This patch series introduces a new user namespace capability set, as
well as some plumbing around it (i.e. sysctl, secbit, lsm support).
First patch goes over the motivations for this as well as prior art.
In summary, while user namespaces are a great success today in that they
avoid running a lo
Attackers often rely on user namespaces to get elevated (yet confined)
privileges in order to target specific subsystems (e.g. [1]). Distributions
have been pretty adamant that they need a way to configure these, most of
them carry out-of-tree patches to do so, or plainly refuse to enable them.
As
This patch adds a new capability security bit designed to constrain a
task’s userns capability set to its bounding set. The reason for this is
twofold:
- This serves as a quick and easy way to lock down a set of capabilities
for a task, thus ensuring that any namespace it creates will never be
This patch adds a new system-wide userns capability mask designed to mask
off capabilities in user namespaces.
This mask is controlled through a sysctl and can be set early in the boot
process or on the kernel command line to exclude known capabilities from
ever being gained in namespaces. Once se
This patch allows modifying the various capabilities of the struct cred
in BPF-LSM hooks. More specifically, the userns_create hook called
prior to creating a new user namespace.
With the introduction of userns capabilities, this effectively provides
a simple way for LSMs to control the capabiliti
This patch addresses the TODO (add non fixed feature on/off check).
I have tested it manually on my system and made changes as suggested in v1
Signed-off-by: Abhinav Jain
---
PATCH v1:
https://lore.kernel.org/all/20240606212714.27472-1-jain.abhinav...@gmail.com/
Changes since v1:
- Removed the
On Fri, 7 Jun 2024 19:01:27 +0100, Simon Horman wrote:
> Hi Abhinav,
>
> I suspect this will now only report a failure if tail fails,
> but ignore ethtool failures.
Hi Simon,
I agree, I missed this part earlier. After taking other suggestion
into account, we don't need this tail and I have remov
On 6/8/2024 6:54 AM, Alexei Starovoitov wrote:
> On Sat, Jun 8, 2024 at 1:04 AM Xu Kuohai wrote:
>> On 6/7/2024 5:53 AM, Paul Moore wrote:
>>> On Thu, Apr 11, 2024 at 8:24 AM Xu Kuohai wrote:
From: Xu Kuohai
Add macro LSM_RET_INT to annotate lsm hook return integer type and the
>>
On Sun, Jun 9, 2024 at 1:39 PM Casey Schaufler wrote:
> On 6/8/2024 6:54 AM, Alexei Starovoitov wrote:
> > On Sat, Jun 8, 2024 at 1:04 AM Xu Kuohai wrote:
> >> On 6/7/2024 5:53 AM, Paul Moore wrote:
> >>> On Thu, Apr 11, 2024 at 8:24 AM Xu Kuohai
> >>> wrote:
> From: Xu Kuohai
>
> >>
On 6/8/24 10:20, David Gow wrote:
On Tue, 4 Jun 2024 at 20:32, Ivan Orlov wrote:
Export non-static functions from the string-stream.c file into the KUnit
namespace in order to be able to access them from the KUnit core tests
(when they are loaded as modules).
Signed-off-by: Ivan Orlov
---
On 6/8/24 10:20, David Gow wrote:
I think this could be merged with patch 5, as it's not useful on its
own. Also, a few of the symbol names might be a little too generic to
be exported: maybe we should give them a 'kunit_assert' prefix?
Cheers,
-- David
Hi David,
Thank you for the review and
On Sun, Jun 9, 2024 at 6:40 AM Jonathan Calmels wrote:
>
> This patch allows modifying the various capabilities of the struct cred
> in BPF-LSM hooks. More specifically, the userns_create hook called
> prior to creating a new user namespace.
>
> With the introduction of userns capabilities, this e
On 2024-06-07 17:27, David Ahern wrote:
> I also do not understand why the ifq cache and overloading xdp functions
> have stuck around; I always thought both were added by Jonathan to
> simplify kernel ports during early POC days.
Setting up an Rx queue for ZC w/ a different pp will be done proper
On 2024-06-07 17:52, Jason Gunthorpe wrote:
> IMHO it seems to compose poorly if you can only use the io_uring
> lifecycle model with io_uring registered memory, and not with DMABUF
> memory registered through Mina's mechanism.
By this, do you mean io_uring must be exclusively used to use this
fea
On 6/10/24 01:37, David Wei wrote:
On 2024-06-07 17:52, Jason Gunthorpe wrote:
IMHO it seems to compose poorly if you can only use the io_uring
lifecycle model with io_uring registered memory, and not with DMABUF
memory registered through Mina's mechanism.
By this, do you mean io_uring must be
On 6/7/24 17:59, Mina Almasry wrote:
On Fri, Jun 7, 2024 at 8:47 AM Pavel Begunkov wrote:
On 6/7/24 16:42, Pavel Begunkov wrote:
On 6/7/24 15:27, David Ahern wrote:
On 6/7/24 7:42 AM, Pavel Begunkov wrote:
I haven't seen any arguments against from the (net) maintainers so
far. Nor I see any
On Sun, Jun 09, 2024 at 03:43:34AM -0700, Jonathan Calmels wrote:
(Adding amorgan as he doesn't seem to be on cc list)
> Attackers often rely on user namespaces to get elevated (yet confined)
> privileges in order to target specific subsystems (e.g. [1]). Distributions
I'd modify this to say "in
On Sun, Jun 09, 2024 at 03:43:35AM -0700, Jonathan Calmels wrote:
> This patch adds a new capability security bit designed to constrain a
> task’s userns capability set to its bounding set. The reason for this is
> twofold:
>
> - This serves as a quick and easy way to lock down a set of capabiliti
.com/skiffos/SkiffOS/tree/master/configs/allwinner/nezha
[2]
https://github.com/smaeul/u-boot/commit/2e89b706f5c956a70c989cd31665f1429e9a0b48
[3]
https://lore.kernel.org/all/20240503-dev-charlie-support_thead_vector_6_9-v6-0-cb7624e65...@rivosinc.com/
[4]
https://lore.kernel.org/linux-riscv/20240609-
The xtheadvector ISA extension is described on the T-Head extension spec
Github page [1] at commit 95358cb2cca9.
Link:
https://github.com/T-head-Semi/thead-extension-spec/blob/95358cb2cca9489361c61d335e03d3134b14133f/xtheadvector.adoc
[1]
Signed-off-by: Charlie Jenkins
Reviewed-by: Conor Doole
Add a property analogous to the vlenb CSR so that software can detect
the vector length of each CPU prior to it being brought online.
Currently software has to assume that the vector length read from the
boot CPU applies to all possible CPUs. On T-Head CPUs implementing
pre-ratification vector, rea
The D1/D1s SoCs support xtheadvector so it can be included in the
devicetree. Also include vlenb for the cpu.
Signed-off-by: Charlie Jenkins
---
arch/riscv/boot/dts/allwinner/sun20i-d1s.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/boot/dts/allwinner/sun20
Add support to the kernel for THead vendor extensions with the target of
the new extension xtheadvector.
Signed-off-by: Charlie Jenkins
---
arch/riscv/Kconfig.vendor| 13 +
arch/riscv/include/asm/vendor_extensions/thead.h | 16
arch/riscv/kern
If thead,vlenb is provided in the device tree, prefer that over reading
the vlenb csr.
Signed-off-by: Charlie Jenkins
---
arch/riscv/include/asm/cpufeature.h | 2 ++
arch/riscv/kernel/cpufeature.c | 48 +
arch/riscv/kernel/vector.c | 12
From: Heiko Stuebner
The VCSR CSR contains two elements VXRM[2:1] and VXSAT[0].
Define constants for those to access the elements in a readable way.
Acked-by: Guo Ren
Reviewed-by: Conor Dooley
Signed-off-by: Heiko Stuebner
Signed-off-by: Charlie Jenkins
---
arch/riscv/include/asm/csr.h | 5
The VXRM vector csr for xtheadvector has an encoding of 0xa and VXSAT
has an encoding of 0x9.
Co-developed-by: Heiko Stuebner
Signed-off-by: Charlie Jenkins
---
arch/riscv/include/asm/csr.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/a
Use alternatives to add support for xtheadvector vector save/restore
routines.
Signed-off-by: Charlie Jenkins
---
arch/riscv/Kconfig.vendor | 13 ++
arch/riscv/include/asm/csr.h | 6 +
arch/riscv/include/asm/switch_to.h | 2 +-
arch/riscv/include/asm/vector.h
Add a new hwprobe key "RISCV_HWPROBE_KEY_VENDOR_EXT_THEAD_0" which
allows userspace to probe for the new RISCV_ISA_VENDOR_EXT_XTHEADVECTOR
vendor extension.
This new key will allow userspace code to probe for which thead vendor
extensions are supported. This API is modeled to be consistent with
RI
Document support for thead vendor extensions using the key
RISCV_HWPROBE_KEY_VENDOR_EXT_THEAD_0 and xtheadvector extension using
the key RISCV_HWPROBE_VENDOR_EXT_XTHEADVECTOR.
Signed-off-by: Charlie Jenkins
Reviewed-by: Evan Green
---
Documentation/arch/riscv/hwprobe.rst | 10 ++
1 file
Overhaul the riscv vector tests to use kselftest_harness to help the
test cases correctly report the results and decouple the individual test
cases from each other. With this refactoring, only run the test cases is
vector is reported and properly report the test case as skipped
otherwise. The v_ini
Extend existing vector tests to be compatible with the xtheadvector
instructions.
Signed-off-by: Charlie Jenkins
---
.../selftests/riscv/vector/v_exec_initval_nolibc.c | 23 --
tools/testing/selftests/riscv/vector/v_helpers.c | 17 +++-
tools/testing/selftests/riscv/vector/v_helpers.h |
Adding Borislav, Dave and x86 mailing list:
Please review the series.
On 6/8/24 1:52 AM, Shuah Khan wrote:
> On 5/27/24 23:04, Muhammad Usama Anjum wrote:
>> Kind reminder
>>
>> On 4/14/24 6:18 PM, Muhammad Usama Anjum wrote:
>>> In this series, 4 tests are being conformed to TAP.
>>>
>>>
There are no maintainers specified for tools/testing/selftests/x86.
Shuah has mentioned [1] that the patches should go through x86 tree or
in special cases directly to Shuah's tree after getting ack-ed from x86
maintainers. Different people have been confused when sending patches as
correct maintai
Conform individual tests to TAP output. One patch conform one test. With
this series, all vDSO tests become TAP conformant.
First patch conform the test by using kselftest_harness.h. Other patches
are conforming using default kselftest.h helpers.
All tests have been tested multiple times before a
Conform the layout, informational and status messages to TAP. No
functional change is intended other than the layout of output messages.
Use kselftest_harness.h to conform to TAP as the number of tests depend
on the available options at build time. The kselftest_harness makes the
test easy to conve
Conform the layout, informational and status messages to TAP. No
functional change is intended other than the layout of output messages.
Signed-off-by: Muhammad Usama Anjum
---
.../selftests/vDSO/vdso_test_correctness.c| 146 +-
1 file changed, 74 insertions(+), 72 deletions(
Conform the layout, informational and status messages to TAP. No
functional change is intended other than the layout of output messages.
Signed-off-by: Muhammad Usama Anjum
---
tools/testing/selftests/vDSO/vdso_test_getcpu.c | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
Conform the layout, informational and status messages to TAP. No
functional change is intended other than the layout of output messages.
Signed-off-by: Muhammad Usama Anjum
---
.../selftests/vDSO/vdso_test_gettimeofday.c | 23 ++-
1 file changed, 12 insertions(+), 11 deletions(
, 'dependencies', 'dependentRequired',
'dependentSchemas', 'patternProperties', 'properties', 'not', 'if', 'then',
'else', 'unevaluatedProperties', 'deprecated', 'maintainers', '
39 matches
Mail list logo
