Received: by 10.223.164.202 with SMTP id h10csp2617717wrb;
        Sun, 12 Nov 2017 13:58:50 -0800 (PST)
X-Google-Smtp-Source: AGs4zMaSV/dQVuI/s0Wqe88MfsLIhP/LuJQjKaIufqQF0i/RFKtH4PJzCmg+7Y9dUDpZYqdWoCS+
X-Received: by 10.159.244.4 with SMTP id x4mr6923998plr.31.1510523930803;
        Sun, 12 Nov 2017 13:58:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510523930; cv=none;
        d=google.com; s=arc-20160816;
        b=qbr9qYNv/iyGRX+TijWf2v/BD9fNCzs8uxQmHoXUgvKJPKaEeyXlg6BJGpU5w+2e/X
         nnl48PtRxwYx0PfIZpmDkkdMuPaYw5B3PyUX/tcEX9AIPrMWnpSbIesmqu76JnXcLaUz
         ndNfMrjyLuXr4GoSnRacRwq8h2wvyEGyTLdBoG1LkHmuEPDCZIWkjKVjTumPHKRlTmKL
         sKhI1onSBx2Be6vn8kC+D2BCTiUlMRAuJXTkGUjXyc2Yk8nWKFIai9nZdfg5nrooOCPr
         pOwSIwITagU8OhepsV3DmMD20EsE6JrijBVQpaljbezv9kIQxaq27y4IUjpXH1sR6pRt
         t8yA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-id:mime-version:user-agent
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=9ParW8JYBUZz+tvooPKqFZy4GYjd822w2I8uLRVUQRc=;
        b=VPrUzVZ7a1TvJ31SdJhBUXNH1FeiCllepj83UXu31E2l99aWTWMkulgUYhQz0ewSq5
         YPc5Tb1Nx5bLeRemTCud2mIkSsGDEfh6rEimYDEhfX/sdIcu5RJVS6JIGZdZeUoCwrzm
         wP4j62akRQNk3QYBaiaX/CiCRLm2DagtDY6BjOMFUR5ZLQfssIQMeKK8euxomy4oDjla
         9nQ9UQw6wpsVR8W3IgNz1tI1FBygJ9ADhwraHGJpEWEvn22LyjLOOA9P6orK6wGGzt6P
         +pMBgEk2v00g4tHzTBC4jC3AN/UM/i0ftQpi+jiV1IMxNeS7ociDXicWcUbLO8G/xewE
         AyNA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j11si10497734plt.359.2017.11.12.13.58.30;
        Sun, 12 Nov 2017 13:58:50 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751132AbdKLV51 (ORCPT <rfc822;wangliang122175@gmail.com>
        + 87 others); Sun, 12 Nov 2017 16:57:27 -0500
Received: from userp1040.oracle.com ([156.151.31.81]:32066 "EHLO
        userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750943AbdKLV50 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 12 Nov 2017 16:57:26 -0500
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
        by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id vACLvNVW016485
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Sun, 12 Nov 2017 21:57:24 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id vACLvNoE011220
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Sun, 12 Nov 2017 21:57:23 GMT
Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id vACLvMQ2015011;
        Sun, 12 Nov 2017 21:57:22 GMT
Received: from t440 (/58.166.67.31)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Sun, 12 Nov 2017 13:57:22 -0800
Date:   Mon, 13 Nov 2017 08:57:18 +1100 (AEDT)
From:   James Morris <james.l.morris@oracle.com>
X-X-Sender: james.l.morris@localhost
To:     Linus Torvalds <torvalds@linux-foundation.org>
cc:     linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] Security subsystem general updates for 4.15
Message-ID: <alpine.LFD.2.20.1711130844150.28856@localhost>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="8323328-175572804-1510523533=:28856"
Content-ID: <alpine.LFD.2.20.1711130854151.28856@localhost>
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

--8323328-175572804-1510523533=:28856
Content-Type: text/plain; CHARSET=ISO-8859-15
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.LFD.2.20.1711130854152.28856@localhost>

In this branch are changes for:

TPM:
----

(from Jarkko)

"Contains mostly minor fixes.
=20
Selected more essential changes:
=20
* Essential clean up for tpm_crb so that ARM64 and x86 versions do not
  distract each other as much as before.
* /dev/tpm0 rejects now too short writes (shorter buffer than specified=20
  in the command header.
* Use DMA-safe buffer in tpm_tis_spi."


Smack:
------
- Base support for overlafs


Capabilities:
-------------

- BPRM_FCAPS fixes, from Richard Guy Briggs:

"The audit subsystem is adding a BPRM_FCAPS record when auditing setuid
application execution (SYSCALL execve). This is not expected as it was
supposed to be limited to when the file system actually had capabilities
in an extended attribute.  It lists all capabilities making the event
really ugly to parse what is happening.  The PATH record correctly
records the setuid bit and owner.  Suppress the BPRM_FCAPS record on
set*id."


TOMOYO:
-------
- Y2038 timestamping fixes


I'll push the Integrity susbsytem changes in a separate branch.


Please pull.


The following changes since commit e19b205be43d11bff638cad4487008c48d21c103=
:

  Linux 4.14-rc2 (2017-09-24 16:38:56 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git =
next-general

for you to fetch changes up to 34d8751fd4ffa34e85ee7e85d34168b3f3f62b42:

  MAINTAINERS: update the IMA, EVM, trusted-keys, encrypted-keys entries (2=
017-11-06 02:21:44 +1100)

----------------------------------------------------------------
Alexander Steffen (5):
      tpm_tis_spi: Use DMA-safe memory for SPI transfers
      tpm: Trigger only missing TPM 2.0 self tests
      tpm: Use dynamic delay to wait for TPM 2.0 self test result
      tpm: React correctly to RC_TESTING from TPM 2.0 self tests
      tpm-dev-common: Reject too short writes

Arnd Bergmann (2):
      tpm: constify transmit data pointers
      tomoyo: fix timestamping for y2038

Casey Schaufler (1):
      Smack: Base support for overlayfs

Colin Ian King (1):
      tpm_tis: make array cmd_getticks static const to shrink object code s=
ize

Eric Biggers (1):
      MAINTAINERS: remove David Safford as maintainer for encrypted+trusted=
 keys

James Morris (1):
      Merge tag 'v4.14-rc2' into next-general

Jarkko Sakkinen (4):
      tpm: migrate pubek_show to struct tpm_buf
      tpm: fix type of a local variable in tpm2_get_cc_attrs_tbl()
      tpm: fix type of a local variable in tpm2_map_command()
      tpm: fix type of a local variables in tpm_tis_spi.c

Jiandi An (1):
      tpm/tpm_crb: Use start method value from ACPI table directly

J=E9r=E9my Lefaure (1):
      tpm, tpm_tis: use ARRAY_SIZE() to define TPM_HID_USR_IDX

Mimi Zohar (1):
      MAINTAINERS: update the IMA, EVM, trusted-keys, encrypted-keys entrie=
s

Richard Guy Briggs (10):
      capabilities: factor out cap_bprm_set_creds privileged root
      capabilities: intuitive names for cap gain status
      capabilities: rename has_cap to has_fcap
      capabilities: use root_priveleged inline to clarify logic
      capabilities: use intuitive names for id changes
      capabilities: move audit log decision to function
      capabilities: remove a layer of conditional logic
      capabilities: invert logic for clarity
      capabilities: fix logic for effective root or real root
      capabilities: audit log other surprising conditions

Ruben Roy (1):
      tpm: fix duplicate inline declaration specifier

 MAINTAINERS                       |  13 +--
 drivers/char/tpm/tpm-dev-common.c |   6 ++
 drivers/char/tpm/tpm-sysfs.c      |  87 +++++++++--------
 drivers/char/tpm/tpm.h            |  15 +--
 drivers/char/tpm/tpm2-cmd.c       |  73 +++++---------
 drivers/char/tpm/tpm2-space.c     |   4 +-
 drivers/char/tpm/tpm_crb.c        |  59 ++++++------
 drivers/char/tpm/tpm_tis.c        |   5 +-
 drivers/char/tpm/tpm_tis_core.c   |   6 +-
 drivers/char/tpm/tpm_tis_core.h   |   4 +-
 drivers/char/tpm/tpm_tis_spi.c    |  73 ++++++++------
 security/commoncap.c              | 193 +++++++++++++++++++++++++---------=
----
 security/smack/smack_lsm.c        |  79 ++++++++++++++++
 security/tomoyo/audit.c           |   2 +-
 security/tomoyo/common.c          |   4 +-
 security/tomoyo/common.h          |   2 +-
 security/tomoyo/util.c            |  39 ++------
 17 files changed, 385 insertions(+), 279 deletions(-)
--8323328-175572804-1510523533=:28856--

From 1583749867739375038@xxx Sat Nov 11 06:26:12 +0000 2017
X-GM-THRID: 1583749867739375038
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread