from interrupts for /dev/random and /dev/urandom. The goal is to
addresses weaknesses discussed in the paper "Mining your Ps and Qs:
Detection of Widespread Weak Keys in Network Devices", by Nadia
Heninger, Zakir Durumeric, Eric Wustrow, J. Alex Halderman, which will
be published in the Proceedings of the 21st Usenix Security Symposium,
August 2012. (See https://factorable.net for more information and an
extended version of the paper.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJQF/0DAAoJENNvdpvBGATwIowQAOep9QKtLrBvb2lwIRVmeiy8
lRf7V/tYZnz4FePbR0W92JQfKYkCV8yyOO0bmeRzWL3v4m+lRwDTSyA1DDyQMoH+
LOMzvDKSLJMSXTXdSOIr1WYACphViCR/9CrbMBCKSkYfZLJ1MdaEDxT3rcpTGD0T
6iknUweiSkHHhkerU5yQL7FKzD5kYUe0hsF47w7QVlHRHJsW2fsZqkFoh+RpnhNw
03u+djxNGBo9qV81vZ9D1b0vA9uRlEjoWOOEG2XE4M2iq6TUySueA72dQnCwunfi
3kG/u1Swv2dgq6aRrP3H7zdwhYSourGxziu3jNhEKwKEohrxYY7xjNX3RVeTqP67
AzlKsOTWpRLIDrzjSLlb8VxRQiZewu8Unex3e1G+eo20sbcIObHGrxNp7K00zZvd
QZiMHhOwItwFTe4lBO+XbqH2JKbL9/uJmwh5EipMpQTraKO9E6N3CJiUHjzBLo2K
iGDZxRMKf4gVJRwDxbbP6D70JPVu8ZJ09XVIpsXQ3Z1xNqaMF0QdCmP3ty56q1o0
NvkSXxPKrijZs8Sk0rVDqnJ3ll8PuDnXMv5eDtL42VT818I5WxESn9djjwEanGv0
TYxbFub/NRxmPEE5B2Js5FBpqsLf5f282OSMeS/5WLBbnHJR1OoPoAhGVpHvxntC
bi5FC1OolqhvzVIdsqgt
=u7KM
-----END PGP SIGNATURE-----
Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull random subsystem patches from Ted Ts'o:
"This patch series contains a major revamp of how we collect entropy
from interrupts for /dev/random and /dev/urandom.
The goal is to addresses weaknesses discussed in the paper "Mining
your Ps and Qs: Detection of Widespread Weak Keys in Network Devices",
by Nadia Heninger, Zakir Durumeric, Eric Wustrow, J. Alex Halderman,
which will be published in the Proceedings of the 21st Usenix Security
Symposium, August 2012. (See https://factorable.net for more
information and an extended version of the paper.)"
Fix up trivial conflicts due to nearby changes in
drivers/{mfd/ab3100-core.c, usb/gadget/omap_udc.c}
* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: (33 commits)
random: mix in architectural randomness in extract_buf()
dmi: Feed DMI table to /dev/random driver
random: Add comment to random_initialize()
random: final removal of IRQF_SAMPLE_RANDOM
um: remove IRQF_SAMPLE_RANDOM which is now a no-op
sparc/ldc: remove IRQF_SAMPLE_RANDOM which is now a no-op
[ARM] pxa: remove IRQF_SAMPLE_RANDOM which is now a no-op
board-palmz71: remove IRQF_SAMPLE_RANDOM which is now a no-op
isp1301_omap: remove IRQF_SAMPLE_RANDOM which is now a no-op
pxa25x_udc: remove IRQF_SAMPLE_RANDOM which is now a no-op
omap_udc: remove IRQF_SAMPLE_RANDOM which is now a no-op
goku_udc: remove IRQF_SAMPLE_RANDOM which was commented out
uartlite: remove IRQF_SAMPLE_RANDOM which is now a no-op
drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a no-op
xen-blkfront: remove IRQF_SAMPLE_RANDOM which is now a no-op
n2_crypto: remove IRQF_SAMPLE_RANDOM which is now a no-op
pda_power: remove IRQF_SAMPLE_RANDOM which is now a no-op
i2c-pmcmsp: remove IRQF_SAMPLE_RANDOM which is now a no-op
input/serio/hp_sdc.c: remove IRQF_SAMPLE_RANDOM which is now a no-op
mfd: remove IRQF_SAMPLE_RANDOM which is now a no-op
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJQFgcxAAoJENkgDmzRrbjxQKkP/A0Vuz9ltiRuaMys5Q6nwPYz
pHB1VfTNhCAI+fW8AY3imZD6RngBRk9frezRGkhTwxM33QRPAfZOLUQd0d6PoVD5
rTw8uuA1PwuQIsKAHrFZ27nrdqKb6bWid7tW8ABfpxQzQrVAm3PeUFfvnTT9BsIU
OGiZXQkmojgnuIzJjd1wCBroWCrVyIyR4SJcx6ODYlUNOYdwVbi+jiohsZ23iG5h
cAYQna4y4UDK16LmTHg7xxnB7WDCD1ZZ1gBNeJBM+f0F1S2xxK50NSpqGoq367NN
6QRsZM9mqofMRZgpYSe6Yl9wd/STiMFysNiQHwhSkvhnT+Sf2gpAcZZ570gGdNMN
CR90RcaK+IDJ9i4XMs2LVcjnt3uEznpKhgpq0Lvnw2S0P7KUCbR8ti+jR8LZR/8F
eSVcvEJKOzZSWp6P6BHSHK1K/D/b31/qKXEESAnGGVNRheq4o5jA2TvyzDCAAohH
Y70KCNYO/kqiZGM1bbb/VvmiiaD/aYRHQOg8Ef7wjVE/0HoMRR5xQeW7tonw2krZ
35//eT0AJimAhdZCaw+JkANw+wI+bIQGc8IjHZhvWzSRWH0Fb5SJAWhV7urD4O6K
Nbzclzx2aB6ZNmIsh9cCaJ4a+/i0jO1ql/VJYwBMmwcRLlrYdjLLX/SXcBCY/KFj
yFPzDMqQCOJm9grTxn1m
=kIHV
-----END PGP SIGNATURE-----
Merge tag 'virtio-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
Pull virtio update from Rusty Russell:
"Virtio patches, mainly hotplugging fixes."
* tag 'virtio-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
virtio-blk: return VIRTIO_BLK_F_FLUSH to header.
virtio-blk: allow toggling host cache between writeback and writethrough
virtio-blk: Use block layer provided spinlock
virtio-blk: Reset device after blk_cleanup_queue()
virtio-blk: Call del_gendisk() before disable guest kick
virtio: rng: s3/s4 support
virtio: rng: split out common code in probe / remove for s3/s4 ops
virtio: rng: don't wait on host when module is going away
virtio: rng: allow tasks to be killed that are waiting for rng input
virtio ids: fix comment for virtio-rng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJQFr64AAoJEKurIx+X31iB49IP/0yCikx8IAmj8GlAw1pma7Uo
clBDt/kbxdpAh843xOR6OhmYkXm4vwHPF+cEgr8nuCB7p69kQixQvlY50R38LNiF
WvmKxWfpRTaUSNUekXDarOhKhYevltOiC6yJeHTJ4b6y8wSIXyrH8xtxaYBWG7TD
TxpX02TRp/GhswcEW12jLNeGxZxqyJwmeohcNMFUMK92xHMqRy/P2URLiuYw6YEJ
9QsPiiJVb75X7JN5G441omVMTXVMRWc/a9SYcw2EF2XjfuZi/y0JYg/RqItSlgWA
AfpCdbJ2mPxCypQx1qrlwbM3Amaj2l5+4p8Mxs9vLFm7xoePo+csxDuhQLQaoqw8
ofyYFYgUS7Zbkke3kfcrxuF1tpWxGdc+F+LkofKOr340L0LPjmXKrYKuTs/+vARK
PBA6n8tmd5HmAfSOrLXuF297IMb0pPweKatQKf0NNlfWJGyJLo556GvTiH3B7q9e
xNac2eRLJZ3oHRmSbdJaJXuMuIt03T51CFST4rjq0/v4aaEHyd2XzFh5vHZtDP4z
TIVh8R+W3WrMet2E5xgaUK6W7vEIg5ATvABUHsWWvDftncwHSO4tG0YAYHwxhr76
AHOeM5IrM1lqreByslOhD8RCNz9fqfwHM9WJ5LTk0P+yLZbumuBbIn/2l96SoVT+
y2LKu6najJrhxA+oULxm
=ZFHB
-----END PGP SIGNATURE-----
Merge tag 'please-pull-ia64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux
Pull misc ia64 build fixes from Tony Luck.
* tag 'please-pull-ia64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
[IA64] Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
[IA64] Rename platform_name to ia64_platform_name
[IA64] Mark PARAVIRT and KVM as broken
Pull MIPS updates from Ralf Baechle:
"More hardware support across the field including a bunch of device
drivers. The highlight however really are further steps towards
device tree.
This has been sitting in -next for ages. All MIPS _defconfigs have
been tested to boot or where I don't have hardware available, to at
least build fine."
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (77 commits)
MIPS: Loongson 1B: Add defconfig
MIPS: Loongson 1B: Add board support
MIPS: Netlogic: early console fix
MIPS: Netlogic: Fix indentation of smpboot.S
MIPS: Netlogic: remove cpu_has_dc_aliases define for XLP
MIPS: Netlogic: Remove unused pcibios_fixups
MIPS: Netlogic: Add XLP SoC devices in FDT
MIPS: Netlogic: Add IRQ mappings for more devices
MIPS: Netlogic: USB support for XLP
MIPS: Netlogic: XLP PCIe controller support.
MIPS: Netlogic: Platform changes for XLR/XLS I2C
MIPS: Netlogic: Platform NAND/NOR flash support
MIPS: Netlogic: Platform changes for XLS USB
MIPS: Netlogic: Remove NETLOGIC_ prefix
MIPS: Netlogic: SMP wakeup code update
MIPS: Netlogic: Update comments in smpboot.S
MIPS: BCM63XX: Add 96328avng reference board
MIPS: Expose PCIe drivers for MIPS
MIPS: BCM63XX: Add PCIe Support for BCM6328
MIPS: BCM63XX: Move the PCI initialization into its own function
...
Unregister from the hwrng interface and remove the vq before entering
the S3 or S4 states. Add the vq and re-register with hwrng on restore.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The freeze/restore s3/s4 operations will use code that's common to the
probe and remove routines. Put the common code in separate funcitons.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
No use waiting for input from host when the module is being removed.
We're going to remove the vq in the next step anyway, so just perform
any other steps for cleanup (currently none).
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Use wait_for_completion_killable() instead of wait_for_completion() when
waiting for the host to send us entropy. Without this,
# cat /dev/hwrng
^C
just hangs.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Mix in any architectural randomness in extract_buf() instead of
xfer_secondary_buf(). This allows us to mix in more architectural
randomness, and it also makes xfer_secondary_buf() faster, moving a
tiny bit of additional CPU overhead to process which is extracting the
randomness.
[ Commit description modified by tytso to remove an extended
advertisement for the RDRAND instruction. ]
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: DJ Johnston <dj.johnston@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Pull drm updates from Dave Airlie:
"One of the smaller drm -next pulls in ages!
Ben (nouveau) has a rewrite in progress but we decided to leave it
stew for another cycle, so just some fixes from him.
- radeon: lots of documentation work, fixes, more ring and locking
changes, pcie gen2, more dp fixes.
- i915: haswell features, gpu reset fixes, /dev/agpgart removal on
machines that we never used it on, more VGA/HDP fix., more DP fixes
- drm core: cleanups from Daniel, sis 64-bit fixes, range allocator
colouring.
but yeah fairly quiet merge this time, probably because I missed half
of it!"
Trivial add-add conflict in include/linux/pci_regs.h
* 'drm-next' of git://people.freedesktop.org/~airlied/linux: (255 commits)
drm/nouveau: init vblank requests list
drm/nv50: extend vblank semaphore to generic dmaobj + offset pair
drm/nouveau: mark most of our ioctls as deprecated, move to compat layer
drm/nouveau: move current gpuobj code out of nouveau_object.c
drm/nouveau/gem: fix object reference leak in a failure path
drm/nv50: rename INVALID_QUERY_OR_TEXTURE error to INVALID_OPERATION
drm/nv84: decode PCRYPT errors
drm/nouveau: dcb table quirk for fdo#50830
nouveau: Fix alignment requirements on src and dst addresses
drm/i915: unbreak lastclose for failed driver init
drm/i915: Set the context before setting up regs for the context.
drm/i915: constify mode in crtc_mode_fixup
drm/i915/lvds: ditch ->prepare special case
drm/i915: dereferencing an error pointer
drm/i915: fix invalid reference handling of the default ctx obj
drm/i915: Add -EIO to the list of known errors for __wait_seqno
drm/i915: Flush the context object from the CPU caches upon switching
drm/radeon: fix dpms on/off on trinity/aruba v2
drm/radeon: on hotplug force link training to happen (v2)
drm/radeon: fix hotplug of DP to DVI|HDMI passive adapters (v2)
...
Pull crypto updates from Herbert Xu:
- Fixed algorithm construction hang when self-test fails.
- Added SHA variants to talitos AEAD list.
- New driver for Exynos random number generator.
- Performance enhancements for arc4.
- Added hwrng support to caam.
- Added ahash support to caam.
- Fixed bad kfree in aesni-intel.
- Allow aesni-intel in FIPS mode.
- Added atmel driver with support for AES/3DES/SHA.
- Bug fixes for mv_cesa.
- CRC hardware driver for BF60x family processors.
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (66 commits)
crypto: twofish-avx - remove useless instruction
crypto: testmgr - add aead cbc aes hmac sha1,256,512 test vectors
crypto: talitos - add sha224, sha384 and sha512 to existing AEAD algorithms
crypto: talitos - export the talitos_submit function
crypto: talitos - move talitos structures to header file
crypto: atmel - add new tests to tcrypt
crypto: atmel - add Atmel SHA1/SHA256 driver
crypto: atmel - add Atmel DES/TDES driver
crypto: atmel - add Atmel AES driver
ARM: AT91SAM9G45: add crypto peripherals
crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode
hwrng: exynos - Add support for Exynos random number generator
crypto: aesni-intel - fix wrong kfree pointer
crypto: caam - ERA retrieval and printing for SEC device
crypto: caam - Using alloc_coherent for caam job rings
crypto: algapi - Fix hang on crypto allocation
crypto: arc4 - now arc needs blockcipher support
crypto: caam - one tasklet per job ring
crypto: caam - consolidate memory barriers from job ring en/dequeue
crypto: caam - only query h/w in job ring dequeue path
...
Here's the "big" pull request for 3.6-rc1 for the char/misc drivers.
It's really just a few updates to the mei driver, plus 4 other tiny patches,
nothing big at all.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEYEABECAAYFAlARf9IACgkQMUfUDdst+ymMWwCeJD2h/CN1UDRP+7zqxcEmQ70N
9oMAoJrZnvbqTIGmq7zZAMITO9zCbWqi
=Kke0
-----END PGP SIGNATURE-----
Merge tag 'char-misc-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc patches from Greg Kroah-Hartman:
"Here's the "big" pull request for 3.6-rc1 for the char/misc drivers.
It's really just a few updates to the mei driver, plus 4 other tiny
patches, nothing big at all.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'char-misc-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
mei: use module_pci_driver
powerpc/BSR: cleanup the error path of bsr_init
mei: mei_irq_thread_write_handler - line break fix
mei: streamline the _mei_irq_thread_close/ioctol functions
mei: introduce mei_data2slots wrapper
mei: mei_wd_host_init: update the comment
mei: remove write only wariable wd_due_counter
mei: mei_device can be const for mei register access functions
mei: revamp host buffer interface function
mei: don't query HCSR for host buffer depth
mei: group wd_interface_reg with watchdog variables within struct mei_device
mei: mei_irq_thread_write_handler check for overflow
mei: make mei_write_message more readable
mei: check for error codes that mei_flow_ctrl_creds retuns
misc: at25: Parse dt settings
misc: hpilo: increase number of max supported channels
mei: mei.txt: minor grammar fixes
The following build error occured during a ia64 build with
swap-over-NFS patches applied.
net/core/sock.c:274:36: error: initializer element is not constant
net/core/sock.c:274:36: error: (near initialization for 'memalloc_socks')
net/core/sock.c:274:36: error: initializer element is not constant
This is identical to a parisc build error. Fengguang Wu, Mel Gorman
and James Bottomley did all the legwork to track the root cause of
the problem. This fix and entire commit log is shamelessly copied
from them with one extra detail to change a dubious runtime use of
ATOMIC_INIT() to atomic_set() in drivers/char/mspec.c
Dave Anglin says:
> Here is the line in sock.i:
>
> struct static_key memalloc_socks = ((struct static_key) { .enabled =
> ((atomic_t) { (0) }) });
The above line contains two compound literals. It also uses a designated
initializer to initialize the field enabled. A compound literal is not a
constant expression.
The location of the above statement isn't fully clear, but if a compound
literal occurs outside the body of a function, the initializer list must
consist of constant expressions.
Cc: <stable@vger.kernel.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Pull watchdog changes from Wim Van Sebroeck:
- conversion of iTCO_wdt and orion_wdt to the generic watchdog API
- uses module_platform_driver() for s3c2410_wdt
- Adds support for Jetway JNF99 Motherboard
- various fixes
* git://www.linux-watchdog.org/linux-watchdog:
watchdog: orion_wdt: Convert driver to watchdog core
watchdog: s3c2410_wdt: Use module_platform_driver()
watchdog: sch311x_wdt: Fix Polarity when starting watchdog
Watchdog: OMAP: Fix the runtime pm code to avoid module getting stuck intransition state.
watchdog: ie6xx_wdt: section mismatch in ie6xx_wdt_probe()
watchdog: bcm63xx_wdt: fix driver section mismatch
watchdog: iTCO_wdt.c: convert to watchdog core
char/ipmi: remove local ioctl defines replaced by generic ones
watchdog: xilinx: Read clock frequency directly from DT node
watchdog: coh901327_wdt: use clk_prepare/unprepare
watchdog: f71808e_wdt: Add support for Jetway JNF99 motherboard
Many platforms have per-machine instance data (serial numbers,
asset tags, etc.) squirreled away in areas that are accessed
during early system bringup. Mixing this data into the random
pools has a very high value in providing better random data,
so we should allow (and even encourage) architecture code to
call add_device_randomness() from the setup_arch() paths.
However, this limits our options for internal structure of
the random driver since random_initialize() is not called
until long after setup_arch().
Add a big fat comment to rand_initialize() spelling out
this requirement.
Suggested-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Pull powerpc updates from Benjamin Herrenschmidt:
"Notable highlights:
- iommu improvements from Anton removing the per-iommu global lock in
favor of dividing the DMA space into pools, each with its own lock,
and hashed on the CPU number. Along with making the locking more
fine grained, this gives significant improvements in multiqueue
networking scalability.
- Still from Anton, we know provide a vdso based variant of getcpu
which makes sched_getcpu with the appropriate glibc patch something
like 18 times faster.
- More anton goodness (he's been busy !) in other areas such as a
faster __clear_user and copy_page on P7, various perf fixes to
improve sampling quality, etc...
- One more step toward removing legacy i2c interfaces by using new
device-tree based probing of platform devices for the AOA audio
drivers
- A nice series of patches from Michael Neuling that helps avoiding
confusion between register numbers and litterals in assembly code,
trying to enforce the use of "%rN" register names in gas rather
than plain numbers.
- A pile of FSL updates
- The usual bunch of small fixes, cleanups etc...
You may spot a change to drivers/char/mem. The patch got no comment
or ack from outside, it's a trivial patch to allow the architecture to
skip creating /dev/port, which we use to disable it on ppc64 that
don't have a legacy brige. On those, IO ports 0...64K are not mapped
in kernel space at all, so accesses to /dev/port cause oopses (and
yes, distros -still- ship userspace that bangs hard coded ports such
as kbdrate)."
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: (106 commits)
powerpc/mpic: Create a revmap with enough entries for IPIs and timers
Remove stale .rej file
powerpc/iommu: Fix iommu pool initialization
powerpc/eeh: Check handle_eeh_events() return value
powerpc/85xx: Add phy nodes in SGMII mode for MPC8536/44/72DS & P2020DS
powerpc/e500: add paravirt QEMU platform
powerpc/mpc85xx_ds: convert to unified PCI init
powerpc/fsl-pci: get PCI init out of board files
powerpc/85xx: Update corenet64_smp_defconfig
powerpc/85xx: Update corenet32_smp_defconfig
powerpc/85xx: Rename P1021RDB-PC device trees to be consistent
powerpc/watchdog: move booke watchdog param related code to setup-common.c
sound/aoa: Adapt to new i2c probing scheme
i2c/powermac: Improve detection of devices from device-tree
powerpc: Disable /dev/port interface on systems without an ISA bridge
of: Improve prom_update_property() function
powerpc: Add "memory" attribute for mfmsr()
powerpc/ftrace: Fix assembly trampoline register usage
powerpc/hw_breakpoints: Fix incorrect pointer access
powerpc: Put the gpr save/restore functions in their own section
...
Pull security subsystem updates from James Morris:
"Nothing groundbreaking for this kernel, just cleanups and fixes, and a
couple of Smack enhancements."
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits)
Smack: Maintainer Record
Smack: don't show empty rules when /smack/load or /smack/load2 is read
Smack: user access check bounds
Smack: onlycap limits on CAP_MAC_ADMIN
Smack: fix smack_new_inode bogosities
ima: audit is compiled only when enabled
ima: ima_initialized is set only if successful
ima: add policy for pseudo fs
ima: remove unused cleanup functions
ima: free securityfs violations file
ima: use full pathnames in measurement list
security: Fix nommu build.
samples: seccomp: add .gitignore for untracked executables
tpm: check the chip reference before using it
TPM: fix memleak when register hardware fails
TPM: chip disabled state erronously being reported as error
MAINTAINERS: TPM maintainers' contacts update
Merge branches 'next-queue' and 'next' into next
Remove unused code from MPI library
Revert "crypto: GnuPG based MPI lib - additional sources (part 4)"
...
This watchdog driver had ioctl defines introduced locally
for pre timeout handling, marked to be removed as soon as
a generic replacement would become available.
The latter has actually occurred in 2006, at e05b59fe.
Remove the local duplicates for pre timeout handling.
Signed-off-by: Oskar Schirmer <oskar@scara.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
With the new interrupt sampling system, we are no longer using the
timer_rand_state structure in the irq descriptor, so we can stop
initializing it now.
[ Merged in fixes from Sedat to find some last missing references to
rand_initialize_irq() ]
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Sedat Dilek <sedat.dilek@gmail.com>
This lets us pick up the mei driver changes that we need in order to
handle future merge issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
class_create if succeeded returns a pointer to the struct class,
and if it fails, it returns a value enclosed by the pointer, which
can be read by using PTR_ERR.
Handle the error and return it.
result is for error checking of the alloc_chrdev_region, instead
ret can be used, and also if the alloc_chrdev_region fail,
we are still returning -ENODEV, use ret and the error path will
take care of returning of the ret.
Signed-off-by: Devendra Naga <develkernel412222@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Create a new function, get_random_bytes_arch() which will use the
architecture-specific hardware random number generator if it is
present. Change get_random_bytes() to not use the HW RNG, even if it
is avaiable.
The reason for this is that the hw random number generator is fast (if
it is present), but it requires that we trust the hardware
manufacturer to have not put in a back door. (For example, an
increasing counter encrypted by an AES key known to the NSA.)
It's unlikely that Intel (for example) was paid off by the US
Government to do this, but it's impossible for them to prove otherwise
--- especially since Bull Mountain is documented to use AES as a
whitener. Hence, the output of an evil, trojan-horse version of
RDRAND is statistically indistinguishable from an RDRAND implemented
to the specifications claimed by Intel. Short of using a tunnelling
electronic microscope to reverse engineer an Ivy Bridge chip and
disassembling and analyzing the CPU microcode, there's no way for us
to tell for sure.
Since users of get_random_bytes() in the Linux kernel need to be able
to support hardware systems where the HW RNG is not present, most
time-sensitive users of this interface have already created their own
cryptographic RNG interface which uses get_random_bytes() as a seed.
So it's much better to use the HW RNG to improve the existing random
number generator, by mixing in any entropy returned by the HW RNG into
/dev/random's entropy pool, but to always _use_ /dev/random's entropy
pool.
This way we get almost of the benefits of the HW RNG without any
potential liabilities. The only benefits we forgo is the
speed/performance enhancements --- and generic kernel code can't
depend on depend on get_random_bytes() having the speed of a HW RNG
anyway.
For those places that really want access to the arch-specific HW RNG,
if it is available, we provide get_random_bytes_arch().
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
If the CPU supports a hardware random number generator, use it in
xfer_secondary_pool(), where it will significantly improve things and
where we can afford it.
Also, remove the use of the arch-specific rng in
add_timer_randomness(), since the call is significantly slower than
get_cycles(), and we're much better off using it in
xfer_secondary_pool() anyway.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
Add a new interface, add_device_randomness() for adding data to the
random pool that is likely to differ between two devices (or possibly
even per boot). This would be things like MAC addresses or serial
numbers, or the read-out of the RTC. This does *not* add any actual
entropy to the pool, but it initializes the pool to different values
for devices that might otherwise be identical and have very little
entropy available to them (particularly common in the embedded world).
[ Modified by tytso to mix in a timestamp, since there may be some
variability caused by the time needed to detect/configure the hardware
in question. ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
The real-time Linux folks don't like add_interrupt_randomness() taking
a spinlock since it is called in the low-level interrupt routine.
This also allows us to reduce the overhead in the fast path, for the
random driver, which is the interrupt collection path.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
We've been moving away from add_interrupt_randomness() for various
reasons: it's too expensive to do on every interrupt, and flooding the
CPU with interrupts could theoretically cause bogus floods of entropy
from a somewhat externally controllable source.
This solves both problems by limiting the actual randomness addition
to just once a second or after 64 interrupts, whicever comes first.
During that time, the interrupt cycle data is buffered up in a per-cpu
pool. Also, we make sure the the nonblocking pool used by urandom is
initialized before we start feeding the normal input pool. This
assures that /dev/urandom is returning unpredictable data as soon as
possible.
(Based on an original patch by Linus, but significantly modified by
tytso.)
Tested-by: Eric Wustrow <ewust@umich.edu>
Reported-by: Eric Wustrow <ewust@umich.edu>
Reported-by: Nadia Heninger <nadiah@cs.ucsd.edu>
Reported-by: Zakir Durumeric <zakir@umich.edu>
Reported-by: J. Alex Halderman <jhalderm@umich.edu>.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
Some power systems do not have legacy ISA devices. So, /dev/port is not
a valid interface on these systems. User level tools such as kbdrate is
trying to access the device using this interface which is causing the
system crash.
This patch will fix this issue by not creating this interface on these
powerpc systems.
Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This patch supports Exynos SOC's PRNG driver. Exynos's PRNG has 5 seeds and
5 random number outputs. Module is excuted under runtime power management control,
so it activates only while it's in use. Otherwise it will be suspended generally.
It was tested on PQ board by rngtest program.
Signed-off-by: Jonghwa Lee <jonghwa3.lee@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The legacy PM callbacks provided by the IPMI PCI driver are
empty routines returning 0, so they can be safely dropped.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Corey Minyard <cminyard@mvista.com>
Make the tpm_nsc driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.
This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Make the tpm_tis driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.
This allows the driver to use tpm_pm_suspend() as its suspend
callback directly, without defining its own suspend callback
routine.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Make the tpm_atmel driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.
This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Make the omap-rng driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Make the sonypi driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct acpi_device_ops.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Mattia Dongili <malattia@linux.it>
Commit 45001e9, which added support for RNGA, ignored the previous commit
984e976, which changed the data_present API.
Cc: Matt Mackall <mpm@selenic.com>
Cc: Sascha Hauer <kernel@pengutronix.de>
Cc: Alan Carvalho de Assis <acassis@gmail.com>
Cc: <linux-arm-kernel@lists.infradead.org>
Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drm/i915 now takes care itself of setting up the gtt for
these chips.
Reviewed-by: Eugeni Dodonov <eugeni.dodonov@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iQEcBAABAgAGBQJP53AxAAoJEHm+PkMAQRiGs2QH/RaqkXz96fwjhDcyiKpDqA3c
kGuS5mz5cOhnqKSmR88HFm6pwuhLux/qSJzeAmoQy1MC8a0ACx7AnANW0lfN3/qe
/HGYz8h60yCL/fhn8/bUYtdt9xsoDqoDcq/ooFl9mcsJGWbC6WeMSZU5dAUYqviE
qFrp5zjY07FG53CRGT0hFpezQNwNL+VLH30CF9LD+fJLPVEYum2zBNGXWM42rcw5
fxzGL/6SO8YqA/Upic1ht6HAd6s5LOrlST7qvnyXUMvRXN5z/Y92ueYJZefkS1Om
ohuLIKM2bv9/dJS67H8N2baSKGCzBdfSe5/5WaHdLYW9MiVju0wRl6HPJtAMrkk=
=H8t8
-----END PGP SIGNATURE-----
Merge tag 'v3.5-rc4' into drm-intel-next-queued
I want to merge the "no more fake agp on gen6+" patches into
drm-intel-next (well, the last pieces). But a patch in 3.5-rc4 also
adds a new use of dev->agp. Hence the backmarge to sort this out, for
otherwise drm-intel-next merged into Linus' tree would conflict in the
relevant code, things would compile but nicely OOPS at driver load :(
Conflicts in this merge are just simple cases of "both branches
changed/added lines at the same place". The only tricky part is to
keep the order correct wrt the unwind code in case of errors in
intel_ringbuffer.c (and the MI_DISPLAY_FLIP #defines in i915_reg.h
together, obviously).
Conflicts:
drivers/gpu/drm/i915/i915_reg.h
drivers/gpu/drm/i915/intel_ringbuffer.c
Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
VLV is a gen7 device, but we don't currently handle that in the switch.
So add it and write the PTEs correctly.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
The PTE format is similar to SNB, but we don't support an MLC and don't
need chipset flushing.
Note: I have my questions whether this is right, given that MLC died
for snb & ivb, that ivb has grown a L3$ cache instead (which vlv seems
to have, too) and that the LLC bit here isn't actually LLC, but just
means 'snoop cpu caches'.
But I plan to burn this all with the heat of a thousands suns in my
gtt rework, so who cares ;-)
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
[danvet: Added note.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Pull a crypto fix from Herbert Xu:
"This push fixes another bug in the atmel-rng that made it produce
completely useless output."
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
hwrng: atmel-rng - fix data valid check
If a driver calls tpm_dev_vendor_release for a device already released
then the driver will oops.
Signed-off-by: Andi Shyti <andi.shyti@gmail.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
tpm_do_selftest() attempts to read a PCR in order to
decide if one can rely on the TPM being used or not.
The function that's used by __tpm_pcr_read() does not
expect the TPM to be disabled or deactivated, and if so,
reports an error.
It's fine if the TPM returns this error when trying to
use it for the first time after a power cycle, but it's
definitely not if it already returned success for a
previous attempt to read one of its PCRs.
The tpm_do_selftest() was modified so that the driver only
reports this return code as an error when it really is.
Reported-and-tested-by: Paul Bolle <pebolle@tiscali.nl>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Usual contact update, Debora Velarde role resign, and the new
co-maintainer inclusion, Kent Yoder. He's accepted to contribute
more actively to this driver's maintainership given the current
maintainer's slight career change that will affect his contribution
time.
[Replacing Debora Velarde by Kent Yoder]
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
When drm/i915 is in control of the gtt, we need to call
the enable function at all the relevant places ourselves.
Reviewed-by: Jani Nikula <jani.nikula@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
We need this thing much earlier, and it doesn't make sense
in the hw enabling function intel_enable_gtt - this does not
change over a suspend/resume cycle ...
Reviewed-by: Jani Nikula <jani.nikula@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>