Alex Williamson [Fri, 27 Apr 2012 21:54:08 +0000 (16:54 -0500)]
KVM: unmap pages from the iommu when slots are removed
commit
32f6daad4651a748a58a3ab6da0611862175722f upstream.
We've been adding new mappings, but not destroying old mappings.
This can lead to a page leak as pages are pinned using
get_user_pages, but only unpinned with put_page if they still
exist in the memslots list on vm shutdown. A memslot that is
destroyed while an iommu domain is enabled for the guest will
therefore result in an elevated page reference count that is
never cleared.
Additionally, without this fix, the iommu is only programmed
with the first translation for a gpa. This can result in
peer-to-peer errors if a mapping is destroyed and replaced by a
new mapping at the same gpa as the iommu will still be pointing
to the original, pinned memory address.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Gibson [Wed, 21 Mar 2012 23:34:12 +0000 (16:34 -0700)]
hugepages: fix use after free bug in "quota" handling
commit
90481622d75715bfcb68501280a917dbfe516029 upstream.
hugetlbfs_{get,put}_quota() are badly named. They don't interact with the
general quota handling code, and they don't much resemble its behaviour.
Rather than being about maintaining limits on on-disk block usage by
particular users, they are instead about maintaining limits on in-memory
page usage (including anonymous MAP_PRIVATE copied-on-write pages)
associated with a particular hugetlbfs filesystem instance.
Worse, they work by having callbacks to the hugetlbfs filesystem code from
the low-level page handling code, in particular from free_huge_page().
This is a layering violation of itself, but more importantly, if the
kernel does a get_user_pages() on hugepages (which can happen from KVM
amongst others), then the free_huge_page() can be delayed until after the
associated inode has already been freed. If an unmount occurs at the
wrong time, even the hugetlbfs superblock where the "quota" limits are
stored may have been freed.
Andrew Barry proposed a patch to fix this by having hugepages, instead of
storing a pointer to their address_space and reaching the superblock from
there, had the hugepages store pointers directly to the superblock,
bumping the reference count as appropriate to avoid it being freed.
Andrew Morton rejected that version, however, on the grounds that it made
the existing layering violation worse.
This is a reworked version of Andrew's patch, which removes the extra, and
some of the existing, layering violation. It works by introducing the
concept of a hugepage "subpool" at the lower hugepage mm layer - that is a
finite logical pool of hugepages to allocate from. hugetlbfs now creates
a subpool for each filesystem instance with a page limit set, and a
pointer to the subpool gets added to each allocated hugepage, instead of
the address_space pointer used now. The subpool has its own lifetime and
is only freed once all pages in it _and_ all other references to it (i.e.
superblocks) are gone.
subpools are optional - a NULL subpool pointer is taken by the code to
mean that no subpool limits are in effect.
Previous discussion of this bug found in: "Fix refcounting in hugetlbfs
quota handling.". See: https://lkml.org/lkml/2011/8/11/28 or
http://marc.info/?l=linux-mm&m=
126928970510627&w=1
v2: Fixed a bug spotted by Hillf Danton, and removed the extra parameter to
alloc_huge_page() - since it already takes the vma, it is not necessary.
Signed-off-by: Andrew Barry <abarry@cray.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: Hugh Dickins <hughd@google.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Minchan Kim <minchan.kim@gmail.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[bwh: Backported to 3.2: adjust context to apply after commit
c50ac050811d6485616a193eb0f37bfbd191cc89 'hugetlb: fix resv_map leak in
error path', backported in 3.2.20]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Dave Hansen [Tue, 29 May 2012 22:06:46 +0000 (15:06 -0700)]
hugetlb: fix resv_map leak in error path
commit
c50ac050811d6485616a193eb0f37bfbd191cc89 and
4523e1458566a0e8ecfaff90f380dd23acc44d27 upstream.
When called for anonymous (non-shared) mappings, hugetlb_reserve_pages()
does a resv_map_alloc(). It depends on code in hugetlbfs's
vm_ops->close() to release that allocation.
However, in the mmap() failure path, we do a plain unmap_region() without
the remove_vma() which actually calls vm_ops->close().
This is a decent fix. This leak could get reintroduced if new code (say,
after hugetlb_reserve_pages() in hugetlbfs_file_mmap()) decides to return
an error. But, I think it would have to unroll the reservation anyway.
Christoph's test case:
http://marc.info/?l=linux-mm&m=
133728900729735
This patch applies to 3.4 and later. A version for earlier kernels is at
https://lkml.org/lkml/2012/5/22/418.
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Reported-by: Christoph Lameter <cl@linux.com>
Tested-by: Christoph Lameter <cl@linux.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Xi Wang [Tue, 10 Jan 2012 16:51:10 +0000 (11:51 -0500)]
ext4: fix undefined behavior in ext4_fill_flex_info()
commit
d50f2ab6f050311dbf7b8f5501b25f0bf64a439b upstream.
Commit
503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by
zero when trying to mount a corrupted file system") fixes CVE-2009-4307
by performing a sanity check on s_log_groups_per_flex, since it can be
set to a bogus value by an attacker.
sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
groups_per_flex = 1 << sbi->s_log_groups_per_flex;
if (groups_per_flex < 2) { ... }
This patch fixes two potential issues in the previous commit.
1) The sanity check might only work on architectures like PowerPC.
On x86, 5 bits are used for the shifting amount. That means, given a
large s_log_groups_per_flex value like 36, groups_per_flex = 1 << 36
is essentially 1 << 4 = 16, rather than 0. This will bypass the check,
leaving s_log_groups_per_flex and groups_per_flex inconsistent.
2) The sanity check relies on undefined behavior, i.e., oversized shift.
A standard-confirming C compiler could rewrite the check in unexpected
ways. Consider the following equivalent form, assuming groups_per_flex
is unsigned for simplicity.
groups_per_flex = 1 << sbi->s_log_groups_per_flex;
if (groups_per_flex == 0 || groups_per_flex == 1) {
We compile the code snippet using Clang 3.0 and GCC 4.6. Clang will
completely optimize away the check groups_per_flex == 0, leaving the
patched code as vulnerable as the original. GCC keeps the check, but
there is no guarantee that future versions will do the same.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Fri, 9 Dec 2011 04:20:45 +0000 (23:20 -0500)]
procfs: fix a vfsmount longterm reference leak
kern_mount() doesn't pair with plain mntput()...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Tim Chen [Tue, 19 Jul 2011 16:32:38 +0000 (09:32 -0700)]
VFS : mount lock scalability for internal mounts
For a number of file systems that don't have a mount point (e.g. sockfs
and pipefs), they are not marked as long term. Therefore in
mntput_no_expire, all locks in vfs_mount lock are taken instead of just
local cpu's lock to aggregate reference counts when we release
reference to file objects. In fact, only local lock need to have been
taken to update ref counts as these file systems are in no danger of
going away until we are ready to unregister them.
The attached patch marks file systems using kern_mount without
mount point as long term. The contentions of vfs_mount lock
is now eliminated. Before un-registering such file system,
kern_unmount should be called to remove the long term flag and
make the mount point ready to be freed.
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Stephan Bärwolf [Thu, 12 Jan 2012 15:43:04 +0000 (16:43 +0100)]
KVM: x86: fix missing checks in syscall emulation
commit
c2226fc9e87ba3da060e47333657cd6616652b84 upstream.
On hosts without this patch, 32bit guests will crash (and 64bit guests
may behave in a wrong way) for example by simply executing following
nasm-demo-application:
[bits 32]
global _start
SECTION .text
_start: syscall
(I tested it with winxp and linux - both always crashed)
Disassembly of section .text:
00000000 <_start>:
0: 0f 05 syscall
The reason seems a missing "invalid opcode"-trap (int6) for the
syscall opcode "0f05", which is not available on Intel CPUs
within non-longmodes, as also on some AMD CPUs within legacy-mode.
(depending on CPU vendor, MSR_EFER and cpuid)
Because previous mentioned OSs may not engage corresponding
syscall target-registers (STAR, LSTAR, CSTAR), they remain
NULL and (non trapping) syscalls are leading to multiple
faults and finally crashs.
Depending on the architecture (AMD or Intel) pretended by
guests, various checks according to vendor's documentation
are implemented to overcome the current issue and behave
like the CPUs physical counterparts.
[mtosatti: cleanup/beautify code]
Signed-off-by: Stephan Baerwolf <stephan.baerwolf@tu-ilmenau.de>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Xi Wang [Mon, 12 Dec 2011 21:55:52 +0000 (21:55 +0000)]
xfs: fix acl count validation in xfs_acl_from_disk()
commit
093019cf1b18dd31b2c3b77acce4e000e2cbc9ce upstream.
Commit
fa8b18ed didn't prevent the integer overflow and possible
memory corruption. "count" can go negative and bypass the check.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Christoph Hellwig [Tue, 6 Dec 2011 21:21:05 +0000 (16:21 -0500)]
xfs: validate acl count
commit
fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba upstream.
This prevents in-memory corruption and possible panics if the on-disk
ACL is badly corrupted.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ben Myers <bpm@sgi.com>
Acked-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Markus Lehtonen [Thu, 7 Feb 2013 10:29:59 +0000 (12:29 +0200)]
Fix net/Makefile
Remove nonexistent entries, to allow 'make mrproper'.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Markus Lehtonen [Wed, 3 Apr 2013 11:18:02 +0000 (14:18 +0300)]
Update changelog
Change-Id: Iff435b688caa6cc80ef02a2caaaf7497a9c23cf9
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Austin Zhang [Tue, 5 Mar 2013 09:35:04 +0000 (17:35 +0800)]
Enable 'perf' tool for performance tunning.
Change-Id: I2ebe9b101b71926c1ed36ef5890bb4b2efc22cdb
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Elena Reshetova [Tue, 5 Feb 2013 13:25:59 +0000 (15:25 +0200)]
Enable security hardening options in kernel
Change-Id:Id10b561335ad8f01519a621001059fc817dc4ef6
Markus Lehtonen [Mon, 4 Mar 2013 14:16:20 +0000 (16:16 +0200)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Marko Ollonen [Wed, 23 Jan 2013 15:00:55 +0000 (17:00 +0200)]
camera: keep exposure from previous frame in still image mode change.
Marko Ollonen [Wed, 23 Jan 2013 07:39:35 +0000 (09:39 +0200)]
camera: exposure value query to mt9e013
Nicolas Bertrand [Thu, 7 Feb 2013 16:57:12 +0000 (17:57 +0100)]
n_gsm: Remove unused include
Li Peng [Tue, 29 Jan 2013 06:49:28 +0000 (14:49 +0800)]
pvr: enable bc_video driver
Change-Id: I62216f7310c6c457593ce8a5b5e4110e124f6644
Signed-off-by: Li Peng <peng.li@intel.com>
Arron Wang [Wed, 23 Jan 2013 06:46:22 +0000 (14:46 +0800)]
wl12xx: build two wireless tools calibrate and wlan_prov
Change-Id: Ieb6082039cd31798d78962ab292175cd89e56ef0
Markus Lehtonen [Wed, 5 Dec 2012 14:34:46 +0000 (23:34 +0900)]
Merge "Support usb mode framework in Tizen"
Chengwei Yang [Wed, 5 Dec 2012 09:34:23 +0000 (17:34 +0800)]
Support usb mode framework in Tizen
So far, we have a forked usb-server for PR3 to make sure the usb mode
framework works on PR3. However, we'd like to patch kernel now rather
than maintain another forked package.
This is the correct way because there maybe no way to work out without
patch kernel in future. So it's better to patch one rather than two.
Change-Id: I3ac4052c288b2a647fe560f42308872d1de2741f
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Arron Wang [Thu, 22 Nov 2012 07:08:50 +0000 (15:08 +0800)]
config: Enable NFC p2p support
Change-Id: Icef6b4de2a9d6c735bc7186cbb621192fdd96637
Signed-off-by: Arron Wang <arron.wang@intel.com>
Arron Wang [Thu, 22 Nov 2012 07:07:52 +0000 (15:07 +0800)]
NFC: Backport upstream latest NFC code
Change-Id: Icdf455992d8fb88596038a6b6ac1823436480a06
Signed-off-by: Arron Wang <arron.wang@intel.com>
Chengwei Yang [Mon, 29 Oct 2012 06:25:16 +0000 (14:25 +0800)]
Disable console output on screen
Change-Id: I9c559abc6b2270611c9ded3ef6ba338f4bdeaf93
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Markus Lehtonen [Thu, 25 Oct 2012 11:35:39 +0000 (14:35 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Markus Lehtonen [Thu, 25 Oct 2012 11:27:22 +0000 (14:27 +0300)]
Merge branch 'devel'
Wang, Yong [Thu, 25 Oct 2012 08:43:15 +0000 (01:43 -0700)]
Merge "gfx: delay gfx h/w resume if early_suspend flag is true" into devel
Li Peng [Thu, 25 Oct 2012 02:31:18 +0000 (10:31 +0800)]
gfx: delay gfx h/w resume if early_suspend flag is true
Here early_suspend means we trigger gfx suspend at screen off,
which is gfx_runtime_suspend, and there are two points that we
can resume gfx back: gfx_resume() and gfx_runtime_resume().
The two functions looks same but in reality delay gfx resume to
gfx_runtime_resume() works better than gfx_resume(), because we
see some cases that screen can't resume back from gfx_resume().
Change-Id: I133a035cae0202f913ba918f798859fff0b920c0
Signed-off-by: Li Peng <peng.li@intel.com>
Yong Wang [Wed, 24 Oct 2012 00:42:00 +0000 (08:42 +0800)]
atomisp: do not do full release if more video pipes are on use
The bug (TZSP-3288) is more or less easily reproducible on systems with
udev-like software. The helper (v4l_id) is run in parallel for all /dev/videoX
nodes twice with only purpose of checking capabilities:
->open("/dev/videoX")
->ioctl(VIDIOC_QUERYCAP)
->release("/dev/videoX")
The atomisp_open() call does two stages init of the internal structures. In
case of 1st opened node it does full (stage 1 + stage 2) init. Otherwise it is
a fast path (stage 1 only).
However, atomisp_release() does a fast path for non-main pipes as well. This
triggers the unbalanced power management calls:
->open
-> stage 1
-> stage 2
-> pm_runtime_get_sync
->release
-> stage 1
-> is_main? -> (no) -> fast path
The patch is a rough approach to fix this. Any better solution is welcome.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Yong Wang <yong.y.wang@intel.com>
Markus Lehtonen [Tue, 23 Oct 2012 14:52:01 +0000 (17:52 +0300)]
packaging: rename spec and changelog files
To reflect the new RPM package name
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Markus Lehtonen [Mon, 22 Oct 2012 12:00:46 +0000 (15:00 +0300)]
Rename package to kernel-mfld-blackbay
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Markus Lehtonen [Mon, 22 Oct 2012 11:36:51 +0000 (14:36 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Lehtonen, Markus [Mon, 22 Oct 2012 11:10:47 +0000 (04:10 -0700)]
Merge changes I24aa0ada,I1ea490fa,Icd2c967a,I141a80e4,I31cad4f6,Ib1e59c1f,I6153487e,I30dc58a5,I674745c3,I93f8da0c,Ic54db980,I9ca287ac,I153caac1,I9b40a8f1 into devel
* changes:
Smack: setprocattr memory leak fix
Smack: implement revoking all rules for a subject label
Smack: remove task_wait() hook.
smack: off by one error
Smack: don't show empty rules when /smack/load or /smack/load2 is read
Smack: user access check bounds
Smack: onlycap limits on CAP_MAC_ADMIN
Smack: fix smack_new_inode bogosities
split ->file_mmap() into ->mmap_addr()/->mmap_file()
split cap_mmap_addr() out of cap_file_mmap()
SELinux: rename dentry_open to file_open
Smack: allow for significantly longer Smack labels v4
gfp flags for security_inode_alloc()?
Smack: recursive tramsmute
Yan Zhang [Mon, 22 Oct 2012 06:55:43 +0000 (14:55 +0800)]
Enable TOPAZ power management; Remove useless files(lnc_*) for mrst
Casey Schaufler [Wed, 22 Aug 2012 18:44:03 +0000 (11:44 -0700)]
Smack: setprocattr memory leak fix
The data structure allocations being done in prepare_creds
are duplicated in smack_setprocattr. This results in the
structure allocated in prepare_creds being orphaned and
never freed. The duplicate code is removed from
smack_setprocattr.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Rafal Krypa [Wed, 11 Jul 2012 15:49:30 +0000 (17:49 +0200)]
Smack: implement revoking all rules for a subject label
Add /smack/revoke-subject special file. Writing a SMACK label to this file will
set the access to '-' for all access rules with that subject label.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Casey Schaufler [Fri, 10 Aug 2012 00:46:38 +0000 (17:46 -0700)]
Smack: remove task_wait() hook.
On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:
> Allow SIGCHLD to be passed to child process without
> explicit policy. This will help to keep the access
> control policy simple and easily maintainable with
> complex applications that require use of multiple
> security contexts. It will also help to keep them
> as isolated as possible.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
I have a slightly different version that applies to the
current smack-next tree.
Allow SIGCHLD to be passed to child process without
explicit policy. This will help to keep the access
control policy simple and easily maintainable with
complex applications that require use of multiple
security contexts. It will also help to keep them
as isolated as possible.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
Alan Cox [Thu, 26 Jul 2012 21:47:11 +0000 (14:47 -0700)]
smack: off by one error
Consider the input case of a rule that consists entirely of non space
symbols followed by a \0. Say 64 + \0
In this case strlen(data) = 64
kzalloc of subject and object are 64 byte objects
sscanfdata, "%s %s %s", subject, ...)
will put 65 bytes into subject.
Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Rafal Krypa [Mon, 9 Jul 2012 17:36:34 +0000 (19:36 +0200)]
Smack: don't show empty rules when /smack/load or /smack/load2 is read
This patch removes empty rules (i.e. with access set to '-') from the
rule list presented to user space.
Smack by design never removes labels nor rules from its lists. Access
for a rule may be set to '-' to effectively disable it. Such rules would
show up in the listing generated when /smack/load or /smack/load2 is
read. This may cause clutter if many rules were disabled.
As a rule with access set to '-' is equivalent to no rule at all, they
may be safely hidden from the listing.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 19 Jun 2012 02:01:36 +0000 (19:01 -0700)]
Smack: user access check bounds
Some of the bounds checking used on the /smack/access
interface was lost when support for long labels was
added. No kernel access checks are affected, however
this is a case where /smack/access could be used
incorrectly and fail to detect the error. This patch
reintroduces the original checks.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 5 Jun 2012 22:28:30 +0000 (15:28 -0700)]
Smack: onlycap limits on CAP_MAC_ADMIN
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.
This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 24 May 2012 00:46:58 +0000 (17:46 -0700)]
Smack: fix smack_new_inode bogosities
In January of 2012 Al Viro pointed out three bits of code that
he titled "new_inode_smack bogosities". This patch repairs these
errors.
1. smack_sb_kern_mount() included a NULL check that is impossible.
The check and NULL case are removed.
2. smack_kb_kern_mount() included pointless locking. The locking is
removed. Since this is the only place that lock was used the lock
is removed from the superblock_smack structure.
3. smk_fill_super() incorrectly and unnecessarily set the Smack label
for the smackfs root inode. The assignment has been removed.
Targeted for git://gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Al Viro [Wed, 30 May 2012 17:30:51 +0000 (13:30 -0400)]
split ->file_mmap() into ->mmap_addr()/->mmap_file()
... i.e. file-dependent and address-dependent checks.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 30 May 2012 17:11:37 +0000 (13:11 -0400)]
split cap_mmap_addr() out of cap_file_mmap()
... switch callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Eric Paris [Wed, 4 Apr 2012 17:45:40 +0000 (13:45 -0400)]
SELinux: rename dentry_open to file_open
dentry_open takes a file, rename it to file_open
Signed-off-by: Eric Paris <eparis@redhat.com>
Conflicts:
security/tomoyo/tomoyo.c
Casey Schaufler [Sun, 6 May 2012 22:22:02 +0000 (15:22 -0700)]
Smack: allow for significantly longer Smack labels v4
V4 updated to current linux-security#next
Targeted for git://gitorious.org/smack-next/kernel.git
Modern application runtime environments like to use
naming schemes that are structured and generated without
human intervention. Even though the Smack limit of 23
characters for a label name is perfectly rational for
human use there have been complaints that the limit is
a problem in environments where names are composed from
a set or sources, including vendor, author, distribution
channel and application name. Names like
softwarehouse-pgwodehouse-coolappstore-mellowmuskrats
are becoming harder to avoid. This patch introduces long
label support in Smack. Labels are now limited to 255
characters instead of the old 23.
The primary reason for limiting the labels to 23 characters
was so they could be directly contained in CIPSO category sets.
This is still done were possible, but for labels that are too
large a mapping is required. This is perfectly safe for communication
that stays "on the box" and doesn't require much coordination
between boxes beyond what would have been required to keep label
names consistent.
The bulk of this patch is in smackfs, adding and updating
administrative interfaces. Because existing APIs can't be
changed new ones that do much the same things as old ones
have been introduced.
The Smack specific CIPSO data representation has been removed
and replaced with the data format used by netlabel. The CIPSO
header is now computed when a label is imported rather than
on use. This results in improved IP performance. The smack
label is now allocated separately from the containing structure,
allowing for larger strings.
Four new /smack interfaces have been introduced as four
of the old interfaces strictly required labels be specified
in fixed length arrays.
The access interface is supplemented with the check interface:
access "Subject Object rwxat"
access2 "Subject Object rwaxt"
The load interface is supplemented with the rules interface:
load "Subject Object rwxat"
load2 "Subject Object rwaxt"
The load-self interface is supplemented with the self-rules interface:
load-self "Subject Object rwxat"
load-self2 "Subject Object rwaxt"
The cipso interface is supplemented with the wire interface:
cipso "Subject lvl cnt c1 c2 ..."
cipso2 "Subject lvl cnt c1 c2 ..."
The old interfaces are maintained for compatibility.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Tetsuo Handa [Thu, 29 Mar 2012 07:19:05 +0000 (16:19 +0900)]
gfp flags for security_inode_alloc()?
Dave Chinner wrote:
> Yes, because you have no idea what the calling context is except
> for the fact that is from somewhere inside filesystem code and the
> filesystem could be holding locks. Therefore, GFP_NOFS is really the
> only really safe way to allocate memory here.
I see. Thank you.
I'm not sure, but can call trace happen where somewhere inside network
filesystem or stackable filesystem code with locks held invokes operations that
involves GFP_KENREL memory allocation outside that filesystem?
----------
[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.
new_inode_smack() which can be called from smack_inode_alloc_security() needs
to use GFP_NOFS like SELinux's inode_alloc_security() does, for
security_inode_alloc() is called from inode_init_always() and
inode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.
smack_inode_init_security() needs to use GFP_NOFS like
selinux_inode_init_security() does, for initxattrs() callback function (e.g.
btrfs_initxattrs()) which is called from security_inode_init_security() is
using GFP_NOFS.
smack_audit_rule_match() needs to use GFP_ATOMIC, for
security_audit_rule_match() can be called from audit_filter_user_rules() and
audit_filter_user_rules() is called from audit_filter_user() with RCU read lock
held.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
Casey Schaufler [Wed, 14 Mar 2012 02:14:19 +0000 (19:14 -0700)]
Smack: recursive tramsmute
The transmuting directory feature of Smack requires that
the transmuting attribute be explicitly set in all cases.
It seems the users of this facility would expect that the
transmuting attribute be inherited by subdirectories that
are created in a transmuting directory. This does not seem
to add any additional complexity to the understanding of
how the system works.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Markus Lehtonen [Wed, 17 Oct 2012 10:14:42 +0000 (13:14 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Li Peng [Mon, 15 Oct 2012 15:16:08 +0000 (23:16 +0800)]
gfx: enable runtime power management
In DPMS off, current implementation simply turn off the panel and call PMU
to cut power supply of gfx h/w, but app in userspace may still want to access
gfx h/w after screen off, that will cause system hang.
enable gfx runtime PM will make sure gfx device can be suspended or resumed
based on device access demand so that above hang case will not happen.
Change-Id: I492aaac7313908165377fd539467b479af44baa0
Signed-off-by: Li Peng <peng.li@intel.com>
Chengwei Yang [Wed, 17 Oct 2012 03:06:38 +0000 (11:06 +0800)]
Change adb protocol to sdb protocol
Currently, we have a forked sdbd for our kernel so there was no need to
patch our kernel.
However, the forked sdbd will be merged to upstream sdbd and to make it
compatible with adb in userspace cost a large effort.
So the better way is patch our kernel to adopt sdb protocol, on the
other hand, no patch needed to sdbd user space server and client.
Change-Id: I4b3f426d33b2c8fdb5042f9cd60a7b1226c92eb1
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Markus Lehtonen [Wed, 10 Oct 2012 08:10:28 +0000 (11:10 +0300)]
Merge branch 'bb-2.0_beta' into bb-devel
Li Peng [Thu, 27 Sep 2012 07:26:08 +0000 (15:26 +0800)]
remove mac802154 and openvswitch from net/Makefile
They don't exist in kernel tree and it fixes error in "make mrproper"
Signed-off-by: Li Peng <peng.li@intel.com>
Markus Lehtonen [Thu, 27 Sep 2012 05:21:19 +0000 (08:21 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Chengwei Yang [Wed, 26 Sep 2012 04:28:00 +0000 (12:28 +0800)]
Export usb connection status
There are several components depends on kernel export usb connection
status correctly. First, system-server check usb status by calling OEM
interface to launch usb-server; second, usb-server does the usb mode
setting work and launch syspopup. In addition, setting usb mode from UI
depends on usb-server too.
This also fix TZSP-3142.
Change-Id: I430e588069a807b195cb364846d1a6421cafff14
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Markus Lehtonen [Wed, 26 Sep 2012 06:45:59 +0000 (09:45 +0300)]
Merge remote-tracking branch 'tzg/2.0_beta' into bb-devel
Yong Wang [Wed, 19 Sep 2012 07:58:13 +0000 (15:58 +0800)]
Update changelog
Signed-off-by: Yong Wang <yong.y.wang@intel.com>
Yong Wang [Wed, 19 Sep 2012 07:55:01 +0000 (15:55 +0800)]
hwmon/lis3dh: add screen on/off notifier callback
Add screen on/off notifier callback so that accelerometer
sensor can be enabled/disabled upon screen on/off operations
as it behaves on Android.
Signed-off-by: Yong Wang <yong.y.wang@intel.com>
Yong Wang [Wed, 19 Sep 2012 07:54:02 +0000 (15:54 +0800)]
atmel_mxt_ts: remove redundant mutex
DRM core guarantees that gfx driver's dpms callback is
not reentrant. Therefore the screen on/off notifier is
guaranteed to be non-reentrant too. No need to use another
mutex to protect what has already been protected.
Signed-off-by: Yong Wang <yong.y.wang@intel.com>
Zhu, Peter [Mon, 17 Sep 2012 15:33:58 +0000 (08:33 -0700)]
Merge "Update changelog" into 2.0_beta
Markus Lehtonen [Mon, 17 Sep 2012 11:39:46 +0000 (14:39 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Zhu, Peter [Mon, 17 Sep 2012 10:58:05 +0000 (03:58 -0700)]
Merge "Fix 1080p H264 failure with rotation (90/180/270), enlarge GTT video mapped memory from 128Mb to 136Mb" into 2.0_beta
Yan Zhang [Fri, 14 Sep 2012 10:03:42 +0000 (18:03 +0800)]
Fix 1080p H264 failure with rotation (90/180/270), enlarge GTT video mapped memory from 128Mb to 136Mb
Markus Lehtonen [Fri, 7 Sep 2012 11:43:02 +0000 (14:43 +0300)]
atomisp: fix a possible null pointer dereference
Fix kernel oops in case isp->main_format is not initialized.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Li Peng [Wed, 12 Sep 2012 06:30:00 +0000 (14:30 +0800)]
Merge branch 'master' into 2.0_beta
Markus Lehtonen [Fri, 7 Sep 2012 11:43:02 +0000 (14:43 +0300)]
atomisp: fix a possible null pointer dereference
Fix kernel oops in case isp->main_format is not initialized.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Li Peng [Fri, 31 Aug 2012 08:06:54 +0000 (16:06 +0800)]
update changelog
Change-Id: Iaf38810c938e449359c49c9013cf02bf80847b8c
Li, Peng [Fri, 31 Aug 2012 07:55:24 +0000 (00:55 -0700)]
Merge "Update changelog"
Li Peng [Fri, 31 Aug 2012 07:58:22 +0000 (15:58 +0800)]
Merge branch 'devel'
Li Peng [Tue, 28 Aug 2012 07:01:37 +0000 (15:01 +0800)]
boot parameter: set consoleblank to zero
add consoleblank=0 to kernel boot parameter, so console won't blank
if timeout
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Mon, 27 Aug 2012 14:02:21 +0000 (22:02 +0800)]
config: disable HDMI config option
Disable CONFIG_MDFD_HDMI and CONFIG_MDFD_HDMI_REDRIDGE, as we are not ready
for HDMI support
Signed-off-by: Li Peng <peng.li@intel.com>
Markus Lehtonen [Wed, 29 Aug 2012 09:24:06 +0000 (12:24 +0300)]
Update changelog
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Chengwei Yang [Wed, 29 Aug 2012 05:19:37 +0000 (13:19 +0800)]
Enable slp lowmem module and autofs
Update tizen_bb_defconfig and tizen_rr_defconfig with
* Enable slp lowmem module
* Enbale autofs makes systemd happy, systemd use autofs to implement
automount
Change-Id: Ia856023b74917e460a8f39d2623e7016f7d75bb6
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Lehtonen, Markus [Tue, 28 Aug 2012 15:01:01 +0000 (08:01 -0700)]
Merge "Fix incorrect calculation of number of task" into devel
Lehtonen, Markus [Tue, 28 Aug 2012 14:59:34 +0000 (07:59 -0700)]
Merge "Lowmem: port from slp kernel" into devel
Lehtonen, Markus [Mon, 27 Aug 2012 10:46:07 +0000 (03:46 -0700)]
Merge "[HACK-MUST-REVERT]Added charger event only environment for user space usage" into devel
Li Peng [Mon, 27 Aug 2012 02:14:04 +0000 (10:14 +0800)]
Update changelog
Li Peng [Mon, 27 Aug 2012 02:10:03 +0000 (10:10 +0800)]
Merge branch 'devel'
Austin Zhang [Fri, 24 Aug 2012 08:36:48 +0000 (16:36 +0800)]
[HACK-MUST-REVERT]Added charger event only environment for user
space usage
Added charger event only enviroment so that udev rule can identify
charger-only event happened, so that sys_event will not send out
charger related notification up to heynoti under those case of only
voltage or other events happened.
After we have perfect solution in user space notification framework,
this HACK should be reverted.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Yan Zhang [Wed, 15 Aug 2012 08:37:50 +0000 (16:37 +0800)]
Update video driver to MCG's latest code: 1)Topza support 2)Error conceal 3)Context update & HDMI API 4)Bug fix
Signed-off-by: Yan Zhang <yan.y.zhang@intel.com>
Li Peng [Fri, 17 Aug 2012 06:44:16 +0000 (14:44 +0800)]
Revert " Update video driver to MCG's latest code:"
This reverts commit
4f3cc0332f7ea9be864e4d49d652b80baf28249c.
should first go into devel branch
Yan Zhang [Wed, 15 Aug 2012 08:37:50 +0000 (16:37 +0800)]
Update video driver to MCG's latest code:
1)Topza support
2)Error conceal
3)Context update & HDMI API
4)Bug fix
Chengwei Yang [Tue, 14 Aug 2012 03:19:55 +0000 (11:19 +0800)]
Fix incorrect calculation of number of task
Change-Id: Icea513818bffde0b901b99548604a2ecfaa88013
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Chengwei Yang [Tue, 14 Aug 2012 00:20:06 +0000 (08:20 +0800)]
Lowmem: port from slp kernel
Port lsp lowmem code to PR3, only did a little changes. That is change
rss in task_rss_t to long and use atomic_long_read to get atomic_long_t
value.
Change-Id: I21fb684a0b1e86d5ece3a5b294c9f64075d8079d
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Yin, Kangkai [Tue, 14 Aug 2012 03:40:45 +0000 (20:40 -0700)]
Revert "Lowmem: port from slp kernel"
This reverts commit
923fb82117ba9baf50aef46d80f675dd12742e8c
Chengwei Yang [Tue, 14 Aug 2012 00:20:06 +0000 (08:20 +0800)]
Lowmem: port from slp kernel
Port lsp lowmem code to PR3, only did a little changes. That is change
rss in task_rss_t to long and use atomic_long_read to get atomic_long_t
value.
Change-Id: I32173900b3866f324ea81d7f47b8984f7ec17ba6
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Li Peng [Mon, 13 Aug 2012 02:38:47 +0000 (10:38 +0800)]
update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Mon, 13 Aug 2012 02:36:47 +0000 (10:36 +0800)]
Merge branch 'devel'
Li Peng [Fri, 3 Aug 2012 06:44:52 +0000 (14:44 +0800)]
gfx: a better way to do gfx suspend/resume at DPMS on/off
A regression was introduced since we add gfx runtime pm support in DPMS
control interface and the "-sharevts" parameter for X launch on mfld, if
user run "xset dpms force off" and then "echo mem > /sys/power/state",
dsi dpi panel will fail to resume back.
Here is the problem analysis: at DPMS off, gfx driver will shutdown the
panel and enter runtime suspend, at this time if kernel doing system suspend,
PCI subsystem will call device's runtime resume interface if it find
device is in runtime suspend state. In this case it just resume gfx device
but doesn't handle dsi dpi panel, then it will cause panel fail to light on in
subsequent resume path.
The fix is directly calling functions to control gfx device suspend/resume,
rather than the indirect way of pm_runtime_put() and pm_runtime_get().
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 27 Jul 2012 10:33:09 +0000 (18:33 +0800)]
Update changelog
Li Peng [Fri, 27 Jul 2012 10:28:21 +0000 (18:28 +0800)]
Merge branch 'devel'
Ortiz, Samuel [Fri, 27 Jul 2012 07:53:49 +0000 (00:53 -0700)]
Merge changes I352cb3c2,I94b43501 into devel
* changes:
config-tizen: enable pn544 hci option
fix compilation by remove duplicate definition
Ortiz, Samuel [Fri, 27 Jul 2012 07:52:38 +0000 (00:52 -0700)]
Merge changes Ib85ed842,I74d3677b into devel
* changes:
compact nfc 3.0.8
x86 pn544 blackbay
Ortiz, Samuel [Fri, 27 Jul 2012 07:48:58 +0000 (00:48 -0700)]
Merge "netlink: advertise incomplete dumps" into devel
Li Peng [Fri, 27 Jul 2012 03:00:26 +0000 (11:00 +0800)]
gfx: enable runtime pm support at DPMS
before we just turn off/on screen at DPMS off/on, now we do further
to let gfx h/w enter and exit D0i3 if userspace control screen off/on
through DPMS interface, it could save more power
Signed-off-by: Li Peng <peng.li@intel.com>
arron.wang [Thu, 26 Jul 2012 07:29:05 +0000 (15:29 +0800)]
config-tizen: enable pn544 hci option
arron.wang [Thu, 26 Jul 2012 07:28:23 +0000 (15:28 +0800)]
fix compilation by remove duplicate definition
genl_dump_check_consistent is defined in include/net/genetlink.h
which is added in commit
d083afe6ad8bb7f438f81ba801483f4b719e3223
arron.wang [Thu, 26 Jul 2012 07:27:57 +0000 (15:27 +0800)]
compact nfc 3.0.8
arron.wang [Thu, 26 Jul 2012 07:26:58 +0000 (15:26 +0800)]
x86 pn544 blackbay
Li Peng [Thu, 26 Jul 2012 06:04:04 +0000 (14:04 +0800)]
gfx: remove mutex protection in __dpi_panel_power_off
we already called mutex lock at higher level function, so no need to
do it again at __dpi_panel_power_off, otherwise it will cause mutex
lock twice at suspend path
Signed-off-by: Li Peng <peng.li@intel.com>
projects / platform / kernel / kernel-mfld-blackbay.git / log