tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem update from James Morris:
"Just some minor updates across the subsystem"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: eliminate passing d_name.name to process_measurement()
TPM: Retry SaveState command in suspend path
tpm/tpm_i2c_infineon: Add small comment about return value of __i2c_transfer
tpm/tpm_i2c_infineon.c: Add OF attributes type and name to the of_device_id table entries
tpm_i2c_stm_st33: Remove duplicate inclusion of header files
tpm: Add support for new Infineon I2C TPM (SLB 9645 TT 1.2 I2C)
char/tpm: Convert struct i2c_msg initialization to C99 format
drivers/char/tpm/tpm_ppi: use strlcpy instead of strncpy
tpm/tpm_i2c_stm_st33: formatting and white space changes
Smack: include magic.h in smackfs.c
selinux: make security_sb_clone_mnt_opts return an error on context mismatch
seccomp: allow BPF_XOR based ALU instructions.
Fix NULL pointer dereference in smack_inode_unlink() and smack_inode_rmdir()
Smack: add support for modification of existing rules
smack: SMACK_MAGIC to include/uapi/linux/magic.h
Smack: add missing support for transmute bit in smack_str_from_perm()
Smack: prevent revoke-subject from failing when unseen label is written to it
tomoyo: use DEFINE_SRCU() to define tomoyo_ss
tomoyo: use DEFINE_SRCU() to define tomoyo_ss

Linus Torvalds 2e1deaad 50528fab

+447 -198
+2
Documentation/devicetree/bindings/i2c/trivial-devices.txt
··· 35 35 fsl,mma8450 MMA8450Q: Xtrinsic Low-power, 3-axis Xtrinsic Accelerometer 36 36 fsl,mpr121 MPR121: Proximity Capacitive Touch Sensor Controller 37 37 fsl,sgtl5000 SGTL5000: Ultra Low-Power Audio Codec 38 + infineon,slb9635tt Infineon SLB9635 (Soft-) I2C TPM (old protocol, max 100khz) 39 + infineon,slb9645tt Infineon SLB9645 I2C TPM (new protocol, max 400khz) 38 40 maxim,ds1050 5 Bit Programmable, Pulse-Width Modulator 39 41 maxim,max1237 Low-Power, 4-/12-Channel, 2-Wire Serial, 12-Bit ADCs 40 42 maxim,max6625 9-Bit/12-Bit Temperature Sensors with I²C-Compatible Serial Interface
+11
Documentation/security/Smack.txt
··· 117 117 ambient 118 118 This contains the Smack label applied to unlabeled network 119 119 packets. 120 + change-rule 121 + This interface allows modification of existing access control rules. 122 + The format accepted on write is: 123 + "%s %s %s %s" 124 + where the first string is the subject label, the second the 125 + object label, the third the access to allow and the fourth the 126 + access to deny. The access strings may contain only the characters 127 + "rwxat-". If a rule for a given subject and object exists it will be 128 + modified by enabling the permissions in the third string and disabling 129 + those in the fourth string. If there is no such rule it will be 130 + created using the access specified in the third and the fourth strings. 120 131 cipso 121 132 This interface allows a specific CIPSO header to be assigned 122 133 to a Smack label. The format accepted on write is:
+27 -4
drivers/char/tpm/tpm.c
··· 1337 1337 { 1338 1338 struct tpm_chip *chip = dev_get_drvdata(dev); 1339 1339 struct tpm_cmd_t cmd; 1340 - int rc; 1340 + int rc, try; 1341 1341 1342 1342 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1343 1343 ··· 1355 1355 } 1356 1356 1357 1357 /* now do the actual savestate */ 1358 - cmd.header.in = savestate_header; 1359 - rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, 1360 - "sending savestate before suspend"); 1358 + for (try = 0; try < TPM_RETRY; try++) { 1359 + cmd.header.in = savestate_header; 1360 + rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL); 1361 + 1362 + /* 1363 + * If the TPM indicates that it is too busy to respond to 1364 + * this command then retry before giving up. It can take 1365 + * several seconds for this TPM to be ready. 1366 + * 1367 + * This can happen if the TPM has already been sent the 1368 + * SaveState command before the driver has loaded. TCG 1.2 1369 + * specification states that any communication after SaveState 1370 + * may cause the TPM to invalidate previously saved state. 1371 + */ 1372 + if (rc != TPM_WARN_RETRY) 1373 + break; 1374 + msleep(TPM_TIMEOUT_RETRY); 1375 + } 1376 + 1377 + if (rc) 1378 + dev_err(chip->dev, 1379 + "Error (%d) sending savestate before suspend\n", rc); 1380 + else if (try > 0) 1381 + dev_warn(chip->dev, "TPM savestate took %dms\n", 1382 + try * TPM_TIMEOUT_RETRY); 1383 + 1361 1384 return rc; 1362 1385 } 1363 1386 EXPORT_SYMBOL_GPL(tpm_pm_suspend);
+3
drivers/char/tpm/tpm.h
··· 32 32 TPM_MINOR = 224, /* officially assigned */ 33 33 TPM_BUFSIZE = 4096, 34 34 TPM_NUM_DEVICES = 256, 35 + TPM_RETRY = 50, /* 5 seconds */ 35 36 }; 36 37 37 38 enum tpm_timeout { 38 39 TPM_TIMEOUT = 5, /* msecs */ 40 + TPM_TIMEOUT_RETRY = 100 /* msecs */ 39 41 }; 40 42 41 43 /* TPM addresses */ ··· 46 44 TPM_ADDR = 0x4E, 47 45 }; 48 46 47 + #define TPM_WARN_RETRY 0x800 49 48 #define TPM_WARN_DOING_SELFTEST 0x802 50 49 #define TPM_ERR_DEACTIVATED 0x6 51 50 #define TPM_ERR_DISABLED 0x7
+135 -41
drivers/char/tpm/tpm_i2c_infineon.c
··· 1 1 /* 2 - * Copyright (C) 2012 Infineon Technologies 2 + * Copyright (C) 2012,2013 Infineon Technologies 3 3 * 4 4 * Authors: 5 5 * Peter Huewe <peter.huewe@infineon.com> ··· 56 56 #define TPM_TIMEOUT_US_HI (TPM_TIMEOUT_US_LOW + 2000) 57 57 58 58 /* expected value for DIDVID register */ 59 - #define TPM_TIS_I2C_DID_VID 0x000b15d1L 59 + #define TPM_TIS_I2C_DID_VID_9635 0xd1150b00L 60 + #define TPM_TIS_I2C_DID_VID_9645 0x001a15d1L 61 + 62 + enum i2c_chip_type { 63 + SLB9635, 64 + SLB9645, 65 + UNKNOWN, 66 + }; 60 67 61 68 /* Structure to store I2C TPM specific stuff */ 62 69 struct tpm_inf_dev { 63 70 struct i2c_client *client; 64 71 u8 buf[TPM_BUFSIZE + sizeof(u8)]; /* max. buffer size + addr */ 65 72 struct tpm_chip *chip; 73 + enum i2c_chip_type chip_type; 66 74 }; 67 75 68 76 static struct tpm_inf_dev tpm_dev; ··· 98 90 static int iic_tpm_read(u8 addr, u8 *buffer, size_t len) 99 91 { 100 92 101 - struct i2c_msg msg1 = { tpm_dev.client->addr, 0, 1, &addr }; 102 - struct i2c_msg msg2 = { tpm_dev.client->addr, I2C_M_RD, len, buffer }; 93 + struct i2c_msg msg1 = { 94 + .addr = tpm_dev.client->addr, 95 + .len = 1, 96 + .buf = &addr 97 + }; 98 + struct i2c_msg msg2 = { 99 + .addr = tpm_dev.client->addr, 100 + .flags = I2C_M_RD, 101 + .len = len, 102 + .buf = buffer 103 + }; 104 + struct i2c_msg msgs[] = {msg1, msg2}; 103 105 104 - int rc; 106 + int rc = 0; 105 107 int count; 106 108 107 109 /* Lock the adapter for the duration of the whole sequence. */ ··· 119 101 return -EOPNOTSUPP; 120 102 i2c_lock_adapter(tpm_dev.client->adapter); 121 103 122 - for (count = 0; count < MAX_COUNT; count++) { 123 - rc = __i2c_transfer(tpm_dev.client->adapter, &msg1, 1); 124 - if (rc > 0) 125 - break; /* break here to skip sleep */ 104 + if (tpm_dev.chip_type == SLB9645) { 105 + /* use a combined read for newer chips 106 + * unfortunately the smbus functions are not suitable due to 107 + * the 32 byte limit of the smbus. 108 + * retries should usually not be needed, but are kept just to 109 + * be on the safe side. 110 + */ 111 + for (count = 0; count < MAX_COUNT; count++) { 112 + rc = __i2c_transfer(tpm_dev.client->adapter, msgs, 2); 113 + if (rc > 0) 114 + break; /* break here to skip sleep */ 115 + usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 116 + } 117 + } else { 118 + /* slb9635 protocol should work in all cases */ 119 + for (count = 0; count < MAX_COUNT; count++) { 120 + rc = __i2c_transfer(tpm_dev.client->adapter, &msg1, 1); 121 + if (rc > 0) 122 + break; /* break here to skip sleep */ 126 123 127 - usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 128 - } 124 + usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 125 + } 129 126 130 - if (rc <= 0) 131 - goto out; 127 + if (rc <= 0) 128 + goto out; 132 129 133 - /* After the TPM has successfully received the register address it needs 134 - * some time, thus we're sleeping here again, before retrieving the data 135 - */ 136 - for (count = 0; count < MAX_COUNT; count++) { 137 - usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 138 - rc = __i2c_transfer(tpm_dev.client->adapter, &msg2, 1); 139 - if (rc > 0) 140 - break; 141 - 130 + /* After the TPM has successfully received the register address 131 + * it needs some time, thus we're sleeping here again, before 132 + * retrieving the data 133 + */ 134 + for (count = 0; count < MAX_COUNT; count++) { 135 + usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 136 + rc = __i2c_transfer(tpm_dev.client->adapter, &msg2, 1); 137 + if (rc > 0) 138 + break; 139 + } 142 140 } 143 141 144 142 out: 145 143 i2c_unlock_adapter(tpm_dev.client->adapter); 144 + /* take care of 'guard time' */ 145 + usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 146 + 147 + /* __i2c_transfer returns the number of successfully transferred 148 + * messages. 149 + * So rc should be greater than 0 here otherwise we have an error. 150 + */ 146 151 if (rc <= 0) 147 152 return -EIO; 148 153 ··· 179 138 int rc = -EIO; 180 139 int count; 181 140 182 - struct i2c_msg msg1 = { tpm_dev.client->addr, 0, len + 1, tpm_dev.buf }; 141 + struct i2c_msg msg1 = { 142 + .addr = tpm_dev.client->addr, 143 + .len = len + 1, 144 + .buf = tpm_dev.buf 145 + }; 183 146 184 147 if (len > TPM_BUFSIZE) 185 148 return -EINVAL; ··· 199 154 /* 200 155 * NOTE: We have to use these special mechanisms here and unfortunately 201 156 * cannot rely on the standard behavior of i2c_transfer. 157 + * Even for newer chips the smbus functions are not 158 + * suitable due to the 32 byte limit of the smbus. 202 159 */ 203 160 for (count = 0; count < max_count; count++) { 204 161 rc = __i2c_transfer(tpm_dev.client->adapter, &msg1, 1); 205 162 if (rc > 0) 206 163 break; 207 - 208 164 usleep_range(sleep_low, sleep_hi); 209 165 } 210 166 211 167 i2c_unlock_adapter(tpm_dev.client->adapter); 168 + /* take care of 'guard time' */ 169 + usleep_range(SLEEP_DURATION_LOW, SLEEP_DURATION_HI); 170 + 171 + /* __i2c_transfer returns the number of successfully transferred 172 + * messages. 173 + * So rc should be greater than 0 here otherwise we have an error. 174 + */ 212 175 if (rc <= 0) 213 176 return -EIO; 214 177 ··· 336 283 static u8 tpm_tis_i2c_status(struct tpm_chip *chip) 337 284 { 338 285 /* NOTE: since I2C read may fail, return 0 in this case --> time-out */ 339 - u8 buf; 340 - if (iic_tpm_read(TPM_STS(chip->vendor.locality), &buf, 1) < 0) 341 - return 0; 342 - else 343 - return buf; 286 + u8 buf = 0xFF; 287 + u8 i = 0; 288 + 289 + do { 290 + if (iic_tpm_read(TPM_STS(chip->vendor.locality), &buf, 1) < 0) 291 + return 0; 292 + 293 + i++; 294 + /* if locallity is set STS should not be 0xFF */ 295 + } while ((buf == 0xFF) && i < 10); 296 + 297 + return buf; 344 298 } 345 299 346 300 static void tpm_tis_i2c_ready(struct tpm_chip *chip) ··· 388 328 389 329 /* check current status */ 390 330 *status = tpm_tis_i2c_status(chip); 391 - if ((*status & mask) == mask) 331 + if ((*status != 0xFF) && (*status & mask) == mask) 392 332 return 0; 393 333 394 334 stop = jiffies + timeout; ··· 432 372 /* avoid endless loop in case of broken HW */ 433 373 if (retries > MAX_COUNT_LONG) 434 374 return -EIO; 435 - 436 375 } 437 376 return size; 438 377 } ··· 539 480 rc = -EIO; 540 481 goto out_err; 541 482 } 542 - 543 483 } 544 484 545 485 /* write last byte */ ··· 626 568 627 569 chip = tpm_register_hardware(dev, &tpm_tis_i2c); 628 570 if (!chip) { 571 + dev_err(dev, "could not register hardware\n"); 629 572 rc = -ENODEV; 630 573 goto out_err; 631 574 } ··· 641 582 chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 642 583 643 584 if (request_locality(chip, 0) != 0) { 585 + dev_err(dev, "could not request locality\n"); 644 586 rc = -ENODEV; 645 587 goto out_vendor; 646 588 } 647 589 648 590 /* read four bytes from DID_VID register */ 649 591 if (iic_tpm_read(TPM_DID_VID(0), (u8 *)&vendor, 4) < 0) { 592 + dev_err(dev, "could not read vendor id\n"); 650 593 rc = -EIO; 651 594 goto out_release; 652 595 } 653 596 654 - /* create DID_VID register value, after swapping to little-endian */ 655 - vendor = be32_to_cpu((__be32) vendor); 656 - 657 - if (vendor != TPM_TIS_I2C_DID_VID) { 597 + if (vendor == TPM_TIS_I2C_DID_VID_9645) { 598 + tpm_dev.chip_type = SLB9645; 599 + } else if (vendor == TPM_TIS_I2C_DID_VID_9635) { 600 + tpm_dev.chip_type = SLB9635; 601 + } else { 602 + dev_err(dev, "vendor id did not match! ID was %08x\n", vendor); 658 603 rc = -ENODEV; 659 604 goto out_release; 660 605 } ··· 694 631 695 632 static const struct i2c_device_id tpm_tis_i2c_table[] = { 696 633 {"tpm_i2c_infineon", 0}, 634 + {"slb9635tt", 0}, 635 + {"slb9645tt", 1}, 697 636 {}, 698 637 }; 699 638 700 639 MODULE_DEVICE_TABLE(i2c, tpm_tis_i2c_table); 640 + 641 + #ifdef CONFIG_OF 642 + static const struct of_device_id tpm_tis_i2c_of_match[] = { 643 + { 644 + .name = "tpm_i2c_infineon", 645 + .type = "tpm", 646 + .compatible = "infineon,tpm_i2c_infineon", 647 + .data = (void *)0 648 + }, 649 + { 650 + .name = "slb9635tt", 651 + .type = "tpm", 652 + .compatible = "infineon,slb9635tt", 653 + .data = (void *)0 654 + }, 655 + { 656 + .name = "slb9645tt", 657 + .type = "tpm", 658 + .compatible = "infineon,slb9645tt", 659 + .data = (void *)1 660 + }, 661 + {}, 662 + }; 663 + MODULE_DEVICE_TABLE(of, tpm_tis_i2c_of_match); 664 + #endif 665 + 701 666 static SIMPLE_DEV_PM_OPS(tpm_tis_i2c_ops, tpm_pm_suspend, tpm_pm_resume); 702 667 703 668 static int tpm_tis_i2c_probe(struct i2c_client *client, 704 669 const struct i2c_device_id *id) 705 670 { 706 671 int rc; 707 - if (tpm_dev.client != NULL) 672 + struct device *dev = &(client->dev); 673 + 674 + if (tpm_dev.client != NULL) { 675 + dev_err(dev, "This driver only supports one client at a time\n"); 708 676 return -EBUSY; /* We only support one client */ 677 + } 709 678 710 679 if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 711 - dev_err(&client->dev, 712 - "no algorithms associated to the i2c bus\n"); 680 + dev_err(dev, "no algorithms associated to the i2c bus\n"); 713 681 return -ENODEV; 714 682 } 715 683 ··· 776 682 } 777 683 778 684 static struct i2c_driver tpm_tis_i2c_driver = { 779 - 780 685 .id_table = tpm_tis_i2c_table, 781 686 .probe = tpm_tis_i2c_probe, 782 687 .remove = tpm_tis_i2c_remove, ··· 783 690 .name = "tpm_i2c_infineon", 784 691 .owner = THIS_MODULE, 785 692 .pm = &tpm_tis_i2c_ops, 693 + .of_match_table = of_match_ptr(tpm_tis_i2c_of_match), 786 694 }, 787 695 }; 788 696 789 697 module_i2c_driver(tpm_tis_i2c_driver); 790 698 MODULE_AUTHOR("Peter Huewe <peter.huewe@infineon.com>"); 791 699 MODULE_DESCRIPTION("TPM TIS I2C Infineon Driver"); 792 - MODULE_VERSION("2.1.5"); 700 + MODULE_VERSION("2.2.0"); 793 701 MODULE_LICENSE("GPL");
+31 -33
drivers/char/tpm/tpm_i2c_stm_st33.c
··· 36 36 #include <linux/i2c.h> 37 37 #include <linux/fs.h> 38 38 #include <linux/miscdevice.h> 39 - #include <linux/module.h> 40 39 #include <linux/kernel.h> 41 40 #include <linux/delay.h> 42 41 #include <linux/init.h> ··· 49 50 #include <linux/uaccess.h> 50 51 #include <linux/io.h> 51 52 #include <linux/slab.h> 52 - #include <linux/sched.h> 53 53 54 54 #include "tpm.h" 55 55 #include "tpm_i2c_stm_st33.h" ··· 176 178 struct i2c_client *client; 177 179 struct st33zp24_platform_data *pin_infos; 178 180 179 - client = (struct i2c_client *) TPM_VPRIV(chip); 181 + client = (struct i2c_client *)TPM_VPRIV(chip); 180 182 pin_infos = client->dev.platform_data; 181 183 182 184 status = wait_for_completion_interruptible_timeout( ··· 195 197 int status = 2; 196 198 struct i2c_client *client; 197 199 198 - client = (struct i2c_client *) TPM_VPRIV(chip); 200 + client = (struct i2c_client *)TPM_VPRIV(chip); 199 201 200 202 status = _wait_for_interrupt_serirq_timeout(chip, timeout); 201 203 if (!status) { 202 204 status = -EBUSY; 203 - } else{ 205 + } else { 204 206 clear_interruption(client); 205 207 if (condition) 206 208 status = 1; ··· 217 219 struct i2c_client *client; 218 220 u8 data; 219 221 220 - client = (struct i2c_client *) TPM_VPRIV(chip); 222 + client = (struct i2c_client *)TPM_VPRIV(chip); 221 223 222 224 data = TPM_STS_COMMAND_READY; 223 225 I2C_WRITE_DATA(client, TPM_STS, &data, 1); ··· 234 236 { 235 237 struct i2c_client *client; 236 238 u8 data; 237 - client = (struct i2c_client *) TPM_VPRIV(chip); 239 + client = (struct i2c_client *)TPM_VPRIV(chip); 238 240 239 241 I2C_READ_DATA(client, TPM_STS, &data, 1); 240 242 return data; ··· 252 254 u8 data; 253 255 u8 status; 254 256 255 - client = (struct i2c_client *) TPM_VPRIV(chip); 257 + client = (struct i2c_client *)TPM_VPRIV(chip); 256 258 257 259 status = I2C_READ_DATA(client, TPM_ACCESS, &data, 1); 258 260 if (status && (data & ··· 276 278 struct i2c_client *client; 277 279 u8 data; 278 280 279 - client = (struct i2c_client *) TPM_VPRIV(chip); 281 + client = (struct i2c_client *)TPM_VPRIV(chip); 280 282 281 283 if (check_locality(chip) == chip->vendor.locality) 282 284 return chip->vendor.locality; ··· 292 294 chip->vendor.timeout_a); 293 295 if (rc > 0) 294 296 return chip->vendor.locality; 295 - } else{ 297 + } else { 296 298 stop = jiffies + chip->vendor.timeout_a; 297 299 do { 298 300 if (check_locality(chip) >= 0) ··· 314 316 struct i2c_client *client; 315 317 u8 data; 316 318 317 - client = (struct i2c_client *) TPM_VPRIV(chip); 319 + client = (struct i2c_client *)TPM_VPRIV(chip); 318 320 data = TPM_ACCESS_ACTIVE_LOCALITY; 319 321 320 322 I2C_WRITE_DATA(client, TPM_ACCESS, &data, 1); ··· 331 333 int burstcnt, status; 332 334 u8 tpm_reg, temp; 333 335 334 - struct i2c_client *client = (struct i2c_client *) TPM_VPRIV(chip); 336 + struct i2c_client *client = (struct i2c_client *)TPM_VPRIV(chip); 335 337 336 338 stop = jiffies + chip->vendor.timeout_d; 337 339 do { ··· 377 379 mask), timeout); 378 380 if (rc > 0) 379 381 return 0; 380 - } else{ 382 + } else { 381 383 stop = jiffies + timeout; 382 384 do { 383 385 msleep(TPM_TIMEOUT); ··· 401 403 int size = 0, burstcnt, len; 402 404 struct i2c_client *client; 403 405 404 - client = (struct i2c_client *) TPM_VPRIV(chip); 406 + client = (struct i2c_client *)TPM_VPRIV(chip); 405 407 406 408 while (size < count && 407 409 wait_for_stat(chip, ··· 431 433 432 434 disable_irq_nosync(irq); 433 435 434 - client = (struct i2c_client *) TPM_VPRIV(chip); 436 + client = (struct i2c_client *)TPM_VPRIV(chip); 435 437 pin_infos = client->dev.platform_data; 436 438 437 439 complete(&pin_infos->irq_detection); ··· 451 453 static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf, 452 454 size_t len) 453 455 { 454 - u32 status, 455 - burstcnt = 0, i, size; 456 + u32 status, burstcnt = 0, i, size; 456 457 int ret; 457 458 u8 data; 458 459 struct i2c_client *client; ··· 480 483 } 481 484 } 482 485 483 - for (i = 0 ; i < len - 1 ;) { 486 + for (i = 0; i < len - 1;) { 484 487 burstcnt = get_burstcount(chip); 485 488 size = min_t(int, len - i - 1, burstcnt); 486 489 ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size); ··· 544 547 goto out; 545 548 } 546 549 547 - expected = be32_to_cpu(*(__be32 *) (buf + 2)); 550 + expected = be32_to_cpu(*(__be32 *)(buf + 2)); 548 551 if (expected > count) { 549 552 size = -EIO; 550 553 goto out; ··· 566 569 567 570 static bool tpm_st33_i2c_req_canceled(struct tpm_chip *chip, u8 status) 568 571 { 569 - return (status == TPM_STS_COMMAND_READY); 572 + return (status == TPM_STS_COMMAND_READY); 570 573 } 571 574 572 575 static const struct file_operations tpm_st33_i2c_fops = { ··· 614 617 .miscdev = {.fops = &tpm_st33_i2c_fops,}, 615 618 }; 616 619 617 - static int interrupts ; 620 + static int interrupts; 618 621 module_param(interrupts, int, 0444); 619 622 MODULE_PARM_DESC(interrupts, "Enable interrupts"); 620 623 ··· 711 714 "TPM SERIRQ management", chip); 712 715 if (err < 0) { 713 716 dev_err(chip->dev , "TPM SERIRQ signals %d not available\n", 714 - gpio_to_irq(platform_data->io_serirq)); 717 + gpio_to_irq(platform_data->io_serirq)); 715 718 goto _irq_set; 716 719 } 717 720 ··· 751 754 dev_info(chip->dev, "TPM I2C Initialized\n"); 752 755 return 0; 753 756 _irq_set: 754 - free_irq(gpio_to_irq(platform_data->io_serirq), (void *) chip); 757 + free_irq(gpio_to_irq(platform_data->io_serirq), (void *)chip); 755 758 _gpio_init2: 756 759 if (interrupts) 757 760 gpio_free(platform_data->io_serirq); ··· 781 784 { 782 785 struct tpm_chip *chip = (struct tpm_chip *)i2c_get_clientdata(client); 783 786 struct st33zp24_platform_data *pin_infos = 784 - ((struct i2c_client *) TPM_VPRIV(chip))->dev.platform_data; 787 + ((struct i2c_client *)TPM_VPRIV(chip))->dev.platform_data; 785 788 786 789 if (pin_infos != NULL) { 787 790 free_irq(pin_infos->io_serirq, chip); ··· 820 823 struct st33zp24_platform_data *pin_infos = dev->platform_data; 821 824 int ret = 0; 822 825 823 - if (power_mgt) 826 + if (power_mgt) { 824 827 gpio_set_value(pin_infos->io_lpcpd, 0); 825 - else{ 828 + } else { 826 829 if (chip->data_buffer == NULL) 827 830 chip->data_buffer = pin_infos->tpm_i2c_buffer[0]; 828 831 ret = tpm_pm_suspend(dev); ··· 848 851 (chip->vendor.status(chip) & 849 852 TPM_STS_VALID) == TPM_STS_VALID, 850 853 chip->vendor.timeout_b); 851 - } else{ 852 - if (chip->data_buffer == NULL) 853 - chip->data_buffer = pin_infos->tpm_i2c_buffer[0]; 854 - ret = tpm_pm_resume(dev); 855 - if (!ret) 856 - tpm_do_selftest(chip); 854 + } else { 855 + if (chip->data_buffer == NULL) 856 + chip->data_buffer = pin_infos->tpm_i2c_buffer[0]; 857 + ret = tpm_pm_resume(dev); 858 + if (!ret) 859 + tpm_do_selftest(chip); 857 860 } 858 861 return ret; 859 862 } /* tpm_st33_i2c_pm_resume() */ ··· 864 867 {} 865 868 }; 866 869 MODULE_DEVICE_TABLE(i2c, tpm_st33_i2c_id); 867 - static SIMPLE_DEV_PM_OPS(tpm_st33_i2c_ops, tpm_st33_i2c_pm_suspend, tpm_st33_i2c_pm_resume); 870 + static SIMPLE_DEV_PM_OPS(tpm_st33_i2c_ops, tpm_st33_i2c_pm_suspend, 871 + tpm_st33_i2c_pm_resume); 868 872 static struct i2c_driver tpm_st33_i2c_driver = { 869 873 .driver = { 870 874 .owner = THIS_MODULE,
+7 -7
drivers/char/tpm/tpm_ppi.c
··· 158 158 ACPI_TYPE_STRING); 159 159 if (ACPI_FAILURE(status)) 160 160 return -ENOMEM; 161 - strncpy(version, 161 + strlcpy(version, 162 162 ((union acpi_object *)output.pointer)->string.pointer, 163 - PPI_VERSION_LEN); 163 + PPI_VERSION_LEN + 1); 164 164 kfree(output.pointer); 165 165 output.length = ACPI_ALLOCATE_BUFFER; 166 166 output.pointer = NULL; ··· 237 237 ACPI_TYPE_STRING); 238 238 if (ACPI_FAILURE(status)) 239 239 return -ENOMEM; 240 - strncpy(version, 240 + strlcpy(version, 241 241 ((union acpi_object *)output.pointer)->string.pointer, 242 - PPI_VERSION_LEN); 242 + PPI_VERSION_LEN + 1); 243 243 /* 244 244 * PPI spec defines params[3].type as empty package, but some platforms 245 245 * (e.g. Capella with PPI 1.0) need integer/string/buffer type, so for ··· 351 351 static ssize_t show_ppi_operations(char *buf, u32 start, u32 end) 352 352 { 353 353 char *str = buf; 354 - char version[PPI_VERSION_LEN]; 354 + char version[PPI_VERSION_LEN + 1]; 355 355 acpi_handle handle; 356 356 acpi_status status; 357 357 struct acpi_object_list input; ··· 381 381 if (ACPI_FAILURE(status)) 382 382 return -ENOMEM; 383 383 384 - strncpy(version, 384 + strlcpy(version, 385 385 ((union acpi_object *)output.pointer)->string.pointer, 386 - PPI_VERSION_LEN); 386 + PPI_VERSION_LEN + 1); 387 387 kfree(output.pointer); 388 388 output.length = ACPI_ALLOCATE_BUFFER; 389 389 output.pointer = NULL;
+1 -2
fs/nfs/super.c
··· 2385 2385 struct nfs_mount_info *mount_info) 2386 2386 { 2387 2387 /* clone any lsm security options from the parent to the new sb */ 2388 - security_sb_clone_mnt_opts(mount_info->cloned->sb, s); 2389 2388 if (mntroot->d_inode->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) 2390 2389 return -ESTALE; 2391 - return 0; 2390 + return security_sb_clone_mnt_opts(mount_info->cloned->sb, s); 2392 2391 } 2393 2392 EXPORT_SYMBOL_GPL(nfs_clone_sb_security); 2394 2393
+6 -4
include/linux/security.h
··· 1440 1440 struct path *new_path); 1441 1441 int (*sb_set_mnt_opts) (struct super_block *sb, 1442 1442 struct security_mnt_opts *opts); 1443 - void (*sb_clone_mnt_opts) (const struct super_block *oldsb, 1443 + int (*sb_clone_mnt_opts) (const struct super_block *oldsb, 1444 1444 struct super_block *newsb); 1445 1445 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts); 1446 1446 ··· 1726 1726 int security_sb_umount(struct vfsmount *mnt, int flags); 1727 1727 int security_sb_pivotroot(struct path *old_path, struct path *new_path); 1728 1728 int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); 1729 - void security_sb_clone_mnt_opts(const struct super_block *oldsb, 1729 + int security_sb_clone_mnt_opts(const struct super_block *oldsb, 1730 1730 struct super_block *newsb); 1731 1731 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 1732 1732 ··· 2016 2016 return 0; 2017 2017 } 2018 2018 2019 - static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb, 2019 + static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 2020 2020 struct super_block *newsb) 2021 - { } 2021 + { 2022 + return 0; 2023 + } 2022 2024 2023 2025 static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 2024 2026 {
+1
include/uapi/linux/magic.h
··· 11 11 #define DEBUGFS_MAGIC 0x64626720 12 12 #define SECURITYFS_MAGIC 0x73636673 13 13 #define SELINUX_MAGIC 0xf97cff8c 14 + #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ 14 15 #define RAMFS_MAGIC 0x858458f6 /* some random number */ 15 16 #define TMPFS_MAGIC 0x01021994 16 17 #define HUGETLBFS_MAGIC 0x958458f6 /* some random number */
+2
kernel/seccomp.c
··· 160 160 case BPF_S_ALU_AND_X: 161 161 case BPF_S_ALU_OR_K: 162 162 case BPF_S_ALU_OR_X: 163 + case BPF_S_ALU_XOR_K: 164 + case BPF_S_ALU_XOR_X: 163 165 case BPF_S_ALU_LSH_K: 164 166 case BPF_S_ALU_LSH_X: 165 167 case BPF_S_ALU_RSH_K:
+2 -1
security/capability.c
··· 98 98 return 0; 99 99 } 100 100 101 - static void cap_sb_clone_mnt_opts(const struct super_block *oldsb, 101 + static int cap_sb_clone_mnt_opts(const struct super_block *oldsb, 102 102 struct super_block *newsb) 103 103 { 104 + return 0; 104 105 } 105 106 106 107 static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
+5 -9
security/integrity/ima/ima_main.c
··· 189 189 if (rc != 0) 190 190 goto out_digsig; 191 191 192 - if (function != BPRM_CHECK) 193 - pathname = ima_d_path(&file->f_path, &pathbuf); 194 - 192 + pathname = !filename ? ima_d_path(&file->f_path, &pathbuf) : filename; 195 193 if (!pathname) 196 - pathname = filename; 194 + pathname = (const char *)file->f_dentry->d_name.name; 197 195 198 196 if (action & IMA_MEASURE) 199 197 ima_store_measurement(iint, file, pathname); ··· 224 226 int ima_file_mmap(struct file *file, unsigned long prot) 225 227 { 226 228 if (file && (prot & PROT_EXEC)) 227 - return process_measurement(file, file->f_dentry->d_name.name, 228 - MAY_EXEC, MMAP_CHECK); 229 + return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK); 229 230 return 0; 230 231 } 231 232 ··· 262 265 int ima_file_check(struct file *file, int mask) 263 266 { 264 267 ima_rdwr_violation_check(file); 265 - return process_measurement(file, file->f_dentry->d_name.name, 268 + return process_measurement(file, NULL, 266 269 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 267 270 FILE_CHECK); 268 271 } ··· 287 290 #endif 288 291 return 0; /* We rely on module signature checking */ 289 292 } 290 - return process_measurement(file, file->f_dentry->d_name.name, 291 - MAY_EXEC, MODULE_CHECK); 293 + return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK); 292 294 } 293 295 294 296 static int __init init_ima(void)
+2 -2
security/security.c
··· 299 299 } 300 300 EXPORT_SYMBOL(security_sb_set_mnt_opts); 301 301 302 - void security_sb_clone_mnt_opts(const struct super_block *oldsb, 302 + int security_sb_clone_mnt_opts(const struct super_block *oldsb, 303 303 struct super_block *newsb) 304 304 { 305 - security_ops->sb_clone_mnt_opts(oldsb, newsb); 305 + return security_ops->sb_clone_mnt_opts(oldsb, newsb); 306 306 } 307 307 EXPORT_SYMBOL(security_sb_clone_mnt_opts); 308 308
+35 -4
security/selinux/hooks.c
··· 751 751 goto out; 752 752 } 753 753 754 - static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 754 + static int selinux_cmp_sb_context(const struct super_block *oldsb, 755 + const struct super_block *newsb) 756 + { 757 + struct superblock_security_struct *old = oldsb->s_security; 758 + struct superblock_security_struct *new = newsb->s_security; 759 + char oldflags = old->flags & SE_MNTMASK; 760 + char newflags = new->flags & SE_MNTMASK; 761 + 762 + if (oldflags != newflags) 763 + goto mismatch; 764 + if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) 765 + goto mismatch; 766 + if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid) 767 + goto mismatch; 768 + if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) 769 + goto mismatch; 770 + if (oldflags & ROOTCONTEXT_MNT) { 771 + struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security; 772 + struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security; 773 + if (oldroot->sid != newroot->sid) 774 + goto mismatch; 775 + } 776 + return 0; 777 + mismatch: 778 + printk(KERN_WARNING "SELinux: mount invalid. Same superblock, " 779 + "different security settings for (dev %s, " 780 + "type %s)\n", newsb->s_id, newsb->s_type->name); 781 + return -EBUSY; 782 + } 783 + 784 + static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 755 785 struct super_block *newsb) 756 786 { 757 787 const struct superblock_security_struct *oldsbsec = oldsb->s_security; ··· 796 766 * mount options. thus we can safely deal with this superblock later 797 767 */ 798 768 if (!ss_initialized) 799 - return; 769 + return 0; 800 770 801 771 /* how can we clone if the old one wasn't set up?? */ 802 772 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); 803 773 804 - /* if fs is reusing a sb, just let its options stand... */ 774 + /* if fs is reusing a sb, make sure that the contexts match */ 805 775 if (newsbsec->flags & SE_SBINITIALIZED) 806 - return; 776 + return selinux_cmp_sb_context(oldsb, newsb); 807 777 808 778 mutex_lock(&newsbsec->lock); 809 779 ··· 836 806 837 807 sb_finish_set_opts(newsb); 838 808 mutex_unlock(&newsbsec->lock); 809 + return 0; 839 810 } 840 811 841 812 static int selinux_parse_opts_str(char *options,
-5
security/smack/smack.h
··· 149 149 #define SMACK_CIPSO_SOCKET 1 150 150 151 151 /* 152 - * smackfs magic number 153 - */ 154 - #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ 155 - 156 - /* 157 152 * CIPSO defaults. 158 153 */ 159 154 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
+2
security/smack/smack_access.c
··· 252 252 string[i++] = 'x'; 253 253 if (access & MAY_APPEND) 254 254 string[i++] = 'a'; 255 + if (access & MAY_TRANSMUTE) 256 + string[i++] = 't'; 255 257 string[i] = '\0'; 256 258 } 257 259 /**
+2 -2
security/smack/smack_lsm.c
··· 654 654 /* 655 655 * You also need write access to the containing directory 656 656 */ 657 - smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 657 + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 658 658 smk_ad_setfield_u_fs_inode(&ad, dir); 659 659 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 660 660 } ··· 685 685 /* 686 686 * You also need write access to the containing directory 687 687 */ 688 - smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 688 + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); 689 689 smk_ad_setfield_u_fs_inode(&ad, dir); 690 690 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 691 691 }
+171 -81
security/smack/smackfs.c
··· 26 26 #include <linux/seq_file.h> 27 27 #include <linux/ctype.h> 28 28 #include <linux/audit.h> 29 + #include <linux/magic.h> 29 30 #include "smack.h" 30 31 31 32 /* ··· 51 50 SMK_ACCESS2 = 16, /* make an access check with long labels */ 52 51 SMK_CIPSO2 = 17, /* load long label -> CIPSO mapping */ 53 52 SMK_REVOKE_SUBJ = 18, /* set rules with subject label to '-' */ 53 + SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */ 54 54 }; 55 55 56 56 /* 57 57 * List locks 58 58 */ 59 - static DEFINE_MUTEX(smack_list_lock); 60 59 static DEFINE_MUTEX(smack_cipso_lock); 61 60 static DEFINE_MUTEX(smack_ambient_lock); 62 61 static DEFINE_MUTEX(smk_netlbladdr_lock); ··· 110 109 }; 111 110 112 111 LIST_HEAD(smack_rule_list); 112 + 113 + struct smack_parsed_rule { 114 + char *smk_subject; 115 + char *smk_object; 116 + int smk_access1; 117 + int smk_access2; 118 + }; 113 119 114 120 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; 115 121 ··· 175 167 #define SMK_NETLBLADDRMIN 9 176 168 177 169 /** 178 - * smk_set_access - add a rule to the rule list 179 - * @srp: the new rule to add 170 + * smk_set_access - add a rule to the rule list or replace an old rule 171 + * @srp: the rule to add or replace 180 172 * @rule_list: the list of rules 181 173 * @rule_lock: the rule list lock 174 + * @global: if non-zero, indicates a global rule 182 175 * 183 176 * Looks through the current subject/object/access list for 184 177 * the subject/object pair and replaces the access that was 185 178 * there. If the pair isn't found add it with the specified 186 179 * access. 187 180 * 188 - * Returns 1 if a rule was found to exist already, 0 if it is new 189 181 * Returns 0 if nothing goes wrong or -ENOMEM if it fails 190 182 * during the allocation of the new pair to add. 191 183 */ 192 - static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list, 193 - struct mutex *rule_lock) 184 + static int smk_set_access(struct smack_parsed_rule *srp, 185 + struct list_head *rule_list, 186 + struct mutex *rule_lock, int global) 194 187 { 195 188 struct smack_rule *sp; 189 + struct smack_master_list *smlp; 196 190 int found = 0; 191 + int rc = 0; 197 192 198 193 mutex_lock(rule_lock); 199 194 ··· 208 197 if (sp->smk_object == srp->smk_object && 209 198 sp->smk_subject == srp->smk_subject) { 210 199 found = 1; 211 - sp->smk_access = srp->smk_access; 200 + sp->smk_access |= srp->smk_access1; 201 + sp->smk_access &= ~srp->smk_access2; 212 202 break; 213 203 } 214 204 } 215 - if (found == 0) 216 - list_add_rcu(&srp->list, rule_list); 217 205 206 + if (found == 0) { 207 + sp = kzalloc(sizeof(*sp), GFP_KERNEL); 208 + if (sp == NULL) { 209 + rc = -ENOMEM; 210 + goto out; 211 + } 212 + 213 + sp->smk_subject = srp->smk_subject; 214 + sp->smk_object = srp->smk_object; 215 + sp->smk_access = srp->smk_access1 & ~srp->smk_access2; 216 + 217 + list_add_rcu(&sp->list, rule_list); 218 + /* 219 + * If this is a global as opposed to self and a new rule 220 + * it needs to get added for reporting. 221 + */ 222 + if (global) { 223 + smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 224 + if (smlp != NULL) { 225 + smlp->smk_rule = sp; 226 + list_add_rcu(&smlp->list, &smack_rule_list); 227 + } else 228 + rc = -ENOMEM; 229 + } 230 + } 231 + 232 + out: 218 233 mutex_unlock(rule_lock); 234 + return rc; 235 + } 219 236 220 - return found; 237 + /** 238 + * smk_perm_from_str - parse smack accesses from a text string 239 + * @string: a text string that contains a Smack accesses code 240 + * 241 + * Returns an integer with respective bits set for specified accesses. 242 + */ 243 + static int smk_perm_from_str(const char *string) 244 + { 245 + int perm = 0; 246 + const char *cp; 247 + 248 + for (cp = string; ; cp++) 249 + switch (*cp) { 250 + case '-': 251 + break; 252 + case 'r': 253 + case 'R': 254 + perm |= MAY_READ; 255 + break; 256 + case 'w': 257 + case 'W': 258 + perm |= MAY_WRITE; 259 + break; 260 + case 'x': 261 + case 'X': 262 + perm |= MAY_EXEC; 263 + break; 264 + case 'a': 265 + case 'A': 266 + perm |= MAY_APPEND; 267 + break; 268 + case 't': 269 + case 'T': 270 + perm |= MAY_TRANSMUTE; 271 + break; 272 + default: 273 + return perm; 274 + } 221 275 } 222 276 223 277 /** 224 278 * smk_fill_rule - Fill Smack rule from strings 225 279 * @subject: subject label string 226 280 * @object: object label string 227 - * @access: access string 281 + * @access1: access string 282 + * @access2: string with permissions to be removed 228 283 * @rule: Smack rule 229 284 * @import: if non-zero, import labels 230 285 * @len: label length limit ··· 298 221 * Returns 0 on success, -1 on failure 299 222 */ 300 223 static int smk_fill_rule(const char *subject, const char *object, 301 - const char *access, struct smack_rule *rule, 302 - int import, int len) 224 + const char *access1, const char *access2, 225 + struct smack_parsed_rule *rule, int import, 226 + int len) 303 227 { 304 228 const char *cp; 305 229 struct smack_known *skp; ··· 333 255 rule->smk_object = skp->smk_known; 334 256 } 335 257 336 - rule->smk_access = 0; 337 - 338 - for (cp = access; *cp != '\0'; cp++) { 339 - switch (*cp) { 340 - case '-': 341 - break; 342 - case 'r': 343 - case 'R': 344 - rule->smk_access |= MAY_READ; 345 - break; 346 - case 'w': 347 - case 'W': 348 - rule->smk_access |= MAY_WRITE; 349 - break; 350 - case 'x': 351 - case 'X': 352 - rule->smk_access |= MAY_EXEC; 353 - break; 354 - case 'a': 355 - case 'A': 356 - rule->smk_access |= MAY_APPEND; 357 - break; 358 - case 't': 359 - case 'T': 360 - rule->smk_access |= MAY_TRANSMUTE; 361 - break; 362 - default: 363 - return 0; 364 - } 365 - } 258 + rule->smk_access1 = smk_perm_from_str(access1); 259 + if (access2) 260 + rule->smk_access2 = smk_perm_from_str(access2); 261 + else 262 + rule->smk_access2 = ~rule->smk_access1; 366 263 367 264 return 0; 368 265 } ··· 350 297 * 351 298 * Returns 0 on success, -1 on errors. 352 299 */ 353 - static int smk_parse_rule(const char *data, struct smack_rule *rule, int import) 300 + static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule, 301 + int import) 354 302 { 355 303 int rc; 356 304 357 305 rc = smk_fill_rule(data, data + SMK_LABELLEN, 358 - data + SMK_LABELLEN + SMK_LABELLEN, rule, import, 359 - SMK_LABELLEN); 306 + data + SMK_LABELLEN + SMK_LABELLEN, NULL, rule, 307 + import, SMK_LABELLEN); 360 308 return rc; 361 309 } 362 310 363 311 /** 364 312 * smk_parse_long_rule - parse Smack rule from rule string 365 313 * @data: string to be parsed, null terminated 366 - * @rule: Smack rule 314 + * @rule: Will be filled with Smack parsed rule 367 315 * @import: if non-zero, import labels 316 + * @change: if non-zero, data is from /smack/change-rule 368 317 * 369 318 * Returns 0 on success, -1 on failure 370 319 */ 371 - static int smk_parse_long_rule(const char *data, struct smack_rule *rule, 372 - int import) 320 + static int smk_parse_long_rule(const char *data, struct smack_parsed_rule *rule, 321 + int import, int change) 373 322 { 374 323 char *subject; 375 324 char *object; 376 - char *access; 325 + char *access1; 326 + char *access2; 377 327 int datalen; 378 328 int rc = -1; 379 329 ··· 390 334 object = kzalloc(datalen, GFP_KERNEL); 391 335 if (object == NULL) 392 336 goto free_out_s; 393 - access = kzalloc(datalen, GFP_KERNEL); 394 - if (access == NULL) 337 + access1 = kzalloc(datalen, GFP_KERNEL); 338 + if (access1 == NULL) 395 339 goto free_out_o; 340 + access2 = kzalloc(datalen, GFP_KERNEL); 341 + if (access2 == NULL) 342 + goto free_out_a; 396 343 397 - if (sscanf(data, "%s %s %s", subject, object, access) == 3) 398 - rc = smk_fill_rule(subject, object, access, rule, import, 0); 344 + if (change) { 345 + if (sscanf(data, "%s %s %s %s", 346 + subject, object, access1, access2) == 4) 347 + rc = smk_fill_rule(subject, object, access1, access2, 348 + rule, import, 0); 349 + } else { 350 + if (sscanf(data, "%s %s %s", subject, object, access1) == 3) 351 + rc = smk_fill_rule(subject, object, access1, NULL, 352 + rule, import, 0); 353 + } 399 354 400 - kfree(access); 355 + kfree(access2); 356 + free_out_a: 357 + kfree(access1); 401 358 free_out_o: 402 359 kfree(object); 403 360 free_out_s: ··· 420 351 421 352 #define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */ 422 353 #define SMK_LONG_FMT 1 /* Variable long label format */ 354 + #define SMK_CHANGE_FMT 2 /* Rule modification format */ 423 355 /** 424 356 * smk_write_rules_list - write() for any /smack rule file 425 357 * @file: file pointer, not actually used ··· 429 359 * @ppos: where to start - must be 0 430 360 * @rule_list: the list of rules to write to 431 361 * @rule_lock: lock for the rule list 432 - * @format: /smack/load or /smack/load2 format. 362 + * @format: /smack/load or /smack/load2 or /smack/change-rule format. 433 363 * 434 364 * Get one smack access rule from above. 435 365 * The format for SMK_LONG_FMT is: 436 366 * "subject<whitespace>object<whitespace>access[<whitespace>...]" 437 367 * The format for SMK_FIXED24_FMT is exactly: 438 368 * "subject object rwxat" 369 + * The format for SMK_CHANGE_FMT is: 370 + * "subject<whitespace>object<whitespace> 371 + * acc_enable<whitespace>acc_disable[<whitespace>...]" 439 372 */ 440 373 static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, 441 374 size_t count, loff_t *ppos, 442 375 struct list_head *rule_list, 443 376 struct mutex *rule_lock, int format) 444 377 { 445 - struct smack_master_list *smlp; 446 378 struct smack_known *skp; 447 - struct smack_rule *rule; 379 + struct smack_parsed_rule *rule; 448 380 char *data; 449 381 int datalen; 450 382 int rc = -EINVAL; ··· 489 417 * Be sure the data string is terminated. 490 418 */ 491 419 data[count] = '\0'; 492 - if (smk_parse_long_rule(data, rule, 1)) 420 + if (smk_parse_long_rule(data, rule, 1, 0)) 421 + goto out_free_rule; 422 + } else if (format == SMK_CHANGE_FMT) { 423 + data[count] = '\0'; 424 + if (smk_parse_long_rule(data, rule, 1, 1)) 493 425 goto out_free_rule; 494 426 } else { 495 427 /* ··· 513 437 rule_lock = &skp->smk_rules_lock; 514 438 } 515 439 516 - rc = count; 517 - /* 518 - * If this is a global as opposed to self and a new rule 519 - * it needs to get added for reporting. 520 - * smk_set_access returns true if there was already a rule 521 - * for the subject/object pair, and false if it was new. 522 - */ 523 - if (!smk_set_access(rule, rule_list, rule_lock)) { 524 - if (load) { 525 - smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 526 - if (smlp != NULL) { 527 - smlp->smk_rule = rule; 528 - list_add_rcu(&smlp->list, &smack_rule_list); 529 - } else 530 - rc = -ENOMEM; 531 - } 440 + rc = smk_set_access(rule, rule_list, rule_lock, load); 441 + if (rc == 0) { 442 + rc = count; 532 443 goto out; 533 444 } 534 445 ··· 1837 1774 static ssize_t smk_user_access(struct file *file, const char __user *buf, 1838 1775 size_t count, loff_t *ppos, int format) 1839 1776 { 1840 - struct smack_rule rule; 1777 + struct smack_parsed_rule rule; 1841 1778 char *data; 1842 1779 char *cod; 1843 1780 int res; ··· 1859 1796 return -ENOMEM; 1860 1797 memcpy(cod, data, count); 1861 1798 cod[count] = '\0'; 1862 - res = smk_parse_long_rule(cod, &rule, 0); 1799 + res = smk_parse_long_rule(cod, &rule, 0, 0); 1863 1800 kfree(cod); 1864 1801 } 1865 1802 1866 1803 if (res) 1867 1804 return -EINVAL; 1868 1805 1869 - res = smk_access(rule.smk_subject, rule.smk_object, rule.smk_access, 1806 + res = smk_access(rule.smk_subject, rule.smk_object, rule.smk_access1, 1870 1807 NULL); 1871 1808 data[0] = res == 0 ? '1' : '0'; 1872 1809 data[1] = '\0'; ··· 2098 2035 } 2099 2036 2100 2037 skp = smk_find_entry(cp); 2101 - if (skp == NULL) { 2102 - rc = -EINVAL; 2038 + if (skp == NULL) 2103 2039 goto free_out; 2104 - } 2105 2040 2106 2041 rule_list = &skp->smk_rules; 2107 2042 rule_lock = &skp->smk_rules_lock; ··· 2136 2075 return -ENOMEM; 2137 2076 return 0; 2138 2077 } 2078 + 2079 + /** 2080 + * smk_write_change_rule - write() for /smack/change-rule 2081 + * @file: file pointer 2082 + * @buf: data from user space 2083 + * @count: bytes sent 2084 + * @ppos: where to start - must be 0 2085 + */ 2086 + static ssize_t smk_write_change_rule(struct file *file, const char __user *buf, 2087 + size_t count, loff_t *ppos) 2088 + { 2089 + /* 2090 + * Must have privilege. 2091 + */ 2092 + if (!capable(CAP_MAC_ADMIN)) 2093 + return -EPERM; 2094 + 2095 + return smk_write_rules_list(file, buf, count, ppos, NULL, NULL, 2096 + SMK_CHANGE_FMT); 2097 + } 2098 + 2099 + static const struct file_operations smk_change_rule_ops = { 2100 + .write = smk_write_change_rule, 2101 + .read = simple_transaction_read, 2102 + .release = simple_transaction_release, 2103 + .llseek = generic_file_llseek, 2104 + }; 2139 2105 2140 2106 /** 2141 2107 * smk_fill_super - fill the /smackfs superblock ··· 2213 2125 [SMK_REVOKE_SUBJ] = { 2214 2126 "revoke-subject", &smk_revoke_subj_ops, 2215 2127 S_IRUGO|S_IWUSR}, 2128 + [SMK_CHANGE_RULE] = { 2129 + "change-rule", &smk_change_rule_ops, S_IRUGO|S_IWUSR}, 2216 2130 /* last one */ 2217 2131 {""} 2218 2132 };
+2 -3
security/tomoyo/tomoyo.c
··· 536 536 }; 537 537 538 538 /* Lock for GC. */ 539 - struct srcu_struct tomoyo_ss; 539 + DEFINE_SRCU(tomoyo_ss); 540 540 541 541 /** 542 542 * tomoyo_init - Register TOMOYO Linux as a LSM module. ··· 550 550 if (!security_module_enable(&tomoyo_security_ops)) 551 551 return 0; 552 552 /* register ourselves with the security framework */ 553 - if (register_security(&tomoyo_security_ops) || 554 - init_srcu_struct(&tomoyo_ss)) 553 + if (register_security(&tomoyo_security_ops)) 555 554 panic("Failure registering TOMOYO Linux"); 556 555 printk(KERN_INFO "TOMOYO Linux initialized\n"); 557 556 cred->security = &tomoyo_kernel_domain;