From: Geert Uytterhoeven
Date: Mon, 7 Dec 2015 10:09:06 +0100
> If NO_DMA=y:
>
> ERROR: "dma_map_single" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
> ERROR: "dma_unmap_page" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
> ERROR: "dma_sync_single_for_cpu" [drivers/net/et
On Mon, Dec 7, 2015 at 12:13 PM, Brian Norris
wrote:
> On Sun, Dec 06, 2015 at 08:45:40PM -0600, Rob Herring wrote:
>> On Fri, Dec 4, 2015 at 11:19 PM, Brian Norris
>> wrote:
>> > drivers/of/of_mtd.c| 33 +
>>
>> BTW, this file should be moved to driver
On Fri, Dec 04, 2015 at 03:20:22PM -0800, Paul E. McKenney wrote:
> Hello!
>
> Are there any known issues with commit 4961b6e11825 (sched: core: Use
> hrtimer_start[_expires]())?
>
> The reason that I ask is that I am about 90% sure that an rcutorture
> failure bisects to that commit. I will be
Hello,
Decoupled the control knobs from softlockup. It's now workqueue
module param which can be updated at runtime. If there's no
objection, I'll push the two patches through wq/for-4.5.
Thanks.
-- 8< --
Workqueue stalls can happen from a variety of usage bugs such as
missing WQ_MEM_RE
On Mon, Dec 07 2015 at 1:07pm -0500,
Milan Broz wrote:
> On 12/07/2015 05:31 PM, Sami Tolvanen wrote:
> > On Mon, Dec 07, 2015 at 09:58:14AM -0500, Mike Snitzer wrote:
> >> Great. Moving forward it'd be awesome if you could work to get your
> >> verity FEC support regression tests into cryptset
From: Neil Armstrong
Date: Mon, 7 Dec 2015 11:58:33 +0100
> - regs_buff[12] = macb_or_gem_readl(bp, USRIO);
> + if (!of_property_read_bool(bp->pdev->dev.of_node, "no-usrio")) {
> + regs_buff[12] = macb_or_gem_readl(bp, USRIO);
> + }
Single statement basic blocks shall no
On Thu, Dec 3, 2015 at 9:52 PM, Andy Lutomirski wrote:
> Sometimes udevadm trigger --action=add hangs the system, and the splat
> below happens. This seems to be timing dependent, and I haven't been
> able to trigger it yet with lockdep enabled, sadly.
>
> Any ideas? I not, I'll try to instrumen
On 05/12/15 14:16, Chen-Yu Tsai wrote:
> The video engine has its own special module clock, consisting of a clock
> gate, configurable dividers, and a reset control.
>
Hi,
I've tested these patches on A20, everything works so far.
I only read some bits from a random bitstream, so nothing fancy y
Hi,
Gregory CLEMENT writes:
> Hi Felipe,
>
> I am going back on this subject (again :) )
>
> On mar., oct. 20 2015, Gregory CLEMENT
> wrote:
>
>> Hi Felipe,
>>
>> On lun., oct. 05 2015, Felipe Balbi wrote:
>>
>>
So after many tests on different devices, 200ms is enough for most of
On Mon, Dec 07, 2015 at 11:58:33AM +0100, Neil Armstrong wrote:
> On some platforms, the macb integration does not use the USRIO
> register to configure the (R)MII port and clocks.
> When the register is not implemented and the MACB error signal
> is connected to the bus error, reading or writing t
This patch fixes a bug in the filter_events() function.
The patch fixes the bug whereby if some mappings did not
exist, e.g., STALLED_CYCLES_FRONTEND, then any event after it
in the attrs array would disappear from the published list of
events in /sys/devices/cpu/events. This could be verified
eas
in the source code to explain the
> implementation choices based on the datasheets from memory manufacturers.
>
>
> This series was based and tested on linux-next-20151207
>
> 1 - Atmel QSPI + Micron n25q128a13 (atmel-quadspi.c driver)
>
> SPI 1-1-1: This mod
On Sun, Dec 6, 2015 at 2:46 AM, Haren Myneni wrote:
>
> NX842 coprocessor sets bit 3 if queue is overflow. It is just for
> information to the user. So the driver prints this informative message
> and ignores it.
>
> Signed-off-by: Haren Myneni
>
> diff --git a/arch/powerpc/include/asm/icswx.h
>
From: Thomas Graf
Date: Mon, 7 Dec 2015 16:35:24 +0100
> Did you look into what __vmalloc prevents to work with BH disabled?
You can't issue the cross-cpu TLB flushes from atomic contexts.
It's the kernel page table updates that create the restriction.
--
To unsubscribe from this list: send the
I am announcing the release of the Linux 3.19.8-ckt11 kernel.
The updated 3.19.y-ckt tree can be found at:
git://kernel.ubuntu.com/ubuntu/linux.git linux-3.19.y
and can be browsed at:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y
The diff from v3.19.8-ckt10 is posted as
On Sun, Dec 6, 2015 at 5:57 PM, Daniel Axtens wrote:
> Haren Myneni writes:
>
>> NX842 coprocessor sets bit 3 if queue is overflow. It is just for
>> information to the user. So the driver prints this informative message
>> and ignores it.
>
> What queue, and what happens when the queue overflows
I am announcing the release of the Linux 3.13.11-ckt31 kernel.
The updated 3.13.y-ckt tree can be found at:
git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y
and can be browsed at:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.13.y
The diff from v3.13.11-ckt30 is posted
On Mon, 7 Dec 2015 19:12:39 +1100 Stephen Rothwell
wrote:
> --- a/fs/block_dev.c
> +++ b/fs/block_dev.c
> @@@ -432,7 -432,7 +432,7 @@@ int bdev_write_page(struct block_devic
>
> if (!ops->rw_page || bdev_get_integrity(bdev))
> return -EOPNOTSUPP;
> - result = blk_queue
diff --git a/Documentation/filesystems/proc.txt
b/Documentation/filesystems/proc.txt
index d49f0be..dad2936 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -139,7 +139,8 @@ Table 1-1: Process specific entries in /proc
stat Process status
sta
On Mon, Dec 07, 2015 at 09:40:20AM +, Lee Jones wrote:
> On Mon, 30 Nov 2015, Damien Riegel wrote:
>
> > Currently syscon has a fixed configuration of 32 bits for register and
> > values widths. In some cases, it would be desirable to be able to
> > customize the value width.
> >
> > For exam
On Sun, Dec 6, 2015 at 2:11 PM, Richard Cochran
wrote:
> The overflow is a latent problem, and the patch should:
>
> 1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
> 2. remove the redundant test in timekeeping_inject_offset.
So we probably want to keep the check in timekeeping_inject
On 12/04/2015 06:02 AM, Mark Brown wrote:
On Tue, Nov 24, 2015 at 04:26:24PM +, Lee Jones wrote:
On Wed, 18 Nov 2015, Andrew F. Davis wrote:
Documentation/devicetree/bindings/mfd/tps65912.txt | 50 ++
drivers/gpio/Kconfig | 2 +-
drivers/gpio/gpio-tps6
On Mon, Dec 07, 2015 at 08:01:23PM +0100, Frederic Weisbecker wrote:
> On Fri, Dec 04, 2015 at 03:20:22PM -0800, Paul E. McKenney wrote:
> > Hello!
> >
> > Are there any known issues with commit 4961b6e11825 (sched: core: Use
> > hrtimer_start[_expires]())?
> >
> > The reason that I ask is that I
On Fri, Dec 04, 2015 at 07:29:36PM -0500, Ashok Raj wrote:
> Linux has logical cpu offline capability. That can be triggered by:
>
> # echo 0 > /sys/devices/system/cpu/cpuX/online
>
> In Intel Architecture, MCE's are broadcasted to all CPUs in the system.
>
> This includes the CPUs marked offlin
> Kernel panic - not syncing: Timeout: Not all CPUs entered broadcast
> exception handler
Is that what we printed in this case? ... boy is that a misleading message ...
we got *extra*
cpus (the offline ones), not "Not all".
Good job we have a fix :-)
-Tony
N�r��yb�X��ǧv�^�){.n�+{
From: Michael Petlan
The --kernel option of perf buildid-list tool should show the running
kernel buildid. The functionality has been lost during other changes of
the related code.
The build_id__sprintf() function should return length of the build-id
string, but it was the length of the build-
From: Wang Nan
With the following steps:
Step 1: perf report
Step 2: Use UP/DOWN to select an entry, don't press 'ENTER'
Step 3: Use '/' to filter symbols, use a filter which returns
empty result
Step 4: Press 'ENTER'
We see that, even if we have filtered all the symbols (and th
This is the i40e equivalent of commit c762dff24c06 ("ixgbe: Look up MAC
address in Open Firmware or IDPROM").
As with that fix, attempt to look up the MAC address in Open Firmware
on systems that support it, and use IDPROM on SPARC if no OF address
is found.
In the case of the i40e there is an a
On Mon, Dec 07, 2015 at 04:17:28PM +0530, Sudip Mukherjee wrote:
> checkpatch complains about multiple blank lines.
Please don't resubmit already applied patches, please submit against the
latest development code for the subsystem you're submitting to (unless
the change is a bug fix that should go
From: Arnaldo Carvalho de Melo
Hi Ingo,
Please consider applying,
- Arnaldo
The following changes since commit 4e93ad601a4308d4a67673c81556580817d56940:
perf: Do not send exit event twice (2015-12-06 12:54:49 +0100)
are available in the git repository at:
git://git.kernel.org/pu
From: Wang Nan
If feed perf a symbol filter in cmdline and the result is empty,
pressing 'Enter' in the hist browser causes crash:
# ./perf report perf.data <-- Common mistake for beginners
Then press 'Enter':
perf: Segmentation fault
backtrace
/home/wangnan/perf[0x53e5
From: Michael Petlan
The buildid string length is returned by perf buildid-list -k command.
Since a non-zero return value means an error, perf buildid-list -k cmd
should return 0 when successful instead.
Before:
# perf buildid-list -k
39356d74e96e02346fe0ec1f3f162b6c522bac62
From: Wang Nan
Before this patch we can trigger a segfault by following steps:
Step 0: Use 'perf record' to generate a perf.data without callchain
Step 1: perf report
Step 2: Use UP/DOWN to select an entry, don't press 'ENTER'
Step 3: Use '/' to filter symbols, use a filter which returns
From: Sasha Levin
Make sure the tv_usec makes sense. We might multiply them later which can
cause an overflow and undefined behavior.
Cc: Sasha Levin
Cc: Richard Cochran
Cc: Thomas Gleixner ,
Signed-off-by: Sasha Levin
[jstultz: Moved corrected check to ntp_validate_timex]
Signed-off-by: John
On Mon, Dec 7, 2015 at 12:11 PM, John Stultz wrote:
> diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
> index 99188ee..a37222b 100644
> --- a/kernel/time/timekeeping.c
> +++ b/kernel/time/timekeeping.c
> @@ -1986,6 +1986,7 @@ int do_adjtimex(struct timex *txc)
>
> if (tx
On Mon, 7 Dec 2015, John Stultz wrote:
> On Sun, Dec 6, 2015 at 2:11 PM, Richard Cochran
> wrote:
> > The overflow is a latent problem, and the patch should:
> >
> > 1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
> > 2. remove the redundant test in timekeeping_inject_offset.
>
> So
On Mon, 7 Dec 2015, John Stultz wrote:
> On Mon, Dec 7, 2015 at 12:11 PM, John Stultz wrote:
> > diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
> > index 99188ee..a37222b 100644
> > --- a/kernel/time/timekeeping.c
> > +++ b/kernel/time/timekeeping.c
> > @@ -1986,6 +1986,7 @@ in
On Fri, Dec 04, 2015 at 03:30:50PM +0100, Martin Sperl wrote:
> > On 02.12.2015, at 00:12, Mark Brown wrote:
> > Can we change this to return SIZE_MAX instead (ie, the maximum value for
> > a size_t)? That way callers don't need to worry if there is a limit, if
> > they want to handle it they ca
On Mon, Dec 7, 2015 at 12:15 PM, Thomas Gleixner wrote:
> On Mon, 7 Dec 2015, John Stultz wrote:
>
>> On Sun, Dec 6, 2015 at 2:11 PM, Richard Cochran
>> wrote:
>> > The overflow is a latent problem, and the patch should:
>> >
>> > 1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
>> > 2
Hi Tejun,
On Mon, 7 Dec 2015 10:20:32 -0500 Tejun Heo wrote:
>
> Resolved from cgroup/for-4.4-fixes side.
Excellent, thanks!
--
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message
On Mon, Dec 07, 2015 at 08:04:30PM +, Luck, Tony wrote:
> > Kernel panic - not syncing: Timeout: Not all CPUs entered broadcast
> > exception handler
>
> Is that what we printed in this case? ... boy is that a misleading message
> ... we got *extra*
> cpus (the offline ones), not "Not all".
Hi Andrew,
On Mon, 7 Dec 2015 11:44:31 -0800 Andrew Morton
wrote:
>
> On Mon, 7 Dec 2015 19:12:39 +1100 Stephen Rothwell
> wrote:
>
> > --- a/fs/block_dev.c
> > +++ b/fs/block_dev.c
> > @@@ -432,7 -432,7 +432,7 @@@ int bdev_write_page(struct block_devic
> >
> > if (!ops->rw_page || bde
On Mon, Dec 7, 2015 at 12:15 PM, Thomas Gleixner wrote:
> On Mon, 7 Dec 2015, John Stultz wrote:
>
>> On Sun, Dec 6, 2015 at 2:11 PM, Richard Cochran
>> wrote:
>> > The overflow is a latent problem, and the patch should:
>> >
>> > 1. return error in case (txc->time.tv_usec >= USEC_PER_SEC)
>> > 2
> I was presuming that alarms were never set at power off time unless
> power off happened due to an exceptional case. AKA: normal Linux
> shutdown disables all alarms.
Hmm... maybe I misunderstand how this works. Are alarms never used to
wake from S5? (It doesn't seem to work on my HiSense Chrom
On Tue, May 26, 2015 at 08:49:13PM +0800, Hanjun Guo wrote:
> This patch set is introducing ARM64 PCI hostbridge init based on ACPI,
> which based on Jiang Liu's patch set "Consolidate ACPI PCI root common
> code into ACPI core":
>
> https://lkml.org/lkml/2015/5/14/98
>
> This patch set including
On Tue, Oct 27, 2015 at 05:38:31PM +0100, Tomasz Nowicki wrote:
> From the functionality point of view this series might be split into two
> logic parts:
> 1. Making MMCONFIG code arch-agnostic which allows all architectures to
> collect
>PCI config regions and used when necessary.
> 2. Using
On Sat, Dec 5, 2015 at 6:04 PM, Jann Horn wrote:
> By checking the effective credentials instead of the real UID /
> permitted capabilities, ensure that the calling process actually
> intended to use its credentials.
>
> To ensure that all ptrace checks use the correct caller
> credentials (e.g. i
On 07/12/15 09:01, Bjorn Helgaas wrote:
> On Fri, Dec 04, 2015 at 09:34:57AM -0800, Ray Jui wrote:
>> This patch series adds support for the iProc PAXC interface and support for
>> event queue based MSI, integrated in the iProc PCIe core
>>
>> This patch series is based on Linux v4.4-rc1 and is ava
On Mon, Dec 07, 2015 at 12:32:06PM -0800, Kees Cook wrote:
> On Sat, Dec 5, 2015 at 6:04 PM, Jann Horn wrote:
[...]
> > - if (ptrace_may_access(task, PTRACE_MODE_READ)) {
> > + if (ptrace_may_access(task, PTRACE_MODE_READ |
> > PTRACE_MODE_FSCREDS)) {
>
> This should maybe use the PT
On 07/12/15 04:57, Neil Armstrong wrote:
> This serie fixes further issues for DSA dynamic unbinding.
> The first patch completely removes the PHY link state polling.
> The two following cleans up the dsa state upon removal.
> The last patch moves slave destroy code as slave function and
> adds mis
Hi All,
> On 12/07/2015 08:15 AM, Damien Riegel wrote:
> >On Sun, Dec 06, 2015 at 11:51:41AM -0800, Guenter Roeck wrote:
> >>The watchdog character device s currently created in watchdog_dev.c,
> >>and the watchdog device in watchdog_core.c. This results in
> >>cross-dependencies, as the device cr
On Mon, Dec 07, 2015 at 11:04:43PM +0800, Geliang Tang wrote:
> Simplify the code with list_for_each_entry_safe().
>
> Signed-off-by: Geliang Tang
> ---
> drivers/infiniband/hw/mlx4/mcg.c | 7 ++-
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/infiniband/hw/mlx4/
The drbg_state_ops structures are never modified, so declare them as const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall
---
crypto/drbg.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index a7c2314..ab6ef1d 100644
-
Tomi Valkeinen writes:
> On 17/11/15 22:32, Robert Jarzmik wrote:
>> This patch brings a first support of pxa framebuffer devices to a
>> devicetree pxa platform, as was before platform data.
>>
>> There are restrictions with this port, the biggest one being the lack of
>> support of smart panel
I can take this series through my tree, but I need a acked-by from a
PPC maintainer for this patch.
-- Steve
On Tue, 24 Nov 2015 21:23:39 +0300
Denis Kirjanov wrote:
> ./drmgr -c cpu -a -r gives the following warning:
>
> [ 2327.035563]
> RCU used illegally from offline CPU!
> rcu_scheduler_
When rodata is large enough that it crosses a section boundary after the
kernel text, mark the rest NX. This is as close to full NX of rodata as
we can get without splitting page tables or doing section alignment via
CONFIG_DEBUG_ALIGN_RODATA.
Signed-off-by: Kees Cook
---
I am baffled why I can't
This series adds a new RDMA core abstraction that insulated the
ULPs from the nitty gritty details of CQ polling. See the individual
patches for more details.
Note that this series should be applied on top of my
"IB: merge struct ib_device_attr into struct ib_device" patch and the
MR cleanups.
A
Remove struct rdma_iu and instead allocate the struct ib_rdma_wr array
early and fill out directly. This allows us to chain the WRs, and thus
archive both less lock contention on the HCA workqueue as well as much
simpler error handling.
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ul
From: Sagi Grimberg
We'll need it later with the new CQ abstraction. also switch
login bufs to void pointers.
Signed-off-by: Sagi Grimberg
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ulp/iser/iscsi_iser.h | 30 +--
drivers/infiniband/ulp/iser/iser_initiator.c | 128 ++
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ulp/srpt/ib_srpt.c | 327 +-
drivers/infiniband/ulp/srpt/ib_srpt.h | 28 +--
2 files changed, 88 insertions(+), 267 deletions(-)
diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c
b/drivers/infiniband/ulp/s
From: Sagi Grimberg
Use the new CQ abstraction to simplify completions in the iSER
initiator.
Signed-off-by: Sagi Grimberg
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ulp/iser/iscsi_iser.h | 72 +---
drivers/infiniband/ulp/iser/iser_initiator.c | 142 ++-
driv
From: Sagi Grimberg
Nicer this way.
Signed-off-by: Sagi Grimberg
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ulp/iser/iscsi_iser.h | 6 ++
drivers/infiniband/ulp/iser/iser_initiator.c | 3 +--
drivers/infiniband/ulp/iser/iser_verbs.c | 6 ++
3 files changed, 9 inse
This also moves recv completion handling from hardirq context into
softirq context.
Signed-off-by: Christoph Hellwig
---
drivers/infiniband/ulp/srp/ib_srp.c | 173 +---
drivers/infiniband/ulp/srp/ib_srp.h | 7 +-
2 files changed, 86 insertions(+), 94 deletions(-
The fatent_operations structures are never modified, so declare them as
const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall
---
fs/fat/fat.h|2 +-
fs/fat/fatent.c | 24
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/fs/fat/f
Signed-off-by: Christoph Hellwig
---
include/linux/irq_poll.h | 1 -
lib/irq_poll.c | 3 +--
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/linux/irq_poll.h b/include/linux/irq_poll.h
index c3145c7..ce9e1db 100644
--- a/include/linux/irq_poll.h
+++ b/include/linux
Signed-off-by: Christoph Hellwig
---
include/linux/irq_poll.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/linux/irq_poll.h b/include/linux/irq_poll.h
index ce9e1db..7527c03 100644
--- a/include/linux/irq_poll.h
+++ b/include/linux/irq_poll.h
@@ -7,9 +7,7 @@ typedef int (irq_poll_
This adds an abstraction that allows ULP to simply pass a completion
object and completion callback with each submitted WR and let the RDMA
core handle the nitty gritty details of how to handle completion
interrupts and poll the CQ.
In detail there is a new ib_cqe structure which just contains the
There is no good reason to start out disabled - drivers can control if
the poll instance can be scheduled by simply not scheduling it yet.
Signed-off-by: Christoph Hellwig
---
drivers/scsi/be2iscsi/be_main.c | 2 --
drivers/scsi/ipr.c | 2 --
lib/irq_poll.c | 4 +---
There is no good reason to keep them apart, and this makes using the API
a bit simpler.
Signed-off-by: Christoph Hellwig
---
drivers/scsi/be2iscsi/be_main.c | 6 ++
drivers/scsi/ipr.c | 3 +--
include/linux/irq_poll.h| 13 -
lib/irq_poll.c
Signed-off-by: Christoph Hellwig
---
include/linux/irq_poll.h | 5 -
lib/irq_poll.c | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/include/linux/irq_poll.h b/include/linux/irq_poll.h
index 73d7c20..c3145c7 100644
--- a/include/linux/irq_poll.h
+++ b/include/li
The new name is irq_poll as iopoll is already taken. Better suggestions
welcome.
Signed-off-by: Christoph Hellwig
---
Documentation/kernel-per-CPU-kthreads.txt | 2 +-
block/Makefile| 2 +-
block/blk-iopoll.c| 224 -
On Mon, 2015-12-07 at 15:52 -0500, Steven Rostedt wrote:
> > + TP_CONDITION(cpu_online(smp_processor_id())),
> > +
This should probably be some kind of __raw version though, hcalls can
be called in contexts where the debug stuff in smp_processor_id() isn't
safe (or preempt enabled).
Cheers,
B
Em Thu, Dec 03, 2015 at 10:06:39AM +0100, Jiri Olsa escreveu:
> hi,
> while testing ftrace:function event I noticed we create
> stat counters as enabled (except for enable_on_exec couters).
>
> This way we count also filter setup and other config code
> which might be crucial for some events.
>
>
On 07/12/15 17:37, Rob Herring wrote:
+Linus W
On Fri, Dec 04, 2015 at 05:31:13PM +, Martyn Welch wrote:
This patch adds documentation for the gpio-switch binding. This binding
provides a mechanism to bind named links to gpio, with the primary
purpose of enabling standardised access to sw
On Mon, Dec 07, 2015 at 09:04:54AM -0500, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.10.94 release.
> There are 31 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know
On Mon, Dec 07, 2015 at 09:26:12AM -0500, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.14.58 release.
> There are 37 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know
Viresh Kumar writes:
> On 03-12-15, 11:26, Ben Gamari wrote:
>> Sounds reasonable to me. However, I'd just like to reiterate that this
>> line of work can be pursued independently from the upstreaming of this
>> series.
>
> I think this is the right time to upstream the right solution. Just
> try
These patches implement support for mounting filesystems in user
namespaces using fuse. They are based on the patches in the for-testing
branch of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git,
but I've rebased them onto 4.4-rc3. I've pushed all of this to:
git://git.k
From: Andy Lutomirski
If a process gets access to a mount from a different user
namespace, that process should not be able to take advantage of
setuid files or selinux entrypoints from that filesystem. Prevent
this by treating mounts from other mount namespaces and those not
owned by current_use
Superblock level remounts are currently restricted to global
CAP_SYS_ADMIN, as is the path for changing the root mount to
read only on umount. Loosen both of these permission checks to
also allow CAP_SYS_ADMIN in any namespace which is privileged
towards the userns which originally mounted the file
Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.
Signed-off-by: Seth Forshee
Acked-by: Serge Hallyn
---
kernel/cred.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/cred.c b
In order to support mounts from namespaces other than
init_user_ns, fuse must translate uids and gids to/from the
userns of the process servicing requests on /dev/fuse. This
patch does that, with a couple of restrictions on the namespace:
- The userns for the fuse connection is fixed to the names
By checking the effective credentials instead of the real UID /
permitted capabilities, ensure that the calling process actually
intended to use its credentials.
To ensure that all ptrace checks use the correct caller
credentials (e.g. in case out-of-tree code or newly added code
omits the PTRACE_
Unprivileged users are normally restricted from mounting with the
allow_other option by system policy, but this could be bypassed
for a mount done with user namespace root permissions. In such
cases allow_other should not allow users outside the userns
to access the mount as doing so would give the
Whoops. After Kees pointed out my last mistake, I decided to grep around a bit
to make sure
I didn't miss anything else and noticed that apparently, Yama and Smack aren't
completely
aware that the ptrace access mode can have flags ORed in? Until now, it was
just the
NOAUDIT flag for /proc/$pid/s
Coverity has recently added a check that will find when we don't check
the return code from fstat(2). Copy/paste the checking logic that
print_deps() has with an appropriate re-wording of the perror() message.
Cc: Michal Marek
Cc: linux-kbu...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Sig
It looks like smack and yama weren't aware that the ptrace mode
can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but
only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch,
all modes have flags ORed into them.
Signed-off-by: Jann Horn
---
security/smack/smack_lsm.c | 8 +++--
Signed-off-by: Seth Forshee
---
fs/fuse/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index b7bdfdac3521..2fd338c199ce 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1201,7 +1201,7 @@ static void fuse_kill_sb_anon(struct
On Mon, Dec 07, 2015 at 09:34:54AM -0500, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.1.14 release.
> There are 95 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
A privileged user in s_user_ns will generally have the ability to
manipulate the backing store and insert security.* xattrs into
the filesystem directly. Therefore the kernel must be prepared to
handle these xattrs from unprivileged mounts, and it makes little
sense for commoncap to prevent writing
If the userspace process servicing fuse requests is running in
a pid namespace then pids passed via the fuse fd need to be
translated relative to that namespace. Capture the pid namespace
in use when the filesystem is mounted and use this for pid
translation.
Since no use case currently exists for
On Mon, Dec 7, 2015 at 1:25 PM, Jann Horn wrote:
> By checking the effective credentials instead of the real UID /
> permitted capabilities, ensure that the calling process actually
> intended to use its credentials.
>
> To ensure that all ptrace checks use the correct caller
> credentials (e.g. i
From: Sowmini Varadhan
Date: Mon, 7 Dec 2015 15:06:34 -0500
> This is the i40e equivalent of commit c762dff24c06 ("ixgbe: Look up MAC
> address in Open Firmware or IDPROM").
>
> As with that fix, attempt to look up the MAC address in Open Firmware
> on systems that support it, and use IDPROM on
Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.
Signed-off-by: Seth Forshee
Acked-by: Serge Hallyn
---
fs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/inode.c b/fs/inode.c
index 01c036fe1950..3
Filesystem uids which don't map into a user namespace may result
in inode->i_uid being INVALID_UID. A symlink and its parent
could have different owners in the filesystem can both get
mapped to INVALID_UID, which may result in following a symlink
when this would not have otherwise been permitted wh
ids in on-disk ACLs should be converted to s_user_ns instead of
init_user_ns as is done now. This introduces the possibility for
id mappings to fail, and when this happens syscalls will return
EOVERFLOW.
Signed-off-by: Seth Forshee
Acked-by: Serge Hallyn
---
fs/posix_acl.c | 67
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: Seth Forshee
Acked-by: Serge Hallyn
---
fs/attr.c | 11 +++
1 file changed, 11 in
On Mon, Dec 7, 2015 at 1:25 PM, Jann Horn wrote:
> It looks like smack and yama weren't aware that the ptrace mode
> can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but
> only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch,
> all modes have flags ORed into them.
>
> Signed
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee
Acked-by: James Morris
Acked-by: Serge Hallyn
---
fs
Security labels from unprivileged mounts in user namespaces must
be ignored. Force superblocks from user namespaces whose labeling
behavior is to use xattrs to use mountpoint labeling instead.
For the mountpoint label, default to converting the current task
context into a form suitable for file obj
801 - 900 of 1260 matches
Mail list logo
