From: Michael Kelley
Add documentation topic for PCI pass-thru devices in Linux guests
on Hyper-V and for the associated PCI controller driver (pci-hyperv.c).
Signed-off-by: Michael Kelley
---
Documentation/virt/hyperv/index.rst | 1 +
Documentation/virt/hyperv/vpci.rst | 316 ++
On Wed, Feb 14, 2024 at 03:09:53PM -0500, Konstantin Ryabitsev wrote:
> The mailman2 server running on lists.linuxfoundation.org will be shut
> down in very imminent future. Update all instances of obsolete list
> addresses throughout the tree with their new destinations.
>
> Signed-off-by: Konsta
Trilok Soni writes:
> On 2/2/2024 9:06 AM, Carlos Bilbao wrote:
>> On 2/2/24 10:48, Greg KH wrote:
>>> On Fri, Feb 02, 2024 at 09:41:19AM -0700, Jeffrey Hugo wrote:
The servers for the @codeaurora domain have long been retired and any
messages addressed to @codeaurora will bounce.
-L: virtualizat...@lists.linux-foundation.org
+L: virtualizat...@lists.linux.dev
S: Maintained
F: drivers/vfio/pci/virtio
---
base-commit: 7e90b5c295ec1e47c8ad865429f046970c549a66
change-id: 20240214-lf-org-list-migration-0f81f19a1333
Best regards,
--
Konstantin Ryabitsev
On Wed, Feb 14, 2024 at 08:45:19AM +0100, Greg Kroah-Hartman wrote:
> On Wed, Feb 14, 2024 at 07:43:32AM +0100, Greg Kroah-Hartman wrote:
> > On Tue, Feb 13, 2024 at 02:35:24PM -0800, Kees Cook wrote:
> > > On Tue, Feb 13, 2024 at 07:48:12PM +0100, Greg Kroah-Hartman wrote:
> > > > +No CVEs will be
On Tue, 13 Feb 2024 14:59:11 -0800 Suren Baghdasaryan wrote:
> > > If you think you can easily achieve what Michal requested without all
> > > that,
> > > good.
> >
> > He requested something?
>
> Yes, a cleaner instrumentation. Unfortunately the cleanest one is not
> possible until the compile
On 2/13/24 23:15, Greg Kroah-Hartman wrote:
> On Tue, Feb 13, 2024 at 11:56:42AM -0800, Randy Dunlap wrote:
>>> +As part of the normal stable release process, kernel changes that are
>>> +potentially security issues are identified by the developers responsible
>>> +for CVE number assignments and
On Wed, Feb 14, 2024 at 03:46:12PM +0100, Jiri Kosina wrote:
> On Wed, 14 Feb 2024, Mark Brown wrote:
> > There's an argument for many headphone volume related fixes too since
> > excessively large volumes can cause substantial distress and potential
> > injury to users (I can't remember if that f
On Wed, Feb 14, 2024 at 03:38:52PM +0100, Jiri Kosina wrote:
> On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
>
> > The people that make up the current team, Lee, Sasha, and I, have a LONG
> > history of fixing and triaging and managing security bugs for the
> > kernel, in the community and in cor
On Wed, 14 Feb 2024, Mark Brown wrote:
> Not addressing your point in general but the speaker volume limiting is
> security relevant, that change prevents physical damage to the system.
> There's an argument for many headphone volume related fixes too since
> excessively large volumes can cause su
On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
> The people that make up the current team, Lee, Sasha, and I, have a LONG
> history of fixing and triaging and managing security bugs for the
> kernel, in the community and in corporate environments. We know how to
> do this as we have been doing it
From: Roberto Sassu
IMA invalidates the cached verification result on file content/metadata
update, so that the file is evaluated again at next access.
While until now checking modifications on the file was sufficient to
determine if the cached verification result is still valid, that no longer
From: Roberto Sassu
Similarly to measurement, enable the new appraisal style too using digest
caches.
Instead of verifying individual file signatures, verify the signature of
lists of digests and search calculated file digests in those lists.
The benefits are that signed lists of digests alread
From: Roberto Sassu
Introduce a new measurement style using digest caches, which can be
performed exclusively on non-standard PCRs, to avoid ambiguity.
While a measurement on the standard PCR means that a file was accessed and
had the measured content, a measurement with the digest cache means o
From: Roberto Sassu
The digest_cache LSM allows integrity providers to record how the digest
list being used to populate the digest cache was verified.
Integrity providers can register a kernel_post_read_file LSM hook
implementation, and call digest_cache_verif_set() providing the result of
the
From: Roberto Sassu
Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
the kernel command line to add the following rule at the beginning of the
IMA policy, before other rules:
measure func=DIGEST_LIST_CHECK pcr=12
which will measure digest lists into PCR 12 (or the value
From: Roberto Sassu
Add the 'digest_cache=' policy keyword, to enable the usage of digest
caches for specific IMA actions and purposes.
At the moment, it accepts only 'content' as value, as digest caches can be
only used only for measurement and appraisal of file content. In the
future, it might
From: Roberto Sassu
Invoking digest_cache_get() inside the iint->mutex critical region can
cause deadlocks due to the fact that IMA can be recursively invoked for
reading the digest list. The deadlock would occur if the digest_cache LSM
attempts to read the same inode that is already locked by IM
From: Roberto Sassu
Introduce a new hook to check the integrity of digest lists.
The new hook is invoked during a kernel read with file type
READING_DIGEST LIST, which is done by the digest_cache LSM when it is
populating a digest cache with a digest list.
Signed-off-by: Roberto Sassu
---
Doc
From: Roberto Sassu
One of the IMA shortcomings over the years has been the availability of
reference digest values for appraisal. Recently, the situation improved
and some Linux distributions are including file signatures.
The digest_cache LSM takes a different approach. Instead of requiring
Li
On Wed, Feb 14, 2024 at 01:55:43PM +, Mark Brown wrote:
> On Wed, Feb 14, 2024 at 02:43:48PM +0100, Jiri Kosina wrote:
> > On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
>
> > > +No CVEs will be automatically assigned for unfixed security issues in
> > > +the Linux kernel; assignment will only
On Wed, Feb 14, 2024 at 02:43:48PM +0100, Jiri Kosina wrote:
> On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
>
> > +No CVEs will be automatically assigned for unfixed security issues in
> > +the Linux kernel; assignment will only automatically happen after a fix
> > +is available and applied to a
On Wed, Feb 14, 2024 at 02:43:48PM +0100, Jiri Kosina wrote:
> On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
> > +No CVEs will be automatically assigned for unfixed security issues in
> > +the Linux kernel; assignment will only automatically happen after a fix
> > +is available and applied to a s
On Wed, 14 Feb 2024, Greg Kroah-Hartman wrote:
> +No CVEs will be automatically assigned for unfixed security issues in
> +the Linux kernel; assignment will only automatically happen after a fix
> +is available and applied to a stable kernel tree, and it will be tracked
> +that way by the git comm
On Wed, Feb 14, 2024 at 09:00:30AM +0100, Greg Kroah-Hartman wrote:
> +A list of all assigned CVEs for the Linux kernel can be found in the
> +archives of the linux-cve mailing list, as seen on
> +https://lore.kernel.org/linux-cve-announce/. To get notice of the
> +assigned CVEs, please subscribe
On 14/02/2024 09:00, Greg Kroah-Hartman wrote:
> The Linux kernel project now has the ability to assign CVEs to fixed
> issues, so document the process and how individual developers can get a
> CVE if one is not automatically assigned for their fixes.
>
> Reviewed-by: Kees Cook
> Signed-off-by: G
On 14/02/2024 09:00, Greg Kroah-Hartman wrote:
diff --git a/Documentation/process/cve.rst b/Documentation/process/cve.rst
new file mode 100644
index ..6465e6a79c18
--- /dev/null
+++ b/Documentation/process/cve.rst
@@ -0,0 +1,120 @@
+CVEs
+
Document titles should have abov
On Wed, Feb 14, 2024 at 9:01 AM Greg Kroah-Hartman
wrote:
>
> The Linux kernel project now has the ability to assign CVEs to fixed
> issues, so document the process and how individual developers can get a
> CVE if one is not automatically assigned for their fixes.
>
> Reviewed-by: Kees Cook
> Sig
The Linux kernel project now has the ability to assign CVEs to fixed
issues, so document the process and how individual developers can get a
CVE if one is not automatically assigned for their fixes.
Reviewed-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Sasha Levin
Signed-off-b
29 matches
Mail list logo
