Loading Documentation/credentials.txt +5 −9 Original line number Diff line number Diff line Loading @@ -408,9 +408,6 @@ This should be used inside the RCU read lock, as in the following example: ... } A function need not get RCU read lock to use __task_cred() if it is holding a spinlock at the time as this implicitly holds the RCU read lock. Should it be necessary to hold another task's credentials for a long period of time, and possibly to sleep whilst doing so, then the caller should get a reference on them using: Loading @@ -426,17 +423,16 @@ credentials, hiding the RCU magic from the caller: uid_t task_uid(task) Task's real UID uid_t task_euid(task) Task's effective UID If the caller is holding a spinlock or the RCU read lock at the time anyway, then: If the caller is holding the RCU read lock at the time anyway, then: __task_cred(task)->uid __task_cred(task)->euid should be used instead. Similarly, if multiple aspects of a task's credentials need to be accessed, RCU read lock or a spinlock should be used, __task_cred() called, the result stored in a temporary pointer and then the credential aspects called from that before dropping the lock. This prevents the potentially expensive RCU magic from being invoked multiple times. need to be accessed, RCU read lock should be used, __task_cred() called, the result stored in a temporary pointer and then the credential aspects called from that before dropping the lock. This prevents the potentially expensive RCU magic from being invoked multiple times. Should some other single aspect of another task's credentials need to be accessed, then this can be used: Loading Documentation/kernel-parameters.txt +10 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,7 @@ parameter is applicable: SWSUSP Software suspend (hibernation) is enabled. SUSPEND System suspend states are enabled. FTRACE Function tracing enabled. TPM TPM drivers are enabled. TS Appropriate touchscreen support is enabled. UMS USB Mass Storage support is enabled. USB USB support is enabled. Loading Loading @@ -2610,6 +2611,15 @@ and is between 256 and 4096 characters. It is defined in the file tp720= [HW,PS2] tpm_suspend_pcr=[HW,TPM] Format: integer pcr id Specify that at suspend time, the tpm driver should extend the specified pcr with zeros, as a workaround for some chips which fail to flush the last written pcr on TPM_SaveState. This will guarantee that all the other pcrs are saved. trace_buf_size=nn[KMG] [FTRACE] will set tracing buffer size. Loading drivers/char/tpm/Kconfig +4 −2 Original line number Diff line number Diff line Loading @@ -17,14 +17,16 @@ menuconfig TCG_TPM obtained at: <http://sourceforge.net/projects/trousers>. To compile this driver as a module, choose M here; the module will be called tpm. If unsure, say N. Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI Notes: 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. 2) Without ACPI enabled, the BIOS event log won't be accessible, which is required to validate the PCR 0-7 values. if TCG_TPM config TCG_TIS tristate "TPM Interface Specification 1.2 Interface" depends on PNP ---help--- If you have a TPM security chip that is compliant with the TCG TIS 1.2 TPM specification say Yes and it will be accessible Loading drivers/char/tpm/tpm.c +40 −7 Original line number Diff line number Diff line Loading @@ -1068,6 +1068,27 @@ void tpm_remove_hardware(struct device *dev) } EXPORT_SYMBOL_GPL(tpm_remove_hardware); #define TPM_ORD_SAVESTATE cpu_to_be32(152) #define SAVESTATE_RESULT_SIZE 10 static struct tpm_input_header savestate_header = { .tag = TPM_TAG_RQU_COMMAND, .length = cpu_to_be32(10), .ordinal = TPM_ORD_SAVESTATE }; /* Bug workaround - some TPM's don't flush the most * recently changed pcr on suspend, so force the flush * with an extend to the selected _unused_ non-volatile pcr. */ static int tpm_suspend_pcr; static int __init tpm_suspend_setup(char *str) { get_option(&str, &tpm_suspend_pcr); return 1; } __setup("tpm_suspend_pcr=", tpm_suspend_setup); /* * We are about to suspend. Save the TPM state * so that it can be restored. Loading @@ -1075,17 +1096,29 @@ EXPORT_SYMBOL_GPL(tpm_remove_hardware); int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) { struct tpm_chip *chip = dev_get_drvdata(dev); u8 savestate[] = { 0, 193, /* TPM_TAG_RQU_COMMAND */ 0, 0, 0, 10, /* blob length (in bytes) */ 0, 0, 0, 152 /* TPM_ORD_SaveState */ }; struct tpm_cmd_t cmd; int rc; u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; if (chip == NULL) return -ENODEV; tpm_transmit(chip, savestate, sizeof(savestate)); return 0; /* for buggy tpm, flush pcrs with extend to selected dummy */ if (tpm_suspend_pcr) { cmd.header.in = pcrextend_header; cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); memcpy(cmd.params.pcrextend_in.hash, dummy_hash, TPM_DIGEST_SIZE); rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, "extending dummy pcr before suspend"); } /* now do the actual savestate */ cmd.header.in = savestate_header; rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, "sending savestate before suspend"); return rc; } EXPORT_SYMBOL_GPL(tpm_pm_suspend); Loading drivers/char/tpm/tpm_tis.c +21 −19 Original line number Diff line number Diff line Loading @@ -598,7 +598,7 @@ out_err: tpm_remove_hardware(chip->dev); return rc; } #ifdef CONFIG_PNP static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev, const struct pnp_device_id *pnp_id) { Loading Loading @@ -663,7 +663,7 @@ static struct pnp_driver tis_pnp_driver = { module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id, sizeof(tpm_pnp_tbl[TIS_HID_USR_IDX].id), 0444); MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe"); #endif static int tpm_tis_suspend(struct platform_device *dev, pm_message_t msg) { return tpm_pm_suspend(&dev->dev, msg); Loading @@ -690,8 +690,11 @@ MODULE_PARM_DESC(force, "Force device probe rather than using ACPI entry"); static int __init init_tis(void) { int rc; #ifdef CONFIG_PNP if (!force) return pnp_register_driver(&tis_pnp_driver); #endif if (force) { rc = platform_driver_register(&tis_drv); if (rc < 0) return rc; Loading @@ -704,9 +707,6 @@ static int __init init_tis(void) return rc; } return pnp_register_driver(&tis_pnp_driver); } static void __exit cleanup_tis(void) { struct tpm_vendor_specific *i, *j; Loading @@ -728,12 +728,14 @@ static void __exit cleanup_tis(void) list_del(&i->list); } spin_unlock(&tis_lock); if (force) { #ifdef CONFIG_PNP if (!force) { pnp_unregister_driver(&tis_pnp_driver); return; } #endif platform_device_unregister(pdev); platform_driver_unregister(&tis_drv); } else pnp_unregister_driver(&tis_pnp_driver); } module_init(init_tis); Loading Loading
Documentation/credentials.txt +5 −9 Original line number Diff line number Diff line Loading @@ -408,9 +408,6 @@ This should be used inside the RCU read lock, as in the following example: ... } A function need not get RCU read lock to use __task_cred() if it is holding a spinlock at the time as this implicitly holds the RCU read lock. Should it be necessary to hold another task's credentials for a long period of time, and possibly to sleep whilst doing so, then the caller should get a reference on them using: Loading @@ -426,17 +423,16 @@ credentials, hiding the RCU magic from the caller: uid_t task_uid(task) Task's real UID uid_t task_euid(task) Task's effective UID If the caller is holding a spinlock or the RCU read lock at the time anyway, then: If the caller is holding the RCU read lock at the time anyway, then: __task_cred(task)->uid __task_cred(task)->euid should be used instead. Similarly, if multiple aspects of a task's credentials need to be accessed, RCU read lock or a spinlock should be used, __task_cred() called, the result stored in a temporary pointer and then the credential aspects called from that before dropping the lock. This prevents the potentially expensive RCU magic from being invoked multiple times. need to be accessed, RCU read lock should be used, __task_cred() called, the result stored in a temporary pointer and then the credential aspects called from that before dropping the lock. This prevents the potentially expensive RCU magic from being invoked multiple times. Should some other single aspect of another task's credentials need to be accessed, then this can be used: Loading
Documentation/kernel-parameters.txt +10 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,7 @@ parameter is applicable: SWSUSP Software suspend (hibernation) is enabled. SUSPEND System suspend states are enabled. FTRACE Function tracing enabled. TPM TPM drivers are enabled. TS Appropriate touchscreen support is enabled. UMS USB Mass Storage support is enabled. USB USB support is enabled. Loading Loading @@ -2610,6 +2611,15 @@ and is between 256 and 4096 characters. It is defined in the file tp720= [HW,PS2] tpm_suspend_pcr=[HW,TPM] Format: integer pcr id Specify that at suspend time, the tpm driver should extend the specified pcr with zeros, as a workaround for some chips which fail to flush the last written pcr on TPM_SaveState. This will guarantee that all the other pcrs are saved. trace_buf_size=nn[KMG] [FTRACE] will set tracing buffer size. Loading
drivers/char/tpm/Kconfig +4 −2 Original line number Diff line number Diff line Loading @@ -17,14 +17,16 @@ menuconfig TCG_TPM obtained at: <http://sourceforge.net/projects/trousers>. To compile this driver as a module, choose M here; the module will be called tpm. If unsure, say N. Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI Notes: 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. 2) Without ACPI enabled, the BIOS event log won't be accessible, which is required to validate the PCR 0-7 values. if TCG_TPM config TCG_TIS tristate "TPM Interface Specification 1.2 Interface" depends on PNP ---help--- If you have a TPM security chip that is compliant with the TCG TIS 1.2 TPM specification say Yes and it will be accessible Loading
drivers/char/tpm/tpm.c +40 −7 Original line number Diff line number Diff line Loading @@ -1068,6 +1068,27 @@ void tpm_remove_hardware(struct device *dev) } EXPORT_SYMBOL_GPL(tpm_remove_hardware); #define TPM_ORD_SAVESTATE cpu_to_be32(152) #define SAVESTATE_RESULT_SIZE 10 static struct tpm_input_header savestate_header = { .tag = TPM_TAG_RQU_COMMAND, .length = cpu_to_be32(10), .ordinal = TPM_ORD_SAVESTATE }; /* Bug workaround - some TPM's don't flush the most * recently changed pcr on suspend, so force the flush * with an extend to the selected _unused_ non-volatile pcr. */ static int tpm_suspend_pcr; static int __init tpm_suspend_setup(char *str) { get_option(&str, &tpm_suspend_pcr); return 1; } __setup("tpm_suspend_pcr=", tpm_suspend_setup); /* * We are about to suspend. Save the TPM state * so that it can be restored. Loading @@ -1075,17 +1096,29 @@ EXPORT_SYMBOL_GPL(tpm_remove_hardware); int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) { struct tpm_chip *chip = dev_get_drvdata(dev); u8 savestate[] = { 0, 193, /* TPM_TAG_RQU_COMMAND */ 0, 0, 0, 10, /* blob length (in bytes) */ 0, 0, 0, 152 /* TPM_ORD_SaveState */ }; struct tpm_cmd_t cmd; int rc; u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; if (chip == NULL) return -ENODEV; tpm_transmit(chip, savestate, sizeof(savestate)); return 0; /* for buggy tpm, flush pcrs with extend to selected dummy */ if (tpm_suspend_pcr) { cmd.header.in = pcrextend_header; cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); memcpy(cmd.params.pcrextend_in.hash, dummy_hash, TPM_DIGEST_SIZE); rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, "extending dummy pcr before suspend"); } /* now do the actual savestate */ cmd.header.in = savestate_header; rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, "sending savestate before suspend"); return rc; } EXPORT_SYMBOL_GPL(tpm_pm_suspend); Loading
drivers/char/tpm/tpm_tis.c +21 −19 Original line number Diff line number Diff line Loading @@ -598,7 +598,7 @@ out_err: tpm_remove_hardware(chip->dev); return rc; } #ifdef CONFIG_PNP static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev, const struct pnp_device_id *pnp_id) { Loading Loading @@ -663,7 +663,7 @@ static struct pnp_driver tis_pnp_driver = { module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id, sizeof(tpm_pnp_tbl[TIS_HID_USR_IDX].id), 0444); MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe"); #endif static int tpm_tis_suspend(struct platform_device *dev, pm_message_t msg) { return tpm_pm_suspend(&dev->dev, msg); Loading @@ -690,8 +690,11 @@ MODULE_PARM_DESC(force, "Force device probe rather than using ACPI entry"); static int __init init_tis(void) { int rc; #ifdef CONFIG_PNP if (!force) return pnp_register_driver(&tis_pnp_driver); #endif if (force) { rc = platform_driver_register(&tis_drv); if (rc < 0) return rc; Loading @@ -704,9 +707,6 @@ static int __init init_tis(void) return rc; } return pnp_register_driver(&tis_pnp_driver); } static void __exit cleanup_tis(void) { struct tpm_vendor_specific *i, *j; Loading @@ -728,12 +728,14 @@ static void __exit cleanup_tis(void) list_del(&i->list); } spin_unlock(&tis_lock); if (force) { #ifdef CONFIG_PNP if (!force) { pnp_unregister_driver(&tis_pnp_driver); return; } #endif platform_device_unregister(pdev); platform_driver_unregister(&tis_drv); } else pnp_unregister_driver(&tis_pnp_driver); } module_init(init_tis); Loading
