Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8fe1500 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of... 

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (26 commits)
  selinux: include vmalloc.h for vmalloc_user
  secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set
  selinux: implement mmap on /selinux/policy
  SELinux: allow userspace to read policy back out of the kernel
  SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE
  SELinux: deterministic ordering of range transition rules
  kernel: roundup should only reference arguments once
  kernel: rounddown helper function
  secmark: export secctx, drop secmark in procfs
  conntrack: export lsm context rather than internal secid via netlink
  security: secid_to_secctx returns len when data is NULL
  secmark: make secmark object handling generic
  secmark: do not return early if there was no error
  AppArmor: Ensure the size of the copy is < the buffer allocated to hold it
  TOMOYO: Print URL information before panic().
  security: remove unused parameter from security_task_setscheduler()
  tpm: change 'tpm_suspend_pcr' to be module parameter
  selinux: fix up style problem on /selinux/status
  selinux: change to new flag variable
  selinux: really fix dependency causing parallel compile failure.
  ...
parents 94ebd235 f0d3d989

arch/mips/kernel/mips-mt-fpaff.c

+1 −1
Original line number Diff line number Diff line
@@ -103,7 +103,7 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len, 
	if (!check_same_owner(p) && !capable(CAP_SYS_NICE))

		goto out_unlock;



	retval = security_task_setscheduler(p, 0, NULL);

	retval = security_task_setscheduler(p)

	if (retval)

		goto out_unlock;

drivers/char/tpm/tpm.c

+10 −12
Original line number Diff line number Diff line
@@ -47,6 +47,16 @@ enum tpm_duration { 
#define TPM_MAX_PROTECTED_ORDINAL 12

#define TPM_PROTECTED_ORDINAL_MASK 0xFF



/*

 * Bug workaround - some TPM's don't flush the most

 * recently changed pcr on suspend, so force the flush

 * with an extend to the selected _unused_ non-volatile pcr.

 */

static int tpm_suspend_pcr;

module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);

MODULE_PARM_DESC(suspend_pcr,

		 "PCR to use for dummy writes to faciltate flush on suspend.");



static LIST_HEAD(tpm_chip_list);

static DEFINE_SPINLOCK(driver_lock);

static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES);
@@ -1077,18 +1087,6 @@ static struct tpm_input_header savestate_header = { 
	.ordinal = TPM_ORD_SAVESTATE

};



/* Bug workaround - some TPM's don't flush the most

 * recently changed pcr on suspend, so force the flush

 * with an extend to the selected _unused_ non-volatile pcr.

 */

static int tpm_suspend_pcr;

static int __init tpm_suspend_setup(char *str)

{

	get_option(&str, &tpm_suspend_pcr);

	return 1;

}

__setup("tpm_suspend_pcr=", tpm_suspend_setup);



/*

 * We are about to suspend. Save the TPM state

 * so that it can be restored.

include/linux/kernel.h

+12 −1
Original line number Diff line number Diff line
@@ -58,7 +58,18 @@ extern const char linux_proc_banner[]; 


#define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f))

#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))

#define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y))

#define roundup(x, y) (					\

{							\

	typeof(y) __y = y;				\

	(((x) + (__y - 1)) / __y) * __y;		\

}							\

)

#define rounddown(x, y) (				\

{							\

	typeof(x) __x = (x);				\

	__x - (__x % (y));				\

}							\

)

#define DIV_ROUND_CLOSEST(x, divisor)(			\

{							\

	typeof(divisor) __divisor = divisor;		\

include/linux/netfilter/nfnetlink_conntrack.h

+9 −1
Original line number Diff line number Diff line
@@ -39,8 +39,9 @@ enum ctattr_type { 
	CTA_TUPLE_MASTER,

	CTA_NAT_SEQ_ADJ_ORIG,

	CTA_NAT_SEQ_ADJ_REPLY,

	CTA_SECMARK,

	CTA_SECMARK,		/* obsolete */

	CTA_ZONE,

	CTA_SECCTX,

	__CTA_MAX

};

#define CTA_MAX (__CTA_MAX - 1)
@@ -172,4 +173,11 @@ enum ctattr_help { 
};

#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)



enum ctattr_secctx {

	CTA_SECCTX_UNSPEC,

	CTA_SECCTX_NAME,

	__CTA_SECCTX_MAX

};

#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)



#endif /* _IPCONNTRACK_NETLINK_H */

include/linux/netfilter/xt_SECMARK.h

+3 −9
Original line number Diff line number Diff line
@@ -11,18 +11,12 @@ 
 * packets are being marked for.

 */

#define SECMARK_MODE_SEL	0x01		/* SELinux */

#define SECMARK_SELCTX_MAX	256



struct xt_secmark_target_selinux_info {

	__u32 selsid;

	char selctx[SECMARK_SELCTX_MAX];

};

#define SECMARK_SECCTX_MAX	256



struct xt_secmark_target_info {

	__u8 mode;

	union {

		struct xt_secmark_target_selinux_info sel;

	} u;

	__u32 secid;

	char secctx[SECMARK_SECCTX_MAX];

};



#endif /*_XT_SECMARK_H_target */