Hello,
This is a minor update of this patch series. It addresses review comments
made to v3. Details are in the changelog. The sysfs patch is updated and
included here but as I mentioned earlier can be postponed. It is marked
RFC for that reason.
As with the previous version, the patch
From: Ram Pai
Make the Enter-Secure-Mode (ESM) ultravisor call to switch the VM to secure
mode. Pass kernel base address and FDT address so that the Ultravisor is
able to verify the integrity of the VM using information from the ESM blob.
Add "svm=" command line option to turn on switching to
Introduce CONFIG_PPC_SVM to control support for secure guests and include
Ultravisor-related helpers when it is selected
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/asm-prototypes.h | 2 +-
arch/powerpc/kernel/Makefile | 4 +++-
From: Benjamin Herrenschmidt
For secure VMs, the signing tool will create a ticket called the "ESM blob"
for the Enter Secure Mode ultravisor call with the signatures of the kernel
and initrd among other things.
This adds support to the wrapper script for adding that blob via the "-e"
option to
Helps document what the hard-coded number means.
Also take the opportunity to fix an #endif comment.
Suggested-by: Alexey Kardashevskiy
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/paca.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git
From: Ram Pai
A new kernel deserves a clean slate. Any pages shared with the hypervisor
is unshared before invoking the new kernel. However there are exceptions.
If the new kernel is invoked to dump the current kernel, or if there is a
explicit request to preserve the state of the current
From: Sukadev Bhattiprolu
Protected Execution Facility (PEF) is an architectural change for
POWER 9 that enables Secure Virtual Machines (SVMs). When enabled,
PEF adds a new higher privileged mode, called Ultravisor mode, to
POWER architecture.
The hardware changes include the following:
*
From: Ram Pai
These functions are used when the guest wants to grant the hypervisor
access to certain pages.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor-api.h | 2 ++
arch/powerpc/include/asm/ultravisor.h | 24
> -Original Message-
> From: Alex Williamson [mailto:alex.william...@redhat.com]
> Sent: Saturday, August 17, 2019 4:52 AM
> To: Zhang, Tina
> Cc: intel-gvt-...@lists.freedesktop.org; kra...@redhat.com;
> k...@vger.kernel.org; linux-kernel@vger.kernel.org; Yuan, Hang
> ; Lv, Zhiyuan
>
From: Marco Hartmann Sent: Tuesday, August 20, 2019 1:11 AM
> IEEE 802.3ae clause 45 defines a modified MDIO protocol that uses a two
> staged access model in order to increase the address space.
>
> This patch adds support for C45 MDIO read and write accesses, which are
> used whenever the
From: Ben Chuang
Add support for the GL9750 and GL9755 chipsets.
The patches enable v4 mode and wait 5ms after set 1.8V signal enable for
GL9750/GL9755. It fixed the value of SDHCI_MAX_CURRENT register and uses
the vendor tuning flow for GL9750.
Signed-off-by: Ben Chuang
Co-developed-by:
From: Ben Chuang
Add the Genesys Logic, Inc. vendor ID to pci_ids.h.
Signed-off-by: Ben Chuang
Co-developed-by: Michael K Johnson
Signed-off-by: Michael K Johnson
---
include/linux/pci_ids.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/pci_ids.h
From: Ben Chuang
The GL9750 and GL9755 chipsets, and possibly others, require PLL Enable
setup as part of the internal clock setup as described in 3.2.1 Internal
Clock Setup Sequence of SD Host Controller Simplified Specification
Version 4.20.
Signed-off-by: Ben Chuang
Co-developed-by: Michael
Hi Daniel,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on bpf-next/master]
url:
https://github.com/0day-ci/linux/commits/Daniel-Xu/tracing-probe-Add-PERF_EVENT_IOC_QUERY_PROBE-ioctl/20190820-003910
base:
From: Ben Chuang
According to section 3.2.1 internal clock setup in SD Host Controller
Simplified Specifications 4.20, the timeout of loop for checking
internal clock stable is defined as 150ms.
Signed-off-by: Ben Chuang
Co-developed-by: Michael K Johnson
Signed-off-by: Michael K Johnson
---
From: Ben Chuang
The patches modify internal clock setup to match SD Host Controller
Simplified Specifications 4.20 and support Genesys Logic GL9750/
GL9755 support.
V5:
- add "change timeout of loop .." to a patch
- fix typo "verndor" to "vendor"
V4:
- change name from sdhci_gli_reset to
On Tue, 20 Aug 2019 09:01:30 +0900 Masami Hiramatsu wrote:
>
> Hi Jisheng,
Hi,
>
> On Mon, 19 Aug 2019 11:36:09 +
> Jisheng Zhang wrote:
>
> > For KPROBES_ON_FTRACE case, we need to adjust the kprobe's addr
> > correspondingly.
>
> No, I think you have misunderstood what the
On Tue, 20 Aug 2019 09:07:35 +0900 Masami Hiramatsu wrote:
>
>
> Hi Jisheng,
Hi,
>
> On Mon, 19 Aug 2019 11:37:32 +
> Jisheng Zhang wrote:
>
> > This code could be reused. So move it from x86 to common code.
>
> Yes, it can be among some arch, but at first, please make your
>
On 8/19/19 2:18 AM, Stephen Rothwell wrote:
> Hi all,
>
> Changes since 20190816:
>
on x86_64:
ERROR: "dm_ip_block" [drivers/gpu/drm/amd/amdgpu/amdgpu.ko] undefined!
Full randconfig file is attached.
--
~Randy
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86_64 5.3.0-rc5 Kernel
From: Peng Fan
The AUDIO PLL max support 650M, so the original clk settings violate
spec. This patch makes the output 786432000 -> 393216000,
and 722534400 -> 361267200 to aligned with NXP vendor kernel without any
impact on audio functionality and go within 650MHz PLL limit.
Signed-off-by:
When a Linux VM runs on Hyper-V and hibernates, it must disable the
memory hot-add/remove and balloon up/down capabilities in the hv_balloon
driver.
By default, Hyper-V does not enable the virtual ACPI S4 state for a VM;
on recent Hyper-V hosts, the administrator is able to enable the virtual
Break out synic enable and disable operations into separate
hv_synic_disable_regs() and hv_synic_enable_regs() functions for use by a
later patch to support hibernation.
There is no functional change except the unnecessary check
"if (sctrl.enable != 1) return -EFAULT;" which is removed, because
This is needed for hibernation, e.g. when we resume the old kernel, we need
to disable the "current" kernel's hypercall page and then resume the old
kernel's.
Signed-off-by: Dexuan Cui
Reviewed-by: Michael Kelley
---
arch/x86/hyperv/hv_init.c | 34 ++
1 file
When the VM resumes, the host re-sends the offers. We should not add the
offers to the global vmbus_connection.chn_list again.
This patch assumes the RELIDs of the channels don't change across
hibernation. Actually this is not always true, especially in the case of
NIC SR-IOV the VF vmbus
Stephen,
> In commit
>
> cff1191553d9 ("scsi: qla2xxx: cleanup trace buffer initialization")
>
> Fixes tag
>
> Fixes: ad0a0b01f088 ("scsi: qla2xxx: Fix Firmware dump size for Extended
>
> has these problem(s):
>
> - Subject has leading but no trailing parentheses
> - Subject has leading
This is needed when we resume the old kernel from the "current" kernel.
Note: when hv_synic_suspend() and hv_synic_resume() run, all the
non-boot CPUs have been offlined, and interrupts are disabled on CPU0.
Signed-off-by: Dexuan Cui
Reviewed-by: Michael Kelley
---
drivers/hv/vmbus_drv.c | 46
Before suspend, Linux must make sure all the hv_sock channels have been
properly cleaned up, because a hv_sock connection can not persist across
hibernation, and the user-space app must be properly notified of the
state change of the connection.
Before suspend, Linux also must make sure all the
The existing method of telling if a channel is sub-channel in
vmbus_process_offer() is cumbersome. This new simple helper function
is preferred in future.
Signed-off-by: Dexuan Cui
---
include/linux/hyperv.h | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git
When the host re-offers the primary channels upon resume, the host only
guarantees the Instance GUID doesn't change, so vmbus_bus_suspend()
should invalidate channel->offermsg.child_relid and figure out the
number of primary channels that need to be fixed up upon resume.
Upon resume,
The high-level VSC drivers will implement device-specific callbacks.
Signed-off-by: Dexuan Cui
Reviewed-by: Michael Kelley
---
drivers/hv/vmbus_drv.c | 46 ++
include/linux/hyperv.h | 3 +++
2 files changed, 49 insertions(+)
diff --git
Fake RESCIND_CHANNEL messages to clean up hv_sock channels by force for
hibernation. There is no better method to clean up the channels since
some of the channels may still be referenced by the userspace apps when
hiberantin is triggered: in this case, the "rescind" fields of the
channels are set,
Before Linux enters hibernation, it sends the CHANNELMSG_UNLOAD message to
the host so all the offers are gone. After hibernation, Linux needs to
re-negotiate with the host using the same vmbus protocol version (which
was in use before hibernation), and ask the host to re-offer the vmbus
devices.
This is needed for hibernation, e.g. when we resume the old kernel, we need
to disable the "current" kernel's TSC page and then resume the old kernel's.
Signed-off-by: Dexuan Cui
Reviewed-by: Michael Kelley
---
drivers/clocksource/hyperv_timer.c | 25 +
1 file changed,
On Mon, 19 Aug 2019 22:13:02 +0530 "Naveen N. Rao" wrote:
> CAUTION: Email originated externally, do not click links or open attachments
> unless you recognize the sender and know the content is safe.
>
>
> Jisheng Zhang wrote:
> > For KPROBES_ON_FTRACE case, we need to adjust the kprobe's
Hi all,
The patchset is to enhance hv_vmbus to support hibernation when Linux VM
runs on Hyper-V. A second patchset to enhance the high-level VSC drivers
(hv_netvsc, hv_storvsc, etc.) for hibernation will be posted after this
patchset is acceped. If you want to test this hibernation feaure, all
Hi Nick,
Nicholas Piggin writes:
> Santosh Sivaraj's on August 15, 2019 10:39 am:
>> From: Balbir Singh
>>
>> The current code would fail on huge pages addresses, since the shift would
>> be incorrect. Use the correct page shift value returned by
>> __find_linux_pte() to get the correct
On Sun, Aug 18, 2019 at 2:12 AM Christoph Hellwig wrote:
>
> The dev field in struct dev_pagemap is only used to print dev_name in
> two places, which are at best nice to have. Just remove the field
> and thus the name in those two messages.
>
> Signed-off-by: Christoph Hellwig
> Reviewed-by:
From: Ryder Lee
This adds a property "num-pwms" for PWM controller.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
---
arch/arm64/boot/dts/mediatek/mt7622.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt7622.dtsi
From: Ryder Lee
This adds a property "num-pwms" for PWM controller.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
---
arch/arm/boot/dts/mt7623.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi
index
From: sam shih
This adds pwm support for MT7629.
Signed-off-by: Sam Shih
---
arch/arm/boot/dts/mt7629.dtsi | 16
1 file changed, 16 insertions(+)
diff --git a/arch/arm/boot/dts/mt7629.dtsi b/arch/arm/boot/dts/mt7629.dtsi
index 9608bc2ccb3f..493be9a9453b 100644
---
From: Ryder Lee
This updates bindings for MT7629 pwm controller.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
Reviewed-by: Matthias Brugger
---
Documentation/devicetree/bindings/pwm/pwm-mediatek.txt | 1 +
1 file changed, 1 insertion(+)
diff --git
From: Ryder Lee
This adds a property "num-pwms" in example so that we could
specify the number of PWM channels via device tree.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
Reviewed-by: Matthias Brugger
---
Documentation/devicetree/bindings/pwm/pwm-mediatek.txt | 7 ---
1 file
From: sam shih
This updates bindings for MT7628 pwm controller.
Signed-off-by: Sam Shih
---
Documentation/devicetree/bindings/pwm/pwm-mediatek.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/devicetree/bindings/pwm/pwm-mediatek.txt
From: sam shih
Use pwm_mediatek as common prefix to match the filename.
No functional change intended.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
---
drivers/pwm/pwm-mediatek.c | 117 ++---
1 file changed, 58 insertions(+), 59 deletions(-)
diff --git
From: Ryder Lee
Instead of using fixed size of arrays, allocate the memory for them
based on the information we get from the chips.
Also fix mt7628 pwm during configure from userspace. The SoC
is legacy MIPS and has no complex clock tree. This patch add property
clock-frequency to the SoC
From: sam shih
This patch drop the check for of_device_get_match_data.
Due to the only way call driver probe is compatible match,
In this case, the platform data should never be NULL.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
---
Used:
https://patchwork.kernel.org/patch/11096905/
On Mon, Aug 19, 2019 at 06:34:07PM -0700, Andy Lutomirski wrote:
> On Mon, Aug 19, 2019 at 3:01 PM Sean Christopherson
> wrote:
> >
> > On Thu, Aug 15, 2019 at 05:47:12PM -0700, Andy Lutomirski wrote:
> > >
> > >
> > > >> On Jul 29, 2019, at 7:49 PM, Sean Christopherson
> > > >> wrote:
> > > >>
From: Ryder Lee
This adds a property "num-pwms" to avoid having an endless
list of compatibles with no differences for the same driver.
Signed-off-by: Ryder Lee
Signed-off-by: Sam Shih
---
Used:
https://patchwork.kernel.org/project/linux-mediatek/list/?series=68207
Changes since v4:
Follow
From: sam shih
Changes since v4:
- Follow reviewer's comments (v3: pwm: mediatek: add a property "num-pwms")
Move the changes of droping the check for of_device_get_match_data
returning non-NULL to next patch
- Follow reviewers's comments
(v3: pwm: mediatek: allocate the clks array
On Mon, Aug 19, 2019 at 07:14:38PM -0500, Scott Wood wrote:
> On Sun, 2019-08-18 at 17:49 -0400, Joel Fernandes (Google) wrote:
> > When we're in hard interrupt context in rcu_read_unlock_special(), we
> > can still benefit from invoke_rcu_core() doing wake ups of rcuc
> > threads when the
From: Marco Hartmann
Date: Mon, 19 Aug 2019 17:11:14 +
> @@ -1767,7 +1770,7 @@ static int fec_enet_mdio_read(struct mii_bus *bus, int
> mii_id, int regnum)
> struct fec_enet_private *fep = bus->priv;
> struct device *dev = >pdev->dev;
> unsigned long time_left;
> - int
On 8/19/19 2:18 AM, Stephen Rothwell wrote:
> Hi all,
>
> Changes since 20190816:
>
on x86_64:
../drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c: In function ‘amdgpu_exit’:
../drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c:1471:2: error: implicit declaration
of function ‘mmu_notifier_synchronize’; did you
On Mon, Aug 19, 2019 at 3:01 PM Sean Christopherson
wrote:
>
> On Thu, Aug 15, 2019 at 05:47:12PM -0700, Andy Lutomirski wrote:
> >
> >
> > >> On Jul 29, 2019, at 7:49 PM, Sean Christopherson
> > >> wrote:
> > >>
> > >> On Sat, Jul 27, 2019 at 10:38:03AM -0700, Andy Lutomirski wrote:
> > >> On
From: Kalle Valo
Date: Mon, 19 Aug 2019 19:28:28 +0300
> here's a pull request to net-next for v5.4, more info below. Please let
> me know if there are any problems.
Pulled, thanks Kalle.
On Tue, Aug 20, 2019 at 5:20 AM Roman Gushchin wrote:
>
> On Sun, Aug 18, 2019 at 08:30:15AM +0800, Yafang Shao wrote:
> > On Sun, Aug 18, 2019 at 3:14 AM Roman Gushchin wrote:
> > >
> > > On Sat, Aug 17, 2019 at 11:33:57AM +0800, Yafang Shao wrote:
> > > > On Sat, Aug 17, 2019 at 8:47 AM Roman
Remove duplicated include.
Signed-off-by: YueHaibing
---
fs/nfsd/filecache.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index 4759fdc8a07e..07939f4834e8 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -6,7 +6,6 @@
#include
On Sun, Aug 18, 2019 at 2:10 AM Christoph Hellwig wrote:
>
> Factor out the guts of devm_request_free_mem_region so that we can
> implement both a device managed and a manually release version as
> tiny wrappers around it.
>
> Signed-off-by: Christoph Hellwig
> Reviewed-by: Ira Weiny
> ---
>
On Mon, Aug 19, 2019 at 09:19:51AM -0700, Scott Branden wrote:
> To be honest, I find the entire firmware code sloppy.
And that is after years of cleanup on my part. Try going back to v4.1
for instance, check the code out then for an incredible horrific sight :)
> I don't think the
On Fri, Aug 16, 2019 at 3:33 PM Daniel Xu wrote:
>
> It's useful to know [uk]probe's nmissed and nhit stats. For example with
> tracing tools, it's important to know when events may have been lost.
> debugfs currently exposes a control file to get this information, but
> it is not compatible with
On Mon, Aug 19, 2019 at 05:05:53PM -0700, John Hubbard wrote:
> On 8/19/19 2:24 AM, Dave Chinner wrote:
> > On Mon, Aug 19, 2019 at 08:34:12AM +0200, Jan Kara wrote:
> > > On Sat 17-08-19 12:26:03, Dave Chinner wrote:
> > > > On Fri, Aug 16, 2019 at 12:05:28PM -0700, Ira Weiny wrote:
> > > > > On
Hello,
syzbot found the following crash on:
HEAD commit:da657043 Add linux-next specific files for 20190819
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=16af124c60
kernel config: https://syzkaller.appspot.com/x/.config?x=739a9b3ab3d8c770
From: Christophe JAILLET
Date: Mon, 19 Aug 2019 07:04:25 +0200
> This should be IDT77105, not IDT77015.
>
> Signed-off-by: Christophe JAILLET
Applied.
From: Hayes Wang
Date: Mon, 19 Aug 2019 11:15:19 +0800
> Fix accessing skb after napi_gro_receive which is caused by
> commit 47922fcde536 ("r8152: support skb_add_rx_frag").
>
> Fixes: 47922fcde536 ("r8152: support skb_add_rx_frag")
> Signed-off-by: Hayes Wang
Applied, thanks.
On Mon, Aug 19, 2019 at 09:38:41AM -0300, Jason Gunthorpe wrote:
> On Mon, Aug 19, 2019 at 07:24:09PM +1000, Dave Chinner wrote:
>
> > So that leaves just the normal close() syscall exit case, where the
> > application has full control of the order in which resources are
> > released. We've
On Mon, Aug 19, 2019 at 03:50:54PM -0300, Arnaldo Carvalho de Melo wrote:
> Em Mon, Aug 19, 2019 at 12:08:26PM -0600, Mathieu Poirier escreveu:
> > On Thu, 15 Aug 2019 at 02:30, Leo Yan wrote:
> > >
> > > The synthetic branch and instruction samples are missed to set
> > > instruction related
From: zhanglin
Date: Mon, 19 Aug 2019 09:35:56 +0800
> If protocols registered exceeded PROTO_INUSE_NR, prot will be
> added to proto_list, but no available bit left for prot in
> proto_inuse_idx.
>
> Signed-off-by: zhanglin
This won't build with CONFIG_PROC_FS disabled.
If IPv6 is disabled on boot (ipv6.disable=1), but nft_fib_inet ends up
dealing with a IPv6 package, it causes a kernel panic in
fib6_node_lookup_1(), crashing in bad_page_fault.
The panic is caused by trying to deference a very low address (0x38
in ppc64le), due to ipv6.fib6_main_tbl = NULL.
BUG:
[...]
>>> I have made a simple fuzzer to inject messy in inode metadata,
>>> dir data, compressed indexes and super block,
>>> https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental-fuzzer
>>>
>>> I am testing with some given dirs and the following script.
>>>
> -Original Message-
> From: Alex Williamson [mailto:alex.william...@redhat.com]
> Sent: Saturday, August 17, 2019 4:52 AM
> To: Zhang, Tina
> Cc: intel-gvt-...@lists.freedesktop.org; kra...@redhat.com;
> k...@vger.kernel.org; linux-kernel@vger.kernel.org; Yuan, Hang
> ; Lv, Zhiyuan ;
In RISC-V, tlb flush happens via SBI which is expensive.
If the target cpumask contains a local hartid, some cost
can be saved by issuing a local tlb flush as we do that
in OpenSBI anyways. There is also no need of SBI call if
cpumask is empty.
Do a local flush first if current cpu is present in
From: Clark Williams
The i915 driver was throwing splats on my home test box running
v5.2-rt3 when I turned on lockdep and lock debugging configs. This was
mainly due to the non-side effects of the spin*_irq*() macros which do
nothing to IRQs on PREEMPT_RT. Converting the various irq_lock
From: Clark Williams
The following structures contain a member named 'irq_lock'.
These three locks are of type spinlock_t and are used in
multiple contexts including atomic:
struct drm_i915_private
struct intel_breadcrumbs
strict intel_guc
Convert them all to be raw_spinlock_t so
From: Clark Williams
The structure intel_uncore contains a spinlock member
named 'lock' which is used in multiple contexts. Convert
it to a raw spinlock so that lockdep and the lock debugging
code will be happy.
Signed-off-by: Clark Williams
---
drivers/gpu/drm/i915/i915_gem.c | 4
From: Clark Williams
The 'breadcrumb' code in the i915 driver calls lockdep_assert_irqs_disabled()
when starting some operations. This is valid on a stock kernel
but on a PREEMPT_RT kernel the spin_lock_irq*() calls to not disable
interrupts and likewise the spin_unlock_irq*() calls to not
On Fri, Aug 16 2019, Jinpu Wang wrote:
> On Wed, Aug 7, 2019 at 2:35 PM Jinpu Wang wrote:
>>
>> On Wed, Aug 7, 2019 at 8:36 AM Jinpu Wang wrote:
>> >
>> > On Wed, Aug 7, 2019 at 1:40 AM NeilBrown wrote:
>> > >
>> > > On Tue, Aug 06 2019, Jinpu Wang wrote:
>> > >
>> > > > On Tue, Aug 6, 2019 at
The NCSI spec indicates that if the data does not end on a 32 bit
boundary, one to three padding bytes equal to 0x00 shall be present to
align the checksum field to a 32-bit boundary.
Signed-off-by: Terry S. Duncan
---
net/ncsi/ncsi-cmd.c | 2 +-
net/ncsi/ncsi-rsp.c | 9 ++---
2 files
Nicholas Piggin writes:
> Christophe Leroy's on August 14, 2019 6:11 am:
>> Until vmalloc system is up and running, ioremap basically
>> allocates addresses at the border of the IOREMAP area.
>>
>> On PPC32, addresses are allocated down from the top of the area
>> while on PPC64, addresses are
While existing LSMs can be extended to handle lockdown policy,
distributions generally want to be able to apply a straightforward
static policy. This patch adds a simple LSM that can be configured to
reject either integrity or all lockdown queries, and can be configured
at runtime (through
From: Matthew Garrett
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if the kernel is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
Reviewed-by: Kees
Tracefs may release more information about the kernel than desirable, so
restrict it when the kernel is locked down in confidentiality mode by
preventing open().
(Fixed by Ben Hutchings to avoid a null dereference in
default_file_open())
Signed-off-by: Matthew Garrett
Reviewed-by: Steven
On 19. 8. 12. 오전 6:23, Dmitry Osipenko wrote:
> We already had few integer overflow bugs, let's limit the freq for
> consistency.
>
> Signed-off-by: Dmitry Osipenko
> ---
> drivers/devfreq/tegra30-devfreq.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git
From: David Howells
Disallow access to /proc/kcore when the kernel is locked down to prevent
access to cryptographic data. This is limited to lockdown
confidentiality mode and is still permitted in integrity mode.
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees
From: David Howells
Disallow the creation of perf and ftrace kprobes when the kernel is
locked down in confidentiality mode by preventing their registration.
This prevents kprobes from being used to access kernel memory to steal
crypto data, but continues to allow the use of kprobes from signed
Print the content of current->comm in messages generated by lockdown to
indicate a restriction that was hit. This makes it a bit easier to find
out what caused the message.
The message now patterned something like:
Lockdown: : is restricted; see man kernel_lockdown.7
Signed-off-by:
From: David Howells
The testmmiotrace module shouldn't be permitted when the kernel is locked
down as it can be used to arbitrarily read and write MMIO space. This is
a runtime check rather than buildtime in order to allow configurations
where the same kernel may be run in both locked down or
From: David Howells
bpf_read() and bpf_read_str() could potentially be abused to (eg) allow
private keys in kernel memory to be leaked. Disable them if the kernel
has been locked down in confidentiality mode.
Suggested-by: Alexei Starovoitov
Signed-off-by: Matthew Garrett
Reviewed-by: Kees
From: Jiri Bohac
When KEXEC_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down.
[Modified by David Howells to fit with modifications to the previous patch
and to return -EPERM if the kernel is locked down for consistency with
other
From: David Howells
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).
Suggested-by: Alan Cox
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees
From: David Howells
Disallow opening of debugfs files that might be used to muck around when
the kernel is locked down as various drivers give raw access to hardware
through debugfs. Given the effort of auditing all 2000 or so files and
manually fixing each one as necessary, I've chosen to
From: Josh Boyer
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down.
Signed-off-by: Josh Boyer
Signed-off-by:
From: David Howells
Disallow the use of certain perf facilities that might allow userspace to
access kernel data.
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Cook
Cc: Peter Zijlstra
Cc: Ingo Molnar
Cc: Arnaldo Carvalho de Melo
Signed-off-by: James Morris
Systems in lockdown mode should block the kexec of untrusted kernels.
For x86 and ARM we can ensure that a kernel is trustworthy by validating
a PE signature, but this isn't possible on other architectures. On those
platforms we can use IMA digital signatures instead. Add a function to
determine
From: David Howells
Lock down TIOCSSERIAL as that can be used to change the ioport and irq
settings on a serial port. This only appears to be an issue for the serial
drivers that use the core serial code. All other drivers seem to either
ignore attempts to change port/irq or give an error.
From: David Howells
Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.
Suggested-by: Dominik Brodowski
Signed-off-by: David Howells
Signed-off-by: Matthew Garrett
Reviewed-by: Kees Cook
Signed-off-by: James Morris
---
drivers/pcmcia/cistpl.c
From: Linn Crosetto
>From the kernel documentation (initrd_table_override.txt):
If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
to override nearly any ACPI table provided by the BIOS with an
instrumented, modified one.
When lockdown is enabled, the kernel should
From: Josh Boyer
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to modify the workings of hardware. Reject
the option when the kernel is locked down. This requires some reworking
of the existing RSDP command line logic, since the early
From: Matthew Garrett
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO
register space. This would potentially permit root to trigger arbitrary
DMA, so lock it down by default.
This also implicitly locks
From: Matthew Garrett
Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode. Based on a
patch by Kees Cook.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
Acked-by: Kees Cook
Reviewed-by: Thomas
From: Matthew Garrett
Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax
The lockdown module is intended to allow for kernels to be locked down
early in boot - sufficiently early that we don't have the ability to
kmalloc() yet. Add support for early initialisation of some LSMs, and
then add them to the list of names when we do full initialisation later.
Early LSMs are
101 - 200 of 1117 matches
Mail list logo