Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Highlights:

- Smack adds secmark support for Netfilte

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Highlights:

- Smack adds secmark support for Netfilter
- /proc/keys is now mandatory if CONFIG_KEYS=y
- TPM gets its own device class
- Added TPM 2.0 support
- Smack file hook rework (all Smack users should review this!)"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (64 commits)
cipso: don't use IPCB() to locate the CIPSO IP option
SELinux: fix error code in policydb_init()
selinux: add security in-core xattr support for pstore and debugfs
selinux: quiet the filesystem labeling behavior message
selinux: Remove unused function avc_sidcmp()
ima: /proc/keys is now mandatory
Smack: Repair netfilter dependency
X.509: silence asn1 compiler debug output
X.509: shut up about included cert for silent build
KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
MAINTAINERS: email update
tpm/tpm_tis: Add missing ifdef CONFIG_ACPI for pnp_acpi_device
smack: fix possible use after frees in task_security() callers
smack: Add missing logging in bidirectional UDS connect check
Smack: secmark support for netfilter
Smack: Rework file hooks
tpm: fix format string error in tpm-chip.c
char/tpm/tpm_crb: fix build error
smack: Fix a bidirectional UDS connect check typo
smack: introduce a special case for tmpfs in smack_d_instantiate()
...

show more ...

tpm: TPM 2.0 CRB Interface

tpm_crb is a driver for TPM 2.0 Command Response Buffer (CRB) Interface
as defined in PC Client Platform TPM Profile (PTP) Specification.

Only polling and single locality

tpm: TPM 2.0 CRB Interface

tpm_crb is a driver for TPM 2.0 Command Response Buffer (CRB) Interface
as defined in PC Client Platform TPM Profile (PTP) Specification.

Only polling and single locality is supported as these are the limitations
of the available hardware, Platform Trust Techonlogy (PTT) in Haswell
CPUs.

The driver always applies CRB with ACPI start because PTT reports using
only ACPI start as start method but as a result of my testing it requires
also CRB start.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>

show more ...

tpm: TPM 2.0 baseline support

TPM 2.0 devices are separated by adding a field 'flags' to struct
tpm_chip and defining a flag TPM_CHIP_FLAG_TPM2 for tagging them.

This patch adds the following inter

tpm: TPM 2.0 baseline support

TPM 2.0 devices are separated by adding a field 'flags' to struct
tpm_chip and defining a flag TPM_CHIP_FLAG_TPM2 for tagging them.

This patch adds the following internal functions:

- tpm2_get_random()
- tpm2_get_tpm_pt()
- tpm2_pcr_extend()
- tpm2_pcr_read()
- tpm2_startup()

Additionally, the following exported functions are implemented for
implementing TPM 2.0 device drivers:

- tpm2_do_selftest()
- tpm2_calc_ordinal_durations()
- tpm2_gen_interrupt()

The existing functions that are exported for the use for existing
subsystems have been changed to check the flags field in struct
tpm_chip and use appropriate TPM 2.0 counterpart if
TPM_CHIP_FLAG_TPM2 is est.

The code for tpm2_calc_ordinal_duration() and tpm2_startup() were
originally written by Will Arthur.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Will Arthur <will.c.arthur@intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Tested-by: Peter Huewe <peterhuewe@gmx.de>

[phuewe: Fixed copy paste error * 2]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>

show more ...

tpm: two-phase chip management functions

tpm_register_hardware() and tpm_remove_hardware() are called often
before initializing the device. The problem is that the device might
not be fully initiali

tpm: two-phase chip management functions

tpm_register_hardware() and tpm_remove_hardware() are called often
before initializing the device. The problem is that the device might
not be fully initialized when it comes visible to the user space.

This patch resolves the issue by diving initialization into two
parts:

- tpmm_chip_alloc() creates struct tpm_chip.

- tpm_chip_register() sets up the character device and sysfs
attributes.

The framework takes care of freeing struct tpm_chip by using the devres
API. The broken release callback has been wiped. ACPI drivers do not
ever get this callback.

Regards to Jason Gunthorpe for carefully reviewing this part of the
code.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
[phuewe: update to upstream changes]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>

show more ...

tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product

STMicroelectronics i2c tpm is the only one to have a different tristate
label.

Rename it "TPM Interface Specifica

tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product

STMicroelectronics i2c tpm is the only one to have a different tristate
label.

Rename it "TPM Interface Specification 1.2 Interface (I2C - STMicroelectronics)"

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
[phuewe: corrected module name in the helptext]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>

show more ...

Merge tag 'v3.14' into next

Linux 3.14

Merge tag 'v3.13' into next

Linux 3.13

Minor fixup needed in selinux_inet_conn_request()

Conflicts:
security/selinux/hooks.c

Merge branch 'next' into for-linus

First round of input updates for 3.15.

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next

Conflicts:
drivers/gpu/drm/i915/Makefile

Makefile cleanup in drm-intel-next conflicts with a build-fix to move
intel_opregion un

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next

Conflicts:
drivers/gpu/drm/i915/Makefile

Makefile cleanup in drm-intel-next conflicts with a build-fix to move
intel_opregion under CONFIG_ACPI.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

show more ...

Merge tag 'v3.14-rc6' into drm-intel-next-queued

Linux 3.14-rc6

I need the hdmi/dvi-dual link fixes in 3.14 to avoid ugly conflicts
when merging Ville's new hdmi cloning support into my -next tree

Merge tag 'v3.14-rc6' into drm-intel-next-queued

Linux 3.14-rc6

I need the hdmi/dvi-dual link fixes in 3.14 to avoid ugly conflicts
when merging Ville's new hdmi cloning support into my -next tree

Conflicts:
drivers/gpu/drm/i915/Makefile
drivers/gpu/drm/i915/intel_dp.c

Makefile cleanup conflicts with an acpi build fix, intel_dp.c is
trivial.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

show more ...

Merge tag 'v3.13' into for-3.15

Linux 3.13

Conflicts:
include/net/xfrm.h

Simple merge where v3.13 removed 'extern' from definitions and the audit
tree did s/u32/unsigned int/ to the same definiti

Merge tag 'v3.13' into for-3.15

Linux 3.13

Conflicts:
include/net/xfrm.h

Simple merge where v3.13 removed 'extern' from definitions and the audit
tree did s/u32/unsigned int/ to the same definitions.

show more ...

Merge tag 'parse-val' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into asoc-core

regmap: Add parse_val() API

This is useful for generic code built on top of regmap dealing with

Merge tag 'parse-val' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into asoc-core

regmap: Add parse_val() API

This is useful for generic code built on top of regmap dealing with
blocks of data.

show more ...

Merge tag 'v3.14-rc4' into next

Merge with Linux 3.14-rc4 to bring devm_request_any_context_irq().

Merge tag 'xtensa-for-next-20140221-1' into for_next

Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;

Merge tag 'xtensa-for-next-20140221-1' into for_next

Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;
- don't select USE_GENERIC_SMP_HELPERS;
- enable common clock framework support, set up ethoc clock on xtfpga;
- wire up sched_setattr and sched_getattr syscalls.

Signed-off-by: Chris Zankel <chris@zankel.net>

show more ...

Merge branch 'master' into for-next

Merge branch 'linus' into perf/core

Refresh the branch to a v3.14-rc base before queueing up new devel patches.

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'efi-urgent' into x86/urgent

* Avoid WARN_ON() when mapping BGRT on Baytrail (EFI 32-bit).

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>

Merge tag 'v3.13' into stable-3.14

Linux 3.13

Conflicts:
security/selinux/hooks.c

Trivial merge issue in selinux_inet_conn_request() likely due to me
including patches that I sent to the stable f

Merge tag 'v3.13' into stable-3.14

Linux 3.13

Conflicts:
security/selinux/hooks.c

Trivial merge issue in selinux_inet_conn_request() likely due to me
including patches that I sent to the stable folks in my next tree
resulting in the patch hitting twice (I think). Thankfully it was an
easy fix this time, but regardless, lesson learned, I will not do that
again.

show more ...

Merge remote-tracking branch 'wireless-next/master' into ath-next

Merge tag 'v3.14-rc1' into patchwork

Linus 3.14-rc1

* tag 'v3.14-rc1': (11781 commits)
Linus 3.14-rc1
hpfs: optimize quad buffer loading
hpfs: remember free space
parisc: add flexible mmap

Merge tag 'v3.14-rc1' into patchwork

Linus 3.14-rc1

* tag 'v3.14-rc1': (11781 commits)
Linus 3.14-rc1
hpfs: optimize quad buffer loading
hpfs: remember free space
parisc: add flexible mmap memory layout support
parisc: Make EWOULDBLOCK be equal to EAGAIN on parisc
parisc: convert uapi/asm/stat.h to use native types only
parisc: wire up sched_setattr and sched_getattr
parisc: fix cache-flushing
parisc/sti_console: prefer Linux fonts over built-in ROM fonts
hwmon: Fix SENSORS_TMP102 dependencies to eliminate build errors
hwmon: Fix SENSORS_LM75 dependencies to eliminate build errors
tools/power turbostat: introduce -s to dump counters
tools/power turbostat: remove unused command line option
afs: proc cells and rootcell are writeable
tile: remove compat_sys_lookup_dcookie declaration to fix compile error
Revert "PCI: Remove from bus_list and release resources in pci_release_dev()"
ARM: multi_v7_defconfig: remove redundant entries and re-enable TI_EDMA
ARM: multi_v7_defconfig: add mvebu drivers
clocksource: kona: Add basic use of external clock
drivers: bus: fix CCI driver kcalloc call parameters swap
...

show more ...

Merge branch 'linus' into sched/core, to resolve conflicts

Conflicts:
kernel/sysctl.c

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into core/locking

Refresh the topic.

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'master' into staging-next

We need the network changes in staging-next in order to be able to fix
up the rtl8821ae driver to build properly.

Signed-off-by: Greg Kroah-Hartman <gregkh@l

Merge branch 'master' into staging-next

We need the network changes in staging-next in order to be able to fix
up the rtl8821ae driver to build properly.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

show more ...

Merge branches 'for-3.13/upstream-fixes', 'for-3.14/i2c-hid', 'for-3.14/sensor-hub', 'for-3.14/sony' and 'for-3.14/upstream' into for-linus

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Changes for this kernel include maintenance updates

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:
"Changes for this kernel include maintenance updates for Smack, SELinux
(and several networking fixes), IMA and TPM"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)
SELinux: Fix memory leak upon loading policy
tpm/tpm-sysfs: active_show() can be static
tpm: tpm_tis: Fix compile problems with CONFIG_PM_SLEEP/CONFIG_PNP
tpm: Make tpm-dev allocate a per-file structure
tpm: Use the ops structure instead of a copy in tpm_vendor_specific
tpm: Create a tpm_class_ops structure and use it in the drivers
tpm: Pull all driver sysfs code into tpm-sysfs.c
tpm: Move sysfs functions from tpm-interface to tpm-sysfs
tpm: Pull everything related to /dev/tpmX into tpm-dev.c
char: tpm: nuvoton: remove unused variable
tpm: MAINTAINERS: Cleanup TPM Maintainers file
tpm/tpm_i2c_atmel: fix coccinelle warnings
tpm/tpm_ibmvtpm: fix unreachable code warning (smatch warning)
tpm/tpm_i2c_stm_st33: Check return code of get_burstcount
tpm/tpm_ppi: Check return value of acpi_get_name
tpm/tpm_ppi: Do not compare strcmp(a,b) == -1
ima: remove unneeded size_limit argument from ima_eventdigest_init_common()
ima: update IMA-templates.txt documentation
ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()
ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init()
...

show more ...