On Tue, Dec 11, 2018 at 10:51:48AM +0100, Rafael J. Wysocki wrote:
> On Mon, Dec 10, 2018 at 11:51 PM Peter Zijlstra wrote:
> > Dunno; it could be cold cachelines, at which point it can be fairly
> > expensive. Also, being stuck with API is fairly horrible if you want to
> > 'fix' it.
>
> All of
In order to have a common code base for fscrypt & fsverity "post read"
processing across filesystems which implement fscrypt/fsverity, this
commit removes filesystem specific build config option
(CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY,
CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and
In order to have a common code base for fscrypt "post read" processing
for all filesystems which support encryption, this commit removes
filesystem specific build config option (e.g. CONFIG_EXT4_FS_ENCRYPTION)
and replaces it with a build option (i.e. CONFIG_FS_ENCRYPTION) whose
value affects all t
This commit removes the f2fs specific f2fs_encrypted_inode() and makes
use of the generic IS_ENCRYPTED() macro to check for the encryption
status of an inode.
Acked-by: Chao Yu
Reviewed-by: Eric Biggers
Signed-off-by: Chandan Rajendra
---
fs/f2fs/data.c | 4 ++--
fs/f2fs/dir.c | 10 +--
Similar to S_ENCRYPTED/IS_ENCRYPTED(), this commit adds
S_VERITY/IS_VERITY() to be able to check if a VFS inode has verity
information associated with it.
Reviewed-by: Eric Biggers
Signed-off-by: Chandan Rajendra
---
include/linux/fs.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/inclu
In order to have a common code base for fsverity "post read" processing
for all filesystems which support fsverity, this commit removes
filesystem specific build config option (e.g. CONFIG_EXT4_FS_VERITY)
and replaces it with a build option (i.e. CONFIG_FS_VERITY) whose
value affects all the filesy
This commit removes the ext4 specific ext4_verity_inode() and makes
use of the generic IS_ENCRYPTED() macro or ext4_test_inode_flag() to
check for the encryption status of an inode.
Reviewed-by: Eric Biggers
Signed-off-by: Chandan Rajendra
---
fs/ext4/ext4.h | 9 -
fs/ext4/file.c
This commit removes the f2fs specific f2fs_verity_file() and makes use
of the generic IS_VERITY() macro or file_is_verity() to check for the
verity status of an inode.
Reviewed-by: Eric Biggers
Signed-off-by: Chandan Rajendra
---
fs/f2fs/f2fs.h | 7 +--
fs/f2fs/file.c | 6 +++---
fs/f2fs/
Instead of conditionally checking for verity status of an inode before
invoking fsverity_prepare_setattr(), this commit moves the check inside the
definition of fsverity_prepare_setattr().
Signed-off-by: Chandan Rajendra
(EB: fix the !CONFIG_FS_VERITY case and inline the IS_VERITY() check)
Signed
Instead of conditionally checking for verity status of an inode before
invoking fsverity_file_open(), this commit moves the check inside the
definition of fsverity_file_open().
Signed-off-by: Chandan Rajendra
(EB: fix the !CONFIG_FS_VERITY case and inline the IS_VERITY() check)
Signed-off-by: Eri
On Wed, 12 Dec 2018 at 10:46, Peter Zijlstra wrote:
>
> On Tue, Dec 11, 2018 at 10:51:48AM +0100, Rafael J. Wysocki wrote:
> > On Mon, Dec 10, 2018 at 11:51 PM Peter Zijlstra
> > wrote:
>
> > > Dunno; it could be cold cachelines, at which point it can be fairly
> > > expensive. Also, being stuck
This commit removes the ext4 specific ext4_encrypted_inode() and makes
use of the generic IS_ENCRYPTED() macro to check for the encryption
status of an inode.
Reviewed-by: Eric Biggers
Signed-off-by: Chandan Rajendra
---
fs/ext4/dir.c | 8
fs/ext4/ext4.h| 5 -
fs/
On Wed, Dec 12, 2018 at 10:57 AM Ulf Hansson wrote:
>
> On Wed, 12 Dec 2018 at 10:46, Peter Zijlstra wrote:
> >
> > On Tue, Dec 11, 2018 at 10:51:48AM +0100, Rafael J. Wysocki wrote:
> > > On Mon, Dec 10, 2018 at 11:51 PM Peter Zijlstra
> > > wrote:
> >
> > > > Dunno; it could be cold cacheline
On Mon, Dec 10, 2018 at 3:31 PM Vincenzo Frascino
wrote:
>
> On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence
> the userspace (EL0) is allowed to set a non-zero value in the top
> byte but the resulting pointers are not allowed at the user-kernel
> syscall ABI boundary.
>
> This pa
Hi Andrey,
On Wed, Dec 12, 2018 at 03:23:25PM +0100, Andrey Konovalov wrote:
> On Mon, Dec 10, 2018 at 3:31 PM Vincenzo Frascino
> wrote:
> > On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence
> > the userspace (EL0) is allowed to set a non-zero value in the top
> > byte but the res
On Tue, Dec 11, 2018 at 5:22 PM Vincenzo Frascino
wrote:
>
> Hi Andrey,
>
> On 06/12/2018 12:24, Andrey Konovalov wrote:
> > This commit adds tag-based KASAN specific hooks implementation and
> > adjusts common generic and tag-based KASAN ones.
> >
> > 1. When a new slab cache is created, tag-base
On Tue, 2018-12-11 at 22:50 -0800, David Miller wrote:
> From: Mike Rapoport
> Date: Sun, 9 Dec 2018 18:09:51 +0200
>
> > The documentation of Intel drivers is missing the heading adornment
> > for
> > document titles.
> >
> > This causes the generated html to have TOC entries from these
> > do
On Mon, Dec 10, 2018 at 01:50:57PM +0100, Andrey Konovalov wrote:
> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
> tags into the top byte of each pointer. Userspace programs (such as
> HWASan, a memory debugging tool [1]) might use this feature and pass
> tagged user po
On Mon, Dec 10, 2018 at 02:30:43PM +, Vincenzo Frascino wrote:
> On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence
> the userspace (EL0) is allowed to set a non-zero value in the
> top byte but the resulting pointers are not allowed at the
> user-kernel syscall ABI boundary.
>
>
On 12/11, Roman Gushchin wrote:
>
> On Tue, Dec 11, 2018 at 05:26:32PM +0100, Oleg Nesterov wrote:
> > On 12/07, Roman Gushchin wrote:
> > >
> > > Cgroup v2 freezer tries to put tasks into a state similar to jobctl
> > > stop. This means that tasks can be killed, ptraced (using
> > > PTRACE_SEIZE*)
The OST driver provides a clocksource and sched_clock that are much more
accurate than the default ones.
Signed-off-by: Paul Cercueil
---
Notes:
v8: New patch
arch/mips/configs/gcw0_defconfig | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/mips/
The old clocksource/timer platform code is now obsoleted by the newly
introduced ingenic-timer and ingenic-ost drivers.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: No change
v7: No change
v8: No change
arch/mips/include/asm/mach-jz4740/platform.h |
We cannot boot to userspace (not even initramfs) if the timer driver is
not present; so it makes sense to enable it unconditionally when
MACH_INGENIC is set.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: No change
v7: No change
v8: No change
arch/mips
Depending on MACH_INGENIC prevent us from creating a generic kernel that
works on more than one MIPS board. Instead, we just depend on MIPS being
set.
On other architectures, this driver can still be built, thanks to
COMPILE_TEST. This is used by automated tools to find bugs, for
instance.
Signed
Add DTS nodes for the JZ4780, JZ4770 and JZ4740 devicetree files.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: Fix register lengths in watchdog/pwm nodes
v7: No change
v8: - Fix wrong start address for PWM node
- Add system timer and clocksour
Add myself as maintainer for the ingenic-timer and ingenic-ost drivers.
Signed-off-by: Paul Cercueil
---
Notes:
v2: No change
v3: No change
v4: No change
v5: Update with new files
v6: No change
v7: No change
v8: No change
MAINTAINERS
The PWM in the JZ4725B works the same as in the JZ4740, except that it
only has 6 channels available instead of 8.
Signed-off-by: Paul Cercueil
Acked-by: Thierry Reding
---
Notes:
v5: New patch
v6: - Move of_device_id structure back at the bottom (less noise in
patch)
Add the missing TCU clock to the list of clocks supplied by the CGU for
the JZ4740 SoC.
Signed-off-by: Paul Cercueil
Acked-by: Stephen Boyd
Acked-by: Rob Herring
---
Notes:
v5: New patch
v6: No change
v7: No change
v8: No change
drivers/clk/ingenic/jz4740-cgu.c
The TCU channels 0 and 1 were previously reserved for system tasks, and
thus unavailable for PWM.
The driver will now only allow a PWM channel to be requested if memory
resources corresponding to the register area of the channel were
supplied to the driver. This allows the TCU channels to be reser
Add a documentation file about the Timer/Counter Unit (TCU) present in
the Ingenic JZ47xx SoCs.
The Timer/Counter Unit (TCU) in Ingenic JZ47xx SoCs is a multi-function
hardware block. It features up to to eight channels, that can be used as
counters, timers, or PWM.
- JZ4725B, JZ4750, JZ4755 only
Instead of requesting the "ext" clock and handling the watchdog clock
divider and gating in the watchdog driver, we now request and use the
"wdt" clock that is supplied by the ingenic-timer "TCU" driver.
The major benefit is that the watchdog's clock rate and parent can now
be specified from withi
The default clock (12 MHz) is too fast for the system timer, which fails
to report time accurately.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: Remove ingenic,clocksource-channel property
v7: No change
v8: No change
arch/mips/boot/dts/ingenic/qi_lb6
Depending on MACH_JZ47xx prevent us from creating a generic kernel that
works on more than one MIPS board. Instead, we just depend on MIPS being
set.
On other architectures, this driver can still be built, thanks to
COMPILE_TEST. This is used by automated tools to find bugs, for
instance.
Signed-
Right now none of the Ingenic-based boards probe this driver from
devicetree. This driver defined three compatible strings for the exact
same behaviour. Before these strings are used, we can remove two of
them.
Signed-off-by: Paul Cercueil
Acked-by: Thierry Reding
---
Notes:
v5: New patch
From: Maarten ter Huurne
OST is the OS Timer, a 64-bit timer/counter with buffered reading.
SoCs before the JZ4770 had (if any) a 32-bit OST; the JZ4770 and
JZ4780 have a 64-bit OST.
This driver will register both a clocksource and a sched_clock to the
system.
Signed-off-by: Maarten ter Huurne
Add documentation about how to properly use the Ingenic TCU
(Timer/Counter Unit) drivers from devicetree.
Signed-off-by: Paul Cercueil
---
Notes:
v4: New patch in this series. Corresponds to V2 patches 3-4-5 with
added content.
v5: - Edited PWM/watchdog DT bindings docume
Hi,
Here's the version 8 and hopefully final version of my patchset, which
adds support for the Timer/Counter Unit found in JZ47xx SoCs from
Ingenic.
The big change is that the timer driver has been simplified. The code to
dynamically update the system timer or clocksource to a new channel has
be
This header provides clock numbers for the ingenic,tcu
DT binding.
Signed-off-by: Paul Cercueil
Reviewed-by: Rob Herring
---
Notes:
v2: Use SPDX identifier for the license
v3: No change
v4: No change
v5: s/JZ47*_/TCU_/ and dropped *_CLK_LAST defines
The ingenic-timer "TCU" driver provides us with a regmap, that we can
use to safely access the TCU registers.
It also provides us with clocks, that can be (un)gated, reparented or
reclocked from devicetree, instead of having these settings hardcoded in
this driver.
While this driver is devicetree
Since we broke the ABI by changing the clock, the driver was also
updated to use the regmap provided by the TCU driver.
Signed-off-by: Paul Cercueil
Reviewed-by: Guenter Roeck
---
Notes:
v6: New patch
v7: No change
v8: No change
drivers/watchdog/jz4740_wdt.c | 30
This driver handles the TCU (Timer Counter Unit) present on the Ingenic
JZ47xx SoCs, and provides the kernel with a system timer, and optionally
with a clocksource and a sched_clock.
It also provides clocks and interrupt handling to client drivers.
Signed-off-by: Paul Cercueil
---
Notes:
v
Previously the jz4740_wdt_set_timeout() function was starting the timer
unconditionally, even if it was stopped when that function was entered.
Now, the timer will be restarted only if it was already running before
this function is called.
Signed-off-by: Paul Cercueil
Reviewed-by: Guenter Roeck
The default clock (48 MHz) is too fast for the system timer, which fails
to report time accurately.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: Set also the rate for the clocksource channel's clock
v7: No change
v8: No change
arch/mips/boot/dts/inge
The OST driver provides a clocksource and sched_clock that are much more
accurate than the default ones.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: No change
v7: No change
v8: No change
arch/mips/configs/ci20_defconfig | 1 +
1 file changed, 1 inse
Probe the few drivers using PWMs from devicetree, now that we have a
devicetree node for the PWM driver.
Signed-off-by: Paul Cercueil
---
Notes:
v5: New patch
v6: No change
v7: No change
v8: No change
arch/mips/boot/dts/ingenic/qi_lb60.dts | 14 ++
ar
The TCU channel 1, which is the default for the clocksource, is used as
PWM on the GCW Zero as it drives the backlight. Therefore we must use a
different TCU channel for the clocksource.
Signed-off-by: Paul Cercueil
---
Notes:
v8: New patch
arch/mips/boot/dts/ingenic/gcw0.dts | 11 +++
The default clock (12 MHz) is too fast for the system timer, which fails
to report time accurately.
Signed-off-by: Paul Cercueil
---
Notes:
v8: New patch
arch/mips/boot/dts/ingenic/gcw0.dts | 6 ++
1 file changed, 6 insertions(+)
diff --git a/arch/mips/boot/dts/ingenic/gcw0.dts
b/ar
Hello,
This version is basically about tidying up the code to make it clearer. Most
of the changes are in patches 11 and 14.
There are two functional changes: one is modifying the list of hooks allowed
to use modsig to allow verifying signed modules and disallow verifying
firmware, and the other
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() withou
IMA will need to access the digest of the PKCS7 message (as calculated by
the kernel) before the signature is verified, so introduce
pkcs7_get_digest() for that purpose.
Also, modify pkcs7_digest() to detect when the digest was already
calculated so that it doesn't have to do redundant work. Verif
Even though struct evm_ima_xattr_data includes a fixed-size array to hold a
SHA1 digest, most of the code ignores the array and uses the struct to mean
"type indicator followed by data of unspecified size" and tracks the real
size of what the struct represents in a separate length variable.
The on
IMA will only look for a modsig if the xattr sig references a key which is
not in the expected kernel keyring. To that end, introduce
asymmetric_sig_has_known_key().
The logic of extracting the key used in the xattr sig is factored out from
asymmetric_verify() so that it can be used by the new fun
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar
---
security/integrity/digsig.c| 28 +---
security/integrity/integrit
Implement the appraise_type=imasig|modsig option, allowing IMA to read and
verify modsig signatures.
In case a file has both an xattr signature and an appended modsig, IMA will
only use the appended signature if the key used by the xattr signature
isn't present in the IMA keyring.
Also enable bui
Introduce the modsig keyword to the IMA policy syntax to specify that
a given hook should expect the file to have the IMA signature appended
to it. Here is how it can be used in a rule:
appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig
With this rule, IMA will accept either a signature
With the introduction of another IMA signature type (modsig), some places
will need to check for both of them. It is cleaner to do that if there's a
helper function to tell whether an xattr_value represents an IMA
signature.
Suggested-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
secu
Add modsig support to the "sig" template field, allowing the the contents
of the modsig to be included in the measurement list.
Suggested-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 7 +++
security/integrity/ima/ima_modsig.c | 1
Define new "d-sig" template field which holds the digest that is expected
to match the one contained in the modsig.
Suggested-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
Documentation/security/IMA-templates.rst | 5
security/integrity/ima/ima.h | 9 +++
secu
ima_read_modsig() will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/
If the IMA template contains the 'sig' field, then the modsig should be
added to the measurement list when the file is appraised, and that is what
normally happens.
But If a measurement rule caused a file containing a modsig to be measured
before a different rule causes it to be appraised, the res
This avoids a dependency cycle in soon-to-be-introduced
CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zo
IMA will need to verify a PKCS#7 which has already been parsed. For this
reason, factor out the code which does that from verify_pkcs7_signature()
into a new function which takes a struct pkcs7_message instead of a data
buffer.
In addition, IMA will need to know the key that signed a given PKCS#7
62 matches
Mail list logo
