Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: selinux: return -ENOMEM when memory allocation fails tpm: fix panic caused by "tpm: Autodetect itpm devices" TPM: Long default timeout fix trusted keys: Fix a memory leak in trusted_update(). keys: add trusted and encrypted maintainers encrypted-keys: rename encrypted_defined files to encrypted trusted-keys: rename trusted_defined files to trusted
2011-01-24 19:56:47 +10:00 · 2011-01-24 19:56:47 +10:00 · d20761a799
--- a/22
+++ b/22
@ -3674,6 +3674,28 @@ F:	include/linux/key-type.h
 F:	include/keys/
 F:	security/keys/

+KEYS-TRUSTED
+M:	David Safford <safford@watson.ibm.com>
+M:	Mimi Zohar <zohar@us.ibm.com>
+L:	linux-security-module@vger.kernel.org
+L:	keyrings@linux-nfs.org
+S:	Supported
+F:	Documentation/keys-trusted-encrypted.txt
+F:	include/keys/trusted-type.h
+F:	security/keys/trusted.c
+F:	security/keys/trusted.h
+
+KEYS-ENCRYPTED
+M:	Mimi Zohar <zohar@us.ibm.com>
+M:	David Safford <safford@watson.ibm.com>
+L:	linux-security-module@vger.kernel.org
+L:	keyrings@linux-nfs.org
+S:	Supported
+F:	Documentation/keys-trusted-encrypted.txt
+F:	include/keys/encrypted-type.h
+F:	security/keys/encrypted.c
+F:	security/keys/encrypted.h
+
 KGDB / KDB /debug_core
 M:	Jason Wessel <jason.wessel@windriver.com>
 W:	http://kgdb.wiki.kernel.org/
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
 		    tpm_protected_ordinal_duration[ordinal &
 						   TPM_PROTECTED_ORDINAL_MASK];

-	if (duration_idx != TPM_UNDEFINED)
+	if (duration_idx != TPM_UNDEFINED) {
 		duration = chip->vendor.duration[duration_idx];
-	if (duration <= 0)
+		/* if duration is 0, it's because chip->vendor.duration wasn't */
+		/* filled yet, so we set the lowest timeout just to give enough */
+		/* time for tpm_get_timeouts() to succeed */
+		return (duration <= 0 ? HZ : duration);
+	} else
 		return 2 * 60 * HZ;
-	else
-		return duration;
 }
 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);

--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
 		 "1.2 TPM (device-id 0x%X, rev-id %d)\n",
 		 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));

-	if (is_itpm(to_pnp_dev(dev)))
-		itpm = 1;
-
 	if (itpm)
 		dev_info(dev, "Intel iTPM workaround enabled\n");

@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
 	else
 		interrupts = 0;

+	if (is_itpm(pnp_dev))
+		itpm = 1;
+
 	return tpm_tis_init(&pnp_dev->dev, start, len, irq);
 }

--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@ -13,8 +13,8 @@ obj-y := \
 	request_key_auth.o \
 	user_defined.o

-obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
-obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o
+obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
+obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o
 obj-$(CONFIG_KEYS_COMPAT) += compat.o
 obj-$(CONFIG_PROC_FS) += proc.o
 obj-$(CONFIG_SYSCTL) += sysctl.o
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted_defined.c
@ -30,7 +30,7 @@
 #include <crypto/sha.h>
 #include <crypto/aes.h>

-#include "encrypted_defined.h"
+#include "encrypted.h"

 static const char KEY_TRUSTED_PREFIX[] = "trusted:";
 static const char KEY_USER_PREFIX[] = "user:";
@ -888,6 +888,7 @@ static int __init init_encrypted(void)
 out:
 	encrypted_shash_release();
 	return ret;
+
 }

 static void __exit cleanup_encrypted(void)
--- a/security/keys/encrypted_defined.h
+++ b/security/keys/encrypted_defined.h
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@ -29,7 +29,7 @@
 #include <linux/tpm.h>
 #include <linux/tpm_command.h>

-#include "trusted_defined.h"
+#include "trusted.h"

 static const char hmac_alg[] = "hmac(sha1)";
 static const char hash_alg[] = "sha1";
@ -1032,6 +1032,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen)
 	ret = datablob_parse(datablob, new_p, new_o);
 	if (ret != Opt_update) {
 		ret = -EINVAL;
+		kfree(new_p);
 		goto out;
 	}
 	/* copy old key values, and reseal with new pcrs */
--- a/security/keys/trusted_defined.h
+++ b/security/keys/trusted_defined.h
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p)
 	p->bool_val_to_struct = (struct cond_bool_datum **)
 		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
-		return -1;
+		return -ENOMEM;
 	return 0;
 }

--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@ -501,8 +501,8 @@ static int policydb_index(struct policydb *p)
 	if (rc)
 		goto out;

-	rc = -ENOMEM;
-	if (cond_init_bool_indexes(p))
+	rc = cond_init_bool_indexes(p);
+	if (rc)
 		goto out;

 	for (i = 0; i < SYM_NUM; i++) {