Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  selinux: return -ENOMEM when memory allocation fails
  tpm: fix panic caused by "tpm: Autodetect itpm devices"
  TPM: Long default timeout fix
  trusted keys: Fix a memory leak in trusted_update().
  keys: add trusted and encrypted maintainers
  encrypted-keys: rename encrypted_defined files to encrypted
  trusted-keys: rename trusted_defined files to trusted
Linus Torvalds 14 years ago
parent
ff5fdb6149 3ac285ff23
commit
d20761a799
10 changed files with 40 additions and 14 deletions
Split View Show Diff Stats
  1. 22 0
      MAINTAINERS
  2. 6 4
      drivers/char/tpm/tpm.c
  3. 3 3
      drivers/char/tpm/tpm_tis.c
  4. 2 2
      security/keys/Makefile
  5. 2 1
      security/keys/encrypted.c
  6. 0 0
      security/keys/encrypted.h
  7. 2 1
      security/keys/trusted.c
  8. 0 0
      security/keys/trusted.h
  9. 1 1
      security/selinux/ss/conditional.c
  10. 2 2
      security/selinux/ss/policydb.c

+ 22 - 0
MAINTAINERS
View File 

@@ -3674,6 +3674,28 @@ F:	include/linux/key-type.h
 
 F:	include/keys/
 
 F:	security/keys/
 
 
+KEYS-TRUSTED
 
+M:	David Safford <safford@watson.ibm.com>
 
+M:	Mimi Zohar <zohar@us.ibm.com>
 
+L:	linux-security-module@vger.kernel.org
 
+L:	keyrings@linux-nfs.org
 
+S:	Supported
 
+F:	Documentation/keys-trusted-encrypted.txt
 
+F:	include/keys/trusted-type.h
 
+F:	security/keys/trusted.c
 
+F:	security/keys/trusted.h
 
+
 
+KEYS-ENCRYPTED
 
+M:	Mimi Zohar <zohar@us.ibm.com>
 
+M:	David Safford <safford@watson.ibm.com>
 
+L:	linux-security-module@vger.kernel.org
 
+L:	keyrings@linux-nfs.org
 
+S:	Supported
 
+F:	Documentation/keys-trusted-encrypted.txt
 
+F:	include/keys/encrypted-type.h
 
+F:	security/keys/encrypted.c
 
+F:	security/keys/encrypted.h
 
+
 
 KGDB / KDB /debug_core
 
 M:	Jason Wessel <jason.wessel@windriver.com>
 
 W:	http://kgdb.wiki.kernel.org/

+ 6 - 4
drivers/char/tpm/tpm.c
View File 

@@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
 
 		    tpm_protected_ordinal_duration[ordinal &
 
 						   TPM_PROTECTED_ORDINAL_MASK];
 
 
-	if (duration_idx != TPM_UNDEFINED)
 
+	if (duration_idx != TPM_UNDEFINED) {
 
 		duration = chip->vendor.duration[duration_idx];
 
-	if (duration <= 0)
 
+		/* if duration is 0, it's because chip->vendor.duration wasn't */
 
+		/* filled yet, so we set the lowest timeout just to give enough */
 
+		/* time for tpm_get_timeouts() to succeed */
 
+		return (duration <= 0 ? HZ : duration);
 
+	} else
 
 		return 2 * 60 * HZ;
 
-	else
 
-		return duration;
 
 }
 
 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);

+ 3 - 3
drivers/char/tpm/tpm_tis.c
View File 

@@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
 
 		 "1.2 TPM (device-id 0x%X, rev-id %d)\n",
 
 		 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
 
 
-	if (is_itpm(to_pnp_dev(dev)))
 
-		itpm = 1;
 
-
 
 	if (itpm)
 
 		dev_info(dev, "Intel iTPM workaround enabled\n");
 
 
@@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
 
 	else
 
 		interrupts = 0;
 
 
+	if (is_itpm(pnp_dev))
 
+		itpm = 1;
 
+
 
 	return tpm_tis_init(&pnp_dev->dev, start, len, irq);
 
 }

+ 2 - 2
security/keys/Makefile
View File 

@@ -13,8 +13,8 @@ obj-y := \
 
 	request_key_auth.o \
 
 	user_defined.o
 
 
-obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
 
-obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o
 
+obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
 
+obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o
 
 obj-$(CONFIG_KEYS_COMPAT) += compat.o
 
 obj-$(CONFIG_PROC_FS) += proc.o
 
 obj-$(CONFIG_SYSCTL) += sysctl.o

+ 2 - 1
security/keys/encrypted_defined.c → security/keys/encrypted.c
View File 

@@ -30,7 +30,7 @@
 
 #include <crypto/sha.h>
 
 #include <crypto/aes.h>
 
 
-#include "encrypted_defined.h"
 
+#include "encrypted.h"
 
 
 static const char KEY_TRUSTED_PREFIX[] = "trusted:";
 
 static const char KEY_USER_PREFIX[] = "user:";
 
@@ -888,6 +888,7 @@ static int __init init_encrypted(void)
 
 out:
 
 	encrypted_shash_release();
 
 	return ret;
 
+
 
 }
 
 
 static void __exit cleanup_encrypted(void)

+ 0 - 0
security/keys/encrypted_defined.h → security/keys/encrypted.h
View File


+ 2 - 1
security/keys/trusted_defined.c → security/keys/trusted.c
View File 

@@ -29,7 +29,7 @@
 
 #include <linux/tpm.h>
 
 #include <linux/tpm_command.h>
 
 
-#include "trusted_defined.h"
 
+#include "trusted.h"
 
 
 static const char hmac_alg[] = "hmac(sha1)";
 
 static const char hash_alg[] = "sha1";
 
@@ -1032,6 +1032,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen)
 
 	ret = datablob_parse(datablob, new_p, new_o);
 
 	if (ret != Opt_update) {
 
 		ret = -EINVAL;
 
+		kfree(new_p);
 
 		goto out;
 
 	}
 
 	/* copy old key values, and reseal with new pcrs */

+ 0 - 0
security/keys/trusted_defined.h → security/keys/trusted.h
View File


+ 1 - 1
security/selinux/ss/conditional.c
View File 

@@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p)
 
 	p->bool_val_to_struct = (struct cond_bool_datum **)
 
 		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
 
 	if (!p->bool_val_to_struct)
 
-		return -1;
 
+		return -ENOMEM;
 
 	return 0;
 
 }

+ 2 - 2
security/selinux/ss/policydb.c
View File 

@@ -501,8 +501,8 @@ static int policydb_index(struct policydb *p)
 
 	if (rc)
 
 		goto out;
 
 
-	rc = -ENOMEM;
 
-	if (cond_init_bool_indexes(p))
 
+	rc = cond_init_bool_indexes(p);
 
+	if (rc)
 
 		goto out;
 
 
 	for (i = 0; i < SYM_NUM; i++) {