On Wed, Jul 20, 2016 at 01:45:42PM +1000, Balbir Singh wrote:
> > IOW, if your kernel forced signature verification, you should not be
> > able to do sig_enforce=0. If you kernel did not have
> > CONFIG_MODULE_SIG_FORCE=y, then sig_enforce should be 0 by default anyway
> > and you are not making it
From: Benjamin Herrenschmidt
There is little enough differences now.
Signed-off-by: Benjamin Herrenschmidt
[mpe: Add empty versions using #ifdef in setup.h rather than weak functions]
Signed-off-by: Michael Ellerman
---
arch/powerpc/include/asm/kvm_ppc.h | 4 -
arch/powerpc/include/asm/rtas
On Wed, Jul 20, 2016 at 02:26:51PM +1000, Alexey Kardashevskiy wrote:
> The iommu_table_ops::exchange() callback writes new TCE to the table
> and returns old value and permission mask. The old TCE value is
> correctly converted from BE to CPU endian; however permission mask
> was calculated from B
On Wed, Jul 20, 2016 at 01:41:36PM +1000, Sam Bobroff wrote:
> Introduce a new KVM capability, KVM_CAP_PPC_HTM, that can be queried to
> determine if a PowerPC KVM guest should use HTM (Hardware Transactional
> Memory).
>
> This will be used by QEMU to populate the pa-features bits in the
> guest'
On Mon, Jul 18, 2016 at 11:28:30AM +1000, Cyril Bur wrote:
> On Sun, 17 Jul 2016 11:25:43 +0800
>
> The aim of this patch is to ensure that pt_regs, fp_state and vr_state always
> hold a threads 'live' registers. So, after a recheckpoint fp_state is where
> the
> the state should be. tm_reclaim_t
On Thu, 2016-07-07 at 15:00:34 UTC, John Allen wrote:
> In support of PAPR changes to add a new hotplug interrupt, introduce a
> hotplug workqueue to avoid processing hotplug events in interrupt context.
> We will also take advantage of the queue on PowerVM to ensure hotplug
> events initiated from
On Wed, 2016-13-07 at 01:14:38 UTC, Kevin Hao wrote:
> In the current code, the RELOCATABLE will be forcedly enabled when
> enabling CRASH_DUMP. But for ppc32, the RELOCABLE also depend on
> ADVANCED_OPTIONS and select NONSTATIC_KERNEL. This will cause the
> following build error when CRASH_DUMP=y
On Fri, 2016-15-07 at 11:04:26 UTC, Michael Ellerman wrote:
> From: "Aneesh Kumar K.V"
>
> This makes it easy to verify we are not overloading the bits.
> No functionality change by this patch.
>
> mpe: Cleanup more. Completely fixup whitespace, convert all UL values to
> ASM_CONST(), and replac
On Fri, 2016-15-07 at 07:20:36 UTC, Andrew Donnellan wrote:
> If kzalloc() fails when allocating adapter->guest in
> cxl_guest_init_adapter(), we call free_adapter() before erroring out.
> free_adapter() in turn attempts to dereference adapter->guest, which in
> this case is NULL.
>
> In free_adap
On Mon, 2016-18-07 at 04:52:57 UTC, Andrew Donnellan wrote:
> Remove the CXL_KERNEL_API and CXL_EEH Kconfig options, as they were only
> needed to coordinate the merging of the cxlflash driver. Also remove the
> stub implementation of cxl_perst_reloads_same_image() in cxlflash which is
> only used
On Tue, 2016-19-07 at 02:33:35 UTC, Ian Munsie wrote:
> From: Ian Munsie
>
> pnv_cxl_enable_phb_kernel_api() grabs a reference to the cxl module to
> prevent it from being unloaded after the PHB has been switched to CX4 mode.
> This breaks the build when CONFIG_MODULES=n as module_mutex doesn't e
On Mon, 2016-11-07 at 22:16:27 UTC, Tyrel Datwyler wrote:
> PowerVM seems to only ever provide a single hotplug slot per PHB.
> The under lying slot hotplug registration code assumed multiple slots,
> but the actual implementation is broken for multiple slots. This went
> unnoticed for years due to
From: Kees Cook
> Sent: 15 July 2016 22:44
> This is a start of the mainline port of PAX_USERCOPY[1].
...
> - if address range is in the current process stack, it must be within the
> current stack frame (if such checking is possible) or at least entirely
> within the current process's stack.
Paolo Bonzini writes:
> On 20/07/2016 07:46, Michael Ellerman wrote:
>> Thanks.
>>
>> Acked-by: Michael Ellerman
>>
>> Or do you want me to merge this before Paul gets back?
>
> No, this should be merged through the KVM tree. Please Cc the KVM
> maintainers before offering to apply a patch th
On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote:
> On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote:
> >
> > On 07/15/2016 02:44 PM, Kees Cook wrote:
> >
> > This doesn't work when copying CMA allocated memory since CMA purposely
> > allocates larger than a page block size without setting
Russell King - ARM Linux writes:
> On Wed, Jul 20, 2016 at 01:45:42PM +1000, Balbir Singh wrote:
>> > IOW, if your kernel forced signature verification, you should not be
>> > able to do sig_enforce=0. If you kernel did not have
>> > CONFIG_MODULE_SIG_FORCE=y, then sig_enforce should be 0 by defa
On Wednesday, July 20, 2016 8:47:45 PM CEST Michael Ellerman wrote:
> At least for stdout-path, I can't really see how that would significantly help
> an attacker, but I'm all ears if anyone has ideas.
That's actually an easy one that came up before: If an attacker controls
a tty device (e.g. netw
On Saturday, July 16, 2016 9:50:21 PM CEST Scott Wood wrote:
> From: yangbo lu
>
> Move mpc85xx.h to include/linux/fsl and rename it to svr.h as a common
> header file. This SVR numberspace is used on some ARM chips as well as
> PPC, and even to check for a PPC SVR multi-arch drivers would other
PING.
Regards,
Yuantian
> -Original Message-
> From: Scott Wood [mailto:o...@buserror.net]
> Sent: Saturday, July 09, 2016 5:07 AM
> To: Michael Turquette ; Russell King
> ; Stephen Boyd ; Viresh
> Kumar ; Rafael J. Wysocki
> Cc: linux-...@vger.kernel.org; linux...@vger.kernel.org; linux
From: Dave Young
> On 07/15/16 at 02:19pm, Mark Rutland wrote:
> > On Fri, Jul 15, 2016 at 09:09:55AM -0400, Vivek Goyal wrote:
> > > On Tue, Jul 12, 2016 at 10:42:01AM +0900, AKASHI Takahiro wrote:
> > >
> > > [..]
> > > > -SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
> > > > +
On Wed, Jul 20, 2016 at 01:45:42PM +1000, Balbir Singh wrote:
> >
> > Command line options are not signed. I thought idea behind secureboot
> > was to execute only trusted code and command line options don't enforce
> > you to execute unsigned code.
> >
> >>
> >> You can set
On Wed, Jul 20, 2016 at 09:35:30AM +0100, Russell King - ARM Linux wrote:
> On Wed, Jul 20, 2016 at 01:45:42PM +1000, Balbir Singh wrote:
> > > IOW, if your kernel forced signature verification, you should not be
> > > able to do sig_enforce=0. If you kernel did not have
> > > CONFIG_MODULE_SIG_FOR
From: Paulo Flabiano Smorigo
> Sent: 19 July 2016 14:36
> Ignore assembly files generated by the perl script.
...
> diff --git a/drivers/crypto/vmx/.gitignore b/drivers/crypto/vmx/.gitignore
> new file mode 100644
> index 000..af4a7ce
> --- /dev/null
> +++ b/drivers/crypto/vmx/.gitignore
> @@
From: Markus Elfring
Date: Wed, 20 Jul 2016 15:10:32 +0200
The of_node_put() function tests whether its argument is NULL
and then returns immediately.
Thus the test around the call is not needed.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
---
drive
On Wed, 20 Jul 2016, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Wed, 20 Jul 2016 15:10:32 +0200
>
> The of_node_put() function tests whether its argument is NULL
> and then returns immediately.
> Thus the test around the call is not needed.
>
> This issue was detected by using the
On Tue, Jul 19, 2016 at 10:36:26AM -0300, Paulo Flabiano Smorigo wrote:
> Ignore assembly files generated by the perl script.
>
> Signed-off-by: Paulo Flabiano Smorigo
Patch applied. Thanks.
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.
On Wed, Jul 20, 2016 at 2:52 AM, David Laight wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible)
On 07/20/2016 03:24 AM, Balbir Singh wrote:
On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote:
On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote:
On 07/15/2016 02:44 PM, Kees Cook wrote:
This doesn't work when copying CMA allocated memory since CMA purposely
allocates larger than a page b
Am Mittwoch, 20 Juli 2016, 13:12:20 schrieb Arnd Bergmann:
> On Wednesday, July 20, 2016 8:47:45 PM CEST Michael Ellerman wrote:
> > At least for stdout-path, I can't really see how that would
> > significantly help an attacker, but I'm all ears if anyone has ideas.
>
> That's actually an easy one
From: Kees Cook
> Sent: 20 July 2016 16:32
...
> Yup: that's exactly what it's doing: walking up the stack. :)
Remind me to make sure all our customers run kernels with it disabled.
David
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.
On Wed, 2016-07-20 at 16:02 +, David Laight wrote:
> From: Kees Cook
> > Sent: 20 July 2016 16:32
> ...
> > Yup: that's exactly what it's doing: walking up the stack. :)
>
> Remind me to make sure all our customers run kernels with it
> disabled.
You want a single copy_from_user to write to d
On Wed, Jul 20, 2016 at 9:02 AM, David Laight wrote:
> From: Kees Cook
>> Sent: 20 July 2016 16:32
> ...
>> Yup: that's exactly what it's doing: walking up the stack. :)
>
> Remind me to make sure all our customers run kernels with it disabled.
What's your concern with stack walking?
-Kees
--
On Wed, 2016-07-20 at 13:24 +0200, Arnd Bergmann wrote:
> On Saturday, July 16, 2016 9:50:21 PM CEST Scott Wood wrote:
> >
> > From: yangbo lu
> >
> > Move mpc85xx.h to include/linux/fsl and rename it to svr.h as a common
> > header file. This SVR numberspace is used on some ARM chips as well a
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook
---
arch/Kconfig | 9
arch/x8
Hi,
[This is now in my kspp -next tree, though I'd really love to add some
additional explicit Tested-bys, Reviewed-bys, or Acked-bys. If you've
looked through any part of this or have done any testing, please consider
sending an email with your "*-by:" line. :)]
This is a start of the mainline p
From: Laura Abbott
Code such as hardened user copy[1] needs a way to tell if a
page is CMA or not. Add is_migrate_cma_page in a similar way
to is_migrate_isolate_page.
[1]http://article.gmane.org/gmane.linux.kernel.mm/155238
Signed-off-by: Laura Abbott
Signed-off-by: Kees Cook
---
include/li
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
Tested-by: Valdis Kletnieks
---
arch/x86/K
Enables CONFIG_HARDENED_USERCOPY checks on arm.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
---
arch/arm/Kconfig | 1 +
arch/arm/include/asm/uaccess.h | 11 +--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm
Enables CONFIG_HARDENED_USERCOPY checks on arm64. As done by KASAN in -next,
renames the low-level functions to __arch_copy_*_user() so a static inline
can do additional work before the copy.
Signed-off-by: Kees Cook
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/uaccess.h |
Enables CONFIG_HARDENED_USERCOPY checks on ia64.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
---
arch/ia64/Kconfig | 1 +
arch/ia64/include/asm/uaccess.h | 18 +++---
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/arch/ia64/Kconfig
Enables CONFIG_HARDENED_USERCOPY checks on powerpc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
Tested-by: Michael Ellerman
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/include/asm/uaccess.h | 21 +++--
2 files changed, 20 insertions(+), 2 del
This is the start of porting PAX_USERCOPY into the mainline kernel. This
is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The
work is based on code by PaX Team and Brad Spengler, and an earlier port
from Casey Schaufler. Additional non-slab page tests are from Rik van Riel.
Th
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLAB allocator to catch any copies that may span objects.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
Tested-by: Valdis Kletnieks
---
init/Kconfig | 1 +
mm/slab.c| 30 ++
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLUB allocator to catch any copies that may span objects. Includes a
redzone handling fix discovered by Michael Ellerman.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
Tested-by: Michael Ellerman
---
init/K
Enables CONFIG_HARDENED_USERCOPY checks on sparc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook
---
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/uaccess_32.h | 14 ++
arch/sparc/include/asm/uaccess_64.h | 11 +--
3 files changed, 20 in
On Wednesday, July 20, 2016 1:31:48 PM CEST Scott Wood wrote:
> On Wed, 2016-07-20 at 13:24 +0200, Arnd Bergmann wrote:
> > On Saturday, July 16, 2016 9:50:21 PM CEST Scott Wood wrote:
> > >
> > > From: yangbo lu
> > >
> > > Move mpc85xx.h to include/linux/fsl and rename it to svr.h as a common
Enables CONFIG_HARDENED_USERCOPY checks on s390.
Signed-off-by: Kees Cook
---
arch/s390/Kconfig | 1 +
arch/s390/lib/uaccess.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index a8c259059adf..9f694311c9ed 100644
--- a/arch/s390/Kconfig
+++ b/
From: Wei Yongjun
Date: Tue, 19 Jul 2016 11:25:16 +
> From: Wei Yongjun
>
> module_platform_driver() makes the code simpler by eliminating
> boilerplate code.
>
> Signed-off-by: Wei Yongjun
Applied.
___
Linuxppc-dev mailing list
Linuxppc-dev@li
From: Wei Yongjun
Date: Tue, 19 Jul 2016 11:25:03 +
> From: Wei Yongjun
>
> Remove .owner field if calls are used which set it automatically.
>
> Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci
>
> Signed-off-by: Wei Yongjun
Applied.
Michael Ellerman writes:
> From: Benjamin Herrenschmidt
>
> There is little enough differences now.
>
> Signed-off-by: Benjamin Herrenschmidt
> [mpe: Add empty versions using #ifdef in setup.h rather than weak functions]
> Signed-off-by: Michael Ellerman
> ---
> arch/powerpc/include/asm/kvm_p
From: Benjamin Herrenschmidt
There is little enough differences now.
mpe: Add a/p/k/setup.h to contain the prototypes and empty versions of
functions we need, rather than using weak functions. Add a few other
empty versions to avoid as many #ifdefs as possible in the code.
Signed-off-by: Benjam
Hi all,
Today's linux-next merge of the kvm tree got a conflict in:
arch/powerpc/kernel/Makefile
between commit:
27d114966735 ("powerpc/32: Remove RELOCATABLE_PPC32")
from the powerpc tree and commit:
fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on
HMI inter
Kees Cook writes:
> diff --git a/mm/usercopy.c b/mm/usercopy.c
> new file mode 100644
> index ..e4bf4e7ccdf6
> --- /dev/null
> +++ b/mm/usercopy.c
> @@ -0,0 +1,234 @@
...
> +
> +/*
> + * Checks if a given pointer and length is contained by the current
> + * stack frame (if possible).
Hi,
This series does two major things. First is to change how our
feature fixup code works, and second is to reorganise exception
vectors for pseries, and that requires the first.
This has not had a huge amount of testing. In particular endian,
cross compiling, embedded, etc. At this point I want
54 matches
Mail list logo
