update to PKT lts-v4.19.18-base-190130T184924Z
Signed-off-by: Alek Du <alek.du@intel.com>
This commit is contained in:
parent
117f5fe514
commit
3e5a20dcdf
|
@ -33,24 +33,24 @@ Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
|
|||
security/tomoyo/tomoyo.c | 56 +++++++++++++---
|
||||
17 files changed, 303 insertions(+), 143 deletions(-)
|
||||
|
||||
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
|
||||
index 97a020c616ad..0bef312efd45 100644
|
||||
--- a/include/linux/lsm_hooks.h
|
||||
+++ b/include/linux/lsm_hooks.h
|
||||
@@ -2024,6 +2024,13 @@ struct security_hook_list {
|
||||
char *lsm;
|
||||
Index: kernel-lts2018/include/linux/lsm_hooks.h
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/include/linux/lsm_hooks.h
|
||||
+++ kernel-lts2018/include/linux/lsm_hooks.h
|
||||
@@ -2025,6 +2025,13 @@ struct security_hook_list {
|
||||
} __randomize_layout;
|
||||
|
||||
+/*
|
||||
/*
|
||||
+ * Security blob size or offset data.
|
||||
+ */
|
||||
+struct lsm_blob_sizes {
|
||||
+ int lbs_cred;
|
||||
+};
|
||||
+
|
||||
/*
|
||||
+/*
|
||||
* Initializing a security_hook_list structure takes
|
||||
* up a lot of space in a source file. This macro takes
|
||||
* care of the common case and reduces the amount of
|
||||
@@ -2036,6 +2043,7 @@ struct security_hook_list {
|
||||
extern struct security_hook_heads security_hook_heads;
|
||||
extern char *lsm_names;
|
||||
|
@ -70,11 +70,11 @@ index 97a020c616ad..0bef312efd45 100644
|
|||
+#endif
|
||||
+
|
||||
#endif /* ! __LINUX_LSM_HOOKS_H */
|
||||
diff --git a/kernel/cred.c b/kernel/cred.c
|
||||
index ecf03657e71c..fa2061ee4955 100644
|
||||
--- a/kernel/cred.c
|
||||
+++ b/kernel/cred.c
|
||||
@@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred *cred)
|
||||
Index: kernel-lts2018/kernel/cred.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/kernel/cred.c
|
||||
+++ kernel-lts2018/kernel/cred.c
|
||||
@@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred
|
||||
{
|
||||
if (cred->magic != CRED_MAGIC)
|
||||
return true;
|
||||
|
@ -94,10 +94,10 @@ index ecf03657e71c..fa2061ee4955 100644
|
|||
return false;
|
||||
}
|
||||
EXPORT_SYMBOL(creds_are_invalid);
|
||||
diff --git a/security/Kconfig b/security/Kconfig
|
||||
index d9aa521b5206..0447d9d8c875 100644
|
||||
--- a/security/Kconfig
|
||||
+++ b/security/Kconfig
|
||||
Index: kernel-lts2018/security/Kconfig
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/Kconfig
|
||||
+++ kernel-lts2018/security/Kconfig
|
||||
@@ -36,6 +36,17 @@ config SECURITY_WRITABLE_HOOKS
|
||||
bool
|
||||
default n
|
||||
|
@ -116,11 +116,11 @@ index d9aa521b5206..0447d9d8c875 100644
|
|||
config SECURITYFS
|
||||
bool "Enable the securityfs filesystem"
|
||||
help
|
||||
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
|
||||
index 08c88de0ffda..726910bba84b 100644
|
||||
--- a/security/apparmor/domain.c
|
||||
+++ b/security/apparmor/domain.c
|
||||
@@ -975,7 +975,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
|
||||
Index: kernel-lts2018/security/apparmor/domain.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/apparmor/domain.c
|
||||
+++ kernel-lts2018/security/apparmor/domain.c
|
||||
@@ -975,7 +975,7 @@ int apparmor_bprm_set_creds(struct linux
|
||||
}
|
||||
aa_put_label(cred_label(bprm->cred));
|
||||
/* transfer reference, released when cred is freed */
|
||||
|
@ -129,10 +129,10 @@ index 08c88de0ffda..726910bba84b 100644
|
|||
|
||||
done:
|
||||
aa_put_label(label);
|
||||
diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h
|
||||
index e287b7d0d4be..a90eae76d7c1 100644
|
||||
--- a/security/apparmor/include/cred.h
|
||||
+++ b/security/apparmor/include/cred.h
|
||||
Index: kernel-lts2018/security/apparmor/include/cred.h
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/apparmor/include/cred.h
|
||||
+++ kernel-lts2018/security/apparmor/include/cred.h
|
||||
@@ -23,8 +23,22 @@
|
||||
#include "policy_ns.h"
|
||||
#include "task.h"
|
||||
|
@ -141,11 +141,11 @@ index e287b7d0d4be..a90eae76d7c1 100644
|
|||
+static inline struct aa_label *cred_label(const struct cred *cred)
|
||||
+{
|
||||
+ struct aa_label **blob = cred->security;
|
||||
+
|
||||
|
||||
+ AA_BUG(!blob);
|
||||
+ return *blob;
|
||||
+}
|
||||
|
||||
+
|
||||
+static inline void set_cred_label(const struct cred *cred,
|
||||
+ struct aa_label *label)
|
||||
+{
|
||||
|
@ -157,11 +157,11 @@ index e287b7d0d4be..a90eae76d7c1 100644
|
|||
|
||||
/**
|
||||
* aa_cred_raw_label - obtain cred's label
|
||||
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
|
||||
index 8b8b70620bbe..c2566aaa138e 100644
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -57,7 +57,7 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buffers);
|
||||
Index: kernel-lts2018/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/apparmor/lsm.c
|
||||
+++ kernel-lts2018/security/apparmor/lsm.c
|
||||
@@ -57,7 +57,7 @@ DEFINE_PER_CPU(struct aa_buffers, aa_buf
|
||||
static void apparmor_cred_free(struct cred *cred)
|
||||
{
|
||||
aa_put_label(cred_label(cred));
|
||||
|
@ -170,7 +170,7 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cred *cred)
|
||||
@@ -65,7 +65,7 @@ static void apparmor_cred_free(struct cr
|
||||
*/
|
||||
static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
||||
{
|
||||
|
@ -179,7 +179,7 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -75,7 +75,7 @@ static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
||||
@@ -75,7 +75,7 @@ static int apparmor_cred_alloc_blank(str
|
||||
static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
|
||||
gfp_t gfp)
|
||||
{
|
||||
|
@ -188,7 +188,7 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
|
||||
@@ -84,7 +84,7 @@ static int apparmor_cred_prepare(struct
|
||||
*/
|
||||
static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
|
||||
{
|
||||
|
@ -197,7 +197,7 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
}
|
||||
|
||||
static void apparmor_task_free(struct task_struct *task)
|
||||
@@ -1126,6 +1126,13 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
|
||||
@@ -1126,6 +1126,13 @@ static void apparmor_sock_graft(struct s
|
||||
ctx->label = aa_get_current_label();
|
||||
}
|
||||
|
||||
|
@ -221,7 +221,7 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
task_ctx(current) = ctx;
|
||||
|
||||
return 0;
|
||||
@@ -1540,8 +1548,18 @@ static inline int apparmor_init_sysctl(void)
|
||||
@@ -1540,8 +1548,18 @@ static inline int apparmor_init_sysctl(v
|
||||
|
||||
static int __init apparmor_init(void)
|
||||
{
|
||||
|
@ -240,11 +240,11 @@ index 8b8b70620bbe..c2566aaa138e 100644
|
|||
if (!apparmor_enabled || !security_module_enable("apparmor")) {
|
||||
aa_info_message("AppArmor disabled by boot time parameter");
|
||||
apparmor_enabled = false;
|
||||
diff --git a/security/apparmor/task.c b/security/apparmor/task.c
|
||||
index c6b78a14da91..4551110f0496 100644
|
||||
--- a/security/apparmor/task.c
|
||||
+++ b/security/apparmor/task.c
|
||||
@@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_label *label)
|
||||
Index: kernel-lts2018/security/apparmor/task.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/apparmor/task.c
|
||||
+++ kernel-lts2018/security/apparmor/task.c
|
||||
@@ -81,7 +81,7 @@ int aa_replace_current_label(struct aa_l
|
||||
*/
|
||||
aa_get_label(label);
|
||||
aa_put_label(cred_label(new));
|
||||
|
@ -253,7 +253,7 @@ index c6b78a14da91..4551110f0496 100644
|
|||
|
||||
commit_creds(new);
|
||||
return 0;
|
||||
@@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *label, u64 token)
|
||||
@@ -138,7 +138,7 @@ int aa_set_current_hat(struct aa_label *
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
|
@ -271,11 +271,11 @@ index c6b78a14da91..4551110f0496 100644
|
|||
AA_BUG(!cred_label(new));
|
||||
/* clear exec && prev information when restoring to previous context */
|
||||
aa_clear_task_ctx_trans(ctx);
|
||||
diff --git a/security/security.c b/security/security.c
|
||||
index 3dfe75d0d373..ff7df14f6db1 100644
|
||||
--- a/security/security.c
|
||||
+++ b/security/security.c
|
||||
@@ -41,6 +41,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init;
|
||||
Index: kernel-lts2018/security/security.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/security.c
|
||||
+++ kernel-lts2018/security/security.c
|
||||
@@ -41,6 +41,8 @@ struct security_hook_heads security_hook
|
||||
static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain);
|
||||
|
||||
char *lsm_names;
|
||||
|
@ -308,7 +308,7 @@ index 3dfe75d0d373..ff7df14f6db1 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -198,6 +212,73 @@ int unregister_lsm_notifier(struct notifier_block *nb)
|
||||
@@ -198,6 +212,73 @@ int unregister_lsm_notifier(struct notif
|
||||
}
|
||||
EXPORT_SYMBOL(unregister_lsm_notifier);
|
||||
|
||||
|
@ -382,7 +382,7 @@ index 3dfe75d0d373..ff7df14f6db1 100644
|
|||
/*
|
||||
* Hook list operation macros.
|
||||
*
|
||||
@@ -998,17 +1079,36 @@ void security_task_free(struct task_struct *task)
|
||||
@@ -998,7 +1079,15 @@ void security_task_free(struct task_stru
|
||||
|
||||
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
||||
{
|
||||
|
@ -399,7 +399,9 @@ index 3dfe75d0d373..ff7df14f6db1 100644
|
|||
}
|
||||
|
||||
void security_cred_free(struct cred *cred)
|
||||
{
|
||||
@@ -1011,11 +1100,22 @@ void security_cred_free(struct cred *cre
|
||||
return;
|
||||
|
||||
call_void_hook(cred_free, cred);
|
||||
+
|
||||
+ kfree(cred->security);
|
||||
|
@ -421,10 +423,10 @@ index 3dfe75d0d373..ff7df14f6db1 100644
|
|||
}
|
||||
|
||||
void security_transfer_creds(struct cred *new, const struct cred *old)
|
||||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
|
||||
index 9d6cdd21acb6..9b49698754a7 100644
|
||||
--- a/security/selinux/hooks.c
|
||||
+++ b/security/selinux/hooks.c
|
||||
Index: kernel-lts2018/security/selinux/hooks.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/selinux/hooks.c
|
||||
+++ kernel-lts2018/security/selinux/hooks.c
|
||||
@@ -213,12 +213,9 @@ static void cred_init_security(void)
|
||||
struct cred *cred = (struct cred *) current->real_cred;
|
||||
struct task_security_struct *tsec;
|
||||
|
@ -440,11 +442,10 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -3898,53 +3895,17 @@ static int selinux_task_alloc(struct task_struct *task,
|
||||
sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
|
||||
@@ -3904,52 +3901,16 @@ static int selinux_task_alloc(struct tas
|
||||
}
|
||||
|
||||
-/*
|
||||
/*
|
||||
- * allocate the SELinux part of blank credentials
|
||||
- */
|
||||
-static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
||||
|
@ -475,7 +476,7 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
- kfree(tsec);
|
||||
-}
|
||||
-
|
||||
/*
|
||||
-/*
|
||||
* prepare a new set of credentials for modification
|
||||
*/
|
||||
static int selinux_cred_prepare(struct cred *new, const struct cred *old,
|
||||
|
@ -497,7 +498,7 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -6894,6 +6855,10 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
|
||||
@@ -6902,6 +6863,10 @@ static void selinux_bpf_prog_free(struct
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -508,7 +509,7 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
|
||||
LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
|
||||
@@ -6976,8 +6941,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
@@ -6984,8 +6949,6 @@ static struct security_hook_list selinux
|
||||
LSM_HOOK_INIT(file_open, selinux_file_open),
|
||||
|
||||
LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
|
||||
|
@ -517,7 +518,7 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
|
||||
LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
|
||||
@@ -7133,11 +7096,19 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
@@ -7141,11 +7104,19 @@ static struct security_hook_list selinux
|
||||
|
||||
static __init int selinux_init(void)
|
||||
{
|
||||
|
@ -537,10 +538,10 @@ index 9d6cdd21acb6..9b49698754a7 100644
|
|||
if (!selinux_enabled) {
|
||||
pr_info("SELinux: Disabled at boot.\n");
|
||||
return 0;
|
||||
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
|
||||
index 734b6833bdff..db1c7000ada3 100644
|
||||
--- a/security/selinux/include/objsec.h
|
||||
+++ b/security/selinux/include/objsec.h
|
||||
Index: kernel-lts2018/security/selinux/include/objsec.h
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/selinux/include/objsec.h
|
||||
+++ kernel-lts2018/security/selinux/include/objsec.h
|
||||
@@ -25,6 +25,9 @@
|
||||
#include <linux/binfmts.h>
|
||||
#include <linux/in.h>
|
||||
|
@ -559,10 +560,10 @@ index 734b6833bdff..db1c7000ada3 100644
|
|||
static inline struct task_security_struct *selinux_cred(const struct cred *cred)
|
||||
{
|
||||
return cred->security;
|
||||
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
|
||||
index f3a5a138a096..b5665bdc29fc 100644
|
||||
--- a/security/selinux/selinuxfs.c
|
||||
+++ b/security/selinux/selinuxfs.c
|
||||
Index: kernel-lts2018/security/selinux/selinuxfs.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/selinux/selinuxfs.c
|
||||
+++ kernel-lts2018/security/selinux/selinuxfs.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/kobject.h>
|
||||
|
@ -571,10 +572,10 @@ index f3a5a138a096..b5665bdc29fc 100644
|
|||
|
||||
/* selinuxfs pseudo filesystem for exporting the security policy API.
|
||||
Based on the proc code and the fs/nfsd/nfsctl.c code. */
|
||||
diff --git a/security/smack/smack.h b/security/smack/smack.h
|
||||
index 0b55d6a55b26..0c6dce446825 100644
|
||||
--- a/security/smack/smack.h
|
||||
+++ b/security/smack/smack.h
|
||||
Index: kernel-lts2018/security/smack/smack.h
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/smack/smack.h
|
||||
+++ kernel-lts2018/security/smack/smack.h
|
||||
@@ -24,6 +24,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/rculist.h>
|
||||
|
@ -583,11 +584,11 @@ index 0b55d6a55b26..0c6dce446825 100644
|
|||
|
||||
/*
|
||||
* Use IPv6 port labeling if IPv6 is enabled and secmarks
|
||||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
|
||||
index 68ee3ae8f25c..a06ea8aa89c4 100644
|
||||
--- a/security/smack/smack_lsm.c
|
||||
+++ b/security/smack/smack_lsm.c
|
||||
@@ -309,29 +309,20 @@ static struct inode_smack *new_inode_smack(struct smack_known *skp)
|
||||
Index: kernel-lts2018/security/smack/smack_lsm.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/smack/smack_lsm.c
|
||||
+++ kernel-lts2018/security/smack/smack_lsm.c
|
||||
@@ -309,29 +309,20 @@ static struct inode_smack *new_inode_sma
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -621,7 +622,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
}
|
||||
|
||||
/**
|
||||
@@ -1958,14 +1949,7 @@ static int smack_file_open(struct file *file)
|
||||
@@ -1965,14 +1956,7 @@ static int smack_file_open(struct file *
|
||||
*/
|
||||
static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
|
||||
{
|
||||
|
@ -637,7 +638,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -1982,10 +1966,6 @@ static void smack_cred_free(struct cred *cred)
|
||||
@@ -1989,10 +1973,6 @@ static void smack_cred_free(struct cred
|
||||
struct list_head *l;
|
||||
struct list_head *n;
|
||||
|
||||
|
@ -648,7 +649,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
smk_destroy_label_list(&tsp->smk_relabel);
|
||||
|
||||
list_for_each_safe(l, n, &tsp->smk_rules) {
|
||||
@@ -1993,7 +1973,6 @@ static void smack_cred_free(struct cred *cred)
|
||||
@@ -2000,7 +1980,6 @@ static void smack_cred_free(struct cred
|
||||
list_del(&rp->list);
|
||||
kfree(rp);
|
||||
}
|
||||
|
@ -656,7 +657,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
}
|
||||
|
||||
/**
|
||||
@@ -2008,14 +1987,10 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
|
||||
@@ -2015,14 +1994,10 @@ static int smack_cred_prepare(struct cre
|
||||
gfp_t gfp)
|
||||
{
|
||||
struct task_smack *old_tsp = smack_cred(old);
|
||||
|
@ -673,7 +674,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
|
||||
rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
|
||||
if (rc != 0)
|
||||
@@ -2023,10 +1998,7 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
|
||||
@@ -2030,10 +2005,7 @@ static int smack_cred_prepare(struct cre
|
||||
|
||||
rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
|
||||
gfp);
|
||||
|
@ -685,7 +686,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
}
|
||||
|
||||
/**
|
||||
@@ -4652,6 +4624,10 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode,
|
||||
@@ -4659,6 +4631,10 @@ static int smack_dentry_create_files_as(
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -696,7 +697,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
|
||||
@@ -4830,23 +4806,35 @@ static __init void init_smack_known_list(void)
|
||||
@@ -4837,23 +4813,35 @@ static __init void init_smack_known_list
|
||||
*/
|
||||
static __init int smack_init(void)
|
||||
{
|
||||
|
@ -739,7 +740,7 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
smack_enabled = 1;
|
||||
|
||||
pr_info("Smack: Initializing.\n");
|
||||
@@ -4860,20 +4848,9 @@ static __init int smack_init(void)
|
||||
@@ -4867,20 +4855,9 @@ static __init int smack_init(void)
|
||||
pr_info("Smack: IPv6 Netfilter enabled.\n");
|
||||
#endif
|
||||
|
||||
|
@ -760,10 +761,10 @@ index 68ee3ae8f25c..a06ea8aa89c4 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
|
||||
index 539bcdd30bb8..0110bebe86e2 100644
|
||||
--- a/security/tomoyo/common.h
|
||||
+++ b/security/tomoyo/common.h
|
||||
Index: kernel-lts2018/security/tomoyo/common.h
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/tomoyo/common.h
|
||||
+++ kernel-lts2018/security/tomoyo/common.h
|
||||
@@ -29,6 +29,7 @@
|
||||
#include <linux/in.h>
|
||||
#include <linux/in6.h>
|
||||
|
@ -772,7 +773,7 @@ index 539bcdd30bb8..0110bebe86e2 100644
|
|||
#include <net/sock.h>
|
||||
#include <net/af_unix.h>
|
||||
#include <net/ip.h>
|
||||
@@ -1062,6 +1063,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
|
||||
@@ -1062,6 +1063,7 @@ void tomoyo_write_log2(struct tomoyo_req
|
||||
/********** External variable definitions. **********/
|
||||
|
||||
extern bool tomoyo_policy_loaded;
|
||||
|
@ -780,11 +781,10 @@ index 539bcdd30bb8..0110bebe86e2 100644
|
|||
extern const char * const tomoyo_condition_keyword
|
||||
[TOMOYO_MAX_CONDITION_KEYWORD];
|
||||
extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
|
||||
@@ -1196,6 +1198,17 @@ static inline void tomoyo_put_group(struct tomoyo_group *group)
|
||||
atomic_dec(&group->head.users);
|
||||
@@ -1197,13 +1199,26 @@ static inline void tomoyo_put_group(stru
|
||||
}
|
||||
|
||||
+/**
|
||||
/**
|
||||
+ * tomoyo_cred - Get a pointer to the tomoyo cred security blob
|
||||
+ * @cred - the relevant cred
|
||||
+ *
|
||||
|
@ -795,10 +795,10 @@ index 539bcdd30bb8..0110bebe86e2 100644
|
|||
+ return cred->security;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
+/**
|
||||
* tomoyo_domain - Get "struct tomoyo_domain_info" for current thread.
|
||||
*
|
||||
@@ -1203,7 +1216,9 @@ static inline void tomoyo_put_group(struct tomoyo_group *group)
|
||||
* Returns pointer to "struct tomoyo_domain_info" for current thread.
|
||||
*/
|
||||
static inline struct tomoyo_domain_info *tomoyo_domain(void)
|
||||
{
|
||||
|
@ -809,7 +809,7 @@ index 539bcdd30bb8..0110bebe86e2 100644
|
|||
}
|
||||
|
||||
/**
|
||||
@@ -1216,7 +1231,9 @@ static inline struct tomoyo_domain_info *tomoyo_domain(void)
|
||||
@@ -1216,7 +1231,9 @@ static inline struct tomoyo_domain_info
|
||||
static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
|
||||
*task)
|
||||
{
|
||||
|
@ -820,11 +820,11 @@ index 539bcdd30bb8..0110bebe86e2 100644
|
|||
}
|
||||
|
||||
/**
|
||||
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
|
||||
index f6758dad981f..b7469fdbff01 100644
|
||||
--- a/security/tomoyo/domain.c
|
||||
+++ b/security/tomoyo/domain.c
|
||||
@@ -678,6 +678,7 @@ static int tomoyo_environ(struct tomoyo_execve *ee)
|
||||
Index: kernel-lts2018/security/tomoyo/domain.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/tomoyo/domain.c
|
||||
+++ kernel-lts2018/security/tomoyo/domain.c
|
||||
@@ -678,6 +678,7 @@ out:
|
||||
*/
|
||||
int tomoyo_find_next_domain(struct linux_binprm *bprm)
|
||||
{
|
||||
|
@ -832,7 +832,7 @@ index f6758dad981f..b7469fdbff01 100644
|
|||
struct tomoyo_domain_info *old_domain = tomoyo_domain();
|
||||
struct tomoyo_domain_info *domain = NULL;
|
||||
const char *original_name = bprm->filename;
|
||||
@@ -843,7 +844,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
|
||||
@@ -843,7 +844,8 @@ force_jump_domain:
|
||||
domain = old_domain;
|
||||
/* Update reference count on "struct tomoyo_domain_info". */
|
||||
atomic_inc(&domain->users);
|
||||
|
@ -842,11 +842,11 @@ index f6758dad981f..b7469fdbff01 100644
|
|||
kfree(exename.name);
|
||||
if (!retval) {
|
||||
ee->r.domain = domain;
|
||||
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
|
||||
index 1d3d7e7a1f05..768dff9608b1 100644
|
||||
--- a/security/tomoyo/securityfs_if.c
|
||||
+++ b/security/tomoyo/securityfs_if.c
|
||||
@@ -71,9 +71,12 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
|
||||
Index: kernel-lts2018/security/tomoyo/securityfs_if.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/tomoyo/securityfs_if.c
|
||||
+++ kernel-lts2018/security/tomoyo/securityfs_if.c
|
||||
@@ -71,9 +71,12 @@ static ssize_t tomoyo_write_self(struct
|
||||
if (!cred) {
|
||||
error = -ENOMEM;
|
||||
} else {
|
||||
|
@ -862,7 +862,7 @@ index 1d3d7e7a1f05..768dff9608b1 100644
|
|||
atomic_inc(&new_domain->users);
|
||||
atomic_dec(&old_domain->users);
|
||||
commit_creds(cred);
|
||||
@@ -234,10 +237,14 @@ static void __init tomoyo_create_entry(const char *name, const umode_t mode,
|
||||
@@ -234,10 +237,14 @@ static void __init tomoyo_create_entry(c
|
||||
*/
|
||||
static int __init tomoyo_initerface_init(void)
|
||||
{
|
||||
|
@ -878,10 +878,10 @@ index 1d3d7e7a1f05..768dff9608b1 100644
|
|||
return 0;
|
||||
|
||||
tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
|
||||
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
|
||||
index 9f932e2d6852..bb84e6ec3886 100644
|
||||
--- a/security/tomoyo/tomoyo.c
|
||||
+++ b/security/tomoyo/tomoyo.c
|
||||
Index: kernel-lts2018/security/tomoyo/tomoyo.c
|
||||
===================================================================
|
||||
--- kernel-lts2018.orig/security/tomoyo/tomoyo.c
|
||||
+++ kernel-lts2018/security/tomoyo/tomoyo.c
|
||||
@@ -18,7 +18,9 @@
|
||||
*/
|
||||
static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
|
||||
|
@ -893,7 +893,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -34,8 +36,13 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
|
||||
@@ -34,8 +36,13 @@ static int tomoyo_cred_alloc_blank(struc
|
||||
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
|
||||
gfp_t gfp)
|
||||
{
|
||||
|
@ -909,7 +909,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
if (domain)
|
||||
atomic_inc(&domain->users);
|
||||
return 0;
|
||||
@@ -59,7 +66,9 @@ static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
|
||||
@@ -59,7 +66,9 @@ static void tomoyo_cred_transfer(struct
|
||||
*/
|
||||
static void tomoyo_cred_free(struct cred *cred)
|
||||
{
|
||||
|
@ -920,7 +920,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
if (domain)
|
||||
atomic_dec(&domain->users);
|
||||
}
|
||||
@@ -73,6 +82,9 @@ static void tomoyo_cred_free(struct cred *cred)
|
||||
@@ -73,6 +82,9 @@ static void tomoyo_cred_free(struct cred
|
||||
*/
|
||||
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
|
||||
{
|
||||
|
@ -930,7 +930,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
/*
|
||||
* Do only if this function is called for the first time of an execve
|
||||
* operation.
|
||||
@@ -93,13 +105,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
|
||||
@@ -93,13 +105,14 @@ static int tomoyo_bprm_set_creds(struct
|
||||
* stored inside "bprm->cred->security" will be acquired later inside
|
||||
* tomoyo_find_next_domain().
|
||||
*/
|
||||
|
@ -948,7 +948,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -112,8 +125,11 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
|
||||
@@ -112,8 +125,11 @@ static int tomoyo_bprm_set_creds(struct
|
||||
*/
|
||||
static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
|
||||
{
|
||||
|
@ -961,7 +961,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
/*
|
||||
* Execute permission is checked against pathname passed to do_execve()
|
||||
* using current domain.
|
||||
@@ -493,6 +509,10 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
|
||||
@@ -493,6 +509,10 @@ static int tomoyo_socket_sendmsg(struct
|
||||
return tomoyo_socket_sendmsg_permission(sock, msg, size);
|
||||
}
|
||||
|
||||
|
@ -972,7 +972,7 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
/*
|
||||
* tomoyo_security_ops is a "struct security_operations" which is used for
|
||||
* registering TOMOYO.
|
||||
@@ -531,6 +551,8 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
|
||||
@@ -531,6 +551,8 @@ static struct security_hook_list tomoyo_
|
||||
/* Lock for GC. */
|
||||
DEFINE_SRCU(tomoyo_ss);
|
||||
|
||||
|
@ -1012,6 +1012,3 @@ index 9f932e2d6852..bb84e6ec3886 100644
|
|||
tomoyo_mm_init();
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.19.1
|
||||
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
From 6b6f5442b66c3e8f002810f33cf7ed446bca0cfa Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Winkler <tomas.winkler@intel.com>
|
||||
Date: Mon, 15 Oct 2018 14:03:26 +0300
|
||||
Subject: [PATCH 37/97] tpm: tpm_try_transmit() refactor error flow.
|
||||
|
||||
First, rename out_no_locality to out_locality for bailing out on
|
||||
both tpm_cmd_ready() and tpm_request_locality() failure.
|
||||
Second, ignore the return value of go_to_idle() as it may override
|
||||
the return value of the actual tpm operation, the go_to_idle() error
|
||||
will be caught on any consequent command.
|
||||
Last, fix the wrong 'goto out', that jumped back instead of forward.
|
||||
|
||||
Change-Id: Id7258267830705661f51ed6213b8405fc2d9ec77
|
||||
Cc: stable@vger.kernel.org
|
||||
Fixes: 627448e85c76 ("tpm: separate cmd_ready/go_idle from runtime_pm")
|
||||
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
|
||||
---
|
||||
drivers/char/tpm/tpm-interface.c | 15 ++++++++-------
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
|
||||
index 129f640424b7..95db630dd722 100644
|
||||
--- a/drivers/char/tpm/tpm-interface.c
|
||||
+++ b/drivers/char/tpm/tpm-interface.c
|
||||
@@ -477,13 +477,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip,
|
||||
|
||||
if (need_locality) {
|
||||
rc = tpm_request_locality(chip, flags);
|
||||
- if (rc < 0)
|
||||
- goto out_no_locality;
|
||||
+ if (rc < 0) {
|
||||
+ need_locality = false;
|
||||
+ goto out_locality;
|
||||
+ }
|
||||
}
|
||||
|
||||
rc = tpm_cmd_ready(chip, flags);
|
||||
if (rc)
|
||||
- goto out;
|
||||
+ goto out_locality;
|
||||
|
||||
rc = tpm2_prepare_space(chip, space, ordinal, buf);
|
||||
if (rc)
|
||||
@@ -547,14 +549,13 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip,
|
||||
dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc);
|
||||
|
||||
out:
|
||||
- rc = tpm_go_idle(chip, flags);
|
||||
- if (rc)
|
||||
- goto out;
|
||||
+ /* may fail but do not override previous error value in rc */
|
||||
+ tpm_go_idle(chip, flags);
|
||||
|
||||
+out_locality:
|
||||
if (need_locality)
|
||||
tpm_relinquish_locality(chip, flags);
|
||||
|
||||
-out_no_locality:
|
||||
if (chip->ops->clk_enable != NULL)
|
||||
chip->ops->clk_enable(chip, false);
|
||||
|
||||
--
|
||||
2.19.1
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
From 321108a27e95e79885db33946b685b0e74031ca1 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Winkler <tomas.winkler@intel.com>
|
||||
Date: Wed, 17 Oct 2018 19:23:18 +0300
|
||||
Subject: [PATCH 38/97] tpm: tpm_i2c_nuvoton: use correct command duration for
|
||||
TPM 2.x
|
||||
|
||||
tpm_i2c_nuvoton calculated commands duration using TPM 1.x
|
||||
values via tpm_calc_ordinal_duration() also for TPM 2.x chips.
|
||||
Call tpm2_calc_ordinal_duration() for retrieving ordinal
|
||||
duration for TPM 2.X chips.
|
||||
|
||||
Change-Id: If979415a7e21daad80c02b08e66ce652d0bc2b6c
|
||||
Cc: Nayna Jain <nayna@linux.vnet.ibm.com>
|
||||
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
|
||||
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
|
||||
Tested-by: Nayna Jain <nayna@linux.ibm.com> (For TPM 2.0)
|
||||
---
|
||||
drivers/char/tpm/tpm_i2c_nuvoton.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c
|
||||
index caa86b19c76d..f74f451baf6a 100644
|
||||
--- a/drivers/char/tpm/tpm_i2c_nuvoton.c
|
||||
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
|
||||
@@ -369,6 +369,7 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len)
|
||||
struct device *dev = chip->dev.parent;
|
||||
struct i2c_client *client = to_i2c_client(dev);
|
||||
u32 ordinal;
|
||||
+ unsigned long duration;
|
||||
size_t count = 0;
|
||||
int burst_count, bytes2write, retries, rc = -EIO;
|
||||
|
||||
@@ -455,10 +456,12 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len)
|
||||
return rc;
|
||||
}
|
||||
ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
|
||||
- rc = i2c_nuvoton_wait_for_data_avail(chip,
|
||||
- tpm_calc_ordinal_duration(chip,
|
||||
- ordinal),
|
||||
- &priv->read_queue);
|
||||
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
|
||||
+ duration = tpm2_calc_ordinal_duration(chip, ordinal);
|
||||
+ else
|
||||
+ duration = tpm_calc_ordinal_duration(chip, ordinal);
|
||||
+
|
||||
+ rc = i2c_nuvoton_wait_for_data_avail(chip, duration, &priv->read_queue);
|
||||
if (rc) {
|
||||
dev_err(dev, "%s() timeout command duration\n", __func__);
|
||||
i2c_nuvoton_ready(chip);
|
||||
--
|
||||
2.19.1
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue