)]}' { "log": [ { "commit": "ee0b31a25a010116f44fca6c96f4516d417793dd", "tree": "d7670d202d0f4888b5213ed73d88c9a80bd05b74", "parents": [ "efde8b6e16f11e7d1681c68d86c7fd51053cada7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 20:39:51 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:29 2012 +1100" }, "message": "keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n\nDefine rcu_assign_keypointer(), which uses the key payload.rcudata instead\nof payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message:\n\"incompatible types in comparison expression (different address spaces)\"\n\nReplace the rcu_assign_pointer() calls in encrypted/trusted keys with\nrcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02473119bc54b0b239c2501064c7a37314347f87", "tree": "e3f0cdfbe4ee67d089ab731f213b2e0f91a3daa1", "parents": [ "50e1499f468fd74c6db95deb2e1e6bfee578ae70" ], "author": { "name": "Andy Shevchenko", "email": "andriy.shevchenko@linux.intel.com", "time": "Mon Oct 31 17:12:55 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:56 2011 -0700" }, "message": "security: follow rename pack_hex_byte() to hex_byte_pack()\n\nThere is no functional change.\n\nSigned-off-by: Andy Shevchenko \u003candriy.shevchenko@linux.intel.com\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022", "tree": "bbdc0709c643e58a22443ab086c6e4aa80329e17", "parents": [ "b78049831ffed65f0b4e61f69df14f3ab17922cb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:52 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:26:05 2011 -0400" }, "message": "trusted-keys: check hex2bin result\n\nFor each hex2bin call in trusted keys, check that the ascii hex string is\nvalid. On failure, return -EINVAL.\n\nChangelog v1:\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "d410fa4ef99112386de5f218dd7df7b4fca910b4", "tree": "e29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe", "parents": [ "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "committer": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu May 19 15:59:38 2011 -0700" }, "message": "Create Documentation/security/,\nmove LSM-, credentials-, and keys-related files from Documentation/\n to Documentation/security/,\nadd Documentation/security/00-INDEX, and\nupdate all occurrences of Documentation/\u003cmoved_file\u003e\n to Documentation/security/\u003cmoved_file\u003e.\n" }, { "commit": "633e804e89464d3875e59de1959a53f9041d3094", "tree": "0a2464267c5f7a4e8166771fdc88e181a5b6219a", "parents": [ "1cc26bada9f6807814806db2f0d78792eecdac71" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 07 15:05:51 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:17:11 2011 +1100" }, "message": "KEYS: Add an RCU payload dereference macro\n\nAdd an RCU payload dereference macro as this seems to be a common piece of code\namongst key types that use RCU referenced payloads.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5403110943a2dcf1f96416d7a412a8b46895facd", "tree": "48e3501e71511200c911315b8bdffde4788d357d", "parents": [ "7f3c68bee977ab872827e44de017216736fe21d7" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Jan 23 22:40:42 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:59:58 2011 +1100" }, "message": "trusted keys: Fix a memory leak in trusted_update().\n\nOne failure path in security/keys/trusted.c::trusted_update() does\nnot free \u0027new_p\u0027 while the others do. This patch makes sure we also free\nit in the remaining path (if datablob_parse() returns different from\nOpt_update).\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4b174b6d281f5c87234fc65bafc02877f565c5cf", "tree": "5c1f0519d2f4d642ac9ecec9a180019fe980958e", "parents": [ "1bae4ce27c9c90344f23c65ea6966c50ffeae2f5" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 18 09:07:11 2011 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:14:22 2011 +1100" }, "message": "trusted-keys: rename trusted_defined files to trusted\n\nRename trusted_defined.c and trusted_defined.h files to trusted.c and\ntrusted.h, respectively. Based on request from David Howells.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "154a96bfcd53b8e5020718c64769e542c44788b9", "tree": "2fc7a4c8992fb4222a6fb47f22907a94da48eebd", "parents": [ "0e7491f685cbc962f2ef977f7b5f8ed0b3100e88" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:27:27 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:59 2011 +1100" }, "message": "trusted-keys: avoid scattring va_end()\n\nWe can avoid scattering va_end() within the\n\n va_start();\n for (;;) {\n\n }\n va_end();\n\nloop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on\nsuccess and negative value otherwise.\n\nMake TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()\nby removing \"va_end()/goto\" from the loop.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e7491f685cbc962f2ef977f7b5f8ed0b3100e88", "tree": "44d27bf6f64b974eb8d177316c3fd77f66324b13", "parents": [ "35576eab390df313095306e2a8216134910e7014" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:25:34 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:56 2011 +1100" }, "message": "trusted-keys: check for NULL before using it\n\nTSS_rawhmac() checks for data !\u003d NULL before using it.\nWe should do the same thing for TSS_authhmac().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "35576eab390df313095306e2a8216134910e7014", "tree": "c35b52f6797ce69091c3e3bc596783f45e19496a", "parents": [ "40c1001792de63e0f90e977eb05393fd71f78692" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Mon Jan 17 09:22:47 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 19 09:53:53 2011 +1100" }, "message": "trusted-keys: another free memory bugfix\n\nTSS_rawhmac() forgot to call va_end()/kfree() when data \u003d\u003d NULL and\nforgot to call va_end() when crypto_shash_update() \u003c 0.\nFix these bugs by escaping from the loop using \"break\"\n(rather than \"return\"/\"goto\") in order to make sure that\nva_end()/kfree() are always called.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "40c1001792de63e0f90e977eb05393fd71f78692", "tree": "7172e92ccefd8f4b8ee42401901ddab5bec687b5", "parents": [ "581548db3b3c0f6e25b500329eb02e3c72e7acbe" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 20 12:37:18 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jan 14 10:27:46 2011 +1100" }, "message": "trusted-keys: free memory bugfix\n\nAdd missing kfree(td) in tpm_seal() before the return, freeing\ntd on error paths as well.\n\nReported-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1bdbb4024c309e470711b434a24fb356fc92edea", "tree": "129f4136a53e0133fcdff81065f2e15fb4aac374", "parents": [ "bc5e0af0b36b6cc9de301074426c279fc9b72675" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:11 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:27 2010 +0530" }, "message": "trusted-keys: kzalloc and other cleanup\n\nCleanup based on David Howells suggestions:\n- replace kzalloc, where possible, with kmalloc\n- revert \u0027const unsigned int\u0027 definitions to \u0027unsigned int\u0027\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bc5e0af0b36b6cc9de301074426c279fc9b72675", "tree": "116b20ec3e81f4a956ecf0fde2dfba11d43117dc", "parents": [ "38ef4c2e437d11b5922723504b62824e96761459" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 13 16:53:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 15 12:14:25 2010 +0530" }, "message": "trusted-keys: additional TSS return code and other error handling\n\nPreviously not all TSS return codes were tested, as they were all eventually\ncaught by the TPM. Now all returns are tested and handled immediately.\n\nThis patch also fixes memory leaks in error and non-error paths.\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "93ae86e759299718c611bc543b9b1633bf32905a", "tree": "e8b054d9df2c2f9e935d656d5eb25c7c6231c940", "parents": [ "b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Nov 29 16:20:04 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 30 09:20:27 2010 +1100" }, "message": "keys: add missing include file for trusted and encrypted keys\n\nThis patch fixes the linux-next powerpc build errors as reported by\nStephen Rothwell.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nTested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d00a1c72f7f4661212299e6cb132dfa58030bcdb", "tree": "2c873e461f42bbf3aea03b7b2e59cea8f941d841", "parents": [ "c749ba912e87ccebd674ae24b97462176c63732e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 17:50:34 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:25 2010 +1100" }, "message": "keys: add new trusted key-type\n\nDefine a new kernel key-type called \u0027trusted\u0027. Trusted keys are random\nnumber symmetric keys, generated and RSA-sealed by the TPM. The TPM\nonly unseals the keys, if the boot PCRs and other criteria match.\nUserspace can only ever see encrypted blobs.\n\nBased on suggestions by Jason Gunthorpe, several new options have been\nadded to support additional usages.\n\nThe new options are:\nmigratable\u003d designates that the key may/may not ever be updated\n (resealed under a new key, new pcrinfo or new auth.)\n\npcrlock\u003dn extends the designated PCR \u0027n\u0027 with a random value,\n so that a key sealed to that PCR may not be unsealed\n again until after a reboot.\n\nkeyhandle\u003d specifies the sealing/unsealing key handle.\n\nkeyauth\u003d specifies the sealing/unsealing key auth.\n\nblobauth\u003d specifies the sealed data auth.\n\nImplementation of a kernel reserved locality for trusted keys will be\ninvestigated for a possible future extension.\n\nChangelog:\n- Updated and added examples to Documentation/keys-trusted-encrypted.txt\n- Moved generic TPM constants to include/linux/tpm_command.h\n (David Howell\u0027s suggestion.)\n- trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure\n error handling, added const qualifiers where appropriate.\n- moved to late_initcall\n- updated from hash to shash (suggestion by David Howells)\n- reduced worst stack usage (tpm_seal) from 530 to 312 bytes\n- moved documentation to Documentation directory (suggestion by David Howells)\n- all the other code cleanups suggested by David Howells\n- Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)\n- New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on\n discussions with Jason Gunthorpe)\n- Free payload on failure to create key(reported/fixed by Roberto Sassu)\n- Updated Kconfig and other descriptions (based on Serge Hallyn\u0027s suggestion)\n- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ] }