Home Home > GIT Browse > SLE15-SP2-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2018-03-16 14:08:33 +0100
committerJiri Kosina <jkosina@suse.cz>2018-03-16 14:08:33 +0100
commite6a54d6835954af199f215b1dd54a0ec31167d7c (patch)
tree47f7bb8c4ceafdd24289a7c7557177b561c94adf
parenta8c7812e35ea63607a37b8fcf20a477305772bdc (diff)
parent2409648144e198abbe4df2dd0cee97cb0aacce20 (diff)
Merge remote-tracking branch 'origin/users/tiwai/SLE15/for-next' into SLE15rpm-4.12.14-15--SLE-15-Packages-RC2rpm-4.12.14-15
Pull assorted fixes from Takashi Iwai Conflicts: series.conf suse-commit: b3a1d7ad85b7516666d23210eb6729799a075016
-rw-r--r--drivers/pinctrl/intel/Kconfig8
-rw-r--r--drivers/pinctrl/intel/Makefile1
-rw-r--r--drivers/pinctrl/intel/pinctrl-denverton.c302
-rw-r--r--drivers/staging/rtl8188eu/core/rtw_mlme.c6
-rw-r--r--drivers/staging/rtl8188eu/os_dep/ioctl_linux.c14
-rw-r--r--drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c19
-rw-r--r--security/integrity/ima/ima_appraise.c3
-rw-r--r--security/integrity/ima/ima_main.c4
-rw-r--r--security/keys/Kconfig5
-rw-r--r--security/keys/big_key.c139
10 files changed, 399 insertions, 102 deletions
diff --git a/drivers/pinctrl/intel/Kconfig b/drivers/pinctrl/intel/Kconfig
index b82d6ff3116f..aba2af032615 100644
--- a/drivers/pinctrl/intel/Kconfig
+++ b/drivers/pinctrl/intel/Kconfig
@@ -64,6 +64,14 @@ config PINCTRL_CANNONLAKE
This pinctrl driver provides an interface that allows configuring
of Intel Cannon Lake PCH pins and using them as GPIOs.
+config PINCTRL_DENVERTON
+ tristate "Intel Denverton pinctrl and GPIO driver"
+ depends on ACPI
+ select PINCTRL_INTEL
+ help
+ This pinctrl driver provides an interface that allows configuring
+ of Intel Denverton SoC pins and using them as GPIOs.
+
config PINCTRL_GEMINILAKE
tristate "Intel Gemini Lake SoC pinctrl and GPIO driver"
depends on ACPI
diff --git a/drivers/pinctrl/intel/Makefile b/drivers/pinctrl/intel/Makefile
index 81df3cf408e3..d9b31f7e2b1b 100644
--- a/drivers/pinctrl/intel/Makefile
+++ b/drivers/pinctrl/intel/Makefile
@@ -6,5 +6,6 @@ obj-$(CONFIG_PINCTRL_MERRIFIELD) += pinctrl-merrifield.o
obj-$(CONFIG_PINCTRL_INTEL) += pinctrl-intel.o
obj-$(CONFIG_PINCTRL_BROXTON) += pinctrl-broxton.o
obj-$(CONFIG_PINCTRL_CANNONLAKE) += pinctrl-cannonlake.o
+obj-$(CONFIG_PINCTRL_DENVERTON) += pinctrl-denverton.o
obj-$(CONFIG_PINCTRL_GEMINILAKE) += pinctrl-geminilake.o
obj-$(CONFIG_PINCTRL_SUNRISEPOINT) += pinctrl-sunrisepoint.o
diff --git a/drivers/pinctrl/intel/pinctrl-denverton.c b/drivers/pinctrl/intel/pinctrl-denverton.c
new file mode 100644
index 000000000000..4500880240f2
--- /dev/null
+++ b/drivers/pinctrl/intel/pinctrl-denverton.c
@@ -0,0 +1,302 @@
+/*
+ * Intel Denverton SoC pinctrl/GPIO driver
+ *
+ * Copyright (C) 2017, Intel Corporation
+ * Author: Mika Westerberg <mika.westerberg@linux.intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/acpi.h>
+#include <linux/module.h>
+#include <linux/platform_device.h>
+#include <linux/pm.h>
+#include <linux/pinctrl/pinctrl.h>
+
+#include "pinctrl-intel.h"
+
+#define DNV_PAD_OWN 0x020
+#define DNV_HOSTSW_OWN 0x0C0
+#define DNV_PADCFGLOCK 0x090
+#define DNV_GPI_IE 0x120
+
+#define DNV_GPP(n, s, e) \
+ { \
+ .reg_num = (n), \
+ .base = (s), \
+ .size = ((e) - (s) + 1), \
+ }
+
+#define DNV_COMMUNITY(b, s, e, g) \
+ { \
+ .barno = (b), \
+ .padown_offset = DNV_PAD_OWN, \
+ .padcfglock_offset = DNV_PADCFGLOCK, \
+ .hostown_offset = DNV_HOSTSW_OWN, \
+ .ie_offset = DNV_GPI_IE, \
+ .pin_base = (s), \
+ .npins = ((e) - (s) + 1), \
+ .gpps = (g), \
+ .ngpps = ARRAY_SIZE(g), \
+ }
+
+static const struct pinctrl_pin_desc dnv_pins[] = {
+ /* North ALL */
+ PINCTRL_PIN(0, "GBE0_SDP0"),
+ PINCTRL_PIN(1, "GBE1_SDP0"),
+ PINCTRL_PIN(2, "GBE0_SDP1"),
+ PINCTRL_PIN(3, "GBE1_SDP1"),
+ PINCTRL_PIN(4, "GBE0_SDP2"),
+ PINCTRL_PIN(5, "GBE1_SDP2"),
+ PINCTRL_PIN(6, "GBE0_SDP3"),
+ PINCTRL_PIN(7, "GBE1_SDP3"),
+ PINCTRL_PIN(8, "GBE2_LED0"),
+ PINCTRL_PIN(9, "GBE2_LED1"),
+ PINCTRL_PIN(10, "GBE0_I2C_CLK"),
+ PINCTRL_PIN(11, "GBE0_I2C_DATA"),
+ PINCTRL_PIN(12, "GBE1_I2C_CLK"),
+ PINCTRL_PIN(13, "GBE1_I2C_DATA"),
+ PINCTRL_PIN(14, "NCSI_RXD0"),
+ PINCTRL_PIN(15, "NCSI_CLK_IN"),
+ PINCTRL_PIN(16, "NCSI_RXD1"),
+ PINCTRL_PIN(17, "NCSI_CRS_DV"),
+ PINCTRL_PIN(18, "NCSI_ARB_IN"),
+ PINCTRL_PIN(19, "NCSI_TX_EN"),
+ PINCTRL_PIN(20, "NCSI_TXD0"),
+ PINCTRL_PIN(21, "NCSI_TXD1"),
+ PINCTRL_PIN(22, "NCSI_ARB_OUT"),
+ PINCTRL_PIN(23, "GBE0_LED0"),
+ PINCTRL_PIN(24, "GBE0_LED1"),
+ PINCTRL_PIN(25, "GBE1_LED0"),
+ PINCTRL_PIN(26, "GBE1_LED1"),
+ PINCTRL_PIN(27, "GPIO_0"),
+ PINCTRL_PIN(28, "PCIE_CLKREQ0_N"),
+ PINCTRL_PIN(29, "PCIE_CLKREQ1_N"),
+ PINCTRL_PIN(30, "PCIE_CLKREQ2_N"),
+ PINCTRL_PIN(31, "PCIE_CLKREQ3_N"),
+ PINCTRL_PIN(32, "PCIE_CLKREQ4_N"),
+ PINCTRL_PIN(33, "GPIO_1"),
+ PINCTRL_PIN(34, "GPIO_2"),
+ PINCTRL_PIN(35, "SVID_ALERT_N"),
+ PINCTRL_PIN(36, "SVID_DATA"),
+ PINCTRL_PIN(37, "SVID_CLK"),
+ PINCTRL_PIN(38, "THERMTRIP_N"),
+ PINCTRL_PIN(39, "PROCHOT_N"),
+ PINCTRL_PIN(40, "MEMHOT_N"),
+ /* South DFX */
+ PINCTRL_PIN(41, "DFX_PORT_CLK0"),
+ PINCTRL_PIN(42, "DFX_PORT_CLK1"),
+ PINCTRL_PIN(43, "DFX_PORT0"),
+ PINCTRL_PIN(44, "DFX_PORT1"),
+ PINCTRL_PIN(45, "DFX_PORT2"),
+ PINCTRL_PIN(46, "DFX_PORT3"),
+ PINCTRL_PIN(47, "DFX_PORT4"),
+ PINCTRL_PIN(48, "DFX_PORT5"),
+ PINCTRL_PIN(49, "DFX_PORT6"),
+ PINCTRL_PIN(50, "DFX_PORT7"),
+ PINCTRL_PIN(51, "DFX_PORT8"),
+ PINCTRL_PIN(52, "DFX_PORT9"),
+ PINCTRL_PIN(53, "DFX_PORT10"),
+ PINCTRL_PIN(54, "DFX_PORT11"),
+ PINCTRL_PIN(55, "DFX_PORT12"),
+ PINCTRL_PIN(56, "DFX_PORT13"),
+ PINCTRL_PIN(57, "DFX_PORT14"),
+ PINCTRL_PIN(58, "DFX_PORT15"),
+ /* South GPP0 */
+ PINCTRL_PIN(59, "GPIO_12"),
+ PINCTRL_PIN(60, "SMB5_GBE_ALRT_N"),
+ PINCTRL_PIN(61, "PCIE_CLKREQ5_N"),
+ PINCTRL_PIN(62, "PCIE_CLKREQ6_N"),
+ PINCTRL_PIN(63, "PCIE_CLKREQ7_N"),
+ PINCTRL_PIN(64, "UART0_RXD"),
+ PINCTRL_PIN(65, "UART0_TXD"),
+ PINCTRL_PIN(66, "SMB5_GBE_CLK"),
+ PINCTRL_PIN(67, "SMB5_GBE_DATA"),
+ PINCTRL_PIN(68, "ERROR2_N"),
+ PINCTRL_PIN(69, "ERROR1_N"),
+ PINCTRL_PIN(70, "ERROR0_N"),
+ PINCTRL_PIN(71, "IERR_N"),
+ PINCTRL_PIN(72, "MCERR_N"),
+ PINCTRL_PIN(73, "SMB0_LEG_CLK"),
+ PINCTRL_PIN(74, "SMB0_LEG_DATA"),
+ PINCTRL_PIN(75, "SMB0_LEG_ALRT_N"),
+ PINCTRL_PIN(76, "SMB1_HOST_DATA"),
+ PINCTRL_PIN(77, "SMB1_HOST_CLK"),
+ PINCTRL_PIN(78, "SMB2_PECI_DATA"),
+ PINCTRL_PIN(79, "SMB2_PECI_CLK"),
+ PINCTRL_PIN(80, "SMB4_CSME0_DATA"),
+ PINCTRL_PIN(81, "SMB4_CSME0_CLK"),
+ PINCTRL_PIN(82, "SMB4_CSME0_ALRT_N"),
+ PINCTRL_PIN(83, "USB_OC0_N"),
+ PINCTRL_PIN(84, "FLEX_CLK_SE0"),
+ PINCTRL_PIN(85, "FLEX_CLK_SE1"),
+ PINCTRL_PIN(86, "GPIO_4"),
+ PINCTRL_PIN(87, "GPIO_5"),
+ PINCTRL_PIN(88, "GPIO_6"),
+ PINCTRL_PIN(89, "GPIO_7"),
+ PINCTRL_PIN(90, "SATA0_LED_N"),
+ PINCTRL_PIN(91, "SATA1_LED_N"),
+ PINCTRL_PIN(92, "SATA_PDETECT0"),
+ PINCTRL_PIN(93, "SATA_PDETECT1"),
+ PINCTRL_PIN(94, "SATA0_SDOUT"),
+ PINCTRL_PIN(95, "SATA1_SDOUT"),
+ PINCTRL_PIN(96, "UART1_RXD"),
+ PINCTRL_PIN(97, "UART1_TXD"),
+ PINCTRL_PIN(98, "GPIO_8"),
+ PINCTRL_PIN(99, "GPIO_9"),
+ PINCTRL_PIN(100, "TCK"),
+ PINCTRL_PIN(101, "TRST_N"),
+ PINCTRL_PIN(102, "TMS"),
+ PINCTRL_PIN(103, "TDI"),
+ PINCTRL_PIN(104, "TDO"),
+ PINCTRL_PIN(105, "CX_PRDY_N"),
+ PINCTRL_PIN(106, "CX_PREQ_N"),
+ PINCTRL_PIN(107, "CTBTRIGINOUT"),
+ PINCTRL_PIN(108, "CTBTRIGOUT"),
+ PINCTRL_PIN(109, "DFX_SPARE2"),
+ PINCTRL_PIN(110, "DFX_SPARE3"),
+ PINCTRL_PIN(111, "DFX_SPARE4"),
+ /* South GPP1 */
+ PINCTRL_PIN(112, "SUSPWRDNACK"),
+ PINCTRL_PIN(113, "PMU_SUSCLK"),
+ PINCTRL_PIN(114, "ADR_TRIGGER"),
+ PINCTRL_PIN(115, "PMU_SLP_S45_N"),
+ PINCTRL_PIN(116, "PMU_SLP_S3_N"),
+ PINCTRL_PIN(117, "PMU_WAKE_N"),
+ PINCTRL_PIN(118, "PMU_PWRBTN_N"),
+ PINCTRL_PIN(119, "PMU_RESETBUTTON_N"),
+ PINCTRL_PIN(120, "PMU_PLTRST_N"),
+ PINCTRL_PIN(121, "SUS_STAT_N"),
+ PINCTRL_PIN(122, "SLP_S0IX_N"),
+ PINCTRL_PIN(123, "SPI_CS0_N"),
+ PINCTRL_PIN(124, "SPI_CS1_N"),
+ PINCTRL_PIN(125, "SPI_MOSI_IO0"),
+ PINCTRL_PIN(126, "SPI_MISO_IO1"),
+ PINCTRL_PIN(127, "SPI_IO2"),
+ PINCTRL_PIN(128, "SPI_IO3"),
+ PINCTRL_PIN(129, "SPI_CLK"),
+ PINCTRL_PIN(130, "SPI_CLK_LOOPBK"),
+ PINCTRL_PIN(131, "ESPI_IO0"),
+ PINCTRL_PIN(132, "ESPI_IO1"),
+ PINCTRL_PIN(133, "ESPI_IO2"),
+ PINCTRL_PIN(134, "ESPI_IO3"),
+ PINCTRL_PIN(135, "ESPI_CS0_N"),
+ PINCTRL_PIN(136, "ESPI_CLK"),
+ PINCTRL_PIN(137, "ESPI_RST_N"),
+ PINCTRL_PIN(138, "ESPI_ALRT0_N"),
+ PINCTRL_PIN(139, "GPIO_10"),
+ PINCTRL_PIN(140, "GPIO_11"),
+ PINCTRL_PIN(141, "ESPI_CLK_LOOPBK"),
+ PINCTRL_PIN(142, "EMMC_CMD"),
+ PINCTRL_PIN(143, "EMMC_STROBE"),
+ PINCTRL_PIN(144, "EMMC_CLK"),
+ PINCTRL_PIN(145, "EMMC_D0"),
+ PINCTRL_PIN(146, "EMMC_D1"),
+ PINCTRL_PIN(147, "EMMC_D2"),
+ PINCTRL_PIN(148, "EMMC_D3"),
+ PINCTRL_PIN(149, "EMMC_D4"),
+ PINCTRL_PIN(150, "EMMC_D5"),
+ PINCTRL_PIN(151, "EMMC_D6"),
+ PINCTRL_PIN(152, "EMMC_D7"),
+ PINCTRL_PIN(153, "GPIO_3"),
+};
+
+static const unsigned int dnv_uart0_pins[] = { 60, 61, 64, 65 };
+static const unsigned int dnv_uart0_modes[] = { 2, 3, 1, 1 };
+static const unsigned int dnv_uart1_pins[] = { 94, 95, 96, 97 };
+static const unsigned int dnv_uart2_pins[] = { 60, 61, 62, 63 };
+static const unsigned int dnv_uart2_modes[] = { 1, 1, 2, 2 };
+static const unsigned int dnv_emmc_pins[] = {
+ 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152,
+};
+
+static const struct intel_pingroup dnv_groups[] = {
+ PIN_GROUP("uart0_grp", dnv_uart0_pins, dnv_uart0_modes),
+ PIN_GROUP("uart1_grp", dnv_uart1_pins, 1),
+ PIN_GROUP("uart2_grp", dnv_uart2_pins, dnv_uart2_modes),
+ PIN_GROUP("emmc_grp", dnv_emmc_pins, 1),
+};
+
+static const char * const dnv_uart0_groups[] = { "uart0_grp" };
+static const char * const dnv_uart1_groups[] = { "uart1_grp" };
+static const char * const dnv_uart2_groups[] = { "uart2_grp" };
+static const char * const dnv_emmc_groups[] = { "emmc_grp" };
+
+static const struct intel_function dnv_functions[] = {
+ FUNCTION("uart0", dnv_uart0_groups),
+ FUNCTION("uart1", dnv_uart1_groups),
+ FUNCTION("uart2", dnv_uart2_groups),
+ FUNCTION("emmc", dnv_emmc_groups),
+};
+
+static const struct intel_padgroup dnv_north_gpps[] = {
+ DNV_GPP(0, 0, 31), /* North ALL_0 */
+ DNV_GPP(1, 32, 40), /* North ALL_1 */
+};
+
+static const struct intel_padgroup dnv_south_gpps[] = {
+ DNV_GPP(0, 41, 58), /* South DFX */
+ DNV_GPP(1, 59, 90), /* South GPP0_0 */
+ DNV_GPP(2, 91, 111), /* South GPP0_1 */
+ DNV_GPP(3, 112, 143), /* South GPP1_0 */
+ DNV_GPP(4, 144, 153), /* South GPP1_1 */
+};
+
+static const struct intel_community dnv_communities[] = {
+ DNV_COMMUNITY(0, 0, 40, dnv_north_gpps),
+ DNV_COMMUNITY(1, 41, 153, dnv_south_gpps),
+};
+
+static const struct intel_pinctrl_soc_data dnv_soc_data = {
+ .pins = dnv_pins,
+ .npins = ARRAY_SIZE(dnv_pins),
+ .groups = dnv_groups,
+ .ngroups = ARRAY_SIZE(dnv_groups),
+ .functions = dnv_functions,
+ .nfunctions = ARRAY_SIZE(dnv_functions),
+ .communities = dnv_communities,
+ .ncommunities = ARRAY_SIZE(dnv_communities),
+};
+
+static int dnv_pinctrl_probe(struct platform_device *pdev)
+{
+ return intel_pinctrl_probe(pdev, &dnv_soc_data);
+}
+
+static const struct dev_pm_ops dnv_pinctrl_pm_ops = {
+ SET_LATE_SYSTEM_SLEEP_PM_OPS(intel_pinctrl_suspend,
+ intel_pinctrl_resume)
+};
+
+static const struct acpi_device_id dnv_pinctrl_acpi_match[] = {
+ { "INTC3000" },
+ { }
+};
+MODULE_DEVICE_TABLE(acpi, dnv_pinctrl_acpi_match);
+
+static struct platform_driver dnv_pinctrl_driver = {
+ .probe = dnv_pinctrl_probe,
+ .driver = {
+ .name = "denverton-pinctrl",
+ .acpi_match_table = dnv_pinctrl_acpi_match,
+ .pm = &dnv_pinctrl_pm_ops,
+ },
+};
+
+static int __init dnv_pinctrl_init(void)
+{
+ return platform_driver_register(&dnv_pinctrl_driver);
+}
+subsys_initcall(dnv_pinctrl_init);
+
+static void __exit dnv_pinctrl_exit(void)
+{
+ platform_driver_unregister(&dnv_pinctrl_driver);
+}
+module_exit(dnv_pinctrl_exit);
+
+MODULE_AUTHOR("Mika Westerberg <mika.westerberg@linux.intel.com>");
+MODULE_DESCRIPTION("Intel Denverton SoC pinctrl/GPIO driver");
+MODULE_LICENSE("GPL v2");
diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme.c b/drivers/staging/rtl8188eu/core/rtw_mlme.c
index 301085a459c9..cf3adb447084 100644
--- a/drivers/staging/rtl8188eu/core/rtw_mlme.c
+++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c
@@ -106,10 +106,10 @@ void rtw_free_mlme_priv_ie_data(struct mlme_priv *pmlmepriv)
void rtw_free_mlme_priv(struct mlme_priv *pmlmepriv)
{
- rtw_free_mlme_priv_ie_data(pmlmepriv);
-
- if (pmlmepriv)
+ if (pmlmepriv) {
+ rtw_free_mlme_priv_ie_data(pmlmepriv);
vfree(pmlmepriv->free_bss_buf);
+ }
}
struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv)
diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index 763eccd0c7c9..abdb5354dd00 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -1395,19 +1395,13 @@ static int rtw_wx_get_essid(struct net_device *dev,
if ((check_fwstate(pmlmepriv, _FW_LINKED)) ||
(check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE))) {
len = pcur_bss->Ssid.SsidLength;
-
- wrqu->essid.length = len;
-
memcpy(extra, pcur_bss->Ssid.Ssid, len);
-
- wrqu->essid.flags = 1;
} else {
- ret = -1;
- goto exit;
+ len = 0;
+ *extra = 0;
}
-
-exit:
-
+ wrqu->essid.length = len;
+ wrqu->essid.flags = 1;
return ret;
}
diff --git a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
index 5f3d8f2339e3..4be864dbd41c 100644
--- a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
+++ b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
@@ -390,8 +390,7 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream
__func__, instance);
instance->alsa_stream = alsa_stream;
alsa_stream->instance = instance;
- ret = 0; // xxx todo -1;
- goto err_free_mem;
+ return 0;
}
/* Initialize and create a VCHI connection */
@@ -401,16 +400,15 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream
LOG_ERR("%s: failed to initialise VCHI instance (ret=%d)\n",
__func__, ret);
- ret = -EIO;
- goto err_free_mem;
+ return -EIO;
}
ret = vchi_connect(NULL, 0, vchi_instance);
if (ret) {
LOG_ERR("%s: failed to connect VCHI instance (ret=%d)\n",
__func__, ret);
- ret = -EIO;
- goto err_free_mem;
+ kfree(vchi_instance);
+ return -EIO;
}
initted = 1;
}
@@ -421,19 +419,16 @@ static int bcm2835_audio_open_connection(struct bcm2835_alsa_stream *alsa_stream
if (IS_ERR(instance)) {
LOG_ERR("%s: failed to initialize audio service\n", __func__);
- ret = PTR_ERR(instance);
- goto err_free_mem;
+ /* vchi_instance is retained for use the next time. */
+ return PTR_ERR(instance);
}
instance->alsa_stream = alsa_stream;
alsa_stream->instance = instance;
LOG_DBG(" success !\n");
- ret = 0;
-err_free_mem:
- kfree(vchi_instance);
- return ret;
+ return 0;
}
int bcm2835_audio_open(struct bcm2835_alsa_stream *alsa_stream)
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5d0785cfe063..ceff0b9327e7 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -306,6 +306,9 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
if (iint->flags & IMA_DIGSIG)
return;
+ if (iint->ima_file_status != INTEGRITY_PASS)
+ return;
+
rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo);
if (rc < 0)
return;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index d3cb5d7d4e39..e9d7525d02ca 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -52,6 +52,8 @@ static int __init hash_setup(char *str)
ima_hash_algo = HASH_ALGO_SHA1;
else if (strncmp(str, "md5", 3) == 0)
ima_hash_algo = HASH_ALGO_MD5;
+ else
+ return 1;
goto out;
}
@@ -61,6 +63,8 @@ static int __init hash_setup(char *str)
break;
}
}
+ if (i == HASH_ALGO__LAST)
+ return 1;
out:
hash_setup_done = 1;
return 1;
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a7a23b5541f8..6462e6654ccf 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -45,10 +45,9 @@ config BIG_KEYS
bool "Large payload keys"
depends on KEYS
depends on TMPFS
- depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
+ select CRYPTO
select CRYPTO_AES
- select CRYPTO_ECB
- select CRYPTO_RNG
+ select CRYPTO_GCM
help
This option provides support for holding large keys within the kernel
(for example Kerberos ticket caches). The data may be stored out to
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index b83703a624d8..4161e0396c22 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -1,5 +1,6 @@
/* Large capacity key type
*
+ * Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
* Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
@@ -16,10 +17,10 @@
#include <linux/shmem_fs.h>
#include <linux/err.h>
#include <linux/scatterlist.h>
+#include <linux/random.h>
#include <keys/user-type.h>
#include <keys/big_key-type.h>
-#include <crypto/rng.h>
-#include <crypto/skcipher.h>
+#include <crypto/aead.h>
/*
* Layout of key payload words.
@@ -49,7 +50,12 @@ enum big_key_op {
/*
* Key size for big_key data encryption
*/
-#define ENC_KEY_SIZE 16
+#define ENC_KEY_SIZE 32
+
+/*
+ * Authentication tag length
+ */
+#define ENC_AUTHTAG_SIZE 16
/*
* big_key defined keys take an arbitrary string as the description and an
@@ -64,57 +70,62 @@ struct key_type key_type_big_key = {
.destroy = big_key_destroy,
.describe = big_key_describe,
.read = big_key_read,
+ /* no ->update(); don't add it without changing big_key_crypt() nonce */
};
/*
- * Crypto names for big_key data encryption
+ * Crypto names for big_key data authenticated encryption
*/
-static const char big_key_rng_name[] = "stdrng";
-static const char big_key_alg_name[] = "ecb(aes)";
+static const char big_key_alg_name[] = "gcm(aes)";
/*
- * Crypto algorithms for big_key data encryption
+ * Crypto algorithms for big_key data authenticated encryption
*/
-static struct crypto_rng *big_key_rng;
-static struct crypto_skcipher *big_key_skcipher;
+static struct crypto_aead *big_key_aead;
/*
- * Generate random key to encrypt big_key data
+ * Since changing the key affects the entire object, we need a mutex.
*/
-static inline int big_key_gen_enckey(u8 *key)
-{
- return crypto_rng_get_bytes(big_key_rng, key, ENC_KEY_SIZE);
-}
+static DEFINE_MUTEX(big_key_aead_lock);
/*
* Encrypt/decrypt big_key data
*/
static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key)
{
- int ret = -EINVAL;
+ int ret;
struct scatterlist sgio;
- SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher);
-
- if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) {
+ struct aead_request *aead_req;
+ /* We always use a zero nonce. The reason we can get away with this is
+ * because we're using a different randomly generated key for every
+ * different encryption. Notably, too, key_type_big_key doesn't define
+ * an .update function, so there's no chance we'll wind up reusing the
+ * key to encrypt updated data. Simply put: one key, one encryption.
+ */
+ u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
+
+ aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
+ if (!aead_req)
+ return -ENOMEM;
+
+ memset(zero_nonce, 0, sizeof(zero_nonce));
+ sg_init_one(&sgio, data, datalen + (op == BIG_KEY_ENC ? ENC_AUTHTAG_SIZE : 0));
+ aead_request_set_crypt(aead_req, &sgio, &sgio, datalen, zero_nonce);
+ aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ aead_request_set_ad(aead_req, 0);
+
+ mutex_lock(&big_key_aead_lock);
+ if (crypto_aead_setkey(big_key_aead, key, ENC_KEY_SIZE)) {
ret = -EAGAIN;
goto error;
}
-
- skcipher_request_set_tfm(req, big_key_skcipher);
- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
- NULL, NULL);
-
- sg_init_one(&sgio, data, datalen);
- skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL);
-
if (op == BIG_KEY_ENC)
- ret = crypto_skcipher_encrypt(req);
+ ret = crypto_aead_encrypt(aead_req);
else
- ret = crypto_skcipher_decrypt(req);
-
- skcipher_request_zero(req);
-
+ ret = crypto_aead_decrypt(aead_req);
error:
+ mutex_unlock(&big_key_aead_lock);
+ aead_request_free(aead_req);
return ret;
}
@@ -146,16 +157,13 @@ int big_key_preparse(struct key_preparsed_payload *prep)
*
* File content is stored encrypted with randomly generated key.
*/
- size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
+ size_t enclen = datalen + ENC_AUTHTAG_SIZE;
loff_t pos = 0;
- /* prepare aligned data to encrypt */
data = kmalloc(enclen, GFP_KERNEL);
if (!data)
return -ENOMEM;
-
memcpy(data, prep->data, datalen);
- memset(data + datalen, 0x00, enclen - datalen);
/* generate random key */
enckey = kmalloc(ENC_KEY_SIZE, GFP_KERNEL);
@@ -163,13 +171,12 @@ int big_key_preparse(struct key_preparsed_payload *prep)
ret = -ENOMEM;
goto error;
}
-
- ret = big_key_gen_enckey(enckey);
- if (ret)
+ ret = get_random_bytes_wait(enckey, ENC_KEY_SIZE);
+ if (unlikely(ret))
goto err_enckey;
/* encrypt aligned data */
- ret = big_key_crypt(BIG_KEY_ENC, data, enclen, enckey);
+ ret = big_key_crypt(BIG_KEY_ENC, data, datalen, enckey);
if (ret)
goto err_enckey;
@@ -195,7 +202,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
*path = file->f_path;
path_get(path);
fput(file);
- kfree(data);
+ kzfree(data);
} else {
/* Just store the data in a buffer */
void *data = kmalloc(datalen, GFP_KERNEL);
@@ -211,9 +218,9 @@ int big_key_preparse(struct key_preparsed_payload *prep)
err_fput:
fput(file);
err_enckey:
- kfree(enckey);
+ kzfree(enckey);
error:
- kfree(data);
+ kzfree(data);
return ret;
}
@@ -227,7 +234,7 @@ void big_key_free_preparse(struct key_preparsed_payload *prep)
path_put(path);
}
- kfree(prep->payload.data[big_key_data]);
+ kzfree(prep->payload.data[big_key_data]);
}
/*
@@ -259,7 +266,7 @@ void big_key_destroy(struct key *key)
path->mnt = NULL;
path->dentry = NULL;
}
- kfree(key->payload.data[big_key_data]);
+ kzfree(key->payload.data[big_key_data]);
key->payload.data[big_key_data] = NULL;
}
@@ -295,7 +302,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
struct file *file;
u8 *data;
u8 *enckey = (u8 *)key->payload.data[big_key_data];
- size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
+ size_t enclen = datalen + ENC_AUTHTAG_SIZE;
data = kmalloc(enclen, GFP_KERNEL);
if (!data)
@@ -327,7 +334,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
err_fput:
fput(file);
error:
- kfree(data);
+ kzfree(data);
} else {
ret = datalen;
if (copy_to_user(buffer, key->payload.data[big_key_data],
@@ -343,47 +350,31 @@ error:
*/
static int __init big_key_init(void)
{
- struct crypto_skcipher *cipher;
- struct crypto_rng *rng;
int ret;
- rng = crypto_alloc_rng(big_key_rng_name, 0, 0);
- if (IS_ERR(rng)) {
- pr_err("Can't alloc rng: %ld\n", PTR_ERR(rng));
- return PTR_ERR(rng);
- }
-
- big_key_rng = rng;
-
- /* seed RNG */
- ret = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng));
- if (ret) {
- pr_err("Can't reset rng: %d\n", ret);
- goto error_rng;
- }
-
/* init block cipher */
- cipher = crypto_alloc_skcipher(big_key_alg_name, 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(cipher)) {
- ret = PTR_ERR(cipher);
+ big_key_aead = crypto_alloc_aead(big_key_alg_name, 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(big_key_aead)) {
+ ret = PTR_ERR(big_key_aead);
pr_err("Can't alloc crypto: %d\n", ret);
- goto error_rng;
+ return ret;
+ }
+ ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
+ if (ret < 0) {
+ pr_err("Can't set crypto auth tag len: %d\n", ret);
+ goto free_aead;
}
-
- big_key_skcipher = cipher;
ret = register_key_type(&key_type_big_key);
if (ret < 0) {
pr_err("Can't register type: %d\n", ret);
- goto error_cipher;
+ goto free_aead;
}
return 0;
-error_cipher:
- crypto_free_skcipher(big_key_skcipher);
-error_rng:
- crypto_free_rng(big_key_rng);
+free_aead:
+ crypto_free_aead(big_key_aead);
return ret;
}