Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: selinux: return -ENOMEM when memory allocation fails tpm: fix panic caused by "tpm: Autodetect itpm devices" TPM: Long default timeout fix trusted keys: Fix a memory leak in trusted_update(). keys: add trusted and encrypted maintainers encrypted-keys: rename encrypted_defined files to encrypted trusted-keys: rename trusted_defined files to trusted
This commit is contained in:
commit
d20761a799
22
MAINTAINERS
22
MAINTAINERS
|
@ -3674,6 +3674,28 @@ F: include/linux/key-type.h
|
|||
F: include/keys/
|
||||
F: security/keys/
|
||||
|
||||
KEYS-TRUSTED
|
||||
M: David Safford <safford@watson.ibm.com>
|
||||
M: Mimi Zohar <zohar@us.ibm.com>
|
||||
L: linux-security-module@vger.kernel.org
|
||||
L: keyrings@linux-nfs.org
|
||||
S: Supported
|
||||
F: Documentation/keys-trusted-encrypted.txt
|
||||
F: include/keys/trusted-type.h
|
||||
F: security/keys/trusted.c
|
||||
F: security/keys/trusted.h
|
||||
|
||||
KEYS-ENCRYPTED
|
||||
M: Mimi Zohar <zohar@us.ibm.com>
|
||||
M: David Safford <safford@watson.ibm.com>
|
||||
L: linux-security-module@vger.kernel.org
|
||||
L: keyrings@linux-nfs.org
|
||||
S: Supported
|
||||
F: Documentation/keys-trusted-encrypted.txt
|
||||
F: include/keys/encrypted-type.h
|
||||
F: security/keys/encrypted.c
|
||||
F: security/keys/encrypted.h
|
||||
|
||||
KGDB / KDB /debug_core
|
||||
M: Jason Wessel <jason.wessel@windriver.com>
|
||||
W: http://kgdb.wiki.kernel.org/
|
||||
|
|
|
@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
|
|||
tpm_protected_ordinal_duration[ordinal &
|
||||
TPM_PROTECTED_ORDINAL_MASK];
|
||||
|
||||
if (duration_idx != TPM_UNDEFINED)
|
||||
if (duration_idx != TPM_UNDEFINED) {
|
||||
duration = chip->vendor.duration[duration_idx];
|
||||
if (duration <= 0)
|
||||
/* if duration is 0, it's because chip->vendor.duration wasn't */
|
||||
/* filled yet, so we set the lowest timeout just to give enough */
|
||||
/* time for tpm_get_timeouts() to succeed */
|
||||
return (duration <= 0 ? HZ : duration);
|
||||
} else
|
||||
return 2 * 60 * HZ;
|
||||
else
|
||||
return duration;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
|
||||
|
||||
|
|
|
@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
|
|||
"1.2 TPM (device-id 0x%X, rev-id %d)\n",
|
||||
vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
|
||||
|
||||
if (is_itpm(to_pnp_dev(dev)))
|
||||
itpm = 1;
|
||||
|
||||
if (itpm)
|
||||
dev_info(dev, "Intel iTPM workaround enabled\n");
|
||||
|
||||
|
@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
|
|||
else
|
||||
interrupts = 0;
|
||||
|
||||
if (is_itpm(pnp_dev))
|
||||
itpm = 1;
|
||||
|
||||
return tpm_tis_init(&pnp_dev->dev, start, len, irq);
|
||||
}
|
||||
|
||||
|
|
|
@ -13,8 +13,8 @@ obj-y := \
|
|||
request_key_auth.o \
|
||||
user_defined.o
|
||||
|
||||
obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
|
||||
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o
|
||||
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
|
||||
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o
|
||||
obj-$(CONFIG_KEYS_COMPAT) += compat.o
|
||||
obj-$(CONFIG_PROC_FS) += proc.o
|
||||
obj-$(CONFIG_SYSCTL) += sysctl.o
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include <crypto/sha.h>
|
||||
#include <crypto/aes.h>
|
||||
|
||||
#include "encrypted_defined.h"
|
||||
#include "encrypted.h"
|
||||
|
||||
static const char KEY_TRUSTED_PREFIX[] = "trusted:";
|
||||
static const char KEY_USER_PREFIX[] = "user:";
|
||||
|
@ -888,6 +888,7 @@ static int __init init_encrypted(void)
|
|||
out:
|
||||
encrypted_shash_release();
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
static void __exit cleanup_encrypted(void)
|
|
@ -29,7 +29,7 @@
|
|||
#include <linux/tpm.h>
|
||||
#include <linux/tpm_command.h>
|
||||
|
||||
#include "trusted_defined.h"
|
||||
#include "trusted.h"
|
||||
|
||||
static const char hmac_alg[] = "hmac(sha1)";
|
||||
static const char hash_alg[] = "sha1";
|
||||
|
@ -1032,6 +1032,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen)
|
|||
ret = datablob_parse(datablob, new_p, new_o);
|
||||
if (ret != Opt_update) {
|
||||
ret = -EINVAL;
|
||||
kfree(new_p);
|
||||
goto out;
|
||||
}
|
||||
/* copy old key values, and reseal with new pcrs */
|
|
@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p)
|
|||
p->bool_val_to_struct = (struct cond_bool_datum **)
|
||||
kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
|
||||
if (!p->bool_val_to_struct)
|
||||
return -1;
|
||||
return -ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -501,8 +501,8 @@ static int policydb_index(struct policydb *p)
|
|||
if (rc)
|
||||
goto out;
|
||||
|
||||
rc = -ENOMEM;
|
||||
if (cond_init_bool_indexes(p))
|
||||
rc = cond_init_bool_indexes(p);
|
||||
if (rc)
|
||||
goto out;
|
||||
|
||||
for (i = 0; i < SYM_NUM; i++) {
|
||||
|
|
Loading…
Reference in New Issue