On Tue, Apr 18, 2017 at 4:24 PM, Mickaël Salaün <m...@digikod.net> wrote:
> On 19/04/2017 00:53, Kees Cook wrote:
>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>> +#ifdef CONFIG_SECCOMP_FILTER
>>
>> Isn't CONFIG_SECCOMP_FIL
On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote:
> The semantic is unchanged. This will be useful for the Landlock
> integration with seccomp (next commit).
>
> Signed-off-by: Mickaël Salaün <m...@digikod.net>
> Cc: Kees Cook <keesc...@chrom
ure)
> * add an early check to exit as soon as possible if the current process
> does not have Landlock rules
>
> Changes since v3:
> * remove the hard link with seccomp (suggested by Andy Lutomirski and
> Kees Cook):
> * remove the cookie which could imply multiple evaluatio
anup and rebase
>
> Signed-off-by: Mickaël Salaün <m...@digikod.net>
> Cc: Alexei Starovoitov <a...@kernel.org>
> Cc: Andy Lutomirski <l...@amacapital.net>
> Cc: Daniel Borkmann <dan...@iogearbox.net>
> Cc: David S. Miller <da...@davemloft.net>
> Cc
On Tue, Apr 18, 2017 at 4:16 PM, Casey Schaufler <ca...@schaufler-ca.com> wrote:
> On 4/18/2017 3:44 PM, Mickaël Salaün wrote:
>> On 19/04/2017 00:17, Kees Cook wrote:
>>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>>
ng seccomp uses, in which case I'm less inclined to kick landlock
out of seccomp.c. :)
Looks like it's coming along nicely! Thanks for continuing to work on this!
-Kees
--
Kees Cook
Pixel Security
On Tue, Apr 18, 2017 at 4:53 PM, Mickaël Salaün <m...@digikod.net> wrote:
> On 19/04/2017 01:16, Kees Cook wrote:
>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/landlock/Ma
d-off-by: Mickaël Salaün <m...@digikod.net>
> Cc: Andy Lutomirski <l...@amacapital.net>
> Cc: Arnaldo Carvalho de Melo <a...@kernel.org>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Shuah Khan <sh...@kernel.org>
> Cc: Will Drewry <w...@chromium.org
On Tue, Aug 1, 2017 at 3:29 PM, David Miller <da...@davemloft.net> wrote:
> From: Kees Cook <keesc...@chromium.org>
> Date: Sun, 30 Jul 2017 18:31:17 -0700
>
>> In preparation for the randstruct gcc plugin performing randomization of
>> structures that ar
__secure_computing() access to syscall
> arguments.")
> Signed-off-by: James Hogan <james.ho...@imgtec.com>
> Cc: Ralf Baechle <r...@linux-mips.org>
> Cc: David Daney <david.da...@cavium.com>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Andy Lu
gt; I just need a good machine.
I've got all this set up now, and it faults during the test:
Unable to handle kernel NULL pointer dereference at virtual address 0008
...
CPU: 0 PID: 1922 Comm: test_progs Not tainted 4.12.0+ #60
...
PC is at __htab_map_lookup_elem+0x54/0x1f4
I'll see if I can send you this disk image...
-Kees
--
Kees Cook
Pixel Security
Russell, can you
> please help with sending this patch to ARM patch tracker?
If some other folks can Ack this, I can throw it at the patch tracker
for you. I'll report back on my findings.
-Kees
--
Kees Cook
Pixel Security
On Wed, Jul 5, 2017 at 3:11 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Fri, Jun 23, 2017 at 3:39 PM, Shubham Bansal
> <illusionist@gmail.com> wrote:
>> Hi Russell,Daniel and Kees,
>>
>> I am attaching the latest patch with this mail. It included supp
In preparation for the randstruct gcc plugin performing randomization of
structures that are entirely function pointers, use designated initializers
so the compiler doesn't get angry.
Reported-by: kbuild test robot <fengguang...@intel.com>
Signed-off-by: Kees Cook <keesc...@chr
equire a configured interface, it would be mitigated
with module autoload blocking:
https://lkml.org/lkml/2017/4/19/1088
(Yes, yes, I know both are still being worked on, but this is a good
example to show another case where they'd have been useful.)
-Kees
--
Kees Cook
Pixel Security
w before I send the
> patch.
I'd say send what you have right now, as it's a good starting point
for future work. I'll be curious to see the benchmarks, etc. It can be
a base for further optimization.
Thanks for chipping away at this!
-Kees
--
Kees Cook
Pixel Security
ded system-wide as we can't allow
>> module loading per-ns. To validate the behavior I was comparing it
>> with insmod/modprobe, if that doesn't allow because of lack of this
>> capability in default-ns, then this *indirect* method of loading
>> module should not allow the same action and the behavior should be
>> consistent. So with that logic if userspace asks for a random
>> char-device if insmod/modprobe cannot load it, then this method should
>> not load it either for the consistency, right?
>
>
> This patch will break applications that expected modules being auto loaded.
I would prefer that we continue to look at the autoloading
restrictions series, since that will be more flexible and cover a
wider set of cases:
https://lkml.org/lkml/2017/4/19/1086
-Kees
--
Kees Cook
Pixel Security
after code refactoring. Thanks for all the help
> you guys. I really really appreciate it.
>
> Special thanks to Kees and Daniel. :)
>
> Best,
> Shubham Bansal
>
>
> On Thu, May 11, 2017 at 9:00 PM, Kees Cook <keesc...@chromium.org> wrote:
>> On Thu, May 11
In at least one place, the enter/exit debugging was not being correctly
matched. Based on mailing list feedback, it was desired to drop all of
these in favor of using ftrace instead.
Suggested-by: Joe Perches <j...@perches.com>
Suggested-by: Kalle Valo <kv...@codeaurora.org>
Signed-
not
leak rodata contents. Additionally adjust indentation to keep checkpatch.pl
happy.
This was found with the future CONFIG_FORTIFY_SOURCE feature.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
v3:
- drop needless "*"; joe
- fix
.
This was found with the future CONFIG_FORTIFY_SOURCE feature.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/wireless/marvell/libertas/mesh.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/
On Tue, May 9, 2017 at 9:33 PM, Joe Perches <j...@perches.com> wrote:
> On Tue, 2017-05-09 at 16:23 -0700, Kees Cook wrote:
>> Using memcpy() from a string that is shorter than the length copied means
>> the destination buffer is being filled with arbitrary data from the ker
not
leak rodata contents. Additionally adjust indentation to keep checkpatch.pl
happy.
This was found with the future CONFIG_FORTIFY_SOURCE feature.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
v2: use ETH_GSTRING_LEN; joe
---
drivers/
e this, so I'd suggest ignoring this
config for now unless you can find someone with that hardware that you
can work with to test it.
In the case of CONFIG_FRAME_POINTER, I assume you built a
THUMB2_KERNEL? I'd read the notes in arch/arm/Kconfig.debug for
'config FRAME_POINTER'.
-Kees
--
Kees Cook
Pixel Security
lid */
> + if (capable(CAP_SYS_MODULE) ||
> + (allow_cap > 0 && capable(allow_cap)))
With the allow_cap check already happening in my suggestion for
__request_module(), it's not needed here. (In fact, it's not even
really needed to plumb this into the hook, I don't think?
Regardless, I remain a fan. :)
-Kees
--
Kees Cook
Pixel Security
suffered, and that's
mainly the const blinding, I assume.
Please post your current patch. Thanks for this!
-Kees
--
Kees Cook
Pixel Security
#0 TAX
interp: 757 645 650
jitted: 234 171 195
30.9% 26.5% 30.0%
harden: 239 218 229
ntly the only user of
> security_kernel_module_request() hook.
>
> Based on patch by Rusty Russell:
> https://lkml.org/lkml/2017/4/26/735
>
> Cc: Serge Hallyn <se...@hallyn.com>
> Cc: Andy Lutomirski <l...@kernel.org>
> Suggested-by: Rusty Russell <ru...@rustcorp
g user process memory.
Here, it's CAP_SYS_MODULE... it's hard to imagine the situation where
a CAP_SYS_MODULE-capable process could write to this sysctl but NOT
issue direct modprobe requests, but it's _possible_ via crazy symlink
games to trick capable processes into writing to sysctls. We've seen
this multiple times before, and it's a way for attackers to turn a
single privileged write into a privileged exec.
I might turn the question around, though: why would we want to have it
changeable at this setting?
I'm fine leaving that piece off, either way.
-Kees
--
Kees Cook
Pixel Security
p-watchdogs.txt
You can raise the softlockup time-out by changing the number of
seconds here: /proc/sys/kernel/watchdog_thresh I think the softlockup
is counting the entire runtime of the bpf_tests run, so if it takes 30
seconds to run, put at least 15 into /proc/sys/kernel/watchdog_thresh
-Kees
--
Kees Cook
Pixel Security
make sure people
know it's not considered fully done. :)
-Kees
--
Kees Cook
Pixel Security
seq_putc() in lec_info()
>
> net/atm/lec.c | 55 +++
> 1 file changed, 27 insertions(+), 28 deletions(-)
These all look fine to me. Thanks!
Reviewed-by: Kees Cook <keesc...@chromium.org>
-Kees
--
Kees Cook
Pixel Security
On Mon, May 22, 2017 at 10:03 PM, Shubham Bansal
<illusionist@gmail.com> wrote:
> On Tue, May 23, 2017 at 9:52 AM, Kees Cook <keesc...@chromium.org> wrote:
>> On Mon, May 22, 2017 at 8:34 PM, Shubham Bansal
>> <illusionist@gmail.com> wrote:
>>>
all land at the
same time. Any thoughts on this Daniel?
-Kees
--
Kees Cook
Pixel Security
On Tue, May 23, 2017 at 3:29 AM, Djalal Harouni <tix...@gmail.com> wrote:
> On Tue, May 23, 2017 at 12:20 AM, Kees Cook <keesc...@chromium.org> wrote:
>> On Mon, May 22, 2017 at 4:57 AM, Djalal Harouni <tix...@gmail.com> wrote:
>>> This is a preparation patch
e systems start implementing
CONFIG_STATIC_USERMODEHELPER and kernel.modprobe becomes read-only
(though the userspace implementation may allow for some way to disable
it, etc). I just like avoiding the upcall to modprobe at all.
-Kees
--
Kees Cook
Pixel Security
disclosure of up to ~70 uninitialized bytes from the kernel stack to
> user-mode clients capable of creating AFC_NFC sockets.
>
> Signed-off-by: Mateusz Jurczyk <mjurc...@google.com>
Acked-by: Kees Cook <keesc...@chromium.org>
-Kees
> ---
> net/nfc/llcp_sock.c | 3 +--
unhandled NULL pointer
> dereference exceptions which can be triggered by malicious user-mode
> programs, if they omit one or both of these attributes.
>
> Signed-off-by: Mateusz Jurczyk <mjurc...@google.com>
Acked-by: Kees Cook <keesc...@chromium.org>
-Kees
> ---
> ne
On Sun, May 28, 2017 at 1:15 AM, Christoph Hellwig <h...@infradead.org> wrote:
> On Fri, May 26, 2017 at 01:17:12PM -0700, Kees Cook wrote:
>> The NIU ethernet driver intentionally stores a page struct pointer on
>> top of the "mapping" field. Whitelist this case:
[trying again with correct linux-mm address...]
On Sun, May 28, 2017 at 1:15 AM, Christoph Hellwig <h...@infradead.org> wrote:
> On Fri, May 26, 2017 at 01:17:12PM -0700, Kees Cook wrote:
>> The NIU ethernet driver intentionally stores a page struct pointer on
>> top o
be
> we already have this. Otherwise, tightening caps needed for implicit
> loads should just be a normal yes/no setting IMO.
Yup, /proc/sys/kernel/modules_disabled already does this.
--
Kees Cook
Pixel Security
oload logic in the following patches. That way the "infrastructure"
changes happen separately and do not change any behaviors, but moves
the caps test down where its wanted in the LSM, before then augmenting
the logic.
> I just need a bit of free time to check again everything and will send
> a v5 with all requested changes.
Great, thank you!
-Kees
--
Kees Cook
Pixel Security
bably go in via the ARM patch
tracker? Russell does that sound okay to you?
-Kees
--
Kees Cook
Pixel Security
leak timing information,
>> which could then be used to iteratively forge a MAC.
>
> Do you have any pointers where I could learn more about this?
While not using C specifically, this talks about the problem generally:
https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html
-Kees
--
Kees Cook
Pixel Security
Instead of a direct cross-type cast, use conatiner_of() to locate
the embedded structure, even in the face of future struct layout
randomization.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
net/decnet/dn_neigh.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/brocade/bna/bfa_ioc.c
b/drivers/net/ethernet/brocade/b
.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qlge/qlge_dbg.c
b/drivers/net/ethernet
.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/ethernet/brocade/bna/bnad_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c
b/drivers/net/ethernet
.
This was found with the future CONFIG_FORTIFY_SOURCE feature.
Cc: Daniel Micay <danielmi...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/wireless/ray_cs.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireles
On Wed, May 24, 2017 at 7:16 AM, Djalal Harouni <tix...@gmail.com> wrote:
> On Tue, May 23, 2017 at 9:19 PM, Kees Cook <keesc...@google.com> wrote:
>> On Tue, May 23, 2017 at 3:29 AM, Djalal Harouni <tix...@gmail.com> wrote:
>> Even in the existing code, the
Forwarding this to net-dev and eBPF folks, who weren't on CC...
-Kees
On Thu, May 25, 2017 at 4:13 PM, Shubham Bansal
wrote:
> The JIT compiler emits ARM 32 bit instructions. Currently, It supports
> eBPF only. Classic BPF is supported because of the conversion by BPF
t commit log]
Cc: Vlad Yasevich <vyasev...@gmail.com>
Cc: Neil Horman <nhor...@tuxdriver.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: linux-s...@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
net/sctp/sock
ter <c...@linux.com>
Cc: Pekka Enberg <penb...@kernel.org>
Cc: David Rientjes <rient...@google.com>
Cc: Joonsoo Kim <iamjoonsoo@lge.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: linux...@kvack.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
anding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: Christoph Hellwig <h...@infradead.org>
Signed-off-by: Kees Cook &
igned-off-by: David Windsor <d...@nullcore.net>
[kees: split from network patch, provide usage trace]
Cc: "David S. Miller" <da...@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
net/caif/caif_socket.c | 2 ++
1 file changed, 2
t commit log]
Cc: Alexander Viro <v...@zeniv.linux.org.uk>
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/fhandle.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/fhandle.c b/fs/fhandle.c
index 58a61f55e0d0..46e0
x.org.uk>
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/dcache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index 5f5e7c1fcf4b..34ef9a9169be 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3642,8 +3642,8 @@
ommit log, provide usage trace]
Cc: Dave Kleikamp <sha...@kernel.org>
Cc: jfs-discuss...@lists.sourceforge.net
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/jfs/super.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
ind
ll-whitelist]
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Eric Dumazet <eduma...@google.com>
Cc: Paolo Abeni <pab...@redhat.com>
Cc: David Howells <dhowe...@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include
sor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: Steve French <sfre...@samba.org>
Cc: linux-c...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
I wasn't able to actually track down the _usage_ of the cifs_request where
it is copied to userspace.
oo Kim <iamjoonsoo@lge.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: linux...@kvack.org
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/slab.h | 27 +--
include/linux/slab_def.h | 3 +++
bbott <labb...@redhat.com>
Cc: Ingo Molnar <mi...@kernel.org>
Cc: Mark Rutland <mark.rutl...@arm.com>
Cc: linux...@kvack.org
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
mm/slab.c | 16 +++-
mm/slub.c | 18 ++
l.org
Cc: Borislav Petkov <b...@suse.de>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Mathias Krause <mini...@googlemail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Rik van Riel <r...@redhat.com>
---
arch/x86/Kconfig | 1 +
arch/x86/include/a
v3:
- added LKDTM update patch
- downgrade BUGs to WARNs and fail closed
- add Acks/Reviews from v2
v2:
- added tracing of allocation and usage
- refactored solutions for task_struct
- split up network patches for readability
I intend for this to land via my usercopy hardening tree, so Acks,
-by: David Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: "Theodore Ts'o" <ty...@mit.edu>
Cc: Andreas Dilger <adilger.ker...@dilger.ca>
Cc: linux-e...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/ext4/sup
: David Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: Jan Kara <j...@suse.com>
Cc: linux-e...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Jan Kara <j...@suse.cz>
---
fs/ext2/super.c | 12 +++-
1 file changed, 7
id Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: "Darrick J. Wong" <darrick.w...@oracle.com>
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
Reviewed-by: Darrick J. Wong <darrick.w...@oracle.com>
---
lit patch, provide usage trace]
Cc: Ingo Molnar <mi...@kernel.org>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Andy Lutomirski <l...@kernel.org>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Rik van Riel <r
gt;
Cc: David Howells <dhowe...@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
net/core/sock.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 832dfb03102e..84cd0b362a02 100644
--
Cc: Alexander Viro <v...@zeniv.linux.org.uk>
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/dcache.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index f90141387f01..5f5e7c1fcf4b 100644
--- a/fs/dcache.c
+++
om>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: linux...@kvack.org
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
mm/slab.c| 3 ++-
mm/slab.h| 3 ++-
mm/slab_common.c | 10 ++
3 files changed, 10 insertions(+), 6
net>
Cc: linux-s...@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/net/sctp/structs.h | 9 +++--
net/sctp/socket.c | 4
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/include/net/sctp/structs.h b/incl
riginal grsecurity/PaX code.
Signed-off-by: David Windsor <d...@nullcore.net>
[kees: split from network patch, provide usage trace]
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.or
0-patch timer_list series. ;)
Do you want me to resend the full series to you, or would you prefer
something else like a patchwork bundle? (I'll explicitly add you to CC
for any future versions, though.)
-Kees
--
Kees Cook
Pixel Security
the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: Boaz Harrosh <o...@electrozaur.com>
Signed-off-by: Kees Cook <keesc...@chromi
[kees: adjust commit log, provide usage trace]
Cc: Evgeniy Dushistov <dushis...@mail.ru>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/ufs/super.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/fs/ufs/super.c b/fs/ufs/super.c
index 6440003f8d
ty/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <d...@nullcore.net>
[kees: adjust commit log, provide usage trace]
Cc: Mike Marshall <hub...@omnibond.com>
S
provide usage trace]
Cc: Luis de Bethencourt <lui...@kernel.org>
Cc: Salah Triki <salah.tr...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Luis de Bethencourt <lui...@kernel.org>
---
fs/befs/linuxvfs.c | 14 +-
1 file changed, 9 insertio
ndrew Morton <a...@linux-foundation.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Andy Lutomirski <l...@kernel.org>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Rik van Riel <r...@redhat.com>
---
I wasn't able to test this, so anyone with a system that can try
n.peter...@oracle.com>
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/scsi/scsi_lib.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 9cf6a80fe297..88bfab251693 1006
Andrew Morton <a...@linux-foundation.org>
Cc: Nicholas Piggin <npig...@gmail.com>
Cc: Laura Abbott <labb...@redhat.com>
Cc: "Mickaël Salaün" <m...@digikod.net>
Cc: Ingo Molnar <mi...@kernel.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Andy Lutomirs
c: Ingo Molnar <mi...@kernel.org>
Cc: James Morse <james.mo...@arm.com>
Cc: "Peter Zijlstra (Intel)" <pet...@infradead.org>
Cc: Dave Martin <dave.mar...@arm.com>
Cc: zijun_hu <zijun...@htc.com>
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by:
..@infradead.org>
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/Kconfig | 1 +
arch/arm/include/asm/processor.h | 7 +++
2 files changed, 8 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 7888
This updates the USERCOPY_HEAP_FLAG_* tests to USERCOPY_HEAP_WHITELIST_*,
since the final form of usercopy whitelisting ended up using an offset/size
window instead of the earlier proposed allocation flags.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/misc/lkdtm.h
On Thu, Sep 21, 2017 at 8:27 AM, Christopher Lameter <c...@linux.com> wrote:
> On Wed, 20 Sep 2017, Kees Cook wrote:
>
>> --- a/mm/slab.c
>> +++ b/mm/slab.c
>> @@ -1291,7 +1291,8 @@ void __init kmem_cache_init(void)
>>*/
>> kmalloc
t;Reshetova, Elena" <elena.reshet...@intel.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
net/atm/mpc.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/atm/mpc.c b/net/atm/mpc.c
index 63138c8c2269..3b59a053b7cb 10064
p.com>
Cc: Ganesh Krishna <ganesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Jens Axboe <ax...@fb.com>
Cc: netdev@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.
ev@vger.kernel.org
Cc: linux-s...@vger.kernel.org
Cc: linuxppc-...@lists.ozlabs.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
Acked-by: Tyrel Datwyler <tyr...@linux.vnet.ibm.com> # for ibmvscsi
---
drivers/scsi/ibmvscsi/ibmvfc.c | 14 ++
drivers/scsi/ibmvscsi/ibmvscsi.c
t;hal.rosenst...@gmail.com>
Cc: Dmitry Torokhov <dmitry.torok...@gmail.com>
Cc: Jeff Kirsher <jeffrey.t.kirs...@intel.com>
Cc: linux...@vger.kernel.org
Cc: linux-r...@vger.kernel.org
Cc: linux-in...@vger.kernel.org
Cc: intel-wired-...@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-b
...@google.com>
Cc: Paolo Abeni <pab...@redhat.com>
Cc: David Howells <dhowe...@redhat.com>
Cc: Colin Ian King <colin.k...@canonical.com>
Cc: Ingo Molnar <mi...@kernel.org>
Cc: linzhang <xiaolou4...@gmail.com>
Cc: netdev@vger.kernel.org
Cc: linux-h...@vger.kernel.o
.
Cc: David Howells <dhowe...@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/net/appletalk/ltpc.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/drivers/net/appletalk/ltpc.c b/drivers/net/appletalk/ltpc.c
index e4aa374caa4d..
On Thu, Sep 21, 2017 at 9:04 AM, Christopher Lameter <c...@linux.com> wrote:
> On Thu, 21 Sep 2017, Kees Cook wrote:
>
>> > So what is the point of this patch?
>>
>> The DMA kmalloc caches are not whitelisted:
>
> The DMA kmalloc caches are pretty obsolete
gt;
Cc: David Ahern <d...@cumulusnetworks.com>
Cc: linux-decnet-u...@lists.sourceforge.net
Cc: netdev@vger.kernel.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to chang
ft.net>
Cc: linux-h...@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to change timer
callback argument type") in v4.14-rc3, but should be ot
com>
Cc: "Reshetova, Elena" <elena.reshet...@intel.com>
Cc: linux-...@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to change
tronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to change timer
callback argument type") in v4.14-rc3, but should be otherwise
stand-alone.
---
drivers/staging/irda/drivers/bfin_sir.c | 12 +++-
1 file
In preparation for unconditionally passing the struct timer_list pointer
to all timer callbacks, switch workqueue to use from_timer() and pass the
timer pointer explicitly.
Cc: Tejun Heo <t...@kernel.org>
Cc: Lai Jiangshan <jiangshan...@gmail.com>
Signed-off-by: Kees Cook <keesc.
This refactors the only users of init_timer_pinned() to use
the new timer_setup() and from_timer(). Drops the definition of
init_timer_pinned().
Cc: Chris Metcalf <cmetc...@mellanox.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees
Hi,
This is the first of many timer infrastructure cleanups to simplify the
timer API[1]. All of these patches are expected to land via the timer
tree, so Acks (or corrections) appreciated.
These patches refactor various users of timer API that are NOT just using
init_timer() or setup_timer()
<m...@sgi.com>
Cc: "James E.J. Bottomley" <j...@linux.vnet.ibm.com>
Cc: "Martin K. Petersen" <martin.peter...@oracle.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: linux...@vger.kernel.org
Cc: linux1394-de...@lists.sourceforge.net
Cc: linux-s...@vger.kernel.
Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to change timer
callback argument type") in v4.14-rc3, but should be otherwise
stand-alone.
---
drivers/net/ethernet/mellanox/mlx4/cat
101 - 200 of 602 matches
Mail list logo