mirror of https://gitee.com/openkylin/linux.git
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: pci: use security_capable() when checking capablities during config space read security: add cred argument to security_capable() tpm_tis: Use timeouts returned from TPM
This commit is contained in:
Linus Torvalds
commit
f7909fb835
|
|
@ -577,9 +577,11 @@ void tpm_get_timeouts(struct tpm_chip *chip)
|
||||||
if (rc)
|
if (rc)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (be32_to_cpu(tpm_cmd.header.out.return_code)
|
if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
|
||||||
!= 3 * sizeof(u32))
|
be32_to_cpu(tpm_cmd.header.out.length)
|
||||||
|
!= sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
|
duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
|
||||||
chip->vendor.duration[TPM_SHORT] =
|
chip->vendor.duration[TPM_SHORT] =
|
||||||
usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
|
usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
|
||||||
|
|
@ -939,6 +941,18 @@ ssize_t tpm_show_caps_1_2(struct device * dev,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(tpm_show_caps_1_2);
|
EXPORT_SYMBOL_GPL(tpm_show_caps_1_2);
|
||||||
|
|
||||||
|
ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr,
|
||||||
|
char *buf)
|
||||||
|
{
|
||||||
|
struct tpm_chip *chip = dev_get_drvdata(dev);
|
||||||
|
|
||||||
|
return sprintf(buf, "%d %d %d\n",
|
||||||
|
jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]),
|
||||||
|
jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]),
|
||||||
|
jiffies_to_usecs(chip->vendor.duration[TPM_LONG]));
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(tpm_show_timeouts);
|
||||||
|
|
||||||
ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
|
ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
|
||||||
const char *buf, size_t count)
|
const char *buf, size_t count)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -56,6 +56,8 @@ extern ssize_t tpm_show_owned(struct device *, struct device_attribute *attr,
|
||||||
char *);
|
char *);
|
||||||
extern ssize_t tpm_show_temp_deactivated(struct device *,
|
extern ssize_t tpm_show_temp_deactivated(struct device *,
|
||||||
struct device_attribute *attr, char *);
|
struct device_attribute *attr, char *);
|
||||||
|
extern ssize_t tpm_show_timeouts(struct device *,
|
||||||
|
struct device_attribute *attr, char *);
|
||||||
|
|
||||||
struct tpm_chip;
|
struct tpm_chip;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -376,6 +376,7 @@ static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
|
||||||
NULL);
|
NULL);
|
||||||
static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL);
|
static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL);
|
||||||
static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
|
static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
|
||||||
|
static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
|
||||||
|
|
||||||
static struct attribute *tis_attrs[] = {
|
static struct attribute *tis_attrs[] = {
|
||||||
&dev_attr_pubek.attr,
|
&dev_attr_pubek.attr,
|
||||||
|
|
@ -385,7 +386,8 @@ static struct attribute *tis_attrs[] = {
|
||||||
&dev_attr_owned.attr,
|
&dev_attr_owned.attr,
|
||||||
&dev_attr_temp_deactivated.attr,
|
&dev_attr_temp_deactivated.attr,
|
||||||
&dev_attr_caps.attr,
|
&dev_attr_caps.attr,
|
||||||
&dev_attr_cancel.attr, NULL,
|
&dev_attr_cancel.attr,
|
||||||
|
&dev_attr_timeouts.attr, NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct attribute_group tis_attr_grp = {
|
static struct attribute_group tis_attr_grp = {
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@
|
||||||
#include <linux/mm.h>
|
#include <linux/mm.h>
|
||||||
#include <linux/fs.h>
|
#include <linux/fs.h>
|
||||||
#include <linux/capability.h>
|
#include <linux/capability.h>
|
||||||
|
#include <linux/security.h>
|
||||||
#include <linux/pci-aspm.h>
|
#include <linux/pci-aspm.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include "pci.h"
|
#include "pci.h"
|
||||||
|
|
@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
|
||||||
u8 *data = (u8*) buf;
|
u8 *data = (u8*) buf;
|
||||||
|
|
||||||
/* Several chips lock up trying to read undefined config space */
|
/* Several chips lock up trying to read undefined config space */
|
||||||
if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
|
if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
|
||||||
size = dev->cfg_size;
|
size = dev->cfg_size;
|
||||||
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
|
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
|
||||||
size = 128;
|
size = 128;
|
||||||
|
|
|
||||||
|
|
@ -1662,7 +1662,7 @@ int security_capset(struct cred *new, const struct cred *old,
|
||||||
const kernel_cap_t *effective,
|
const kernel_cap_t *effective,
|
||||||
const kernel_cap_t *inheritable,
|
const kernel_cap_t *inheritable,
|
||||||
const kernel_cap_t *permitted);
|
const kernel_cap_t *permitted);
|
||||||
int security_capable(int cap);
|
int security_capable(const struct cred *cred, int cap);
|
||||||
int security_real_capable(struct task_struct *tsk, int cap);
|
int security_real_capable(struct task_struct *tsk, int cap);
|
||||||
int security_real_capable_noaudit(struct task_struct *tsk, int cap);
|
int security_real_capable_noaudit(struct task_struct *tsk, int cap);
|
||||||
int security_sysctl(struct ctl_table *table, int op);
|
int security_sysctl(struct ctl_table *table, int op);
|
||||||
|
|
@ -1856,9 +1856,9 @@ static inline int security_capset(struct cred *new,
|
||||||
return cap_capset(new, old, effective, inheritable, permitted);
|
return cap_capset(new, old, effective, inheritable, permitted);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_capable(int cap)
|
static inline int security_capable(const struct cred *cred, int cap)
|
||||||
{
|
{
|
||||||
return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT);
|
return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_real_capable(struct task_struct *tsk, int cap)
|
static inline int security_real_capable(struct task_struct *tsk, int cap)
|
||||||
|
|
|
||||||
|
|
@ -306,7 +306,7 @@ int capable(int cap)
|
||||||
BUG();
|
BUG();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (security_capable(cap) == 0) {
|
if (security_capable(current_cred(), cap) == 0) {
|
||||||
current->flags |= PF_SUPERPRIV;
|
current->flags |= PF_SUPERPRIV;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -154,10 +154,9 @@ int security_capset(struct cred *new, const struct cred *old,
|
||||||
effective, inheritable, permitted);
|
effective, inheritable, permitted);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_capable(int cap)
|
int security_capable(const struct cred *cred, int cap)
|
||||||
{
|
{
|
||||||
return security_ops->capable(current, current_cred(), cap,
|
return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
|
||||||
SECURITY_CAP_AUDIT);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_real_capable(struct task_struct *tsk, int cap)
|
int security_real_capable(struct task_struct *tsk, int cap)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue