| Age | Commit message (Collapse) | Author |
|---|
|
Info about new measurements are cached in the iint for performance. When
the inode is flushed from cache, the associated iint is flushed as well.
Subsequent access to the inode will cause the inode to be re-measured and
will attempt to add a duplicate entry to the measurement list.
This patch frees the duplicate measurement memory, fixing a memory leak.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Cc: stable@vger.kernel.org
|
|
This documents the fields added to security_file_mmap() that were
introduced in ed0321895182ffb6ecf210e066d87911b270d587.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
The semantic patch that makes this change is available
in scripts/coccinelle/api/alloc/drop_kmalloc_cast.cocci.
Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
The 'aabool' wrappers actually pass off to the 'bool' parse functions,
so you should use the same check function. Similarly for aauint and
uint.
(Note that 'bool' module parameters also allow 'int', which is why you
got away with this, but that's changing very soon.)
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
This adds the .gitignore file for the autogenerated TOMOYO files to keep
git from complaining after building things.
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Adds a missed rcu_dereference() around real_parent.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Adds a missed rcu_dereference() around real_parent.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
There is a small chance of racing during tfm allocation.
This patch fixes it.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
We can't call mpi_free() on the elements if the first kzalloc() fails.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Fix build errors by adding Kconfig dependency on KEYS.
CRYPTO dependency removed.
CC security/integrity/digsig.o
security/integrity/digsig.c: In function ?integrity_digsig_verify?:
security/integrity/digsig.c:38:4: error: implicit declaration of function ?request_key?
security/integrity/digsig.c:38:17: error: ?key_type_keyring? undeclared (first use in this function)
security/integrity/digsig.c:38:17: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [security/integrity/digsig.o] Error 1
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kasatkin/linux-digsig into next
|
|
|
|
Give keys their own lockdep class to differentiate them from each other in case
a key of one type has to refer to a key of another type.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
It's incorrect to assume that buffers returned by the TPM
10 bytes long are always error reports. This patches
parses the error field in its header instead. The error report
is now being printed using dev_err() instead of dev_dbg(), making
it easier for users to provide more detailed bug reports.
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
|
|
A previous commit removed its PNP dependency, that in fact wasn't
necessary, but also allowed it be built for other architectures not
supported by it. This then caused kernel oops on PPC based machines.
I'm placing a x86 dependency back correctly.
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
|
|
Moved wait_for_stat to tpm.c so that other drivers can use it.
Also renamed it to avoid future namespace conflicts.
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
|
|
Moved from using tpm_tis_status() to the vendor specific
one in wait_for_stat(). This way other TPM drivers can use it
instead of reimplementing another.
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
|
|
This patch adds a delay after aborting a command. Some TPMs need
this and will not process the subsequent command correctly otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Check the return code from getting the TPM's timeouts and durations
and reject the driver if they could not be read.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
This patch introduces a function that runs the TPM_ContinueSelfTest()
function and then polls the TPM to check whether it finished the selftest
and can receive new commands.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Cleanup the tpm_continue_selftest function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Have the tpm_get_timeouts function return an error code.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
|
|
Clarify the purpose of the LSM interface with some brief examples and
pointers to additional documentation.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: lantiq: use export.h in favour of module.h
MAINTAINERS: The MIPS git tree has moved.
MIPS: Fix build error due to missing inclusion of <linux/export.h>.
MIPS: ASID conflict after CPU hotplug
MIPS: Octeon: Fix compile error in arch/mips/cavium-octeon/flash_setup.c
MIPS: errloongson2_clock: Fix build error by including linux/module.h
STAGING: octeon-ethernet: Fix compile error caused by skb_frag_struct change
MIPS: Hook up process_vm_readv and process_vm_writev system calls.
MIPS: Kernel hangs occasionally during boot.
MIPS: Octeon: Mark SMP-IPI interrupt as IRQF_NO_THREAD
MIPS: BCM47xx: fix build with GENERIC_GPIO configuration
MIPS: NXP: Remove unused source files.
MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check
|
|
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/kms: fix segfault in pm rework
drm/radeon/kms: fix up gpio i2c mask bits for r4xx
drm/radeon: add some missing FireMV pci ids
vgaarb: a NULL bridge is acceptable for root devices.
drm: Remove utterly bogus preempt_disable() sections
|
|
If we fail to prepare an anon_vma, the {new, old}_page should be released,
or they will leak.
Signed-off-by: Hillf Danton <dhillf@gmail.com>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Johannes Weiner <jweiner@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The current implementation of dmi_name_in_vendors() is an invitation to
lazy coding and false positives [1]. Searching for a string in 8 know
what you're looking for, so you should know where to look. strstr isn't
fast, especially when it fails, so we should avoid calling it when it
just can't succeed.
Looking at the current users of the function, it seems clear to me that
they are looking for a system or board vendor name, so let's limit
dmi_name_in_vendors to these two DMI fields. This much better matches
the function name, BTW.
[1] We currently have code looking for short names in DMI data, such as
"IBM", "ASUS" or "Acer". I let you guess what will happen the day other
vendors ship products named, for example, "SCHREIBMEISTER", "PEGASUS" or
"Acerola".
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Commit c9f01245 ("oom: remove oom_disable_count") has removed the
oom_disable_count counter which has been used for early break out from
oom_badness so we could never select a task with oom_score_adj set to
OOM_SCORE_ADJ_MIN (oom disabled).
Now that the counter is gone we are always going through heuristics
calculation and we always return a non zero positive value. This means
that we can end up killing a task with OOM disabled because it is
indistinguishable from regular tasks with 1% resp. CAP_SYS_ADMIN tasks
with 3% usage of memory or tasks with oom_score_adj set but OOM enabled.
Let's break out early if the task should have OOM disabled.
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ying Han <yinghan@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The driver for the DigsyMTC display configuration EEPROMs device got
added by commit 469dded183 ("misc/eeprom: add eeprom access driver for
digsy_mtc board"). Its Kconfig symbol depends on PPC_MPC5200_GPIO. But
at the time that driver got added PPC_MPC5200_GPIO was already renamed
to GPIO_MPC5200, by commit 6eae1ace68 ("gpio: Move mpc5200 gpio driver
to drivers/gpio").
So make this driver depend on GPIO_MPC5200. And since GPIO_MPC5200
itself implies that GPIOLIB is set, that dependency can be dropped.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Anatolij Gustschin <agust@denx.de>
Cc: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
As discussed at Kernel Summit(2011), new cgroups mailing list is opened
by James. This list is for discussing general cgroup design and patches
including all subsystems and for getting more attentions to
cgroups/namespaces related issues by developpers.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Revert commit 6123b0e274503a0d3588e84fbe07c9aa01bfaf5d.
The problem this patch intends to solve has alreadqy been fixed by
commit 7a5caabd090b ("drivers/leds/ledtrig-timer.c: fix broken sysfs
delay handling").
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Cc: Antonio Ospite <ospite@studenti.unina.it>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Richard Purdie <rpurdie@rpsys.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Fix a NULL pointer deref in the user-defined key type whereby updating a
negative key into a fully instantiated key will cause an oops to occur
when the code attempts to free the non-existent old payload.
This results in an oops that looks something like the following:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff81085fa1>] __call_rcu+0x11/0x13e
PGD 3391d067 PUD 3894a067 PMD 0
Oops: 0002 [#1] SMP
CPU 1
Pid: 4354, comm: keyctl Not tainted 3.1.0-fsdevel+ #1140 /DG965RY
RIP: 0010:[<ffffffff81085fa1>] [<ffffffff81085fa1>] __call_rcu+0x11/0x13e
RSP: 0018:ffff88003d591df8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000006e
RDX: ffffffff8161d0c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88003d591e18 R08: 0000000000000000 R09: ffffffff8152fa6c
R10: 0000000000000000 R11: 0000000000000300 R12: ffff88003b8f9538
R13: ffffffff8161d0c0 R14: ffff88003b8f9d50 R15: ffff88003c69f908
FS: 00007f97eb18c720(0000) GS:ffff88003bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000003d47a000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process keyctl (pid: 4354, threadinfo ffff88003d590000, task ffff88003c78a040)
Stack:
ffff88003e0ffde0 ffff88003b8f9538 0000000000000001 ffff88003b8f9d50
ffff88003d591e28 ffffffff810860f0 ffff88003d591e68 ffffffff8117bfea
ffff88003d591e68 ffffffff00000000 ffff88003e0ffde1 ffff88003e0ffde0
Call Trace:
[<ffffffff810860f0>] call_rcu_sched+0x10/0x12
[<ffffffff8117bfea>] user_update+0x8d/0xa2
[<ffffffff8117723a>] key_create_or_update+0x236/0x270
[<ffffffff811789b1>] sys_add_key+0x123/0x17e
[<ffffffff813b84bb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Neil Horman <nhorman@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Make the security_inode_init_security() initxattrs arg const, to match the
non-stubbed version of that function.
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Fixes i2c test failures when i2c_algo_bit.bit_test=1.
The hw doesn't actually require a mask, so just set it
to the default mask bits for r1xx-r4xx radeon ddc.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@kernel.org
Cc: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Noticed by Egbert.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@kernel.org
Cc: Egbert Eich <eich@suse.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
* 'iommu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu: omap: Fix compile failure
|
|
* 'fixes' of git://git.linaro.org/people/triad/linux-pinctrl:
pinctrl: hide subsystem from the populace
pinctrl: fix "warning: 'struct pinctrl_dev' declared inside parameter list"
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux:
fsl-rio: fix compile error
|
|
* 'gpio/merge' of git://git.secretlab.ca/git/linux-2.6:
gpio: pca953x: propagate the errno from the chip_init functions
gpio: pca953x: remove unneeded check for chip type
gpio/omap: check return value from irq_alloc_generic_chip
gpio/omap: replace MOD_REG_BIT macro with static inline
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin:
blackfin: Fixup export.h includes
Blackfin: add serial TX IRQ in individual platform resource
|
|
On a corrupted file system the ->len field could be wrong leading to
a buffer overflow.
Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The "#include <linux/module.h>" was replaced by "#include <linux/export.h>"
in the patch "powerpc: various straight conversions from module.h --> export.h".
This will cause the following compile problem:
arch/powerpc/sysdev/fsl_rio.c: In function 'fsl_rio_mcheck_exception':
arch/powerpc/sysdev/fsl_rio.c:296: error: implicit declaration of function 'search_exception_tables'.
The file fsl_rio.c needs the declaration of function "search_exception_tables"
in the header file "linux/module.h".
Signed-off-by: Liu Gang <Gang.Liu@freescale.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
The code located at arch/mips/lantiq/ included module.h to be able to use
the EXPORT_SYMBOL* macros. These can now be directly included using
export.h.
Signed-off-by: John Crispin <blogic@openwrt.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/2937/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
I assumed all PCI buses had a bridge, but playing with qemu recently, I
discovered vgaarb bug where it wasn't detecting both devices shared a bridge
at the root level.
Don't check for NULL, if two buses have a NULL bridge, assume they share the
root bus.
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
