Merge tag 'omap-for-v3.13/board-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into next/boards

From Tony Lindgren: Platform data changes for omaps for the display subsystem and n900 secure mode changes. Note that the n900 secure mode changes will still be needed for device tree based booting also. * tag 'omap-for-v3.13/board-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (508 commits) ARM: OMAP2+: display: Create omap_vout device inside omap_display_init ARM: OMAP2+: display: Create omapvrfb and omapfb devices inside omap_display_init ARM: OMAP2+: display: Create omapdrm device inside omap_display_init ARM: OMAP2+: drm: Don't build device for DMM RX-51: Add support for OMAP3 ROM Random Number Generator ARM: OMAP3: RX-51: ARM errata 430973 workaround ARM: OMAP3: Add secure function omap_smc3() which calling instruction smc #1 +Linux 3.12-rc4 Signed-off-by: Kevin Hilman <khilman@linaro.org>
author: Kevin Hilman <khilman@linaro.org> 2013-10-14 18:46:26 -0400
committer: Kevin Hilman <khilman@linaro.org> 2013-10-14 18:46:42 -0400
commit: 5b5bbc20fdddd7dd5a2c5b9fa85dfb3b5695616d (patch)
tree: 5ddd89d323e1dfe6a5ad204c34882e961ee57b9c /security
parent: 4fd0376356ed2e1f6c2a4e8628782aedf903292e (diff)
parent: 9e490f486ea9ce7644be913e03ee5ccdf1be20f7 (diff)
6 files changed, 36 insertions, 47 deletions
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
index d6222ba4e919..532471d0b3a0 100644
--- a/security/apparmor/crypto.c
+++ b/security/apparmor/crypto.c
@@ -15,14 +15,14 @@
 * it should be.
 */
-#include <linux/crypto.h>
+#include <crypto/hash.h>
 #include "include/apparmor.h"
 #include "include/crypto.h"
 static unsigned int apparmor_hash_size;
-static struct crypto_hash *apparmor_tfm;
+static struct crypto_shash *apparmor_tfm;
 unsigned int aa_hash_size(void)
 {
@@ -32,35 +32,33 @@ unsigned int aa_hash_size(void)
 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
                         size_t len)
 {
-        struct scatterlist sg[2];
+        struct {
-        struct hash_desc desc = {
+                struct shash_desc shash;
-                .tfm = apparmor_tfm,
+                char ctx[crypto_shash_descsize(apparmor_tfm)];
-                .flags = 0
+        } desc;
-        };
        int error = -ENOMEM;
        u32 le32_version = cpu_to_le32(version);
        if (!apparmor_tfm)
                return 0;
-        sg_init_table(sg, 2);
-        sg_set_buf(&sg[0], &le32_version, 4);
-        sg_set_buf(&sg[1], (u8 *) start, len);
        profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
        if (!profile->hash)
                goto fail;
-        error = crypto_hash_init(&desc);
+        desc.shash.tfm = apparmor_tfm;
+        desc.shash.flags = 0;
+        error = crypto_shash_init(&desc.shash);
        if (error)
                goto fail;
-        error = crypto_hash_update(&desc, &sg[0], 4);
+        error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4);
        if (error)
                goto fail;
-        error = crypto_hash_update(&desc, &sg[1], len);
+        error = crypto_shash_update(&desc.shash, (u8 *) start, len);
        if (error)
                goto fail;
-        error = crypto_hash_final(&desc, profile->hash);
+        error = crypto_shash_final(&desc.shash, profile->hash);
        if (error)
                goto fail;
@@ -75,19 +73,19 @@ fail:
 static int __init init_profile_hash(void)
 {
-        struct crypto_hash *tfm;
+        struct crypto_shash *tfm;
        if (!apparmor_initialized)
                return 0;
-        tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
+        tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(tfm)) {
                int error = PTR_ERR(tfm);
                AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
                return error;
        }
        apparmor_tfm = tfm;
-        apparmor_hash_size = crypto_hash_digestsize(apparmor_tfm);
+        apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
        aa_info_message("AppArmor sha1 policy hashing enabled");
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index f2d4b6348cbc..c28b0f20ab53 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -360,7 +360,9 @@ static inline void aa_put_replacedby(struct aa_replacedby *p)
 static inline void __aa_update_replacedby(struct aa_profile *orig,
                                          struct aa_profile *new)
 {
-        struct aa_profile *tmp = rcu_dereference(orig->replacedby->profile);
+        struct aa_profile *tmp;
+        tmp = rcu_dereference_protected(orig->replacedby->profile,
+                                        mutex_is_locked(&orig->ns->lock));
        rcu_assign_pointer(orig->replacedby->profile, aa_get_profile(new));
        orig->flags |= PFLAG_INVALID;
        aa_put_profile(tmp);
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 6172509fa2b7..345bec07a27d 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -563,7 +563,8 @@ void __init aa_free_root_ns(void)
 static void free_replacedby(struct aa_replacedby *r)
 {
        if (r) {
-                aa_put_profile(rcu_dereference(r->profile));
+                /* r->profile will not be updated any more as r is dead */
+                aa_put_profile(rcu_dereference_protected(r->profile, true));
                kzfree(r);
        }
 }
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index dad36a6ab45f..fc3e6628a864 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -746,7 +746,6 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * @tclass: target security class
 * @requested: requested permissions, interpreted based on @tclass
 * @auditdata: auxiliary audit data
- * @flags: VFS walk flags
 *
 * Check the AVC to determine whether the @requested permissions are granted
 * for the SID pair (@ssid, @tsid), interpreting the permissions
@@ -756,17 +755,15 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * permissions are granted, -%EACCES if any permissions are denied, or
 * another -errno upon other errors.
 */
-int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
+int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
-                       u32 requested, struct common_audit_data *auditdata,
+                 u32 requested, struct common_audit_data *auditdata)
-                       unsigned flags)
 {
        struct av_decision avd;
        int rc, rc2;
        rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
-        rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
+        rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
-                        flags);
        if (rc2)
                return rc2;
        return rc;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a5091ec06aa6..5b5231068516 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1502,7 +1502,7 @@ static int cred_has_capability(const struct cred *cred,
        rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
        if (audit == SECURITY_CAP_AUDIT) {
-                int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
+                int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
                if (rc2)
                        return rc2;
        }
@@ -1525,8 +1525,7 @@ static int task_has_system(struct task_struct *tsk,
 static int inode_has_perm(const struct cred *cred,
                          struct inode *inode,
                          u32 perms,
-                          struct common_audit_data *adp,
+                          struct common_audit_data *adp)
-                          unsigned flags)
 {
        struct inode_security_struct *isec;
        u32 sid;
@@ -1539,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
        sid = cred_sid(cred);
        isec = inode->i_security;
-        return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
+        return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
 }
 /* Same as inode_has_perm, but pass explicit audit data containing
@@ -1554,7 +1553,7 @@ static inline int dentry_has_perm(const struct cred *cred,
        ad.type = LSM_AUDIT_DATA_DENTRY;
        ad.u.dentry = dentry;
-        return inode_has_perm(cred, inode, av, &ad, 0);
+        return inode_has_perm(cred, inode, av, &ad);
 }
 /* Same as inode_has_perm, but pass explicit audit data containing
@@ -1569,7 +1568,7 @@ static inline int path_has_perm(const struct cred *cred,
        ad.type = LSM_AUDIT_DATA_PATH;
        ad.u.path = *path;
-        return inode_has_perm(cred, inode, av, &ad, 0);
+        return inode_has_perm(cred, inode, av, &ad);
 }
 /* Same as path_has_perm, but uses the inode from the file struct. */
@@ -1581,7 +1580,7 @@ static inline int file_path_has_perm(const struct cred *cred,
        ad.type = LSM_AUDIT_DATA_PATH;
        ad.u.path = file->f_path;
-        return inode_has_perm(cred, file_inode(file), av, &ad, 0);
+        return inode_has_perm(cred, file_inode(file), av, &ad);
 }
 /* Check whether a task can use an open file descriptor to
@@ -1617,7 +1616,7 @@ static int file_has_perm(const struct cred *cred,
        /* av is zero if only checking access to the descriptor. */
        rc = 0;
        if (av)
-                rc = inode_has_perm(cred, inode, av, &ad, 0);
+                rc = inode_has_perm(cred, inode, av, &ad);
 out:
        return rc;
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 92d0ab561db8..f53ee3c58d0f 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -130,7 +130,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
                            u16 tclass, u32 requested,
                            struct av_decision *avd,
                            int result,
-                            struct common_audit_data *a, unsigned flags)
+                            struct common_audit_data *a)
 {
        u32 audited, denied;
        audited = avc_audit_required(requested, avd, result, 0, &denied);
@@ -138,7 +138,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
                return 0;
        return slow_avc_audit(ssid, tsid, tclass,
                              requested, audited, denied,
-                              a, flags);
+                              a, 0);
 }
 #define AVC_STRICT 1 /* Ignore permissive mode. */
@@ -147,17 +147,9 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
                         unsigned flags,
                         struct av_decision *avd);
-int avc_has_perm_flags(u32 ssid, u32 tsid,
+int avc_has_perm(u32 ssid, u32 tsid,
-                       u16 tclass, u32 requested,
+                 u16 tclass, u32 requested,
-                       struct common_audit_data *auditdata,
+                 struct common_audit_data *auditdata);
-                       unsigned);
-static inline int avc_has_perm(u32 ssid, u32 tsid,
-                               u16 tclass, u32 requested,
-                               struct common_audit_data *auditdata)
-{
-        return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0);
-}
 u32 avc_policy_seqno(void);
author	Kevin Hilman <khilman@linaro.org>	2013-10-14 18:46:26 -0400
committer	Kevin Hilman <khilman@linaro.org>	2013-10-14 18:46:42 -0400
commit	5b5bbc20fdddd7dd5a2c5b9fa85dfb3b5695616d (patch)
tree	5ddd89d323e1dfe6a5ad204c34882e961ee57b9c /security
parent	4fd0376356ed2e1f6c2a4e8628782aedf903292e (diff)
parent	9e490f486ea9ce7644be913e03ee5ccdf1be20f7 (diff)