Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83fdbfbf authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits)
  TOMOYO: Add recursive directory matching operator support.
  remove CONFIG_SECURITY_FILE_CAPABILITIES compile option
  SELinux: print denials for buggy kernel with unknown perms
  Silence the existing API for capability version compatibility check.
  LSM: Move security_path_chmod()/security_path_chown() to after mutex_lock().
  SELinux: header generation may hit infinite loop
  selinux: Fix warnings
  security: report the module name to security_module_request
  Config option to set a default LSM
  sysctl: require CAP_SYS_RAWIO to set mmap_min_addr
  tpm: autoload tpm_tis based on system PnP IDs
  tpm_tis: TPM_STS_DATA_EXPECT workaround
  define convenient securebits masks for prctl users (v2)
  tpm: fix header for modular build
  tomoyo: improve hash bucket dispersion
  tpm add default function definitions
  LSM: imbed ima calls in the security hooks
  SELinux: add .gitignore files for dynamic classes
  security: remove root_plug
  SELinux: fix locking issue introduced with c6d3aaa4
  ...
parents d9b2c4d0 c84d6efd

Documentation/dontdiff

+3 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ aicdb.h* 
asm-offsets.h

asm_offsets.h

autoconf.h*

av_permissions.h

bbootsect

bin2c

binkernel.spec
@@ -95,12 +96,14 @@ docproc 
elf2ecoff

elfconfig.h*

fixdep

flask.h

fore200e_mkfirm

fore200e_pca_fw.c*

gconf

gen-devlist

gen_crc32table

gen_init_cpio

genheaders

genksyms

*_gray256.c

ihex2fw

Documentation/kernel-parameters.txt

+0 −10
Original line number Diff line number Diff line
@@ -85,7 +85,6 @@ parameter is applicable: 
	PPT	Parallel port support is enabled.

	PS2	Appropriate PS/2 support is enabled.

	RAM	RAM disk support is enabled.

	ROOTPLUG The example Root Plug LSM is enabled.

	S390	S390 architecture is enabled.

	SCSI	Appropriate SCSI support is enabled.

			A lot of drivers has their options described inside of
@@ -2164,15 +2163,6 @@ and is between 256 and 4096 characters. It is defined in the file 
			Useful for devices that are detected asynchronously

			(e.g. USB and MMC devices).



	root_plug.vendor_id=

			[ROOTPLUG] Override the default vendor ID



	root_plug.product_id=

			[ROOTPLUG] Override the default product ID



	root_plug.debug=

			[ROOTPLUG] Enable debugging output



	rw		[KNL] Mount root device read-write on boot



	S		[KNL] Run init in single mode

drivers/char/tpm/tpm.c

+1 −1
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ 


enum tpm_const {

	TPM_MINOR = 224,	/* officially assigned */

	TPM_BUFSIZE = 2048,

	TPM_BUFSIZE = 4096,

	TPM_NUM_DEVICES = 256,

};

drivers/char/tpm/tpm_tis.c

+10 −1
Original line number Diff line number Diff line
@@ -257,6 +257,10 @@ static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count) 
	return size;

}



static int itpm;

module_param(itpm, bool, 0444);

MODULE_PARM_DESC(itpm, "Force iTPM workarounds (found on some Lenovo laptops)");



/*

 * If interrupts are used (signaled by an irq set in the vendor structure)

 * tpm.c can skip polling for the data to be available as the interrupt is
@@ -293,7 +297,7 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) 
		wait_for_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c,

			      &chip->vendor.int_queue);

		status = tpm_tis_status(chip);

		if ((status & TPM_STS_DATA_EXPECT) == 0) {

		if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {

			rc = -EIO;

			goto out_err;

		}
@@ -467,6 +471,10 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, 
		 "1.2 TPM (device-id 0x%X, rev-id %d)\n",

		 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));



	if (itpm)

		dev_info(dev, "Intel iTPM workaround enabled\n");





	/* Figure out the capabilities */

	intfcaps =

	    ioread32(chip->vendor.iobase +
@@ -629,6 +637,7 @@ static struct pnp_device_id tpm_pnp_tbl[] __devinitdata = { 
	{"", 0},		/* User Specified */

	{"", 0}			/* Terminator */

};

MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl);



static __devexit void tpm_tis_pnp_remove(struct pnp_dev *dev)

{

fs/exec.c

+0 −4
Original line number Diff line number Diff line
@@ -46,7 +46,6 @@ 
#include <linux/proc_fs.h>

#include <linux/mount.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/syscalls.h>

#include <linux/tsacct_kern.h>

#include <linux/cn_proc.h>
@@ -1207,9 +1206,6 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) 
	struct linux_binfmt *fmt;



	retval = security_bprm_check(bprm);

	if (retval)

		return retval;

	retval = ima_bprm_check(bprm);

	if (retval)

		return retval;