Commit Graph

258 Commits

Author SHA1 Message Date
Ashley Lai
b566650270 drivers/char/tpm: remove tasklet and cleanup
This patch removed the tasklet and moved the wait queue into the
private structure.  It also cleaned up the response CRQ path.

Signed-off-by: Ashley Lai <adlai@us.ibm.com>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-11-01 15:23:14 -05:00
Kent Yoder
a40695edad tpm: fix tpm_acpi sparse warning on different address spaces
acpi_os_map_memory expects its return value to be in the __iomem address
space. Tag the variable we're using as such and use memcpy_fromio to
avoid further sparse warnings.

Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-09-12 13:18:31 +10:00
Xiaoyan Zhang
81198078d7 driver/char/tpm: declare internal symbols as static
This patch declares the internal struct and functions as static to provide
more security.

Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Kent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-09-04 16:52:23 -07:00
Xiaoyan Zhang
f84fdff0fd driver: add PPI support in tpm driver
The Physical Presence Interface enables the OS and the BIOS to cooperate and
provides a simple and straightforward platform user experience for
administering the TPM without sacrificing security.

V2: separate the patch out in a separate source file,
    add #ifdef CONFIG_ACPI so it compiles out on ppc,
    use standard error instead of ACPI error as return code of show/store fns.
V3: move #ifdef CONFIG_ACPI from .c file to .h file.
V4: move tpm_ppi code from tpm module to tpm_bios module.
V5: modify sys_add_ppi() so that ppi_attr_grp doesn't need to be exported

Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 16:23:42 -05:00
Jesper Juhl
f334ac8da8 tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails.
In drivers/char/tpm/tpm_acpi.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invalid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.

Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else, so I picked that).

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 16:23:34 -05:00
Ashley Lai
c5df39262d drivers/char/tpm: Add securityfs support for event log
This patch retrieves the event log data from the device tree
during file open. The event log data will then displayed through
securityfs.

Signed-off-by: Ashley Lai <adlai@us.ibm.com>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 16:22:47 -05:00
Ashley Lai
132f762947 drivers/char/tpm: Add new device driver to support IBM vTPM
This patch adds a new device driver to support IBM virtual TPM
(vTPM) for PPC64.  IBM vTPM is supported through the adjunct
partition with firmware release 740 or higher.  With vTPM
support, each lpar is able to have its own vTPM without the
physical TPM hardware.

This driver provides TPM functionalities by communicating with
the vTPM adjunct partition through Hypervisor calls (Hcalls)
and Command/Response Queue (CRQ) commands.

Signed-off-by: Ashley Lai <adlai@us.ibm.com>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 16:21:45 -05:00
Kent Yoder
7e72fe73bf tpm: compile out unused code in the PNP and PM cases
The tpm_tis driver doesn't use tpm_tis_resume except when PM is
configured and doesn't make use of tpm_tis_reenable_interrupts except
when PM or PNP is configured.

Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 11:12:03 -05:00
Kent Yoder
dd7da132f7 tpm: fix double write race and tpm_release free issue
Moved the atomic_set of the data_pending variable until after the
tpm_read has completed processing. The existing code had a window of
time where a second write to the driver could clobber the tpm command
buffer.

Also fixed an issue where if close was called on the tpm device before a
read completed, the tpm command buffer would be returned to the OS,
which could contain sensitive information.

Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 11:11:49 -05:00
Kent Yoder
41ab999c80 tpm: Move tpm_get_random api into the TPM device driver
Move the tpm_get_random api from the trusted keys code into the TPM
device driver itself so that other callers can make use of it. Also,
change the api slightly so that the number of bytes read is returned in
the call, since the TPM command can potentially return fewer bytes than
requested.

Acked-by: David Safford <safford@linux.vnet.ibm.com>
Reviewed-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 11:11:33 -05:00
Kent Yoder
e5dcd87fee tpm: modularize event log collection
Break ACPI-specific pieces of the event log handling into their own file
and create tpm_eventlog.[ch] to store common event log handling code.
This will be required to integrate future event log sources on platforms
without ACPI tables.

Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 11:11:25 -05:00
Peter Huewe
aad628c1d9 char/tpm: Add new driver for Infineon I2C TIS TPM
This patch adds a driver to support Infineon's SLB 9635 TT 1.2 Soft I2C TPMs
which follow the TGC TIS 1.2 TPM specification[1] and Infineon's I2C Protocol
Stack Specification 0.20.
The I2C Protocol Stack Specification is a simple adaption of the LPC TIS
Protocol to the I2C Bus.
The I2C TPMs can be used when LPC Bus is not available (i.e. non x86
architectures like ARM).

The driver is based on the tpm_tis.c driver by Leendert van Dorn and Kyleen
Hall and has quite similar functionality.

Tested on Nvidia ARM Tegra2 Development Platform and Beagleboard (ARM OMAP)
Tested with the Trousers[2] TSS API Testsuite v 0.3 [3]
Compile-tested on x86 (32/64-bit)

Updates since version 2.1.4:
- included "Lock the I2C adapter for a sequence of requests", by Bryan Freed
- use __i2c_transfer instead of own implementation of unlocked i2c_transfer
- use struct dev_pm_ops for power management via SIMPLE_DEV_PM_OPS

Updates since version 2.1.3:
- use proper probing mechanism
* either add the tpm using I2C_BOARD_INFO to your board file or probe it
* during runtime e.g on BeagleBoard using :
* "echo tpm_i2c_infineon 0x20 > /sys/bus/i2c/devices/i2c-2/new_device"
- fix possible endless loop if hardware misbehaves
- improved return codes
- consistent spelling i2c/tpm -> I2C/TPM
- remove hardcoded sleep values and msleep usage
- removed debug statements
- added check for I2C functionality
- renaming to tpm_i2c_infineon

Updates since version 2.1.2:
- added sysfs entries for duration and timeouts
- updated to new tpm_do_selftest

Updates since version 2.1.0:
- improved error handling
- implemented workarounds needed by the tpm
- fixed typos

References:
[1]
http://www.trustedcomputinggroup.org/resources/pc_client_work_group_pc_client_
specific_tpm_interface_specification_tis_version_12/
[2] http://trousers.sourceforge.net/
[3]
http://sourceforge.net/projects/trousers/files/TSS%20API%20test%20suite/0.3/

Reviewed-by: Andi Shyti <andi.shyti@gmail.com>
Acked-by: Marcel Selhorst <tpmdd@selhorst.net>
Signed-off-by: Peter Huewe <peter.huewe@infineon.com>
Signed-off-by: Bryan Freed <bfreed@chromium.org>
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
2012-08-22 11:11:13 -05:00
Rafael J. Wysocki
07368d32f1 tpm_tis / PM: Fix unused function warning for CONFIG_PM_SLEEP
According to a compiler warning, the tpm_tis_resume() function is not
used for CONFIG_PM_SLEEP unset, so add a #ifdef to prevent it from
being built in that case.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2012-08-10 14:29:50 +02:00
Linus Torvalds
e05644e17e Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
 "Nothing groundbreaking for this kernel, just cleanups and fixes, and a
  couple of Smack enhancements."

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits)
  Smack: Maintainer Record
  Smack: don't show empty rules when /smack/load or /smack/load2 is read
  Smack: user access check bounds
  Smack: onlycap limits on CAP_MAC_ADMIN
  Smack: fix smack_new_inode bogosities
  ima: audit is compiled only when enabled
  ima: ima_initialized is set only if successful
  ima: add policy for pseudo fs
  ima: remove unused cleanup functions
  ima: free securityfs violations file
  ima: use full pathnames in measurement list
  security: Fix nommu build.
  samples: seccomp: add .gitignore for untracked executables
  tpm: check the chip reference before using it
  TPM: fix memleak when register hardware fails
  TPM: chip disabled state erronously being reported as error
  MAINTAINERS: TPM maintainers' contacts update
  Merge branches 'next-queue' and 'next' into next
  Remove unused code from MPI library
  Revert "crypto: GnuPG based MPI lib - additional sources (part 4)"
  ...
2012-07-23 18:49:06 -07:00
Rafael J. Wysocki
ca9a2054fe tpm_nsc: Use struct dev_pm_ops for power management
Make the tpm_nsc driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2012-07-10 21:37:18 +02:00
Rafael J. Wysocki
b633f0507e tpm_tis: Use struct dev_pm_ops for power management
Make the tpm_tis driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() as its suspend
callback directly, without defining its own suspend callback
routine.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2012-07-10 21:37:11 +02:00
Rafael J. Wysocki
8324be0538 tpm_atmel: Use struct dev_pm_ops for power management
Make the tpm_atmel driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2012-07-10 21:37:02 +02:00
Rafael J. Wysocki
035e2ce8eb PM / TPM: Drop unused pm_message_t argument from tpm_pm_suspend()
The tpm_pm_suspend()'s second argument of type pm_message_t is not
used, so remove it.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2012-07-10 21:36:57 +02:00
Andi Shyti
3072928ff2 tpm: check the chip reference before using it
If a driver calls tpm_dev_vendor_release for a device already released
then the driver will oops.

Signed-off-by: Andi Shyti <andi.shyti@gmail.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-06-12 18:53:51 -03:00
Wanlong Gao
dad79cb892 TPM: fix memleak when register hardware fails
Adding proper kfree() before returning.

Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-06-12 18:53:50 -03:00
Rajiv Andrade
24ebe6670d TPM: chip disabled state erronously being reported as error
tpm_do_selftest() attempts to read a PCR in order to
decide if one can rely on the TPM being used or not.
The function that's used by __tpm_pcr_read() does not
expect the TPM to be disabled or deactivated, and if so,
reports an error.

It's fine if the TPM returns this error when trying to
use it for the first time after a power cycle, but it's
definitely not if it already returned success for a
previous attempt to read one of its PCRs.

The tpm_do_selftest() was modified so that the driver only
reports this return code as an error when it really is.

Reported-and-tested-by: Paul Bolle <pebolle@tiscali.nl>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-06-12 18:53:49 -03:00
Rajiv Andrade
cbb2d5e459 MAINTAINERS: TPM maintainers' contacts update
Usual contact update, Debora Velarde role resign, and the new
co-maintainer inclusion, Kent Yoder. He's accepted to contribute
more actively to this driver's maintainership given the current
maintainer's slight career change that will affect his contribution
time.

[Replacing Debora Velarde by Kent Yoder]
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-06-12 18:53:22 -03:00
Linus Torvalds
3556485f15 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris:
 "The main addition here is the new Yama security module from Kees Cook,
  which was discussed at the Linux Security Summit last year.  Its
  purpose is to collect miscellaneous DAC security enhancements in one
  place.  This also marks a departure in policy for LSM modules, which
  were previously limited to being standalone access control systems.
  Chromium OS is using Yama, and I believe there are plans for Ubuntu,
  at least.

  This patchset also includes maintenance updates for AppArmor, TOMOYO
  and others."

Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key
rename.

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
  AppArmor: Fix location of const qualifier on generated string tables
  TOMOYO: Return error if fails to delete a domain
  AppArmor: add const qualifiers to string arrays
  AppArmor: Add ability to load extended policy
  TOMOYO: Return appropriate value to poll().
  AppArmor: Move path failure information into aa_get_name and rename
  AppArmor: Update dfa matching routines.
  AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
  AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
  AppArmor: Add const qualifiers to generated string tables
  AppArmor: Fix oops in policy unpack auditing
  AppArmor: Fix error returned when a path lookup is disconnected
  KEYS: testing wrong bit for KEY_FLAG_REVOKED
  TOMOYO: Fix mount flags checking order.
  security: fix ima kconfig warning
  AppArmor: Fix the error case for chroot relative path name lookup
  AppArmor: fix mapping of META_READ to audit and quiet flags
  AppArmor: Fix underflow in xindex calculation
  AppArmor: Fix dropping of allowed operations that are force audited
  AppArmor: Add mising end of structure test to caps unpacking
  ...
2012-03-21 13:25:04 -07:00
Jiri Kosina
4e70daaf05 tpm_tis: fix tis_lock with respect to RCU
cleanup_tis() -> tpm_remove_hardware() -> syncrhonize_rcu() is being
called in an atomic context (tis_lock spinlock held), which is not
allowed. Convert tis_lock to mutex.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-03-05 14:06:59 +01:00
Tim Gardner
3ab1aff894 TPM: Zero buffer whole after copying to userspace
Commit 3321c07ae5 correctly clears the TPM
buffer if the user specified read length is >= the TPM buffer length. However,
if the user specified read length is < the TPM buffer length, then part of the
TPM buffer is left uncleared.

Reported-by: Seth Forshee <seth.forshee@canonical.com>
Cc: Debora Velarde <debora@linux.vnet.ibm.com>
Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Marcel Selhorst <m.selhorst@sirrix.com>
Cc: tpmdd-devel@lists.sourceforge.net
Cc: stable@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-02-14 16:43:38 -02:00
Stefan Berger
968de8e24d tpm_tis: Clean up after module_param cleanup
Commit 90ab5ee941 changed the
itpm module parameter from int to bool. Some other changes
need to be done to clean up after this change.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-02-14 16:43:18 -02:00
Stefan Berger
4e401fb028 tpm_tis: Only probe iTPMs
Detect iTPMs through the vendor ID on the hardware interface and only
probe the device if the manufacturer is found to be Intel. This
obsoletes a previously added delay necessary for some TPMs but not iTPMs.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2012-02-14 16:43:08 -02:00
James Morris
9e3ff38647 Merge branch 'next-queue' into next 2012-02-09 17:02:34 +11:00
Fabio Estevam
f4a0391dfa ima: fix Kconfig dependencies
Fix the following build warning:
warning: (IMA) selects TCG_TPM which has unmet direct dependencies
(HAS_IOMEM && EXPERIMENTAL)

Suggested-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
2012-01-19 21:30:09 -05:00
Stefan Berger
be405411f7 tpm: fix (ACPI S3) suspend regression
This patch fixes an (ACPI S3) suspend regression introduced in commit
68d6e6713f ("tpm: Introduce function to poll for result of self test")
and occurring with an Infineon TPM and tpm_tis and tpm_infineon drivers
active.

The suspend problem occurred if the TPM was disabled and/or deactivated
and therefore the TPM_PCRRead checking the result of the (asynchronous)
self test returned an error code which then caused the tpm_tis driver to
become inactive and this then seemed to have negatively influenced the
suspend support by the tpm_infineon driver...  Besides that the tpm_tis
drive may stay active even if the TPM is disabled and/or deactivated.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-01-18 15:50:17 -08:00
Rusty Russell
90ab5ee941 module_param: make bool parameters really bool (drivers & misc)
module_param(bool) used to counter-intuitively take an int.  In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.

It's time to remove the int/unsigned int option.  For this version
it'll simply give a warning, but it'll break next kernel version.

Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-13 09:32:20 +10:30
James Morris
8077e8b059 Merge branch 'for-james' of git://github.com/srajiv/tpm into next 2011-11-17 10:08:37 +11:00
Rajiv Andrade
b9e3238aa3 TPM: fix transmit_cmd error logic
It's incorrect to assume that buffers returned by the TPM
10 bytes long are always error reports. This patches
parses the error field in its header instead. The error report
is now being printed using dev_err() instead of dev_dbg(), making
it easier for users to provide more detailed bug reports.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2011-11-16 09:57:11 -02:00
Rajiv Andrade
2f592f2a7d TPM: NSC and TIS drivers X86 dependency fix
A previous commit removed its PNP dependency, that in fact wasn't
necessary, but also allowed it be built for other architectures not
supported by it. This then caused kernel oops on PPC based machines.
I'm placing a x86 dependency back correctly.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2011-11-16 09:45:07 -02:00
Rajiv Andrade
fd04886660 TPM: Export wait_for_stat for other vendor specific drivers
Moved wait_for_stat to tpm.c so that other drivers can use it.
Also renamed it to avoid future namespace conflicts.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2011-11-16 09:44:55 -02:00
Rajiv Andrade
9efa54f002 TPM: Use vendor specific function for status probe
Moved from using tpm_tis_status() to the vendor specific
one in wait_for_stat(). This way other TPM drivers can use it
instead of reimplementing another.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
2011-11-16 09:43:50 -02:00
Stefan Berger
a927b81317 tpm_tis: add delay after aborting command
This patch adds a delay after aborting a command. Some TPMs need
this and will not process the subsequent command correctly otherwise.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-16 09:43:03 -02:00
Stefan Berger
7f326ed7ff tpm_tis: Check return code from getting timeouts/durations
Check the return code from getting the TPM's timeouts and durations
and reject the driver if they could not be read.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-16 09:43:01 -02:00
Stefan Berger
68d6e6713f tpm: Introduce function to poll for result of self test
This patch introduces a function that runs the TPM_ContinueSelfTest()
function and then polls the TPM to check whether it finished the selftest
and can receive new commands.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-16 09:42:59 -02:00
Stefan Berger
d97c6ade59 tpm: Cleanup tpm_continue_selftest
Cleanup the tpm_continue_selftest function.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-16 09:42:57 -02:00
Stefan Berger
2b30a90f6c tpm: Have tpm_get_timeouts return an error code
Have the tpm_get_timeouts function return an error code.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-16 09:42:54 -02:00
Linus Torvalds
36b8d186e6 Merge branch 'next' of git://selinuxproject.org/~jmorris/linux-security
* 'next' of git://selinuxproject.org/~jmorris/linux-security: (95 commits)
  TOMOYO: Fix incomplete read after seek.
  Smack: allow to access /smack/access as normal user
  TOMOYO: Fix unused kernel config option.
  Smack: fix: invalid length set for the result of /smack/access
  Smack: compilation fix
  Smack: fix for /smack/access output, use string instead of byte
  Smack: domain transition protections (v3)
  Smack: Provide information for UDS getsockopt(SO_PEERCRED)
  Smack: Clean up comments
  Smack: Repair processing of fcntl
  Smack: Rule list lookup performance
  Smack: check permissions from user space (v2)
  TOMOYO: Fix quota and garbage collector.
  TOMOYO: Remove redundant tasklist_lock.
  TOMOYO: Fix domain transition failure warning.
  TOMOYO: Remove tomoyo_policy_memory_lock spinlock.
  TOMOYO: Simplify garbage collector.
  TOMOYO: Fix make namespacecheck warnings.
  target: check hex2bin result
  encrypted-keys: check hex2bin result
  ...
2011-10-25 09:45:31 +02:00
Peter Huewe
3321c07ae5 TPM: Zero buffer after copying to userspace
Since the buffer might contain security related data it might be a good idea to
zero the buffer after we have copied it to userspace.

This got assigned CVE-2011-1162.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-23 09:46:41 +10:00
Peter Huewe
6b07d30aca TPM: Call tpm_transmit with correct size
This patch changes the call of tpm_transmit by supplying the size of the
userspace buffer instead of TPM_BUFSIZE.

This got assigned CVE-2011-1161.

[The first hunk didn't make sense given one could expect
 way less data than TPM_BUFSIZE, so added tpm_transmit boundary
 check over bufsiz instead
 The last parameter of tpm_transmit() reflects the amount
 of data expected from the device, and not the buffer size
 being supplied to it. It isn't ideal to parse it directly,
 so we just set it to the maximum the input buffer can handle
 and let the userspace API to do such job.]

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-23 09:46:29 +10:00
Axel Lin
de69113ec1 TPM: tpm_nsc: Fix a double free of pdev in cleanup_nsc
platform_device_unregister() will release all resources
and remove it from the subsystem, then drop reference count by
calling platform_device_put().

We should not call kfree(pdev) after platform_device_unregister(pdev).

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-23 09:46:17 +10:00
Geert Uytterhoeven
5ce5ed3593 TPM: TCG_ATMEL should depend on HAS_IOPORT
On m68k, I get:

drivers/char/tpm/tpm_atmel.h: In function ‘atmel_get_base_addr’:
drivers/char/tpm/tpm_atmel.h:129: error: implicit declaration of function ‘ioport_map’
drivers/char/tpm/tpm_atmel.h:129: warning: return makes pointer from integer without a cast

The code in tpm_atmel.h supports PPC64 (using the device tree and ioremap())
and "anything else" (using ioport_map()). However, ioportmap() is only
available on platforms that set HAS_IOPORT.

Although PC64 seems to have HAS_IOPORT, a "depends on HAS_IOPORT" should work,
but I think it's better to expose the special PPC64 handling explicit using
"depends on PPC64 || HAS_IOPORT".

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-23 09:45:57 +10:00
Stefan Berger
403d1d0319 tpm: suppress durations sysfs output if not read
Suppress the output in the 'durations' sysfs entry if they were not read
during driver initialization. This is similar to other sysfs entries
that return nothing if for some reason sending the commands to the TPM
fails.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2011-08-24 09:30:08 +10:00
Randy Dunlap
1560ffe62a tpm_tis: fix build when ACPI is not enabled
Fix tpm_tis.c build when CONFIG_ACPI is not enabled by providing a stub
function.  Fixes many build errors/warnings:

  drivers/char/tpm/tpm_tis.c:89: error: dereferencing pointer to incomplete type
  drivers/char/tpm/tpm_tis.c:89: warning: type defaults to 'int' in declaration of 'type name'
  drivers/char/tpm/tpm_tis.c:89: error: request for member 'list' in something not a structure or union
  ...

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: Leendert van Doorn <leendert@watson.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-03 14:25:21 -10:00
Stefan Berger
29412f0f6a tpm_nsc: Fix bug when loading multiple TPM drivers
This patch fixes kernel bugzilla 34572.

https://bugzilla.kernel.org/show_bug.cgi?id=34572

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Tested-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Signed-off-by: James Morris <jmorris@namei.org>
2011-07-26 10:34:34 +10:00
Stefan Berger
968543100a tpm: Move tpm_tis_reenable_interrupts out of CONFIG_PNP block
This patch moves the tpm_tis_reenable_interrupts function out of the
CONFIG_PNP-surrounded #define block. This solves a compilation error in
case CONFIG_PNP is not defined.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: James Morris <jmorris@namei.org>
2011-07-22 17:33:24 +10:00