Merge tag 'v4.3-rc1' into sched/core, to refresh the branch

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- PKCS#7 support added to support sig

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- PKCS#7 support added to support signed kexec, also utilized for
module signing. See comments in 3f1e1bea.

** NOTE: this requires linking against the OpenSSL library, which
must be installed, e.g. the openssl-devel on Fedora **

- Smack
- add IPv6 host labeling; ignore labels on kernel threads
- support smack labeling mounts which use binary mount data

- SELinux:
- add ioctl whitelisting (see
http://kernsec.org/files/lss2015/vanderstoep.pdf)
- fix mprotect PROT_EXEC regression caused by mm change

- Seccomp:
- add ptrace options for suspend/resume"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits)
PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them
Documentation/Changes: Now need OpenSSL devel packages for module signing
scripts: add extract-cert and sign-file to .gitignore
modsign: Handle signing key in source tree
modsign: Use if_changed rule for extracting cert from module signing key
Move certificate handling to its own directory
sign-file: Fix warning about BIO_reset() return value
PKCS#7: Add MODULE_LICENSE() to test module
Smack - Fix build error with bringup unconfigured
sign-file: Document dependency on OpenSSL devel libraries
PKCS#7: Appropriately restrict authenticated attributes and content type
KEYS: Add a name for PKEY_ID_PKCS7
PKCS#7: Improve and export the X.509 ASN.1 time object decoder
modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
extract-cert: Cope with multiple X.509 certificates in a single file
sign-file: Generate CMS message as signature instead of PKCS#7
PKCS#7: Support CMS messages also [RFC5652]
X.509: Change recorded SKID & AKID to not include Subject or Issuer
PKCS#7: Check content type and versions
MAINTAINERS: The keyrings mailing list has moved
...

show more ...

Merge tag 'modsign-pkcs7-20150812-3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

PKCS#7: Appropriately restrict authenticated attributes and content type

A PKCS#7 or CMS message can have per-signature authenticated attributes
that are digested as a lump and signed by the authori

PKCS#7: Appropriately restrict authenticated attributes and content type

A PKCS#7 or CMS message can have per-signature authenticated attributes
that are digested as a lump and signed by the authorising key for that
signature. If such attributes exist, the content digest isn't itself
signed, but rather it is included in a special authattr which then
contributes to the signature.

Further, we already require the master message content type to be
pkcs7_signedData - but there's also a separate content type for the data
itself within the SignedData object and this must be repeated inside the
authattrs for each signer [RFC2315 9.2, RFC5652 11.1].

We should really validate the authattrs if they exist or forbid them
entirely as appropriate. To this end:

(1) Alter the PKCS#7 parser to reject any message that has more than one
signature where at least one signature has authattrs and at least one
that does not.

(2) Validate authattrs if they are present and strongly restrict them.
Only the following authattrs are permitted and all others are
rejected:

(a) contentType. This is checked to be an OID that matches the
content type in the SignedData object.

(b) messageDigest. This must match the crypto digest of the data.

(c) signingTime. If present, we check that this is a valid, parseable
UTCTime or GeneralTime and that the date it encodes fits within
the validity window of the matching X.509 cert.

(d) S/MIME capabilities. We don't check the contents.

(e) Authenticode SP Opus Info. We don't check the contents.

(f) Authenticode Statement Type. We don't check the contents.

The message is rejected if (a) or (b) are missing. If the message is
an Authenticode type, the message is rejected if (e) is missing; if
not Authenticode, the message is rejected if (d) - (f) are present.

The S/MIME capabilities authattr (d) unfortunately has to be allowed
to support kernels already signed by the pesign program. This only
affects kexec. sign-file suppresses them (CMS_NOSMIMECAP).

The message is also rejected if an authattr is given more than once or
if it contains more than one element in its set of values.

(3) Add a parameter to pkcs7_verify() to select one of the following
restrictions and pass in the appropriate option from the callers:

(*) VERIFYING_MODULE_SIGNATURE

This requires that the SignedData content type be pkcs7-data and
forbids authattrs. sign-file sets CMS_NOATTR. We could be more
flexible and permit authattrs optionally, but only permit minimal
content.

(*) VERIFYING_FIRMWARE_SIGNATURE

This requires that the SignedData content type be pkcs7-data and
requires authattrs. In future, this will require an attribute
holding the target firmware name in addition to the minimal set.

(*) VERIFYING_UNSPECIFIED_SIGNATURE

This requires that the SignedData content type be pkcs7-data but
allows either no authattrs or only permits the minimal set.

(*) VERIFYING_KEXEC_PE_SIGNATURE

This only supports the Authenticode SPC_INDIRECT_DATA content type
and requires at least an SpcSpOpusInfo authattr in addition to the
minimal set. It also permits an SPC_STATEMENT_TYPE authattr (and
an S/MIME capabilities authattr because the pesign program doesn't
remove these).

(*) VERIFYING_KEY_SIGNATURE
(*) VERIFYING_KEY_SELF_SIGNATURE

These are invalid in this context but are included for later use
when limiting the use of X.509 certs.

(4) The pkcs7_test key type is given a module parameter to select between
the above options for testing purposes. For example:

echo 1 >/sys/module/pkcs7_test_key/parameters/usage
keyctl padd pkcs7_test foo @s </tmp/stuff.pkcs7

will attempt to check the signature on stuff.pkcs7 as if it contains a
firmware blob (1 being VERIFYING_FIRMWARE_SIGNATURE).

Suggested-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>

show more ...

Merge Linus' tree to be be to apply submitted patches to newer code than
current trivial.git base

Merge commit 'v3.17' into next

Merge tag 'v3.18-rc4' into x86/cleanups, to refresh the tree before pulling new changes.

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v3.18-rc1' into for_next

Linux 3.18-rc1

Merge branch 'fix/dw' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-dw

Conflicts:
drivers/spi/spi-dw-mid.c

Merge branch 'next' into for-linus

Prepare second round of input updates for 3.18.

Merge tag 'v3.17' into next

Synchronize with mainline to bring in changes to Synaptics and i8042
drivers.

Merge tag 'asoc-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-next

ASoC: Updates for v3.18

- More componentisation work from Lars-Peter, this time mainly
cleani

Merge tag 'asoc-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-next

ASoC: Updates for v3.18

- More componentisation work from Lars-Peter, this time mainly
cleaning up the suspend and bias level transition callbacks.
- Real system support for the Intel drivers and a bunch of fixes and
enhancements for the associated CODEC drivers, this is going to need
a lot quirks over time due to the lack of any firmware description of
the boards.
- Jack detect support for simple card from Dylan Reid.
- A bunch of small fixes and enhancements for the Freescale drivers.
- New drivers for Analog Devices SSM4567, Cirrus Logic CS35L32, Everest
Semiconductor ES8328 and Freescale cards using the ASRC in newer i.MX
processors.

show more ...

Merge branch 'next' into for-linus

Prepare first round of input updates for 3.18.

Merge tag 'v3.17-rc4' into asoc-simple

Linux 3.17-rc4

Merge remote-tracking branches 'asoc/fix/atmel', 'asoc/fix/compress', 'asoc/fix/core', 'asoc/fix/fsl-ssi' and 'asoc/fix/rt286' into asoc-linus

Merge tag 'tegra-clk-3.18' of git://nv-tegra.nvidia.com/user/pdeschrijver/linux into clk-next

Tegra clk updates for 3.18

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block into for-3.18

This is to receive 0a30288da1ae ("blk-mq, percpu_ref: implement a
kludge for SCSI blk-mq sta

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block into for-3.18

This is to receive 0a30288da1ae ("blk-mq, percpu_ref: implement a
kludge for SCSI blk-mq stall during probe") which implements
__percpu_ref_kill_expedited() to work around SCSI blk-mq stall. The
commit reverted and patches to implement proper fix will be added.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Kent Overstreet <kmo@daterainc.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Christoph Hellwig <hch@lst.de>

show more ...

Merge branch 'for-linus' into for-3.18/core

Moving patches from for-linus to 3.18 instead, pull in this changes
that will go to Linus today.

Merge remote-tracking branch 'linus/master' into patchwork

There are some patches that depends on media-v3.16-rc6.
So, merge back from upstream before applying them.

* linus/master: (1123 commits)

Merge remote-tracking branch 'linus/master' into patchwork

There are some patches that depends on media-v3.16-rc6.
So, merge back from upstream before applying them.

* linus/master: (1123 commits)
drm/nouveau: ltc/gf100-: fix cbc issues on certain boards
drm/bochs: add missing drm_connector_register call
drm/cirrus: add missing drm_connector_register call
staging: vt6655: buffer overflow in ioctl
USB: storage: Add quirks for Entrega/Xircom USB to SCSI converters
USB: storage: Add quirk for Ariston Technologies iConnect USB to SCSI adapter
USB: storage: Add quirk for Adaptec USBConnect 2000 USB-to-SCSI Adapter
USB: EHCI: unlink QHs even after the controller has stopped
[SCSI] fix for bidi use after free
[SCSI] fix regression that accidentally disabled block-based tcq
[SCSI] libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu
drm/radeon: Fix typo 'addr' -> 'entry' in rs400_gart_set_page
drm/nouveau/runpm: fix module unload
drm/radeon/px: fix module unload
vgaswitcheroo: add vga_switcheroo_fini_domain_pm_ops
drm/radeon: don't reset dma on r6xx-evergreen init
drm/radeon: don't reset sdma on CIK init
drm/radeon: don't reset dma on NI/SI init
drm/radeon/dpm: fix resume on mullins
drm/radeon: Disable HDP flush before every CS again for < r600
...

show more ...

Merge tag 'asoc-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v3.17

This is mostly driver fixes, the biggest one being the tlv320aic31xx
w

Merge tag 'asoc-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v3.17

This is mostly driver fixes, the biggest one being the tlv320aic31xx
which is relatively large but simple and device specific. There's a
small fix in the error handling in DPCM too which is relatively minor
error handling fix.

show more ...

drm: backmerge tag 'v3.17-rc5' into drm-next

This is requested to get the fixes for intel and radeon into the
same tree for future development work.

i915_display.c: fix missing dev_priv conflict.

Merge tag 'v3.17-rc5' from upstream

Merge tag 'v3.17-rc5' into usb-next

USB fixes in Linux 3.17-rc5 are needed to build on top of for 3.18.

Signed-off-by: Johan Hovold <johan@kernel.org>

Merge 3.17-rc5 into usb-next

We need the USB fixes in there to build on top of in this branch for
3.18.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Merge 3.17-rc5 into tty-next

We want those fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>