[GIT PULL] Security subsystem changes for 3.20
From: James Morris
Date: Wed Feb 11 2015 - 19:06:59 EST
Highlights:
* Smack adds secmark support for Netfilter
* /proc/keys is now mandatory if CONFIG_KEYS=y
* TPM gets its own devide class
* Added TPM 2.0 support
* Smack file hook rework (all Smack users should review this!)
Please pull for 3.20.
The following changes since commit 73b4f63aebd6d57db4ca1d31fa6f8516651207b0:
Merge tag 'docs-for-linus' of git://git.lwn.net/linux-2.6 (2015-02-11 13:03:11 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
Andrey Ryabinin (1):
smack: fix possible use after frees in task_security() callers
Arnd Bergmann (2):
X.509: shut up about included cert for silent build
X.509: silence asn1 compiler debug output
Ashley Lai (1):
tpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driver
Bruno E O Meneguele (1):
char/tpm: fixed white spaces coding style issues
Casey Schaufler (3):
Smack: Rework file hooks
Smack: secmark support for netfilter
Smack: Repair netfilter dependency
Christophe Ricard (22):
tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product
tpm/tpm_i2c_stm_st33: Change License header to have up to date address information
tpm/tpm_i2c_stm_st33: Fix few coding style error reported by scripts/checkpatch.pl
tpm/tpm_i2c_stm_st33: Move tpm registers to tpm_i2c_stm_st33.c
tpm/tpm_i2c_stm_st33: Add new tpm_stm_dev structure and remove tpm_i2c_buffer[0], [1] buffer.
tpm/tpm_i2c_stm_st33: Remove reference to io_serirq
tpm/tpm_i2c_stm_st33: Replace err/rc/ret by ret for a function return code
tpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*
tpm/tpm_i2c_stm_st33: Add devicetree structure
tpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS Documentation
tpm/tpm_i2c_stm_st33: Few code cleanup
tpm/tpm_i2c_stm_st33: Interrupt management improvement
tpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registers
tpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.
tpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereference
tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO
tpm/tpm_i2c_stm_st33: Remove sparse spaces
tpm/tpm_i2c_stm_st33: Sanity cleanup
tpm/tpm_i2c_stm_st33: Replace remaining r by ret
tpm/tpm_i2c_stm_st33: Change tpm_i2c_stm_st33.h to tpm_stm_st33.h
tpm/tpm_i2c_stm_st33/dts/st33zp24-i2c: Rename st33zp24 dts documentation
Dan Carpenter (1):
SELinux: fix error code in policydb_init()
David Howells (3):
TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev
KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
ima: /proc/keys is now mandatory
Dmitry Kasatkin (1):
MAINTAINERS: email update
Fabian Frederick (1):
tpm: remove unnecessary sizeof(u8)
Hon Ching (Vicky) Lo (1):
tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
James Morris (4):
Merge tag 'keys-next-fixes-20150114' of git://git.kernel.org/.../dhowells/linux-fs into next
Merge branch 'smack-for-3.20-rebased' of git://git.gitorious.org/smack-next/kernel into next
Merge branch 'smack-for-3.20-rebased' of git://git.gitorious.org/smack-next/kernel into next
Merge tag 'keys-next-20150123' of git://git.kernel.org/.../dhowells/linux-fs into next
Jarkko Sakkinen (10):
tpm: merge duplicate transmit_cmd() functions
tpm: two-phase chip management functions
tpm: fix raciness of PPI interface lookup
tpm: rename chip->dev to chip->pdev
tpm: device class for tpm
tpm: TPM 2.0 baseline support
tpm: TPM 2.0 CRB Interface
tpm: TPM 2.0 FIFO Interface
char/tpm/tpm_crb: fix build error
tpm: fix format string error in tpm-chip.c
Kiran Padwal (1):
char: tpm: Add missing error check for devm_kzalloc
Lukasz Pawelczyk (2):
smack: miscellaneous small fixes in function comments
smack: fix logic in smack_inode_init_security function
Mark Salyzyn (1):
selinux: add security in-core xattr support for pstore and debugfs
Markus Elfring (1):
char: tpm: Deletion of unnecessary checks before the function call "tpm_dev_vendor_release"
Paul Moore (2):
selinux: quiet the filesystem labeling behavior message
cipso: don't use IPCB() to locate the CIPSO IP option
Peter Huewe (2):
MAINTAINERS: Add Patchwork and Git URL for TPMDD
tpm/tpm_tis: Add missing ifdef CONFIG_ACPI for pnp_acpi_device
Rafal Krypa (1):
smack: Add missing logging in bidirectional UDS connect check
Rasmus Villemoes (3):
MPILIB: Deobfuscate mpi_cmp
MPILIB: Fix obvious but harmless typo
MPILIB: Fix comparison of negative MPIs
Rickard Strandqvist (1):
selinux: Remove unused function avc_sidcmp()
Scot Doyle (1):
tpm_tis: verify interrupt during init
Zbigniew Jasinski (1):
smack: Fix a bidirectional UDS connect check typo
Łukasz Stelmach (1):
smack: introduce a special case for tmpfs in smack_d_instantiate()
Documentation/ABI/stable/sysfs-class-tpm | 22 +-
.../bindings/security/tpm/st33zp24-i2c.txt | 36 ++
Documentation/security/keys.txt | 2 -
MAINTAINERS | 12 +-
drivers/char/tpm/Kconfig | 15 +-
drivers/char/tpm/Makefile | 5 +-
drivers/char/tpm/tpm-chip.c | 256 ++++++++
drivers/char/tpm/tpm-dev.c | 42 +--
drivers/char/tpm/tpm-interface.c | 263 +++------
drivers/char/tpm/tpm-sysfs.c | 29 +-
drivers/char/tpm/tpm.h | 124 +++-
drivers/char/tpm/tpm2-cmd.c | 617 ++++++++++++++++++
drivers/char/tpm/tpm_atmel.c | 25 +-
drivers/char/tpm/tpm_crb.c | 354 +++++++++++
drivers/char/tpm/tpm_i2c_atmel.c | 52 +-
drivers/char/tpm/tpm_i2c_infineon.c | 43 +-
drivers/char/tpm/tpm_i2c_nuvoton.c | 69 +--
drivers/char/tpm/tpm_i2c_stm_st33.c | 666 +++++++++++---------
drivers/char/tpm/tpm_ibmvtpm.c | 27 +-
drivers/char/tpm/tpm_ibmvtpm.h | 2 +-
drivers/char/tpm/tpm_infineon.c | 51 +-
drivers/char/tpm/tpm_nsc.c | 34 +-
drivers/char/tpm/tpm_of.c | 2 +-
drivers/char/tpm/tpm_ppi.c | 141 +++--
drivers/char/tpm/tpm_tis.c | 276 ++++++---
drivers/char/tpm/xen-tpmfront.c | 14 +-
.../linux/platform_data/tpm_stm_st33.h | 38 +-
include/net/cipso_ipv4.h | 25 +-
kernel/Makefile | 2 +-
lib/mpi/mpi-cmp.c | 10 +-
lib/mpi/mpi-internal.h | 2 +-
net/ipv4/cipso_ipv4.c | 51 +-
net/netlabel/netlabel_kapi.c | 15 +-
scripts/asn1_compiler.c | 30 +-
security/integrity/ima/Kconfig | 1 -
security/keys/Kconfig | 18 -
security/keys/proc.c | 8 -
security/selinux/avc.c | 5 -
security/selinux/hooks.c | 29 +-
security/selinux/ss/policydb.c | 8 +-
security/smack/Kconfig | 12 +
security/smack/Makefile | 1 +
security/smack/smack.h | 11 +
security/smack/smack_lsm.c | 199 +++++--
security/smack/smack_netfilter.c | 96 +++
45 files changed, 2658 insertions(+), 1082 deletions(-)
create mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
create mode 100644 drivers/char/tpm/tpm-chip.c
create mode 100644 drivers/char/tpm/tpm2-cmd.c
create mode 100644 drivers/char/tpm/tpm_crb.c
rename drivers/char/tpm/tpm_i2c_stm_st33.h => include/linux/platform_data/tpm_stm_st33.h (53%)
create mode 100644 security/smack/smack_netfilter.c