1. 16 2月, 2016 1 次提交
    • D
      mm/gup: Introduce get_user_pages_remote() · 1e987790
      Dave Hansen 提交于
      For protection keys, we need to understand whether protections
      should be enforced in software or not.  In general, we enforce
      protections when working on our own task, but not when on others.
      We call these "current" and "remote" operations.
      
      This patch introduces a new get_user_pages() variant:
      
              get_user_pages_remote()
      
      Which is a replacement for when get_user_pages() is called on
      non-current tsk/mm.
      
      We also introduce a new gup flag: FOLL_REMOTE which can be used
      for the "__" gup variants to get this new behavior.
      
      The uprobes is_trap_at_addr() location holds mmap_sem and
      calls get_user_pages(current->mm) on an instruction address.  This
      makes it a pretty unique gup caller.  Being an instruction access
      and also really originating from the kernel (vs. the app), I opted
      to consider this a 'remote' access where protection keys will not
      be enforced.
      
      Without protection keys, this patch should not change any behavior.
      Signed-off-by: NDave Hansen <dave.hansen@linux.intel.com>
      Reviewed-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: jack@suse.cz
      Cc: linux-mm@kvack.org
      Link: http://lkml.kernel.org/r/20160212210154.3F0E51EA@viggo.jf.intel.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
      1e987790
  2. 20 3月, 2012 1 次提交
  3. 28 9月, 2011 1 次提交
  4. 26 9月, 2011 2 次提交
  5. 19 9月, 2011 1 次提交
    • T
      TOMOYO: Allow specifying domain transition preference. · 6bce98ed
      Tetsuo Handa 提交于
      I got an opinion that it is difficult to use exception policy's domain
      transition control directives because they need to match the pathname specified
      to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
      is given, corresponding domain transition control directive needs to be like
      "no_keep_domain /bin/\*\-ls\-cat from any".
      
      If we can specify like below, it will become more convenient.
      
        file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
        file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
        file execute /bin/\*\-ls\-cat child
        file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"
      
      In above examples, "keep" works as if keep_domain is specified, "child" works
      as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
      specified, "<apache>" causes domain transition to <apache> domain upon
      successful execve() operation.
      
      Moreover, we can also allow transition to different domains based on conditions
      like below example.
      
        <kernel> /usr/sbin/sshd
        file execute /bin/bash <kernel> /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
        file execute /bin/bash <kernel> /usr/sbin/sshd //root-session task.uid=0
        file execute /bin/bash <kernel> /usr/sbin/sshd //nonroot-session task.uid!=0
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      6bce98ed
  6. 14 9月, 2011 3 次提交
    • T
      TOMOYO: Avoid race when retrying "file execute" permission check. · a8f76409
      Tetsuo Handa 提交于
      There was a race window that the pathname which is subjected to "file execute"
      permission check when retrying via supervisor's decision because the pathname
      was recalculated upon retry. Though, there is an inevitable race window even
      without supervisor, for we have to calculate the symbolic link's pathname from
      "struct linux_binprm"->filename rather than from "struct linux_binprm"->file
      because we cannot back calculate the symbolic link's pathname from the
      dereferenced pathname.
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      a8f76409
    • T
      TOMOYO: Allow controlling generation of access granted logs for per an entry basis. · 1f067a68
      Tetsuo Handa 提交于
      Add per-entry flag which controls generation of grant logs because Xen and KVM
      issues ioctl requests so frequently. For example,
      
        file ioctl /dev/null 0x5401 grant_log=no
      
      will suppress /sys/kernel/security/tomoyo/audit even if preference says
      grant_log=yes .
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      1f067a68
    • T
      TOMOYO: Add environment variable name restriction support. · d58e0da8
      Tetsuo Handa 提交于
      This patch adds support for checking environment variable's names.
      Although TOMOYO already provides ability to check argv[]/envp[] passed to
      execve() requests,
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"
      
      will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
      defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
      administrators have to specify like
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL
      
      . Since there are many environment variables whereas conditional checks are
      applied as "&&", it is difficult to cover all combinations. Therefore, this
      patch supports conditional checks that are applied as "||", by specifying like
      
        file execute /bin/sh
        misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"
      
      which means "grant execution of /bin/sh if environment variable is not defined
      or is defined and its value is /system/lib".
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      d58e0da8
  7. 14 7月, 2011 1 次提交
  8. 11 7月, 2011 3 次提交
  9. 29 6月, 2011 7 次提交
  10. 02 8月, 2010 19 次提交
  11. 10 5月, 2010 1 次提交