1. 13 8月, 2019 8 次提交
    • E
      f2fs: add fs-verity support · 95ae251f
      Eric Biggers 提交于
      Add fs-verity support to f2fs.  fs-verity is a filesystem feature that
      enables transparent integrity protection and authentication of read-only
      files.  It uses a dm-verity like mechanism at the file level: a Merkle
      tree is used to verify any block in the file in log(filesize) time.  It
      is implemented mainly by helper functions in fs/verity/.  See
      Documentation/filesystems/fsverity.rst for the full documentation.
      
      The f2fs support for fs-verity consists of:
      
      - Adding a filesystem feature flag and an inode flag for fs-verity.
      
      - Implementing the fsverity_operations to support enabling verity on an
        inode and reading/writing the verity metadata.
      
      - Updating ->readpages() to verify data as it's read from verity files
        and to support reading verity metadata pages.
      
      - Updating ->write_begin(), ->write_end(), and ->writepages() to support
        writing verity metadata pages.
      
      - Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().
      
      Like ext4, f2fs stores the verity metadata (Merkle tree and
      fsverity_descriptor) past the end of the file, starting at the first 64K
      boundary beyond i_size.  This approach works because (a) verity files
      are readonly, and (b) pages fully beyond i_size aren't visible to
      userspace but can be read/written internally by f2fs with only some
      relatively small changes to f2fs.  Extended attributes cannot be used
      because (a) f2fs limits the total size of an inode's xattr entries to
      4096 bytes, which wouldn't be enough for even a single Merkle tree
      block, and (b) f2fs encryption doesn't encrypt xattrs, yet the verity
      metadata *must* be encrypted when the file is because it contains hashes
      of the plaintext data.
      Acked-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Acked-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      95ae251f
    • E
      ext4: update on-disk format documentation for fs-verity · 84fb7ca4
      Eric Biggers 提交于
      Document the format of verity files on ext4, and the corresponding inode
      and superblock flags.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      84fb7ca4
    • E
      ext4: add fs-verity read support · 22cfe4b4
      Eric Biggers 提交于
      Make ext4_mpage_readpages() verify data as it is read from fs-verity
      files, using the helper functions from fs/verity/.
      
      To support both encryption and verity simultaneously, this required
      refactoring the decryption workflow into a generic "post-read
      processing" workflow which can do decryption, verification, or both.
      
      The case where the ext4 block size is not equal to the PAGE_SIZE is not
      supported yet, since in that case ext4_mpage_readpages() sometimes falls
      back to block_read_full_page(), which does not support fs-verity yet.
      Co-developed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      22cfe4b4
    • E
      ext4: add basic fs-verity support · c93d8f88
      Eric Biggers 提交于
      Add most of fs-verity support to ext4.  fs-verity is a filesystem
      feature that enables transparent integrity protection and authentication
      of read-only files.  It uses a dm-verity like mechanism at the file
      level: a Merkle tree is used to verify any block in the file in
      log(filesize) time.  It is implemented mainly by helper functions in
      fs/verity/.  See Documentation/filesystems/fsverity.rst for the full
      documentation.
      
      This commit adds all of ext4 fs-verity support except for the actual
      data verification, including:
      
      - Adding a filesystem feature flag and an inode flag for fs-verity.
      
      - Implementing the fsverity_operations to support enabling verity on an
        inode and reading/writing the verity metadata.
      
      - Updating ->write_begin(), ->write_end(), and ->writepages() to support
        writing verity metadata pages.
      
      - Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().
      
      ext4 stores the verity metadata (Merkle tree and fsverity_descriptor)
      past the end of the file, starting at the first 64K boundary beyond
      i_size.  This approach works because (a) verity files are readonly, and
      (b) pages fully beyond i_size aren't visible to userspace but can be
      read/written internally by ext4 with only some relatively small changes
      to ext4.  This approach avoids having to depend on the EA_INODE feature
      and on rearchitecturing ext4's xattr support to support paging
      multi-gigabyte xattrs into memory, and to support encrypting xattrs.
      Note that the verity metadata *must* be encrypted when the file is,
      since it contains hashes of the plaintext data.
      
      This patch incorporates work by Theodore Ts'o and Chandan Rajendra.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      c93d8f88
    • E
      fs-verity: support builtin file signatures · 432434c9
      Eric Biggers 提交于
      To meet some users' needs, add optional support for having fs-verity
      handle a portion of the authentication policy in the kernel.  An
      ".fs-verity" keyring is created to which X.509 certificates can be
      added; then a sysctl 'fs.verity.require_signatures' can be set to cause
      the kernel to enforce that all fs-verity files contain a signature of
      their file measurement by a key in this keyring.
      
      See the "Built-in signature verification" section of
      Documentation/filesystems/fsverity.rst for the full documentation.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      432434c9
    • E
      fs-verity: add SHA-512 support · add890c9
      Eric Biggers 提交于
      Add SHA-512 support to fs-verity.  This is primarily a demonstration of
      the trivial changes needed to support a new hash algorithm in fs-verity;
      most users will still use SHA-256, due to the smaller space required to
      store the hashes.  But some users may prefer SHA-512.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      add890c9
    • E
      fs-verity: implement FS_IOC_MEASURE_VERITY ioctl · 4dd893d8
      Eric Biggers 提交于
      Add a function for filesystems to call to implement the
      FS_IOC_MEASURE_VERITY ioctl.  This ioctl retrieves the file measurement
      that fs-verity calculated for the given file and is enforcing for reads;
      i.e., reads that don't match this hash will fail.  This ioctl can be
      used for authentication or logging of file measurements in userspace.
      
      See the "FS_IOC_MEASURE_VERITY" section of
      Documentation/filesystems/fsverity.rst for the documentation.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      4dd893d8
    • E
      fs-verity: implement FS_IOC_ENABLE_VERITY ioctl · 3fda4c61
      Eric Biggers 提交于
      Add a function for filesystems to call to implement the
      FS_IOC_ENABLE_VERITY ioctl.  This ioctl enables fs-verity on a file.
      
      See the "FS_IOC_ENABLE_VERITY" section of
      Documentation/filesystems/fsverity.rst for the documentation.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      3fda4c61
  2. 29 7月, 2019 17 次提交
  3. 28 7月, 2019 6 次提交
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a9815a4f
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A set of x86 fixes and functional updates:
      
         - Prevent stale huge I/O TLB mappings on 32bit. A long standing bug
           which got exposed by KPTI support for 32bit
      
         - Prevent bogus access_ok() warnings in arch_stack_walk_user()
      
         - Add display quirks for Lenovo devices which have height and width
           swapped
      
         - Add the missing CR2 fixup for 32 bit async pagefaults. Fallout of
           the CR2 bug fix series.
      
         - Unbreak handling of force enabled HPET by moving the 'is HPET
           counting' check back to the original place.
      
         - A more accurate check for running on a hypervisor platform in the
           MDS mitigation code. Not perfect, but more accurate than the
           previous one.
      
         - Update a stale and confusing comment vs. IRQ stacks"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/mds: Apply more accurate check on hypervisor platform
        x86/hpet: Undo the early counter is counting check
        x86/entry/32: Pass cr2 to do_async_page_fault()
        x86/irq/64: Update stale comment
        x86/sysfb_efi: Add quirks for some devices with swapped width and height
        x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
        mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
        x86/mm: Sync also unmappings in vmalloc_sync_all()
        x86/mm: Check for pfn instead of page in vmalloc_sync_one()
      a9815a4f
    • L
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e24ce84e
      Linus Torvalds 提交于
      Pull scheduler fixes from Thomas Gleixner:
       "Two fixes for the fair scheduling class:
      
         - Prevent freeing memory which is accessible by concurrent readers
      
         - Make the RCU annotations for numa groups consistent"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Use RCU accessors consistently for ->numa_group
        sched/fair: Don't free p->numa_faults with concurrent readers
      e24ce84e
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 750991f9
      Linus Torvalds 提交于
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf related fixes:
      
        Kernel:
         - Fix SLOTS PEBS event constraints for Icelake CPUs
      
         - Add the missing mask bit to allow counting hardware generated
           prefetches on L3 for Icelake CPUs
      
         - Make the test for hypervisor platforms more accurate (as far as
           possible)
      
         - Handle PMUs correctly which override event->cpu
      
         - Yet another missing fallthrough annotation
      
        Tools:
           perf.data:
              - Fix loading of compressed data split across adjacent records
              - Fix buffer size setting for processing CPU topology perf.data
                header.
      
           perf stat:
              - Fix segfault for event group in repeat mode
              - Always separate "stalled cycles per insn" line, it was being
                appended to the "instructions" line.
      
           perf script:
              - Fix --max-blocks man page description.
              - Improve man page description of metrics.
              - Fix off by one in brstackinsn IPC computation.
      
           perf probe:
              - Avoid calling freeing routine multiple times for same pointer.
      
           perf build:
              - Do not use -Wshadow on gcc < 4.8, avoiding too strict warnings
                treated as errors, breaking the build"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Mark expected switch fall-throughs
        perf/core: Fix creating kernel counters for PMUs that override event->cpu
        perf/x86: Apply more accurate check on hypervisor platform
        perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register
        perf/x86/intel: Fix SLOTS PEBS event constraint
        perf build: Do not use -Wshadow on gcc < 4.8
        perf probe: Avoid calling freeing routine multiple times for same pointer
        perf probe: Set pev->nargs to zero after freeing pev->args entries
        perf session: Fix loading of compressed data split across adjacent records
        perf stat: Always separate stalled cycles per insn
        perf stat: Fix segfault for event group in repeat mode
        perf tools: Fix proper buffer size for feature processing
        perf script: Fix off by one in brstackinsn IPC computation
        perf script: Improve man page description of metrics
        perf script: Fix --max-blocks man page description
      750991f9
    • L
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 431f288e
      Linus Torvalds 提交于
      Pull locking fixes from Thomas Gleixner:
       "A set of locking fixes:
      
         - Address the fallout of the rwsem rework. Missing ACQUIREs and a
           sanity check to prevent a use-after-free
      
         - Add missing checks for unitialized mutexes when mutex debugging is
           enabled.
      
         - Remove the bogus code in the generic SMP variant of
           arch_futex_atomic_op_inuser()
      
         - Fixup the #ifdeffery in lockdep to prevent compile warnings"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/mutex: Test for initialized mutex
        locking/lockdep: Clean up #ifdef checks
        locking/lockdep: Hide unused 'class' variable
        locking/rwsem: Add ACQUIRE comments
        tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
        lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
        locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty
        locking/rwsem: Don't call owner_on_cpu() on read-owner
        futex: Cleanup generic SMP variant of arch_futex_atomic_op_inuser()
      431f288e
    • L
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 13fbe991
      Linus Torvalds 提交于
      Pull objtool fix from Thomas Gleixner:
       "A single robustness fix for objtool to handle unbalanced CLAC
        invocations under all circumstances"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Improve UACCESS coverage
      13fbe991
    • L
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of... · 88c50834
      Linus Torvalds 提交于
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull Wimplicit-fallthrough enablement from Gustavo A. R. Silva:
       "This marks switch cases where we are expecting to fall through, and
        globally enables the -Wimplicit-fallthrough option in the main
        Makefile.
      
        Finally, some missing-break fixes that have been tagged for -stable:
      
         - drm/amdkfd: Fix missing break in switch statement
      
         - drm/amdgpu/gfx10: Fix missing break in switch statement
      
        With these changes, we completely get rid of all the fall-through
        warnings in the kernel"
      
      * tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        Makefile: Globally enable fall-through warning
        drm/i915: Mark expected switch fall-throughs
        drm/amd/display: Mark expected switch fall-throughs
        drm/amdkfd/kfd_mqd_manager_v10: Avoid fall-through warning
        drm/amdgpu/gfx10: Fix missing break in switch statement
        drm/amdkfd: Fix missing break in switch statement
        perf/x86/intel: Mark expected switch fall-throughs
        mtd: onenand_base: Mark expected switch fall-through
        afs: fsclient: Mark expected switch fall-throughs
        afs: yfsclient: Mark expected switch fall-throughs
        can: mark expected switch fall-throughs
        firewire: mark expected switch fall-throughs
      88c50834
  4. 27 7月, 2019 9 次提交
    • L
      Merge tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 43e317c1
      Linus Torvalds 提交于
      Pull s390 updates from Heiko Carstens:
      
       - Add ABI to kernel image file which allows e.g. the file utility to
         figure out the kernel version.
      
       - Wire up clone3 system call.
      
       - Add support for kasan bitops instrumentation.
      
       - uapi header cleanup: use __u{16,32,64} instead of uint{16,32,64}_t.
      
       - Provide proper ARCH_ZONE_DMA_BITS so the s390 DMA zone is correctly
         defined with 2 GB instead of the default value of 1 MB.
      
       - Farhan Ali leaves the group of vfio-ccw maintainers.
      
       - Various small vfio-ccw fixes.
      
       - Add missing locking for airq_areas array in virtio code.
      
       - Minor qdio improvements.
      
      * tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        MAINTAINERS: vfio-ccw: Remove myself as the maintainer
        s390/mm: use shared variables for sysctl range check
        virtio/s390: fix race on airq_areas[]
        s390/dma: provide proper ARCH_ZONE_DMA_BITS value
        s390/kasan: add bitops instrumentation
        s390/bitops: make test functions return bool
        s390: wire up clone3 system call
        kbuild: enable arch/s390/include/uapi/asm/zcrypt.h for uapi header test
        s390: use __u{16,32,64} instead of uint{16,32,64}_t in uapi header
        s390/hypfs: fix a typo in the name of a function
        s390/qdio: restrict QAOB usage to IQD unicast queues
        s390/qdio: add sanity checks to the fast-requeue path
        s390: enable detection of kernel version from bzImage
        Documentation: fix vfio-ccw doc
        vfio-ccw: Update documentation for csch/hsch
        vfio-ccw: Don't call cp_free if we are processing a channel program
        vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
        vfio-ccw: Fix memory leak and don't call cp_free in cp_init
        vfio-ccw: Fix misleading comment when setting orb.cmd.c64
      43e317c1
    • L
      Merge tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 5efbd937
      Linus Torvalds 提交于
      Pull Devicetree fixes from Rob Herring:
       "The nvmem changes would typically go thru Greg's tree, but they were
        missed in the merge window. [ Acked by Greg ]
      
        Summary:
      
         - Fix mismatches in $id values and actual filenames. Now checked by
           tools.
      
         - Convert nvmem binding to DT schema
      
         - Fix a typo in of_property_read_bool() kerneldoc
      
         - Remove some redundant description in al-fic interrupt-controller"
      
      * tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: Fix more $id value mismatches filenames
        dt-bindings: nvmem: SID: Fix the examples node names
        dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings
        of: Fix typo in kerneldoc
        dt-bindings: interrupt-controller: al-fic: remove redundant binding
        dt-bindings: clk: allwinner,sun4i-a10-ccu: Correct path in $id
      5efbd937
    • L
      Merge tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 523634db
      Linus Torvalds 提交于
      Pull libnvdimm fixes from Dan Williams:
       "A collection of locking and async operations fixes for v5.3-rc2. These
        had been soaking in a branch targeting the merge window, but missed
        due to a regression hunt. This fixed up version has otherwise been in
        -next this past week with no reported issues.
      
        In order to gain confidence in the locking changes the pull also
        includes a debug / instrumentation patch to enable lockdep coverage
        for libnvdimm subsystem operations that depend on the device_lock for
        exclusion. As mentioned in the changelog it is a hack, but it works
        and documents the locking expectations of the sub-system in a way that
        others can use lockdep to verify. The driver core touches got an ack
        from Greg.
      
        Summary:
      
         - Fix duplicate device_unregister() calls (multiple threads competing
           to do unregister work when scheduling device removal from a sysfs
           attribute of the self-same device).
      
         - Fix badblocks registration order bug. Ensure region badblocks are
           initialized in advance of namespace registration.
      
         - Fix a deadlock between the bus lock and probe operations.
      
         - Export device-core infrastructure to coordinate async operations
           via the device ->dead state.
      
         - Add device-core infrastructure to validate device_lock() usage with
           lockdep"
      
      * tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        driver-core, libnvdimm: Let device subsystems add local lockdep coverage
        libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
        libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
        libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
        libnvdimm/region: Register badblocks before namespaces
        libnvdimm/bus: Prevent duplicate device_unregister() calls
        drivers/base: Introduce kill_device()
      523634db
    • M
      kbuild: remove unused single-used-m · b25e8a23
      Masahiro Yamada 提交于
      This is unused since commit 9f69a496 ("kbuild: split out *.mod out
      of {single,multi}-used-m rules").
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      b25e8a23
    • M
      gen_compile_commands: lower the entry count threshold · cb36955a
      Masahiro Yamada 提交于
      Running gen_compile_commands.py after building the kernel with
      allnoconfig gave this:
      
      $ ./scripts/gen_compile_commands.py
      WARNING: Found 449 entries. Have you compiled the kernel?
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      cb36955a
    • T
      .gitignore: Add compilation database file · 26c4c71b
      Toru Komatsu 提交于
      This file is used by clangd to use language server protocol.
      It can be generated at each compile using scripts/gen_compile_commands.py.
      Therefore it is different depending on the environment and should be
      ignored.
      Signed-off-by: NToru Komatsu <k0ma@utam0k.jp>
      Reviewed-by: NNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      26c4c71b
    • M
      kbuild: remove unused objectify macro · b2eff092
      Masahiro Yamada 提交于
      Commit 415008af ("docs-rst: convert lsm from DocBook to ReST")
      removed the last users of this macro.
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      b2eff092
    • L
      Merge tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block · 5168afe6
      Linus Torvalds 提交于
      Pull block DMA segment fix from Jens Axboe:
       "Here's the virtual boundary segment size fix"
      
      * tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block:
        block: fix max segment size handling in blk_queue_virt_boundary
      5168afe6
    • L
      Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 40233e7c
      Linus Torvalds 提交于
      Pull selinux fix from Paul Moore:
       "One small SELinux patch to add some proper bounds/overflow checking
        when adding a new sid/secid"
      
      * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: check sidtab limit before adding a new entry
      40233e7c