linux/security/integrity, branch v3.3

ima: fix cred sparse warning

2012-01-19T04:59:11Z

Fix ima_policy.c sparse "warning: dereference of noderef expression" message, by accessing cred->uid using current_cred(). Changelog v1: - Change __cred to just cred (based on David Howell's comment) Signed-off-by: Mimi Zohar Signed-off-by: James Morris

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2012-01-18T00:43:39Z

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: digital signature config option name change lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts lib: MPILIB Kconfig description update lib: digital signature dependency fix lib: digital signature config option name change encrypted-keys: fix rcu and sparse messages keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages KEYS: Add missing smp_rmb() primitives to the keyring search code TOMOYO: Accept \000 as a valid character. security: update MAINTAINERS file with new git repo

integrity: digital signature config option name change

2012-01-17T23:46:27Z

Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin Signed-off-by: James Morris

lib: digital signature config option name change

2012-01-17T23:46:21Z

It was reported that DIGSIG is confusing name for digital signature module. It was suggested to rename DIGSIG to SIGNATURE. Requested-by: Linus Torvalds Suggested-by: Pavel Machek Signed-off-by: Dmitry Kasatkin Signed-off-by: James Morris

audit: treat s_id as an untrusted string

2012-01-17T21:17:03Z

The use of s_id should go through the untrusted string path, just to be extra careful. Signed-off-by: Kees Cook Acked-by: Mimi Zohar Signed-off-by: Eric Paris

Merge branch 'next' into for-linus

2012-01-09T01:16:48Z

Conflicts: security/integrity/evm/evm_crypto.c Resolved upstream fix vs. next conflict manually. Signed-off-by: James Morris

evm: prevent racing during tfm allocation

2011-12-20T15:50:08Z

There is a small chance of racing during tfm allocation. This patch fixes it. Signed-off-by: Dmitry Kasatkin Acked-by: Mimi Zohar Signed-off-by: James Morris

evm: key must be set once during initialization

2011-12-20T15:45:45Z

On multi-core systems, setting of the key before every caclculation, causes invalid HMAC calculation for other tfm users, because internal state (ipad, opad) can be invalid before set key call returns. It needs to be set only once during initialization. Signed-off-by: Dmitry Kasatkin Acked-by: Mimi Zohar Signed-off-by: James Morris

ima: fix invalid memory reference

2011-12-20T03:07:54Z

Don't free a valid measurement entry on TPM PCR extend failure. Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar Cc: stable@vger.kernel.org

ima: free duplicate measurement memory

2011-12-20T03:04:32Z

Info about new measurements are cached in the iint for performance. When the inode is flushed from cache, the associated iint is flushed as well. Subsequent access to the inode will cause the inode to be re-measured and will attempt to add a duplicate entry to the measurement list. This patch frees the duplicate measurement memory, fixing a memory leak. Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar Cc: stable@vger.kernel.org