Merge remote branch 'fsl-linux-sdk/imx_3.0.35' into imx_3.0.35_android

Conflicts:
	arch/arm/configs/imx6_defconfig
	arch/arm/configs/imx6_updater_defconfig
	arch/arm/configs/imx6s_defconfig
	arch/arm/include/asm/dma-mapping.h
	arch/arm/kernel/smp.c
	arch/arm/mach-mx6/Kconfig
	arch/arm/mach-mx6/board-mx6dl_arm2.h
	arch/arm/mach-mx6/board-mx6dl_sabresd.h
	arch/arm/mach-mx6/board-mx6q_arm2.c
	arch/arm/mach-mx6/board-mx6q_arm2.h
	arch/arm/mach-mx6/board-mx6q_sabreauto.c
	arch/arm/mach-mx6/board-mx6q_sabreauto.h
	arch/arm/mach-mx6/board-mx6q_sabrelite.c
	arch/arm/mach-mx6/board-mx6q_sabresd.c
	arch/arm/mach-mx6/board-mx6q_sabresd.h
	arch/arm/mach-mx6/board-mx6sl_arm2.c
	arch/arm/mach-mx6/board-mx6sl_arm2.h
	arch/arm/mach-mx6/board-mx6solo_sabreauto.h
	arch/arm/mach-mx6/bus_freq.c
	arch/arm/mach-mx6/clock.c
	arch/arm/mach-mx6/clock_mx6sl.c
	arch/arm/mach-mx6/cpu.c
	arch/arm/mach-mx6/crm_regs.h
	arch/arm/mach-mx6/devices-imx6q.h
	arch/arm/mach-mx6/devices.c
	arch/arm/mach-mx6/mx6_anatop_regulator.c
	arch/arm/mach-mx6/pcie.c
	arch/arm/mach-mx6/system.c
	arch/arm/mm/dma-mapping.c
	arch/arm/plat-mxc/devices/Makefile
	arch/arm/plat-mxc/devices/platform-imx-dcp.c
	arch/arm/plat-mxc/devices/platform-imx-ocotp.c
	arch/arm/plat-mxc/devices/platform-imx-rngb.c
	arch/arm/plat-mxc/devices/platform-mxc_hdmi.c
	arch/arm/plat-mxc/include/mach/devices-common.h
	arch/arm/plat-mxc/include/mach/esdhc.h
	arch/arm/plat-mxc/include/mach/iomux-mx6dl.h
	arch/arm/plat-mxc/include/mach/iomux-mx6q.h
	arch/arm/plat-mxc/include/mach/memory.h
	arch/arm/plat-mxc/include/mach/mx6.h
	arch/arm/plat-mxc/include/mach/mxc_edid.h
	arch/arm/plat-mxc/include/mach/mxc_hdmi.h
	arch/arm/plat-mxc/system.c
	drivers/Kconfig
	drivers/char/hw_random/fsl-rngc.c
	drivers/cpufreq/Makefile
	drivers/cpufreq/cpufreq_interactive.c
	drivers/crypto/Kconfig
	drivers/crypto/caam/caamalg.c
	drivers/crypto/caam/compat.h
	drivers/crypto/caam/ctrl.c
	drivers/crypto/caam/desc_constr.h
	drivers/crypto/caam/intern.h
	drivers/crypto/dcp.c
	drivers/dma/pch_dma.c
	drivers/input/keyboard/gpio_keys.c
	drivers/input/touchscreen/egalax_ts.c
	drivers/input/touchscreen/max11801_ts.c
	drivers/media/video/mxc/capture/Kconfig
	drivers/media/video/mxc/capture/adv7180.c
	drivers/media/video/mxc/capture/ipu_csi_enc.c
	drivers/media/video/mxc/capture/ipu_prp_vf_sdc.c
	drivers/media/video/mxc/capture/ipu_prp_vf_sdc_bg.c
	drivers/media/video/mxc/capture/mxc_v4l2_capture.c
	drivers/media/video/mxc/capture/ov5640_mipi.c
	drivers/media/video/mxc/output/mxc_vout.c
	drivers/misc/Kconfig
	drivers/misc/Makefile
	drivers/mmc/card/block.c
	drivers/mmc/core/mmc.c
	drivers/mmc/host/mmci.c
	drivers/mmc/host/sdhci-esdhc-imx.c
	drivers/mmc/host/sdhci.c
	drivers/mmc/host/sdhci.h
	drivers/mxc/Kconfig
	drivers/mxc/Makefile
	drivers/mxc/asrc/mxc_asrc.c
	drivers/mxc/gpu-viv/arch/XAQ2/hal/kernel/gc_hal_kernel_context.c
	drivers/mxc/gpu-viv/arch/XAQ2/hal/kernel/gc_hal_kernel_hardware.c
	drivers/mxc/gpu-viv/hal/kernel/gc_hal_kernel.c
	drivers/mxc/gpu-viv/hal/kernel/gc_hal_kernel.h
	drivers/mxc/gpu-viv/hal/kernel/gc_hal_kernel_command.c
	drivers/mxc/gpu-viv/hal/kernel/gc_hal_kernel_event.c
	drivers/mxc/gpu-viv/hal/kernel/inc/gc_hal.h
	drivers/mxc/gpu-viv/hal/kernel/inc/gc_hal_base.h
	drivers/mxc/gpu-viv/hal/kernel/inc/gc_hal_options.h
	drivers/mxc/gpu-viv/hal/os/linux/kernel/gc_hal_kernel_os.c
	drivers/mxc/ipu3/ipu_device.c
	drivers/mxc/vpu/mxc_vpu.c
	drivers/net/fec.c
	drivers/net/wireless/Makefile
	drivers/power/sabresd_battery.c
	drivers/regulator/core.c
	drivers/tty/serial/imx.c
	drivers/usb/core/hub.c
	drivers/usb/gadget/arcotg_udc.c
	drivers/usb/gadget/fsl_updater.c
	drivers/usb/gadget/inode.c
	drivers/usb/host/ehci-hub.c
	drivers/video/mxc/ldb.c
	drivers/video/mxc/mipi_dsi.c
	drivers/video/mxc/mxc_dispdrv.c
	drivers/video/mxc/mxc_dispdrv.h
	drivers/video/mxc/mxc_edid.c
	drivers/video/mxc/mxc_elcdif_fb.c
	drivers/video/mxc/mxc_ipuv3_fb.c
	drivers/video/mxc/mxc_spdc_fb.c
	drivers/video/mxc_hdmi.c
	drivers/watchdog/imx2_wdt.c
	fs/proc/base.c
	include/linux/mmc/host.h
	include/linux/mmc/sdhci.h
	include/linux/mxc_v4l2.h
	kernel/power/main.c
	sound/soc/codecs/mxc_hdmi.c
	sound/soc/codecs/mxc_spdif.c
	sound/soc/codecs/wm8962.c
	sound/soc/imx/Kconfig
	sound/soc/imx/Makefile
	sound/soc/imx/imx-cs42888.c
	sound/soc/imx/imx-esai.c
	sound/soc/imx/imx-wm8958.c
	sound/soc/imx/imx-wm8962.c

6 files changed, 44 insertions, 26 deletions

diff --git a/security/commoncap.c b/security/commoncap.c
index 1322b6aa648d..ccfe568b396f 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -28,6 +28,7 @@
 #include <linux/prctl.h>
 #include <linux/securebits.h>
 #include <linux/user_namespace.h>
+#include <linux/personality.h>
 
 #ifdef CONFIG_ANDROID_PARANOID_NETWORK
 #include <linux/android_aid.h>
@@ -519,6 +520,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
 	}
 skip:
 
+	/* if we have fs caps, clear dangerous personality flags */
+	if (!cap_issubset(new->cap_permitted, old->cap_permitted))
+		bprm->per_clear |= PER_CLEAR_ON_SETID;
+
+
 	/* Don't let someone trace a set[ug]id/setpcap binary with the revised
 	 * credentials unless they have the appropriate permit
 	 */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index da36d2c085a4..5335605571fe 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -177,8 +177,8 @@ void ima_store_measurement(struct ima_iint_cache *iint, struct file *file,
 	strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
 
 	result = ima_store_template(entry, violation, inode);
-	if (!result)
+	if (!result || result == -EEXIST)
 		iint->flags |= IMA_MEASURED;
-	else
+	if (result < 0)
 		kfree(entry);
 }
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 8e28f04a5e2e..55a6271bce7a 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -23,6 +23,8 @@
 #include <linux/slab.h>
 #include "ima.h"
 
+#define AUDIT_CAUSE_LEN_MAX 32
+
 LIST_HEAD(ima_measurements);	/* list of all measurements */
 
 /* key: inode (before secure-hashing a file) */
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash)
 
 	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
 	if (result != 0)
-		pr_err("IMA: Error Communicating to TPM chip\n");
+		pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
+		       result);
 	return result;
 }
 
@@ -106,14 +109,16 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 {
 	u8 digest[IMA_DIGEST_SIZE];
 	const char *audit_cause = "hash_added";
+	char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
 	int audit_info = 1;
-	int result = 0;
+	int result = 0, tpmresult = 0;
 
 	mutex_lock(&ima_extend_list_mutex);
 	if (!violation) {
 		memcpy(digest, entry->digest, sizeof digest);
 		if (ima_lookup_digest_entry(digest)) {
 			audit_cause = "hash_exists";
+			result = -EEXIST;
 			goto out;
 		}
 	}
@@ -128,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 	if (violation)		/* invalidate pcr */
 		memset(digest, 0xff, sizeof digest);
 
-	result = ima_pcr_extend(digest);
-	if (result != 0) {
-		audit_cause = "TPM error";
+	tpmresult = ima_pcr_extend(digest);
+	if (tpmresult != 0) {
+		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
+			 tpmresult);
+		audit_cause = tpm_audit_cause;
 		audit_info = 0;
 	}
 out:
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index cfe2d72d3fb7..e2b74ebdc383 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -139,7 +139,9 @@ static void sel_netport_insert(struct sel_netport *port)
 	if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
 		struct sel_netport *tail;
 		tail = list_entry(
-			rcu_dereference(sel_netport_hash[idx].list.prev),
+			rcu_dereference_protected(
+				sel_netport_hash[idx].list.prev,
+				lockdep_is_held(&sel_netport_lock)),
 			struct sel_netport, list);
 		list_del_rcu(&tail->list);
 		call_rcu(&tail->rcu, sel_netport_free);
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 35459340019e..27a96732b872 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1241,6 +1241,7 @@ static int sel_make_bools(void)
 		kfree(bool_pending_names[i]);
 	kfree(bool_pending_names);
 	kfree(bool_pending_values);
+	bool_num = 0;
 	bool_pending_names = NULL;
 	bool_pending_values = NULL;
 
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 9fc2e15841c9..892494ac58e2 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -205,30 +205,32 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
 	if (flags & MS_REMOUNT) {
 		type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
 		flags &= ~MS_REMOUNT;
-	}
-	if (flags & MS_MOVE) {
-		type = TOMOYO_MOUNT_MOVE_KEYWORD;
-		flags &= ~MS_MOVE;
-	}
-	if (flags & MS_BIND) {
+	} else if (flags & MS_BIND) {
 		type = TOMOYO_MOUNT_BIND_KEYWORD;
 		flags &= ~MS_BIND;
-	}
-	if (flags & MS_UNBINDABLE) {
-		type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
-		flags &= ~MS_UNBINDABLE;
-	}
-	if (flags & MS_PRIVATE) {
+	} else if (flags & MS_SHARED) {
+		if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
+			return -EINVAL;
+		type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
+		flags &= ~MS_SHARED;
+	} else if (flags & MS_PRIVATE) {
+		if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
+			return -EINVAL;
 		type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
 		flags &= ~MS_PRIVATE;
-	}
-	if (flags & MS_SLAVE) {
+	} else if (flags & MS_SLAVE) {
+		if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE))
+			return -EINVAL;
 		type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
 		flags &= ~MS_SLAVE;
-	}
-	if (flags & MS_SHARED) {
-		type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
-		flags &= ~MS_SHARED;
+	} else if (flags & MS_UNBINDABLE) {
+		if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
+			return -EINVAL;
+		type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
+		flags &= ~MS_UNBINDABLE;
+	} else if (flags & MS_MOVE) {
+		type = TOMOYO_MOUNT_MOVE_KEYWORD;
+		flags &= ~MS_MOVE;
 	}
 	if (!type)
 		type = "<NULL>";