- 29 4月, 2019 1 次提交
-
-
由 Paul Moore 提交于
Prevent userspace from changing the the /proc/PID/attr values if the task's credentials are currently overriden. This not only makes sense conceptually, it also prevents some really bizarre error cases caused when trying to commit credentials to a task with overridden credentials. Cc: <stable@vger.kernel.org> Reported-by: N"chengjian (D)" <cj.chengjian@huawei.com> Signed-off-by: NPaul Moore <paul@paul-moore.com> Acked-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NJames Morris <james.morris@microsoft.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 16 4月, 2019 1 次提交
-
-
由 Tetsuo Handa 提交于
KMSAN will complain if valid address length passed to bind()/connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 04 4月, 2019 1 次提交
-
-
由 Ondrej Mosnacek 提交于
The implementation of kernfs_security_xattr_*() helpers reuses the kernfs_node_xattr_*() functions, which take the suffix of the xattr name and extract full xattr name from it using xattr_full_name(). However, this function relies on the fact that the suffix passed to xattr handlers from VFS is always constructed from the full name by just incerementing the pointer. This doesn't necessarily hold for the callers of kernfs_security_xattr_*(), so their usage will easily lead to out-of-bounds access. Fix this by moving the xattr name reconstruction to the VFS xattr handlers and replacing the kernfs_security_xattr_*() helpers with more general kernfs_xattr_*() helpers that take full xattr name and allow accessing all kernfs node's xattrs. Reported-by: Nkernel test robot <rong.a.chen@intel.com> Fixes: b230d5ab ("LSM: add new hook for kernfs node initialization") Fixes: ec882da5 ("selinux: implement the kernfs_init_security hook") Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 31 3月, 2019 1 次提交
-
-
由 Paul Moore 提交于
Update MAINTAINERS to reflect that there are no SELinux headers under include/linux, but we do have include/uapi/linux/selinux_netlink.h. Reported-by: NJoe Perches <joe@perches.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 25 3月, 2019 3 次提交
-
-
由 Arnd Bergmann 提交于
clang correctly points out a code path that would lead to an uninitialized variable use: security/selinux/netlabel.c:310:6: error: variable 'addr' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] if (ip_hdr(skb)->version == 4) { ^~~~~~~~~~~~~~~~~~~~~~~~~ security/selinux/netlabel.c:322:40: note: uninitialized use occurs here rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr); ^~~~ security/selinux/netlabel.c:310:2: note: remove the 'if' if its condition is always true if (ip_hdr(skb)->version == 4) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ security/selinux/netlabel.c:291:23: note: initialize the variable 'addr' to silence this warning struct sockaddr *addr; ^ = NULL This is probably harmless since we should not see ipv6 packets of CONFIG_IPV6 is disabled, but it's better to rearrange the code so this cannot happen. Signed-off-by: NArnd Bergmann <arnd@arndb.de> [PM: removed old patchwork link, fixed checkpatch.pl style errors] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
The code incorrectly assigned directly to the variables instead of the values they point to. Since the values are already set to NULL/0 at the beginning of the function, we can simply remove these useless assignments. Reported-by: NHariprasad Kelam <hariprasad.kelam@gmail.com> Fixes: fede1483 ("selinux: log invalid contexts in AVCs") Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> [PM: removed a bad comment that was causing compiler warnings] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
Apparently without it it is incorrect syntax and causes a warning about undocumented struct field. Fixes: b230d5ab ("LSM: add new hook for kernfs node initialization") Reported-by: Nkbuild test robot <lkp@intel.com> Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 23 3月, 2019 1 次提交
-
-
由 YueHaibing 提交于
Fix sparse warning: security/selinux/hooks.c:3389:5: warning: symbol 'selinux_kernfs_init_security' was not declared. Should it be static? Signed-off-by: NYueHaibing <yuehaibing@huawei.com> Acked-by: NOndrej Mosnacek <omosnace@redhat.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 21 3月, 2019 7 次提交
-
-
由 Ondrej Mosnacek 提交于
Use the new security_kernfs_init_security() hook to allow LSMs to possibly assign a non-default security context to a newly created kernfs node based on the attributes of the new node and also its parent node. This fixes an issue with cgroupfs under SELinux, where newly created cgroup subdirectories/files would not inherit its parent's context if it had been set explicitly to a non-default value (other than the genfs context specified by the policy). This can be reproduced as follows (on Fedora/RHEL): # mkdir /sys/fs/cgroup/unified/test # # Need permissive to change the label under Fedora policy: # setenforce 0 # chcon -t container_file_t /sys/fs/cgroup/unified/test # ls -lZ /sys/fs/cgroup/unified total 0 -r--r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.controllers -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.max.depth -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.max.descendants -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.procs -r--r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.stat -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.subtree_control -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 cgroup.threads drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 init.scope drwxr-xr-x. 26 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:21 system.slice drwxr-xr-x. 3 root root system_u:object_r:container_file_t:s0 0 Jan 29 03:15 test drwxr-xr-x. 3 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:06 user.slice # mkdir /sys/fs/cgroup/unified/test/subdir Actual result: # ls -ldZ /sys/fs/cgroup/unified/test/subdir drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:15 /sys/fs/cgroup/unified/test/subdir Expected result: # ls -ldZ /sys/fs/cgroup/unified/test/subdir drwxr-xr-x. 2 root root unconfined_u:object_r:container_file_t:s0 0 Jan 29 03:15 /sys/fs/cgroup/unified/test/subdir Link: https://github.com/SELinuxProject/selinux-kernel/issues/39Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
The hook applies the same logic as selinux_determine_inode_label(), with the exception of the super_block handling, which will be enforced on the actual inodes later by other hooks. Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> [PM: minor merge fixes] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
This patch introduces a new security hook that is intended for initializing the security data for newly created kernfs nodes, which provide a way of storing a non-default security context, but need to operate independently from mounts (and therefore may not have an associated inode at the moment of creation). The main motivation is to allow kernfs nodes to inherit the context of the parent under SELinux, similar to the behavior of security_inode_init_security(). Other LSMs may implement their own logic for handling the creation of new nodes. This patch also adds helper functions to <linux/kernfs.h> for getting/setting security xattrs of a kernfs node so that LSMs hooks are able to do their job. Other important attributes should be accessible direcly in the kernfs_node fields (in case there is need for more, then new helpers should be added to kernfs.h along with the patch that needs them). Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> [PM: more manual merge fixes] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
Replace the special handling of security xattrs with simple_xattrs, as is already done for the trusted xattrs. This simplifies the code and allows LSMs to use more than just a single xattr to do their business. Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> [PM: manual merge fixes] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
Since kernfs supports the security xattr handlers, we can simply use these to determine the inode's context, dropping the need to update it from kernfs explicitly using a security_inode_notifysecctx() call. We achieve this by setting a new sbsec flag SE_SBGENFS_XATTR to all mounts that are known to use kernfs under the hood and then fetching the xattrs after determining the fallback genfs sid in inode_doinit_with_dentry() when this flag is set. This will allow implementing full security xattr support in kernfs and removing the ...notifysecctx() call in a subsequent patch. Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> [PM: more manual merge fixups] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
This is a read-only operation, so we can simply return -ENODATA if kn->iattr is NULL. Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> [PM: minor merge fixes] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Ondrej Mosnacek 提交于
Right now, kernfs_iattrs embeds the whole struct iattr, even though it doesn't really use half of its fields... This both leads to wasting space and makes the code look awkward. Let's just list the few fields we need directly in struct kernfs_iattrs. Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> [PM: merged a number of chunks manually due to fuzz] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 20 3月, 2019 1 次提交
-
-
由 Stephen Smalley 提交于
We need to add the object tree include directory to the include path for building mdp in order to pick up generated/autoconf.h. Otherwise, make O=/path/to/objtree breaks. Fixes: e37c1877 ("scripts/selinux: modernize mdp") Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 19 3月, 2019 2 次提交
-
-
由 Paulo Alcantara 提交于
When compiling genheaders and mdp from a newer host kernel, the following error happens: In file included from scripts/selinux/genheaders/genheaders.c:18: ./security/selinux/include/classmap.h:238:2: error: #error New address family defined, please update secclass_map. #error New address family defined, please update secclass_map. ^~~~~ make[3]: *** [scripts/Makefile.host:107: scripts/selinux/genheaders/genheaders] Error 1 make[2]: *** [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2 make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2 make[1]: *** Waiting for unfinished jobs.... Instead of relying on the host definition, include linux/socket.h in classmap.h to have PF_MAX. Signed-off-by: NPaulo Alcantara <paulo@paulo.ac> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> [PM: manually merge in mdp.c, subject line tweaks] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
由 Stephen Smalley 提交于
Derived in part from a patch by Dominick Grift. The MDP example no longer works on modern systems. Fix it. While we are at it, add MLS support and enable it. NB This still does not work on systems using dbus-daemon instead of dbus-broker because dbus-daemon does not yet gracefully handle unknown classes/permissions. This appears to be a deficiency in libselinux's selinux_set_mapping() interface and underlying implementation, which was never fully updated to deal with unknown classes/permissions unlike the kernel. The same problem also occurs with XSELinux. Programs that instead use selinux_check_access() like dbus-broker should not have this problem. Changes to mdp: Add support for devtmpfs, required by modern Linux distributions. Add MLS support, with sample sensitivities, categories, and constraints. Generate fs_use and genfscon rules based on kernel configuration. Update list of filesystem types for fs_use and genfscon rules. Use object_r for object contexts. Changes to install_policy.sh: Bail immediately on any errors. Provide more helpful error messages when unable to find userspace tools. Refuse to run if SELinux is already enabled. Unconditionally move aside /etc/selinux/config and create a new one. Build policy with -U allow so that userspace object managers do not break. Build policy with MLS enabled by default. Create seusers, failsafe_context, and default_contexts for use by pam_selinux / libselinux. Create x_contexts for the SELinux X extension. Create virtual_domain_context and virtual_image_context for libvirtd. Set to permissive mode rather than enforcing to permit initial autorelabel. Update the list of filesystem types to be relabeled. Write -F to /.autorelabel to cause a forced autorelabel on reboot. Drop broken attempt to relabel the /dev mountpoint directory. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NDominick Grift <dominick.grift@defensec.nl> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 18 3月, 2019 6 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild由 Linus Torvalds 提交于
Pull more Kbuild updates from Masahiro Yamada: - add more Build-Depends to Debian source package - prefix header search paths with $(srctree)/ - make modpost show verbose section mismatch warnings - avoid hard-coded CROSS_COMPILE for h8300 - fix regression for Debian make-kpkg command - add semantic patch to detect missing put_device() - fix some warnings of 'make deb-pkg' - optimize NOSTDINC_FLAGS evaluation - add warnings about redundant generic-y - clean up Makefiles and scripts * tag 'kbuild-v5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: remove stale lxdialog/.gitignore kbuild: force all architectures except um to include mandatory-y kbuild: warn redundant generic-y Revert "modsign: Abort modules_install when signing fails" kbuild: Make NOSTDINC_FLAGS a simply expanded variable kbuild: deb-pkg: avoid implicit effects coccinelle: semantic code search for missing put_device() kbuild: pkg: grep include/config/auto.conf instead of $KCONFIG_CONFIG kbuild: deb-pkg: introduce is_enabled and if_enabled_echo to builddeb kbuild: deb-pkg: add CONFIG_ prefix to kernel config options kbuild: add workaround for Debian make-kpkg kbuild: source include/config/auto.conf instead of ${KCONFIG_CONFIG} unicore32: simplify linker script generation for decompressor h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- kbuild: move archive command to scripts/Makefile.lib modpost: always show verbose warning for section mismatch ia64: prefix header search path with $(srctree)/ libfdt: prefix header search paths with $(srctree)/ deb-pkg: generate correct build dependencies
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull x86 asm updates from Thomas Gleixner: "Two cleanup patches removing dead conditionals and unused code" * 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/asm: Remove unused __constant_c_x_memset() macro and inlines x86/asm: Remove dead __GNUC__ conditionals
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Thomas Gleixner: "Three fixes for the fallout from the TSX errata workaround: - Prevent memory corruption caused by a unchecked out of bound array index. - Two trivial fixes to address compiler warnings" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel: Make dev_attr_allow_tsx_force_abort static perf/x86: Fixup typo in stub functions perf/x86/intel: Fix memory corruption
-
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip由 Linus Torvalds 提交于
Pull xen fix from Juergen Gross: "A fix for a Xen bug introduced by David's series for excluding ballooned pages in vmcores" * tag 'for-linus-5.1b-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/balloon: Fix mapping PG_offline pages to user space
-
git://github.com/martinetd/linux由 Linus Torvalds 提交于
Pull 9p updates from Dominique Martinet: "Here is a 9p update for 5.1; there honestly hasn't been much. Two fixes (leak on invalid mount argument and possible deadlock on i_size update on 32bit smp) and a fall-through warning cleanup" * tag '9p-for-5.1' of git://github.com/martinetd/linux: 9p/net: fix memory leak in p9_client_create 9p: use inode->i_lock to protect i_size_write() under 32-bit 9p: mark expected switch fall-through
-
- 17 3月, 2019 15 次提交
-
-
由 kbuild test robot 提交于
Fixes: 400816f6 ("perf/x86/intel: Implement support for TSX Force Abort") Signed-off-by: Nkbuild test robot <lkp@intel.com> Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org> Cc: kbuild-all@01.org Cc: Borislav Petkov <bp@alien8.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20190313184243.GA10820@lkp-sb-ep06
-
由 Masahiro Yamada 提交于
When this .gitignore was added, lxdialog was an independent hostprogs-y. Now that all objects in lxdialog/ are directly linked to mconf, the lxdialog is no longer generated. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Masahiro Yamada 提交于
Currently, every arch/*/include/uapi/asm/Kbuild explicitly includes the common Kbuild.asm file. Factor out the duplicated include directives to scripts/Makefile.asm-generic so that no architecture would opt out of the mandatory-y mechanism. um is not forced to include mandatory-y since it is a very exceptional case which does not support UAPI. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Masahiro Yamada 提交于
The generic-y is redundant under the following condition: - arch has its own implementation - the same header is added to generated-y - the same header is added to mandatory-y If a redundant generic-y is found, the warning like follows is displayed: scripts/Makefile.asm-generic:20: redundant generic-y found in arch/arm/include/asm/Kbuild: timex.h I fixed up arch Kbuild files found by this. Suggested-by: NSam Ravnborg <sam@ravnborg.org> Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Douglas Anderson 提交于
This reverts commit caf6fe91. The commit was fine but is no longer needed as of commit 3a2429e1 ("kbuild: change if_changed_rule for multi-line recipe"). Let's go back to using ";" to be consistent. For some discussion, see: https://lkml.kernel.org/r/CAK7LNASde0Q9S5GKeQiWhArfER4S4wL1=R_FW8q0++_X3T5=hQ@mail.gmail.comSigned-off-by: NDouglas Anderson <dianders@chromium.org> Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Douglas Anderson 提交于
During a simple no-op (nothing changed) build I saw 39 invocations of the C compiler with the argument "-print-file-name=include". We don't need to call the C compiler 39 times for this--one time will suffice. Let's change NOSTDINC_FLAGS to a simply expanded variable to avoid this since there doesn't appear to be any reason it should be recursively expanded. On my build this shaved ~400 ms off my "no-op" build. Note that the recursive expansion seems to date back to the (really old) commit e8f5bdb0 ("[PATCH] Makefile include path ordering"). It's a little unclear to me if the point of that patch was to switch the variable to be recursively expanded (which it did) or to avoid directly assigning to NOSTDINC_FLAGS (AKA to switch to +=) because someone else (out of tree?) was setting it. I presume later since if the only goal was to switch to recursive expansion the patch would have just removed the ":". Signed-off-by: NDouglas Anderson <dianders@chromium.org> Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Arseny Maslennikov 提交于
* The man page for dpkg-source(1) notes: > -b, --build directory [format-specific-parameters] > Build a source package (--build since dpkg 1.17.14). > <...> > > dpkg-source will build the source package with the first > format found in this ordered list: the format indicated > with the --format command line option, the format > indicated in debian/source/format, “1.0”. The fallback > to “1.0” is deprecated and will be removed at some point > in the future, you should always document the desired > source format in debian/source/format. See section > SOURCE PACKAGE FORMATS for an extensive description of > the various source package formats. Thus it would be more foolproof to explicitly use 1.0 (as we always did) than to rely on dpkg-source's defaults. * In a similar vein, debian/rules is not made executable by mkdebian, and dpkg-source warns about that but still silently fixes the file. Let's be explicit once again. Signed-off-by: NArseny Maslennikov <ar@cs.msu.ru> Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
由 Wen Yang 提交于
The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. The implementation of this semantic code search is: In a function, for a local variable returned by calling of_find_device_by_node(), a, if it is released by a function such as put_device()/of_dev_put()/platform_device_put() after the last use, it is considered that there is no reference leak; b, if it is passed back to the caller via dev_get_drvdata()/platform_get_drvdata()/get_device(), etc., the reference will be released in other functions, and the current function also considers that there is no reference leak; c, for the rest of the situation, the current function should release the reference by calling put_device, this code search will report the corresponding error message. By using this semantic code search, we have found some object reference leaks, such as: commit 11907e9d ("ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe") commit a12085d1 ("mtd: rawnand: atmel: fix possible object reference leak") commit 11493f26 ("mtd: rawnand: jz4780: fix possible object reference leak") There are still dozens of reference leaks in the current kernel code. Further, for the case of b, the object returned to other functions may also have a reference leak, we will continue to develop other cocci scripts to further check the reference leak. Signed-off-by: NWen Yang <wen.yang99@zte.com.cn> Reviewed-by: NJulia Lawall <Julia.Lawall@lip6.fr> Reviewed-by: NMarkus Elfring <Markus.Elfring@web.de> Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux由 Linus Torvalds 提交于
Pull pidfd system call from Christian Brauner: "This introduces the ability to use file descriptors from /proc/<pid>/ as stable handles on struct pid. Even if a pid is recycled the handle will not change. For a start these fds can be used to send signals to the processes they refer to. With the ability to use /proc/<pid> fds as stable handles on struct pid we can fix a long-standing issue where after a process has exited its pid can be reused by another process. If a caller sends a signal to a reused pid it will end up signaling the wrong process. With this patchset we enable a variety of use cases. One obvious example is that we can now safely delegate an important part of process management - sending signals - to processes other than the parent of a given process by sending file descriptors around via scm rights and not fearing that the given process will have been recycled in the meantime. It also allows for easy testing whether a given process is still alive or not by sending signal 0 to a pidfd which is quite handy. There has been some interest in this feature e.g. from systems management (systemd, glibc) and container managers. I have requested and gotten comments from glibc to make sure that this syscall is suitable for their needs as well. In the future I expect it to take on most other pid-based signal syscalls. But such features are left for the future once they are needed. This has been sitting in linux-next for quite a while and has not caused any issues. It comes with selftests which verify basic functionality and also test that a recycled pid cannot be signaled via a pidfd. Jon has written about a prior version of this patchset. It should cover the basic functionality since not a lot has changed since then: https://lwn.net/Articles/773459/ The commit message for the syscall itself is extensively documenting the syscall, including it's functionality and extensibility" * tag 'pidfd-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: selftests: add tests for pidfd_send_signal() signal: add pidfd_send_signal() syscall
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm由 Linus Torvalds 提交于
Pull device-dax updates from Dan Williams: "New device-dax infrastructure to allow persistent memory and other "reserved" / performance differentiated memories, to be assigned to the core-mm as "System RAM". Some users want to use persistent memory as additional volatile memory. They are willing to cope with potential performance differences, for example between DRAM and 3D Xpoint, and want to use typical Linux memory management apis rather than a userspace memory allocator layered over an mmap() of a dax file. The administration model is to decide how much Persistent Memory (pmem) to use as System RAM, create a device-dax-mode namespace of that size, and then assign it to the core-mm. The rationale for device-dax is that it is a generic memory-mapping driver that can be layered over any "special purpose" memory, not just pmem. On subsequent boots udev rules can be used to restore the memory assignment. One implication of using pmem as RAM is that mlock() no longer keeps data off persistent media. For this reason it is recommended to enable NVDIMM Security (previously merged for 5.0) to encrypt pmem contents at rest. We considered making this recommendation an actively enforced requirement, but in the end decided to leave it as a distribution / administrator policy to allow for emulation and test environments that lack security capable NVDIMMs. Summary: - Replace the /sys/class/dax device model with /sys/bus/dax, and include a compat driver so distributions can opt-in to the new ABI. - Allow for an alternative driver for the device-dax address-range - Introduce the 'kmem' driver to hotplug / assign a device-dax address-range to the core-mm. - Arrange for the device-dax target-node to be onlined so that the newly added memory range can be uniquely referenced by numa apis" NOTE! I'm not entirely happy with the whole "PMEM as RAM" model because we currently have special - and very annoying rules in the kernel about accessing PMEM only with the "MC safe" accessors, because machine checks inside the regular repeat string copy functions can be fatal in some (not described) circumstances. And apparently the PMEM modules can cause that a lot more than regular RAM. The argument is that this happens because PMEM doesn't necessarily get scrubbed at boot like RAM does, but that is planned to be added for the user space tooling. Quoting Dan from another email: "The exposure can be reduced in the volatile-RAM case by scanning for and clearing errors before it is onlined as RAM. The userspace tooling for that can be in place before v5.1-final. There's also runtime notifications of errors via acpi_nfit_uc_error_notify() from background scrubbers on the DIMM devices. With that mechanism the kernel could proactively clear newly discovered poison in the volatile case, but that would be additional development more suitable for v5.2. I understand the concern, and the need to highlight this issue by tapping the brakes on feature development, but I don't see PMEM as RAM making the situation worse when the exposure is also there via DAX in the PMEM case. Volatile-RAM is arguably a safer use case since it's possible to repair pages where the persistent case needs active application coordination" * tag 'devdax-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: "Hotplug" persistent memory for use like normal RAM mm/resource: Let walk_system_ram_range() search child resources mm/memory-hotplug: Allow memory resources to be children mm/resource: Move HMM pr_debug() deeper into resource code mm/resource: Return real error codes from walk failures device-dax: Add a 'modalias' attribute to DAX 'bus' devices device-dax: Add a 'target_node' attribute device-dax: Auto-bind device after successful new_id acpi/nfit, device-dax: Identify differentiated memory with a unique numa-node device-dax: Add /sys/class/dax backwards compatibility device-dax: Add support for a dax override driver device-dax: Move resource pinning+mapping into the common driver device-dax: Introduce bus + driver model device-dax: Start defining a dax bus model device-dax: Remove multi-resource infrastructure device-dax: Kill dax_region base device-dax: Kill dax_region ida
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull more SCSI updates from James Bottomley: "This is the final round of mostly small fixes and performance improvements to our initial submit. The main regression fix is the ia64 simscsi build failure which was missed in the serial number elimination conversion" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (24 commits) scsi: ia64: simscsi: use request tag instead of serial_number scsi: aacraid: Fix performance issue on logical drives scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() scsi: libiscsi: Hold back_lock when calling iscsi_complete_task scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port scsi: hisi_sas: Set PHY linkrate when disconnected scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO scsi: hisi_sas: Change return variable type in phy_up_v3_hw() scsi: qla2xxx: check for kstrtol() failure scsi: lpfc: fix 32-bit format string warning scsi: lpfc: fix unused variable warning scsi: target: tcmu: Switch to bitmap_zalloc() scsi: libiscsi: fall back to sendmsg for slab pages scsi: qla2xxx: avoid printf format warning scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check scsi: ufs: hisi: fix ufs_hba_variant_ops passing scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show ...
-
git://git.kernel.dk/linux-block由 Linus Torvalds 提交于
Pull more block layer changes from Jens Axboe: "This is a collection of both stragglers, and fixes that came in after I finalized the initial pull. This contains: - An MD pull request from Song, with a few minor fixes - Set of NVMe patches via Christoph - Pull request from Konrad, with a few fixes for xen/blkback - pblk fix IO calculation fix (Javier) - Segment calculation fix for pass-through (Ming) - Fallthrough annotation for blkcg (Mathieu)" * tag 'for-5.1/block-post-20190315' of git://git.kernel.dk/linux-block: (25 commits) blkcg: annotate implicit fall through nvme-tcp: support C2HData with SUCCESS flag nvmet: ignore EOPNOTSUPP for discard nvme: add proper write zeroes setup for the multipath device nvme: add proper discard setup for the multipath device nvme: remove nvme_ns_config_oncs nvme: disable Write Zeroes for qemu controllers nvmet-fc: bring Disconnect into compliance with FC-NVME spec nvmet-fc: fix issues with targetport assoc_list list walking nvme-fc: reject reconnect if io queue count is reduced to zero nvme-fc: fix numa_node when dev is null nvme-fc: use nr_phys_segments to determine existence of sgl nvme-loop: init nvmet_ctrl fatal_err_work when allocate nvme: update comment to make the code easier to read nvme: put ns_head ref if namespace fails allocation nvme-trace: fix cdw10 buffer overrun nvme: don't warn on block content change effects nvme: add get-feature to admin cmds tracer md: Fix failed allocation of md_register_thread It's wrong to add len to sector_nr in raid10 reshape twice ...
-
git://git.linux-nfs.org/projects/trondmy/linux-nfs由 Linus Torvalds 提交于
Pull NFS client bugfixes from Trond Myklebust: "Highlights include: Bugfixes: - Fix an Oops in SUNRPC back channel tracepoints - Fix a SUNRPC client regression when handling oversized replies - Fix the minimal size for SUNRPC reply buffer allocation - rpc_decode_header() must always return a non-zero value on error - Fix a typo in pnfs_update_layout() Cleanup: - Remove redundant check for the reply length in call_decode()" * tag 'nfs-for-5.1-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: SUNRPC: Remove redundant check for the reply length in call_decode() SUNRPC: Handle the SYSTEM_ERR rpc error SUNRPC: rpc_decode_header() must always return a non-zero value on error SUNRPC: Use the ENOTCONN error on socket disconnect SUNRPC: Fix the minimal size for reply buffer allocation SUNRPC: Fix a client regression when handling oversized replies pNFS: Fix a typo in pnfs_update_layout fix null pointer deref in tracepoints in back channel
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux由 Linus Torvalds 提交于
Pull powerpc fixes from Michael Ellerman: "One fix to prevent runtime allocation of 16GB pages when running in a VM (as opposed to bare metal), because it doesn't work. A small fix to our recently added KCOV support to exempt some more code from being instrumented. Plus a few minor build fixes, a small dead code removal and a defconfig update. Thanks to: Alexey Kardashevskiy, Aneesh Kumar K.V, Christophe Leroy, Jason Yan, Joel Stanley, Mahesh Salgaonkar, Mathieu Malaterre" * tag 'powerpc-5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s: Include <asm/nmi.h> header file to fix a warning powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS powerpc/mm: Disable kcov for SLB routines powerpc: remove dead code in head_fsl_booke.S powerpc/configs: Sync skiroot defconfig powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs由 Linus Torvalds 提交于
Pull vfs mount infrastructure fix from Al Viro: "Fixup for sysfs braino. Capabilities checks for sysfs mount do include those on netns, but only if CONFIG_NET_NS is enabled. Sorry, should've caught that earlier..." * 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix sysfs_init_fs_context() in !CONFIG_NET_NS case
-
- 16 3月, 2019 1 次提交
-
-
由 Al Viro 提交于
Permission checks on current's netns should be done only when netns are enabled. Reported-by: NDominik Brodowski <linux@dominikbrodowski.net> Fixes: 23bf1b6bSigned-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-