diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 13:25:04 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-21 13:25:04 -0700 |
commit | 3556485f1595e3964ba539e39ea682acbb835cee (patch) | |
tree | 7f5ee254f425b1427ac0059b5f347a307f8538a1 /drivers/char | |
parent | b8716614a7cc2fc15ea2a518edd04755fb08d922 (diff) | |
parent | 09f61cdbb32a9d812c618d3922db533542736bb0 (diff) | |
download | op-kernel-dev-3556485f1595e3964ba539e39ea682acbb835cee.zip op-kernel-dev-3556485f1595e3964ba539e39ea682acbb835cee.tar.gz |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris:
"The main addition here is the new Yama security module from Kees Cook,
which was discussed at the Linux Security Summit last year. Its
purpose is to collect miscellaneous DAC security enhancements in one
place. This also marks a departure in policy for LSM modules, which
were previously limited to being standalone access control systems.
Chromium OS is using Yama, and I believe there are plans for Ubuntu,
at least.
This patchset also includes maintenance updates for AppArmor, TOMOYO
and others."
Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
rename.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
AppArmor: Fix location of const qualifier on generated string tables
TOMOYO: Return error if fails to delete a domain
AppArmor: add const qualifiers to string arrays
AppArmor: Add ability to load extended policy
TOMOYO: Return appropriate value to poll().
AppArmor: Move path failure information into aa_get_name and rename
AppArmor: Update dfa matching routines.
AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
AppArmor: Add const qualifiers to generated string tables
AppArmor: Fix oops in policy unpack auditing
AppArmor: Fix error returned when a path lookup is disconnected
KEYS: testing wrong bit for KEY_FLAG_REVOKED
TOMOYO: Fix mount flags checking order.
security: fix ima kconfig warning
AppArmor: Fix the error case for chroot relative path name lookup
AppArmor: fix mapping of META_READ to audit and quiet flags
AppArmor: Fix underflow in xindex calculation
AppArmor: Fix dropping of allowed operations that are force audited
AppArmor: Add mising end of structure test to caps unpacking
...
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/tpm/Kconfig | 1 | ||||
-rw-r--r-- | drivers/char/tpm/tpm.c | 3 | ||||
-rw-r--r-- | drivers/char/tpm/tpm.h | 2 | ||||
-rw-r--r-- | drivers/char/tpm/tpm_tis.c | 17 |
4 files changed, 14 insertions, 9 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 7fc75e4..a048199 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -5,7 +5,6 @@ menuconfig TCG_TPM tristate "TPM Hardware Support" depends on HAS_IOMEM - depends on EXPERIMENTAL select SECURITYFS ---help--- If you have a TPM security chip in your system, which diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 32362cf..ad7c732 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -1221,12 +1221,13 @@ ssize_t tpm_read(struct file *file, char __user *buf, ret_size = atomic_read(&chip->data_pending); atomic_set(&chip->data_pending, 0); if (ret_size > 0) { /* relay data */ + ssize_t orig_ret_size = ret_size; if (size < ret_size) ret_size = size; mutex_lock(&chip->buffer_mutex); rc = copy_to_user(buf, chip->data_buffer, ret_size); - memset(chip->data_buffer, 0, ret_size); + memset(chip->data_buffer, 0, orig_ret_size); if (rc) ret_size = -EFAULT; diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 0105471..b1c5280 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -99,6 +99,8 @@ struct tpm_vendor_specific { wait_queue_head_t int_queue; }; +#define TPM_VID_INTEL 0x8086 + struct tpm_chip { struct device *dev; /* Device stuff */ diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 70fac9a..d2a70ca 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -367,7 +367,12 @@ static int probe_itpm(struct tpm_chip *chip) 0x00, 0x00, 0x00, 0xf1 }; size_t len = sizeof(cmd_getticks); - int rem_itpm = itpm; + bool rem_itpm = itpm; + u16 vendor = ioread16(chip->vendor.iobase + TPM_DID_VID(0)); + + /* probe only iTPMS */ + if (vendor != TPM_VID_INTEL) + return 0; itpm = 0; @@ -390,9 +395,6 @@ static int probe_itpm(struct tpm_chip *chip) out: itpm = rem_itpm; tpm_tis_ready(chip); - /* some TPMs need a break here otherwise they will not work - * correctly on the immediately subsequent command */ - msleep(chip->vendor.timeout_b); release_locality(chip, chip->vendor.locality, 0); return rc; @@ -508,7 +510,7 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, resource_size_t len, unsigned int irq) { u32 vendor, intfcaps, intmask; - int rc, i, irq_s, irq_e; + int rc, i, irq_s, irq_e, probe; struct tpm_chip *chip; if (!(chip = tpm_register_hardware(dev, &tpm_tis))) @@ -538,11 +540,12 @@ static int tpm_tis_init(struct device *dev, resource_size_t start, vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); if (!itpm) { - itpm = probe_itpm(chip); - if (itpm < 0) { + probe = probe_itpm(chip); + if (probe < 0) { rc = -ENODEV; goto out_err; } + itpm = (probe == 0) ? 0 : 1; } if (itpm) |