Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks

2021-06-05 Thread Paul Moore
On Sat, Jun 5, 2021 at 2:17 PM Linus Torvalds wrote: > On Sat, Jun 5, 2021 at 11:11 AM Casey Schaufler > wrote: > > > > You have fallen into a common fallacy. The fact that the "code runs" > > does not assure that the "system works right". In the security world > > we face this all the time, oft

Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks

2021-06-05 Thread Paul Moore
On Fri, Jun 4, 2021 at 8:08 PM Alexei Starovoitov wrote: > On Fri, Jun 4, 2021 at 4:34 PM Paul Moore wrote: > > > > > Again, the problem is not limited to BPF at all. kprobes is doing > > > register- > > > time hooks which are equivalent to the one of BPF. Anything in run-time > > > trying to pr

Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks

2021-06-05 Thread Linus Torvalds
On Sat, Jun 5, 2021 at 11:11 AM Casey Schaufler wrote: > > You have fallen into a common fallacy. The fact that the "code runs" > does not assure that the "system works right". In the security world > we face this all the time, often with performance expectations. In this > case the BPF design has

Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks

2021-06-05 Thread Casey Schaufler
On 6/4/2021 5:08 PM, Alexei Starovoitov wrote: > On Fri, Jun 4, 2021 at 4:34 PM Paul Moore wrote: >>> Again, the problem is not limited to BPF at all. kprobes is doing register- >>> the hooks which are equivalent to the one of BPF. Anything in run-time >>> trying to prevent probe_read_kernel by kp

Re: simplify gendisk and request_queue allocation for blk-mq based drivers

2021-06-05 Thread Christoph Hellwig
On Fri, Jun 04, 2021 at 11:58:34AM -0400, Konrad Rzeszutek Wilk wrote: > On Wed, Jun 02, 2021 at 09:53:15AM +0300, Christoph Hellwig wrote: > > Hi all, > > Hi! > > You wouldn't have a nice git repo to pull so one can test it easily? git://git.infradead.org/users/hch/block.git alloc_disk-part2

[PATCH] powerpc/mem: Add back missing header to fix 'no previous prototype' error

2021-06-05 Thread Christophe Leroy
Commit b26e8f27253a ("powerpc/mem: Move cache flushing functions into mm/cacheflush.c") removed asm/sparsemem.h which is required when CONFIG_MEMORY_HOTPLUG is selected to get the declaration of create_section_mapping(). Add it back. Fixes: b26e8f27253a ("powerpc/mem: Move cache flushing function