Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: pci: use security_capable() when checking capablities during config space read security: add cred argument to security_capable() tpm_tis: Use timeouts returned from TPM
This commit is contained in:
commit
f7909fb835
|
@ -577,9 +577,11 @@ duration:
|
|||
if (rc)
|
||||
return;
|
||||
|
||||
if (be32_to_cpu(tpm_cmd.header.out.return_code)
|
||||
!= 3 * sizeof(u32))
|
||||
if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
|
||||
be32_to_cpu(tpm_cmd.header.out.length)
|
||||
!= sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
|
||||
return;
|
||||
|
||||
duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
|
||||
chip->vendor.duration[TPM_SHORT] =
|
||||
usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
|
||||
|
@ -939,6 +941,18 @@ ssize_t tpm_show_caps_1_2(struct device * dev,
|
|||
}
|
||||
EXPORT_SYMBOL_GPL(tpm_show_caps_1_2);
|
||||
|
||||
ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr,
|
||||
char *buf)
|
||||
{
|
||||
struct tpm_chip *chip = dev_get_drvdata(dev);
|
||||
|
||||
return sprintf(buf, "%d %d %d\n",
|
||||
jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]),
|
||||
jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]),
|
||||
jiffies_to_usecs(chip->vendor.duration[TPM_LONG]));
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(tpm_show_timeouts);
|
||||
|
||||
ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
|
||||
const char *buf, size_t count)
|
||||
{
|
||||
|
|
|
@ -56,6 +56,8 @@ extern ssize_t tpm_show_owned(struct device *, struct device_attribute *attr,
|
|||
char *);
|
||||
extern ssize_t tpm_show_temp_deactivated(struct device *,
|
||||
struct device_attribute *attr, char *);
|
||||
extern ssize_t tpm_show_timeouts(struct device *,
|
||||
struct device_attribute *attr, char *);
|
||||
|
||||
struct tpm_chip;
|
||||
|
||||
|
|
|
@ -376,6 +376,7 @@ static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
|
|||
NULL);
|
||||
static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL);
|
||||
static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
|
||||
static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
|
||||
|
||||
static struct attribute *tis_attrs[] = {
|
||||
&dev_attr_pubek.attr,
|
||||
|
@ -385,7 +386,8 @@ static struct attribute *tis_attrs[] = {
|
|||
&dev_attr_owned.attr,
|
||||
&dev_attr_temp_deactivated.attr,
|
||||
&dev_attr_caps.attr,
|
||||
&dev_attr_cancel.attr, NULL,
|
||||
&dev_attr_cancel.attr,
|
||||
&dev_attr_timeouts.attr, NULL,
|
||||
};
|
||||
|
||||
static struct attribute_group tis_attr_grp = {
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
#include <linux/mm.h>
|
||||
#include <linux/fs.h>
|
||||
#include <linux/capability.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/pci-aspm.h>
|
||||
#include <linux/slab.h>
|
||||
#include "pci.h"
|
||||
|
@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
|
|||
u8 *data = (u8*) buf;
|
||||
|
||||
/* Several chips lock up trying to read undefined config space */
|
||||
if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
|
||||
if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
|
||||
size = dev->cfg_size;
|
||||
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
|
||||
size = 128;
|
||||
|
|
|
@ -1662,7 +1662,7 @@ int security_capset(struct cred *new, const struct cred *old,
|
|||
const kernel_cap_t *effective,
|
||||
const kernel_cap_t *inheritable,
|
||||
const kernel_cap_t *permitted);
|
||||
int security_capable(int cap);
|
||||
int security_capable(const struct cred *cred, int cap);
|
||||
int security_real_capable(struct task_struct *tsk, int cap);
|
||||
int security_real_capable_noaudit(struct task_struct *tsk, int cap);
|
||||
int security_sysctl(struct ctl_table *table, int op);
|
||||
|
@ -1856,9 +1856,9 @@ static inline int security_capset(struct cred *new,
|
|||
return cap_capset(new, old, effective, inheritable, permitted);
|
||||
}
|
||||
|
||||
static inline int security_capable(int cap)
|
||||
static inline int security_capable(const struct cred *cred, int cap)
|
||||
{
|
||||
return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT);
|
||||
return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT);
|
||||
}
|
||||
|
||||
static inline int security_real_capable(struct task_struct *tsk, int cap)
|
||||
|
|
|
@ -306,7 +306,7 @@ int capable(int cap)
|
|||
BUG();
|
||||
}
|
||||
|
||||
if (security_capable(cap) == 0) {
|
||||
if (security_capable(current_cred(), cap) == 0) {
|
||||
current->flags |= PF_SUPERPRIV;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -154,10 +154,9 @@ int security_capset(struct cred *new, const struct cred *old,
|
|||
effective, inheritable, permitted);
|
||||
}
|
||||
|
||||
int security_capable(int cap)
|
||||
int security_capable(const struct cred *cred, int cap)
|
||||
{
|
||||
return security_ops->capable(current, current_cred(), cap,
|
||||
SECURITY_CAP_AUDIT);
|
||||
return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
|
||||
}
|
||||
|
||||
int security_real_capable(struct task_struct *tsk, int cap)
|
||||
|
|
Loading…
Reference in New Issue