On Fri, 16 Feb 2018 09:13:27 -0800 Joe Perches wrote:
> On Fri, 2018-02-16 at 15:55 +0300, Dan Carpenter wrote:
> > On Fri, Feb 16, 2018 at 05:06:34PM +0530, Yash Omer wrote:
> > > This patch fix line should not end with open parenthesis found by
> > > checkpatch.plscript.
> > >
> > > Signed-of
From: Victor Kamensky
initramfs code supporting extended cpio format have ability to
fill extended attributes from cpio archive, but if SELinux enabled
and security server is not initialized yet, selinux callback would
refuse setxattr made by initramfs code.
Solution enable SBLABEL_MNT on rootfs
On Fri, Feb 16, 2018 at 01:40:37PM +0100, Rafael J. Wysocki wrote:
> On Friday, February 16, 2018 12:39:00 AM CET Bjorn Helgaas wrote:
> > On Thu, Feb 15, 2018 at 10:57:25PM +0100, Rafael J. Wysocki wrote:
> > > On Wednesday, February 14, 2018 9:16:53 PM CET Bjorn Helgaas wrote:
> > > > On Wed, Feb
On Thu, Feb 15, 2018 at 04:43:57PM -0700, Jerry Hoemann wrote:
> Make whether or not the hpwdt watchdog delivers a pretimeout NMI
> programable by the user.
>
> The underlying iLO hardware is programmable as to whether or not
> a pre-timeout NMI is delivered to the system before the iLO resets
> t
From: Mimi Zohar
-x option populates extended attributes in cpio_list file passed to
get_init_cpio and selects newcx CPIO format.
Signed-off-by: Mimi Zohar
Signed-off-by: Taras Kondratiuk
---
scripts/gen_initramfs_list.sh | 13 -
usr/Kconfig | 11 +++
usr
From: Mimi Zohar
-x option populates extended attributes in cpio_list file passed to
get_init_cpio and selects newcx CPIO format.
Signed-off-by: Mimi Zohar
Signed-off-by: Taras Kondratiuk
---
scripts/gen_initramfs_list.sh | 13 -
usr/Kconfig | 11 +++
usr
From: Victor Kamensky
With initramfs cpio format that supports extended attributes
we need to skip sid population on sys_lsetxattr call from
initramfs for rootfs if security server is not initialized yet.
Otherwise callback in selinux_inode_post_setxattr will try to
translate give security.selin
From: Victor Kamensky
With initramfs cpio format that supports extended attributes
we need to skip sid population on sys_lsetxattr call from
initramfs for rootfs if security server is not initialized yet.
Otherwise callback in selinux_inode_post_setxattr will try to
translate give security.selin
Add "newcx" format that supports extended attributes and has increased
size of c_mtime and c_filesize fields.
Added -x option to select "newcx" format. Default is "newc".
Refer to Documentation/early-userspace/buffer-format.txt for detailed
format description.
Signed-off-by: Taras Kondratiuk
--
From: Victor Kamensky
initramfs code supporting extended cpio format have ability to
fill extended attributes from cpio archive, but if SELinux enabled
and security server is not initialized yet, selinux callback would
refuse setxattr made by initramfs code.
Solution enable SBLABEL_MNT on rootfs
gen_init_cpio creates CPIO archive according to cpio_list manifest file
that contains list of archive entries (one per line). To be able to
store extended attributes in newcx CPIO format we need to pass them via
cpio_list file.
One way of doing it would be to append xattrs to each entry line, but
Add 'newcx' format that adds extended attributes and increased size of
c_mtime and c_filesize fields.
Refer to Documentation/early-userspace/buffer-format.txt for detailed
format description.
Signed-off-by: Taras Kondratiuk
---
init/initramfs.c | 121 +++-
There is already name_buf buffer pre-allocated for a file name. No need
to allocate vcollected for every file. More over a name can be already
stored in name_buf by read_info() function.
Add memcpy_optional() function to handle such case.
Signed-off-by: Taras Kondratiuk
---
init/initramfs.c | 1
From: Mimi Zohar
This patch writes out the extended attributes included in the cpio file.
As the "security.ima" xattr needs to be written after the file data.
this patch separates extracting and setting the xattrs by defining new
do_setxattrs state.
[kamensky: fixed restoring of xattrs for symbo
CPIO header is generated in multiple places with the same sprintf()
format string. Move formatting into a single function in preparation
to adding a new cpio format.
Signed-off-by: Taras Kondratiuk
---
usr/gen_init_cpio.c | 186 ++--
1 file changed
Header parsing has hardcoded assumption about header field size and
layout. It is hard to modify the function to parse a new format.
Move information about size and layout into a data structure to
make parsing code more generic and simplify adding a new format.
This also removes some magic numbers
Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to be initialized during initcall and enabled as
early as possible for complete security coverage.
Initramfs (tmpfs) supports xattrs, but
From: Mimi Zohar
In preparation for adding xattr support, read the CPIO method
separately from the rest of the header.
Signed-off-by: Mimi Zohar
Signed-off-by: Taras Kondratiuk
---
init/initramfs.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/init/initr
On 2018-02-16 13:29:01 [-0500], Alan Stern wrote:
> We originally used tasklets because we didn't want to incur the delays
> associated with running in a process context. It seems odd to be
> reversing that decision now.
The theaded interrupt runs SCHED_FIFO priority 50 by default. The only
thi
Move most of the file creation logic into a separate state. This splits
collection of data stage from data processing and makes it easier to add
additional states for a new archive format.
Signed-off-by: Taras Kondratiuk
---
init/initramfs.c | 52 ++---
Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to be initialized during initcall and enabled as
early as possible for complete security coverage.
Initramfs (tmpfs) supports xattrs, but
Special handling of symlinks in do_header() assumes that name and body
entries are sequential and reads them together. This shortcut has no
real performance benefits, but it complicates changes to the state
machine.
Make handling of symlinks more similar to a regular files. Store name
in name_buf
Currently the FSM states are mapped directly to function pointers. Extra
level of intirection is not needed and makes navigation over the code
harder. One can't jump between states directly when browsing code (e.g.
with cscope). Need to go through actions[] array each time.
Replace states with the
On Fri, Feb 16, 2018 at 09:25:21PM +0100, Greg Kroah-Hartman wrote:
> On Fri, Feb 16, 2018 at 08:54:56PM +0100, Greg Kroah-Hartman wrote:
> > On Fri, Feb 16, 2018 at 08:21:17PM +0100, Greg Kroah-Hartman wrote:
> > > On Fri, Feb 16, 2018 at 06:19:46AM -0800, Guenter Roeck wrote:
> > > > On 02/15/201
On Fri, Feb 16, 2018 at 10:06:29AM -0800, Raghavendra Rao Ananta wrote:
> > No this is absolutely disguisting. You can simply keep the events in the
> > dead CPU's context. It's really not that hard.
> Keeping the events in the dead CPU's context was also an idea that we had.
> However, detaching t
On Fri, 16 Feb 2018 16:41:01 +0100 Juergen Gross wrote:
> Commit f7f99100d8d95dbcf09e0216a143211e79418b9f ("mm: stop zeroing
> memory during allocation in vmemmap") broke Xen pv domains in some
> configurations, as the "Pinned" information in struct page of early
> page tables could get lost. Thi
On Fri, 2018-02-16 at 21:28 +0200, Andy Shevchenko wrote:
> Sparse complains that constant is so bit for unsigned long on 64-bit
> architecture.
>
> lib/test_printf.c:217:54: warning: constant 0x0123456789ab is so
> big it is unsigned long
> lib/test_printf.c:246:54: warning: constant 0x01
On Fri, 16 Feb 2018 16:41:01 +0100 Juergen Gross wrote:
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -347,6 +347,9 @@ static inline bool update_defer_init(pg_data_t *pgdat,
> /* Always populate low zones for address-constrained allocations */
> if (zone_end < pgdat_end_pfn(pgd
On Fri, Feb 16, 2018 at 12:31:39PM -0800, Andrew Morton wrote:
> On Fri, 16 Feb 2018 09:13:27 -0800 Joe Perches wrote:
>
> > On Fri, 2018-02-16 at 15:55 +0300, Dan Carpenter wrote:
> > > On Fri, Feb 16, 2018 at 05:06:34PM +0530, Yash Omer wrote:
> > > > This patch fix line should not end with ope
On Fri, Feb 16, 2018 at 12:39:23PM -0800, Guenter Roeck wrote:
> On Fri, Feb 16, 2018 at 09:25:21PM +0100, Greg Kroah-Hartman wrote:
> > On Fri, Feb 16, 2018 at 08:54:56PM +0100, Greg Kroah-Hartman wrote:
> > > On Fri, Feb 16, 2018 at 08:21:17PM +0100, Greg Kroah-Hartman wrote:
> > > > On Fri, Feb
On Thu, 15 Feb 2018 09:44:59 +
Shameer Kolothum wrote:
> This introduces an iova list that is valid for dma mappings. Make
> sure the new iommu aperture window doesn't conflict with the current
> one or with any existing dma mappings during attach.
>
> Signed-off-by: Shameer Kolothum
> ---
On Fri, 2018-02-16 at 10:41 +, Ard Biesheuvel wrote:
> On 15 February 2018 at 18:22, Joe Konno
> wrote:
> >
> > From: Joe Konno
> >
> > It was pointed out that normal, unprivileged users reading certain
> > EFI
> > variables (through efivarfs) can generate SMIs. Given these nodes
> > are cr
From: Stefan Monnier
Enable the display pipeline and HDMI output for the Orange Pi mini
Signed-off-by: Stefan Monnier
---
arch/arm/boot/dts/sun7i-a20-orangepi-mini.dts | 25 +
1 file changed, 25 insertions(+)
diff --git a/arch/arm/boot/dts/sun7i-a20-orangepi-mini.dts
Hi,
On Fri, Feb 16, 2018 at 4:34 AM, Enric Balletbo Serra
wrote:
> Hi,
>
> 2018-01-31 17:52 GMT+01:00 Doug Anderson :
>> Hi,
>>
>>
>> On Wed, Jan 31, 2018 at 7:16 AM, Sean Paul wrote:
>>> On Wed, Jan 31, 2018 at 7:54 AM, Lucas Stach wrote:
Am Dienstag, den 30.01.2018, 21:29 +0100 schrieb T
On Mon, 2018-01-22 at 09:40 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> --
>
> From: Thomas Gleixner
>
> commit 45d55e7bac4028af93f5fa324e69958a0b868e96 upstream.
>
> Keith reported the following warning:
>
On Fri, Feb 16, 2018 at 11:38:11AM +0100, Benjamin Tissoires wrote:
> On Fri, Feb 16, 2018 at 10:57 AM, Rodrigo Rivas Costa
> wrote:
> > On Fri, Feb 16, 2018 at 10:31:35AM +0100, Benjamin Tissoires wrote:
> >> > Ok, I'll do that. The weird thing, however, is that:
> >> >
> >> > hid_hw_raw_
On Thu, 15 Feb 2018 19:37:44 -0800 Kees Cook wrote:
> --- a/Documentation/sysctl/kernel.txt
> +++ b/Documentation/sysctl/kernel.txt
> @@ -991,6 +991,7 @@ ORed together. The letters are seen in "Tainted" line of
> Oops reports.
> 16384 (L): A soft lockup has previously occurred on the system.
>
On Fri, 2018-02-16 at 12:31 -0800, Andrew Morton wrote:
> On Fri, 16 Feb 2018 09:13:27 -0800 Joe Perches wrote:
>
> > On Fri, 2018-02-16 at 15:55 +0300, Dan Carpenter wrote:
> > > On Fri, Feb 16, 2018 at 05:06:34PM +0530, Yash Omer wrote:
> > > > This patch fix line should not end with open paren
There are places where default specification to print flags as number
is in use.
Make it global and convert existing users.
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 21 -
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.
The pointer can't be NULL since it's first what has been done in the
pointer().
Remove useless checks.
Note we leave check for !CONFIG_HAVE_CLK to make compiler
to optimize code away when possible.
Cc: Petr Mladek
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 13 +
1 file ch
Sparse complains that constant is so bit for unsigned long on 64-bit
architecture.
lib/test_printf.c:217:54: warning: constant 0x0123456789ab is so big it is
unsigned long
lib/test_printf.c:246:54: warning: constant 0x0123456789ab is so big it is
unsigned long
To satisfy everyone, mark
From: Shunyong Yang
Before crng is ready, output of "%p" composes of "(ptrval)" and
left padding spaces for alignment as no random address can be
generated. This seems a little strange when default string width
is larger than strlen("(ptrval)").
For example, when irq domain names are built with
There is an exact code at the end of ptr_to_id().
Replace it by calling pointer_string() directly.
This is followup to the commit
ad67b74d2469 ("printk: hash addresses printed with %p").
Cc: Tobin C. Harding
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 27 +++
There are places where default specification to print decimal numbers
is in use.
Make it global and convert existing users.
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.
There are places where default specification to print strings
is in use.
Make it global and convert existing users.
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index a49da00b79e7..28d7aca6a805 100644
--- a/lib/
As preparatory patch to further clean up.
No functional change.
Signed-off-by: Andy Shevchenko
---
lib/vsprintf.c | 28 ++--
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index c789d265311b..87dbced51b1a 100644
--- a/lib/
> That said, I'm not sure how many non-root users run the toolkit to
> extract their EFI certificates or check on the secure boot status of
> the system, but I suspect it might be non-zero: I can see the tinfoil
> hat people wanting at least to check the secure boot status when they
> log in.
Anot
On Fri, 2018-02-16 at 21:22 +0100, Ulf Magnusson wrote:
> Hello,
>
> This patchset contains some improvements for the Kconfig help text check in
> scripts/checkconfig.pl:
Seems sensible enough to me.
Signed-off-by: Joe Perches
> - Commits 1 and 2 make the check more robust by checking menuconf
>
> On Wed, Feb 14, 2018 at 02:03:29PM +0200, Tomas Winkler wrote:
> > This fixes regression introduced by
> > commit 8d52af6795c0 ("mei: speed up the power down flow")
>
> In the future, put:
> Fixes: 8d52af6795c0 ("mei: speed up the power down flow")
>
> in your signed-off-by area so tha
On Thu, 15 Feb 2018 09:45:00 +
Shameer Kolothum wrote:
> This retrieves the reserved regions associated with dev group and
> checks for conflicts with any existing dma mappings. Also update
> the iova list excluding the reserved regions.
>
> Signed-off-by: Shameer Kolothum
> ---
> drivers/
On 02/16/2018 12:13 PM, Andy Shevchenko wrote:
On Fri, Feb 16, 2018 at 9:44 PM, David Daney wrote:
The ISL12026 is a combination RTC and EEPROM device with I2C
interface. The standard RTC driver interface is provided. The EEPROM
is accessed via the NVMEM interface via the "eeprom0" directory
From: David Howells
Date: Thu, 15 Feb 2018 22:59:00 +
> Due to a check recently added to copy_to_user(), it's now not permitted to
> copy from slab-held data to userspace unless the slab is whitelisted. This
> affects rxrpc_recvmsg() when it attempts to place an RXRPC_USER_CALL_ID
> control
On Fri, Feb 16, 2018 at 11:19 PM, David Daney wrote:
> On 02/16/2018 12:13 PM, Andy Shevchenko wrote:
>> On Fri, Feb 16, 2018 at 9:44 PM, David Daney
>> wrote:
>>> +config RTC_DRV_ISL12026
>>> + tristate "Intersil ISL12026"
>> depends on OF
> It doesn't depend on CONFIG_OF, it builds jus
On 02/16/2018 02:59 PM, H. Peter Anvin wrote:
> On 02/16/18 12:33, Taras Kondratiuk wrote:
>> Many of the Linux security/integrity features are dependent on file
>> metadata, stored as extended attributes (xattrs), for making decisions.
>> These features need to be initialized during initcall and
Hi Ingo,
Here is a small pile of cleanups and fixes for nospec.h after inspection
from Linus, Rasmus, and Christian. Full changelogs below:
These have received a build success notification from 0day across 126
configs.
---
Dan Williams (2):
nospec: Kill array_index_nospec_mask_check()
There are multiple problems with the dynamic sanity checking in
array_index_nospec_mask_check():
* It causes unnecessary overhead in the 32-bit case since integer sized
@index values will no longer cause the check to be compiled away like
in the 64-bit case.
* In the 32-bit case it may trigge
From: Rasmus Villemoes
The last expression in a statement expression need not be a bare
variable, quoting gcc docs
The last thing in the compound statement should be an expression
followed by a semicolon; the value of this subexpression serves as the
value of the entire construct.
and we
The nospec.h header expects the per-architecture header file
asm/barrier.h to optionally define array_index_mask_nospec(). Include
that dependency to prevent inadvertent fallback to the default
array_index_mask_nospec() implementation. The default implementation may
not provide a full mitigation on
Hi Lina,
On Thu, Feb 15, 2018 at 9:34 AM, Lina Iyer wrote:
> Add controller driver for QCOM SoCs that have hardware based shared
> resource management. The hardware IP known as RSC (Resource State
> Coordinator) houses multiple Direct Resource Voter (DRV) for different
> execution levels. A DRV i
From: "Michael S. Tsirkin"
Date: Fri, 16 Feb 2018 09:40:54 +0200
> So pointer rings work fine, but they have a problem:
> make them too small and not enough entries fit.
> Make them too large and you start flushing your cache
> and running out of memory.
>
> This is a new idea of mine: a ring ba
From: Colin King
Date: Fri, 16 Feb 2018 16:55:05 +
> From: Colin Ian King
>
> The shifting of timehi by 16 bits to the left will be promoted to
> a 32 bit signed int and then sign-extended to an u64. If the top bit
> of timehi is set then all then all the upper bits of ns end up as also
> b
Fix a coding style problem causing warnings from checkpatch.pl.
Signed-off-by: Quytelda Kahja
---
drivers/staging/gdm724x/gdm_lte.c | 50 ++-
1 file changed, 28 insertions(+), 22 deletions(-)
diff --git a/drivers/staging/gdm724x/gdm_lte.c
b/drivers/staging/g
Although similar to AM33XX, introduce a new low-level asm file for
suspend containing new context save and restore paths for EMIF and l2
cache disabling and enabling.
Signed-off-by: Dave Gerlach
---
arch/arm/mach-omap2/sleep43xx.S | 393
1 file changed, 3
I've recently done some build testing on 4.14-stable and to my surprise
found only a handful of bugfixes were required to build all x86 and arm64
randconfig output without any warnings using gcc-7.2.1. I have submitted
the remaining trivial patches now, and this is the non-trivial remaining
part, w
Most of the PM code needed for am335x and am437x can be moved into a
module under drivers but some core code must remain in mach-omap2 at the
moment. This includes some internal clockdomain APIs and low-level ARM
APIs which are also not exported for use by modules.
Implement a few functions that h
Hi,
This series contains the remaining code to enable suspend to mem and standby
on am335x and am437x platforms. All dependencies have been merged and this
is just a rebase on v4.16-rc1. For this to work on am437x-gp-evm this
bug fix patch [1] is required but suspend works fine on am335x platforms
In preparation for suspend-resume support for AM33XX, add
the assembly file with the code which is copied to internal
memory (OCMC RAM) during bootup and runs from there.
As part of the low power entry (DeepSleep0 mode in AM33XX TRM),
the code running from OCMC RAM does the following
1. Calls rout
This can easily double the time for compiling a driver but does not
provide any benefit for the compile tester, so it's better left disabled.
In addition, any 'inline' function that is not also 'static' and that
contains an 'if' causes a warning like
include/linux/string.h:212:2: note: in expansi
AM335x and AM437x support various low power modes as documented
in section 8.1.4.3 of the AM335x Technical Reference Manual and
section 6.4.3 of the AM437x Technical Reference Manual.
DeepSleep0 mode offers the lowest power mode with limited
wakeup sources without a system reboot and is mapped as
Building randconfig kernels frequently leads to build errors from
drivers that have additional build dependencies, or that we don't
want to build for compile-testing for some other reason.
We already have a couple of compile-time options that can deal with this
problem, but the complete set is not
The kernel currently supports two methods of dealing with config
fragments in the tree:
a) Running "make foo.config" looks for arch/$(ARCH)/configs/foo.config
and kernel/configs/foo.config, and applies the defaults from those
files on top of the current configuration.
b) Running "KCONFIG_AL
On Fri, Feb 16, 2018 at 8:30 PM, Matthew Wilcox wrote:
> On Fri, Feb 16, 2018 at 07:44:50PM +0200, Andy Shevchenko wrote:
>> On Tue, Jan 9, 2018 at 1:10 PM, Wei Wang wrote:
>> > From: Matthew Wilcox
>> >
>> > The eXtensible Bitmap is a sparse bitmap representation which is
>> > efficient for set
On Fri, Feb 16, 2018 at 9:09 PM, Luck, Tony wrote:
>> That said, I'm not sure how many non-root users run the toolkit to
>> extract their EFI certificates or check on the secure boot status of
>> the system, but I suspect it might be non-zero: I can see the tinfoil
>> hat people wanting at least t
On Fri, 16 Feb 2018, Sebastian Andrzej Siewior wrote:
> On 2018-02-16 13:29:01 [-0500], Alan Stern wrote:
> > We originally used tasklets because we didn't want to incur the delays
> > associated with running in a process context. It seems odd to be
> > reversing that decision now.
>
> The the
Fix coding style warning from checkpatch.pl.
Signed-off-by: Quytelda Kahja
---
drivers/staging/gdm724x/gdm_lte.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/gdm724x/gdm_lte.c
b/drivers/staging/gdm724x/gdm_lte.c
index ff3fed9c4a81..26a81fdd0044 100644
--
Miklos Szeredi writes:
> On Mon, Feb 12, 2018 at 5:35 PM, Eric W. Biederman
> wrote:
>> Miklos Szeredi writes:
>>
>>> On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote:
From: Seth Forshee
In order to support mounts from namespaces other than
init_user_ns, fuse must transl
Miklos Szeredi writes:
> On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote:
>
>> Patches 1-2 deal with an additional flag of lookup_bdev() to check for
>> additional inode permission.
>
> fuse_blk is less suitable for unprivileged mounting than plain fuse.
> fusermount doesn't allow mounting fu
On Fri, 16 Feb 2018, Rob Landley wrote:
On 02/16/2018 02:59 PM, H. Peter Anvin wrote:
On 02/16/18 12:33, Taras Kondratiuk wrote:
Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to
On Fri, Feb 16, 2018 at 11:45:51PM +0200, Andy Shevchenko wrote:
> Now, the question about test case. Why do you heavily use BUG_ON?
> Isn't resulting statistics enough?
No. If any of those tests fail, we want to stop dead. They'll lead to
horrendous bugs throughout the kernel if they're wrong.
On Fri, Feb 16, 2018 at 1:45 PM Andy Lutomirski wrote:
> I'm going to go out on a limb and suggest that the fact that
> unprivileged users can read efi variables at all is a mistake
> regardless of SMI issues.
Why? They should never contain sensitive material.
> Also, chmod() just shouldn't work
Miklos Szeredi writes:
> On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote:
>> From: Eric W. Biederman
>>
>> Allow users with CAP_SYS_CHOWN over the superblock of a filesystem to
>> chown files. Ordinarily the capable_wrt_inode_uidgid check is
>> sufficient to allow access to files but when t
> If the default is 600 then it makes sense to allow a privileged service to
> selectively make certain variables world readable at runtime.
As soon as you make one variable world readable you are vulnerable to
a local user launching a DoS attack by reading that variable over and over
generating a
On Fri, 16 Feb 2018 22:41:11 +0100
Arnd Bergmann wrote:
> This can easily double the time for compiling a driver but does not
> provide any benefit for the compile tester, so it's better left disabled.
>
> In addition, any 'inline' function that is not also 'static' and that
> contains an 'if' c
On 02/16/18 12:33, Taras Kondratiuk wrote:
> Many of the Linux security/integrity features are dependent on file
> metadata, stored as extended attributes (xattrs), for making decisions.
> These features need to be initialized during initcall and enabled as
> early as possible for complete security
On Fri, Feb 16, 2018 at 2:02 PM Luck, Tony wrote:
> > If the default is 600 then it makes sense to allow a privileged service
to
> > selectively make certain variables world readable at runtime.
> As soon as you make one variable world readable you are vulnerable to
> a local user launching a Do
On Fri, Feb 16, 2018 at 09:09:30PM +, Luck, Tony wrote:
> > That said, I'm not sure how many non-root users run the toolkit to
> > extract their EFI certificates or check on the secure boot status of
> > the system, but I suspect it might be non-zero: I can see the tinfoil
> > hat people wantin
2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov :
> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote:
> ...
>> >>> +bool pti_handle_segment_not_present(long error_code)
>> >>> +{
>> >>> + if (!static_cpu_has(X86_FEATURE_PTI))
>> >>> + return false;
>> >>> +
>> >>> +
tree: https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
rcu/next
head: 07180bfca95f9819250887160a5ccc53119967a7
commit: 07180bfca95f9819250887160a5ccc53119967a7 [42/42] EXP rcu: Add ->qsmask
to assertion
config: x86_64-randconfig-x013-201806 (attached as .config)
compiler:
Dmitry Safonov <0x7f454...@gmail.com> wrote:
> 2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov :
>> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote:
>> ...
>> +bool pti_handle_segment_not_present(long error_code)
>> +{
>> + if (!static_cpu_has(X86_FEATURE_PTI))
>> +
There is a single error path where tfile->napi_mutex is left unlocked.
It can lead to a deadlock.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov
---
drivers/net/tun.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/net/tun.c b/dr
On Thu, 15 Feb 2018 09:45:03 +
Shameer Kolothum wrote:
> This allows the user-space to retrieve the supported IOVA
> range(s), excluding any reserved regions. The implementation
> is based on capability chains, added to VFIO_IOMMU_GET_INFO ioctl.
>
> Signed-off-by: Shameer Kolothum
> ---
>
On Fri, Feb 16, 2018 at 11:03 PM, Steven Rostedt wrote:
> On Fri, 16 Feb 2018 22:41:11 +0100
> Arnd Bergmann wrote:
>
>> This can easily double the time for compiling a driver but does not
>> provide any benefit for the compile tester, so it's better left disabled.
>>
>> In addition, any 'inline'
On 02/16/18 01:04, Chintan Pandya wrote:
>
>
> On 2/15/2018 6:22 AM, frowand.l...@gmail.com wrote:
>> From: Frank Rowand
>>
>> Create a cache of the nodes that contain a phandle property. Use this
>> cache to find the node for a given phandle value instead of scanning
>> the devicetree to find
Since commit 76ebbe78f739 ("locking/barriers: Add implicit
smp_read_barrier_depends() to READ_ONCE()") was merged for the 4.15
kernel, it has not been necessary to use smp_read_barrier_depends().
Similarly, commit 59ecbbe7b31c ("locking/barriers: Kill
lockless_dereference()") removed lockless_deref
Fix a coding style warning from checkpatch.pl. Use GNU extensions to create
references to the results of problem macro arguments when they are evaluated so
that they can be used safely multiple times.
Signed-off-by: Quytelda Kahja
---
drivers/staging/gdm724x/gdm_tty.c | 24 -
Hi!
Camera should work on N900, with v4.16-rc1. Autofocus should work;
flash is in the queue.
This patch is needed for non-square image. Patched v4l-utils is very
much recommened for taking photos.
Sakari: any ideas about this one? This is the bug I showed you in
Prague...
Best regards,
On 2018-02-16, Linus Torvalds wrote:
> On Fri, Feb 16, 2018 at 7:09 AM, John Ogness
> wrote:
>> dentry_kill() holds dentry->d_lock and needs to acquire both
>> dentry->d_inode->i_lock and dentry->d_parent->d_lock. This cannot be
>> done with spin_lock() operations because it's the reverse of the
On 02/16/18 01:07, Chintan Pandya wrote:
>
>
> On 2/15/2018 6:14 AM, frowand.l...@gmail.com wrote:
>> From: Frank Rowand
>>
>> The initial implementation of the of_find_node_by_phandle() cache
>> allocates the cache using kcalloc(). Add an early boot allocation
>> of the cache so it will be usa
On 02/16/18 14:20, Frank Rowand wrote:
> On 02/16/18 01:04, Chintan Pandya wrote:
>>
>>
>> On 2/15/2018 6:22 AM, frowand.l...@gmail.com wrote:
>>> From: Frank Rowand
>>>
>>> Create a cache of the nodes that contain a phandle property. Use this
>>> cache to find the node for a given phandle value
701 - 800 of 889 matches
Mail list logo
