29 Nov, 2010
7 commits
-
Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
generated random numbers, which are encrypted/decrypted with a 'trusted'
symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
Userspace only ever sees/stores encrypted blobs.Changelog:
- bug fix: replaced master-key rcu based locking with semaphore
(reported by David Howells)
- Removed memset of crypto_shash_digest() digest output
- Replaced verification of 'key-type:key-desc' using strcspn(), with
one based on string constants.
- Moved documentation to Documentation/keys-trusted-encrypted.txt
- Replace hash with shash (based on comments by David Howells)
- Make lengths/counts size_t where possible (based on comments by David Howells)
Could not convert most lengths, as crypto expects 'unsigned int'
(size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)
- Add 'const' where possible (based on comments by David Howells)
- allocate derived_buf dynamically to support arbitrary length master key
(fixed by Roberto Sassu)
- wait until late_initcall for crypto libraries to be registered
- cleanup security/Kconfig
- Add missing 'update' keyword (reported/fixed by Roberto Sassu)
- Free epayload on failure to create key (reported/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
remove unnecessary tests.
- Replaced kzalloc() with kmalloc()Signed-off-by: Mimi Zohar
Signed-off-by: David Safford
Reviewed-by: Roberto Sassu
Signed-off-by: James Morris -
Define a new kernel key-type called 'trusted'. Trusted keys are random
number symmetric keys, generated and RSA-sealed by the TPM. The TPM
only unseals the keys, if the boot PCRs and other criteria match.
Userspace can only ever see encrypted blobs.Based on suggestions by Jason Gunthorpe, several new options have been
added to support additional usages.The new options are:
migratable= designates that the key may/may not ever be updated
(resealed under a new key, new pcrinfo or new auth.)pcrlock=n extends the designated PCR 'n' with a random value,
so that a key sealed to that PCR may not be unsealed
again until after a reboot.keyhandle= specifies the sealing/unsealing key handle.
keyauth= specifies the sealing/unsealing key auth.
blobauth= specifies the sealed data auth.
Implementation of a kernel reserved locality for trusted keys will be
investigated for a possible future extension.Changelog:
- Updated and added examples to Documentation/keys-trusted-encrypted.txt
- Moved generic TPM constants to include/linux/tpm_command.h
(David Howell's suggestion.)
- trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure
error handling, added const qualifiers where appropriate.
- moved to late_initcall
- updated from hash to shash (suggestion by David Howells)
- reduced worst stack usage (tpm_seal) from 530 to 312 bytes
- moved documentation to Documentation directory (suggestion by David Howells)
- all the other code cleanups suggested by David Howells
- Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)
- New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on
discussions with Jason Gunthorpe)
- Free payload on failure to create key(reported/fixed by Roberto Sassu)
- Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)Signed-off-by: David Safford
Signed-off-by: Mimi Zohar
Signed-off-by: James Morris -
Add internal kernel tpm_send() command used to seal/unseal keys.
Changelog:
- replaced module_put in tpm_send() with new tpm_chip_put() wrapper
(suggested by David Howells)
- Make tpm_send() cmd argument a 'void *' (suggested by David Howells)Signed-off-by: David Safford
Signed-off-by: Mimi Zohar
Acked-by: David Howells
Acked-by: Serge E. Hallyn
Signed-off-by: James Morris -
For readability, define a tpm_chip_put() wrapper to call module_put().
Replace existing module_put() calls with the wrapper.(Change based on trusted/encrypted patchset review by David Howells.)
Signed-off-by: Mimi Zohar
Signed-off-by: David Safford
Acked-by: David Howells
Acked-by: Serge E. Hallyn
Signed-off-by: James Morris -
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.Changelog:
- Replace parameter names with src/dst (based on David Howell's comment)
- Add 'const' where needed (based on David Howell's comment)
- Replace int with size_t (based on David Howell's comment)Signed-off-by: Mimi Zohar
Acked-by: Serge E. Hallyn
Acked-by: David Howells
Signed-off-by: James Morris -
Privileged syslog operations currently require CAP_SYS_ADMIN. Split
this off into a new CAP_SYSLOG privilege which we can sanely take away
from a container through the capability bounding set.With this patch, an lxc container can be prevented from messing with
the host's syslog (i.e. dmesg -c).Changelog: mar 12 2010: add selinux capability2:cap_syslog perm
Changelog: nov 22 2010:
. port to new kernel
. add a WARN_ONCE if userspace isn't using CAP_SYSLOGSigned-off-by: Serge Hallyn
Acked-by: Andrew G. Morgan
Acked-By: Kees Cook
Cc: James Morris
Cc: Michael Kerrisk
Cc: Stephen Smalley
Cc: "Christopher J. PeBenito"
Cc: Eric Paris
Signed-off-by: James Morris
28 Nov, 2010
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: (30 commits)
ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization
ASoC: Fix resource reclaim for osk5912
ASoC: tlv320aic3x - fix variable may be used uninitialized warning
ASoC: davinci-vcif - fix a memory leak
ASoC: phycore-ac97: fix resource leak
ASoC: imx-ssi: fix resource leak
ASoC: simone: fix resource leak in simone_init error path
ASoC: sam9g20_wm8731: fix resource leak in at91sam9g20ek_init error path
ASoC: snd-soc-afeb9260: remove unneeded platform_device_del in error path
ASoC: pcm030-audio-fabric: fix resource leak in pcm030_fabric_init error path
ASoC: efika-audio-fabric: fix resource leak in efika_fabric_init error path
ASoC: Call snd_soc_unregister_dais instead of snd_soc_unregister_dai in sh4_soc_dai_remove
ASoC: fix SND_PXA2XX_LIB Kconfig warning
ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers
ALSA: HDA: Add an extra DAC for Realtek ALC887-VD
ASoC: nuc900-ac97: fix a memory leak
ASoC: Return proper error for omap3pandora_soc_init
ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000
ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode
ALSA: hda - Fix Acer 7730G support
...
27 Nov, 2010
14 commits
-
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
NFS: Ensure we return the dirent->d_type when it is known
NFS: Correct the array bound calculation in nfs_readdir_add_to_array
NFS: Don't ignore errors from nfs_do_filldir()
NFS: Fix the error handling in "uncached_readdir()"
NFS: Fix a page leak in uncached_readdir()
NFS: Fix a page leak in nfs_do_filldir()
NFS: Assume eof if the server returns no readdir records
NFS: Buffer overflow in ->decode_dirent() should not be fatal
Pure nfs client performance using odirect.
SUNRPC: Fix an infinite loop in call_refresh/call_refreshresult -
* 'linux-next' of git://git.infradead.org/ubi-2.6:
UBI: release locks in check_corruption -
…el/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
posix-cpu-timers: Rcu_read_lock/unlock protect find_task_by_vpid call -
…git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
dmar, x86: Use function stubs when CONFIG_INTR_REMAP is disabled
x86-64: Fix and clean up AMD Fam10 MMCONF enabling
x86: UV: Address interrupt/IO port operation conflict
x86: Use online node real index in calulate_tbl_offset()
x86, asm: Fix binutils 2.15 build failure -
…/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf symbols: Remove incorrect open-coded container_of()
perf record: Handle restrictive permissions in /proc/{kallsyms,modules}
x86/kprobes: Prevent kprobes to probe on save_args()
irq_work: Drop cmpxchg() result
perf: Fix owner-list vs exit
x86, hw_nmi: Move backtrace_mask declaration under ARCH_HAS_NMI_WATCHDOG
tracing: Fix recursive user stack trace
perf,hw_breakpoint: Initialize hardware api earlier
x86: Ignore trap bits on single step exceptions
tracing: Force arch_local_irq_* notrace for paravirt
tracing: Fix module use of trace_bprintk() -
…l/git/tip/linux-2.6-tip
* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: Fix idle balancing
sched: Fix volanomark performance regression -
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] qdio: free indicator after reset is finished
[S390] nmi: fix clock comparator revalidation -
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
cciss: fix build for PROC_FS disabled
block: fix amiga and atari floppy driver compile warning
blk-throttle: Fix calculation of max number of WRITES to be dispatched
ioprio: grab rcu_read_lock in sys_ioprio_{set,get}()
xen/blkfront: cope with backend that fail empty BLKIF_OP_WRITE_BARRIER requests
xen/blkfront: Implement FUA with BLKIF_OP_WRITE_BARRIER
xen/blkfront: change blk_shadow.request to proper pointer
xen/blkfront: map REQ_FLUSH into a full barrier -
…nel/git/lethal/sh-2.6
* 'rmobile-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
ARM: mach-shmobile: clock-sh7372: remove bogus pllc2 clock toggling.
ARM: mach-shmobile: clock-sh7372: remove unnecessary fsi clocks
ARM: mach-shmobile: clock-sh7372: modify error code
ARM: mach-shmobile: ap4evb: FSI clock use proper process for ak4642
ARM: mach-shmobile: ap4evb: FSI clock use proper process for HDMI
ARM: mach-shmobile: clock-sh7372: remove fsidiv bogus disable
ARM: mach-shmobile: sh7372 USB0/IIC1 MSTP fix -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
mmc: sdhci: 8-bit bus width changes
mmc: sdio: fix runtime PM anomalies by introducing MMC_CAP_POWER_OFF_CARD
mmc: sdio: fix nasty oops in mmc_sdio_detect
mmc: omap4: hsmmc: Fix improper card detection while booting
mmc: fix rmmod race for hosts using card-detection polling
mmc: sdhci: Fix crash on boot with C0 stepping Moorestown platforms
mmc: sdhci-esdhc-imx: enable QUIRK_NO_MULTIBLOCK only for i.MX25 and i.MX35
mmc: sdhci-esdhc-imx: fix timeout on i.MX's sdhci
mmc: sdhci: Properly enable SDIO IRQ wakeups
mmc: ushc: Return proper error code for ushc_probe()
mmc: Fix printing of card DDR type -
…git/kgene/linux-samsung
* 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: S5PV210: Fix sysdev related warning messages
ARM: S3C24XX: Fix UART3 submask on S3C2416 and S3C2443
ARM: S3C24XX: Fix Demux error in UART3 irqs on S3C2443 and S3C2416
ARM: S3C64XX: fix uart clock setup for mini6410/real6410
ARM: S3C24XX: Fix wrong s3c_gpio_cfgpull
ARM: S3C2410: Adapt h1940-bluetooth to gpiolib changes -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
nilfs2: fix typo in comment of nilfs_dat_move function
nilfs2: nilfs_iget_for_gc() returns ERR_PTR -
When SKU assid gives no valid bits for 0x38, the driver didn't take
any action, so far. This resulted in the missing initialization for
external amps, etc, thus the silent output in the end.Especially users hit this problem on ALC888 newly since 2.6.35,
where the driver doesn't force to use ALC_INIT_DEFAULT any more.This patch sets the default initialization scheme to use
ALC_INIT_DEFAULT when no valid bits are set for SKU assid.Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=657388Reported-and-tested-by: Kyle McMartin
Cc:
Signed-off-by: Takashi Iwai
26 Nov, 2010
3 commits
-
The stubs for CONFIG_INTR_REMAP disabled need to be functions
instead of values to eliminate build warnings.arch/x86/kernel/apic/apic.c: In function 'lapic_suspend':
arch/x86/kernel/apic/apic.c:2060:3: warning: statement with no effect
arch/x86/kernel/apic/apic.c: In function 'lapic_resume':
arch/x86/kernel/apic/apic.c:2137:3: warning: statement with no effectReported-and-Tested-by: Fabio Comolli
Signed-off-by: Randy Dunlap
Cc: Suresh Siddha
Cc: Yinghai Lu
Cc: David Woodhouse
Cc: Jesse Barnes
LKML-Reference:
Signed-off-by: Ingo Molnar -
In current implementation, there are resources leak in the error path.
This patch properly reclaims the allocated resources in the error path.Also adds a missing clk_put in osk_soc_exit.
Signed-off-by: Axel Lin
Acked-by: Jarkko Nikula
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
If aic3x_read failed , val is used uninitialized.
Fix it by initializing val to 0.This patch fixes below compile warning:
sound/soc/codecs/tlv320aic3x.c: In function 'aic3x_get_gpio':
sound/soc/codecs/tlv320aic3x.c:1183: warning: 'val' may be used uninitialized in this function
sound/soc/codecs/tlv320aic3x.c: In function 'aic3x_headset_detected':
sound/soc/codecs/tlv320aic3x.c:1211: warning: 'val' may be used uninitialized in this function
sound/soc/codecs/tlv320aic3x.c: In function 'aic3x_button_pressed':
sound/soc/codecs/tlv320aic3x.c:1219: warning: 'val' may be used uninitialized in this functionSigned-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown
25 Nov, 2010
15 commits
-
Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Fix imx_phycore_init() error path and imx_phycore_exit() to properly free
allocated resources.Signed-off-by: Axel Lin
Acked-by: Sascha Hauer
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Fix imx_ssi_probe() error path and imx_ssi_remove() to properly free
allocated resources.Signed-off-by: Axel Lin
Acked-by: Sascha Hauer
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Fix the error path to properly free allocated resources.
Signed-off-by: Axel Lin
Acked-by: Mika Westerberg
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Fix the error path to properly free allocated resources.
Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Add missing platform_device_put() if platform_device_add() failed.
Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Add missing platform_device_put() if platform_device_add() failed.
Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
We call snd_soc_register_dais() in sh4_soc_dai_probe(),
thus we should call snd_soc_unregister_dais() in sh4_soc_dai_remove().Otherwise, we got "too many arguments to function 'snd_soc_unregister_dai'"
error message.Signed-off-by: Axel Lin
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
Fix following warning observed when SND_PXA2XX_SOC is set and SND_ARM isn't:
warning: (SND_PXA2XX_AC97 && SOUND && !M68K && SND && SND_ARM && ARCH_PXA ||
SND_PXA2XX_SOC && SOUND && !M68K && SND && SND_SOC && ARCH_PXA) selects
SND_PXA2XX_LIB which has unmet direct dependencies (SOUND && !M68K && SND &&
SND_ARM)Signed-off-by: Dmitry Artamonow
Acked-by: Liam Girdwood
Signed-off-by: Mark Brown -
The qdio device indicator is freed before the device is notified that
the indicator is reset. This sequence contains a race when the freed
indicator is used by a new device while the reset of the indicator is
still pending. Do the reset operation before freeing the indicator to
avoid that potential race.Signed-off-by: Jan Glauber
Signed-off-by: Martin Schwidefsky -
On each machine check all registers are revalidated. The save area for
the clock comparator however only contains the upper most seven bytes
of the former contents, if valid.
Therefore the machine check handler uses a store clock instruction to
get the current time and writes that to the clock comparator register
which in turn will generate an immediate timer interrupt.
However within the lowcore the expected time of the next timer
interrupt is stored. If the interrupt happens before that time the
handler won't be called. In turn the clock comparator won't be
reprogrammed and therefore the interrupt condition stays pending which
causes an interrupt loop until the expected time is reached.On NOHZ machines this can result in unresponsive machines since the
time of the next expected interrupted can be a couple of days in the
future.To fix this just revalidate the clock comparator register with the
expected value.
In addition the special handling for udelay must be changed as well.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
The mixer nids passed to alc_auto_create_input_ctls are wrong: 0x15 is
a pin, and 0x09 is the ADC on both ALC660-VD/ALC861-VD. Thus with
current code, input playback volume/switches and input source mixer
controls are not created, and recording doesn't work. Select correct
mixers, 0x0b (input playback mixer) and 0x22 (capture source mixer).Reference: https://qa.mandriva.com/show_bug.cgi?id=61159
Signed-off-by: Herton Ronaldo Krzesinski
Cc:
Signed-off-by: Takashi Iwai -
This patch fixes following warning messages when CONFIG_PM selected.
In file included from arch/arm/mach-s5pv210/mach-smdkv210.c:34:
arch/arm/plat-samsung/include/plat/pm.h:104: warning: 'struct sys_device'
declared inside parameter list
arch/arm/plat-samsung/include/plat/pm.h:104: warning: its scope is only this
definition or declaration, which is probably not what you want
arch/arm/plat-samsung/include/plat/pm.h:105: warning: 'struct sys_device'
declared inside parameter listIn file included from arch/arm/mach-s5pv210/mach-smdkc110.c:31:
arch/arm/plat-samsung/include/plat/pm.h:104: warning: 'struct sys_device'
declared inside parameter list
arch/arm/plat-samsung/include/plat/pm.h:104: warning: its scope is only this
definition or declaration, which is probably not what you want
arch/arm/plat-samsung/include/plat/pm.h:105: warning: 'struct sys_device'
declared inside parameter listSigned-off-by: Abhilash Kesavan
Signed-off-by: Sangbeom Kim
Signed-off-by: Kukjin Kim -
The UART3 submask should be 0x7 (SUBSRCPND[26:24]).
Signed-off-by: Abhilash Kesavan
Signed-off-by: Sangbeom Kim
Signed-off-by: Kukjin Kim