diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/Kconfig | 2 | ||||
| -rw-r--r-- | security/keys/compat.c | 2 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 2 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 2 | ||||
| -rw-r--r-- | security/keys/trusted.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 30 |
6 files changed, 35 insertions, 5 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 19c053b82303..4f554f20dc97 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig | |||
| @@ -9,7 +9,7 @@ config IMA | |||
| 9 | select CRYPTO_HMAC | 9 | select CRYPTO_HMAC |
| 10 | select CRYPTO_MD5 | 10 | select CRYPTO_MD5 |
| 11 | select CRYPTO_SHA1 | 11 | select CRYPTO_SHA1 |
| 12 | select TCG_TPM if !S390 | 12 | select TCG_TPM if !S390 && !UML |
| 13 | select TCG_TIS if TCG_TPM | 13 | select TCG_TIS if TCG_TPM |
| 14 | help | 14 | help |
| 15 | The Trusted Computing Group(TCG) runtime Integrity | 15 | The Trusted Computing Group(TCG) runtime Integrity |
diff --git a/security/keys/compat.c b/security/keys/compat.c index 338b510e9027..4c48e13448f8 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c | |||
| @@ -38,7 +38,7 @@ long compat_keyctl_instantiate_key_iov( | |||
| 38 | 38 | ||
| 39 | ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc, | 39 | ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc, |
| 40 | ARRAY_SIZE(iovstack), | 40 | ARRAY_SIZE(iovstack), |
| 41 | iovstack, &iov); | 41 | iovstack, &iov, 1); |
| 42 | if (ret < 0) | 42 | if (ret < 0) |
| 43 | return ret; | 43 | return ret; |
| 44 | if (ret == 0) | 44 | if (ret == 0) |
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index f33804c1b4c8..dcc843cb0f80 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c | |||
| @@ -293,7 +293,7 @@ static char *datablob_format(struct encrypted_key_payload *epayload, | |||
| 293 | /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ | 293 | /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ |
| 294 | bufp = &ascii_buf[len]; | 294 | bufp = &ascii_buf[len]; |
| 295 | for (i = 0; i < (asciiblob_len - len) / 2; i++) | 295 | for (i = 0; i < (asciiblob_len - len) / 2; i++) |
| 296 | bufp = pack_hex_byte(bufp, iv[i]); | 296 | bufp = hex_byte_pack(bufp, iv[i]); |
| 297 | out: | 297 | out: |
| 298 | return ascii_buf; | 298 | return ascii_buf; |
| 299 | } | 299 | } |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index eca51918c951..0b3f5d72af1c 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -1065,7 +1065,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, | |||
| 1065 | goto no_payload; | 1065 | goto no_payload; |
| 1066 | 1066 | ||
| 1067 | ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, | 1067 | ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, |
| 1068 | ARRAY_SIZE(iovstack), iovstack, &iov); | 1068 | ARRAY_SIZE(iovstack), iovstack, &iov, 1); |
| 1069 | if (ret < 0) | 1069 | if (ret < 0) |
| 1070 | return ret; | 1070 | return ret; |
| 1071 | if (ret == 0) | 1071 | if (ret == 0) |
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0964fc236946..0ed5fdf238a2 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c | |||
| @@ -1098,7 +1098,7 @@ static long trusted_read(const struct key *key, char __user *buffer, | |||
| 1098 | 1098 | ||
| 1099 | bufp = ascii_buf; | 1099 | bufp = ascii_buf; |
| 1100 | for (i = 0; i < p->blob_len; i++) | 1100 | for (i = 0; i < p->blob_len; i++) |
| 1101 | bufp = pack_hex_byte(bufp, p->blob[i]); | 1101 | bufp = hex_byte_pack(bufp, p->blob[i]); |
| 1102 | if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { | 1102 | if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { |
| 1103 | kfree(ascii_buf); | 1103 | kfree(ascii_buf); |
| 1104 | return -EFAULT; | 1104 | return -EFAULT; |
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 150911c7ff08..c47d3ce6c733 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -966,6 +966,9 @@ static bool tomoyo_manager(void) | |||
| 966 | return found; | 966 | return found; |
| 967 | } | 967 | } |
| 968 | 968 | ||
| 969 | static struct tomoyo_domain_info *tomoyo_find_domain_by_qid | ||
| 970 | (unsigned int serial); | ||
| 971 | |||
| 969 | /** | 972 | /** |
| 970 | * tomoyo_select_domain - Parse select command. | 973 | * tomoyo_select_domain - Parse select command. |
| 971 | * | 974 | * |
| @@ -999,6 +1002,8 @@ static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, | |||
| 999 | } else if (!strncmp(data, "domain=", 7)) { | 1002 | } else if (!strncmp(data, "domain=", 7)) { |
| 1000 | if (tomoyo_domain_def(data + 7)) | 1003 | if (tomoyo_domain_def(data + 7)) |
| 1001 | domain = tomoyo_find_domain(data + 7); | 1004 | domain = tomoyo_find_domain(data + 7); |
| 1005 | } else if (sscanf(data, "Q=%u", &pid) == 1) { | ||
| 1006 | domain = tomoyo_find_domain_by_qid(pid); | ||
| 1002 | } else | 1007 | } else |
| 1003 | return false; | 1008 | return false; |
| 1004 | head->w.domain = domain; | 1009 | head->w.domain = domain; |
| @@ -1894,6 +1899,7 @@ static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait); | |||
| 1894 | /* Structure for query. */ | 1899 | /* Structure for query. */ |
| 1895 | struct tomoyo_query { | 1900 | struct tomoyo_query { |
| 1896 | struct list_head list; | 1901 | struct list_head list; |
| 1902 | struct tomoyo_domain_info *domain; | ||
| 1897 | char *query; | 1903 | char *query; |
| 1898 | size_t query_len; | 1904 | size_t query_len; |
| 1899 | unsigned int serial; | 1905 | unsigned int serial; |
| @@ -2044,6 +2050,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | |||
| 2044 | goto out; | 2050 | goto out; |
| 2045 | } | 2051 | } |
| 2046 | len = tomoyo_round2(entry.query_len); | 2052 | len = tomoyo_round2(entry.query_len); |
| 2053 | entry.domain = r->domain; | ||
| 2047 | spin_lock(&tomoyo_query_list_lock); | 2054 | spin_lock(&tomoyo_query_list_lock); |
| 2048 | if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && | 2055 | if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && |
| 2049 | tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len | 2056 | tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len |
| @@ -2091,6 +2098,29 @@ out: | |||
| 2091 | } | 2098 | } |
| 2092 | 2099 | ||
| 2093 | /** | 2100 | /** |
| 2101 | * tomoyo_find_domain_by_qid - Get domain by query id. | ||
| 2102 | * | ||
| 2103 | * @serial: Query ID assigned by tomoyo_supervisor(). | ||
| 2104 | * | ||
| 2105 | * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. | ||
| 2106 | */ | ||
| 2107 | static struct tomoyo_domain_info *tomoyo_find_domain_by_qid | ||
| 2108 | (unsigned int serial) | ||
| 2109 | { | ||
| 2110 | struct tomoyo_query *ptr; | ||
| 2111 | struct tomoyo_domain_info *domain = NULL; | ||
| 2112 | spin_lock(&tomoyo_query_list_lock); | ||
| 2113 | list_for_each_entry(ptr, &tomoyo_query_list, list) { | ||
| 2114 | if (ptr->serial != serial || ptr->answer) | ||
| 2115 | continue; | ||
| 2116 | domain = ptr->domain; | ||
| 2117 | break; | ||
| 2118 | } | ||
| 2119 | spin_unlock(&tomoyo_query_list_lock); | ||
| 2120 | return domain; | ||
| 2121 | } | ||
| 2122 | |||
| 2123 | /** | ||
| 2094 | * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. | 2124 | * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. |
| 2095 | * | 2125 | * |
| 2096 | * @file: Pointer to "struct file". | 2126 | * @file: Pointer to "struct file". |