diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/Kconfig | 2 | ||||
| -rw-r--r-- | security/keys/compat.c | 2 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 2 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 2 | ||||
| -rw-r--r-- | security/keys/trusted.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 30 |
6 files changed, 35 insertions, 5 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 19c053b8230..4f554f20dc9 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -9,7 +9,7 @@ config IMA select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 - select TCG_TPM if !S390 + select TCG_TPM if !S390 && !UML select TCG_TIS if TCG_TPM help The Trusted Computing Group(TCG) runtime Integrity diff --git a/security/keys/compat.c b/security/keys/compat.c index 338b510e902..4c48e13448f 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c @@ -38,7 +38,7 @@ long compat_keyctl_instantiate_key_iov( ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc, ARRAY_SIZE(iovstack), - iovstack, &iov); + iovstack, &iov, 1); if (ret < 0) return ret; if (ret == 0) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index f33804c1b4c..dcc843cb0f8 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -293,7 +293,7 @@ static char *datablob_format(struct encrypted_key_payload *epayload, /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ bufp = &ascii_buf[len]; for (i = 0; i < (asciiblob_len - len) / 2; i++) - bufp = pack_hex_byte(bufp, iv[i]); + bufp = hex_byte_pack(bufp, iv[i]); out: return ascii_buf; } diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index eca51918c95..0b3f5d72af1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1065,7 +1065,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, goto no_payload; ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, - ARRAY_SIZE(iovstack), iovstack, &iov); + ARRAY_SIZE(iovstack), iovstack, &iov, 1); if (ret < 0) return ret; if (ret == 0) diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0964fc23694..0ed5fdf238a 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -1098,7 +1098,7 @@ static long trusted_read(const struct key *key, char __user *buffer, bufp = ascii_buf; for (i = 0; i < p->blob_len; i++) - bufp = pack_hex_byte(bufp, p->blob[i]); + bufp = hex_byte_pack(bufp, p->blob[i]); if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { kfree(ascii_buf); return -EFAULT; diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 150911c7ff0..c47d3ce6c73 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -966,6 +966,9 @@ static bool tomoyo_manager(void) return found; } +static struct tomoyo_domain_info *tomoyo_find_domain_by_qid +(unsigned int serial); + /** * tomoyo_select_domain - Parse select command. * @@ -999,6 +1002,8 @@ static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, } else if (!strncmp(data, "domain=", 7)) { if (tomoyo_domain_def(data + 7)) domain = tomoyo_find_domain(data + 7); + } else if (sscanf(data, "Q=%u", &pid) == 1) { + domain = tomoyo_find_domain_by_qid(pid); } else return false; head->w.domain = domain; @@ -1894,6 +1899,7 @@ static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait); /* Structure for query. */ struct tomoyo_query { struct list_head list; + struct tomoyo_domain_info *domain; char *query; size_t query_len; unsigned int serial; @@ -2044,6 +2050,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) goto out; } len = tomoyo_round2(entry.query_len); + entry.domain = r->domain; spin_lock(&tomoyo_query_list_lock); if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len @@ -2091,6 +2098,29 @@ out: } /** + * tomoyo_find_domain_by_qid - Get domain by query id. + * + * @serial: Query ID assigned by tomoyo_supervisor(). + * + * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. + */ +static struct tomoyo_domain_info *tomoyo_find_domain_by_qid +(unsigned int serial) +{ + struct tomoyo_query *ptr; + struct tomoyo_domain_info *domain = NULL; + spin_lock(&tomoyo_query_list_lock); + list_for_each_entry(ptr, &tomoyo_query_list, list) { + if (ptr->serial != serial || ptr->answer) + continue; + domain = ptr->domain; + break; + } + spin_unlock(&tomoyo_query_list_lock); + return domain; +} + +/** * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. * * @file: Pointer to "struct file". |