Sorry for the delayed response, literally sent the patch then went on vacation.
On Mon, Jul 29, 2019 at 3:16 PM Maciej W. Rozycki wrote:
>
> On Mon, 29 Jul 2019, Nick Desaulniers wrote:
>
> > The code in question is modifying a variable declared const through
> > pointer manipulation. Such code
On Wed, Aug 07, 2019 at 04:51:42PM -0400, Johannes Weiner wrote:
> Per default, the OOM killer will engage after 15 seconds of at least
> 80% memory pressure. These values are tunable via sysctls
> vm.thrashing_oom_period and vm.thrashing_oom_level.
Let's go with this:
Per default, the OOM killer
Quoting Andrew Jeffery (2019-07-10 07:10:09)
> From: Joel Stanley
>
> The clock divisor comes with an enable bit (gate). This was not
> implemented as we didn't have access to SD hardware when writing the
> driver. Now that we can test it, add the gate as a parent to the
> divisor.
>
> There is
Quoting Nathan Huckleberry (2019-06-27 15:06:42)
> drivers/clk/clk-qoriq.c:138:38: warning: unused variable
> 'p5020_cmux_grp1' [-Wunused-const-variable] static const struct
> clockgen_muxinfo p5020_cmux_grp1
>
> drivers/clk/clk-qoriq.c:146:38: warning: unused variable
> 'p5020_cmux_grp2' [-Wunuse
On Wed, Aug 7, 2019 at 4:24 AM Sibi Sankar wrote:
>
> On some Qualcomm SoCs, Operating State Manager (OSM) controls the
> resources of scaling L3 caches. Add a driver to handle bandwidth
> requests to OSM L3 from CPU/GPU.
>
> Signed-off-by: Sibi Sankar
> ---
> drivers/interconnect/qcom/Kconfig
Quoting Sowjanya Komatineni (2019-08-02 13:39:57)
>
> On 8/2/19 10:51 AM, Stephen Boyd wrote:
> > And also add a comment to this location in the code because it's
> > non-obvious that we can't use iopoll here.
> >
> Actually added comment during function usage instead of during include
> as iopol
On Wed, Aug 07, 2019 at 06:33:32AM +, Jethro Beekman wrote:
> On 2019-07-13 10:07, Jarkko Sakkinen wrote:
> > Because the kernel is untrusted, swapping pages in/out of the Enclave
> > Page Cache (EPC) has specialized requirements:
> >
> > * The kernel cannot directly access EPC memory, i.e. ca
Quoting Colin King (2019-07-01 09:50:20)
> From: Colin Ian King
>
> The variable n_den is initialized however that value is never read
> as n_den is re-assigned a little later in the two paths of a
> following if-statement. Remove the redundant assignment.
>
> Addresses-Coverity: ("Unused value
On Wed, 7 Aug 2019 21:00:04 + Song Liu wrote:
> >>
> >> Shall I resend the patch, or shall I send fix on top of current patch?
> >
> > Either is OK. If the difference is small I will turn it into an
> > incremental patch so that I (and others) can see what changed.
>
> Please find the pat
On 8/7/19 2:27 PM, Andrew Morton wrote:
> On Wed, 7 Aug 2019 21:00:04 + Song Liu wrote:
>
Shall I resend the patch, or shall I send fix on top of current patch?
>>>
>>> Either is OK. If the difference is small I will turn it into an
>>> incremental patch so that I (and others) can
Quoting Paul Cercueil (2019-07-01 04:36:06)
> The code was setting the bit 21 of the CPCCR register to use a divider
> of 2 for the "pll half" clock, and clearing the bit to use a divider
> of 1.
>
> This is the opposite of how this register field works: a cleared bit
> means that the /2 divider i
The code claims to grab a runtime PM ref when at least one CRTC is
active, but that's not actually the case as we grab a runtime PM ref
whenever a CRTC is enabled regardless of it's DPMS state. Meaning that
we can end up keeping the GPU awake when there are no screens enabled,
something we don't re
Just some runtime PM fixes for some much less noticeable runtime PM ref
tracking issues that I got reminded of when fixing some unrelated issues
with nouveau.
Lyude Paul (2):
drm/nouveau/dispnv04: Grab/put runtime PM refs on DPMS on/off
drm/nouveau/dispnv50: Fix runtime PM ref tracking for non
On Wed, Aug 07, 2019 at 02:01:30PM -0700, Andrew Morton wrote:
> On Wed, 7 Aug 2019 16:51:38 -0400 Johannes Weiner wrote:
>
> > However, eb414681d5a0 ("psi: pressure stall information for CPU,
> > memory, and IO") introduced a memory pressure metric that quantifies
> > the share of wallclock time
On Tue, Aug 06, 2019 at 11:08:24AM -0700, Paul E. McKenney wrote:
> On Mon, Aug 05, 2019 at 10:48:00AM -0700, Paul E. McKenney wrote:
> > On Mon, Aug 05, 2019 at 05:50:24PM +0200, Peter Zijlstra wrote:
> > > On Mon, Aug 05, 2019 at 07:54:48AM -0700, Paul E. McKenney wrote:
> > >
> > > > > Right; s
On Wed, Aug 07, 2019 at 04:09:10PM +0200, Marc Gonzalez wrote:
> On 30/07/2019 23:56, Bjorn Helgaas wrote:
>
> >> diff --git a/drivers/pci/controller/pcie-tango.c
> >> b/drivers/pci/controller/pcie-tango.c
> >> index 21a208da3f59..b87aa9041480 100644
> >> --- a/drivers/pci/controller/pcie-tango.c
> On Aug 7, 2019, at 2:30 PM, Randy Dunlap wrote:
>
> On 8/7/19 2:27 PM, Andrew Morton wrote:
>> On Wed, 7 Aug 2019 21:00:04 + Song Liu wrote:
>>
>
> Shall I resend the patch, or shall I send fix on top of current patch?
Either is OK. If the difference is small I will
> On Aug 7, 2019, at 2:27 PM, Andrew Morton wrote:
>
> On Wed, 7 Aug 2019 21:00:04 + Song Liu wrote:
>
Shall I resend the patch, or shall I send fix on top of current patch?
>>>
>>> Either is OK. If the difference is small I will turn it into an
>>> incremental patch so that
KBUILD_CFLAGS is very carefully built up in the top level Makefile,
particularly when cross compiling or using different build tools.
Resetting KBUILD_CFLAGS via := assignment is an antipattern.
The comment above the reset mentions that -pg is problematic. Other
Makefiles use `CFLAGS_REMOVE_file.
Implementing memcpy and memset in terms of __builtin_memcpy and
__builtin_memset is problematic.
GCC at -O2 will replace calls to the builtins with calls to memcpy and
memset (but will generate an inline implementation at -Os). Clang will
replace the builtins with these calls regardless of optimi
1. Reuse the implementation of memcpy and memset instead of relying on
__builtin_memcpy and __builtin_memset as it causes infinite recursion
in Clang (at any opt level) or GCC at -O2.
2. Don't reset KBUILD_CFLAGS, rather filter CONFIG_FUNCTION_TRACER,
CONFIG_STACKPROTECTOR, CONFIG_STACKPROTECTOR_ST
Initialize never-used descriptors as permanently invalid so there
is no risk of the descriptor unexpectedly being determined as
valid due to dataring head overflowing/wrapping.
Signed-off-by: John Ogness
---
kernel/printk/dataring.c | 42 +++---
kernel/printk/da
The buffer for the raw data storage included extra space at the
end for a long. This was meant to guarantee space for the ID of a
wrapping datablock. However, since datablocks are padded and the
dataring is implemented such that no datablock can end at exactly
the end of the data buffer:
D
See documentation for details.
For the real patch the "prb overview" documentation section in
kernel/printk/ringbuffer.c will be included in the commit message.
Signed-off-by: John Ogness
---
kernel/printk/Makefile | 3 +
kernel/printk/dataring.c | 761 ++
The ringbuffer documents that the expected average size value
should be lower than the actual average. For the test module the
average should be 64, so set the expected average to 5 bits (32).
Signed-off-by: John Ogness
---
kernel/printk/test_prb.c | 2 +-
1 file changed, 1 insertion(+), 1 delet
Hello,
This is a follow-up RFC on the work to re-implement much of
the core of printk. The threads for the previous RFC versions
are here: v1[0], v2[1], v3[2].
This series only builds upon v3 (i.e. the first part of this
series is exactly v3). The main purpose of this series is to
replace the cur
This module does some heavy write stress testing on the ringbuffer
with a reader that is checking for integrity.
Signed-off-by: John Ogness
---
kernel/printk/Makefile | 2 +
kernel/printk/test_prb.c | 256 +++
2 files changed, 258 insertions(+)
create mod
Add missing includes and exports.
Signed-off-by: John Ogness
---
kernel/printk/dataring.c | 1 +
kernel/printk/numlist.c| 1 +
kernel/printk/ringbuffer.c | 4
3 files changed, 6 insertions(+)
diff --git a/kernel/printk/dataring.c b/kernel/printk/dataring.c
index 911bac593ec1..6642e08
This is a major change because the API (and underlying workings)
of the new ringbuffer are completely different than the previous
ringbuffer. Since there are several components of the printk
infrastructure that use the ringbuffer API (console, /dev/kmsg,
syslog, kmsg_dump), there are quite a few ch
The printk implementation will rely on sequence numbers never
wrapping. For 32-bit systems, an unsigned long for sequence
numbers is not acceptable. Change the sequence number to u64.
Size variables are currently unsigned int, which may not be
acceptable for 64-bit systems. Change size variables t
Add the following functions needed to support printk features.
dataring:
dataring_unused() - return free bytes
ringbuffer:
prb_init() - dynamically initialize a ringbuffer
prb_iter_seek() - seek to an entry in the committed list
prb_iter_wait_next_valid_entry() - blocking reader function
prb_iter
Hi all,
After merging the dma-mapping-fixes tree, today's linux-next build
(x86_64 allmodconfig) failed like this:
/home/sfr/next/next/mm/migrate.c: In function 'migrate_vma_collect':
/home/sfr/next/next/mm/migrate.c:2350:61: error: 'mm_walk' undeclared (first
use in this function)
mmu_notifie
Interconnects and interconnect paths quantify their performance levels in
terms of bandwidth and not in terms of frequency. So similar to how we have
frequency based OPP tables in DT and in the OPP framework, we need
bandwidth OPP table support in DT and in the OPP framework.
So with the DT bindin
The frequency OPP tables have helper functions to search for entries in the
table based on frequency and get the frequency values for a given (or
suspend) OPP entry.
Add similar helper functions for bandwidth OPP tables to search for entries
in the table based on peak bandwidth and to get the peak
Interconnects often quantify their performance points in terms of
bandwidth. So, add opp-peak-kBps (required) and opp-avg-kBps (optional) to
allow specifying Bandwidth OPP tables in DT.
opp-peak-kBps is a required property that replaces opp-hz for Bandwidth OPP
tables.
opp-avg-kBps is an optional
Not all devices quantify their performance points in terms of frequency.
Devices like interconnects quantify their performance points in terms of
bandwidth. We need a way to represent these bandwidth levels in OPP. So,
add support for parsing bandwidth OPPs from DT.
Signed-off-by: Saravana Kannan
On Thu, Aug 08, 2019 at 08:29:48AM +1000, Stephen Rothwell wrote:
> Hi all,
>
> After merging the dma-mapping-fixes tree, today's linux-next build
> (x86_64 allmodconfig) failed like this:
>
> /home/sfr/next/next/mm/migrate.c: In function 'migrate_vma_collect':
> /home/sfr/next/next/mm/migrate.c:
On Thu, Aug 08, 2019 at 06:06:58AM +0800, kbuild test robot wrote:
> tree:
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
> dev.2019.07.31a
> head: 71cf692f482ff45802352cf85a8880035fca9e52
> commit: 1e900d78f345ee808992b1212c0388a5c8381b96 [122/123] rcutortur
Fix spurious warning message when building with W=1:
CC [M] drivers/net/wireless/realtek/rtlwifi/usb.o
drivers/net/wireless/realtek/rtlwifi/usb.c:243: warning: Cannot understand *
on line 243 - I thought it was a doc line
drivers/net/wireless/realtek/rtlwifi/usb.c:760: warning: Cannot underst
From: Alexander Duyck
In order to enable the use of the zone from the list manipulator functions
I will need access to the zone pointer. As it turns out most of the
accessors were always just being directly passed &zone->free_area[order]
anyway so it would make sense to just fold that into the fu
From: Alexander Duyck
In order to support page reporting it will be necessary to store and
retrieve the migratetype of a page. To enable that I am moving the set and
get operations for pcppage_migratetype into the mm/internal.h header so
that they can be used outside of the page_alloc.c file.
Si
From: Alexander Duyck
This patch is meant to move the head/tail adding logic out of the shuffle
code and into the __free_one_page function since ultimately that is where
it is really needed anyway. By doing this we should be able to reduce the
overhead and can consolidate all of the list addition
This series provides an asynchronous means of reporting to a hypervisor
that a guest page is no longer in use and can have the data associated
with it dropped. To do this I have implemented functionality that allows
for what I am referring to as unused page reporting
The functionality for this is
From: Alexander Duyck
Add support for the page reporting feature provided by virtio-balloon.
Reporting differs from the regular balloon functionality in that is is
much less durable than a standard memory balloon. Instead of creating a
list of pages that cannot be accessed the pages are only inac
From: Alexander Duyck
In order to pave the way for free page reporting in virtualized
environments we will need a way to get pages out of the free lists and
identify those pages after they have been returned. To accomplish this,
this patch adds the concept of a Reported Buddy, which is essentiall
From: Alexander Duyck
Currently the page poisoning setting wasn't being enabled unless free page
hinting was enabled. However we will need the page poisoning tracking logic
as well for unused page reporting. As such pull it out and make it a
separate bit of config in the probe function.
In addit
From: Alexander Duyck
We need to make certain to advertise support for page poison tracking if
we want to actually get data on if the guest will be poisoning pages. So
if free page hinting is active we should add page poisoning support and
let the guest disable it if it isn't using it.
Page pois
From: Alexander Duyck
Add a bit for the page reporting feature provided by virtio-balloon.
This patch should be replaced once the feature is added to the Linux kernel
and the bit is backported into this exported kernel header.
Signed-off-by: Alexander Duyck
---
include/standard-headers/linux/
From: Alexander Duyck
Add support for what I am referring to as "unused page reporting".
Basically the idea is to function very similar to how the balloon works
in that we basically end up madvising the page as not being used. However
we don't really need to bother with any deflate type logic sin
Two patches in this series.
1) There's no need to even build drivers/ras/debugfs.o if config doesn't
include debugfs
2) Add proper includes to silence warnings building debugfs.o
Changes since first version: deal with error when building without debugfs.
Makefile |5 -
debugfs.c |
There's no reason to build the debugfs.o if the kernel config doesn't
even include CONFIG_DEBUG_FS
Signed-off-by: Valdis Kletnieks
diff --git a/drivers/ras/Makefile b/drivers/ras/Makefile
index ef6777e14d3d..07a5c391cc23 100644
--- a/drivers/ras/Makefile
+++ b/drivers/ras/Makefile
@@ -1,3 +1,6 @
When building with C=2 and/or W=1, legitimate warnings are issued
about missing prototypes. Provide the proper includes.
CHECK drivers/ras/debugfs.c
drivers/ras/debugfs.c:4:15: warning: symbol 'ras_debugfs_dir' was not declared.
Should it be static?
drivers/ras/debugfs.c:8:5: warning: symbol
On Wed, Aug 07, 2019 at 01:26:17PM -0700, Luck, Tony wrote:
> Ugh! The rule to do the compression was in arch/ia64/hp/sim/boot/Makefile
> which went away as part of the deletion of hpsim.
This fixes it ... should fold into the patch that dropped the
arch/ia64/hp/sim/boot/Makefile
I just cut/paste
> From: Dexuan Cui
> Sent: Wednesday, July 31, 2019 10:52 AM
> To: linux-hyp...@vger.kernel.org; gre...@linuxfoundation.org; Stephen
> @@ -2050,6 +2095,10 @@ static int vmbus_acpi_add(struct acpi_device
> *device)
> };
> MODULE_DEVICE_TABLE(acpi, vmbus_acpi_device_ids);
>
> +static const struct
On Wed, 7 Aug 2019, Paolo Bonzini wrote:
> On 07/08/19 14:27, Anup Patel wrote:
> > This series adds initial KVM RISC-V support. Currently, we are able to boot
> > RISC-V 64bit Linux Guests with multiple VCPUs.
>
> Looks good to me! Still need an Acked-by from arch/riscv folks if I
> have to mer
When building with W=1, we get some kerneldoc warnings:
CC fs/fhandle.o
fs/fhandle.c:259: warning: Function parameter or member 'flags' not described
in 'sys_open_by_handle_at'
fs/fhandle.c:259: warning: Excess function parameter 'flag' description in
'sys_open_by_handle_at'
Fix the typo
tree:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
dev.2019.07.31a
head: 71cf692f482ff45802352cf85a8880035fca9e52
commit: 1e900d78f345ee808992b1212c0388a5c8381b96 [122/123] rcutorture: Force on
tick for readers and callback flooders
config: x86_64-randconfig
Hi,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linus/master]
[cannot apply to v5.3-rc3 next-20190807]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/john
The variable rcu_perf_writer_state is declared and initialized,
but is never actually referenced. Remove it to clean code.
Signed-off-by: Ethan Hansen <1ethanhan...@gmail.com>
---
kernel/rcu/rcuperf.c | 8
1 file changed, 8 deletions(-)
diff --git a/kernel/rcu/rcuperf.c b/kernel/rcu/rcu
Le mer. 7 août 2019 à 23:33, Stephen Boyd a écrit
:
Quoting Paul Cercueil (2019-07-01 04:36:06)
The code was setting the bit 21 of the CPCCR register to use a
divider
of 2 for the "pll half" clock, and clearing the bit to use a divider
of 1.
This is the opposite of how this register f
BUG: KASAN: null-ptr-deref in trace_probe_cleanup+0x8d/0xd0
Read of size 8 at addr by task syz-executor.0/9746
trace_probe_cleanup+0x8d/0xd0
free_trace_kprobe.part.14+0x15/0x50
alloc_trace_kprobe+0x23e/0x250
Signed-off-by: Xinpeng Liu
---
kernel/trace/trace_probe.c | 3 ++-
1 fi
Hi Rikard,
On Wed, 7 Aug 2019 13:29:17 +0200 Rikard Falkeborn
wrote:
>
> Hi Stephen, Andrew
>
> On Wed, Aug 07, 2019 at 06:00:41PM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > After merging the akpm-current tree, today's linux-next build (x86_64
> > allmodconfig) failed like this:
> >
>
On 8/7/19 4:01 AM, Michal Hocko wrote:
> On Mon 05-08-19 15:20:17, john.hubb...@gmail.com wrote:
>> From: John Hubbard
>>
>> For pages that were retained via get_user_pages*(), release those pages
>> via the new put_user_page*() routines, instead of via put_page() or
>> release_pages().
>
> Hmm,
On 8/7/19 4:24 PM, kbuild test robot wrote:
> Hi,
>
> Thank you for the patch! Yet something to improve:
>
> [auto build test ERROR on linus/master]
> [cannot apply to v5.3-rc3 next-20190807]
> [if your patch is applied to the wrong git tree, please drop us a note to
>
After all uprobes are removed from the huge page (with PTE pgtable), it
is possible to collapse the pmd and benefit from THP again. This patch
does the collapse by calling collapse_pte_mapped_thp().
Acked-by: Kirill A. Shutemov
Reported-by: kbuild test robot
Signed-off-by: Song Liu
---
kernel/
This patches introduces a new foll_flag: FOLL_SPLIT_PMD. As the name says
FOLL_SPLIT_PMD splits huge pmd for given mm_struct, the underlining huge
page stays as-is.
FOLL_SPLIT_PMD is useful for cases where we need to use regular pages,
but would switch back to huge page and huge pmd on. One of suc
khugepaged needs exclusive mmap_sem to access page table. When it fails
to lock mmap_sem, the page will fault in as pte-mapped THP. As the page
is already a THP, khugepaged will not handle this pmd again.
This patch enables the khugepaged to retry collapse the page table.
struct mm_slot (in khuge
Currently, uprobe swaps the target page with a anonymous page in both
install_breakpoint() and remove_breakpoint(). When all uprobes on a page
are removed, the given mm is still using an anonymous page (not the
original page).
This patch allows uprobe to use original page when possible (all uprobe
This patch moves memcmp_pages() to mm/util.c and pages_identical() to
mm.h, so that we can use them in other files.
Acked-by: Kirill A. Shutemov
Signed-off-by: Song Liu
---
include/linux/mm.h | 7 +++
mm/ksm.c | 18 --
mm/util.c | 13 +
3 file
This patch uses newly added FOLL_SPLIT_PMD in uprobe. This preserves the
huge page when the uprobe is enabled. When the uprobe is disabled, newer
instances of the same application could still benefit from huge page.
For the next step, we will enable khugepaged to regroup the pmd, so that
existing
This set makes uprobe aware of THPs.
Currently, when uprobe is attached to text on THP, the page is split by
FOLL_SPLIT. As a result, uprobe eliminates the performance benefit of THP.
This set makes uprobe THP-aware. Instead of FOLL_SPLIT, we introduces
FOLL_SPLIT_PMD, which only split PMD for up
On Wed, Aug 07, 2019 at 04:26:55PM -0700, Ethan Hansen wrote:
> The variable rcu_perf_writer_state is declared and initialized,
> but is never actually referenced. Remove it to clean code.
>
> Signed-off-by: Ethan Hansen <1ethanhan...@gmail.com>
Good eyes, thank you! One question below.
Hi all,
On Wed, 7 Aug 2019 09:33:07 -0700 Peter Collingbourne wrote:
>
> On Wed, Aug 7, 2019 at 8:25 AM Will Deacon wrote:
> >
> > From 71c67a31f09fa8fdd1495dffd96a5f0d4cef2ede Mon Sep 17 00:00:00 2001
> > From: Will Deacon
> > Date: Wed, 7 Aug 2019 12:48:33 +0100
> > Subject: [PATCH] init/Kcon
Hello
My name is Eddy William I am a lawyer by profession. I wish to offer you
the next of kin to my client. You will inherit the sum of ($8.5 Million)
dollars my client left in the bank before his death.
My client is a citizen of your country who died in auto crash with his wife
and only son. I
Quoting Rob Herring (2019-07-25 14:37:24)
> On Thu, Jul 25, 2019 at 3:06 PM Stephen Boyd wrote:
> >
> > Quoting anson.hu...@nxp.com (2019-07-24 19:05:51)
> > > From: Anson Huang
> > >
> > > YAML file can NOT contain tab as indentation, fix it.
> > >
> >
> > Would be nice if checkpatch could check
Li Wang discovered that LTP/move_page12 V2 sometimes triggers SIGBUS
in the kernel-v5.2.3 testing. This is caused by a race between hugetlb
page migration and page fault.
If a hugetlb page can not be allocated to satisfy a page fault, the task
is sent SIGBUS. This is normal hugetlbfs behavior.
Add a mechanism to allow LSMs to make a policy decision around whether
kernel functionality that would allow tampering with or examining the
runtime state of the kernel should be permitted.
Signed-off-by: Matthew Garrett
Acked-by: Kees Cook
Acked-by: Casey Schaufler
---
include/linux/lsm_hooks
From: Jiri Bohac
When KEXEC_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down.
[Modified by David Howells to fit with modifications to the previous patch
and to return -EPERM if the kernel is locked down for consistency with
other lock
On Wed, 2019-08-07 at 23:55 +0900, Masahiro Yamada wrote:
> On Wed, Aug 7, 2019 at 11:27 PM Guenter Roeck wrote:
[]
> > Who is going to fix the fallout ? For example, arm64:defconfig no longer
> > compiles with this patch applied.
> >
> > It seems to me that the benefit of catching misuses of GEN
From: Matthew Garrett
Allowing users to read and write to core kernel memory makes it possible
for the kernel to be subverted, avoiding module loading restrictions, and
also to steal cryptographic information.
Disallow /dev/mem and /dev/kmem from being opened this when the kernel has
been locked
From: Matthew Garrett
Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode. Based on a
patch by Kees Cook.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
Acked-by: Kees Cook
Reviewed-by: Thomas Glei
From: Linn Crosetto
>From the kernel documentation (initrd_table_override.txt):
If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
to override nearly any ACPI table provided by the BIOS with an
instrumented, modified one.
When lockdown is enabled, the kernel should d
Fixed an unused function parameter in patch 19, otherwise identical to
V37.
From: Matthew Garrett
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO
register space. This would potentially permit root to trigger arbitrary
DMA, so lock it down by default.
This also implicitly locks down
The lockdown module is intended to allow for kernels to be locked down
early in boot - sufficiently early that we don't have the ability to
kmalloc() yet. Add support for early initialisation of some LSMs, and
then add them to the list of names when we do full initialisation later.
Early LSMs are i
From: David Howells
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
I have adjusted the errors generated:
(1) If there's no signature (ENODATA) or we can't check it (ENOPKG,
ENOKEY), then:
(a) If signatures are enforced then EKEYREJEC
From: David Howells
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).
Suggested-by: Alan Cox
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Co
From: David Howells
Lock down TIOCSSERIAL as that can be used to change the ioport and irq
settings on a serial port. This only appears to be an issue for the serial
drivers that use the core serial code. All other drivers seem to either
ignore attempts to change port/irq or give an error.
Rep
From: Dave Young
Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load. In this state, the system is missing the protections provided
by secure boot.
Adding a patch to fix this by retain the s
While existing LSMs can be extended to handle lockdown policy,
distributions generally want to be able to apply a straightforward
static policy. This patch adds a simple LSM that can be configured to
reject either integrity or all lockdown queries, and can be configured
at runtime (through security
From: David Howells
The testmmiotrace module shouldn't be permitted when the kernel is locked
down as it can be used to arbitrarily read and write MMIO space. This is
a runtime check rather than buildtime in order to allow configurations
where the same kernel may be run in both locked down or per
Systems in lockdown mode should block the kexec of untrusted kernels.
For x86 and ARM we can ensure that a kernel is trustworthy by validating
a PE signature, but this isn't possible on other architectures. On those
platforms we can use IMA digital signatures instead. Add a function to
determine wh
From: David Howells
Disallow opening of debugfs files that might be used to muck around when
the kernel is locked down as various drivers give raw access to hardware
through debugfs. Given the effort of auditing all 2000 or so files and
manually fixing each one as necessary, I've chosen to apply
From: David Howells
Disallow access to /proc/kcore when the kernel is locked down to prevent
access to cryptographic data. This is limited to lockdown
confidentiality mode and is still permitted in integrity mode.
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Co
From: David Howells
Disallow the use of certain perf facilities that might allow userspace to
access kernel data.
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Cook
Cc: Peter Zijlstra
Cc: Ingo Molnar
Cc: Arnaldo Carvalho de Melo
---
include/linux/security.h
Tracefs may release more information about the kernel than desirable, so
restrict it when the kernel is locked down in confidentiality mode by
preventing open().
Signed-off-by: Matthew Garrett
Reviewed-by: Steven Rostedt (VMware)
---
fs/tracefs/inode.c | 40 +++
From: David Howells
Disallow the creation of perf and ftrace kprobes when the kernel is
locked down in confidentiality mode by preventing their registration.
This prevents kprobes from being used to access kernel memory to steal
crypto data, but continues to allow the use of kprobes from signed
m
From: David Howells
bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.
Suggested-by: Alexei Starovoitov
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Coo
Print the content of current->comm in messages generated by lockdown to
indicate a restriction that was hit. This makes it a bit easier to find
out what caused the message.
The message now patterned something like:
Lockdown: : is restricted; see man kernel_lockdown.7
Signed-off-by: Dav
From: David Howells
Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.
Suggested-by: Dominik Brodowski
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Cook
---
drivers/pcmcia/cistpl.c | 5 +
include/linux/secu
601 - 700 of 880 matches
Mail list logo
