Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux...
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 3 May 2017 15:50:52 +0000 (08:50 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 3 May 2017 15:50:52 +0000 (08:50 -0700)
Pull security subsystem updates from James Morris:
 "Highlights:

  IMA:
   - provide ">" and "<" operators for fowner/uid/euid rules

  KEYS:
   - add a system blacklist keyring

   - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
     functionality to userland via keyctl()

  LSM:
   - harden LSM API with __ro_after_init

   - add prlmit security hook, implement for SELinux

   - revive security_task_alloc hook

  TPM:
   - implement contextual TPM command 'spaces'"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
  tpm: Fix reference count to main device
  tpm_tis: convert to using locality callbacks
  tpm: fix handling of the TPM 2.0 event logs
  tpm_crb: remove a cruft constant
  keys: select CONFIG_CRYPTO when selecting DH / KDF
  apparmor: Make path_max parameter readonly
  apparmor: fix parameters so that the permission test is bypassed at boot
  apparmor: fix invalid reference to index variable of iterator line 836
  apparmor: use SHASH_DESC_ON_STACK
  security/apparmor/lsm.c: set debug messages
  apparmor: fix boolreturn.cocci warnings
  Smack: Use GFP_KERNEL for smk_netlbl_mls().
  smack: fix double free in smack_parse_opts_str()
  KEYS: add SP800-56A KDF support for DH
  KEYS: Keyring asymmetric key restrict method with chaining
  KEYS: Restrict asymmetric key linkage using a specific keychain
  KEYS: Add a lookup_restriction function for the asymmetric key type
  KEYS: Add KEYCTL_RESTRICT_KEYRING
  KEYS: Consistent ordering for __key_link_begin and restrict check
  KEYS: Add an optional lookup_restriction hook to key_type
  ...

1  2 
fs/namei.c
include/linux/compat.h
include/linux/init_task.h
include/linux/sched.h
kernel/fork.c
security/Kconfig
security/keys/gc.c
security/keys/keyctl.c
security/keys/process_keys.c
security/security.c
security/selinux/nlmsgtab.c

diff --cc fs/namei.c
Simple merge
Simple merge
index 82be96564266ca80647a06833e386162b7537b81,926f2f553cc5bcf930a5bf1a9d6977b433d2069f..e049526bc188f765c7521653cf6fb90a574bc673
@@@ -297,7 -294,7 +303,8 @@@ extern struct cred init_cred
        INIT_VTIME(tsk)                                                 \
        INIT_NUMA_BALANCING(tsk)                                        \
        INIT_KASAN(tsk)                                                 \
 +      INIT_LIVEPATCH(tsk)                                             \
+       INIT_TASK_SECURITY                                              \
  }
  
  
index 1e590c3bd5815a798b6ede321e738fca4437e474,71b8df306bb04f66229fc7f3e287d643f5174b26..3d4fa448223fd60f0af37f3b6b274483593af468
@@@ -1044,8 -1038,9 +1044,12 @@@ struct task_struct 
        /* A live task holds one reference: */
        atomic_t                        stack_refcount;
  #endif
 +#ifdef CONFIG_LIVEPATCH
 +      int patch_state;
++#endif
+ #ifdef CONFIG_SECURITY
+       /* Used by LSM modules for access restriction: */
+       void                            *security;
  #endif
        /* CPU-specific state of this task: */
        struct thread_struct            thread;
diff --cc kernel/fork.c
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge