linux/security, branch v3.3-rc2

Merge git://git.samba.org/sfrench/cifs-2.6

2012-01-23T16:59:49Z

* git://git.samba.org/sfrench/cifs-2.6: CIFS: Rename *UCS* functions to *UTF16* [CIFS] ACL and FSCACHE support no longer EXPERIMENTAL [CIFS] Fix build break with multiuser patch when LANMAN disabled cifs: warn about impending deprecation of legacy MultiuserMount code cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts cifs: sanitize username handling keys: add a "logon" key type cifs: lower default wsize when unix extensions are not used cifs: better instrumentation for coalesce_t2 cifs: integer overflow in parse_dacl() cifs: Fix sparse warning when calling cifs_strtoUCS CIFS: Add descriptions to the brlock cache functions

keys: fix user_defined key sparse messages

2012-01-19T05:16:29Z

Replace the rcu_assign_pointer() calls with rcu_assign_keypointer(). Signed-off-by: Mimi Zohar Signed-off-by: David Howells Signed-off-by: James Morris

ima: fix cred sparse warning

2012-01-19T04:59:11Z

Fix ima_policy.c sparse "warning: dereference of noderef expression" message, by accessing cred->uid using current_cred(). Changelog v1: - Change __cred to just cred (based on David Howell's comment) Signed-off-by: Mimi Zohar Signed-off-by: James Morris

keys: add a "logon" key type

2012-01-18T04:39:40Z

For CIFS, we want to be able to store NTLM credentials (aka username and password) in the keyring. We do not, however want to allow users to fetch those keys back out of the keyring since that would be a security risk. Unfortunately, due to the nuances of key permission bits, it's not possible to do this. We need to grant search permissions so the kernel can find these keys, but that also implies permissions to read the payload. Resolve this by adding a new key_type. This key type is essentially the same as key_type_user, but does not define a .read op. This prevents the payload from ever being visible from userspace. This key type also vets the description to ensure that it's "qualified" by checking to ensure that it has a ':' in it that is preceded by other characters. Acked-by: David Howells Signed-off-by: Jeff Layton Signed-off-by: Steve French

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2012-01-18T00:43:39Z

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: digital signature config option name change lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts lib: MPILIB Kconfig description update lib: digital signature dependency fix lib: digital signature config option name change encrypted-keys: fix rcu and sparse messages keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages KEYS: Add missing smp_rmb() primitives to the keyring search code TOMOYO: Accept \000 as a valid character. security: update MAINTAINERS file with new git repo

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit

2012-01-18T00:41:31Z

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits) audit: no leading space in audit_log_d_path prefix audit: treat s_id as an untrusted string audit: fix signedness bug in audit_log_execve_info() audit: comparison on interprocess fields audit: implement all object interfield comparisons audit: allow interfield comparison between gid and ogid audit: complex interfield comparison helper audit: allow interfield comparison in audit rules Kernel: Audit Support For The ARM Platform audit: do not call audit_getname on error audit: only allow tasks to set their loginuid if it is -1 audit: remove task argument to audit_set_loginuid audit: allow audit matching on inode gid audit: allow matching on obj_uid audit: remove audit_finish_fork as it can't be called audit: reject entry,always rules audit: inline audit_free to simplify the look of generic code audit: drop audit_set_macxattr as it doesn't do anything audit: inline checks for not needing to collect aux records audit: drop some potentially inadvisable likely notations ... Use evil merge to fix up grammar mistakes in Kconfig file. Bad speling and horrible grammar (and copious swearing) is to be expected, but let's keep it to commit messages and comments, rather than expose it to users in config help texts or printouts.

integrity: digital signature config option name change

2012-01-17T23:46:27Z

Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin Signed-off-by: James Morris

lib: digital signature config option name change

2012-01-17T23:46:21Z

It was reported that DIGSIG is confusing name for digital signature module. It was suggested to rename DIGSIG to SIGNATURE. Requested-by: Linus Torvalds Suggested-by: Pavel Machek Signed-off-by: Dmitry Kasatkin Signed-off-by: James Morris

encrypted-keys: fix rcu and sparse messages

2012-01-17T23:41:30Z

Enabling CONFIG_PROVE_RCU and CONFIG_SPARSE_RCU_POINTER resulted in "suspicious rcu_dereference_check() usage!" and "incompatible types in comparison expression (different address spaces)" messages. Access the masterkey directly when holding the rwsem. Changelog v1: - Use either rcu_read_lock()/rcu_derefence_key()/rcu_read_unlock() or remove the unnecessary rcu_derefence() - David Howells Reported-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar Signed-off-by: David Howells Signed-off-by: James Morris

keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages

2012-01-17T23:41:29Z

Define rcu_assign_keypointer(), which uses the key payload.rcudata instead of payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message: "incompatible types in comparison expression (different address spaces)" Replace the rcu_assign_pointer() calls in encrypted/trusted keys with rcu_assign_keypointer(). Signed-off-by: Mimi Zohar Signed-off-by: David Howells Signed-off-by: James Morris