Add reset API at usb_gadget_driver, it calls disconnect handler currently,
but may do different things in future.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Add reset API at usb_gadget_driver, it calls disconnect handler currently,
but may do different things in future.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Adding reset API for UDC bus reset handler is useful for below
two issues.
Current disconnect API at usb_gadget_driver is also invoked at
udc's bus reset handler, but the document says it is invoked when
the host is disconnected.
Besides, we may expect the gadget_driver to do different things
for host sends bus reset and host disconnects gadget, eg, we may not
want to flush dirty page for mass storage at bus reset, and want to
do it at disconnection.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
initrds above 4GB - Yinghai Lu
* Relocate GOT entries in the x86 EFI boot stub now that we have
symbols with global visibility - Matt Fleming
* fdt memory reservation fix for arm64 - Mark Salter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUDqq/AAoJEC84WcCNIz1VgzEP/1Ax+XnXQjIRMGcR7gHolcan
lzBzDL3afEp28LcWevmDZ9Bp4VRFjCRecg1gdI64HJhn+b7Ay1iPX/hUaIqfgPfb
ptY8uAomNAwDyxC7z0S13GNiZZxPKB6eHnoV8t2Hi3uM8oUnkca/WTXHOyXs+gJG
4fQZtXWn/T8j7vAXuHGSbdH1pF4HYf2vX9i0c7iWVIcKyl+Oe5xGMcql4BqPJnAz
6hN9etyRMWF37CHZjD1pH0YHhRMJ6uuqUFvUQZt2q+OPUzgYVPv1Es6984r5q2CI
HHQK2RSfHifYhNuLHuQo+8hOzz41pTriUrrDLDYk9SXDaJM4nHF6n2AXvra320P3
Xa0TR87+DxOdCM+1s1LeLl/9wMrwz1tgx8m9St16yISnRcGkkJrWYeV9z4PXYsi5
Qe1uGFS4eVWMAGVuaQgOP/olLAOxr1Vxwrnci+mg4Zh5LgohDZ4FBqbDdMeP3GIF
vuI+yNnH9jxqmKZXD7wKtxVmS5s3vB3bH0+H8fFCMdBfUWqcM2CA0QJjSCsYGgkB
mv5jaccRBk8WlI4KrDDuJ2BzM5prg59XTsO0m8oaloCk8b2OEvOte3XsF1DAkYh+
DnMbESfyDJxc6OFzq6pzAFeY5JUbSgWe0AwnyDJ3Woo9qCCpSkQHImllohRuXVgO
BruJYYr5r55mjhyDWzJk
=DjZA
-----END PGP SIGNATURE-----
Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent
Pull EFI fixes from Matt Fleming:
* Fix early boot regression affecting x86 EFI boot stub when loading
initrds above 4GB - Yinghai Lu
* Relocate GOT entries in the x86 EFI boot stub now that we have
symbols with global visibility - Matt Fleming
* fdt memory reservation fix for arm64 - Mark Salter
Signed-off-by: Ingo Molnar <mingo@kernel.org>
There is no need to use hex_dump_to_buffer() since we have a kernel helper to
dump up to 64 bytes just via printk(). In our case the actual size is 15 bytes.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
We need "idx" to be signed for the error handling to work.
Fixes: 6d5c1c77bb ('usb: gadget: f_fs: fix the redundant ep files problem')
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Attach strings to gadget with usb_strings_attach.
It is required for correct instantiation of functions more than once:
instead of modifying the local uvc_en_us_strings a function instance
specific copy is created with usb_gstrings_attach.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
There are no users of the old interface left. Remove it.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Use the new function interface of f_uvc.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJUCIKhAAoJEBmUBAuBoyj0MJUQAIPVfnuSzBlNru29jf0qJ4wp
XKcHm/TWm17/ZFTpA/m2UwTpvPSztK+JSYWH2xM6Ks6bQhbhyLKe6SZHaYbeHVRr
xPuUU2idHjSXKg/MqlKWZIABj+jyoP3f7xvHvXalmj48ZAZtJoCrXdmMjG1lTA69
jbS1FM6EcNORXxPVc8KdGeFvlj47LOFVXv0Em4huWb1U6tqurgs4RVwkhYdTCmfj
DG59pf4SK+4P3r4GZSBtm47CKbIFfNEzdz7wy5Iq+RvJ5/hBmhbDp6TB9EgWL1Mo
xnsMuvASE4FQq5aefWDR4+d/Arrhovp8DNiRmPNWA/tWlx0AfMJ7rnaPvk3/RnkY
YqHoE5CGWbbtK7L+9NQt6ENW0fJDSc6006k0Uzyfty4mIi4YAEhqQ7rvxLWfH+TK
6iyZUOfWT+0hLPX8XhCvIQYUqvkq9EYm5DrENxYW2U6ePU5jjYuZ1mdoTkiKMFTe
9SQCTYrdGsRMJ+I7qyiHFR931cJoWe8hA7HSZ3iYGvjFReWwfNQ8e9J1rVu++J5Y
qopDz/E6jptlx6/aDPI4wtU/5P3NDH/olVmhrahy9XJITJ22474AlhzVMOp8pIrY
jnypiuX36z5sai2U/2eD4ltZh8hChDEZEM7bMsH+wlP4jnLxcep4oSlzh6HsOMu1
nPxXHMfUOsnfuZwUuzmm
=/AYx
-----END PGP SIGNATURE-----
Merge tag 'socfpga_update_for_v3.18' of git://git.rocketboards.org/linux-socfpga-next into next/dt
Pull "arm: dts: Add Altera SDRAM EDAC bindings & devicetree entries" From Dinh Nguyen:
5 of the 6 patches are DTS updates and the 1 patch is updating
the MAINTAINERS entry with my new email address.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
* tag 'socfpga_update_for_v3.18' of git://git.rocketboards.org/linux-socfpga-next:
arm: dts: Add Altera SDRAM EDAC bindings & devicetree entries.
ARM: dts: socfpga: memreserve first 4KB for future system use
ARM: dts: socfpga: Add SD card detect
ARM: dts: socfpga: remove extra alias in the ArriaV devkit
ARM: dts: socfpga: unuse the slot-node and deprecate the supports-highspeed for dw-mmc
MAINTAINERS: update entries for ARM/SOCFPGA platform
Use the new function registration interface. It is required
in order to integrate configfs support.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
[Updated copyright years]
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Compile uvc_queue, uvc_v4l2, uvc_video separately so that later they can
be all combined in a separately compiled f_uvc.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
[Make uvc_v4l2_ioctl_ops non-static]
[Rename __UVC__V4L2__H__ and __UVC__VIDEO__H__]
[Update MAINTAINERS]
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Prepare for separate compilation of uvc function's components.
Some symbols will have to be exported, so rename to avoid
conflicts with functions of the same name in host uvc.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Tested-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
[Rename uvc_video_pump and uvc_queue_head as well]
[Rename forgotten uvc_queue_cancel instance in a comment]
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
The kbuild test bot generated the warning:
drivers/usb/gadget/function/f_sourcesink.c:1498: warning: comparison is
always false due to limited range of data type
This patch fixes it.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Amit Virdi <amit.virdi@st.com>
CC: Felipe Balbi <balbi@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
commit a38b1f60b5 ("ARM: pxa: Add non device-tree timer link to
clocksource") introduced a harmless section mismatch warning for
all pxa platforms, by introducing a new pxa_timer_init() function
that is not marked __init but that calls pxa_timer_nodt_init(),
which is.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
mach-kirkwood has been removed, now that kirkwood lives in mach-mvebu.
ARCH_MVEBU is sufficient.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Link: https://lkml.kernel.org/r/1409417172-6846-8-git-send-email-andrew@lunn.ch
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
mach-kirkwood has been removed, now that kirkwood lives in mach-mvebu.
Use MACH_KIRKWOOD which will be set when kirkwood is built as part of
mach-mvebu.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Bryan Wu <cooloney@gmail.com>
Cc: Richard Purdie <rpurdie@rpsys.net>
Cc: linux-leds@vger.kernel.org
Link: https://lkml.kernel.org/r/1409417172-6846-5-git-send-email-andrew@lunn.ch
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
mach-kirkwood has been removed, now that kirkwood lives in mach-mvebu.
Depend on MACH_KIRKWOOD, which will be set when kirkwood is built as
part of ARCH_MVEBU.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Cc: Zhang Rui <rui.zhang@intel.com>
Cc: linux-pm@vger.kernel.org
Acked-by: Eduardo Valentin <edubezval@gmail.com>
Link: https://lkml.kernel.org/r/1409417172-6846-4-git-send-email-andrew@lunn.ch
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Commit 21278aeafb ("ARM: use menuconfig for sub-arch menus") improved
the sub-arch menus, but accidentally caused new warnings for omap1.
This was because the commit added a menu entry around config ARCH_OMAP
bool entry where the menu had depends on ARCH_MULTI_V6 || ARCH_MULTI_V7.
As ARCH_OMAP is shared between omap1 and omap2plus, let's fix the
issue by defining ARCH_OMAP in the shared plat-omap/Kconfig.
Fixes: 21278aeafb ("ARM: use menuconfig for sub-arch menus")
Reported-by: Andreas Ruprecht <rupran@einserver.de>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
mach-kirkwood has been removed, now that kirkwood lives in mach-mvebu.
Use MACH_KIRKWOOD, which is set when kirkwood is built as part of
mach-mvebu.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: linux-pm@vger.kernel.org
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
Link: https://lkml.kernel.org/r/1409417172-6846-2-git-send-email-andrew@lunn.ch
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
The nft_masq expression is intended to perform NAT in the masquerade flavour.
We decided to have the masquerade functionality in a separated expression other
than nft_nat.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Let's refactor the code so we can reach the masquerade functionality
from outside the xt context (ie. nftables).
The patch includes the addition of an atomic counter to the masquerade
notifier: the stuff to be done by the notifier is the same for xt and
nftables. Therefore, only one notification handler is needed.
This factorization only involves IPv6; a similar patch exists to
handle IPv4.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Let's refactor the code so we can reach the masquerade functionality
from outside the xt context (ie. nftables).
The patch includes the addition of an atomic counter to the masquerade
notifier: the stuff to be done by the notifier is the same for xt and
nftables. Therefore, only one notification handler is needed.
This factorization only involves IPv4; a similar patch follows to
handle IPv6.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This is already done for x_tables (family AF_INET and AF_INET6), let's
do it for AF_BRIDGE also.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Both SNAT and DNAT (and the upcoming masquerade) can have additional
configuration parameters, such as port randomization and NAT addressing
persistence. We can cover these scenarios by simply adding a flag
attribute for userspace to fill when needed.
The flags to use are defined in include/uapi/linux/netfilter/nf_nat.h:
NF_NAT_RANGE_MAP_IPS
NF_NAT_RANGE_PROTO_SPECIFIED
NF_NAT_RANGE_PROTO_RANDOM
NF_NAT_RANGE_PERSISTENT
NF_NAT_RANGE_PROTO_RANDOM_FULLY
NF_NAT_RANGE_PROTO_RANDOM_ALL
The caller must take care of not messing up with the flags, as they are
added unconditionally to the final resulting nf_nat_range.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch extend the NFT_MSG_DELTABLE call to support flushing the entire
ruleset.
The options now are:
* No family speficied, no table specified: flush all the ruleset.
* Family specified, no table specified: flush all tables in the AF.
* Family specified, table specified: flush the given table.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch refactor the code to schedule objects deletion.
They are useful in follow-up patches.
In order to be able to use these new helper functions in all the code,
they are placed in the top of the file, with all the dependant functions
and symbols.
nft_rule_disactivate_next has been renamed to nft_rule_deactivate.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The skb_find_text() accepts uninitialized textsearch state variable.
Signed-off-by: Bojan Prtvar <prtvar.b@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Use union to reserve the required stack space for sockopt data
which is less than the currently hardcoded value of 128.
Now the tables for commands should be more readable.
The checks added for readability are optimized by compiler,
others warn at compile time if command uses too much
stack or exceeds the storage of set_arglen and get_arglen.
As Dan Carpenter points out, we can run for unprivileged user,
so we can silent some error messages.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
CC: Dan Carpenter <dan.carpenter@oracle.com>
CC: Andrey Utkin <andrey.krieger.utkin@gmail.com>
CC: David Binderman <dcb314@hotmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Add devgroup support to let us match device group of a packets incoming
or outgoing interface.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
For the sake of homogenize the function naming scheme, let's rename
nf_table_delrule_by_chain() to nft_delrule_by_chain().
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch adds a helper function to unregister chain hooks in the chain
deletion path. Basically, a code factorization.
The new function is useful in follow-up patches.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This helper function always schedule the rule to be removed in the following
transaction.
In follow-up patches, it is interesting to handle separately the logic of rule
activation/disactivation from the transaction mechanism.
So, this patch simply splits the original nf_tables_delrule_one() in two
functions, allowing further control.
While at it, for the sake of homigeneize the function naming scheme, let's
rename nf_tables_delrule_one() to nft_delrule().
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Use the exported IPv6 NAT functions that are provided by the core. This
removes duplicated code so iptables and nft use the same NAT codebase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
PM entries of LPSS power domain were not implemented correctly
in commit c78b083066 "ACPI / LPSS: custom power domain for LPSS".
This patch fixes and completes these PM entries.
Fixes: c78b083066 (ACPI / LPSS: custom power domain for LPSS)
Signed-off-by: Li Aubrey <aubrey.li@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Move the specific NAT IPv6 core functions that are called from the
hooks from ip6table_nat.c to nf_nat_l3proto_ipv6.c. This prepares the
ground to allow iptables and nft to use the same NAT engine code that
comes in a follow up patch.
This also renames nf_nat_ipv6_fn to nft_nat_ipv6_fn in
net/ipv6/netfilter/nft_chain_nat_ipv6.c to avoid a compilation breakage.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The kernel print macros use the KBUILD_MODNAME, which is initialized
to the module name. The current integrity/Makefile makes every file
as its own module, so pr_xxx messages are prefixed with the file name
instead of the module. Similar to the evm/Makefile and ima/Makefile,
this patch fixes the integrity/Makefile to use the single name
'integrity'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The integrity subsystem has lots of options and takes more than
half of the security menu. This patch consolidates the options
under "integrity", which are hidden if not enabled. This change
does not affect existing configurations. Re-configuration is not
needed.
Changes v4:
- no need to change "integrity subsystem" to menuconfig as
options are hidden, when not enabled. (Mimi)
- add INTEGRITY Kconfig help description
Changes v3:
- dependency to INTEGRITY removed when behind 'if INTEGRITY'
Changes v2:
- previous patch moved integrity out of the 'security' menu.
This version keeps integrity as a security option (Mimi).
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
For better visual appearance it is better to co-locate
asymmetric key options together with signature support.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
IMA uses only one template. This patch initializes only required
template to avoid unnecessary memory allocations.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Reviewed-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
In all cases except ima_bprm_check() the filename was not defined
and ima_d_path() was used to find the full path. Unfortunately,
the bprm filename is a relative pathname (eg. ./<dir>/filename).
ima_bprm_check() selects between bprm->interp and bprm->filename.
The following dump demonstrates the differences between using
filename and interp.
bprm->filename
filename: ./foo.sh, pathname: /root/bin/foo.sh
filename: ./foo.sh, pathname: /bin/dash
bprm->interp
filename: ./foo.sh, pathname: /root/bin/foo.sh
filename: /bin/sh, pathname: /bin/dash
In both cases the pathnames are currently the same. This patch
removes usage of filename and interp in favor of d_absolute_path.
Changes v3:
- 11 extra bytes for "deleted" not needed (Mimi)
- purpose "replace relative bprm filename with full pathname" (Mimi)
Changes v2:
- use d_absolute_path() instead of d_path to work in chroot environments.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
ima_get_action() sets the "action" flags based on policy.
Before collecting, measuring, appraising, or auditing the
file, the "action" flag is updated based on the cached
iint->flags.
This patch removes the subsequent unnecessary appraisal
test in ima_appraise_measurement().
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Add missing keywords to the function definition to cleanup
to discard initialization code.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Reviewed-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
'function' variable value can be changed instead of
allocating extra '_func' variable.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Precede bit testing before string comparison makes code
faster. Also refactor statement as a single line pointer
assignment. Logic is following: we set 'xattr_ptr' to read
xattr value when we will do appraisal or in any case when
measurement template is other than 'ima'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Commit f381c27 "integrity: move ima inode integrity data management"
(re)moved few functions but left their declarations in header files.
This patch removes them and also removes duplicated declaration of
integrity_iint_find().
Commit c7de7ad "ima: remove unused cleanup functions". This patch
removes these definitions as well.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
If file has IMA signature, IMA in enforce mode, but key is missing
then file access is blocked and single error message is printed.
If IMA appraisal is enabled in fix mode, then system runs as usual
but might produce tons of 'Request for unknown key' messages.
This patch switches 'pr_warn' to 'pr_err_ratelimited'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
