[PATCH 10/38] Annotate hardware config module parameters in drivers/iio/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 27/38] Annotate hardware config module parameters in drivers/scsi/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 32/38] Annotate hardware config module parameters in drivers/video/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 30/38] Annotate hardware config module parameters in drivers/staging/vme/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 01/24] efi: Add EFI_SECURE_BOOT bit

From: Josh Boyer UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit that can be passed to efi_enabled() to find out whether secure boot is enabled. This will be used by the SysRq+x handler, registered by the x86 arch, to find out whether

[PATCH 00/24] Kernel lockdown

These patches provide a facility by which a variety of avenues by which userspace can feasibly modify the running kernel image can be locked down. These include: (*) No unsigned modules and no modules for which can't validate the signature. (*) No use of ioperm(), iopl() and no writing

[PATCH 02/24] Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 00/24] Kernel lockdown

These patches provide a facility by which a variety of avenues by which userspace can feasibly modify the running kernel image can be locked down. These include: (*) No unsigned modules and no modules for which can't validate the signature. (*) No use of ioperm(), iopl() and no writing

[PATCH 06/24] Add a sysrq option to exit secure boot mode

From: Kyle McMartin Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running kernel image to be modified. This lifts the lockdown. Signed-off-by: Kyle McMartin Signed-off-by: David Howells --- arch/x86/Kconfig

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature

[PATCH 13/38] Annotate hardware config module parameters in drivers/media/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 10/24] hibernate: Disable when the kernel is locked down

From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by:

Re: [linux-sunxi] Re: [PATCH v3 04/11] drm/sun4i: abstract the layer type

在 2017-04-05 10:27，Chen-Yu Tsai 写道： On Wed, Apr 5, 2017 at 3:53 AM, Icenowy Zheng wrote: 在 2017年04月05日 03:28, Sean Paul 写道: On Thu, Mar 30, 2017 at 03:46:06AM +0800, Icenowy Zheng wrote: As we are going to add support for the Allwinner DE2 Mixer in sun4i-drm driver, we

[PATCH 08/38] Annotate hardware config module parameters in drivers/gpio/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 00/38] Annotate hw config module params for future lockdown

s, however, there for future use. Further note that the hwtype can also be used for grepping. The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=hwparam at tag: hwparam-20170405 David --- David Howells (38): Annotate mod

[PATCH 01/38] Annotate module params that specify hardware parameters (eg. ioport)

Provided an annotation for module parameters that specify hardware parameters (such as io ports, iomem addresses, irqs, dma channels, fixed dma buffers and other types). This will enable such parameters to be locked down in the core parameter parser for secure boot support. I've also included

[PATCH 03/38] Annotate hardware config module parameters in drivers/char/ipmi/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Re: [PATCH v2 1/2] x86/mce/AMD: Redo use of SMCA MCA_DE{STAT,ADDR} registers

On Wed, Apr 05, 2017 at 05:06:19PM +, Ghannam, Yazen wrote: > Checking if we have a valid deferred error. Since we call __log_error() on > thresholding interrupts too we would need to tell it which handler is calling > it to do the correct check. This is what we currently do. That's why I

Re: [PATCH] crypto: arm64/sha: use %c constraint code in ASM_EXPORT

On 05/04/17 18:08, Ard Biesheuvel wrote: > Hoi Matthias! > > On 5 April 2017 at 17:56, Matthias Kaehlcke wrote: >> From: Greg Hackmann >> >> The current definition of ASM_EXPORT doesn't work properly with clang, >> according to

[PATCH v5 3/7] mfd: axp20x: add MFD cells for AXP20X and AXP22X battery driver

The X-Powers AXP20X and AXP22X PMICs can have a battery as power supply. This patch adds the AXP20X/AXP22X battery driver to the MFD cells of the AXP209, AXP221 and AXP223 MFD. Signed-off-by: Quentin Schulz Acked-for-MFD-by: Lee Jones

Applied "regulator: DT: Add settling time property for non-linear voltage change" to the regulator tree

The patch regulator: DT: Add settling time property for non-linear voltage change has been applied to the regulator tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime

[PATCH v6 07/23] PCI: endpoint: functions: Add an EP function to test PCI

Adds a new endpoint function driver (to program the virtual test device) making use of the EP-core library. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas --- drivers/pci/endpoint/Kconfig | 2 +

Re: [linux-sunxi] [PATCH 07/11] regulator: axp20x-regulator: add support for AXP803

Hi, On Wed, Apr 5, 2017 at 2:01 AM, Icenowy Zheng wrote: > AXP803 PMIC also have a series of regulators (DCDCs and LDOs) > controllable via I2C/RSB bus. > > Add support for them. > > Signed-off-by: Icenowy Zheng > --- > drivers/regulator/axp20x-regulator.c |

[PATCH v6 01/23] PCI: endpoint: Add EP core layer to enable EP controller and EP functions

Introduce a new EP core layer in order to support endpoint functions in linux kernel. This comprises the EPC library (Endpoint Controller Library) and EPF library (Endpoint Function Library). EPC library implements functions specific to an endpoint controller and EPF library implements functions

[PATCH v6 18/23] Documentation: misc-devices: Add Documentation for pci-endpoint-test driver

Add Documentation for pci-endpoint-test driver. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas --- Documentation/misc-devices/pci-endpoint-test.txt | 35 1 file changed, 35 insertions(+) create mode 100644

Re: [PATCH v2 1/2] dt-bindings: Document the STM32 QSPI bindings

On 04/04/2017 02:20 PM, Rob Herring wrote: On Tue, Apr 4, 2017 at 2:28 AM, Ludovic BARRE wrote: Hi Rob thanks for review my comments below br Ludo On 04/03/2017 06:57 PM, Rob Herring wrote: On Fri, Mar 31, 2017 at 07:02:03PM +0200, Ludovic Barre wrote: From: Ludovic

Re: scope of cred_guard_mutex.

On Wed, Apr 5, 2017 at 9:08 AM, Oleg Nesterov wrote: > On 04/03, Eric W. Biederman wrote: >> >> You have asked why I have problems with your patch and so I am going to >> try to explain. Partly I want to see a clean set of patches that we >> can merge into Linus's tree before we

[for-next][PATCH 0/7] tracing: Updates to filter probes and early ftrace init

git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git for-next Head SHA1: 696ced4fb1d76802f864d8848aa4716633f83c17 Alban Crequy (1): tracing/kprobes: expose maxactive for kretprobe in kprobe_events Steven Rostedt (VMware) (6): ftrace: Clean up __seq_open_private()

[for-next][PATCH 4/7] ftrace: Update func_pos in t_start() when all functions are enabled

From: "Steven Rostedt (VMware)" If all functions are enabled, there's a comment displayed in the file to denote that: # cd /sys/kernel/debug/tracing # cat set_ftrace_filter all functions enabled If a function trigger is set, those are displayed as well: #

[for-next][PATCH 1/7] ftrace: Clean up __seq_open_private() return check

From: "Steven Rostedt (VMware)" The return status check of __seq_open_private() is rather strange: iter = __seq_open_private(); if (iter) { /* do stuff */ } return iter ? 0 : -ENOMEM; It makes much more sense to do the

[for-next][PATCH 3/7] ftrace: Return NULL at end of t_start() instead of calling t_hash_start()

From: "Steven Rostedt (VMware)" The loop in t_start() of calling t_next() will call t_hash_start() if the pos is beyond the functions and enters the hash items. There's no reason to check if p is NULL and call t_hash_start(), as that would be redundant. Signed-off-by:

[for-next][PATCH 2/7] ftrace: Assign iter->hash to filter or notrace hashes on seq read

From: "Steven Rostedt (VMware)" Instead of testing if the hash to use is the filter_hash or the notrace_hash at each iteration, do the test at open, and set the iter->hash to point to the corresponding filter or notrace hash. Then use that directly instead of testing which

Re: [PATCH v5 21/23] drivers/fsi: Add SCOM FSI client device driver

On 04/04/17 19:06, Christopher Bostic wrote: > From: Chris Bostic > > Create a simple SCOM engine device driver that reads and writes > its control registers via an FSI bus. > > Includes changes from Edward A. James . > > Signed-off-by: Chris

Re: [PATCH v2] soc: qcom: smsm: Improve error handling, quiesce probe deferral

On Wed 05 Apr 05:10 PDT 2017, Jonathan Neusch?fer wrote: > Don't use size if info indicates an error condition. Previously a > non-ENOENT error (such as -EPROBE_DEFER) would lead to size being used > even though it hadn't necessarily been initialized in qcom_smem_get. > > Don't print an error

[PATCH 29/38] Annotate hardware config module parameters in drivers/staging/speakup/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 34/38] Annotate hardware config module parameters in fs/pstore/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also require that all kernel modules also be signed. Add a configuration option that to lock down the kernel - which includes requiring validly signed modules

[PATCH 02/24] Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 01/24] efi: Add EFI_SECURE_BOOT bit

From: Josh Boyer UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit that can be passed to efi_enabled() to find out whether secure boot is enabled. This will be used by the SysRq+x handler, registered by the x86 arch, to find out whether

[PATCH 22/38] Annotate hardware config module parameters in drivers/net/wan/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

From: Matthew Garrett Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when the kernel has been locked down. Signed-off-by: Matthew Garrett

Re: [PATCH] kbuild, LLVMLinux: Add -Werror to cc-option to support clang

Hi Arnd, 2017-04-03 6:46 GMT+09:00 Masahiro Yamada : > Hi Arnd, > > > 2017-04-01 5:38 GMT+09:00 Arnd Bergmann : >> From: Mark Charlebois >> >> Clang will warn about unknown warnings but will not return false >> unless -Werror is

[PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down

From: Matthew Garrett We have no way of validating what all of the Asus WMI methods do on a given machine - and there's a risk that some will allow hardware state to be manipulated in such a way that arbitrary code can be executed in the kernel, circumventing module

[PATCH 16/24] ACPI: Limit access to custom_method when the kernel is locked down

From: Matthew Garrett custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if the kernel is locked down. Signed-off-by: Matthew Garrett

[PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on loading modules. Ignore the option when the kernel is locked down. Signed-off-by: Josh Boyer

[PATCH 12/24] PCI: Lock down BAR access when the kernel is locked down

From: Matthew Garrett Any hardware that can potentially generate DMA has to be locked down in order to avoid it being possible for an attacker to modify kernel code, allowing them to circumvent disabled module loading or module signing. Default to paranoid - in future

[PATCH 14/24] x86: Restrict MSR access when the kernel is locked down

From: Matthew Garrett Writing to MSRs should not be allowed if the kernel is locked down, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Cc: Kees Cook Signed-off-by: Matthew Garrett

[PATCH 13/24] x86: Lock down IO port access when the kernel is locked down

From: Matthew Garrett IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register space. This would potentially permit root to trigger arbitrary DMA, so lock it down by default.

[PATCH 18/24] acpi: Disable ACPI table override if the kernel is locked down

From: Linn Crosetto >From the kernel documentation (initrd_table_override.txt): If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible to override nearly any ACPI table provided by the BIOS with an instrumented, modified one. When securelevel is set, the

[PATCH 11/24] uswsusp: Disable when the kernel is locked down

From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells

[PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 04/38] Annotate hardware config module parameters in drivers/char/mwave/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 05/38] Annotate hardware config module parameters in drivers/char/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Applied "ASoC: wm_adsp: Add support for ADSP2V2" to the asoc tree

The patch ASoC: wm_adsp: Add support for ADSP2V2 has been applied to the asoc tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus

Applied "ASoC: wm_adsp: add support for DSP region lock" to the asoc tree

The patch ASoC: wm_adsp: add support for DSP region lock has been applied to the asoc tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to

Applied "ASoC: cs53l30: Set .of_match_table to OF device ID table" to the asoc tree

The patch ASoC: cs53l30: Set .of_match_table to OF device ID table has been applied to the asoc tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours)

Applied "ASoC: max9867: export OF device ID as module aliases" to the asoc tree

The patch ASoC: max9867: export OF device ID as module aliases has been applied to the asoc tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and

Applied "regulator: Add settling time for non-linear voltage transition" to the regulator tree

The patch regulator: Add settling time for non-linear voltage transition has been applied to the regulator tree at git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the

Re: [PATCH 11/16] fpga: intel: fme: add partial reconfiguration sub feature support

On Wed, Apr 5, 2017 at 10:26 AM, Alan Tull wrote: > On Wed, Apr 5, 2017 at 6:40 AM, Wu, Hao wrote: >>> >> The fpga_image_info struct started life as just image specific info, >>> >> but I want it to go in the direction of including parameters needed to >>> >>

[PATCH v6 04/23] Documentation: PCI: Guide to use PCI endpoint configfs

Add Documentation to help users use PCI endpoint to configure PCI endpoint function and to bind the endpoint function with endpoint controller. Signed-off-by: Kishon Vijay Abraham I Acked-By: Joao Pinto Signed-off-by: Bjorn Helgaas ---

[PATCH v6 05/23] PCI: endpoint: Create configfs entry for EPC device and EPF driver

Invoke APIs provided by pci-ep-cfs to create configfs entry for every EPC device and EPF driver to help users in creating EPF device and binding the EPF device to the EPC device. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas ---

[PATCH v6 11/23] PCI: dwc: dra7xx: Facilitate wrapper and MSI interrupts to be enabled independently

No functional change. Split dra7xx_pcie_enable_interrupts() into dra7xx_pcie_enable_wrapper_interrupts() and dra7xx_pcie_enable_msi_interrupts() so that wrapper interrupts and MSI interrupts can be enabled independently. This is in preparation for adding EP mode support to dra7xx driver since EP

[PATCH v6 10/23] dt-bindings: PCI: Add DT bindings for PCI designware EP mode

Add device tree binding documentation for PCI designware EP mode. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas Acked-by: Rob Herring --- .../devicetree/bindings/pci/designware-pcie.txt| 26 +++--- 1

Re: [PATCH 5/6] ASoC: wm8978: Add OF device ID table

On Tue, Apr 04, 2017 at 03:26:29PM -0400, Javier Martinez Canillas wrote: > The driver doesn't have a struct of_device_id table but supported devices > are registered via Device Trees. This is working on the assumption that a > I2C device registered via OF will always match a legacy I2C device ID

Re: imx-drm: vblank wait timed out

2017-04-05 12:05 GMT+02:00 Philipp Zabel : > On Tue, 2017-04-04 at 14:50 +0200, Christian Gmeiner wrote: > [...] >> > Is this on a non-plus i.MX6? Maybe are missing the LDB DI clock glitch >> > fixes (commits 5d283b083800, 03d576f202e8, and f13abeff2cde)? >> >> Yes it is a

Re: scope of cred_guard_mutex.

On 04/03, Eric W. Biederman wrote: > > You have asked why I have problems with your patch and so I am going to > try to explain. Partly I want to see a clean set of patches that we > can merge into Linus's tree before we make any compromises. Because the > work preparing a clean patchset may

Re: [PATCH 0/2] mtd: spi-nor: add stm32 qspi driver

hi Cyrille, Marek I've re-based and tested my patchset onto "mtd: spi-nor: introduce more SPI protocols and the Dual Transfer Mode" So I can deliver my patchset before or after Cyrille patchset How do you wish process? what version do you want for the v3? BR Ludo On 03/30/2017 12:15 PM,

Re: [PATCH 0/6] mm: make movable onlining suck less

On Wed 05-04-17 10:48:52, Reza Arbab wrote: > On Wed, Apr 05, 2017 at 08:42:39AM +0200, Michal Hocko wrote: > >On Tue 04-04-17 16:43:39, Reza Arbab wrote: > >>Okay, getting further. With this I can again repeatedly add and remove, > >>but now I'm seeing a weird variation of that earlier issue: >

Soft Lockup in "__udp4_lib_lookup", Maybe a GCC's bug

Hi guys, I'm using linux-3.2, yes, it's pretty old I know, and I'm going to move on a latest stable version. I hit a soft lockup issue in function `__udp4_lib_lookup`. And it turns out that the soft lockup results from that it got a hlist_nulls_node from a hash slot, but that hlist_nulls_node

[PATCH v5 1/7] dt-bindings: power: supply: add AXP20X/AXP22X battery DT binding

The X-Powers AXP20X and AXP22X PMICs can have a battery as power supply. This patch adds the DT binding documentation for the battery power supply which gets various data from the PMIC, such as the battery status (charging, discharging, full, dead), current max limit, current current, battery

[PATCH 14/38] Annotate hardware config module parameters in drivers/misc/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Re: [PATCH net-next 3/3] vxlan: allow multiple VXLANs with same VNI for IPv6 link-local addresses

On 03/15/2017 04:22 PM, Jiri Benc wrote: > On Wed, 15 Mar 2017 15:29:29 +0100, Matthias Schiffer wrote: >> While ensuring that the destination address is link-local iff the source >> address is would also be an option, it didn't seem too useful as the >> destination address will be a multicast

[PATCH 26/38] Annotate hardware config module parameters in drivers/pcmcia/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 28/38] Annotate hardware config module parameters in drivers/staging/media/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 21/38] Annotate hardware config module parameters in drivers/net/irda/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Re: [PATCH 34/38] Annotate hardware config module parameters in fs/pstore/

On Wed, Apr 5, 2017 at 10:01 AM, David Howells wrote: > When the kernel is running in secure boot mode, we lock down the kernel to > prevent userspace from modifying the running kernel image. Whilst this > includes prohibiting access to things like /dev/mem, it must also

[PATCH 17/38] Annotate hardware config module parameters in drivers/net/arcnet/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Re: [PATCH v2 00/11] fujitsu-laptop: backlight cleanup

On Wed, Apr 05, 2017 at 08:48:59AM +0200, Michał Kępień wrote: > This series introduces further changes to the way LCD backlight is > handled by fujitsu-laptop. These changes include fixing a bug in code > responsible for generating brightness-related input events, cleaning up > handling of

Re: [STABLE REGRESSION] iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3

Hi Hongyan, Can you check if the patch meets your requirement/needs for ISH? Thanks, Srinivas On Wed, 2017-04-05 at 16:21 +0530, Ritesh Raj Sarraf wrote: > On Tue, 2017-04-04 at 17:44 -0700, Srinivas Pandruvada wrote: > > > > Hi Ritesh, > > > > Does the attached patch helps? > > Thank you

[GIT PULL] PCI: Support for configurable PCI endpoint

Hi Bjorn, Please find the pull request for PCI endpoint support below. I've also included all the history here. Changes from v5: *) remove #syscon-cells property added in v5 and used of_parse_phandle_with_fixed_args *) fix compilation error in make.cross ARCH=blackfin that was because

Re: [GIT PULL] PCI: Support for configurable PCI endpoint

Hi Bjorn, On Wednesday 05 April 2017 02:06 AM, Bjorn Helgaas wrote: > On Mon, Mar 27, 2017 at 03:14:56PM +0530, Kishon Vijay Abraham I wrote: >> Hi Bjorn, >> >> Please find the pull request for PCI endpoint support below. I've >> also included all the history here. > > I tentatively applied this

[PATCH] arm: dma: fix sharing of coherent DMA memory without struct page

When coherent DMA memory without struct page is shared, importer fails to find the page and runs into kernel page fault when it tries to dmabuf_ops_attach/map_sg/map_page the invalid page found in the sg_table. Please see www.spinics.net/lists/stable/msg164204.html for more information on this

RE: [RFC 2/8] cxgb4: setup pcie memory window 4 and create p2pmem region

> > > > +static void setup_memwin_p2pmem(struct adapter *adap) > > +{ > > + unsigned int mem_base = t4_read_reg(adap, > CIM_EXTMEM2_BASE_ADDR_A); > > + unsigned int mem_size = t4_read_reg(adap, > CIM_EXTMEM2_ADDR_SIZE_A); > > + > > + if (!use_p2pmem) > > + return; > > This is

RE: [RFC 4/8] p2pmem: Add debugfs "stats" file

> > > + p2pmem_debugfs_root = debugfs_create_dir("p2pmem", NULL); > > + if (!p2pmem_debugfs_root) > > + pr_info("could not create debugfs entry, continuing\n"); > > + > > Why continue? I think it'd be better to just fail it. > Because not having debugfs support isn't fatal to

Re: [PATCH v6 01/23] PCI: endpoint: Add EP core layer to enable EP controller and EP functions

On Wed, Apr 05, 2017 at 02:22:21PM +0530, Kishon Vijay Abraham I wrote: > Introduce a new EP core layer in order to support endpoint functions in > linux kernel. This comprises the EPC library (Endpoint Controller Library) > and EPF library (Endpoint Function Library). EPC library implements >

[PATCH 38/38] Annotate hardware config module parameters in sound/pci/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 35/38] Annotate hardware config module parameters in sound/drivers/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 33/38] Annotate hardware config module parameters in drivers/watchdog/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 12/38] Annotate hardware config module parameters in drivers/isdn/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

RE: [PATCH v2 1/2] x86/mce/AMD: Redo use of SMCA MCA_DE{STAT,ADDR} registers

> -Original Message- > From: Borislav Petkov [mailto:b...@alien8.de] > Sent: Wednesday, April 05, 2017 12:45 PM > To: Ghannam, Yazen > Cc: linux-e...@vger.kernel.org; Tony Luck ; > x...@kernel.org; linux-kernel@vger.kernel.org > Subject: Re:

[PATCH 23/38] Annotate hardware config module parameters in drivers/net/wireless/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

[PATCH 08/24] Copy secure_boot flag in boot params across kexec reboot

From: Dave Young Kexec reboot in case secure boot being enabled does not keep the secure boot mode in new kernel, so later one can load unsigned kernel via legacy kexec_load. In this state, the system is missing the protections provided by secure boot. Adding a patch to fix

[PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set

From: Chun-Yi Lee When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image through kexec_file systemcall if securelevel has been set. This code was showed in Matthew's patch but not in git: https://lkml.org/lkml/2015/3/13/778 Cc: Matthew Garrett

[PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down

From: Matthew Garrett Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when the kernel has been locked down. Signed-off-by: Matthew Garrett

[PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also require that all kernel modules also be signed. Add a configuration option that to lock down the kernel - which includes requiring validly signed modules

[PATCH 04/24] Enforce module signatures if the kernel is locked down

If the kernel is locked down, require that all modules have valid signatures that we can verify. Signed-off-by: David Howells --- kernel/module.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index

[PATCH 18/38] Annotate hardware config module parameters in drivers/net/can/

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a

Re: [RFC] [media] imx: assume MEDIA_ENT_F_ATV_DECODER entities output video on pad 1

> Currently, the driver doesn't support (2), because, at the time > I wrote the driver, I didn't find a way to read the interrupts generated > by tvp5150 at em28xx[1], due to the lack of em28xx documentation, > but adding support for it shoudn't be hard. I may eventually do it > when I have some

Re: [PATCH 4/8] x86/intel_rct/mba: Add MBA structures and initialize MBA

On Mon, 3 Apr 2017, Vikas Shivappa wrote: > > /** > + * struct rdt_domain - group of cpus sharing an RDT resource > + * @list:all instances of this resource > + * @id: unique id for this instance > + * @cpu_mask:which cpus share this resource > + * @ctrl_val:

<    1   2   3   4   5   6   7   8   9   10   >