Merge branch 'next-fixes' of...

F:	fs/ext4/

Extended Verification Module (EVM)

M:	Mimi Zohar <zohar@us.ibm.com>

M:	Mimi Zohar <zohar@linux.vnet.ibm.com>

L:	linux-ima-devel@lists.sourceforge.net

L:	linux-security-module@vger.kernel.org

S:	Supported

F:	security/integrity/evm/

F:	drivers/ipack/

INTEGRITY MEASUREMENT ARCHITECTURE (IMA)

M:	Mimi Zohar <zohar@us.ibm.com>

M:	Mimi Zohar <zohar@linux.vnet.ibm.com>

M:	Dmitry Kasatkin <d.kasatkin@samsung.com>

L:	linux-ima-devel@lists.sourceforge.net

L:	linux-ima-user@lists.sourceforge.net

L:	linux-security-module@vger.kernel.org

S:	Supported

F:	security/integrity/ima/

F:	security/keys/

KEYS-TRUSTED

M:	David Safford <safford@watson.ibm.com>

M:	Mimi Zohar <zohar@us.ibm.com>

M:	David Safford <safford@us.ibm.com>

M:	Mimi Zohar <zohar@linux.vnet.ibm.com>

L:	linux-security-module@vger.kernel.org

L:	keyrings@linux-nfs.org

S:	Supported

F:	security/keys/trusted.h

KEYS-ENCRYPTED

M:	Mimi Zohar <zohar@us.ibm.com>

M:	David Safford <safford@watson.ibm.com>

M:	Mimi Zohar <zohar@linux.vnet.ibm.com>

M:	David Safford <safford@us.ibm.com>

L:	linux-security-module@vger.kernel.org

L:	keyrings@linux-nfs.org

S:	Supported

	atomic_t		i_count;

	atomic_t		i_dio_count;

	atomic_t		i_writecount;

#ifdef CONFIG_IMA

	atomic_t		i_readcount; /* struct files open RO */

#endif

	const struct file_operations	*i_fop;	/* former ->i_op->default_file_ops */

	struct file_lock	*i_flock;

	struct address_space	i_data;

	struct hlist_head	i_fsnotify_marks;

#endif

#ifdef CONFIG_IMA

	atomic_t		i_readcount; /* struct files open RO */

#endif

	void			*i_private; /* fs or device private pointer */

};

config EVM

	boolean "EVM support"

	depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)

	depends on SECURITY

	select KEYS

	select ENCRYPTED_KEYS

	select CRYPTO_HMAC

	select CRYPTO_MD5

	select CRYPTO_SHA1

	select ENCRYPTED_KEYS

	default n

	help

	  EVM protects a file's security extended attributes against

/* List of EVM protected security xattrs */

extern char *evm_config_xattrnames[];

extern int evm_init_key(void);

extern int evm_update_evmxattr(struct dentry *dentry,

int evm_init_key(void);

int evm_update_evmxattr(struct dentry *dentry,

			const char *req_xattr_name,

			const char *req_xattr_value,

			size_t req_xattr_value_len);

extern int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,

int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,

		  const char *req_xattr_value,

		  size_t req_xattr_value_len, char *digest);

extern int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,

int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,

		  const char *req_xattr_value,

		  size_t req_xattr_value_len, char *digest);

extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr,

int evm_init_hmac(struct inode *inode, const struct xattr *xattr,

		  char *hmac_val);

extern int evm_init_secfs(void);

int evm_init_secfs(void);

#endif

 *	 Using root's kernel master key (kmk), calculate the HMAC

 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>

#include <linux/crypto.h>

#include <linux/xattr.h>

		umode_t mode;

	} hmac_misc;

	memset(&hmac_misc, 0, sizeof hmac_misc);

	memset(&hmac_misc, 0, sizeof(hmac_misc));

	hmac_misc.ino = inode->i_ino;

	hmac_misc.generation = inode->i_generation;

	hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);

	hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);

	hmac_misc.mode = inode->i_mode;

	crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc);

	crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));

	if (evm_hmac_version > 1)

		crypto_shash_update(desc, inode->i_sb->s_uuid,

				    sizeof(inode->i_sb->s_uuid));

	desc = init_desc(EVM_XATTR_HMAC);

	if (IS_ERR(desc)) {

		printk(KERN_INFO "init_desc failed\n");

		pr_info("init_desc failed\n");

		return PTR_ERR(desc);

	}