On Mon, Nov 05, 2018 at 11:29:27PM -0800, Randy Dunlap wrote:
> On 11/5/18 10:35 PM, Mike Rapoport wrote:
> > On Mon, Nov 05, 2018 at 01:12:40PM -0800, Matthew Wilcox wrote:
> >> On Mon, Nov 05, 2018 at 09:58:15PM +0200, Mike Rapoport wrote:
> >>> @@ -21,10 +21,10 @@ Virtual Memory Primer
> >>> Th
On Mon, Nov 5, 2018 at 7:47 PM, Amir Goldstein wrote:
> On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn wrote:
>>
>> By default, all access to the upper, lower and work directories is the
>> recorded mounter's MAC and DAC credentials. The incoming accesses are
>> checked against the caller's credent
On Tue, Nov 6, 2018 at 8:47 AM Peng Hao wrote:
>
> Make header files alphabetical order.
>
Reviewed-by: Andy Shevchenko
> Signed-off-by: Peng Hao
> ---
> drivers/misc/pvpanic.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/pvpanic.c b/drivers/misc/pvpan
On Mon, Oct 15, 2018 at 04:29:29PM -0400, Waiman Long wrote:
> + * Called with cpuset_mutex held.
> + */
> +static int update_parent_subparts_cpumask(struct cpuset *cpuset, int cmd,
> + struct cpumask *newmask,
> + struct t
On Mon, Oct 15, 2018 at 04:29:30PM -0400, Waiman Long wrote:
> Handling error returned by update_parent_subparts_cpumask() in
> update_cpumasks_hier() is problematic as the states may become
> inconsistent. To avoid that and increase flexibility in handling other
> error cases, a new error state (-
On Mon, Oct 15, 2018 at 04:29:30PM -0400, Waiman Long wrote:
> + spin_lock_irq(&callback_lock);
> + clear_bit(CS_CPU_EXCLUSIVE, &cp->flags);
> + spin_unlock_irq(&callback_lock);
A single atomic bitop wrapped in a s
On Mon, Oct 15, 2018 at 04:29:30PM -0400, Waiman Long wrote:
> + case PRS_ENABLED:
> + if (update_parent_subparts_cpumask(cp,
> + partcmd_update, NULL, tmp))
> + update_tasks_cpum
On Mon, Oct 15, 2018 at 04:29:35PM -0400, Waiman Long wrote:
> The cgroup-v2.rst file is updated to document the purpose of the new
> "cpuset.sched.partition" flag and how its usage.
>
> Signed-off-by: Waiman Long
> ---
> Documentation/admin-guide/cgroup-v2.rst | 66 +
>
On Mon, Nov 05, 2018 at 08:36:56AM -0800, Tejun Heo wrote:
> Hello,
>
> So, this looks good to me. Peter, I'm gonna roll the series into
> cgroup/for-4.21-cpuset. Please holler if you have any objections /
> comments.
Mostly nits, except I think the interface for cpuset.sched.partition
needs to
On Tue, Nov 06, 2018 at 12:53:35PM +0100, Peter Zijlstra wrote:
> On Mon, Nov 05, 2018 at 08:36:56AM -0800, Tejun Heo wrote:
> > Hello,
> >
> > So, this looks good to me. Peter, I'm gonna roll the series into
> > cgroup/for-4.21-cpuset. Please holler if you have any objections /
> > comments.
>
On Mon, Oct 15, 2018 at 04:29:37PM -0400, Waiman Long wrote:
> Currently, cpuset.sched.partition returns the values, 0, 1 or -1 on
> read. A person who is not familiar with the partition code may not
> understand what they mean.
>
> In order to make cpuset.sched.partition more user-friendly, it wi
On Mon, Nov 05, 2018 at 10:43:46AM -0500, Waiman Long wrote:
> The idea of using the cyclic mode to reduce id reuse came from Manfred
> Spraul . There may be a little bit of
> additional memory/performance overhead in doing cyclic id allocation,
> but it is a slow path anyway and a bit of overhead
On Mon 05-11-18 13:22:05, Daniel Colascione wrote:
> State explicitly that holding a /proc/pid file descriptor open does
> not reserve the PID. Also note that in the event of PID reuse, these
> open file descriptors refer to the old, now-dead process, and not the
> new one that happens to be named
On Mon, Nov 05, 2018 at 10:43:43AM -0500, Waiman Long wrote:
> The maximum number of unique System V IPC identifiers was limited to
> 32k. That limit should be big enough for most use cases.
>
> However, there are some users out there requesting for more, especially
> those that are migrating fro
Intel(R) SGX is a set of CPU instructions that can be used by applications
to set aside private regions of code and data. The code outside the enclave
is disallowed to access the memory inside the enclave by the CPU access
control. In a way you can think that SGX provides inverted sandbox. It
prot
Documentation of the features of the Software Guard eXtensions used
by the Linux kernel and basic design choices for the core and driver
and functionality.
Signed-off-by: Jarkko Sakkinen
---
Documentation/index.rst | 1 +
Documentation/x86/index.rst | 8 ++
Documentation/x86/inte
On 11/06/2018 06:55 AM, Peter Zijlstra wrote:
> On Tue, Nov 06, 2018 at 12:53:35PM +0100, Peter Zijlstra wrote:
>> On Mon, Nov 05, 2018 at 08:36:56AM -0800, Tejun Heo wrote:
>>> Hello,
>>>
>>> So, this looks good to me. Peter, I'm gonna roll the series into
>>> cgroup/for-4.21-cpuset. Please holl
On 11/06/2018 06:50 AM, Peter Zijlstra wrote:
> On Mon, Oct 15, 2018 at 04:29:35PM -0400, Waiman Long wrote:
>> The cgroup-v2.rst file is updated to document the purpose of the new
>> "cpuset.sched.partition" flag and how its usage.
>>
>> Signed-off-by: Waiman Long
>> ---
>> Documentation/admin-g
Hello, again, guys.
On Tue, Nov 06, 2018 at 09:09:07AM -0500, Tejun Heo wrote:
> Hello, Waiman, Peter.
>
> Let's skip this patch for now. I'll think more about the interface and
> adapt your patch later.
Sorry about the last message. I thought I configured web interface
but obviously didn't and
On 11/06/2018 06:37 AM, Peter Zijlstra wrote:
> On Mon, Oct 15, 2018 at 04:29:30PM -0400, Waiman Long wrote:
>> Handling error returned by update_parent_subparts_cpumask() in
>> update_cpumasks_hier() is problematic as the states may become
>> inconsistent. To avoid that and increase flexibility in
Hi Richard, Helen,
On Sat, Nov 3, 2018 at 4:10 AM Richard Weinberger wrote:
>
> Helen,
>
> Am Samstag, 3. November 2018, 04:53:39 CET schrieb Helen Koike:
> > As mentioned in the discussion from the previous version of this patch,
> > Android
> > and Chrome OS do not use initramfs mostly due to
On Mon, 5 Nov 2018 09:48:33 +0100
Christoph Niedermaier wrote:
> A problem was found when EDID data sets for displays other
> than the provided samples were generated. The patch series has
> no effect on the provided samples that still match the data
> used in drivers/gpu/drm/drm_edid_load.c.
> T
New generation of AMD processors start supporting RDT(or QOS) features.
With more than one vendors supporting these features, it seems more
appropriate to rename these files.
Changed intel_rdt to resctrl where applicable.
Signed-off-by: Babu Moger
---
arch/x86/include/asm/{intel_rdt_sched.h =>
Idea is to bring all the functions that are different between the
vendors into resource structure and initialize them dynamically.
Add _intel suffix to Intel specific functions.
Following function is implemented separately for each vendors.
cbm_validate : Cache bitmask validate function. AMD allo
Update the MAINTAINERS to reflect the changed file(and documentation)
names in arch/x86/kernel/cpu. The file names have changed from
intel_rdt* to resctrl*.
Signed-off-by: Babu Moger
---
MAINTAINERS | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINE
Rename intel_rdt_ui.txt to generic resctrl_ui.txt and update the
documentation for AMD.
Signed-off-by: Babu Moger
---
Documentation/x86/{intel_rdt_ui.txt => resctrl_ui.txt} | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
rename Documentation/x86/{intel_rdt_ui.txt => resctrl_ui.tx
Introduces the new config parameter AMD_QOS. This parameter will be
used to enable cache and memory bandwidth allocation and monitoring
features on AMD processors. This will enable common config parameter
RESCTRL if selected.
Signed-off-by: Babu Moger
---
arch/x86/Kconfig | 17 -
Enables QOS feature on AMD.
Following QoS sub-features are supported in AMD if the underlying
hardware supports it.
- L3 Cache allocation enforcement
- L3 Cache occupancy monitoring
- L3 Code-Data Prioritization support
- Memory Bandwidth Enforcement(Allocation)
The specification for this feat
From: Sherry Hurwitz
The feature bit X86_FEATURE_MBA is detected via CPUID leaf 0x8008
EBX Bit 06. This bit indicates the support of AMD's MBA feature.
This feature is supported by both Intel and AMD. But they are detected
in different CPUID leaves.
Signed-off-by: Sherry Hurwitz
Signed-off
MBA software controller support is available only on Intel.
Suggested-by: Fenghua Yu
Signed-off-by: Babu Moger
---
arch/x86/kernel/cpu/resctrl_rdtgroup.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/resctrl_rdtgroup.c
b/arch/x86/kernel/cpu/resctrl
Initialize the resource functions that are different between the
vendors. Some features are initialized differently between the vendors.
Add _intel suffix to Intel specific functions.
For example, MBA feature varies significantly between Intel and AMD.
Separate the initialization of these resource
Separate the call sequence for rdt_quirks and MBA feature.
This is in preparation to handle vendor differences in these
call sequences.
Signed-off-by: Babu Moger
---
arch/x86/kernel/cpu/resctrl.c | 29 +++--
1 file changed, 23 insertions(+), 6 deletions(-)
diff --git a/a
Use newly added config parameter RESCTRL to compile sources.
This is common parameter across both Intel and AMD.
Signed-off-by: Babu Moger
---
arch/x86/include/asm/resctrl_sched.h | 4 ++--
arch/x86/kernel/cpu/Makefile | 4 ++--
include/linux/sched.h| 2 +-
3 files change
Introduces a new config parameter RESCTRL.
This will be used as a common config parameter for both Intel and AMD.
Each vendor will have their own config parameter to enable RDT feature.
One for Intel(INTEL_RDT) and one for AMD(AMD_QOS). It can be enabled or
disabled separately. The new parameter R
This series adds support for AMD64 architectural extensions for Platform
Quality of Service. These extensions are intended to provide for the
monitoring of the usage of certain system resources by one or more
processors and for the separate allocation and enforcement of limits on
the use of certain
As AMD is starting to support RDT(or QOS) features, rename
the RDT functions and definitions to more generic names.
Replace intel_rdt to resctrl where applicable.
Signed-off-by: Babu Moger
---
arch/x86/include/asm/resctrl_sched.h | 24
arch/x86/kernel/cpu/resctrl.c
Bring all the macros to resctrl.h and rename for consistency.
Signed-off-by: Babu Moger
---
arch/x86/kernel/cpu/resctrl.c | 3 ---
arch/x86/kernel/cpu/resctrl.h | 5 +
arch/x86/kernel/cpu/resctrl_monitor.c | 7 ++-
3 files changed, 7 insertions(+), 8 deletions(-)
diff --
On Tue, Nov 06, 2018 at 03:41:26PM +, Moger, Babu wrote:
> @@ -1,4 +1,7 @@
> -User Interface for Resource Allocation in Intel Resource Director Technology
> +User Interface for RESCTRL feature
"for Resource Control".
> +Intel refers to this feature as Intel Resource Director Technology(Intel(
On 11/5/18 9:49 PM, Jarkko Sakkinen wrote:
> On Mon, Nov 05, 2018 at 12:27:11PM -0800, Dave Hansen wrote:
>> The ABI seems entirely undocumented and rather lightly designed, which
>> seems like something we should fix before this is merged.
>
> ABI is documented in arch/x86/include/uapi/asm/sgx.h
From: Richard Gong
This is the 10th submission of Intel Stratix10 service layer and FPGA
manager driver patches. In this submission I have moved Stratix10 service
layer driver .c file to drivers/firmware and header files to
include/linux/firmware/intel. I have added Stratix10 service layer
docume
From: Richard Gong
Add a device tree binding for the Intel Stratix10 service layer driver
Signed-off-by: Richard Gong
Signed-off-by: Alan Tull
Reviewed-by: Rob Herring
Acked-by: Moritz Fischer
---
v2: change to put service layer driver node under the firmware node
change compatible to "i
From: Richard Gong
Some features of the Intel Stratix10 SoC require a level of privilege
higher than the kernel is granted. Such secure features include
FPGA programming. In terms of the ARMv8 architecture, the kernel runs
at Exception Level 1 (EL1), access to the features requires
Exception Leve
From: Richard Gong
Add Intel Stratix10 service layer to the device tree
Signed-off-by: Richard Gong
Signed-off-by: Alan Tull
Acked-by: Moritz Fischer
---
v2: change to put service layer driver node under the firmware node
change compatible to "intel, stratix10-svc"
v3: no change
v4: s/ser
From: Alan Tull
Add a Device Tree binding for the Intel Stratix10 SoC FPGA manager.
Signed-off-by: Alan Tull
Signed-off-by: Richard Gong
Reviewed-by: Rob Herring
---
v2: this patch is added in patch set version 2
v3: change to put fpga_mgr node under firmware/svc node
v4: s/fpga-mgr@0/fpga-mg
From: Richard Gong
Extend Intel Stratix10 service layer to support the second service layer
client, Remote Status Update (RSU).
RSU is used to provide our customers with protection against loading bas
bitstreams onto their devices when those device are booting from flash.
Signed-off-by: Richard
From: Richard Gong
Add new file stratix10-svc.rst
Add stratix10-svc.rst to driver-api/index.rst
Signed-off-by: Richard Gong
Signed-off-by: Alan Tull
---
v5: this patch is added in patch set version 5
v6: no change
v7: no change
v8: no change
v9: no change
v10: add stratix10 service layer docum
From: Alan Tull
Add driver for reconfiguring Intel Stratix10 SoC FPGA devices.
This driver communicates through the Intel Service Driver which
does communication with privileged hardware (that does the
FPGA programming) through a secure mailbox.
Signed-off-by: Alan Tull
Signed-off-by: Richard G
From: Alan Tull
Add the Stratix10 FPGA manager and a FPGA region to the
device tree.
Signed-off-by: Alan Tull
Signed-off-by: Richard Gong
---
v2: this patch is added in patch set version 2
v3: change to put fpga_mgr node under firmware/svc node
v4: s/fpga-mgr@0/fpga-mgr/ to remove unit_address
On 11/06/2018 12:39 AM, Miklos Szeredi wrote:
On Mon, Nov 5, 2018 at 7:47 PM, Amir Goldstein wrote:
On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn wrote:
@@ -1549,7 +1569,8 @@ static int ovl_fill_super(struct super_block *sb, void
*data, int silent)
ovl_dentry_lower(root
On 11/6/18 8:52 AM, richard.g...@linux.intel.com wrote:
> diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig
> index 7273e50..b6813bc 100644
> --- a/drivers/firmware/Kconfig
> +++ b/drivers/firmware/Kconfig
> @@ -216,6 +216,18 @@ config FW_CFG_SYSFS_CMDLINE
> WARNING: Using in
Hi Richard,
On Tue, Nov 06, 2018 at 10:52:52AM -0600, richard.g...@linux.intel.com wrote:
> From: Richard Gong
>
> Extend Intel Stratix10 service layer to support the second service layer
> client, Remote Status Update (RSU).
>
> RSU is used to provide our customers with protection against load
This patchset adds a new software tag-based mode to KASAN [1].
(Initially this mode was called KHWASAN, but it got renamed,
see the naming rationale at the end of this section).
The plan is to implement HWASan [2] for the kernel with the incentive,
that it's going to have comparable to KASAN perf
A tag-based KASAN shadow memory cell contains a memory tag, that
corresponds to the tag in the top byte of the pointer, that points to that
memory. The native top byte value of kernel pointers is 0xff, so with
tag-based KASAN we need to initialize shadow memory to 0xff.
Reviewed-by: Andrey Ryabini
We now have two KASAN modes: generic KASAN and tag-based KASAN. Rename
kasan.c to generic.c to reflect that. Also rename kasan_init.c to init.c
as it contains initialization code for both KASAN modes.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
m
Tag-based KASAN reuses a significant part of the generic KASAN code, so
move the common parts to common.c without any functional changes.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
mm/kasan/Makefile | 5 +-
mm/kasan/common.c | 603
This commit adds a few helper functions, that are meant to be used to
work with tags embedded in the top byte of kernel pointers: to set, to
get or to reset (set to 0xff) the top byte.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
arch/arm64/mm/kas
Tag-based KASAN changes the value of the top byte of pointers returned
from the kernel allocation functions (such as kmalloc). This patch updates
KASAN hooks signatures and their usage in SLAB and SLUB code to reflect
that.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: A
The previous patch updated KASAN hooks signatures and their usage in SLAB
and SLUB code, except for the early_kmem_cache_node_alloc function. This
patch handles that function separately, as it requires to reorder some of
the initialization code to correctly propagate a tagged pointer in case a
tag
While with SLUB we can actually preassign tags for caches with contructors
and store them in pointers in the freelist, SLAB doesn't allow that since
the freelist is stored as an array of indexes, so there are no pointers to
store the tags.
Instead we compute the tag twice, once when a slab is crea
This patch moves generic KASAN specific error reporting routines to
generic_report.c without any functional changes, leaving common error
reporting code in report.c to be later reused by tag-based KASAN.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
__kimg_to_phys (which is used by virt_to_phys) and _virt_addr_is_linear
(which is used by virt_addr_valid) assume that the top byte of the address
is 0xff, which isn't always the case with tag-based KASAN.
This patch resets the tag in those macros.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitr
Tag-based KASAN doesn't check memory accesses through pointers tagged with
0xff. When page_address is used to get pointer to memory that corresponds
to some page, the tag of the resulting pointer gets set to 0xff, even
though the allocated memory might have been tagged differently.
For slab pages
This patch updates KASAN documentation to reflect the addition of the new
tag-based mode.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
Documentation/dev-tools/kasan.rst | 232 ++
1 file changed, 138 insertions(+), 94 de
This patch adds a "SPDX-License-Identifier: GPL-2.0" mark to all source
files under mm/kasan.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
mm/kasan/common.c | 1 +
mm/kasan/generic.c| 1 +
mm/kasan/generic_report.c | 1 +
mm/kasan/
This patch adds __must_check annotations to kasan hooks that return a
pointer to make sure that a tagged pointer always gets propagated.
Signed-off-by: Andrey Konovalov
---
include/linux/kasan.h | 16 ++--
mm/kasan/common.c | 14 --
2 files changed, 18 insertions(+),
show_pte in arm64 fault handling relies on the fact that the top byte of
a kernel pointer is 0xff, which isn't always the case with tag-based
KASAN.
This patch resets the top byte in show_pte.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
arch/arm
Tag-based KASAN uses the Top Byte Ignore feature of arm64 CPUs to store a
pointer tag in the top byte of each pointer. This commit enables the
TCR_TBI1 bit, which enables Top Byte Ignore for the kernel, when tag-based
KASAN is used.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Signed-
The krealloc function checks where the same buffer was reused or a new one
allocated by comparing kernel pointers. Tag-based KASAN changes memory tag
on the krealloc'ed chunk of memory and therefore also changes the pointer
tag of the returned pointer. Therefore we need to perform comparison on
unt
This commit adds tag-based KASAN specific hooks implementation and
adjusts common generic and tag-based KASAN ones.
1. When a new slab cache is created, tag-based KASAN rounds up the size of
the objects in this cache to KASAN_SHADOW_SCALE_SIZE (== 16).
2. On each kmalloc tag-based KASAN genera
Tag-based KASAN uses 1 shadow byte for 16 bytes of kernel memory, so it
requires 1/16th of the kernel virtual address space for the shadow memory.
This commit sets KASAN_SHADOW_SCALE_SHIFT to 4 when the tag-based KASAN
mode is enabled.
Reviewed-by: Andrey Ryabinin
Reviewed-by: Dmitry Vyukov
Sig
This commit splits the current CONFIG_KASAN config option into two:
1. CONFIG_KASAN_GENERIC, that enables the generic KASAN mode (the one
that exists now);
2. CONFIG_KASAN_SW_TAGS, that enables the software tag-based KASAN mode.
The name CONFIG_KASAN_SW_TAGS is chosen as in the future we will h
An object constructor can initialize pointers within this objects based on
the address of the object. Since the object address might be tagged, we
need to assign a tag before calling constructor.
The implemented approach is to assign tags to objects with constructors
when a slab is allocated and c
This commit adds rountines, that print tag-based KASAN error reports.
Those are quite similar to generic KASAN, the difference is:
1. The way tag-based KASAN finds the first bad shadow cell (with a
mismatching tag). Tag-based KASAN compares memory tags from the shadow
memory to the pointer t
Tag-based KASAN inline instrumentation mode (which embeds checks of shadow
memory into the generated code, instead of inserting a callback) generates
a brk instruction when a tag mismatch is detected.
This commit adds a tag-based KASAN specific brk handler, that decodes the
immediate value passed
On Tue, Nov 06, 2018 at 07:53:05AM -0800, Matthew Wilcox wrote:
> > -This feature is enabled by the CONFIG_INTEL_RDT Kconfig and the
> > -X86 /proc/cpuinfo flag bits:
> > +This feature is enabled by the CONFIG_INTEL_RDT Kconfig(for Intel) or
> > +CONFIG_AMD_QOS(for AMD) and the X86 /proc/cpuinfo fl
On 10/11/18 8:15 AM, Yu-cheng Yu wrote:
> --- a/arch/x86/mm/fault.c
> +++ b/arch/x86/mm/fault.c
> @@ -1305,6 +1305,15 @@ __do_page_fault(struct pt_regs *regs, unsigned long
> error_code,
> error_code |= X86_PF_USER;
> flags |= FAULT_FLAG_USER;
> } else {
> +
Hi Matthew,
On 11/6/18 11:41 AM, Matthew Wilcox wrote:
> On Tue, Nov 06, 2018 at 07:53:05AM -0800, Matthew Wilcox wrote:
>>> -This feature is enabled by the CONFIG_INTEL_RDT Kconfig and the
>>> -X86 /proc/cpuinfo flag bits:
>>> +This feature is enabled by the CONFIG_INTEL_RDT Kconfig(for Intel) or
Hi Richard,
On Tue, Nov 06, 2018 at 10:52:48AM -0600, richard.g...@linux.intel.com wrote:
> From: Alan Tull
>
> Add a Device Tree binding for the Intel Stratix10 SoC FPGA manager.
>
> Signed-off-by: Alan Tull
> Signed-off-by: Richard Gong
> Reviewed-by: Rob Herring
Acked-by: Moritz Fischer
On Tue, Nov 6, 2018 at 10:43 AM Dave Hansen wrote:
>
> On 10/11/18 8:15 AM, Yu-cheng Yu wrote:
> > --- a/arch/x86/mm/fault.c
> > +++ b/arch/x86/mm/fault.c
> > @@ -1305,6 +1305,15 @@ __do_page_fault(struct pt_regs *regs, unsigned long
> > error_code,
> > error_code |= X86_PF_USER;
>
On Mon, Nov 05, 2018 at 01:21:14PM -0800, Mark Salyzyn wrote:
> By default, all access to the upper, lower and work directories is the
> recorded mounter's MAC and DAC credentials. The incoming accesses are
> checked against the caller's credentials.
>
> If the principles of least privilege are a
On Tue, 2018-11-06 at 10:43 -0800, Dave Hansen wrote:
> On 10/11/18 8:15 AM, Yu-cheng Yu wrote:
> > --- a/arch/x86/mm/fault.c
> > +++ b/arch/x86/mm/fault.c
> > @@ -1305,6 +1305,15 @@ __do_page_fault(struct pt_regs *regs, unsigned long
> > error_code,
> > error_code |= X86_PF_USER;
> >
On Sun, 4 Nov 2018 22:59:13 +1100
Aleksa Sarai wrote:
> The same issue is present in __save_stack_trace
> (arch/x86/kernel/stacktrace.c). This is likely the only reason that --
> as Steven said -- stacktraces wouldn't work with ftrace-graph (and thus
> with the refactor both of you are discussing
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-doc@vg
By default, all access to the upper, lower and work directories is the
recorded mounter's MAC and DAC credentials. The incoming accesses are
checked against the caller's credentials.
If the principles of least privilege are applied, the mounter's
credentials might not overlap the credentials of t
84 matches
Mail list logo
