aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS22
-rw-r--r--drivers/char/tpm/tpm.c10
-rw-r--r--drivers/char/tpm/tpm_tis.c6
-rw-r--r--security/keys/Makefile4
-rw-r--r--security/keys/encrypted.c (renamed from security/keys/encrypted_defined.c)3
-rw-r--r--security/keys/encrypted.h (renamed from security/keys/encrypted_defined.h)0
-rw-r--r--security/keys/trusted.c (renamed from security/keys/trusted_defined.c)3
-rw-r--r--security/keys/trusted.h (renamed from security/keys/trusted_defined.h)0
-rw-r--r--security/selinux/ss/conditional.c2
-rw-r--r--security/selinux/ss/policydb.c4
10 files changed, 40 insertions, 14 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 55592f8b672c..cf0f3a5c09cc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3674,6 +3674,28 @@ F: include/linux/key-type.h
3674F: include/keys/ 3674F: include/keys/
3675F: security/keys/ 3675F: security/keys/
3676 3676
3677KEYS-TRUSTED
3678M: David Safford <safford@watson.ibm.com>
3679M: Mimi Zohar <zohar@us.ibm.com>
3680L: linux-security-module@vger.kernel.org
3681L: keyrings@linux-nfs.org
3682S: Supported
3683F: Documentation/keys-trusted-encrypted.txt
3684F: include/keys/trusted-type.h
3685F: security/keys/trusted.c
3686F: security/keys/trusted.h
3687
3688KEYS-ENCRYPTED
3689M: Mimi Zohar <zohar@us.ibm.com>
3690M: David Safford <safford@watson.ibm.com>
3691L: linux-security-module@vger.kernel.org
3692L: keyrings@linux-nfs.org
3693S: Supported
3694F: Documentation/keys-trusted-encrypted.txt
3695F: include/keys/encrypted-type.h
3696F: security/keys/encrypted.c
3697F: security/keys/encrypted.h
3698
3677KGDB / KDB /debug_core 3699KGDB / KDB /debug_core
3678M: Jason Wessel <jason.wessel@windriver.com> 3700M: Jason Wessel <jason.wessel@windriver.com>
3679W: http://kgdb.wiki.kernel.org/ 3701W: http://kgdb.wiki.kernel.org/
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index 1f46f1cd9225..36e0fa161c2b 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
364 tpm_protected_ordinal_duration[ordinal & 364 tpm_protected_ordinal_duration[ordinal &
365 TPM_PROTECTED_ORDINAL_MASK]; 365 TPM_PROTECTED_ORDINAL_MASK];
366 366
367 if (duration_idx != TPM_UNDEFINED) 367 if (duration_idx != TPM_UNDEFINED) {
368 duration = chip->vendor.duration[duration_idx]; 368 duration = chip->vendor.duration[duration_idx];
369 if (duration <= 0) 369 /* if duration is 0, it's because chip->vendor.duration wasn't */
370 /* filled yet, so we set the lowest timeout just to give enough */
371 /* time for tpm_get_timeouts() to succeed */
372 return (duration <= 0 ? HZ : duration);
373 } else
370 return 2 * 60 * HZ; 374 return 2 * 60 * HZ;
371 else
372 return duration;
373} 375}
374EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 376EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
375 377
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index c17a305ecb28..dd21df55689d 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
493 "1.2 TPM (device-id 0x%X, rev-id %d)\n", 493 "1.2 TPM (device-id 0x%X, rev-id %d)\n",
494 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); 494 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
495 495
496 if (is_itpm(to_pnp_dev(dev)))
497 itpm = 1;
498
499 if (itpm) 496 if (itpm)
500 dev_info(dev, "Intel iTPM workaround enabled\n"); 497 dev_info(dev, "Intel iTPM workaround enabled\n");
501 498
@@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
637 else 634 else
638 interrupts = 0; 635 interrupts = 0;
639 636
637 if (is_itpm(pnp_dev))
638 itpm = 1;
639
640 return tpm_tis_init(&pnp_dev->dev, start, len, irq); 640 return tpm_tis_init(&pnp_dev->dev, start, len, irq);
641} 641}
642 642
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 6c941050f573..1bf090a885fe 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -13,8 +13,8 @@ obj-y := \
13 request_key_auth.o \ 13 request_key_auth.o \
14 user_defined.o 14 user_defined.o
15 15
16obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o 16obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
17obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o 17obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o
18obj-$(CONFIG_KEYS_COMPAT) += compat.o 18obj-$(CONFIG_KEYS_COMPAT) += compat.o
19obj-$(CONFIG_PROC_FS) += proc.o 19obj-$(CONFIG_PROC_FS) += proc.o
20obj-$(CONFIG_SYSCTL) += sysctl.o 20obj-$(CONFIG_SYSCTL) += sysctl.o
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted.c
index 28791a65740e..9e7e4ce3fae8 100644
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted.c
@@ -30,7 +30,7 @@
30#include <crypto/sha.h> 30#include <crypto/sha.h>
31#include <crypto/aes.h> 31#include <crypto/aes.h>
32 32
33#include "encrypted_defined.h" 33#include "encrypted.h"
34 34
35static const char KEY_TRUSTED_PREFIX[] = "trusted:"; 35static const char KEY_TRUSTED_PREFIX[] = "trusted:";
36static const char KEY_USER_PREFIX[] = "user:"; 36static const char KEY_USER_PREFIX[] = "user:";
@@ -888,6 +888,7 @@ static int __init init_encrypted(void)
888out: 888out:
889 encrypted_shash_release(); 889 encrypted_shash_release();
890 return ret; 890 return ret;
891
891} 892}
892 893
893static void __exit cleanup_encrypted(void) 894static void __exit cleanup_encrypted(void)
diff --git a/security/keys/encrypted_defined.h b/security/keys/encrypted.h
index cef5e2f2b7d1..cef5e2f2b7d1 100644
--- a/security/keys/encrypted_defined.h
+++ b/security/keys/encrypted.h
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted.c
index 2836c6dc18a3..83fc92e297cd 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted.c
@@ -29,7 +29,7 @@
29#include <linux/tpm.h> 29#include <linux/tpm.h>
30#include <linux/tpm_command.h> 30#include <linux/tpm_command.h>
31 31
32#include "trusted_defined.h" 32#include "trusted.h"
33 33
34static const char hmac_alg[] = "hmac(sha1)"; 34static const char hmac_alg[] = "hmac(sha1)";
35static const char hash_alg[] = "sha1"; 35static const char hash_alg[] = "sha1";
@@ -1032,6 +1032,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen)
1032 ret = datablob_parse(datablob, new_p, new_o); 1032 ret = datablob_parse(datablob, new_p, new_o);
1033 if (ret != Opt_update) { 1033 if (ret != Opt_update) {
1034 ret = -EINVAL; 1034 ret = -EINVAL;
1035 kfree(new_p);
1035 goto out; 1036 goto out;
1036 } 1037 }
1037 /* copy old key values, and reseal with new pcrs */ 1038 /* copy old key values, and reseal with new pcrs */
diff --git a/security/keys/trusted_defined.h b/security/keys/trusted.h
index 3249fbd2b653..3249fbd2b653 100644
--- a/security/keys/trusted_defined.h
+++ b/security/keys/trusted.h
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index c3f845cbcd48..a53373207fb4 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p)
178 p->bool_val_to_struct = (struct cond_bool_datum **) 178 p->bool_val_to_struct = (struct cond_bool_datum **)
179 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL); 179 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
180 if (!p->bool_val_to_struct) 180 if (!p->bool_val_to_struct)
181 return -1; 181 return -ENOMEM;
182 return 0; 182 return 0;
183} 183}
184 184
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index be9de3872837..57363562f0f8 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -501,8 +501,8 @@ static int policydb_index(struct policydb *p)
501 if (rc) 501 if (rc)
502 goto out; 502 goto out;
503 503
504 rc = -ENOMEM; 504 rc = cond_init_bool_indexes(p);
505 if (cond_init_bool_indexes(p)) 505 if (rc)
506 goto out; 506 goto out;
507 507
508 for (i = 0; i < SYM_NUM; i++) { 508 for (i = 0; i < SYM_NUM; i++) {
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-05 05:14:50 -0400