summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-07-12apparmor: fix update the mtime of the profile file on replacementJohn Johansen1-0/+2
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-07-12apparmor: exec should not be returning ENOENT when it deniesJohn Johansen1-1/+1
The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-07-12apparmor: fix uninitialized lsm_audit memberJohn Johansen2-2/+4
BugLink: http://bugs.launchpad.net/bugs/1268727 The task field in the lsm_audit struct needs to be initialized if a change_hat fails, otherwise the following oops will occur BUG: unable to handle kernel paging request at 0000002fbead7d08 IP: [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50 PGD 1e3f35067 PUD 0 Oops: 0002 [#1] SMP Modules linked in: pppox crc_ccitt p8023 p8022 psnap llc ax25 btrfs raid6_pq xor xfs libcrc32c dm_multipath scsi_dh kvm_amd dcdbas kvm microcode amd64_edac_mod joydev edac_core psmouse edac_mce_amd serio_raw k10temp sp5100_tco i2c_piix4 ipmi_si ipmi_msghandler acpi_power_meter mac_hid lp parport hid_generic usbhid hid pata_acpi mpt2sas ahci raid_class pata_atiixp bnx2 libahci scsi_transport_sas [last unloaded: tipc] CPU: 2 PID: 699 Comm: changehat_twice Tainted: GF O 3.13.0-7-generic #25-Ubuntu Hardware name: Dell Inc. PowerEdge R415/08WNM9, BIOS 1.8.6 12/06/2011 task: ffff8802135c6000 ti: ffff880212986000 task.ti: ffff880212986000 RIP: 0010:[<ffffffff8171153e>] [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50 RSP: 0018:ffff880212987b68 EFLAGS: 00010006 RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000 RDX: 0000000000000292 RSI: ffff880212987ba8 RDI: 0000002fbead7d08 RBP: ffff880212987b68 R08: 0000000000000246 R09: ffff880216e572a0 R10: ffffffff815fd677 R11: ffffea0008469580 R12: ffffffff8130966f R13: ffff880212987ba8 R14: 0000002fbead7d08 R15: ffff8800d8c6b830 FS: 00002b5e6c84e7c0(0000) GS:ffff880216e40000(0000) knlGS:0000000055731700 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000002fbead7d08 CR3: 000000021270f000 CR4: 00000000000006e0 Stack: ffff880212987b98 ffffffff81075f17 ffffffff8130966f 0000000000000009 0000000000000000 0000000000000000 ffff880212987bd0 ffffffff81075f7c 0000000000000292 ffff880212987c08 ffff8800d8c6b800 0000000000000026 Call Trace: [<ffffffff81075f17>] __lock_task_sighand+0x47/0x80 [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50 [<ffffffff81075f7c>] do_send_sig_info+0x2c/0x80 [<ffffffff81075fee>] send_sig_info+0x1e/0x30 [<ffffffff8130242d>] aa_audit+0x13d/0x190 [<ffffffff8130c1dc>] aa_audit_file+0xbc/0x130 [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50 [<ffffffff81304cc2>] aa_change_hat+0x202/0x530 [<ffffffff81308fc6>] aa_setprocattr_changehat+0x116/0x1d0 [<ffffffff8130a11d>] apparmor_setprocattr+0x25d/0x300 [<ffffffff812cee56>] security_setprocattr+0x16/0x20 [<ffffffff8121fc87>] proc_pid_attr_write+0x107/0x130 [<ffffffff811b7604>] vfs_write+0xb4/0x1f0 [<ffffffff811b8039>] SyS_write+0x49/0xa0 [<ffffffff8171a1bf>] tracesys+0xe1/0xe6 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-07-12apparmor: fix replacement bug that adds new child to old parentJohn Johansen1-1/+1
When set atomic replacement is used and the parent is updated before the child, and the child did not exist in the old parent so there is no direct replacement then the new child is incorrectly added to the old parent. This results in the new parent not having the child(ren) that it should and the old parent when being destroyed asserting the following error. AppArmor: policy_destroy: internal error, policy '<profile/name>' still contains profiles Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-07-12apparmor: fix refcount bug in profile replacementJohn Johansen1-2/+2
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-07-09Merge tag 'keys-misc-20160708' of ↵James Morris4-11/+29
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
2016-07-08Merge branch 'smack-for-4.8' of https://github.com/cschaufler/smack-next ↵James Morris2-1/+4
into next
2016-07-07MAINTAINERS - Location of the Smack repositoryCasey Schaufler1-1/+1
The Smack working tree has moved from gitorious to github. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2016-07-07samples/seccomp: Add standalone config optionOlof Johansson2-1/+8
Add a separate Kconfig option for SAMPLES_SECCOMP. Main reason for this is that, just like other samples, it's forced to be a module. Without this, since the sample is a target only controlled by CONFIG_SECCOMP_FILTER, the samples will be built before include files are put in place properly. For example, from an arm64 allmodconfig built with "make -sk -j 32" (without specific target), the following happens: samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory So, just stick to the same format as other samples. Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Kees Cook <keescook@chromium.org>
2016-07-07Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux ↵James Morris36-259/+3511
into next
2016-06-30ima: extend the measurement entry specific pcrEric Richter1-3/+3
Extend the PCR supplied as a parameter, instead of assuming that the measurement entry uses the default configured PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: change integrity cache to store measured pcrEric Richter3-3/+11
IMA avoids re-measuring files by storing the current state as a flag in the integrity cache. It will then skip adding a new measurement log entry if the cache reports the file as already measured. If a policy measures an already measured file to a new PCR, the measurement will not be added to the list. This patch implements a new bitfield for specifying which PCR the file was measured into, rather than if it was measured. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: redefine duplicate template entriesEric Richter1-3/+4
Template entry duplicates are prevented from being added to the measurement list by checking a hash table that contains the template entry digests. However, the PCR value is not included in this comparison, so duplicate template entry digests with differing PCRs may be dropped. This patch redefines duplicate template entries as template entries with the same digest and same PCR values. Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: change ima_measurements_show() to display the entry specific pcrEric Richter1-5/+4
IMA assumes that the same default Kconfig PCR is extended for each entry. This patch replaces the default configured PCR with the policy defined PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: include pcr for each measurement log entryEric Richter4-8/+13
The IMA measurement list entries include the Kconfig defined PCR value. This patch defines a new ima_template_entry field for including the PCR as specified in the policy rule. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: extend ima_get_action() to return the policy pcrEric Richter5-7/+14
Different policy rules may extend different PCRs. This patch retrieves the specific PCR for the matched rule. Subsequent patches will include the rule specific PCR in the measurement list and extend the appropriate PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30ima: add policy support for extending different pcrsEric Richter1-1/+28
This patch defines a new IMA measurement policy rule option "pcr=", which allows extending different PCRs on a per rule basis. For example, the system independent files could extend the default IMA Kconfig specified PCR, while the system dependent files could extend a different PCR. The following is an example of this usage with an SELinux policy; the rule would extend PCR 11 with system configuration files: measure func=FILE_CHECK mask=MAY_READ obj_type=system_conf_t pcr=11 Changelog v3: - FIELD_SIZEOF returns bytes, not bits. Fixed INVALID_PCR Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-30integrity: add measured_pcrs field to integrity cacheEric Richter2-0/+3
To keep track of which measurements have been extended to which PCRs, this patch defines a new integrity_iint_cache field named measured_pcrs. This field is a bitmask of the PCRs measured. Each bit corresponds to a PCR index. For example, bit 10 corresponds to PCR 10. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-06-27netlabel: Implement CALIPSO config functions for SMACK.Huw Davies4-0/+238
SMACK uses similar functions to control CIPSO, these are the equivalent functions for CALIPSO and follow exactly the same semantics. int netlbl_cfg_calipso_add(struct calipso_doi *doi_def, struct netlbl_audit *audit_info) Adds a CALIPSO doi. void netlbl_cfg_calipso_del(u32 doi, struct netlbl_audit *audit_info) Removes a CALIPSO doi. int netlbl_cfg_calipso_map_add(u32 doi, const char *domain, const struct in6_addr *addr, const struct in6_addr *mask, struct netlbl_audit *audit_info) Creates a mapping between a domain and a CALIPSO doi. If addr and mask are non-NULL this creates an address-selector type mapping. This also extends netlbl_cfg_map_del() to remove IPv6 address-selector mappings. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27calipso: Add a label cache.Huw Davies8-12/+360
This works in exactly the same way as the CIPSO label cache. The idea is to allow the lsm to cache the result of a secattr lookup so that it doesn't need to perform the lookup for every skbuff. It introduces two sysctl controls: calipso_cache_enable - enables/disables the cache. calipso_cache_bucket_size - sets the size of a cache bucket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27calipso: Add validation of CALIPSO option.Huw Davies3-0/+74
Lengths, checksum and the DOI are checked. Checking of the level and categories are left for the socket layer. CRC validation is performed in the calipso module to avoid unconditionally linking crc_ccitt() into ipv6. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Pass a family parameter to netlbl_skbuff_err().Huw Davies6-12/+19
This makes it possible to route the error to the appropriate labelling engine. CALIPSO is far less verbose than CIPSO when encountering a bogus packet, so there is no need for a CALIPSO error handler. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27calipso: Allow the lsm to label the skbuff directly.Huw Davies6-4/+308
In some cases, the lsm needs to add the label to the skbuff directly. A NF_INET_LOCAL_OUT IPv6 hook is added to selinux to match the IPv4 behaviour. This allows selinux to label the skbuffs that it requires. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27ipv6: constify the skb pointer of ipv6_find_tlv().Huw Davies2-2/+2
Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27calipso: Allow request sockets to be relabelled by the lsm.Huw Davies6-8/+163
Request sockets need to have a label that takes into account the incoming connection as well as their parent's label. This is used for the outgoing SYN-ACK and for their child full-socket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27ipv6: Allow request socks to contain IPv6 options.Huw Davies4-7/+27
If set, these will take precedence over the parent's options during both sending and child creation. If they're not set, the parent's options (if any) will be used. This is to allow the security_inet_conn_request() hook to modify the IPv6 options in just the same way that it already may do for IPv4. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Prevent setsockopt() from changing the hop-by-hop option.Huw Davies1-1/+16
If a socket has a netlabel in place then don't let setsockopt() alter the socket's IPv6 hop-by-hop option. This is in the same spirit as the existing check for IPv4. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27calipso: Set the calipso socket label to match the secattr.Huw Davies10-10/+728
CALIPSO is a hop-by-hop IPv6 option. A lot of this patch is based on the equivalent CISPO code. The main difference is due to manipulating the options in the hop-by-hop header. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Move bitmap manipulation functions to the NetLabel core.Huw Davies3-79/+85
This is to allow the CALIPSO labelling engine to use these. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.Huw Davies2-0/+55
The functionality is equivalent to ipv6_renew_options() except that the newopt pointer is in kernel, not user, memory The kernel memory implementation will be used by the CALIPSO network labelling engine, which needs to be able to set IPv6 hop-by-hop options. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Add support for removing a CALIPSO DOI.Huw Davies4-0/+150
Remove a specified DOI through the NLBL_CALIPSO_C_REMOVE command. It requires the attribute: NLBL_CALIPSO_A_DOI. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Add support for creating a CALIPSO protocol domain mapping.Huw Davies4-5/+89
This extends the NLBL_MGMT_C_ADD and NLBL_MGMT_C_ADDDEF commands to accept CALIPSO protocol DOIs. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Add support for enumerating the CALIPSO DOI list.Huw Davies4-0/+165
Enumerate the DOI list through the NLBL_CALIPSO_C_LISTALL command. It takes no attributes. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Add support for querying a CALIPSO DOI.Huw Davies4-0/+193
Query a specified DOI through the NLBL_CALIPSO_C_LIST command. It requires the attribute: NLBL_CALIPSO_A_DOI. The reply will contain: NLBL_CALIPSO_A_MTYPE Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Initial support for the CALIPSO netlink protocol.Huw Davies12-2/+604
CALIPSO is a packet labelling protocol for IPv6 which is very similar to CIPSO. It is specified in RFC 5570. Much of the code is based on the current CIPSO code. This adds support for adding passthrough-type CALIPSO DOIs through the NLBL_CALIPSO_C_ADD command. It requires attributes: NLBL_CALIPSO_A_TYPE which must be CALIPSO_MAP_PASS. NLBL_CALIPSO_A_DOI. In passthrough mode the CALIPSO engine will map MLS secattr levels and categories directly to the packet label. At this stage, the major difference between this and the CIPSO code is that IPv6 may be compiled as a module. To allow for this the CALIPSO functions are registered at module init time. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Add an address family to domain hash entries.Huw Davies6-58/+192
The reason is to allow different labelling protocols for different address families with the same domain. This requires the addition of an address family attribute in the netlink communication protocol. It is used in several messages: NLBL_MGMT_C_ADD and NLBL_MGMT_C_ADDDEF take it as an optional attribute for the unlabelled protocol. It may be one of AF_INET, AF_INET6 or AF_UNSPEC (to specify both address families). If it is missing, it defaults to AF_UNSPEC. NLBL_MGMT_C_LISTALL and NLBL_MGMT_C_LISTDEF return it as part of the enumeration of each item. Addtionally, it may be sent to LISTDEF to specify which address family to return. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-27netlabel: Mark rcu pointers with __rcu.Huw Davies2-4/+4
This fixes sparse errors of the form: incompatible types in comparison expression (different address spaces) Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-06-25tpm_crb: fix address space of the return pointer in crb_map_res()Jarkko Sakkinen1-1/+1
When running make C=2 M=drivers/char/tpm/ CHECK drivers/char/tpm//tpm_crb.c drivers/char/tpm//tpm_crb.c:248:31: warning: incorrect type in return expression (different address spaces) drivers/char/tpm//tpm_crb.c:248:31: expected void [noderef] <asn:2>* drivers/char/tpm//tpm_crb.c:248:31: got void * CC: stable@vger.kernel.org Fixes: 1bd047be37d9 ("tpm_crb: Use devm_ioremap_resource") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2016-06-25tpm_vtpm_proxy: fix address space of a user pointer in vtpmx_fops_ioctl()Jarkko Sakkinen1-1/+1
When running make C=2 M=drivers/char/tpm/ CC [M] drivers/char/tpm//tpm_crb.o CHECK drivers/char/tpm//tpm_vtpm_proxy.c drivers/char/tpm//tpm_vtpm_proxy.c:552:32: warning: incorrect type in assignment (different address spaces) drivers/char/tpm//tpm_vtpm_proxy.c:552:32: expected struct vtpm_proxy_new_dev *vtpm_new_dev_p drivers/char/tpm//tpm_vtpm_proxy.c:552:32: got void [noderef] <asn:1>*argp drivers/char/tpm//tpm_vtpm_proxy.c:553:51: warning: incorrect type in argument 2 (different address spaces) drivers/char/tpm//tpm_vtpm_proxy.c:553:51: expected void const [noderef] <asn:1>*from drivers/char/tpm//tpm_vtpm_proxy.c:553:51: got struct vtpm_proxy_new_dev *vtpm_new_dev_p drivers/char/tpm//tpm_vtpm_proxy.c:559:34: warning: incorrect type in argument 1 (different address spaces) drivers/char/tpm//tpm_vtpm_proxy.c:559:34: expected void [noderef] <asn:1>*to drivers/char/tpm//tpm_vtpm_proxy.c:559:34: got struct vtpm_proxy_new_dev *vtpm_new_dev_p The __user annotation was missing from the corresponding variable. Fixes: 794c38e01358 ("tpm: Proxy driver for supporting multiple emulated TPMs") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2016-06-25tpm/tpm_tis_spi: Add support for spi phyChristophe Ricard4-0/+309
Spi protocol standardized by the TCG is now supported by most of TPM vendors. It supports SPI Bit Protocol as describe in the TCG PTP specification (chapter 6.4.6 SPI Bit Protocol). Irq mode is not supported. This commit is based on the initial work by Peter Huewe. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm/tpm_tis: Split tpm_tis driver into a core and TCG TIS compliant phyChristophe Ricard5-882/+958
To avoid code duplication between the old tpm_tis and the new and future native tcg tis driver(ie: spi, i2c...), the tpm_tis driver was reworked, so that all common logic is extracted and can be reused from all drivers. The core methods can also be used from other TIS like drivers. itpm workaround is now managed with a specific tis flag TPM_TIS_ITPM_POSSIBLE. This commit is based on the initial work by Peter Huewe. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25devicetree: Add Trusted Computing Group to vendor-prefix.txtChristophe Ricard1-0/+1
Add missing vendor to vendor-prefix.txt. Trusted Computing Group design common specifications for TPM (Trusted Platform Module) vendors. TCG designates a TPM answering to a public specification. This commit is based on the initial work by Peter Huewe. Cc: devicetree@vger.kernel.org Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Acked-by: Rob Herring <robh@kernel.org> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25devicetree: Add infineon to vendor-prefix.txtChristophe Ricard1-0/+1
Add missing vendor to vendor-prefix.txt This commit is based on the initial work by Peter Huewe. Cc: devicetree@vger.kernel.org Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Acked-by: Rob Herring <robh@kernel.org> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm_tis: Introduce intermediate layer for TPM accessChristophe Ricard2-101/+270
This splits tpm_tis in a high-level protocol part and a low-level interface for the actual TPM communication. The low-level interface can then be implemented by additional drivers to provide access to TPMs using other mechanisms, for example native I2C or SPI transfers, while still reusing the same TIS protocol implementation. Though the ioread/iowrite calls cannot fail, other implementations of this interface might want to return error codes if their communication fails. This follows the usual pattern of negative values representing errors and zero representing success. Positive values are not used (yet). Errors are passed back to the caller if possible. If the interface of a function does not allow that, it tries to do the most sensible thing it can, but this might also mean ignoring the error in this instance. This commit is based on the initial work by Peter Huewe. Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm: tpm_tis: Share common data between physChristophe Ricard2-76/+132
Split priv_data structure in common and phy specific structures. This will allow in future patches to reuse the same tis logic on top of new phy such as spi and i2c. Ultimately, other drivers may reuse this tis logic. (e.g: st33zp24...) iobase field is specific to TPM addressed on 0xFED4xxxx on LPC/SPI bus. This commit is based on the initial work by Peter Huewe. Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm: Add include guards in tpm.hChristophe Ricard1-0/+5
Add missing include guards in tpm.h Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm: Fix suspend regressionStefan Berger1-2/+2
Fix the suspend regression due to the wrong way of retrieving the chip structure. The suspend functions are attached to the hardware device, not the chip and thus must rely on drvdata. Fixes: e89f8b1ade9cc1a ("tpm: Remove all uses of drvdata from the TPM Core") Reported-by: Jeremiah Mahler <jmmahler@gmail.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Jeremiah Mahler <jmmahler@gmail.com> Acked-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
2016-06-25tpm: fix for typo in tpm/tpm_ibmvtpm.cStephen Rothwell1-1/+1
Fixes: 28157164b056 ("tpm: Remove useless priv field in struct tpm_vendor_specific") Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm: select ANON_INODES for proxy driverArnd Bergmann1-0/+1
The newly added vtpmx driver fails to build if CONFIG_ANON_INODES is disabled: drivers/char/built-in.o: In function `vtpmx_fops_ioctl': (.text+0x97f8): undefined reference to `anon_inode_getfile' This adds a Kconfig 'select' statement to ensure it's always there when we need it. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 794c38e01358 ("tpm: Proxy driver for supporting multiple emulated TPMs") Acked-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2016-06-25tpm: Fix IRQ unwind ordering in TISJason Gunthorpe1-2/+2
The devm for the IRQ was placed on the chip, not the pdev. This can cause the irq to be still callable after the pdev has been cleaned up (eg priv kfree'd). Found by CONFIG_DEBUG_SHIRQ=y Reported-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Fixes: 233a065e0cd0 ("tpm: Get rid of chip->pdev") Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>