2015-11-03 08:26:35

by James Morris

[permalink] [raw]
Subject: [GIT PULL] Security subsystem update for 4.4

Please pull.

This is mostly maintenance updates across the subsystem, with a notable
update for TPM 2.0, and addition of Jarkko Sakkinen as a maintainer of
that.

The following changes since commit 5062ecdb662bf3aed6dc975019c53ffcd3b01d1c:

Merge tag 'regmap-v4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap (2015-11-02 16:16:24 -0800)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Arnd Bergmann (1):
apparmor: clarify CRYPTO dependency

David Howells (3):
KEYS: Provide a script to extract the sys cert list from a vmlinux file
KEYS: Provide a script to extract a module signature
KEYS: Merge the type-specific data with the payload data

Dmitry Kasatkin (1):
integrity: prevent loading untrusted certificates on the IMA trusted keyring

Geert Uytterhoeven (1):
tpm: Allow compile test of GPIO consumers if !GPIOLIB

Geliang Tang (3):
smack: smk_ipv6_port_list should be static
KEYS: use kvfree() in add_key
selinux: ioctl_has_perm should be static

Hon Ching \(Vicky\) Lo (6):
vTPM: fix memory allocation flag for rtce buffer at kernel boot
vTPM: fix searching for the right vTPM node in device tree
vTPM: reformat event log to be byte-aligned
vTPM: get the buffer allocated for event log instead of the actual log
vTPM: support little endian guests
TPM: remove unnecessary little endian conversion

Insu Yun (1):
keys: Be more consistent in selection of union members used

James Morris (4):
Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity into next
Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next into next
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next
Merge tag 'keys-next-20151021' of git://git.kernel.org/.../dhowells/linux-fs into next

Jarkko Sakkinen (10):
tpm, tpm_crb: fix unaligned read of the command buffer address
tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0
sysfs: added __compat_only_sysfs_link_entry_to_kobj()
tpm: move the PPI attributes to character device directory.
tpm: update PPI documentation to address the location change.
tpm: introduce tpm_buf
keys, trusted: move struct trusted_key_options to trusted-type.h
tpm: seal/unseal for TPM 2.0
keys, trusted: seal/unseal with TPM 2.0 chips
MAINTAINERS: add new maintainer for TPM DEVICE DRIVER

Jeff Vander Stoep (1):
selinux: do not check open perm on ftruncate call

Jos? Bollo (1):
Smack: Minor initialisation improvement

Krzysztof Kozlowski (1):
char: Drop owner assignment from i2c_driver

Lukasz Pawelczyk (1):
Smack: fix a NULL dereference in wrong smack_import_entry() usage

Paul Gortmaker (1):
certs: add .gitignore to stop git nagging about x509_certificate_list

Paul Moore (1):
selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default

Rasmus Villemoes (5):
selinux: introduce security_context_str_to_sid
selinux: remove pointless cast in selinux_inode_setsecurity()
selinux: use kmemdup in security_sid_to_context_core()
selinux: use kstrdup() in security_get_bools()
selinux: use sprintf return value

Roman Kubiak (1):
Smack: pipefs fix in smack_d_instantiate

Sangwoo (1):
selinux: Use a kmem_cache for allocation struct file_security_struct

Zbigniew Jasinski (1):
Smack: limited capability for changing process label

Documentation/ABI/testing/sysfs-driver-ppi | 19 +-
Documentation/crypto/asymmetric-keys.txt | 27 ++--
Documentation/security/Smack.txt | 10 +
Documentation/security/keys.txt | 41 +++--
MAINTAINERS | 1 +
arch/powerpc/kernel/prom_init.c | 40 +++-
certs/.gitignore | 4 +
crypto/asymmetric_keys/asymmetric_keys.h | 5 -
crypto/asymmetric_keys/asymmetric_type.c | 44 +++--
crypto/asymmetric_keys/public_key.c | 4 +-
crypto/asymmetric_keys/signature.c | 2 +-
crypto/asymmetric_keys/x509_parser.h | 1 +
crypto/asymmetric_keys/x509_public_key.c | 9 +-
drivers/char/tpm/st33zp24/Kconfig | 2 +-
drivers/char/tpm/st33zp24/i2c.c | 1 -
drivers/char/tpm/tpm-chip.c | 24 ++-
drivers/char/tpm/tpm-interface.c | 76 +++++++
drivers/char/tpm/tpm.h | 134 +++++++++++-
drivers/char/tpm/tpm2-cmd.c | 250 +++++++++++++++++++++-
drivers/char/tpm/tpm_crb.c | 39 ++--
drivers/char/tpm/tpm_eventlog.c | 78 +++++--
drivers/char/tpm/tpm_eventlog.h | 6 +
drivers/char/tpm/tpm_i2c_atmel.c | 1 -
drivers/char/tpm/tpm_i2c_infineon.c | 1 -
drivers/char/tpm/tpm_i2c_nuvoton.c | 1 -
drivers/char/tpm/tpm_ibmvtpm.c | 2 +-
drivers/char/tpm/tpm_of.c | 6 +-
drivers/char/tpm/tpm_ppi.c | 34 +--
drivers/char/tpm/tpm_tis.c | 192 ++++++++++++++---
fs/cifs/cifs_spnego.c | 6 +-
fs/cifs/cifsacl.c | 25 +--
fs/cifs/connect.c | 9 +-
fs/cifs/sess.c | 2 +-
fs/cifs/smb2pdu.c | 2 +-
fs/ecryptfs/ecryptfs_kernel.h | 5 +-
fs/ext4/crypto_key.c | 4 +-
fs/f2fs/crypto_key.c | 4 +-
fs/fscache/object-list.c | 4 +-
fs/nfs/nfs4idmap.c | 4 +-
fs/sysfs/group.c | 44 ++++
include/crypto/public_key.h | 1 -
include/keys/asymmetric-subtype.h | 2 +-
include/keys/asymmetric-type.h | 15 ++
include/keys/trusted-type.h | 14 ++-
include/keys/user-type.h | 8 +
include/linux/key-type.h | 3 +-
include/linux/key.h | 33 ++--
include/linux/sysfs.h | 11 +
include/linux/tpm.h | 26 +++
kernel/.gitignore | 1 -
kernel/module_signing.c | 1 +
lib/digsig.c | 7 +-
net/ceph/ceph_common.c | 2 +-
net/ceph/crypto.c | 6 +-
net/dns_resolver/dns_key.c | 20 +-
net/dns_resolver/dns_query.c | 7 +-
net/dns_resolver/internal.h | 8 +
net/rxrpc/af_rxrpc.c | 2 +-
net/rxrpc/ar-key.c | 32 ++--
net/rxrpc/ar-output.c | 2 +-
net/rxrpc/ar-security.c | 4 +-
net/rxrpc/rxkad.c | 16 +-
scripts/extract-module-sig.pl | 136 ++++++++++++
scripts/extract-sys-certs.pl | 144 +++++++++++++
security/apparmor/Kconfig | 2 +-
security/integrity/digsig.c | 2 +-
security/integrity/evm/evm_crypto.c | 2 +-
security/keys/big_key.c | 47 +++--
security/keys/encrypted-keys/encrypted.c | 18 +-
security/keys/encrypted-keys/encrypted.h | 4 +-
security/keys/encrypted-keys/masterkey_trusted.c | 4 +-
security/keys/key.c | 20 +-
security/keys/keyctl.c | 12 +-
security/keys/keyring.c | 12 +-
security/keys/process_keys.c | 4 +-
security/keys/request_key.c | 4 +-
security/keys/request_key_auth.c | 12 +-
security/keys/trusted.c | 42 +++-
security/keys/trusted.h | 11 -
security/keys/user_defined.c | 14 +-
security/selinux/Kconfig | 4 +-
security/selinux/hooks.c | 27 ++--
security/selinux/include/security.h | 2 +
security/selinux/selinuxfs.c | 26 +--
security/selinux/ss/services.c | 22 +--
security/smack/smack.h | 4 +-
security/smack/smack_access.c | 6 +-
security/smack/smack_lsm.c | 67 ++++++-
security/smack/smackfs.c | 208 +++++++++++++++----
89 files changed, 1748 insertions(+), 492 deletions(-)
create mode 100644 certs/.gitignore
create mode 100755 scripts/extract-module-sig.pl
create mode 100755 scripts/extract-sys-certs.pl

--
James Morris
<[email protected]>