Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754148AbcJDIhL (ORCPT <rfc822;w@1wt.eu>);
        Tue, 4 Oct 2016 04:37:11 -0400
Received: from [65.99.196.166] ([65.99.196.166]:52576 "EHLO namei.org"
        rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP
        id S1754086AbcJDIhJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Oct 2016 04:37:09 -0400
Date: Tue, 4 Oct 2016 19:37:04 +1100 (AEDT)
From: James Morris <jmorris@namei.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] Security subsystem updates for 4.9
Message-ID: <alpine.LRH.2.20.1610041931270.12954@namei.org>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="1665246916-261082997-1475570224=:12954"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 6072
Lines: 142

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1665246916-261082997-1475570224=:12954
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT

Summary:

o SELinux/LSM: overlayfs support, necessary for container filesystems
o LSM: finally remove the kernel_module_from_file hook
o Smack: treat signal delivery as an 'append' operation
o TPM: lots of bugfixes & updates
o Audit: new audit data type: LSM_AUDIT_DATA_FILE


Please pull.

---

The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:

  Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

for you to fetch changes up to 1306d8e1c09fdc8ecb9ef235e2116352f810f9c5:

  Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next (2016-09-27 19:21:37 +1000)

----------------------------------------------------------------
Casey Schaufler (1):
      Smack: Signal delivery as an append operation

James Morris (4):
      Merge branch 'smack-for-4.9' of http://github.com/cschaufler/smack-next into next
      Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
      Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
      Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next

Jarkko Sakkinen (15):
      tpm: invalid self test error message
      tpm: fix a race condition in tpm2_unseal_trusted()
      tpm: remove unnecessary externs from tpm.h
      tpm: replace tpm_gen_interrupt() with tpm_tis_gen_interrupt()
      tpm: use tpm_transmit_cmd() in tpm2_probe()
      tpm: use tpm_pcr_read_dev() in tpm_do_selftest()
      tpm_crb: fix crb_req_canceled behavior
      tpm_crb: remove wmb()'s
      tpm_crb: refine the naming of constants
      tpm_crb: fix incorrect values of cmdReady and goIdle bits
      tpm: add check for minimum buffer size in tpm_transmit()
      Revert "tmp/tpm_crb: implement runtime pm for tpm_crb"
      Revert "tpm/tpm_crb: open code the crb_init into acpi_add"
      Revert "tmp/tpm_crb: fix Intel PTT hw bug during idle state"
      Revert "tpm/tpm_crb: implement tpm crb idle state"

Jason Gunthorpe (1):
      tpm/st33zp24: Remove useless tpm_gen_interrupt

Javier Martinez Canillas (1):
      security: Use IS_ENABLED() instead of checking for built-in or module

Julia Lawall (1):
      tpm: constify TPM 1.x header structures

Markus Elfring (1):
      Smack: Use memdup_user() rather than duplicating its implementation

Micka?l Sala?n (4):
      module: Fully remove the kernel_module_from_file hook
      um/ptrace: Fix the syscall_trace_leave call
      um/ptrace: Fix the syscall number update after a ptrace
      seccomp: Remove 2-phase API documentation

Tomas Winkler (5):
      tpm/tpm_tis: remove unused itpm variable
      tmp/tpm_crb: drop include to platform_device
      tpm/tpm_crb: cache cmd_size register value.
      tpm/tpm_crb: drop useless cpu_to_le32 when writing to registers
      tpm/tpm_crb: fix the over 80 characters checkpatch warring

Vivek Goyal (8):
      security, overlayfs: provide copy up security hook for unioned files
      selinux: Implementation for inode_copy_up() hook
      security,overlayfs: Provide security hook for copy up of xattrs for overlay file
      selinux: Implementation for inode_copy_up_xattr() hook
      selinux: Pass security pointer to determine_inode_label()
      security, overlayfs: Provide hook to correctly label newly created files
      selinux: Implement dentry_create_files_as() hook
      lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE

Wei Yongjun (1):
      selinux: fix error return code in policydb_read()

William Roberts (5):
      selinux: print leading 0x on ioctlcmd audits
      selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX
      selinux: detect invalid ebitmap
      selinux: initialize structures
      selinux: fix overflow and 0 length allocations

Winkler, Tomas (4):
      tpm/tpm_crb: implement tpm crb idle state
      tmp/tpm_crb: fix Intel PTT hw bug during idle state
      tpm/tpm_crb: open code the crb_init into acpi_add
      tmp/tpm_crb: implement runtime pm for tpm_crb

 arch/Kconfig                         |  11 ----
 arch/um/kernel/skas/syscall.c        |  10 +--
 arch/x86/um/ptrace_32.c              |   3 +
 arch/x86/um/ptrace_64.c              |   4 ++
 drivers/char/tpm/st33zp24/st33zp24.c |   2 -
 drivers/char/tpm/tpm-dev.c           |   2 +-
 drivers/char/tpm/tpm-interface.c     |  84 +++++++++++-------------
 drivers/char/tpm/tpm-sysfs.c         |   4 +-
 drivers/char/tpm/tpm.h               |  46 ++++++-------
 drivers/char/tpm/tpm2-cmd.c          | 124 +++++++++++++++++++----------------
 drivers/char/tpm/tpm_crb.c           |  50 +++++++-------
 drivers/char/tpm/tpm_tis_core.c      |  24 ++++---
 fs/overlayfs/copy_up.c               |  22 +++++++
 fs/overlayfs/dir.c                   |  10 +++
 include/linux/lsm_audit.h            |   2 +
 include/linux/lsm_hooks.h            |  37 ++++++++++-
 include/linux/security.h             |  25 ++++++-
 security/lsm_audit.c                 |  17 ++++-
 security/security.c                  |  27 ++++++++
 security/selinux/Kconfig             |  38 -----------
 security/selinux/hooks.c             | 106 +++++++++++++++++++++++-------
 security/selinux/include/security.h  |   4 --
 security/selinux/ss/conditional.c    |   2 +
 security/selinux/ss/ebitmap.c        |   3 +
 security/selinux/ss/policydb.c       |  12 ++--
 security/smack/Kconfig               |  12 ++++
 security/smack/smack.h               |  10 +++
 security/smack/smack_lsm.c           |  14 ++--
 security/smack/smack_netfilter.c     |   4 +-
 security/smack/smackfs.c             |  11 +---
 30 files changed, 447 insertions(+), 273 deletions(-)
--1665246916-261082997-1475570224=:12954--