On 10/30/20 8:07 AM, Miklos Szeredi wrote:
On Wed, Oct 21, 2020 at 5:19 PM Mark Salyzyn wrote:
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution
On 10/21/20 10:19 PM, Eric Biggers wrote:
On Wed, Oct 21, 2020 at 08:18:59AM -0700, Mark Salyzyn wrote:
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
Cc: linux-fsde...@vger.kernel.org
Cc: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
usted xattr management.
Signed-off-by: Mark Salyzyn
Cc: linux-fsde...@vger.kernel.org
Cc: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
d-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: John Stultz
Cc: linux-...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
To: linux-fsde...@vger.kernel.org
To: linux
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
On 10/20/20 12:17 PM, Mark Salyzyn wrote:
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to respond to the XATTR_NOSECURITY flag in get xattr
On 10/20/20 6:17 PM, Paul Moore wrote:
On Tue, Oct 20, 2020 at 3:17 PM Mark Salyzyn wrote:
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
Fixes: 05acefb4872da
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
ed:s0
context making the logs cosmetically useless for audit2allow.
This patch series is inert and is the wide-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr(...XATTR_NOSECURITY).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Sma
Mark Salyzyn (3):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: override_creds=off option bypass creator_cred
Mark Salyzyn + John Stultz (1):
overlayfs: inode_owner_or_capable called during execv
The
From: John Stultz
Using old_creds as an indication that we are not overriding the
credentials, bypass call to inode_owner_or_capable. This solves
a problem with all execv calls being blocked when using the caller's
credentials.
Signed-off-by: John Stultz
Signed-off-by: Mark Salyzyn
usted xattr management.
Signed-off-by: Mark Salyzyn
To: linux-fsde...@vger.kernel.org
To: linux-unio...@vger.kernel.org
Cc: Stephen Smalley
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Please consider
commit 37bd22420f856fcd976989f1d4f1f7ad28e1fcac ("af_key: pfkey_dump
needs parameter validation")
for merge into all the maintained stable trees.
Cc: net...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org
Cc: Greg KH
Fix
Please consider
commit 37bd22420f856fcd976989f1d4f1f7ad28e1fcac ("af_key: pfkey_dump
needs parameter validation")
for merge into all the maintained stable trees.
Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org
Cc: Greg KH
Fix
On 7/31/20 12:30 PM, Mark Salyzyn wrote:
-P flag was fake just to provide compatibility. Add support for -P
maximum process count to actually create parallelism. Does not
support SIGUSR1 or SIGUSR2 increment/decrement signals as publicly
documented for other variants. If max-proc is 0, run as
.
Signed-off-by: Mark Salyzyn
---
tests/xargs.test | 15 ++
toys/posix/xargs.c | 70 --
2 files changed, 64 insertions(+), 21 deletions(-)
diff --git a/tests/xargs.test b/tests/xargs.test
index afed8a17..dc3c7b32 100644
--- a/tests/xargs.test
On 7/24/20 2:14 PM, Jacob Keller wrote:
On 7/23/2020 12:35 PM, Eric Dumazet wrote:
On 7/23/20 11:21 AM, Mark Salyzyn wrote:
Many of the nla_get_* inlines fail to check attribute's length before
copying the content resulting in possible out-of-boundary accesses.
Adjust the inlines to pe
On 7/24/20 2:14 PM, Jacob Keller wrote:
On 7/23/2020 12:35 PM, Eric Dumazet wrote:
On 7/23/20 11:21 AM, Mark Salyzyn wrote:
Many of the nla_get_* inlines fail to check attribute's length before
copying the content resulting in possible out-of-boundary accesses.
Adjust the inlines to pe
On 7/23/20 12:35 PM, Eric Dumazet wrote:
I believe this will hide bugs, that syzbot was able to catch.
syzbot failed to catch the problem because of padding u8, u16 and u32
were all immune because they would go out of bounds into a padded buffer :-(
On 7/23/20 12:19 PM, David Miller wrote:
On 7/23/20 12:35 PM, Eric Dumazet wrote:
I believe this will hide bugs, that syzbot was able to catch.
syzbot failed to catch the problem because of padding u8, u16 and u32
were all immune because they would go out of bounds into a padded buffer :-(
On 7/23/20 12:19 PM, David Miller wrote:
mance critical and do not need a likely fast path.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: "David S. Miller"
Cc: Jakub Kicinski
Cc: Thomas Graf
Fixes: bfa83a9e03cf ("[NETLINK]: Type-safe netlink messages/a
mance critical and do not need a likely fast path.
Signed-off-by: Mark Salyzyn
Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: "David S. Miller"
Cc: Jakub Kicinski
Cc: Thomas Graf
Fixes: bfa83a9e03cf ("[NETLINK]: Type-safe netlink messages/a
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: netdev@vger.kernel.org
Cc: linux-ker
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel
On 7/22/20 2:33 AM, Steffen Klassert wrote:
On Tue, Jul 21, 2020 at 06:23:54AM -0700, Mark Salyzyn wrote:
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return
On 7/22/20 2:33 AM, Steffen Klassert wrote:
On Tue, Jul 21, 2020 at 06:23:54AM -0700, Mark Salyzyn wrote:
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: net...@vger.kernel.org
Cc: linux-kernel
In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes. Return EINVAL if either
are out of range.
Signed-off-by: Mark Salyzyn
Cc: netdev@vger.kernel.org
Cc: linux-ker
7.52 ns 7.51 ns 93253809
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Thomas Gleixner
Cc: Vincenzo Frascino
Cc: Enrico Weigelt
Cc: Greg Kroah-Hartman
Cc: Alexios
7.52 ns 7.51 ns 93253809
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
---
arch/arm64/include/asm/vdso/compat_gettimeofday.h | 2 ++
arch/arm64/include/asm/vdso/gettimeofday.h| 2 ++
arch/arm64/kernel/vdso/vdso.lds.S | 1 +
arch/arm64/kernel
On Jun 11, 2020, at 12:34 PM, Thomas Gleixner wrote:
>
> Mark Salyzyn writes:
>> From: Chiawei Wang
>>
>> CLOCK_REALTIME in vdso data won't be updated if
>> __arch_use_vsyscall() returns false.
>
> Errm!
>
> # git grep __arch_use_vsyscall
&
fails.
Signed-off-by: Chiawei Wang
Signed-off-by: Mark Salyzyn
Cc: linux-kernel@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org # 5.4+
---
lib/vdso/gettimeofday.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vdso/gettimeofday.c b/lib/vdso/gettimeof
On 11/5/19 1:48 AM, Jan Kara wrote:
@@ -228,11 +228,11 @@ static int afs_xattr_get_yfs(const struct xattr_handler
*handler,
break;
case 1:
data = buf;
- dsize = snprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
+ dsize = scn
On 11/5/19 1:48 AM, Jan Kara wrote:
@@ -228,11 +228,11 @@ static int afs_xattr_get_yfs(const struct xattr_handler
*handler,
break;
case 1:
data = buf;
- dsize = snprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
+ dsize = scn
On 11/5/19 1:48 AM, Jan Kara wrote:
@@ -228,11 +228,11 @@ static int afs_xattr_get_yfs(const struct xattr_handler
*handler,
break;
case 1:
data = buf;
- dsize = snprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
+ dsize = scn
From: Mark Salyzyn
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.
This handles the case of a union filesystem driver that is being
From: Mark Salyzyn
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.
This handles the case of a union filesystem driver that is being
From: Mark Salyzyn
Add a flag option to get xattr method that could have a bit flag of
XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
set in the __vfs_getxattr path when called by security
infrastructure.
This handles the case of a union filesystem driver that is being
On 10/23/19 4:56 AM, Jarkko Sakkinen wrote:
On Tue, Oct 22, 2019 at 02:41:45PM -0700, Mark Salyzyn wrote:
Replace all occurrences of prefered with preferred to make future
checkpatch.pl's happy. A few places the incorrect spelling is
matched with the correct spelling to preserve existing
On 10/22/19 11:05 PM, Shaokun Zhang wrote:
+Cc: Mark Salyzyn
There is a compiler failure on arm64 platform, as follow:
zhangshaokun@ubuntu:~/linux-next$ make -j64
CALLscripts/atomic/check-atomics.sh
CC arch/arm64/kernel/asm-offsets.s
In file included from ./include/linux/sysctl.h
On 10/23/19 4:56 AM, Jarkko Sakkinen wrote:
On Tue, Oct 22, 2019 at 02:41:45PM -0700, Mark Salyzyn wrote:
Replace all occurrences of prefered with preferred to make future
checkpatch.pl's happy. A few places the incorrect spelling is
matched with the correct spelling to preserve existing
On 10/22/19 11:54 PM, Amir Goldstein wrote:
On Tue, Oct 22, 2019 at 11:45 PM Mark Salyzyn wrote:
Patch series:
Mark Salyzyn (5):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
overlayfs: handle
Replace all occurrences of prefered with preferred to make future
checkpatch.pl's happy. A few places the incorrect spelling is
matched with the correct spelling to preserve existing user space API.
Signed-off-by: Mark Salyzyn
---
Documentation/networking/ip-sysctl.txt
Replace all occurrences of prefered with preferred to make future
checkpatch.pl's happy. A few places the incorrect spelling is
matched with the correct spelling to preserve existing user space API.
Signed-off-by: Mark Salyzyn
---
Documentation/networking/ip-sysctl.txt
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Acked-by: Jan Kara
Acked-by: Jeff Layton
Acked-by: David Sterba
Acked-by: Darrick J. Wong
Acked-by: Mik
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Acked-by: Jan Kara
Acked-by: Jeff Layton
Acked-by: David Sterba
Acked-by: Darrick J. Wong
Acked-by: Mik
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Acked-by: Jan Kara
Acked-by: Jeff Layton
Acked-by: David Sterba
Acked-by: Darrick J. Wong
Acked-by: Mik
access permissions and report back to the logs and
the caller that the target context was blocked.
For selinux this would solve the cosmetic issue of the selinux log
and allow audit2allow to correctly report the rule needed to address
the access problem.
Signed-off-by: Mark Salyzyn
Cc: Miklos Sze
d
in other filesystems for their own internal trusted xattr management.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-doc
uld be fixed for
completeness and for general use in time.
Signed-off-by: Mark Salyzyn
Cc: Miklos Szeredi
Cc: Jonathan Corbet
Cc: Vivek Goyal
Cc: Eric W. Biederman
Cc: Amir Goldstein
Cc: Randy Dunlap
Cc: Stephen Smalley
Cc: linux-unio...@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Patch series:
Mark Salyzyn (5):
Add flags option to get xattr method paired to __vfs_getxattr
overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
overlayfs: handle XATTR_NOSECURITY flag for get xattr method
overlayfs: internal getxattr operations without sepolicy
On 10/7/19 9:53 AM, Christoph Hellwig wrote:
On Mon, Oct 07, 2019 at 09:50:31AM -0700, Mark Salyzyn wrote:
On 10/5/19 1:37 AM, Christoph Hellwig wrote:
On Thu, Oct 03, 2019 at 09:55:28AM +0100, Catalin Marinas wrote:
Aren't drivers supposed to use the DMA API for such allocations rather
l can not be
modularized for the moment.
Sincerely -- Mark Salyzyn
On 10/7/19 9:40 AM, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:17:25PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:16:16PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 09:09:16AM -0700, Mark Salyzyn wrote:
When filtering xattr list for reading, presence
On 10/7/19 9:17 AM, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 06:16:16PM +0200, Greg Kroah-Hartman wrote:
On Mon, Oct 07, 2019 at 09:09:16AM -0700, Mark Salyzyn wrote:
When filtering xattr list for reading, presence of trusted xattr
results in a security audit log. However, if there
k the request to list the xattrs present.
Switch to has_capability_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: Greg Kroah-Hartman
Cc: sta...@vger.kernel.org # v3.18
Fixes: upstream a082c6f
Some drivers can not be turned into a module without cma_alloc and
cma_release exported. Examples include ion, and we also found some
out of tree infiniband and camera drivers.
Signed-off-by: Mark Salyzyn
Cc: kernel-t...@android.com
Cc: linux-kernel@vger.kernel.org
---
mm/cma.c | 2 ++
1 file
On 9/6/19 4:30 PM, Greg KH wrote:
On Fri, Sep 06, 2019 at 12:24:00PM -0700, Mark Salyzyn wrote:
In embedded environments the requirements are to be able to pick and
chose which features one requires built into the kernel. If an
embedded environment wants to supports loading modules that have
features to provide the API surface for
them to load.
Introduce CONFIG_LEGACY_WEXT_ALLCONFIG to select all legacy wireless
extension core features by activating in turn all the associated
hidden configuration options, without having to specifically select
any wireless module(s).
Signed-off-by: Mark
provide the API surface for them to load.
Introduce CONFIG_WIRELESS_ALLCONFIG to select all wireless core
features by activating all the hidden configuration options, without
having to specifically select any wireless module(s).
Signed-off-by: Mark Salyzyn
Cc: kernel-t...@android.com
Cc: Johannes Berg
k the request to list the xattrs present.
Switch to ns_capable_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn
Cc: linux-ker...@vger.kernel.orga
Cc: linux-security-mod...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: sta...@vger.kernel.org # 4.4, 4.9, 4.14 & 4.1
On 8/28/19 7:24 AM, Christoph Hellwig wrote:
On Tue, Aug 27, 2019 at 08:05:15AM -0700, Mark Salyzyn wrote:
Replace arguments for get and set xattr methods, and __vfs_getxattr
and __vfs_setaxtr functions with a reference to the following now
common argument structure:
Yikes. That looks like a
On 8/28/19 7:24 AM, Christoph Hellwig wrote:
On Tue, Aug 27, 2019 at 08:05:15AM -0700, Mark Salyzyn wrote:
Replace arguments for get and set xattr methods, and __vfs_getxattr
and __vfs_setaxtr functions with a reference to the following now
common argument structure:
Yikes. That looks like a
On 8/28/19 7:24 AM, Christoph Hellwig wrote:
On Tue, Aug 27, 2019 at 08:05:15AM -0700, Mark Salyzyn wrote:
Replace arguments for get and set xattr methods, and __vfs_getxattr
and __vfs_setaxtr functions with a reference to the following now
common argument structure:
Yikes. That looks like a
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Reviewed-by: Jan Kara
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@
On 8/27/19 7:19 AM, Jan Kara wrote:
On Tue 20-08-19 11:06:48, Mark Salyzyn wrote:
diff --git a/Documentation/filesystems/Locking
b/Documentation/filesystems/Locking
index 204dd3ea36bb..e2687f21c7d6 100644
--- a/Documentation/filesystems/Locking
+++ b/Documentation/filesystems/Locking
On 8/27/19 7:19 AM, Jan Kara wrote:
On Tue 20-08-19 11:06:48, Mark Salyzyn wrote:
diff --git a/Documentation/filesystems/Locking
b/Documentation/filesystems/Locking
index 204dd3ea36bb..e2687f21c7d6 100644
--- a/Documentation/filesystems/Locking
+++ b/Documentation/filesystems/Locking
On 8/27/19 7:19 AM, Jan Kara wrote:
On Tue 20-08-19 11:06:48, Mark Salyzyn wrote:
diff --git a/Documentation/filesystems/Locking
b/Documentation/filesystems/Locking
index 204dd3ea36bb..e2687f21c7d6 100644
--- a/Documentation/filesystems/Locking
+++ b/Documentation/filesystems/Locking
u 15-08-19 08:49:58, Mark Salyzyn wrote:
> > Add a flag option to get xattr method that could have a bit flag of
> > XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
> > set in the __vfs_getxattr path.
> >
> > This handles the case of a union filesyst
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
ead addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
Cc: sta...@vger
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
On 8/20/19 1:15 PM, Greg Kroah-Hartman wrote:
No signed-off-by from you?
Anyway, this is already in the 4.4.y queue and will be in the next
release.
thanks,
greg k-h
Ok, thanks! I will stand down.
-- Mark
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
From: "Yavuz, Tuba"
cherry pick from commit 7fafcfdf6377b18b2a726ea554d6e593ba44349f
("USB: gadget: f_midi: fixing a possible double-free in f_midi")
Removing 'return err;' from conflict.
It looks like there is a possibility of a double-free vulnerability on an
error path of the f_midi_set_alt f
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
de-spread addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
C
ead addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
Cc: sta...@vger
ead addition of the
flags option for xattr functions, and a replacement of __vfs_getxattr
with __vfs_getxattr({...XATTR_NOSECURITY}).
Signed-off-by: Mark Salyzyn
Cc: Stephen Smalley
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
Cc: linux-security-mod...@vger.kernel.org
Cc: sta...@vger
u 15-08-19 08:49:58, Mark Salyzyn wrote:
> > Add a flag option to get xattr method that could have a bit flag of
> > XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
> > set in the __vfs_getxattr path.
> >
> > This handles the case of a union filesyst
On 8/15/19 3:27 PM, James Morris wrote:
On Thu, 15 Aug 2019, Mark Salyzyn wrote:
Good Idea, but using the same argument structure for set and get I would be
concerned about the loss of compiler protection for the buffer argument;
Agreed, I missed that.
Sadly, the pattern of
struct
On 8/15/19 3:27 PM, James Morris wrote:
On Thu, 15 Aug 2019, Mark Salyzyn wrote:
Good Idea, but using the same argument structure for set and get I would be
concerned about the loss of compiler protection for the buffer argument;
Agreed, I missed that.
Sadly, the pattern of
struct
1 - 100 of 510 matches
Mail list logo