- 24 7月, 2014 1 次提交
-
-
由 Tetsuo Handa 提交于
In function cap_task_prctl(), we would allocate a credential unconditionally and then check if we support the requested function. If not we would release this credential with abort_creds() by using RCU method. But on some archs such as powerpc, the sys_prctl is heavily used to get/set the floating point exception mode. So the unnecessary allocating/releasing of credential not only introduce runtime overhead but also do cause OOM due to the RCU implementation. This patch removes abort_creds() from cap_task_prctl() by calling prepare_creds() only when we need to modify it. Reported-by: NKevin Hao <haokexin@gmail.com> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: NPaul Moore <paul@paul-moore.com> Acked-by: NSerge E. Hallyn <serge.hallyn@ubuntu.com> Reviewed-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 19 7月, 2014 14 次提交
-
-
-
由 Kees Cook 提交于
Applying restrictive seccomp filter programs to large or diverse codebases often requires handling threads which may be started early in the process lifetime (e.g., by code that is linked in). While it is possible to apply permissive programs prior to process start up, it is difficult to further restrict the kernel ABI to those threads after that point. This change adds a new seccomp syscall flag to SECCOMP_SET_MODE_FILTER for synchronizing thread group seccomp filters at filter installation time. When calling seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, filter) an attempt will be made to synchronize all threads in current's threadgroup to its new seccomp filter program. This is possible iff all threads are using a filter that is an ancestor to the filter current is attempting to synchronize to. NULL filters (where the task is running as SECCOMP_MODE_NONE) are also treated as ancestors allowing threads to be transitioned into SECCOMP_MODE_FILTER. If prctrl(PR_SET_NO_NEW_PRIVS, ...) has been set on the calling thread, no_new_privs will be set for all synchronized threads too. On success, 0 is returned. On failure, the pid of one of the failing threads will be returned and no filters will have been applied. The race conditions against another thread are: - requesting TSYNC (already handled by sighand lock) - performing a clone (already handled by sighand lock) - changing its filter (already handled by sighand lock) - calling exec (handled by cred_guard_mutex) The clone case is assisted by the fact that new threads will have their seccomp state duplicated from their parent before appearing on the tasklist. Holding cred_guard_mutex means that seccomp filters cannot be assigned while in the middle of another thread's exec (potentially bypassing no_new_privs or similar). The call to de_thread() may kill threads waiting for the mutex. Changes across threads to the filter pointer includes a barrier. Based on patches by Will Drewry. Suggested-by: NJulien Tinnes <jln@chromium.org> Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
This changes the mode setting helper to allow threads to change the seccomp mode from another thread. We must maintain barriers to keep TIF_SECCOMP synchronized with the rest of the seccomp state. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
Normally, task_struct.seccomp.filter is only ever read or modified by the task that owns it (current). This property aids in fast access during system call filtering as read access is lockless. Updating the pointer from another task, however, opens up race conditions. To allow cross-thread filter pointer updates, writes to the seccomp fields are now protected by the sighand spinlock (which is shared by all threads in the thread group). Read access remains lockless because pointer updates themselves are atomic. However, writes (or cloning) often entail additional checking (like maximum instruction counts) which require locking to perform safely. In the case of cloning threads, the child is invisible to the system until it enters the task list. To make sure a child can't be cloned from a thread and left in a prior state, seccomp duplication is additionally moved under the sighand lock. Then parent and child are certain have the same seccomp state when they exit the lock. Based on patches by Will Drewry and David Drysdale. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
In preparation for adding seccomp locking, move filter creation away from where it is checked and applied. This will allow for locking where no memory allocation is happening. The validation, filter attachment, and seccomp mode setting can all happen under the future locks. For extreme defensiveness, I've added a BUG_ON check for the calculated size of the buffer allocation in case BPF_MAXINSN ever changes, which shouldn't ever happen. The compiler should actually optimize out this check since the test above it makes it impossible. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
Since seccomp transitions between threads requires updates to the no_new_privs flag to be atomic, the flag must be part of an atomic flag set. This moves the nnp flag into a separate task field, and introduces accessors. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
Wires up the new seccomp syscall. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com>
-
由 Kees Cook 提交于
Wires up the new seccomp syscall. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com>
-
由 Kees Cook 提交于
This adds the new "seccomp" syscall with both an "operation" and "flags" parameter for future expansion. The third argument is a pointer value, used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). In addition to the TSYNC flag later in this patch series, there is a non-zero chance that this syscall could be used for configuring a fixed argument area for seccomp-tracer-aware processes to pass syscall arguments in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" for this syscall. Additionally, this syscall uses operation, flags, and user pointer for arguments because strictly passing arguments via a user pointer would mean seccomp itself would be unable to trivially filter the seccomp syscall itself. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
Separates the two mode setting paths to make things more readable with fewer #ifdefs within function bodies. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
To support splitting mode 1 from mode 2, extract the mode checking and assignment logic into common functions. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
In preparation for having other callers of the seccomp mode setting logic, split the prctl entry point away from the core logic that performs seccomp mode setting. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NOleg Nesterov <oleg@redhat.com> Reviewed-by: NAndy Lutomirski <luto@amacapital.net>
-
由 Kees Cook 提交于
Add myself as seccomp maintainer. Suggested-by: NJames Morris <jmorris@namei.org> Signed-off-by: NKees Cook <keescook@chromium.org>
- 17 7月, 2014 8 次提交
-
-
由 Dmitry Kasatkin 提交于
The asynchronous hash API allows initiating a hash calculation and then performing other tasks, while waiting for the hash calculation to complete. This patch introduces usage of double buffering for simultaneous hashing and reading of the next chunk of data from storage. Changes in v3: - better comments Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
Use of multiple-page collect buffers reduces: 1) the number of block IO requests 2) the number of asynchronous hash update requests Second is important for HW accelerated hashing, because significant amount of time is spent for preparation of hash update operation, which includes configuring acceleration HW, DMA engine, etc... Thus, HW accelerators are more efficient when working on large chunks of data. This patch introduces usage of multi-page collect buffers. Buffer size can be specified using 'ahash_bufsize' module parameter. Default buffer size is 4096 bytes. Changes in v3: - kernel parameter replaced with module parameter Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
Async hash API allows the use of HW acceleration for hash calculation. It may give significant performance gain and/or reduce power consumption, which might be very beneficial for battery powered devices. This patch introduces hash calculation using ahash API. ahash performance depends on the data size and the particular HW. Depending on the specific system, shash performance may be better. This patch defines 'ahash_minsize' module parameter, which is used to define the minimal file size to use with ahash. If this minimum file size is not set or the file is smaller than defined by the parameter, shash will be used. Changes in v3: - kernel parameter replaced with module parameter - pr_crit replaced with pr_crit_ratelimited - more comment changes - Mimi Changes in v2: - ima_ahash_size became as ima_ahash - ahash pre-allocation moved out from __init code to be able to use ahash crypto modules. Ahash allocated once on the first use. - hash calculation falls back to shash if ahash allocation/calculation fails - complex initialization separated from variable declaration - improved comments Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Richard Guy Briggs 提交于
Replace spaces in op keyword labels in log output since userspace audit tools can't parse orphaned keywords. Reported-by: NSteve Grubb <sgrubb@redhat.com> Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
process_measurement() always calls ima_template_desc_current(), including when an IMA policy has not been defined. This patch delays template descriptor lookup until action is determined. Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
Before 2.6.39 inode->i_readcount was maintained by IMA. It was not atomic and protected using spinlock. For 2.6.39, i_readcount was converted to atomic and maintaining was moved VFS layer. Spinlock for some unclear reason was replaced by i_mutex. After analyzing the code, we came to conclusion that i_mutex locking is unnecessary, especially when an IMA policy has not been defined. This patch removes i_mutex locking from ima_rdwr_violation_check(). Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
-
由 James Morris 提交于
-
- 14 7月, 2014 7 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4由 Linus Torvalds 提交于
Pull ext4 bugfixes from Ted Ts'o: "More bug fixes for ext4 -- most importantly, a fix for a bug introduced in 3.15 that can end up triggering a file system corruption error after a journal replay. It shouldn't lead to any actual data corruption, but it is scary and can force file systems to be remounted read-only, etc" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix potential null pointer dereference in ext4_free_inode ext4: fix a potential deadlock in __ext4_es_shrink() ext4: revert commit which was causing fs corruption after journal replays ext4: disable synchronous transaction batching if max_batch_time==0 ext4: clarify ext4_error message in ext4_mb_generate_buddy_error() ext4: clarify error count warning messages ext4: fix unjournalled bg descriptor while initializing inode bitmap
-
git://git.linaro.org/people/mike.turquette/linux由 Linus Torvalds 提交于
Pull clock driver fixes from Mike Turquette: "This batch of fixes is for a handful of clock drivers from Allwinner, Samsung, ST & TI. Most of them are of the "this hardware won't work without this fix" variety, including patches that fix platforms that did not boot under certain configurations. Other fixes are the result of changes to the clock core introduced in 3.15 that had subtle impacts on the clock drivers. There are no fixes to the clock framework core in this pull request" * tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux: clk: spear3xx: Set proper clock parent of uart1/2 clk: spear3xx: Use proper control register offset clk: qcom: HDMI source sel is 3 not 2 clk: sunxi: fix devm_ioremap_resource error detection code clk: s2mps11: Fix double free corruption during driver unbind clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled clk: exynos5420: Remove aclk66_peric from the clock tree description clk/exynos5250: fix bit number for tv sysmmu clock clk: s3c64xx: Hookup SPI clocks correctly clk: samsung: exynos4: Remove SRC_MASK_ISP gates clk: samsung: add more aliases for s3c24xx clk: samsung: fix several typos to fix boot on s3c2410 clk: ti: set CLK_SET_RATE_NO_REPARENT for ti,mux-clock clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled clk: ti: dra7: return error code in failure case clk: ti: apll: not allocating enough data
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc由 Linus Torvalds 提交于
Pull ARM SoC fixes from Olof Johansson: "This week's arm-soc fixes: - Another set of OMAP fixes * Clock fixes * Restart handling * PHY regulators * SATA hwmod data for DRA7 + Some trivial fixes and removal of a bit of dead code - Exynos fixes * A bunch of clock fixes * Some SMP fixes * Exynos multi-core timer: register as clocksource and fix ftrace. + a few other minor fixes There's also a couple more patches, and at91 fix for USB caused by common clock conversion, and more MAINTAINERS entries for shmobile. We're definitely switching to only regression fixes from here on out, we've been a little less strict than usual up until now" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits) ARM: at91: at91sam9x5: add clocks for usb device ARM: EXYNOS: Register cpuidle device only on exynos4210 and 5250 ARM: dts: Add clock property for mfc_pd in exynos5420 clk: exynos5420: Add IDs for clocks used in PD mfc ARM: EXYNOS: Add support for clock handling in power domain ARM: OMAP2+: Remove non working OMAP HDMI audio initialization ARM: imx: fix shared gate clock ARM: dts: Update the parent for Audss clocks in Exynos5420 ARM: EXYNOS: Update secondary boot addr for secure mode ARM: dts: Fix TI CPSW Phy mode selection on IGEP COM AQUILA. ARM: dts: am335x-evmsk: Enable the McASP FIFO for audio ARM: dts: am335x-evm: Enable the McASP FIFO for audio ARM: OMAP2+: Make GPMC skip disabled devices ARM: OMAP2+: create dsp device only on OMAP3 SoCs ARM: dts: dra7-evm: Make VDDA_1V8_PHY supply always on ARM: DRA7/AM43XX: fix header definition for omap44xx_restart ARM: OMAP2+: clock/dpll: fix _dpll_test_fint arithmetics overflow ARM: DRA7: hwmod: Add SYSCONFIG for usb_otg_ss ARM: DRA7: hwmod: Fixup SATA hwmod ARM: OMAP3: PRM/CM: Add back macros used by TI DSP/Bridge driver ...
-
git://ftp.arm.linux.org.uk/~rmk/linux-arm由 Linus Torvalds 提交于
Pull ARM fixes from Russell King: "Another round of fixes for ARM: - a set of kprobes fixes from Jon Medhurst - fix the revision checking for the L2 cache which wasn't noticed to have been broken" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: l2c: fix revision checking ARM: kprobes: Fix test code compilation errors for ARMv4 targets ARM: kprobes: Disallow instructions with PC and register specified shift ARM: kprobes: Prevent known test failures stopping other tests running
-
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k由 Linus Torvalds 提交于
Pull m68k fixes from Geert Uytterhoeven: "Summary: - Fix for a boot regression introduced in v3.16-rc1, - Fix for a build issue in -next" Christoph Hellwig questioned why mach_random_get_entropy should be exported to modules, and Geert explains that random_get_entropy() is called by at least the crypto layer and ends up using it on m68k. On most other architectures it just uses get_cycles() (which is typically inlined and doesn't need exporting), * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Export mach_random_get_entropy to modules m68k: Fix boot regression on machines with RAM at non-zero
-
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux由 Linus Torvalds 提交于
Pull parisc fixes from Helge Deller: "The major patch in here is one which fixes the fanotify_mark() syscall in the compat layer of the 64bit parisc kernel. It went unnoticed so long, because the calling syntax when using a 64bit parameter in a 32bit syscall is quite complex and even worse, it may be even different if you call syscall() or the glibc wrapper. This patch makes the kernel accept the calling convention when called by the glibc wrapper. The other two patches are trivial and remove unused headers, #includes and adds the serial ports of the fastest C8000 workstation to the parisc-kernel internal hardware database" * 'parisc-3.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: drop unused defines and header includes parisc: fix fanotify_mark() syscall on 32bit compat kernel parisc: add serial ports of C8000/1GHz machine to hardware database
-
- 13 7月, 2014 10 次提交
-
-
由 Thomas Gleixner 提交于
The uarts only work when the parent is ras_ahb_clk. The stale 3.5 based ST tree does this in the board file. Add it to the clk init function. Not pretty, but the mess there is amazing anyway. Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Acked-by: NViresh Kumar <viresh.kumar@linaro.org> Signed-off-by: NMike Turquette <mturquette@linaro.org>
-
由 Thomas Gleixner 提交于
The control register is at offset 0x10, not 0x0. This is wreckaged since commit 5df33a62 (SPEAr: Switch to common clock framework). Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Acked-by: NViresh Kumar <viresh.kumar@linaro.org> Signed-off-by: NMike Turquette <mturquette@linaro.org>
-
由 Helge Deller 提交于
Signed-off-by: NHelge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # 3.13+
-
由 Helge Deller 提交于
On parisc we can not use the existing compat implementation for fanotify_mark() because for the 64bit mask parameter the higher and lower 32bits are ordered differently than what the compat function expects from big endian architectures. Specifically: It finally turned out, that on hppa we end up with different assignments of parameters to kernel arguments depending on if we call the glibc wrapper function int fanotify_mark (int __fanotify_fd, unsigned int __flags, uint64_t __mask, int __dfd, const char *__pathname); or directly calling the syscall manually syscall(__NR_fanotify_mark, ...) Reason is, that the syscall() function is implemented as C-function and because we now have the sysno as first parameter in front of the other parameters the compiler will unexpectedly add an empty paramenter in front of the u64 value to ensure the correct calling alignment for 64bit values. This means, on hppa you can't simply use syscall() to call the kernel fanotify_mark() function directly, but you have to use the glibc function instead. This patch fixes the kernel in the hppa-arch specifc coding to adjust the parameters in a way as if userspace calls the glibc wrapper function fanotify_mark(). Signed-off-by: NHelge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # 3.13+
-
由 Helge Deller 提交于
Signed-off-by: NHelge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # 3.13+
-
git://git.infradead.org/users/vkoul/slave-dma由 Linus Torvalds 提交于
Pull slave-dmaengine fixes from Vinod Koul: "We have two small fixes. First one from Daniel to handle 0-length packets for usb cppi dma. Second by Russell for imx-sdam cyclic residue reporting" * 'fixes' of git://git.infradead.org/users/vkoul/slave-dma: Update imx-sdma cyclic handling to report residue dma: cppi41: handle 0-length packets
-
由 Olof Johansson 提交于
Merge tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes Merge "Samsung fixes-3 for 3.16" from Kukjin Kim: Samsung fixes-3 for v3.16 - update the parent for Auudss clock because kernel will be hang during late boot if the parent clock is disabled in bootloader. - enable clk handing in power domain because while power domain on/off, its regarding clock source will be reset and it causes a problem so need to handle it. - add mux clocks to be used by power domain for exynos5420-mfc during power domain on/off and property in device tree also. - register cpuidle only for exynos4210 and exynos5250 because a system failure will be happened on other exynos SoCs. * tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: EXYNOS: Register cpuidle device only on exynos4210 and 5250 ARM: dts: Add clock property for mfc_pd in exynos5420 clk: exynos5420: Add IDs for clocks used in PD mfc ARM: EXYNOS: Add support for clock handling in power domain ARM: dts: Update the parent for Audss clocks in Exynos5420 Signed-off-by: NOlof Johansson <olof@lixom.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb由 Linus Torvalds 提交于
Pull USB fixes from Greg KH: "Here are some small USB fixes, PHY driver fixes (they ended up in this tree for lack of somewhere else to put them), and some new USB device ids" * tag 'usb-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: phy: omap-usb2: Balance pm_runtime_enable() on probe failure and remove phy: core: Fix error path in phy_create() drivers: phy: phy-samsung-usb2.c: Add missing MODULE_DEVICE_TABLE phy: omap-usb2: fix devm_ioremap_resource error detection code phy: sun4i: depend on RESET_CONTROLLER USB: serial: ftdi_sio: Add Infineon Triboard USB: ftdi_sio: Add extra PID. usb: option: Add ID for Telewell TW-LTE 4G v2 USB: cp210x: add support for Corsair usb dongle
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty由 Linus Torvalds 提交于
Pull tty/serial fixes from Greg KH: "Here are some small serial fixes that resolve some reported problems that started in 3.15 with some serial drivers. And there's a new dt binding for a serial driver, which was all that was needed for the renesas serial driver" * tag 'tty-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: sh-sci: Add device tree support for r8a7{778,740,3a4} and sh73a0 serial: imx: Fix build breakage serial: arc_uart: Use uart_circ_empty() for open-coded comparison serial: Test for no tx data on tx restart
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc由 Linus Torvalds 提交于
Pull char/misc driver fixes from Greg KH: "Here are two hyperv driver fixes, and one i8k driver fix for 3.16" * tag 'char-misc-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: i8k: Fix non-SMP operation Drivers: hv: util: Fix a bug in the KVP code Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code
-