
+                    (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+                        return true;
+        }
+#endif
+        return false;
+}
+EXPORT_SYMBOL(creds_are_invalid);
 /*
 * dump invalid credentials
 */
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-23 18:18:57 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-23 18:18:57 -0400
commit	c82ffab9a857f8286ed2b559624b7005a367b638 (patch)
tree	a5d0895a0b55c2db1bf36f517ca273e7e0abdf71 /kernel
parent	a724eada8c2a7b62463b73ccf73fd0bb6e928aeb (diff)
parent	5224ee086321fec78970e2f2805892d2b34e8957 (diff)

diff --git a/kernel/cred.c b/kernel/cred.c index d7f7a01082eb..dd76cfe5f5b0 100644 --- a/kernel/cred.c +++ b/kernel/cred.c
@@ -782,6 +782,25 @@ EXPORT_SYMBOL(set_create_files_as);
782		782
783	#ifdef CONFIG_DEBUG_CREDENTIALS	783	#ifdef CONFIG_DEBUG_CREDENTIALS
784		784
		785	bool creds_are_invalid(const struct cred *cred)
		786	{
		787	if (cred->magic != CRED_MAGIC)
		788	return true;
		789	if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
		790	return true;
		791	#ifdef CONFIG_SECURITY_SELINUX
		792	if (selinux_is_enabled()) {
		793	if ((unsigned long) cred->security < PAGE_SIZE)
		794	return true;
		795	if (((u32 )cred->security & 0xffffff00) ==
		796	(POISON_FREE << 24 \| POISON_FREE << 16 \| POISON_FREE << 8))
		797	return true;
		798	}
		799	#endif
		800	return false;
		801	}
		802	EXPORT_SYMBOL(creds_are_invalid);
		803
785	/*	804	/*
786	* dump invalid credentials	805	* dump invalid credentials
787	*/	806	*/