kernel/linux.git/security/tomoyo, branch v4.9.104

mm: replace get_user_pages_remote() write/force parameters with gup_flags

2016-10-19T15:12:02+00:00

This removes the 'write' and 'force' from get_user_pages_remote() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Reviewed-by: Jan Kara Signed-off-by: Linus Torvalds

fs: rename "rename2" i_op to "rename"

2016-09-27T09:03:58+00:00

Generated patch: sed -i "s/\.rename2\t/\.rename\t\t/" `git grep -wl rename2` sed -i "s/\brename2\b/rename/g" `git grep -wl rename2` Signed-off-by: Miklos Szeredi

vfs: remove unused i_op->rename

2016-09-27T09:03:58+00:00

No in-tree uses remain. Signed-off-by: Miklos Szeredi

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2016-07-30T00:38:46+00:00

Pull security subsystem updates from James Morris: "Highlights: - TPM core and driver updates/fixes - IPv6 security labeling (CALIPSO) - Lots of Apparmor fixes - Seccomp: remove 2-phase API, close hole where ptrace can change syscall #" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (156 commits) apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family) tpm: Factor out common startup code tpm: use devm_add_action_or_reset tpm2_i2c_nuvoton: add irq validity check tpm: read burstcount from TPM_STS in one 32-bit transaction tpm: fix byte-order for the value read by tpm2_get_tpm_pt tpm_tis_core: convert max timeouts from msec to jiffies apparmor: fix arg_size computation for when setprocattr is null terminated apparmor: fix oops, validate buffer size in apparmor_setprocattr() apparmor: do not expose kernel stack apparmor: fix module parameters can be changed after policy is locked apparmor: fix oops in profile_unpack() when policy_db is not present apparmor: don't check for vmalloc_addr if kvzalloc() failed apparmor: add missing id bounds check on dfa verification apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task apparmor: use list_next_entry instead of list_entry_next apparmor: fix refcount race when finding a child profile apparmor: fix ref count leak when profile sha1 hash is read apparmor: check that xindex is in trans_table bounds ...

vfs: make the string hashes salt the hash

2016-06-11T03:21:46+00:00

We always mixed in the parent pointer into the dentry name hash, but we did it late at lookup time. It turns out that we can simplify that lookup-time action by salting the hash with the parent pointer early instead of late. A few other users of our string hashes also wanted to mix in their own pointers into the hash, and those are updated to use the same mechanism. Hash users that don't have any particular initial salt can just use the NULL pointer as a no-salt. Cc: Vegard Nossum Cc: George Spelvin Cc: Al Viro Signed-off-by: Linus Torvalds

security: tomoyo: simplify the gc kthread creation

2016-06-06T10:23:55+00:00

The code is doing the equivalent of the kthread_run macro. Signed-off-by: Mike Danese Acked-by: Tetsuo Handa Signed-off-by: James Morris

constify security_sb_pivotroot()

2016-03-28T04:47:52+00:00

Signed-off-by: Al Viro

constify security_path_chroot()

2016-03-28T04:47:51+00:00

Signed-off-by: Al Viro

constify security_path_{link,rename}

2016-03-28T04:47:36+00:00

Signed-off-by: Al Viro

constify security_path_{mkdir,mknod,symlink}

2016-03-28T04:47:27+00:00

... as well as unix_mknod() and may_o_create() Signed-off-by: Al Viro