On 2021/3/11 上午11:42, Jarkko Sakkinen wrote:
> On Thu, Mar 11, 2021 at 10:47:50AM +0800, Jia Zhang wrote:
>>
>>
>> On 2021/3/11 上午5:39, Jarkko Sakkinen wrote:
>>> On Wed, Mar 10, 2021 at 08:44:44PM +0800, Jia Zhang wrote:
>>>>
>>>>
>&g
On 2021/3/11 上午5:39, Jarkko Sakkinen wrote:
> On Wed, Mar 10, 2021 at 08:44:44PM +0800, Jia Zhang wrote:
>>
>>
>> On 2021/3/2 下午9:47, Jarkko Sakkinen wrote:
>>> On Mon, Mar 01, 2021 at 09:54:37PM -0800, Andy Lutomirski wrote:
>>>> On Mon, Mar 1,
On 2021/3/2 下午9:47, Jarkko Sakkinen wrote:
> On Mon, Mar 01, 2021 at 09:54:37PM -0800, Andy Lutomirski wrote:
>> On Mon, Mar 1, 2021 at 9:06 PM Tianjia Zhang
>> wrote:
>>>
>>>
>>>
>>> On 3/1/21 5:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote:
On 2019/8/2 上午6:57, Mimi Zohar wrote:
> Hi Jia,
>
> On Thu, 2019-08-01 at 09:23 +0800, Jia Zhang wrote:
>> Similar to .ima, the cert imported to .ima_blacklist is able to be
>> authenticated by a secondary CA cert.
>>
>> Signed-off-by: Jia Zhang
>
&
Similar to .ima, the cert imported to .ima_blacklist is able to be
authenticated by a secondary CA cert.
Signed-off-by: Jia Zhang
---
include/keys/system_keyring.h| 6 ++
security/integrity/digsig.c | 6 --
security/integrity/ima/ima_mok.c | 2 +-
3 files changed, 7 insertions
Commit-ID: 81d30225bc0c246b53270eb90b23cfbb941a186d
Gitweb: https://git.kernel.org/tip/81d30225bc0c246b53270eb90b23cfbb941a186d
Author: Jia Zhang
AuthorDate: Mon, 1 Apr 2019 19:40:45 +0800
Committer: Ingo Molnar
CommitDate: Wed, 8 May 2019 13:13:57 +0200
x86/vdso: Remove hpet_page
Commit-ID: 705acedd7fcb81a1e2be2560a1fdd16a429357f6
Gitweb: https://git.kernel.org/tip/705acedd7fcb81a1e2be2560a1fdd16a429357f6
Author: Jia Zhang
AuthorDate: Mon, 1 Apr 2019 19:40:45 +0800
Committer: Thomas Gleixner
CommitDate: Fri, 5 Apr 2019 13:07:03 +0200
x86/vdso: Remove hpet_page
On 2019/1/18 下午11:18, Jarkko Sakkinen wrote:
> On Thu, Jan 17, 2019 at 09:32:55AM +0800, Jia Zhang wrote:
>>
>>
>> On 2019/1/17 上午6:09, Jarkko Sakkinen wrote:
>>> Please use "tpm:" tag for commits, not "tpm/eventlog/tpm1".
>>&
On 2019/1/17 上午6:09, Jarkko Sakkinen wrote:
> Please use "tpm:" tag for commits, not "tpm/eventlog/tpm1".
>
> On Fri, Jan 11, 2019 at 04:59:32PM +0800, Jia Zhang wrote:
>> The responsibility of tpm1_bios_measurements_start() is to walk
>> over the firs
-off-by: Jia Zhang
---
drivers/char/tpm/eventlog/tpm1.c | 37 ++---
1 file changed, 14 insertions(+), 23 deletions(-)
diff --git a/drivers/char/tpm/eventlog/tpm1.c b/drivers/char/tpm/eventlog/tpm1.c
index 58c8478..4cf8303 100644
--- a/drivers/char/tpm/eventlog/tpm1.c
: Inspur
Product Name: SA5212M4
Version: 01
However, binary_bios_measurements should return it any way,
rather than nothing, after all its content is completely
valid.
Fixes: 55a82ab("tpm: add bios measurement log")
Signed-off-by: Jia Zhang
---
drivers/char/tpm/eventlog/
Change since V1:
- Add test results with LTP.
- Rewrite patch 1's commit header.
Here is the test result with LTP testcase ima_tpm.sh which is used
to verify binary_bios_measurements.
ima_tpm 1 TINFO: timeout per run is 0h 5m 0s
ima_tpm 1 TINFO: /proc/cmdline:
On 2019/1/11 上午1:32, Jarkko Sakkinen wrote:
> On Sun, Jan 06, 2019 at 03:23:18PM +0800, Jia Zhang wrote:
>> The sanity check would be easier, especially for the first read
>> of binary_bios_measurements from the beginning.
>>
>> Signed-off-by: Jia Zhang
>
: Inspur
Product Name: SA5212M4
Version: 01
However, binary_bios_measurements should return it any way,
rather than nothing, after all its content is completely
valid.
Fix: 55a82ab("tpm: add bios measurement log")
Signed-off-by: Jia Zhang
---
drivers/char/tpm/eventlog/
The sanity check would be easier, especially for the first read
of binary_bios_measurements from the beginning.
Signed-off-by: Jia Zhang
---
drivers/char/tpm/eventlog/tpm1.c | 37 ++---
1 file changed, 14 insertions(+), 23 deletions(-)
diff --git a/drivers/char
The sig_enforce parameter could be always shown to reflect the
current status of modsign. For the case of CONFIG_MODULE_SIG_FORCE=y,
this modification does nothing harmless.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 2 --
1 file changed, 2 deletions(-)
The sig_enforce parameter could be always shown to reflect the
current status of modsign. For the case of CONFIG_MODULE_SIG_FORCE=y,
this modification does nothing harmless.
Signed-off-by: Jia Zhang
---
kernel/module.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/module.c b
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index a6e43a5..f695474 100644
--- a/kernel/module.c
+++ b/kernel/mo
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index a6e43a5..f695474 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2785,7 +2785,7 @@ static int
On 2018/3/28 上午6:11, Jessica Yu wrote:
> +++ Jia Zhang [24/03/18 10:59 +0800]:
>> This patch series allows to disable module validity enforcement
>> in runtime through the control switch located in securityfs.
>>
>> In order to keep /sys/module/module/pa
On 2018/3/28 上午6:11, Jessica Yu wrote:
> +++ Jia Zhang [24/03/18 10:59 +0800]:
>> This patch series allows to disable module validity enforcement
>> in runtime through the control switch located in securityfs.
>>
>> In order to keep /sys/module/module/pa
ner -outform der -out no_sig_enforce.p7s
$ sudo cat no_sig_enforce.p7s \
> /sys/kernel/security/modsign/disable_enforce
Note that the signing key must be a trust key located in
system trusted keyring. So even the root privilige cannot
simply disable the enforcement.
Signed-off-by: Jia Zhang
ner -outform der -out no_sig_enforce.p7s
$ sudo cat no_sig_enforce.p7s \
> /sys/kernel/security/modsign/disable_enforce
Note that the signing key must be a trust key located in
system trusted keyring. So even the root privilige cannot
simply disable the enforcement.
Signed-off-by: Jia Zhang
---
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/mo
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 003d0ab..79825ea
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2789,7 +2789,7 @@ static int
This patch series allows to disable module validity enforcement
in runtime through the control switch located in securityfs.
In order to keep /sys/module/module/parameters/sig_enforce simple,
the disablement switch is located at
/sys/kernel/security/modsign/disable_enforce.
Assuming
This patch series allows to disable module validity enforcement
in runtime through the control switch located in securityfs.
In order to keep /sys/module/module/parameters/sig_enforce simple,
the disablement switch is located at
/sys/kernel/security/modsign/disable_enforce.
Assuming
On 2018/3/12 下午9:28, Jessica Yu wrote:
> +++ Jia Zhang [08/03/18 12:26 +0800]:
>> This patch series allows to disable module validity enforcement
>> in runtime through /sys/kernel/security/modsign/enforce interface.
>>
>> Assuming CONFIG_MODULE_SIG_FORCE=y
On 2018/3/12 下午9:28, Jessica Yu wrote:
> +++ Jia Zhang [08/03/18 12:26 +0800]:
>> This patch series allows to disable module validity enforcement
>> in runtime through /sys/kernel/security/modsign/enforce interface.
>>
>> Assuming CONFIG_MODULE_SIG_FORCE=y
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 003d0ab..79825ea
This patch series allows to disable module validity enforcement
in runtime through /sys/kernel/security/modsign/enforce interface.
Assuming CONFIG_MODULE_SIG_FORCE=y, here are the instructions to
disable the validity enforcement.
# cat /sys/kernel/security/modsign/enforce
# echo -n 0 > data
#
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/mo
This patch series allows to disable module validity enforcement
in runtime through /sys/kernel/security/modsign/enforce interface.
Assuming CONFIG_MODULE_SIG_FORCE=y, here are the instructions to
disable the validity enforcement.
# cat /sys/kernel/security/modsign/enforce
# echo -n 0 > data
#
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2789,7 +2789,7 @@ static int
sig
Note that the signing key must be a trust key located in
system trusted keyring. So even the root privilige cannot
simply disable the enforcement.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 118 ++-
sig
Note that the signing key must be a trust key located in
system trusted keyring. So even the root privilige cannot
simply disable the enforcement.
Signed-off-by: Jia Zhang
---
kernel/module.c | 118 ++--
1 file changed, 114 insertions(+)
/sys/kernel/security/modsign/enforce gives the result of current
enforcement policy of loading module.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 55 +++
1 file changed, 55 insertions(+)
diff --git a/
/sys/kernel/security/modsign/enforce gives the result of current
enforcement policy of loading module.
Signed-off-by: Jia Zhang
---
kernel/module.c | 55 +++
1 file changed, 55 insertions(+)
diff --git a/kernel/module.c b/kernel/module.c
On 2018/3/8 上午4:14, Jessica Yu wrote:
> +++ Jia Zhang [01/03/18 17:09 +0800]:
>> /sys/kernel/security/modsign/enforce gives the result of current
>> enforcement policy of loading module.
>>
>> Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
>
On 2018/3/8 上午4:14, Jessica Yu wrote:
> +++ Jia Zhang [01/03/18 17:09 +0800]:
>> /sys/kernel/security/modsign/enforce gives the result of current
>> enforcement policy of loading module.
>>
>> Signed-off-by: Jia Zhang
>
> Why is this being added as part of s
Hi Jessica,
Could you review this patch series?
Thanks,
Jia
On 2018/3/1 下午5:09, Jia Zhang wrote:
> Call is_module_sig_enforced() instead.
>
> Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
> ---
> kernel/module.c | 2 +-
> 1 file changed, 1 insertion(+), 1 del
Hi Jessica,
Could you review this patch series?
Thanks,
Jia
On 2018/3/1 下午5:09, Jia Zhang wrote:
> Call is_module_sig_enforced() instead.
>
> Signed-off-by: Jia Zhang
> ---
> kernel/module.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/mo
Call is_module_sig_enforced() instead.
Signed-off-by: Jia Zhang
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420..003d0ab 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2789,7 +2789,7 @@ static int
/sys/kernel/security/modsign/enforce gives the result of current
enforcement policy of loading module.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 55 +++
1 file changed, 55 insertions(+)
diff --git a/
If module signature verification check is enabled but the
validity enforcement is configured to be disabled, it should
be allowed to enable it. Once enabled, it is disallowed to
disable it.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/
This entry point currently includes the procfs initialization,
and will include a securityfs initialization.
Signed-off-by: Jia Zhang
---
kernel/module.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 003d0ab..79825ea
/sys/kernel/security/modsign/enforce gives the result of current
enforcement policy of loading module.
Signed-off-by: Jia Zhang
---
kernel/module.c | 55 +++
1 file changed, 55 insertions(+)
diff --git a/kernel/module.c b/kernel/module.c
If module signature verification check is enabled but the
validity enforcement is configured to be disabled, it should
be allowed to enable it. Once enabled, it is disallowed to
disable it.
Signed-off-by: Jia Zhang
---
kernel/module.c | 39 ---
1 file changed
Commit-ID: b399151cb48db30ad1e0e93dd40d68c6d007b637
Gitweb: https://git.kernel.org/tip/b399151cb48db30ad1e0e93dd40d68c6d007b637
Author: Jia Zhang <qianyue...@alibaba-inc.com>
AuthorDate: Mon, 1 Jan 2018 09:52:10 +0800
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate: Thu,
Commit-ID: b399151cb48db30ad1e0e93dd40d68c6d007b637
Gitweb: https://git.kernel.org/tip/b399151cb48db30ad1e0e93dd40d68c6d007b637
Author: Jia Zhang
AuthorDate: Mon, 1 Jan 2018 09:52:10 +0800
Committer: Ingo Molnar
CommitDate: Thu, 15 Feb 2018 01:15:52 +0100
x86/cpu: Rename
Commit-ID: 93cce6eeafb7c90b9175ffe01913c4930fc4
Gitweb: https://git.kernel.org/tip/93cce6eeafb7c90b9175ffe01913c4930fc4
Author: Jia Zhang <qianyue...@alibaba-inc.com>
AuthorDate: Mon, 1 Jan 2018 09:52:10 +0800
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate: Tue,
Commit-ID: 93cce6eeafb7c90b9175ffe01913c4930fc4
Gitweb: https://git.kernel.org/tip/93cce6eeafb7c90b9175ffe01913c4930fc4
Author: Jia Zhang
AuthorDate: Mon, 1 Jan 2018 09:52:10 +0800
Committer: Ingo Molnar
CommitDate: Tue, 13 Feb 2018 19:23:43 +0100
x86/cpu: Rename
Commit-ID: cd026ca2861e7f384d677626a483da797c76b9da
Gitweb: https://git.kernel.org/tip/cd026ca2861e7f384d677626a483da797c76b9da
Author: Jia Zhang <zhang@linux.alibaba.com>
AuthorDate: Mon, 12 Feb 2018 22:44:54 +0800
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate:
Commit-ID: cd026ca2861e7f384d677626a483da797c76b9da
Gitweb: https://git.kernel.org/tip/cd026ca2861e7f384d677626a483da797c76b9da
Author: Jia Zhang
AuthorDate: Mon, 12 Feb 2018 22:44:54 +0800
Committer: Ingo Molnar
CommitDate: Tue, 13 Feb 2018 09:15:59 +0100
x86/mm/kcore: Add vsyscall
Commit-ID: 595dd46ebfc10be041a365d0a3fa99df50b6ba73
Gitweb: https://git.kernel.org/tip/595dd46ebfc10be041a365d0a3fa99df50b6ba73
Author: Jia Zhang <zhang@linux.alibaba.com>
AuthorDate: Mon, 12 Feb 2018 22:44:53 +0800
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate:
Commit-ID: 595dd46ebfc10be041a365d0a3fa99df50b6ba73
Gitweb: https://git.kernel.org/tip/595dd46ebfc10be041a365d0a3fa99df50b6ba73
Author: Jia Zhang
AuthorDate: Mon, 12 Feb 2018 22:44:53 +0800
Committer: Ingo Molnar
CommitDate: Tue, 13 Feb 2018 09:15:58 +0100
vfs/proc/kcore, x86/mm/kcore
_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jo...@kernel.org>
---
arch/x86/mm/init_64.c |
_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang
Reviewed-by: Jiri Olsa
---
arch/x86/mm/init_64.c | 2 +-
fs/proc/kcore.c | 4
include/linux/kcore.h | 1
The vsyscall page should be visible only if
vsyscall=emulate/native when dumping /proc/kcore.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jo...@kernel.org>
---
arch/x86/mm/init_64.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff
This patchset was validated with the combinations of pti=on/off and
vsyscall=native/emulate/none.
In addition, CONFIG_HARDENED_USERCOPY is always enabled.
v2:
- Use { } around kclist_add() when there's more than 1 line code
Jia Zhang (2):
/proc/kcore: Fix SMAP violation when dumping
This patchset was validated with the combinations of pti=on/off and
vsyscall=native/emulate/none.
In addition, CONFIG_HARDENED_USERCOPY is always enabled.
v2:
- Use { } around kclist_add() when there's more than 1 line code
Jia Zhang (2):
/proc/kcore: Fix SMAP violation when dumping
The vsyscall page should be visible only if
vsyscall=emulate/native when dumping /proc/kcore.
Signed-off-by: Jia Zhang
Reviewed-by: Jiri Olsa
---
arch/x86/mm/init_64.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index
Hi,
Anybody else here who can give an attention on this review?
Thanks,
Jia
On 2018/2/5 下午5:26, Jiri Olsa wrote:
> On Tue, Jan 30, 2018 at 02:42:59PM +0800, Jia Zhang wrote:
>> The vsyscall page should be visible only if
>> vsyscall=emulate/native when dumping /proc/kcore.
&
Hi,
Anybody else here who can give an attention on this review?
Thanks,
Jia
On 2018/2/5 下午5:26, Jiri Olsa wrote:
> On Tue, Jan 30, 2018 at 02:42:59PM +0800, Jia Zhang wrote:
>> The vsyscall page should be visible only if
>> vsyscall=emulate/native when dumping /proc/kcore.
&
Hi Jiri,
The maintainers are too busy to review this patchset. You are the author
of the commit df04abfd181a. Please help to review this patchset.
Thanks,
Jia
On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data&q
Hi Jiri,
The maintainers are too busy to review this patchset. You are the author
of the commit df04abfd181a. Please help to review this patchset.
Thanks,
Jia
On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data&q
Hi,
Are there any comments here?
Thanks,
Jia
On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
> bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
> accessing vsyscall use
Hi,
Are there any comments here?
Thanks,
Jia
On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
> bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
> accessing vsyscall use
The vsyscall page should be visible only if
vsyscall=emulate/native when dumping /proc/kcore.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
arch/x86/mm/init_64.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/ini
_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
arch/x86/mm/init_64.c | 2 +-
fs/proc/kcore.c | 4
include/linux/
The vsyscall page should be visible only if
vsyscall=emulate/native when dumping /proc/kcore.
Signed-off-by: Jia Zhang
---
arch/x86/mm/init_64.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index dab78f6..3d4cf33 100644
_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang
---
arch/x86/mm/init_64.c | 2 +-
fs/proc/kcore.c | 4
include/linux/kcore.h | 1 +
3 files changed, 6
Commit-ID: 7e702d17ed138cf4ae7c00e8c00681ed464587c7
Gitweb: https://git.kernel.org/tip/7e702d17ed138cf4ae7c00e8c00681ed464587c7
Author: Jia Zhang <zhang@linux.alibaba.com>
AuthorDate: Tue, 23 Jan 2018 11:41:32 +0100
Committer: Thomas Gleixner <t...@linutronix.de>
CommitD
Commit-ID: 7e702d17ed138cf4ae7c00e8c00681ed464587c7
Gitweb: https://git.kernel.org/tip/7e702d17ed138cf4ae7c00e8c00681ed464587c7
Author: Jia Zhang
AuthorDate: Tue, 23 Jan 2018 11:41:32 +0100
Committer: Thomas Gleixner
CommitDate: Wed, 24 Jan 2018 13:00:35 +0100
x86/microcode/intel
在 2018/1/17 上午5:51, Borislav Petkov 写道:
> On Tue, Jan 16, 2018 at 01:30:19PM -0800, Luck, Tony wrote:
>> I could get you a list of model numbers that you can check against
>> model_name.
>
> Yeah, we're not doing that again. :)
>
>> But that seems way worse. Especially as the 2.5MB thing is
在 2018/1/17 上午5:51, Borislav Petkov 写道:
> On Tue, Jan 16, 2018 at 01:30:19PM -0800, Luck, Tony wrote:
>> I could get you a list of model numbers that you can check against
>> model_name.
>
> Yeah, we're not doing that again. :)
>
>> But that seems way worse. Especially as the 2.5MB thing is
atum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
arch/x86/kernel/cpu/microcode/intel.c | 19 +--
1 file changed, 17 insertions(+), 2 deletion
atum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang
---
arch/x86/kernel/cpu/microcode/intel.c | 19 +--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/arch/x86/
在 2018/1/16 上午2:46, Borislav Petkov 写道:
> On Mon, Jan 15, 2018 at 09:11:57PM +0800, Jia Zhang wrote:
>> The commit b94b73733171
>> ("x86/microcode/intel: Extend BDW late-loading with a revision check")
>> reduces the impact of erratum BDF90 for Broadwell process
在 2018/1/16 上午2:46, Borislav Petkov 写道:
> On Mon, Jan 15, 2018 at 09:11:57PM +0800, Jia Zhang wrote:
>> The commit b94b73733171
>> ("x86/microcode/intel: Extend BDW late-loading with a revision check")
>> reduces the impact of erratum BDF90 for Broadwell process
在 2018/1/15 下午7:48, Henrique de Moraes Holschuh 写道:
> On Mon, 15 Jan 2018, Jia Zhang wrote:
>> For more details, see erratum BDF90 in document #334165 (Intel Xeon
>> Processor E7-8800/4800 v4 Product Family Specification Update) from
>> September 2017.
>
> For the re
在 2018/1/15 下午7:48, Henrique de Moraes Holschuh 写道:
> On Mon, 15 Jan 2018, Jia Zhang wrote:
>> For more details, see erratum BDF90 in document #334165 (Intel Xeon
>> Processor E7-8800/4800 v4 Product Family Specification Update) from
>> September 2017.
>
> For the re
atum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
arch/x86/kernel/cpu/microcode/intel.c | 15 +--
1 file changed, 13 insertions(+), 2 deletion
atum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang
---
arch/x86/kernel/cpu/microcode/intel.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu
在 2018/1/15 下午7:48, Henrique de Moraes Holschuh 写道:
> On Mon, 15 Jan 2018, Jia Zhang wrote:
>> For more details, see erratum BDF90 in document #334165 (Intel Xeon
>> Processor E7-8800/4800 v4 Product Family Specification Update) from
>> September 2017.
>
> For the re
在 2018/1/15 下午7:48, Henrique de Moraes Holschuh 写道:
> On Mon, 15 Jan 2018, Jia Zhang wrote:
>> For more details, see erratum BDF90 in document #334165 (Intel Xeon
>> Processor E7-8800/4800 v4 Product Family Specification Update) from
>> September 2017.
>
> For the re
Yes I'm wrong with platform id so drop it.
Jia
在 2018/1/15 下午6:10, Borislav Petkov 写道:
> On Mon, Jan 15, 2018 at 01:43:23PM +0800, Jia Zhang wrote:
>> The commit b94b73733171
>> ("x86/microcode/intel: Extend BDW late-loading with a revision check")
>> redu
Yes I'm wrong with platform id so drop it.
Jia
在 2018/1/15 下午6:10, Borislav Petkov 写道:
> On Mon, Jan 15, 2018 at 01:43:23PM +0800, Jia Zhang wrote:
>> The commit b94b73733171
>> ("x86/microcode/intel: Extend BDW late-loading with a revision check")
>> redu
Platform ID retrieved from MSR_IA32_PLATFORM_ID may be used as
a filtration condition in some cases.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.com>
---
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/cpu/intel.c | 7 +++
2 files changed, 8 insertions(+)
diff
Platform ID retrieved from MSR_IA32_PLATFORM_ID may be used as
a filtration condition in some cases.
Signed-off-by: Jia Zhang
---
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/cpu/intel.c | 7 +++
2 files changed, 8 insertions(+)
diff --git a/arch/x86/include/asm/processor.h
The fix further reduces the impact for the BDW model which has to launch
a machine reset in order to run microcode update in BIOS. This point is
important for some vendors without the concern about machine reboot in
order to fix up Spectre v2.
Jia Zhang (2):
x86/intel: introduce platform_id
is useful to reduce the impact for microcode update launched
by BIOS with a must machine reset.
For more details, see erratum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang <zhang@linux.alibaba.c
The fix further reduces the impact for the BDW model which has to launch
a machine reset in order to run microcode update in BIOS. This point is
important for some vendors without the concern about machine reboot in
order to fix up Spectre v2.
Jia Zhang (2):
x86/intel: introduce platform_id
is useful to reduce the impact for microcode update launched
by BIOS with a must machine reset.
For more details, see erratum BDF90 in document #334165 (Intel Xeon
Processor E7-8800/4800 v4 Product Family Specification Update) from
September 2017.
Signed-off-by: Jia Zhang
---
arch/x86/kernel/cpu
Commit-ID: b94b7373317164402ff7728d10f7023127a02b60
Gitweb: https://git.kernel.org/tip/b94b7373317164402ff7728d10f7023127a02b60
Author: Jia Zhang <qianyue...@alibaba-inc.com>
AuthorDate: Mon, 1 Jan 2018 10:04:47 +0800
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
1 - 100 of 131 matches
Mail list logo