- 28 11月, 2016 29 次提交
-
-
由 Stefan Berger 提交于
Check the bios_dir entry for NULL before accessing it. Currently this crashes the driver when a TPM 2 is attached and the entries are NULL. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Colin Ian King 提交于
device_node np contains a garbage value from the stack and it is only set if chip->dev.parent->of_node is not null. Thus the check for a null np won't spot a garbage value of np from the stack if chip->dev.parent->of_node is null and if np contains an garbage non-null value. I believe the correct fix is to return -ENODEV if and only if chip->dev.parent->of_node is null. Found with static analysis by CoverityScan, CID 1377755 Signed-off-by: NColin Ian King <colin.king@canonical.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
This patch removes the unnecessary error messages on failing to allocate memory and replaces pr_err/printk with dev_dbg/dev_info as applicable. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Using the device of_node property is a better way to refer to the device tree node rather than of_find_node_by_name(). Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Currently, read_log() has two implementations: one for ACPI platforms and the other for device tree(OF) based platforms. The proper one is selected at compile time using Kconfig and #ifdef in the Makefile, which is not the recommended approach. This patch removes the #ifdef in the Makefile by defining a single read_log() method, which checks for ACPI/OF event log properties at runtime. [jarkko.sakkinen@linux.intel.com: added tpm_ prefix to read_log*] Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
This patch fixes the missing .owner field in tpm_bios_measurements_ops definition. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Move the backing memory for the event log into tpm_chip and push the tpm_chip into read_log. This optimizes read_log processing by only doing it once and prepares things for the next patches in the series which require the tpm_chip to locate the event log via ACPI and OF handles instead of searching. This is straightfoward except for the issue of passing a kref through i_private with securityfs. Since securityfs_remove does not have any removal fencing like sysfs we use the inode lock to safely get a kref on the tpm_chip. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jarkko Sakkinen 提交于
Check for TPM2 chip in tpm_sysfs_add_device, tpm_bios_log_setup and tpm_bios_log_teardown in order to make code flow cleaner and to enable to implement TPM 2.0 support later on. This is partially derived from the commit by Nayna Jain with the extension that also tpm1_chip_register is dropped. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NNayna Jain <nayna@linux.vnet.ibm.com> Tested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: NNayna Jain <nayna@linux.vnet.ibm.com>
-
由 Jarkko Sakkinen 提交于
This commit is based on a commit by Nayna Jain. Replaced dynamically allocated bios_dir with a static array as the size is always constant. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
checkpatch.pl flags warning for symbolic permissions and suggests to replace with octal value. This patch changes securityfs pseudo files permission to octal values in tpm_bios_log_setup(). Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Baruch Siach 提交于
Signed-off-by: NBaruch Siach <baruch@tkos.co.il> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
This provides an open firwmare driver binding for tpm_tis. OF is useful on arches where ACPI/PNP is not used. The tcg,tpm-tis-mmio register map interface is specified by the TCG. Reviewed-by: NRob Herring <robh@kernel.org> Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jarkko Sakkinen 提交于
Added kdoc comments for VTPM_PROXY_IOC_NEW_DEV so that these can be imported to the kernel documentation written with rst markup and generated with Sphinx. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Stefan Berger 提交于
Only call pm_runtime_get_sync if the device has a parent. This change fixes a crash in the tpm_vtpm_proxy driver since that driver does not have a parent device. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
open() method for event log ascii and binary bios measurements file operations are very similar. This patch refactors the code into a single open() call by passing seq_operations as i_node->private data. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Newly added support of TPM 2.0 eventlog securityfs pseudo files in tpm device driver consumes device tree bindings representing I2C based Physical TPM. This patch adds the documentation for corresponding device tree bindings of I2C based Physical TPM. These bindings are similar to vtpm device tree bindings being used on IBM Power7+ and Power8 Systems running PowerVM. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Acked-by: NRob Herring <robh@kernel.org> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Virtual TPM, which is being used on IBM POWER7+ and POWER8 systems running POWERVM, is currently supported by tpm device driver but lacks the documentation. This patch adds the missing documentation for the existing support. Suggested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Acked-by: NRob Herring <robh@kernel.org> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
This is no longer necessary, all calls to tpm_chip_unregister happen in remove() callbacks. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
tpm_chip_unregister can only be called after tpm_chip_register. devm manages the allocation so no unwind is needed here. Cc: stable@vger.kernel.org Fixes: afb5abc2 ("tpm: two-phase chip management functions") Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
The tis driver does a tpm_get_timeouts out side of tpm_chip_register, and tpm_get_timeouts can print a message, resulting in two prints, eg: tpm tpm0: [Hardware Error]: Adjusting reported timeouts: A 10000->750000us B 10000->2000000us C 10000->750000us D 10000->750000us Keep track and prevent tpm_get_timeouts from running a second time, and clarify the purpose of the call in tpm_tis_core to only be connected to irq testing. Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Josh Zimmerman 提交于
If the TPM we're connecting to uses a static burst count, it will report a burst count of zero throughout the response read. However, get_burstcount assumes that a response of zero indicates that the TPM is not ready to receive more data. In this case, it returns a negative error code, which is passed on to tpm_tis_{write,read}_bytes as a u16, causing them to read/write far too many bytes. This patch checks for negative return codes and bails out from recv_data and tpm_tis_send_data. Cc: stable@vger.kernel.org Fixes: 1107d065 (tpm_tis: Introduce intermediate layer for TPM access) Signed-off-by: NJosh Zimmerman <joshz@google.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
Place kdoc just above tpm_pcr_extend so it can be parsed correctly. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jarkko Sakkinen 提交于
Use cpu_to_b32 at the time it is needed in enum tpm_capabilities and enum tpm_sub_capabilities in order to be consistent with the other enums in drivats/char/tpm/tpm.h. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Ed Swierk 提交于
Call tpm_getcap() from tpm_get_timeouts() to eliminate redundant code. Return all errors to the caller rather than swallowing them (e.g. when tpm_transmit_cmd() returns nonzero). Signed-off-by: NEd Swierk <eswierk@skyportsystems.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Peter Huewe 提交于
In some weird cases it might be possible that the TPM does not set STS.VALID within the given timeout time (or ever) but sets STS.EXPECT (STS=0x0C) In this case the driver gets stuck in the while loop of tpm_tis_send_data and loops endlessly. Checking the return value of wait_for_tpm_stat fixes this and the driver bails out correctly. While at it fixing all other users since if the TPM does not manage to set STS.VALID within the reasonable timeframe something is definitely wrong and the driver should react correctly. Signed-off-by: NPeter Huewe <peterhuewe@gmx.de> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
Utilize runtime_pm for driving tpm crb idle states. The framework calls cmd_ready from the pm_runtime_resume handler and go idle from the pm_runtime_suspend handler. The TPM framework should wake the device before transmit and receive. In case the runtime_pm framework is not compiled in or enabled, the device will be in the permanent ready state. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
This is preparation step for implementing tpm crb runtime pm. We need to have tpm chip allocated and populated before we access the runtime handlers. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
There is a HW bug in Skylake, and Broxton PCH Intel PTT device, where most of the registers in the control area except START, REQUEST, CANCEL, and LOC_CTRL lost retention when the device is in the idle state. Hence we need to bring the device to ready state before accessing the other registers. The fix brings device to ready state before trying to read command and response buffer addresses in order to remap the for access. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinn@linux.intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinn@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
The register TPM_CRB_CTRL_REQ_x contains bits goIdle and cmdReady for SW to indicate that the device can enter or should exit the idle state. The legacy ACPI-start (SMI + DMA) based devices do not support these bits and the idle state management is not exposed to the host SW. Thus, this functionality only is enabled only for a CRB start (MMIO) based devices. Based on Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> original patch: 'tpm_crb: implement power tpm crb power management' To keep the implementation local to the hw we don't use wait_for_tpm_stat for polling the TPM_CRB_CTRL_REQ. [jarkko.sakkinen@linux.intel.com: removed cmdReady debug trace on a success case due the heavy amount of log traffic it causes.] Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
- 24 11月, 2016 1 次提交
-
-
- 23 11月, 2016 2 次提交
-
-
由 James Morris 提交于
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
-
由 Andreas Gruenbacher 提交于
Convert isec->lock from a mutex into a spinlock. Instead of holding the lock while sleeping in inode_doinit_with_dentry, set isec->initialized to LABEL_PENDING and release the lock. Then, when the sid has been determined, re-acquire the lock. If isec->initialized is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has been set by another task (LABEL_INITIALIZED) or invalidated (LABEL_INVALID) in the meantime. This fixes a deadlock on gfs2 where * one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds isec->lock, and tries to acquire the inode's glock, and * another task is in do_xmote -> inode_go_inval -> selinux_inode_invalidate_secctx, holds the inode's glock, and tries to acquire isec->lock. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> [PM: minor tweaks to keep checkpatch.pl happy] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 22 11月, 2016 2 次提交
-
-
由 James Morris 提交于
-
由 Stephen Smalley 提交于
When a new capability is defined, SELinux needs to be updated. Trigger a build error if a new capability is defined without corresponding update to security/selinux/include/classmap.h's COMMON_CAP2_PERMS. This is similar to BUILD_BUG_ON() guards in the SELinux nlmsgtab code to ensure that SELinux tracks new netlink message types as needed. Note that there is already a similar build guard in security/selinux/hooks.c to detect when more than 64 capabilities are defined, since that will require adding a third capability class to SELinux. A nicer way to do this would be to extend scripts/selinux/genheaders or a similar tool to auto-generate the necessary definitions and code for SELinux capability checking from include/uapi/linux/capability.h. AppArmor does something similar in its Makefile, although it only needs to generate a single table of names. That is left as future work. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> [PM: reformat the description to keep checkpatch.pl happy] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 21 11月, 2016 1 次提交
-
-
由 Stephen Smalley 提交于
At present, one can write any signed integer value to /sys/fs/selinux/enforce and it will be stored, e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 > /sys/fs/selinux/enforce. This makes no real difference to the kernel, since it only ever cares if it is zero or non-zero, but some userspace code compares it with 1 to decide if SELinux is enforcing, and this could confuse it. Only a process that is already root and is allowed the setenforce permission in SELinux policy can write to /sys/fs/selinux/enforce, so this is not considered to be a security issue, but it should be fixed. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 16 11月, 2016 1 次提交
-
-
由 Casey Schaufler 提交于
The invalid Smack label ("") and the Huh ("?") Smack label serve the same purpose and having both is unnecessary. While pulling out the invalid label it became clear that the use of smack_from_secid() was inconsistent, so that is repaired. The setting of inode labels to the invalid label could never happen in a functional system, has never been observed in the wild and is not what you'd really want for a failure behavior in any case. That is removed. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 15 11月, 2016 4 次提交
-
-
由 Tetsuo Handa 提交于
Since smack_parse_opts_str() is calling match_strdup() which uses GFP_KERNEL, it is safe to use GFP_KERNEL from kcalloc() which is called by smack_parse_opts_str(). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Andreas Gruenbacher 提交于
Now that isec->initialized == LABEL_INITIALIZED implies that isec->sclass is valid, skip such inodes immediately in inode_doinit_with_dentry. For the remaining inodes, initialize isec->sclass at the beginning of inode_doinit_with_dentry to simplify the code. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Andreas Gruenbacher 提交于
Pass the file mode of the proc inode to be created to proc_pid_make_inode. In proc_pid_make_inode, initialize inode->i_mode before calling security_task_to_inode. This allows selinux to set isec->sclass right away without introducing "half-initialized" inode security structs. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Andreas Gruenbacher 提交于
Fix the comment for function __inode_security_revalidate, which returns an integer. Use the LABEL_* constants consistently for isec->initialized. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-