On 10/30/20 8:07 AM, Miklos Szeredi wrote:
On Wed, Oct 21, 2020 at 5:19 PM Mark Salyzyn wrote:
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution
On 10/21/20 10:19 PM, Eric Biggers wrote:
On Wed, Oct 21, 2020 at 08:18:59AM -0700, Mark Salyzyn wrote:
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
Cc: linux-fsde...@vger.kernel.org
Cc: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
usted xattr management.
Signed-off-by: Mark Salyzyn
Cc: linux-fsde...@vger.kernel.org
Cc: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
d-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: John Stultz
Cc: linux-...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
To: linux-fsde...@vger.kernel.org
To: linux
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
On 10/20/20 12:17 PM, Mark Salyzyn wrote:
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to respond to the XATTR_NOSECURITY flag in get xattr
On 10/20/20 6:17 PM, Paul Moore wrote:
On Tue, Oct 20, 2020 at 3:17 PM Mark Salyzyn wrote:
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
Fixes: 05acefb4872da
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Sma
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Please consider
commit 37bd22420f856fcd976989f1d4f1f7ad28e1fcac ("af_key: pfkey_dump
needs parameter validation")
for merge into all the maintained stable trees.
Cc: net...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org
Cc: Greg KH
Fix
On 7/24/20 2:14 PM, Jacob Keller wrote:
On 7/23/2020 12:35 PM, Eric Dumazet wrote:
On 7/23/20 11:21 AM, Mark Salyzyn wrote:
Many of the nla_get_* inlines fail to check attribute's length before
copying the content resulting in possible out-of-boundary accesses.
Adjust the inlines to pe
On 7/23/20 12:35 PM, Eric Dumazet wrote:
I believe this will hide bugs, that syzbot was able to catch.
syzbot failed to catch the problem because of padding u8, u16 and u32
were all immune because they would go out of bounds into a padded buffer :-(
On 7/23/20 12:19 PM, David Miller wrote:
mance critical and do not need a likely fast path.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: "David S. Miller"
Cc: Jakub Kicinski
Cc: Thomas Graf
Fixes: bfa83a9e03cf ("[NETLINK]: Type-safe netlink messages/a
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel
On 7/22/20 2:33 AM, Steffen Klassert wrote:
On Tue, Jul 21, 2020 at 06:23:54AM -0700, Mark Salyzyn wrote:
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel
7.52 ns 7.51 ns 93253809
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Thomas Gleixner
Cc: Vincenzo Frascino
Cc: Enrico Weigelt
Cc: Greg Kroah-Hartman
Cc: Alexios
7.52 ns 7.51 ns 93253809
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
---
arch/arm64/include/asm/vdso/compat_gettimeofday.h | 2 ++
arch/arm64/include/asm/vdso/gettimeofday.h| 2 ++
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel
On Jun 11, 2020, at 12:34 PM, Thomas Gleixner wrote:
>
> Mark Salyzyn writes:
>> From: Chiawei Wang
>>
>> CLOCK_REALTIME in vdso data won't be updated if
>> __arch_use_vsyscall() returns false.
>
> Errm!
>
> # git grep __arch_use_vsyscall
&
fails.
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org # 5.4+
---
lib/vdso/gettimeofday.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vdso/gettimeofday.c b/lib/vdso/gettimeof
On 10/22/19 11:05 PM, Shaokun Zhang wrote:
+Cc: Mark Salyzyn
There is a compiler failure on arm64 platform, as follow:
zhangshaokun@ubuntu:~/linux-next$ make -j64
CALLscripts/atomic/check-atomics.sh
CC arch/arm64/kernel/asm-offsets.s
In file included from ./include/linux/sysctl.h
On 10/7/19 9:53 AM, Christoph Hellwig wrote:
On Mon, Oct 07, 2019 at 09:50:31AM -0700, Mark Salyzyn wrote:
On 10/5/19 1:37 AM, Christoph Hellwig wrote:
On Thu, Oct 03, 2019 at 09:55:28AM +0100, Catalin Marinas wrote:
Aren't drivers supposed to use the DMA API for such allocations rather
l can not be
modularized for the moment.
Sincerely -- Mark Salyzyn
On 10/7/19 9:40 AM, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:17:25PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:16:16PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 09:09:16AM -0700, Mark Salyzyn wrote:
When filtering xattr list for reading, presence
On 10/7/19 9:17 AM, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:16:16PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 09:09:16AM -0700, Mark Salyzyn wrote:
When filtering xattr list for reading, presence of trusted xattr
results in a security audit log. However, if there
k the request to list the xattrs present.
Switch to has_capability_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Greg Kroah-Hartman
Cc: sta...@vger.kernel.org # v3.18
Fixes: upstream a082c6f
Some drivers can not be turned into a module without cma_alloc and
cma_release exported. Examples include ion, and we also found some
out of tree infiniband and camera drivers.
Signed-off-by: Mark Salyzyn
Cc: kernel-t...@android.com
Cc: linux-kernel@vger.kernel.org
---
mm/cma.c | 2 ++
1 file
On 9/6/19 4:30 PM, Greg KH wrote:
On Fri, Sep 06, 2019 at 12:24:00PM -0700, Mark Salyzyn wrote:
In embedded environments the requirements are to be able to pick and
chose which features one requires built into the kernel. If an
embedded environment wants to supports loading modules that have
features to provide the API surface for
them to load.
Introduce CONFIG_LEGACY_WEXT_ALLCONFIG to select all legacy wireless
extension core features by activating in turn all the associated
hidden configuration options, without having to specifically select
any wireless module(s).
Signed-off-by: Mark
provide the API surface for them to load.
Introduce CONFIG_WIRELESS_ALLCONFIG to select all wireless core
features by activating all the hidden configuration options, without
having to specifically select any wireless module(s).
Signed-off-by: Mark Salyzyn
Cc: kernel-t...@android.com
Cc: Johannes Berg
k the request to list the xattrs present.
Switch to ns_capable_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn
Cc: linux-ker...@vger.kernel.orga
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org # 4.4, 4.9, 4.14 & 4.1
v_iter")
b296821a7c42 ("xattr_handler: pass dentry and inode as separate arguments of
->get()")
ef4af94edcf8 ("orangefs: switch decode_dirents() to use of kcalloc()")
f0ed4418d46d ("Orangefs: Remove upcall trailers which are not used.")
f7ab093f74bf ("Orangefs: kernel client part 1")
f7be4ee07fb7 ("Orangefs: kernel client part 4")
NOTE: The patch will not be queued to stable trees until it is upstream.
How should we proceed with this patch?
--
Thanks,
Sasha
Wait for upstream of course.
Given the conflicts, I can provide back-ports once upstream upon
request. It should be noted that the backports should be mechanical and
trivial (skip non-existent filesystems like orangfs, drop separate inode
argument that did not exist in earlier kernels).
I will submit the next spin (missed a few filesystems, build errors)
with references to the requested stable trees again, so noise will continue.
Sincerely -- Mark Salyzyn
er that the target context was blocked.
For selinux this would solve the cosmetic issue of the selinux log
and allow audit2allow to correctly report the rule needed to address
the access problem.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. B
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux
Thanks for the review.
On 7/25/19 4:00 AM, Amir Goldstein wrote:
On Wed, Jul 24, 2019 at 10:57 PM Mark Salyzyn wrote:
Check impure, opaque, origin & meta xattr with no sepolicy audit
(using __vfs_getxattr) since these operations are internal to
overlayfs operations and do not disclose
heck can be expensive.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kern
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux
Add an optional __get xattr method that would be called, if set, only
in __vfs_getxattr instead of the regular get xattr method.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
in, rather than being denied
with an -EACCES when vfs_getxattr handler is called.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-...@vger.kernel.org
On 7/9/19 9:33 AM, Casey Schaufler wrote:
On 7/9/2019 9:23 AM, Mark Salyzyn wrote:
For EACCES return for getxattr, sid appears to be expected updated in parent
node. For some accesses purely cosmetic for correct avc logging, and depending
on kernel vintage for others (older than 4.4) the lack
t;sid = cisec->sid; + } +
EXPORT_SYMBOL_GPL(selinux_copy_sid);
Sincerely -- Mark Salyzyn
On 05/31/2019 01:34 AM, Arnd Bergmann wrote:
On Thu, May 30, 2019 at 4:16 PM Vincenzo Frascino
wrote:
--- a/arch/mips/vdso/vdso.lds.S
+++ b/arch/mips/vdso/vdso.lds.S
@@ -99,6 +99,10 @@ VERSION
global:
__vdso_clock_gettime;
__vdso_gettimeofday;
+
Cherry pick security-related fix
592acbf16821288ecdc4192c47e3774a4c48bb64 ("ext4: zero out the unused
memory region in the extent tree block") to 3.18.y and 4.4.y
The cherry-pick is clean and requires no back-porting. Is already
present in 4.9.y+
Signed-off-by: Mark Salyzyn
On 05/17/2019 02:53 PM, Catalin Marinas wrote:
On Fri, May 17, 2019 at 12:59:56PM -0700, Mark Salyzyn wrote:
Some (out of tree modular) drivers feel a need to ensure
data is flushed to the DDR before continuing flow.
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t
Some (out of tree modular) drivers feel a need to ensure
data is flushed to the DDR before continuing flow.
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
---
arch/arm64/mm/cache.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/mm
On 11/29/2018 05:49 AM, Vivek Goyal wrote:
So will override_creds=off solve the NFS issue also where all access will
happen with the creds of task now? Though it will stil require more
priviliges in task for other operations in overlay to succeed.
NFS problems seems to have ended the discussion
_size was only little over 32KiB.
This patch trims skb to allocated size in order to allow the user to
avoid truncation with more reasonable buffer size.
Signed-off-by: Ronen Arad
Signed-off-by: David S. Miller
(cherry pick commit db65a3aaf29ecce2e34271d52e8d2336b97bd9fe)
Signed-off-by: M
On 02/01/2019 11:41 AM, Mark Salyzyn wrote:
if (alloc_size < nlk->max_recvmsg_len) {
if (alloc_min_size < nlk->max_recvmgs_len) {
-- Mark
B.
This patch trims skb to allocated size in order to allow the user to
avoid truncation with more reasonable buffer size.
Signed-off-by: Ronen Arad
Signed-off-by: David S. Miller
(cherry pick commit db65a3aaf29ecce2e34271d52e8d2336b97bd9fe)
Signed-off-by: Mark Salyzyn
---
net/netlink/af_netli
had to be reverted because some
system programs actually use it.
This limits all the detailed resource information to properly
credentialed users instead.
Signed-off-by: Linus Torvalds
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: sta...@vger.kernel.org # 3.18
---
kernel/resou
On 10/02/2018 03:00 AM, Catalin Marinas wrote:
On Mon, Oct 01, 2018 at 01:44:52PM -0700, Mark Salyzyn wrote:
On 10/01/2018 11:49 AM, John Stultz wrote:
On Mon, Oct 1, 2018 at 10:58 AM, Mark Salyzyn wrote:
Last sent 23 Nov 2016.
The following 23 patches are rebased and resent, and represent
On 10/02/2018 01:50 AM, Russell King - ARM Linux wrote:
On Mon, Oct 01, 2018 at 01:44:52PM -0700, Mark Salyzyn wrote:
Despite the gain of 0.4% for screen-on battery life, where Android has a mix
of 64 and 32 bit applications, thus still relevant _today_ on 64 bit
architectures (providing vDSO32
On 10/01/2018 11:15 AM, Thomas Gleixner wrote:
On Mon, 1 Oct 2018, Mark Salyzyn wrote:
+static notrace int do_boottime(const struct vdso_data *vd, struct timespec *ts)
+{
+ u32 seq, mult, shift;
+ u64 nsec, cycle_last;
+ vdso_wtm_clock_nsec_t wtm_nsec;
+
+ /* open
On 10/01/2018 11:49 AM, John Stultz wrote:
On Mon, Oct 1, 2018 at 10:58 AM, Mark Salyzyn wrote:
Last sent 23 Nov 2016.
The following 23 patches are rebased and resent, and represent a
rewrite of the arm and arm64 vDSO into C, adding support for arch32
(32-bit user space hosted 64-bit kernels
odsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Cc: Kees Cook
Cc: Ard Biesheuvel
Cc: Andy Gross
Cc: Andrew Pinski
Cc: T
From: Kevin Brodsky
If the compat vDSO is enabled, install it in compat processes. In this
case, the compat vDSO replaces the sigreturn page (it provides its own
sigreturn trampolines).
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc
t for use in both arm and arm64, overlapping any optimizations
for each architecture.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Dave Martin
Cc: "Eric W. Biederman"
Cc: Andy Lutomirski
Cc: Dmitry
From: Kevin Brodsky
If the compat vDSO is enabled, it replaces the sigreturn page.
Therefore, we use the sigreturn trampolines the vDSO provides instead.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
From: Kevin Brodsky
Move the logic for setting up mappings and pages for the vDSO into
static functions. This makes the vDSO setup code more consistent with
the compat side and will allow to reuse it for the future compat vDSO.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested
elf_addr_t,
because elf_addr_t is Elf32_Off in compat_binfmt_elf.c, and casting
context.vdso to u32 would trigger a pointer narrowing warning.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc
checkpatch.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Cc: Kees Cook
Cc: Ard Biesheuvel
helper from a 32-bit process will result in a segfault.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura
sources to its own file. Wrapped the comments to reduce the wrath of
checkpatch.pl.
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
[vectors] being there as the last
mapping in /proc/maps).
mm->context.vdso used to point to the [vectors] page, which is
unnecessary (as its address is fixed). It now points to the [sigpage]
page (whose address is randomized like a vDSO).
Signed-off-by: Kevin Brodsky
Signed-off-by: Mark Saly
From: Mark Salyzyn
Add time() vdso support to match up with existing support in the x86's
vdso. Currently benefitting arm and arm64 which uses the common
vgettimeofday.c implementation. On arm provides about a ~14 fold
improvement in speed over the straight syscall, and about a ~5
simplify
future maintenance.
If ARCH_PROVIDES_TIMER is not defined, do not expose gettimeofday.
libc will default directly to syscall. Also ifdef clock_gettime
switch cases and stubs if not supported and other unused components.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James
18%.
Note I noticed a bug in the old (arm64) implementation of
__kernel_clock_getres; it was checking only the lower 32bits of the
pointer; this would work for most cases but could fail in a few.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin
. There is also a desire by some partners to switch all
logging over to CLOCK_BOOTTIME, and thus this operation alone would
contribute to a near percentile CPU load.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy
implementations into the
global vgettimeofday.c file and thus provide functional parity.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura
simplify
future maintenance.
Make sure kasan and ubsan profiling, and kcov instrumentation,
is turned off for VDSO code.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John
simplify
future maintenance.
Add ARCH_CLOCK_FIXED_MASK as an efficiency since arm64 has no
purpose for cs_mask vdso_data variable.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
simplify
future maintenance.
Add clock_getres vdso support to match up with existing support in
the arm64's vdso.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John S
fallback, as vdso is still
capable of filling in the tv values.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Cc: Kees Cook
simplify
future maintenance.
Add a case for CLOCK_MONOTONIC_RAW to match up with support that
is available in arm64's vdso.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safono
reader.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Cc: Kees Cook
Cc: Ard Biesheuvel
Cc: Andy Gross
Cc: Kevin Brodsky
field.
Update copyright message to reflect the start of the contributions in
this series.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc
).
Make sure datapage is first parameter to all subroutines to also
be consistent.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Pixel phones
and resulted in a 0.4% battery improvement.
Signed-off-by: Mark Salyzyn
Tested-by: Mark Salyzyn
Cc: James Morse
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Andy Lutomirski
Cc: Dmitry Safonov
Cc: John Stultz
Cc: Mark Rutland
Cc: Laura Abbott
Cc: Kees Cook
Cc
On 09/07/2018 02:51 AM, Greg KH wrote:
As this patch is deemed "good", can you please resend it in a
non-corrupted way so that I can apply it to the 4.14.y tree?
thanks,
greg k-h
The toll of numerous vacations, and manic priorities that resulted,
sorry for the delay, composed and resent.
-
n
Signed-off-by: Miklos Szeredi
Cc: #v4.13
Signed-off-by: Mark Salyzyn #4.14
Cc:
Cc:
Cc: Greg KH
---
fs/overlayfs/inode.c | 62 +++-
1 file changed, 44 insertions(+), 18 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index d60900b
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux
quot; by checking existence of
/sys/module/overlay/parameters/overlay_creds. This will allow user
space to determine if the option can be supplied successfully to the
mount(2) operation.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: A
1 - 100 of 344 matches
Mail list logo
