Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754965AbbKCI0f (ORCPT ); Tue, 3 Nov 2015 03:26:35 -0500 Received: from tundra.namei.org ([65.99.196.166]:47916 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752978AbbKCI0a (ORCPT ); Tue, 3 Nov 2015 03:26:30 -0500 Date: Tue, 3 Nov 2015 19:23:28 +1100 (AEDT) From: James Morris To: Linus Torvalds cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [GIT PULL] Security subsystem update for 4.4 Message-ID: User-Agent: Alpine 2.20 (LRH 67 2015-01-07) MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="1665246916-1761545950-1446539008=:18754" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 9833 Lines: 207 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1665246916-1761545950-1446539008=:18754 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8BIT Please pull. This is mostly maintenance updates across the subsystem, with a notable update for TPM 2.0, and addition of Jarkko Sakkinen as a maintainer of that. The following changes since commit 5062ecdb662bf3aed6dc975019c53ffcd3b01d1c: Merge tag 'regmap-v4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap (2015-11-02 16:16:24 -0800) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next Arnd Bergmann (1): apparmor: clarify CRYPTO dependency David Howells (3): KEYS: Provide a script to extract the sys cert list from a vmlinux file KEYS: Provide a script to extract a module signature KEYS: Merge the type-specific data with the payload data Dmitry Kasatkin (1): integrity: prevent loading untrusted certificates on the IMA trusted keyring Geert Uytterhoeven (1): tpm: Allow compile test of GPIO consumers if !GPIOLIB Geliang Tang (3): smack: smk_ipv6_port_list should be static KEYS: use kvfree() in add_key selinux: ioctl_has_perm should be static Hon Ching \(Vicky\) Lo (6): vTPM: fix memory allocation flag for rtce buffer at kernel boot vTPM: fix searching for the right vTPM node in device tree vTPM: reformat event log to be byte-aligned vTPM: get the buffer allocated for event log instead of the actual log vTPM: support little endian guests TPM: remove unnecessary little endian conversion Insu Yun (1): keys: Be more consistent in selection of union members used James Morris (4): Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity into next Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next into next Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next Merge tag 'keys-next-20151021' of git://git.kernel.org/.../dhowells/linux-fs into next Jarkko Sakkinen (10): tpm, tpm_crb: fix unaligned read of the command buffer address tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 sysfs: added __compat_only_sysfs_link_entry_to_kobj() tpm: move the PPI attributes to character device directory. tpm: update PPI documentation to address the location change. tpm: introduce tpm_buf keys, trusted: move struct trusted_key_options to trusted-type.h tpm: seal/unseal for TPM 2.0 keys, trusted: seal/unseal with TPM 2.0 chips MAINTAINERS: add new maintainer for TPM DEVICE DRIVER Jeff Vander Stoep (1): selinux: do not check open perm on ftruncate call Jos? Bollo (1): Smack: Minor initialisation improvement Krzysztof Kozlowski (1): char: Drop owner assignment from i2c_driver Lukasz Pawelczyk (1): Smack: fix a NULL dereference in wrong smack_import_entry() usage Paul Gortmaker (1): certs: add .gitignore to stop git nagging about x509_certificate_list Paul Moore (1): selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default Rasmus Villemoes (5): selinux: introduce security_context_str_to_sid selinux: remove pointless cast in selinux_inode_setsecurity() selinux: use kmemdup in security_sid_to_context_core() selinux: use kstrdup() in security_get_bools() selinux: use sprintf return value Roman Kubiak (1): Smack: pipefs fix in smack_d_instantiate Sangwoo (1): selinux: Use a kmem_cache for allocation struct file_security_struct Zbigniew Jasinski (1): Smack: limited capability for changing process label Documentation/ABI/testing/sysfs-driver-ppi | 19 +- Documentation/crypto/asymmetric-keys.txt | 27 ++-- Documentation/security/Smack.txt | 10 + Documentation/security/keys.txt | 41 +++-- MAINTAINERS | 1 + arch/powerpc/kernel/prom_init.c | 40 +++- certs/.gitignore | 4 + crypto/asymmetric_keys/asymmetric_keys.h | 5 - crypto/asymmetric_keys/asymmetric_type.c | 44 +++-- crypto/asymmetric_keys/public_key.c | 4 +- crypto/asymmetric_keys/signature.c | 2 +- crypto/asymmetric_keys/x509_parser.h | 1 + crypto/asymmetric_keys/x509_public_key.c | 9 +- drivers/char/tpm/st33zp24/Kconfig | 2 +- drivers/char/tpm/st33zp24/i2c.c | 1 - drivers/char/tpm/tpm-chip.c | 24 ++- drivers/char/tpm/tpm-interface.c | 76 +++++++ drivers/char/tpm/tpm.h | 134 +++++++++++- drivers/char/tpm/tpm2-cmd.c | 250 +++++++++++++++++++++- drivers/char/tpm/tpm_crb.c | 39 ++-- drivers/char/tpm/tpm_eventlog.c | 78 +++++-- drivers/char/tpm/tpm_eventlog.h | 6 + drivers/char/tpm/tpm_i2c_atmel.c | 1 - drivers/char/tpm/tpm_i2c_infineon.c | 1 - drivers/char/tpm/tpm_i2c_nuvoton.c | 1 - drivers/char/tpm/tpm_ibmvtpm.c | 2 +- drivers/char/tpm/tpm_of.c | 6 +- drivers/char/tpm/tpm_ppi.c | 34 +-- drivers/char/tpm/tpm_tis.c | 192 ++++++++++++++--- fs/cifs/cifs_spnego.c | 6 +- fs/cifs/cifsacl.c | 25 +-- fs/cifs/connect.c | 9 +- fs/cifs/sess.c | 2 +- fs/cifs/smb2pdu.c | 2 +- fs/ecryptfs/ecryptfs_kernel.h | 5 +- fs/ext4/crypto_key.c | 4 +- fs/f2fs/crypto_key.c | 4 +- fs/fscache/object-list.c | 4 +- fs/nfs/nfs4idmap.c | 4 +- fs/sysfs/group.c | 44 ++++ include/crypto/public_key.h | 1 - include/keys/asymmetric-subtype.h | 2 +- include/keys/asymmetric-type.h | 15 ++ include/keys/trusted-type.h | 14 ++- include/keys/user-type.h | 8 + include/linux/key-type.h | 3 +- include/linux/key.h | 33 ++-- include/linux/sysfs.h | 11 + include/linux/tpm.h | 26 +++ kernel/.gitignore | 1 - kernel/module_signing.c | 1 + lib/digsig.c | 7 +- net/ceph/ceph_common.c | 2 +- net/ceph/crypto.c | 6 +- net/dns_resolver/dns_key.c | 20 +- net/dns_resolver/dns_query.c | 7 +- net/dns_resolver/internal.h | 8 + net/rxrpc/af_rxrpc.c | 2 +- net/rxrpc/ar-key.c | 32 ++-- net/rxrpc/ar-output.c | 2 +- net/rxrpc/ar-security.c | 4 +- net/rxrpc/rxkad.c | 16 +- scripts/extract-module-sig.pl | 136 ++++++++++++ scripts/extract-sys-certs.pl | 144 +++++++++++++ security/apparmor/Kconfig | 2 +- security/integrity/digsig.c | 2 +- security/integrity/evm/evm_crypto.c | 2 +- security/keys/big_key.c | 47 +++-- security/keys/encrypted-keys/encrypted.c | 18 +- security/keys/encrypted-keys/encrypted.h | 4 +- security/keys/encrypted-keys/masterkey_trusted.c | 4 +- security/keys/key.c | 20 +- security/keys/keyctl.c | 12 +- security/keys/keyring.c | 12 +- security/keys/process_keys.c | 4 +- security/keys/request_key.c | 4 +- security/keys/request_key_auth.c | 12 +- security/keys/trusted.c | 42 +++- security/keys/trusted.h | 11 - security/keys/user_defined.c | 14 +- security/selinux/Kconfig | 4 +- security/selinux/hooks.c | 27 ++-- security/selinux/include/security.h | 2 + security/selinux/selinuxfs.c | 26 +-- security/selinux/ss/services.c | 22 +-- security/smack/smack.h | 4 +- security/smack/smack_access.c | 6 +- security/smack/smack_lsm.c | 67 ++++++- security/smack/smackfs.c | 208 +++++++++++++++---- 89 files changed, 1748 insertions(+), 492 deletions(-) create mode 100644 certs/.gitignore create mode 100755 scripts/extract-module-sig.pl create mode 100755 scripts/extract-sys-certs.pl -- James Morris --1665246916-1761545950-1446539008=:18754-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/