- 20 2月, 2017 1 次提交
-
-
由 Jarkko Sakkinen 提交于
There's no need to export tpm2_get_pcr_alloation() because it is only a helper function for tpm2_auto_startup(). For the same reason it does not make much sense to maintain documentation for it. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
- 16 2月, 2017 1 次提交
-
-
由 Stefan Berger 提交于
The TPM1.2 PCR Extend operation only returns 20 bytes in the body, which is the size of the PCR state. This fixes a problem where IMA gets errors with every PCR Extend. Fixes: c659af78 ("tpm: Check size of response before accessing data") Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: NMimi Zohar <zohar@us.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
- 15 2月, 2017 3 次提交
-
-
由 Julia Lawall 提交于
The call that used chip was dropped in 1f0f30e4. Drop the leftover declaration and initialization. Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Dmitry Torokhov 提交于
I typoed "facilitate" as "faciltate" a few years back... Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Wei Yongjun 提交于
Add the missing platform_driver_unregister() and remove the duplicate platform_device_unregister(force_pdev) in the error handling case. Fixes: 00194826 ("tpm_tis: Clean up the force=1 module parameter") Cc: stable@vger.kernel.org Signed-off-by: NWei Yongjun <weiyongjun1@huawei.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
- 10 2月, 2017 4 次提交
-
-
由 Dan Carpenter 提交于
I don't think GCC has figured out how to optimize the memset() away, but they might eventually so let's future proof this code a bit. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
由 Dan Carpenter 提交于
This function has two callers and neither are able to handle a NULL return. Really, -EINVAL is the correct thing return here anyway. This fixes some static checker warnings like: security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt() error: uninitialized symbol 'master_key'. Fixes: 7e70cb49 ("keys: add new key-type encrypted") Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
由 Felix Fietkau 提交于
The sign-file tool failed to build against libressl. Fix this by extending the PKCS7 check and thus making sign-file link against libressl without an error. Signed-off-by: NJohn Crispin <john@phrozen.org> Signed-off-by: NFelix Fietkau <nbd@nbd.name> Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
-
- 08 2月, 2017 3 次提交
-
-
-
由 Antonio Murdaca 提交于
This patch allows changing labels for cgroup mounts. Previously, running chcon on cgroupfs would throw an "Operation not supported". This patch specifically whitelist cgroupfs. The patch could also allow containers to write only to the systemd cgroup for instance, while the other cgroups are kept with cgroup_t label. Signed-off-by: NAntonio Murdaca <runcom@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Stephen Smalley 提交于
SELinux tries to support setting/clearing of /proc/pid/attr attributes from the shell by ignoring terminating newlines and treating an attribute value that begins with a NUL or newline as an attempt to clear the attribute. However, the test for clearing attributes has always been wrong; it has an off-by-one error, and this could further lead to reading past the end of the allocated buffer since commit bb646cdb ("proc_pid_attr_write(): switch to memdup_user()"). Fix the off-by-one error. Even with this fix, setting and clearing /proc/pid/attr attributes from the shell is not straightforward since the interface does not support multiple write() calls (so shells that write the value and newline separately will set and then immediately clear the attribute, requiring use of echo -n to set the attribute), whereas trying to use echo -n "" to clear the attribute causes the shell to skip the write() call altogether since POSIX says that a zero-length write causes no side effects. Thus, one must use echo -n to set and echo without -n to clear, as in the following example: $ echo -n unconfined_u:object_r:user_home_t:s0 > /proc/$$/attr/fscreate $ cat /proc/$$/attr/fscreate unconfined_u:object_r:user_home_t:s0 $ echo "" > /proc/$$/attr/fscreate $ cat /proc/$$/attr/fscreate Note the use of /proc/$$ rather than /proc/self, as otherwise the cat command will read its own attribute value, not that of the shell. There are no users of this facility to my knowledge; possibly we should just get rid of it. UPDATE: Upon further investigation it appears that a local process with the process:setfscreate permission can cause a kernel panic as a result of this bug. This patch fixes CVE-2017-2618. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> [PM: added the update about CVE-2017-2618 to the commit description] Cc: stable@vger.kernel.org # 3.5: d6ea83ecSigned-off-by: NPaul Moore <paul@paul-moore.com>
-
- 04 2月, 2017 10 次提交
-
-
由 Dan Carpenter 提交于
We should check that we're within bounds first before checking that "chip->active_banks[i] != TPM2_ALG_ERROR" so I've re-ordered the two checks. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Stefan Berger 提交于
In cap_t the size of the type bool is assumed to be one byte. This commit sorts out the issue by changing the type to u8. Fixes: c659af78 ("tpm: Check size of response before accessing data") Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Unlike the device driver support for TPM 1.2, the TPM 2.0 does not support the securityfs pseudo files for displaying the firmware event log. This patch enables support for providing the TPM 2.0 event log in binary form. TPM 2.0 event log supports a crypto agile format that records multiple digests, which is different from TPM 1.2. This patch enables the tpm_bios_log_setup for TPM 2.0 and adds the event log parser which understand the TPM 2.0 crypto agile format. Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NKenneth Goldman <kgold@linux.vnet.ibm.com> Tested-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
Physical TPMs use Open Firmware Device Tree bindings that are similar to the IBM Power virtual TPM to support event log. However, these properties store the values in different endianness for Physical and Virtual TPM. This patch fixes the endianness issue by doing appropriate conversion based on Physical or Virtual TPM. Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NKenneth Goldman <kgold@linux.vnet.ibm.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
The current TPM 2.0 device driver extends only the SHA1 PCR bank but the TCG Specification[1] recommends extending all active PCR banks, to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. The existing in-kernel interface(tpm_pcr_extend()) expects only a SHA1 digest. To extend all active PCR banks with differing digest sizes, the SHA1 digest is padded with trailing 0's as needed. This patch reuses the defined digest sizes from the crypto subsystem, adding a dependency on CRYPTO_HASH_INFO module. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NKenneth Goldman <kgold@linux.vnet.ibm.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Nayna Jain 提交于
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to retrieve the active PCR banks from the TPM. This is needed to enable extending all active banks as recommended by TPM 2.0 TCG Specification. Signed-off-by: NNayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NKenneth Goldman <kgold@linux.vnet.ibm.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jarkko Sakkinen 提交于
The error code handling is broken as any error code that has the same bits set as TPM_RC_HASH passes. Implemented tpm2_rc_value() helper to parse the error value from FMT0 and FMT1 error codes so that these types of mistakes are prevented in the future. Fixes: 5ca4c20c ("keys, trusted: select hash algorithm for TPM2 chips") Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
-
由 Maciej S. Szmigiero 提交于
probe_itpm() function is supposed to send command without an itpm flag set and if this fails to repeat it, this time with the itpm flag set. However, commit 41a5e1cf ("tpm/tpm_tis: Split tpm_tis driver into a core and TCG TIS compliant phy") moved the itpm flag from an "itpm" variable to a TPM_TIS_ITPM_POSSIBLE chip flag, so setting the (now function-local) itpm variable no longer had any effect. Finally, this function-local itpm variable was removed by commit 56af3221 ("tpm/tpm_tis: remove unused itpm variable") Tested only on non-iTPM TIS TPM. Signed-off-by: NMaciej S. Szmigiero <mail@maciej.szmigiero.name> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
For a long time the cdev read/write interface had this strange idea that userspace had to read the result within 60 seconds otherwise it is discarded. Perhaps this made sense under some older locking regime, but in the modern kernel it is not required and is just dangerous. Since something may be relying on this, double the timeout and print a warning. We can remove the code in a few years, but this should be enough to prevent new users. Suggested-by: NJames Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jarkko Sakkinen 提交于
These are non-generic functions and do not belong to tpm.h. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
-
- 28 1月, 2017 2 次提交
-
-
由 Lans Zhang 提交于
Otherwise some mask and inmask tokens with MAY_APPEND flag may not work as expected. Signed-off-by: NLans Zhang <jia.zhang@windriver.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Mimi Zohar 提交于
On failure to return a pathname from ima_d_path(), a pointer to dname is returned, which is subsequently used in the IMA measurement list, the IMA audit records, and other audit logging. Saving the pointer to dname for later use has the potential to race with rename. Intead of returning a pointer to dname on failure, this patch returns a pointer to a copy of the filename. Reported-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Cc: stable@vger.kernel.org
-
- 27 1月, 2017 1 次提交
-
-
- 24 1月, 2017 10 次提交
-
-
由 Stefan Berger 提交于
Make sure that we have not received less bytes than what is indicated in the header of the TPM response. Also, check the number of bytes in the response before accessing its data. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkine@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkine@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkine@linux.intel.com>
-
由 Maciej S. Szmigiero 提交于
Since commit 1107d065 ("tpm_tis: Introduce intermediate layer for TPM access") Atmel 3203 TPM on ThinkPad X61S (TPM firmware version 13.9) no longer works. The initialization proceeds fine until we get and start using chip-reported timeouts - and the chip reports C and D timeouts of zero. It turns out that until commit 8e54caf4 ("tpm: Provide a generic means to override the chip returned timeouts") we had actually let default timeout values remain in this case, so let's bring back this behavior to make chips like Atmel 3203 work again. Use a common code that was introduced by that commit so a warning is printed in this case and /sys/class/tpm/tpm*/timeouts correctly says the timeouts aren't chip-original. Fixes: 1107d065 ("tpm_tis: Introduce intermediate layer for TPM access") Cc: stable@vger.kernel.org Signed-off-by: NMaciej S. Szmigiero <mail@maciej.szmigiero.name> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jason Gunthorpe 提交于
This is a regression when this code was reworked and made the error print unconditional. The original code deliberately suppressed printing of the first error message so it could quietly sense TPM_ERR_INVALID_POSTINIT. Fixes: a502feb67b47 ("tpm: Clean up reading of timeout and duration capabilities") Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Jiandi An 提交于
crb_check_resource() in TPM CRB driver calls acpi_dev_resource_memory() which only handles 32-bit resources. Adding a call to acpi_dev_resource_address_space() in TPM CRB driver which handles 64-bit resources. Signed-off-by: NJiandi An <anjiandi@codeaurora.org> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Geliang Tang 提交于
Drop duplicate header module.h from tpm_tis_spi.c. Signed-off-by: NGeliang Tang <geliangtang@gmail.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Corentin Labbe 提交于
tpm/st33zp24/st33zp24.c does not use any miscdevice so this patch remove this unnecessary inclusion. Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
Use corret kdoc format for function description and eliminate warning of type: tpm_ibmvtpm.c:66: warning: No description found for parameter 'count' Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
The tpm stack uses pdev name convention for the parent device. Fix that also in tpm_chip_alloc(). Fixes: 3897cd9c ("tpm: Split out the devm stuff from tpmm_chip_alloc")' Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
Use correct kdoc format, describe correct parameters and return values. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
由 Winkler, Tomas 提交于
Functions tpm_transmit and transmit_cmd are referenced from other functions kdoc hence deserve documentation. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Reviewed-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
- 23 1月, 2017 1 次提交
-
-
由 Mike Frysinger 提交于
The SECCOMP_RET_KILL mode is documented as immediately killing the process as if a SIGSYS had been sent and not caught (similar to a SIGKILL). However, a SIGSYS is documented as triggering a coredump which does not happen today. This has the advantage of being able to more easily debug a process that fails a seccomp filter. Today, most apps need to recompile and change their filter in order to get detailed info out, or manually run things through strace, or enable detailed kernel auditing. Now we get coredumps that fit into existing system-wide crash reporting setups. From a security pov, this shouldn't be a problem. Unhandled signals can already be sent externally which trigger a coredump independent of the status of the seccomp filter. The act of dumping core itself does not cause change in execution of the program. URL: https://crbug.com/676357Signed-off-by: NMike Frysinger <vapier@chromium.org> Acked-by: NJorge Lucangeli Obes <jorgelo@chromium.org> Acked-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 19 1月, 2017 1 次提交
-
-
由 Casey Schaufler 提交于
I am still tired of having to find indirect ways to determine what security modules are active on a system. I have added /sys/kernel/security/lsm, which contains a comma separated list of the active security modules. No more groping around in /proc/filesystems or other clever hacks. Unchanged from previous versions except for being updated to the latest security next branch. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Acked-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NPaul Moore <paul@paul-moore.com> Acked-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 17 1月, 2017 1 次提交
-
-
由 John Johansen 提交于
The kernel build bot turned up a bad config combination when CONFIG_SECURITY_APPARMOR is y and CONFIG_SECURITY_APPARMOR_HASH is n, resulting in the build error security/built-in.o: In function `aa_unpack': (.text+0x841e2): undefined reference to `aa_g_hash_policy' Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
- 16 1月, 2017 2 次提交
-
-
由 John Johansen 提交于
AA_BUG() uses WARN and won't break the kernel like BUG_ON(). Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-