Hi Suzuki,
On Wed, Oct 10, 2018 at 3:22 PM Suzuki K Poulose wrote:
>
> Hi Ganapatrao,
>
> On 21/06/18 07:33, Ganapatrao Kulkarni wrote:
> > This patch adds a perf driver for the PMU UNCORE devices DDR4 Memory
> > Controller(DMC) and Level 3 Cache(L3C).
> >
> > ThunderX2 has 8 independent DMC PMUs
From: Mike Rapoport
to allow additions of new documentation about memory hotplug under the same
roof.
Signed-off-by: Mike Rapoport
---
Documentation/core-api/index.rst | 2 +-
Documentation/core-api/memory-hotplug-notifier.rst | 84 -
Documentation/core-a
From: David Hildenbrand
Let's document the magic a bit, especially why device_hotplug_lock is
required when adding/removing memory and how it all play together with
requests to online/offline memory from user space.
[ rppt: moved the text to Documentation/core-api/memory-hotplug.rst ]
Link: htt
Hi,
As discussed at [1], the latest updates to memory hotplug documentation are
causing a conflict between docs and mmotm trees.
These patches resolve the conflict.
[1] https://lkml.org/lkml/2018/10/8/227
David Hildenbrand (1):
docs/core-api: memory-hotplug: add some details about locking inte
On Wed, 10 Oct 2018, Kees Cook wrote:
> v5:
> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
> - dropped various Reviewed-bys due to rather large refactoring
Patches 1-10 applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-general
and
In preparation for distinguishing the "capability" LSM from other LSMs, it
must be ordered first. This introduces LSM_ORDER_MUTABLE for the general
LSMs and LSM_ORDER_FIRST for capability. In the future LSM_ORDER_LAST
for could be added for anything that must run last (e.g. Landlock may
use this).
This removes CONFIG_DEFAULT_SECURITY in favor of the explicit ordering
offered by CONFIG_LSM and adds all the exclusive LSMs to the ordered
LSM initialization. The old meaning of CONFIG_DEFAULT_SECURITY is now
captured by which exclusive LSM is listed first in the LSM order. All
LSMs not added to t
Since we already have to do a pass through the LSMs to figure out if
exclusive LSMs should be disabled after the first one is seen as enabled,
this splits the logic up a bit more cleanly. Now we do a full "prepare"
pass through the LSMs (which also allows for later use by the blob-sharing
code), be
This converts Yama from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 5 -
security/Kconfig | 2 +-
security/security.c | 1 -
security/yama/yama_lsm.c | 8 +++-
4 files changed, 8 in
In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the
soon-to-be redundant SECURITY_APPARMOR_BOOTPARAM_VALUE. Since explicit
ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or
not, this CONFIG will become effectively ignored, so remove it. However,
in order t
Until now, any LSM without an enable storage variable was considered
enabled. This inverts the logic and sets defaults to true only if the
LSM gets added to the ordered initialization list. (And an exception
continues for the major LSMs until they are integrated into the ordered
initialization in a
This converts capabilities to use the new LSM_ORDER_FIRST position.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 2 --
security/commoncap.c | 9 -
security/security.c | 5 -
3 files changed, 8 insertions(+), 8 deletions(-)
diff --
This converts LoadPin from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 5 -
security/Kconfig | 2 +-
security/loadpin/loadpin.c | 8 +++-
security/security.c| 1 -
4 files change
This moves the string handling for "security=" boot parameter into
a stored pointer instead of a string duplicate. This will allow
easier handling of the string when switching logic to use the coming
enable/disable infrastructure.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by
In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the
soon-to-be redundant SECURITY_SELINUX_BOOTPARAM_VALUE. Since explicit
ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or
not, this CONFIG will become effectively ignored, so remove it. However,
in order to
Provide a way to explicitly choose LSM initialization order via the new
"lsm=" comma-separated list of LSMs.
Signed-off-by: Kees Cook
---
Documentation/admin-guide/kernel-parameters.txt | 4
security/Kconfig| 3 ++-
security/security.c
This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.
Signed-off-by: Kees Cook
---
security/Kconfig| 9 +
security/security.c | 27 ++-
2 files ch
In order to both support old "security=" Legacy Major LSM selection, and
handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates
the selection logic to handle them.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
security/apparmor/lsm.
Hi Guenter,
On Wed, Oct 10, 2018 at 04:43:00PM -0700, Guenter Roeck wrote:
> > > The effort to do all this using CPU cycles would in most if not all cases
> > > outweigh any perceived power savings. As such, I just don't see the
> > > practical use case.
> >
> > It really depends on the use case
Avoid copy/paste by defining SECURITY_INIT in terms of SECURITY_INITCALL.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
Reviewed-by: John Johansen
---
include/asm-generic/vmlinux.lds.h | 13 ++---
1 file changed, 6 insertions(+), 7 deletions(-)
diff
For a while now, the LSM core has said it was "initializED", rather than
"initializING". This adjust the report to be more accurate (i.e. before
this was reported before any LSMs had been initialized.)
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
Reviewed-by:
v5:
- redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
- dropped various Reviewed-bys due to rather large refactoring
v4:
- add Reviewed-bys.
- cosmetic tweaks.
- New patches to fully centralize LSM "enable" decisions:
LSM: Finalize centralized LSM enabling logic
appar
Booting with "lsm.debug" will report future details on how LSM ordering
decisions are being made.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: John Johansen
Reviewed-by: James Morris
---
.../admin-guide/kernel-parameters.txt | 2 ++
security/security.c
LSM initialization failures have traditionally been ignored. We should
at least WARN when something goes wrong.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: John Johansen
---
security/security.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/securi
Instead of using argument-based initializers, switch to defining the
contents of struct lsm_info on a per-LSM basis. This also drops
the final use of the now inaccurate "initcall" naming.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
---
include/linux/lsm_hook
For what are marked as the Legacy Major LSMs, make them effectively
exclusive when selected on the "security=" boot parameter, to handle
the future case of when a previously major LSMs become non-exclusive
(e.g. when TOMOYO starts blob-sharing).
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufl
This constructs an ordered list of LSMs to initialize, using a hard-coded
list of only "integrity": minor LSMs continue to have direct hook calls,
and major LSMs continue to initialize separately.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
security/security.c | 58 +++
This adds a flag for the current "major" LSMs to distinguish them when
we have a universal method for ordering all LSMs. It's called "legacy"
since the distinction of "major" will go away in the blob-sharing world.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: John Johansen
In preparation for lifting the "is this LSM enabled?" logic out of the
individual LSMs, pass in any special enabled state tracking (as needed
for SELinux, AppArmor, and LoadPin). This should be an "int" to include
handling any future cases where "enabled" is exposed via sysctl which
has no "bool" t
As a prerequisite to adjusting LSM selection logic in the future, this
moves the selection logic up out of the individual major LSMs, making
their init functions only run when actually enabled. This considers all
LSMs enabled by default unless they specified an external "enable"
variable.
Signed-o
Since the struct lsm_info table is not an initcall, we can just move it
into INIT_DATA like all the other tables.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: John Johansen
Reviewed-by: James Morris
---
arch/arc/kernel/vmlinux.lds.S| 1 -
arch/arm/kernel/vmlinux
In preparation for doing more interesting LSM init probing, this converts
the existing initcall system into an explicit call into a function pointer
from a section-collected struct lsm_info array.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
Reviewed-by: John
This provides a place for ordered LSMs to be initialized, separate from
the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to
ordered_lsm_init(), but it will change drastically in later patches.
What is not obvious in the patch is that this change moves the integrity
LSM from majo
In preparation for making LSM selections outside of the LSMs, include
the name of LSMs in struct lsm_info.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
security/apparmor/lsm.c| 1 +
security/integrity/iint.c | 1 +
security/selinux/hooks.c |
LoadPin's "enabled" setting is really about enforcement, not whether
or not the LSM is using LSM hooks. Instead, split this out so that LSM
enabling can be logically distinct from whether enforcement is happening
(for example, the pinning happens when the LSM is enabled, but the pin
is only checked
This partially reverts commit 58eacfffc417 ("init, tracing: instrument
security and console initcall trace events") since security init calls
are about to no longer resemble regular init calls.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
---
security/securit
In preparation for switching from initcall to just a regular set of
pointers in a section, rename the internal section name.
Signed-off-by: Kees Cook
Reviewed-by: Casey Schaufler
Reviewed-by: James Morris
Reviewed-by: John Johansen
---
include/asm-generic/vmlinux.lds.h | 10 +-
includ
Hi Nicolin,
On Wed, Oct 10, 2018 at 04:09:07PM -0700, Nicolin Chen wrote:
> Hello Guenter,
>
> On Wed, Oct 10, 2018 at 06:22:39AM -0700, Guenter Roeck wrote:
>
> > > The hwmon core now has a new optional mode interface. So this patch
> > > just implements this mode support so that user space can
Hello Guenter,
On Wed, Oct 10, 2018 at 06:22:39AM -0700, Guenter Roeck wrote:
> > The hwmon core now has a new optional mode interface. So this patch
> > just implements this mode support so that user space can check and
> > configure via sysfs node its operating modes: power-down, one-shot,
> >
Hi Nicolin,
On Wed, Oct 10, 2018 at 02:13:57PM -0700, Nicolin Chen wrote:
> Hi Guenter,
>
> On Wed, Oct 10, 2018 at 06:08:30AM -0700, Guenter Roeck wrote:
> > > +available_modes The available operating modes of the chip.
> > > + This should be short, lowercase string, not containing
> > >
Hi Guenter,
On Wed, Oct 10, 2018 at 06:08:30AM -0700, Guenter Roeck wrote:
> > +available_modes The available operating modes of the chip.
> > + This should be short, lowercase string, not containing
> > + whitespace, or the wildcard character '*'.
> > + This attribut
Thanks, the update to the documentation looks great!!
I think lockdep_is_held() should be better documented, but that should
be done in the lockdep docs, not the RCU documentation.
- Ted
On Tue, Oct 09, 2018 at 12:50:49PM +0100, Will Deacon wrote:
> On Tue, Oct 09, 2018 at 11:02:01AM +0100, Punit Agrawal wrote:
> > Randy Dunlap writes:
> >
> > > On 10/8/18 3:03 AM, Punit Agrawal wrote:
> > >> Arm v8 architecture supports multiple page sizes - 4k, 16k and
> > >> 64k. Based on the
On Sunday, October 7, 2018 4:42:10 PM CEST Jonathan Corbet wrote:
> Just FYI, I'll hold this until after the start of the merge window.
Ok
> This is starting to be quite a bit of translated material! Are you sure
> you're up to maintaining it all as the documents evolve?
Short answer:
yes
Long
On Fri, 2018-10-05 at 10:26 -0700, Eugene Syromiatnikov wrote:
> On Fri, Oct 05, 2018 at 10:07:46AM -0700, Andy Lutomirski wrote:
> > On Fri, Oct 5, 2018 at 10:03 AM Yu-cheng Yu wrote:
> > >
> > > On Fri, 2018-10-05 at 09:28 -0700, Andy Lutomirski wrote:
> > > > > On Oct 5, 2018, at 9:13 AM, Yu-c
On 2018-10-10 8:42 a.m., Wesley Sheng wrote:
> From: Wesley Yung
>
> The ntb_hw_switchtec driver has requirements on kernel configuration
> so we add these notes to the documentation and also clean up a few
> other sentences in the documentation.
>
> Signed-off-by: Wesley Yung
> Signed-off-
On 10/10/18 7:56 AM, John Garry wrote:
> This patch fixes a couple of punctuation nits which can make the document
> more correct and readable.
>
> Also missing "()" are added to some function references for consistency.
>
> Signed-off-by: John Garry
Acked-by: Randy Dunlap
thanks,
--
~Randy
On Tue, Oct 09, 2018 at 09:01:59PM -0700, Joel Fernandes wrote:
> On Tue, Oct 09, 2018 at 08:09:06PM -0700, Paul E. McKenney wrote:
> > On Mon, Oct 08, 2018 at 06:33:41PM -0700, Joel Fernandes (Google) wrote:
> > > whatisRCU says rcu_dereference cannot be used outside of rcu read lock
> > > protect
On Wed, Oct 10, 2018 at 04:10:21PM +0200, Eugene Syromiatnikov wrote:
> I have some questions regarding AArch64 ILP32 implementation for which I
> failed to find an answer myself:
> * How ptrace() tracer is supposed to distinguish between ILP32 and LP64
>tracees? For MIPS N32 and x32 this is p
This patch fixes a couple of punctuation nits which can make the document
more correct and readable.
Also missing "()" are added to some function references for consistency.
Signed-off-by: John Garry
diff --git a/Documentation/scheduler/completion.txt
b/Documentation/scheduler/completion.txt
i
On 10/10/18 15:10, Eugene Syromiatnikov wrote:
> * What's the reasoning behind capping syscall arguments to 32 bit? x32
>and MIPS N32 do not have such a restriction (and do not need special
>wrappers for syscalls that pass 64-bit values as a result, except
>when they do, as it is the
On 10/10/18, Eugene Syromiatnikov wrote:
> On Tue, Jul 24, 2018 at 08:39:57PM +0300, Yury Norov wrote:
>> Hi all,
>>
>> + Pavel Machek, Palmer Dabbelt, Wookey.
>>
>> On Wed, May 16, 2018 at 11:18:45AM +0300, Yury Norov wrote:
>> > This series enables AARCH64 with ILP32 mode.
>> >
>> > As supportin
On Tue, Jul 24, 2018 at 08:39:57PM +0300, Yury Norov wrote:
> Hi all,
>
> + Pavel Machek, Palmer Dabbelt, Wookey.
>
> On Wed, May 16, 2018 at 11:18:45AM +0300, Yury Norov wrote:
> > This series enables AARCH64 with ILP32 mode.
> >
> > As supporting work, it introduces ARCH_32BIT_OFF_T configurat
On Wed, Oct 3, 2018 at 7:32 PM, Catalin Marinas wrote:
> On Tue, Oct 02, 2018 at 03:12:42PM +0200, Andrey Konovalov wrote:
>> diff --git a/Documentation/arm64/tagged-pointers.txt
>> b/Documentation/arm64/tagged-pointers.txt
>> index a25a99e82bb1..ae877d185fdb 100644
>> --- a/Documentation/arm64/t
Hi Nicolin,
On 10/09/2018 09:33 PM, Nicolin Chen wrote:
The hwmon core now has a new optional mode interface. So this patch
just implements this mode support so that user space can check and
configure via sysfs node its operating modes: power-down, one-shot,
and continuous modes.
One-shot mod
Hi Nicolin,
On 10/09/2018 09:33 PM, Nicolin Chen wrote:
There are a few hwmon sensors support different operating modes,
for example, one-shot and continuous modes. So it's probably not
a bad idea to abstract a mode sysfs node as a common feature in
the hwmon core.
Right beside the hwmon device
Hi Nikolay, I sent this one to Mike at the end of September.("dm
flakey: add error_writes to documentation -
"https://www.redhat.com/archives/dm-devel/2018-September/msg00146.html).
Unsure if he has picked it up or not.
Best Regards,
John Pittman
Customer Engagement and Experience
Red Hat Inc.
O
Hi Ganapatrao,
On 21/06/18 07:33, Ganapatrao Kulkarni wrote:
This patch adds a perf driver for the PMU UNCORE devices DDR4 Memory
Controller(DMC) and Level 3 Cache(L3C).
ThunderX2 has 8 independent DMC PMUs to capture performance events
corresponding to 8 channels of DDR4 Memory Controller and
From: Wesley Yung
The ntb_hw_switchtec driver has requirements on kernel configuration
so we add these notes to the documentation and also clean up a few
other sentences in the documentation.
Signed-off-by: Wesley Yung
Signed-off-by: Kelvin Cao
Signed-off-by: Wesley Sheng
---
Documentation/
On 10/10/2018 09:19, Ingo Molnar wrote:
>
> * Juergen Gross wrote:
>
>> You can just dive into the discussion we had back in February:
>
> That was half a year and a thousand commits ago! ;-)
Yes. :-)
>
>> https://lore.kernel.org/lkml/20180213163244.j2zuxyhs4kbfh...@gmail.com/
>>
>> The sche
* Juergen Gross wrote:
> You can just dive into the discussion we had back in February:
That was half a year and a thousand commits ago! ;-)
> https://lore.kernel.org/lkml/20180213163244.j2zuxyhs4kbfh...@gmail.com/
>
> The scheme I have used in V5 of the series is the one you agreed to use
>
61 matches
Mail list logo
