Jinhyung Choi [Fri, 17 Jul 2015 06:05:07 +0000 (15:05 +0900)]
ac97: supports codec extension for product
ac97_codec.c and ac97_pcm.c will not be built if maru extension is set.
Change-Id: I57e1671db09c646fc86d18c7706d51ed721277ce
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Park Kyoung Won [Mon, 20 Jul 2015 07:53:37 +0000 (16:53 +0900)]
brillcodec: reslove casting warning for a 64bit target
changed uint32_t into uintptr_t in functions(context_add, task_add, task_remove)
Change-Id: Iee0f1da8896a1e70175b8d8a794de0ee3288bc81
Signed-off-by: Park Kyoung Won <kw0712.park@samsung.com>
haken.kim [Tue, 14 Jul 2015 12:23:20 +0000 (21:23 +0900)]
nfc: removed build warning for 64 bit
fix nfc build warings for prepare the 64bit enable.
Change-Id: I70551784a4b5e50fdc19a7320d4fed9ace26dba6
Signed-off-by: haken.kim <haken.kim@samsung.com>
GiWoong Kim [Fri, 17 Jul 2015 06:35:02 +0000 (15:35 +0900)]
touchscreen: removed warning for 64 bit build
enable by default, Wpointer-to-int-cast
Change-Id: I805e384e66ce99ddf692a292053a92c0342d6177
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>
jinhyung.jo [Wed, 15 Jul 2015 04:27:29 +0000 (13:27 +0900)]
package: version up (3.14.7)
Change-Id: Ia9d182e396d10f3b77cd3e4e2ea78f7670008f24
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Wed, 15 Jul 2015 02:48:31 +0000 (11:48 +0900)]
VIGS: Removed a compilation warnning
Changed the format specifier from '%u' to '%pa' for the type 'resource_size_t'.
Here is an excerpt from the document below,
'https://www.kernel.org/doc/Documentation/printk-formats.txt',
"
Physical addresses types phys_addr_t:
%pa[p] 0x01234567 or 0x0123456789abcdef
For printing a phys_addr_t type (and its derivatives, such as
resource_size_t) which can vary based on build options, regardless of
the width of the CPU data path. Passed by reference.
".
Change-Id: Ia0d72411de707cb7f3aaba7d91e86f79f5c2b607
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Sun, 12 Jul 2015 05:08:10 +0000 (14:08 +0900)]
build: applied -Werror on maru drivers
Change-Id: I1d83a1130bc6b48636a95820e0b14aa48c1a3593
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Jinhyung Choi [Mon, 13 Jul 2015 08:00:53 +0000 (17:00 +0900)]
evdi: removed warning for 64 bit build
- changed printing format from %d to %zd for ssize_t
- It supported only after C99 compiler, so this will be re-checked later.
Change-Id: Idf1bdb753b8b93490ea5bb112cf5cdd75b7ad833
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 13 Jul 2015 07:59:52 +0000 (16:59 +0900)]
sensor: remove warning for 64 bit build
changed NULL device to MKDEV(0,0) for device_create/device_destroy
Change-Id: Ic223af5760a9179e368db2ecab91b998f7642387
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 13 Jul 2015 07:56:01 +0000 (16:56 +0900)]
power supply: remove warnings for 64 bit
- changed NULL device arg to MKDEV(0,0) for device_create/device_destroy
Change-Id: If53a9158364e781320d6e3db87a3bc3a84b113de
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
bk0121.shin [Mon, 13 Jul 2015 01:57:13 +0000 (10:57 +0900)]
build: Modify Makefile for extension
- To be included as built-in, 'obj-' should be used
instead of 'subdir' in Makefile
Change-Id: I5b7fafa0b07e15e067963fc231838f94f6555fba
Signed-off-by: bk0121.shin <bk0121.shin@samsung.com>
jinhyung.jo [Tue, 7 Jul 2015 08:21:23 +0000 (17:21 +0900)]
maru-camera: Changed the method for passing the argument to/from device
Without using the CPU I/O, directly using the device memory.
Additionally
Allowing the instance to 2.
Modified the log format & contents.
Change-Id: I919b3847e7e0fec02a873bed27bd064bae92a680
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Tue, 7 Jul 2015 04:50:39 +0000 (13:50 +0900)]
build: introduced extension source path
The "extension source path" is additional source path that can be
used by product specific sources. The path can be prepared by
symbolic link or git submodule.
Change-Id: I9600fa107af5aa9755f9e071ef98c29babac83fd
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Sangho Park [Wed, 24 Jun 2015 06:43:03 +0000 (15:43 +0900)]
Merge "ramfs: suppress warnings when filesystem is mounted" into tizen_2.4_develop
Rafal Krypa [Tue, 23 Jun 2015 08:30:49 +0000 (10:30 +0200)]
Smack: fix backport of multi-onlycap patch
Adapt the patch for multiple labels in onlycap to older kernel version.
It was previously backported without an important dependency. There is a
difference in smk_import_entry function. In upstream it returns error codes,
but here the error is indicated by returning NULL.
Without this fix the kernel could crash when empty string is written to
onlycap interface file.
Change-Id: Ibadab8b78b86453526cd423100619ab0a10fa68c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 23 Jun 2015 08:28:09 +0000 (10:28 +0200)]
Smack: update patch for multi-onlycap to the final upstream version
Synchronize the patch enabling multiple labels in onlycap with the last
version that was merged upstream. The patch merged in this tree was an
earlier version, before it was updated and merged upstream.
Changes are only cosmetic (function name, comments, code formatting), but
merging them will ease future synchronization with upstream Smack code.
Change-Id: Iefe9ec32659043e62bdf2a227aad8f42c3563b9d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 15 May 2015 19:22:01 +0000 (21:22 +0200)]
Smack: allow multiple labels in onlycap
Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
processes running with the configured label. But having single privileged
label is not enough in some real use cases. On a complex system like Tizen,
there maybe few programs that need to configure Smack policy in run-time
and running them all with a single label is not always practical.
This patch extends onlycap feature for multiple labels. They are configured
in the same smackfs "onlycap" interface, separated by spaces.
Change-Id: Ia95b93b4474669b7fd02926926e10b814b78405c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
(cherry picked from commit
c0a3794dfc6a153294fa90f6499a43c78a608047)
Rafal Krypa [Fri, 15 May 2015 17:43:33 +0000 (19:43 +0200)]
Smack: fix seq operations in smackfs
Use proper RCU functions and read locking in smackfs seq_operations.
Smack gets away with not using proper RCU functions in smackfs, because
it never removes entries from these lists. But now one list will be
needed (with interface in smackfs) that will have both elements added and
removed to it.
This change will also help any future changes implementing removal of
unneeded entries from other Smack lists.
The patch also fixes handling of pos argument in smk_seq_start and
smk_seq_next. This fixes a bug in case when smackfs is read with a small
buffer:
Kernel panic - not syncing: Kernel mode fault at addr 0xfa0000011b
CPU: 0 PID: 1292 Comm: dd Not tainted 4.1.0-rc1-00012-g98179b8 #13
Stack:
00000003 0000000d 7ff39e48 7f69fd00
7ff39ce0 601ae4b0 7ff39d50 600e587b
00000010 6039f690 7f69fd40 00612003
Call Trace:
[<
601ae4b0>] load2_seq_show+0x19/0x1d
[<
600e587b>] seq_read+0x168/0x331
[<
600c5943>] __vfs_read+0x21/0x101
[<
601a595e>] ? security_file_permission+0xf8/0x105
[<
600c5ec6>] ? rw_verify_area+0x86/0xe2
[<
600c5fc3>] vfs_read+0xa1/0x14c
[<
600c68e2>] SyS_read+0x57/0xa0
[<
6001da60>] handle_syscall+0x60/0x80
[<
6003087d>] userspace+0x442/0x548
[<
6001aa77>] ? interrupt_end+0x0/0x80
[<
6001daae>] ? copy_chunk_to_user+0x0/0x2b
[<
6002cb6b>] ? save_registers+0x1f/0x39
[<
60032ef7>] ? arch_prctl+0xf5/0x170
[<
6001a92d>] fork_handler+0x85/0x87
Change-Id: I032c1fc726c0670060d1cf4c419746257159b499
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
(cherry picked from commit
f638effaf324d57f37453e421be87e537140e527)
SeokYeon Hwang [Tue, 23 Jun 2015 15:17:45 +0000 (00:17 +0900)]
ramfs: suppress warnings when filesystem is mounted
Change-Id: Iea6900dbc0c03d6d13a1448d5d3294ecb9824b7f
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Mon, 8 Jun 2015 06:23:44 +0000 (15:23 +0900)]
virtio_blk: removed W/A for sdcard support
A sdcard support will be done by udev rules and deviced.
Change-Id: I126ba1c72e1215ee28ee4da34791877d86b56435
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Munkyu Im [Wed, 27 May 2015 07:46:16 +0000 (16:46 +0900)]
package: version up
Change-Id: I629d413854a34c5f21fda4de027772d8a2a1b0a5
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Munkyu Im [Tue, 26 May 2015 04:32:58 +0000 (13:32 +0900)]
virtio-net: support MII
It's incomplete.
But support it to enable ioctl call on guest side.
Change-Id: Iaec1ed63fe5f0ce2fff19be42890ca1063555179
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Sooyoung Ha [Sun, 17 May 2015 12:01:45 +0000 (21:01 +0900)]
packaging: remove dependency.
Remove the emulator-kernel-user-headers build dependency.
Change-Id: I6aa468dab8834e72789320e4d87e8e7752d6a951
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
Sangho Park [Sun, 17 May 2015 10:34:02 +0000 (19:34 +0900)]
Revert "packaging: use linux-glibc-devel instread of emulator-kernel-headers"
This reverts commit
12fbb0687ba2d1f8ecbeeac8c3be53cc378f2b37.
Change-Id: Iac02a9324f10006953f82409283a526531d2bc9e
(cherry picked from commit
08becd57e5e8375b2e2dc2fe48de664757bfde66)
Jinhyung Choi [Tue, 12 May 2015 13:50:09 +0000 (22:50 +0900)]
sensor: added logs for sensor capability debug purpose
Change-Id: Ibdf600bc24c9860200a171d88583ba56f560cb68
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Tue, 12 May 2015 05:02:15 +0000 (14:02 +0900)]
sensor: add mutex for get_sensor_data in accelerometer
Change-Id: I6cc802e5b2ca413984b285798a2867419cec3977
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Tue, 12 May 2015 05:02:39 +0000 (14:02 +0900)]
sensor: split scatter list initialization
split in/out virtqueue scatterlist to set sg_mark_end each
Change-Id: I562d51af7ab1d5e8b57b8971e7fe4d40d971a55b
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
sungmin ha [Tue, 28 Apr 2015 08:12:42 +0000 (17:12 +0900)]
rotary: Apply the changed specifications
The value of REL_WHEEL event was chaneged like below.
- Before
Right direction: 1 -> 2 -> 3
Left direction: 3 -> 2-> 1
- After
Departing from the current detent area: 1
Returning the current detent area: -1
Right direction(CW): 2
Left direction(CCW): -2
Change-Id: Ibd86e5c97839ea90383797096ed2c887a703e8b7
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
GiWoong Kim [Mon, 23 Mar 2015 12:20:29 +0000 (21:20 +0900)]
rotary: modified virtual rotary driver
tizen_rotary -> tizen_detent
Instead of the delta that the change of the degree,
sends up the detent value in every 15 degrees.
Change-Id: I1b2b7ea8e4a2ff4ac90626710ddfe7f691ad29e2
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>
jinhyung.jo [Tue, 30 Dec 2014 10:09:49 +0000 (19:09 +0900)]
rotary: Added a new device driver
Added a new device driver for the rotary device
Change-Id: I8a388a1b40315a47e60dbf00f17ad0ad69d8414c
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Jinhyung Choi [Mon, 11 May 2015 09:14:56 +0000 (18:14 +0900)]
sensor driver: waited for set_sensor_data
In order to resolve timing issue, set_sensor_data is waiting for a callback
similar to get_sensor_data.
Change-Id: I436375ea99b5f19c07d0683a89dd35d50218f830
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
(cherry picked from commit
b603734d766fa00ef69f2c075dd6264a7ad1bdb6)
Jinhyung Choi [Fri, 8 May 2015 06:27:39 +0000 (15:27 +0900)]
sensor: virtio memory allocation flag changed.
Change-Id: I58d577e26826a8f055a7c4e0349d8f326cb3ed7e
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
(cherry picked from commit
44fd6adc9dbdade3a714b3efac550e8062e2b880)
SeokYeon Hwang [Tue, 21 Apr 2015 11:53:37 +0000 (20:53 +0900)]
config: set NOOP as a default IO scheduler
Change-Id: I252dc0d20afb20559efe02ceeb90f0b825af6ce9
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
(cherry picked from commit
df6d0674dc7883bf1a971ffb8d969e86074537da)
SeokYeon Hwang [Mon, 20 Apr 2015 07:28:41 +0000 (16:28 +0900)]
config: enabled CONFIG_ANDROID_INTF_ALARM_DEV
Change-Id: I1af3b208e2dbaa28487a73f02ce04a660770e187
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
(cherry picked from commit
2b8f290969821e5602136a6abda02d6756242874)
Munkyu Im [Mon, 27 Apr 2015 11:11:10 +0000 (20:11 +0900)]
package: restructure directories
change installed directory
Change-Id: If295b80efe71dd6090123f17b3c2df61e3d1c606
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
minkee.lee [Fri, 17 Apr 2015 10:10:39 +0000 (19:10 +0900)]
Package: Modified package name.
- Added platform version("2.4") to package name.
Change-Id: Ia6a5eb5eca93330bdca90f799b6e941705f3669a
Signed-off-by: minkee.lee <minkee.lee@samsung.com>
minkee.lee [Fri, 17 Apr 2015 07:50:21 +0000 (16:50 +0900)]
Merge branch 'tizen_2.4' into tizen_2.4_develop
Change-Id: I94112bf901574a1ae450adcc7f545a3dd9a295b5
Signed-off-by: minkee.lee <minkee.lee@samsung.com>
sungmin ha [Wed, 15 Apr 2015 08:10:09 +0000 (17:10 +0900)]
package: version up(3.14.5)
Change-Id: I40c6f16893d0be8747a36ff20aca4918c3f18035
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
Sasha Levin [Wed, 28 Jan 2015 11:30:43 +0000 (20:30 +0900)]
vfs: read file_handle only once in handle_to_path
This patch was related with "[CVE-2015-1420] Race condition in fs/fhandle.c in the Linux kernel".
We used to read file_handle twice. Once to get the amount of extra bytes, and
once to fetch the entire structure.
This may be problematic since we do size verifications only after the first
read, so if the number of extra bytes changes in userspace between the first
and second calls, we'll have an incoherent view of file_handle.
Instead, read the constant size once, and copy that over to the final
structure without having to re-read it again.
Change-Id: I318d7428079e323f53bc7eb1f7dc0a5dfac7eb0b
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Byungsoo Kim <bs1770.kim@samsung.com>
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
Hector Marco-Gisbert [Sat, 14 Feb 2015 17:33:50 +0000 (09:33 -0800)]
x86, mm/ASLR: Fix stack randomization on 64-bit systems
The issue is that the stack for processes is not properly randomized on
64 bit architectures due to an integer overflow.
The affected function is randomize_stack_top() in file
"fs/binfmt_elf.c":
static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
random_variable <<= PAGE_SHIFT;
}
return PAGE_ALIGN(stack_top) + random_variable;
return PAGE_ALIGN(stack_top) - random_variable;
}
Note that, it declares the "random_variable" variable as "unsigned int".
Since the result of the shifting operation between STACK_RND_MASK (which
is 0x3fffff on x86_64, 22 bits) and PAGE_SHIFT (which is 12 on x86_64):
random_variable <<= PAGE_SHIFT;
then the two leftmost bits are dropped when storing the result in the
"random_variable". This variable shall be at least 34 bits long to hold
the (22+12) result.
These two dropped bits have an impact on the entropy of process stack.
Concretely, the total stack entropy is reduced by four: from 2^28 to
2^30 (One fourth of expected entropy).
This patch restores back the entropy by correcting the types involved
in the operations in the functions randomize_stack_top() and
stack_maxrandom_size().
The successful fix can be tested with:
$ for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
7ffeda566000-
7ffeda587000 rw-p
00000000 00:00 0 [stack]
7fff5a332000-
7fff5a353000 rw-p
00000000 00:00 0 [stack]
7ffcdb7a1000-
7ffcdb7c2000 rw-p
00000000 00:00 0 [stack]
7ffd5e2c4000-
7ffd5e2e5000 rw-p
00000000 00:00 0 [stack]
...
Once corrected, the leading bytes should be between 7ffc and 7fff,
rather than always being 7fff.
Change-Id: I961d7977c511e0228a92f0020021fe50589e3e95
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll <iripoll@upv.es>
[ Rebased, fixed 80 char bugs, cleaned up commit message, added test example and CVE ]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Fixes: CVE-2015-1593
Link: http://lkml.kernel.org/r/20150214173350.GA18393@www.outflux.net
Signed-off-by: Borislav Petkov <bp@suse.de>
Daniel Borkmann [Thu, 22 Jan 2015 17:26:54 +0000 (18:26 +0100)]
net: sctp: fix slab corruption from use after free on INIT collisions
When hitting an INIT collision case during the 4WHS with AUTH enabled, as
already described in detail in commit
1be9a950c646 ("net: sctp: inherit
auth_capable on INIT collisions"), it can happen that we occasionally
still remotely trigger the following panic on server side which seems to
have been uncovered after the fix from commit
1be9a950c646 ...
[ 533.876389] BUG: unable to handle kernel paging request at
00000000ffffffff
[ 533.913657] IP: [<
ffffffff811ac385>] __kmalloc+0x95/0x230
[ 533.940559] PGD
5030f2067 PUD 0
[ 533.957104] Oops: 0000 [#1] SMP
[ 533.974283] Modules linked in: sctp mlx4_en [...]
[ 534.939704] Call Trace:
[ 534.951833] [<
ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
[ 534.984213] [<
ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
[ 535.015025] [<
ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
[ 535.045661] [<
ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
[ 535.074593] [<
ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
[ 535.105239] [<
ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
[ 535.138606] [<
ffffffff814e43bd>] SyS_listen+0x9d/0xb0
[ 535.166848] [<
ffffffff816149a9>] system_call_fastpath+0x16/0x1b
... or depending on the the application, for example this one:
[ 1370.026490] BUG: unable to handle kernel paging request at
00000000ffffffff
[ 1370.026506] IP: [<
ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
[ 1370.054568] PGD
633c94067 PUD 0
[ 1370.070446] Oops: 0000 [#1] SMP
[ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
[ 1370.963431] Call Trace:
[ 1370.974632] [<
ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
[ 1371.000863] [<
ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
[ 1371.027154] [<
ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
[ 1371.054679] [<
ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
[ 1371.080183] [<
ffffffff816149a9>] system_call_fastpath+0x16/0x1b
With slab debugging enabled, we can see that the poison has been overwritten:
[ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
[ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
[ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
[ 669.826424] __slab_alloc+0x4bf/0x566
[ 669.826433] __kmalloc+0x280/0x310
[ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
[ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
[ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
[ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
[ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
[ 669.826635] __slab_free+0x39/0x2a8
[ 669.826643] kfree+0x1d6/0x230
[ 669.826650] kzfree+0x31/0x40
[ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
[ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
[ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
Since this only triggers in some collision-cases with AUTH, the problem at
heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
when having refcnt 1, once directly in sctp_assoc_update() and yet again
from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
the already kzfree'd memory, which is also consistent with the observation
of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
at a later point in time when poison is checked on new allocation).
Reference counting of auth keys revisited:
Shared keys for AUTH chunks are being stored in endpoints and associations
in endpoint_shared_keys list. On endpoint creation, a null key is being
added; on association creation, all endpoint shared keys are being cached
and thus cloned over to the association. struct sctp_shared_key only holds
a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
keeps track of users internally through refcounting. Naturally, on assoc
or enpoint destruction, sctp_shared_key are being destroyed directly and
the reference on sctp_auth_bytes dropped.
User space can add keys to either list via setsockopt(2) through struct
sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
with refcount 1 and in case of replacement drops the reference on the old
sctp_auth_bytes. A key can be set active from user space through setsockopt()
on the id via sctp_auth_set_active_key(), which iterates through either
endpoint_shared_keys and in case of an assoc, invokes (one of various places)
sctp_auth_asoc_init_active_key().
sctp_auth_asoc_init_active_key() computes the actual secret from local's
and peer's random, hmac and shared key parameters and returns a new key
directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
the reference if there was a previous one. The secret, which where we
eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
intitial refcount of 1, which also stays unchanged eventually in
sctp_assoc_update(). This key is later being used for crypto layer to
set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
To close the loop: asoc->asoc_shared_key is freshly allocated secret
material and independant of the sctp_shared_key management keeping track
of only shared keys in endpoints and assocs. Hence, also commit
4184b2a79a76
("net: sctp: fix memory leak in auth key management") is independant of
this bug here since it concerns a different layer (though same structures
being used eventually). asoc->asoc_shared_key is reference dropped correctly
on assoc destruction in sctp_association_free() and when active keys are
being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
to remove that sctp_auth_key_put() from there which fixes these panics.
Change-Id: I07e48e69eaa9bc6699d75957c75244849e0b5b46
Fixes:
730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vasiliy Ulyanov [Fri, 27 Mar 2015 11:44:35 +0000 (14:44 +0300)]
VIGS: add base dmabuf import/export support
Change-Id: I04b3c9558d99b096a8a54b57ab89a7a8b5b225b6
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
Vasiliy Ulyanov [Wed, 25 Feb 2015 06:55:49 +0000 (09:55 +0300)]
VIGS: enable render-nodes feature
Change-Id: I7304e19f61b10869dc3433d68405d5edb8645de4
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
Sooyoung Ha [Wed, 25 Mar 2015 05:30:37 +0000 (14:30 +0900)]
package: add changelog for 3.14.4
Change-Id: I489e815d248313e748d4962c3cbc1b8ba941ea98
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 02:05:50 +0000 (11:05 +0900)]
Smack Bring-up mode including unconfined feature
Change-Id: Ie875af7fcde4af981aab4eb0219eb7ece74ff558
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Sooyoung Ha [Wed, 25 Mar 2015 05:09:19 +0000 (14:09 +0900)]
package: version up
version update to 3.14.4
Change-Id: I106f66a67ab625559d377bb14e17fc92f415b113
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 02:03:13 +0000 (11:03 +0900)]
Smack: Lock mode for the floor and hat labels
The lock access mode allows setting a read lock on a file
for with the process has only read access. The floor label is
defined to make it easy to have the basic system installed such
that everyone can read it. Once there's a desire to read lock
(rationally or otherwise) a floor file a rule needs to get set.
This happens all the time, so make the floor label a little bit
more special and allow everyone lock access, too. By implication,
give processes with the hat label (hat can read everything)
lock access as well. This reduces clutter in the Smack rule set.
Change-Id: I09b6d234701b3efc67aad30bc3ea09da35c61792
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 02:02:03 +0000 (11:02 +0900)]
Security: smack: replace kzalloc with kmem_cache for inode_smack
The patch use kmem_cache to allocate/free inode_smack since they are
alloced in high volumes making it a perfect case for kmem_cache.
As per analysis, 24 bytes of memory is wasted per allocation due
to internal fragmentation. With kmem_cache, this can be avoided.
Accounting of memory allocation is below :
total slack net count-alloc/free caller
Before (with kzalloc)
1919872 719952 1919872 29998/0 new_inode_smack+0x14
After (with kmem_cache)
1201680 0 1201680 30042/0 new_inode_smack+0x18
>From above data, we found that 719952 bytes(~700 KB) of memory is
saved on allocation of 29998 smack inodes.
Change-Id: Ia930c48bb06eb9c461eb3cf449e25a3a53be7299
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 02:00:22 +0000 (11:00 +0900)]
security: smack: add kmem_cache for smack_master_list allocations
On ARM, sizeof(struct smack_master_list) == 12. Allocation by kmalloc() uses a
32-byte-long chunk to allocate 12 bytes. Just ask ksize(). It means that 63%
of memory is simply wasted for padding bytes.
The problem is fixed in this patch by using kmem_cache. The cache allocates
struct smack_master_list using 16-byte-long chunks according to ksize(). This
reduces amount of used memory by 50%.
Change-Id: Ice10c7eb1099931a82200081110275c5717b12be
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 01:58:44 +0000 (10:58 +0900)]
security: smack: add kmem_cache for smack_rule allocations
On ARM, sizeof(struct smack_rule)==20. Allocation by kmalloc() uses a
32-byte-long chunk to allocate 20 bytes. Just ask ksize(). It means that 40%
of memory is simply wasted for padding bytes.
The problem is fixed in this patch by using kmem_cache. The cache allocates
struct smack_rule using 24-byte-long chunks according to ksize(). This reduces
amount of used memory by 25%.
Change-Id: I2753cabc78c31b695ac07bf76cc8861232b64b1d
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Wed, 25 Mar 2015 01:58:10 +0000 (10:58 +0900)]
Fix a bidirectional UDS connect check
Change-Id: Ib074a4e8ea27fdfff3e30fb74ee90f32d68d37c9
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
SeokYeon Hwang [Wed, 25 Mar 2015 04:49:03 +0000 (13:49 +0900)]
initramfs: mount devtmpfs before switching root
Change-Id: I553ba3997f6873657787b404e3fe3cefa2867435
sungmin ha [Fri, 20 Mar 2015 07:07:27 +0000 (16:07 +0900)]
package: version up (3.14.3)
Change-Id: I66f3abba94b7cacf2b4f1a7a2e65bfee722a413e
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
sungmin ha [Fri, 13 Mar 2015 05:05:07 +0000 (14:05 +0900)]
config: enabled some kernel config for Tizen Zone
Change-Id: Icc49948b8eb9ef8e0c1a477ec6fa43a0f162c21b
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
Changseok Oh [Thu, 19 Mar 2015 01:49:03 +0000 (10:49 +0900)]
Merge "packaging: use linux-glibc-devel instread of emulator-kernel-headers" into tizen_2.4
Chanho Park [Tue, 17 Mar 2015 14:41:30 +0000 (23:41 +0900)]
packaging: use linux-glibc-devel instread of emulator-kernel-headers
Toolchain pakcages will be upgraded on tizen_2.4 branch soon. After
upgrading the packages, linux-glibc-devel package which is
kernel-headers based on linux-3.10 will be used for default kernel
header package.
Change-Id: Ia8fb8cf78c2c9c288f2faaa0ac4a42711f1efe80
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Sangho Park [Fri, 13 Mar 2015 09:58:14 +0000 (18:58 +0900)]
Package: change maintainer
Change-Id: I354790d812ff9ee08b582de43d4d68c7439f8a08
Signed-off-by: Sangho Park <sangho1206.park@samsung.com>
Sangho Park [Fri, 13 Mar 2015 02:02:10 +0000 (11:02 +0900)]
Merge "packaging: apply spec file to build emulator-kernel-user-headers" into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 02:01:53 +0000 (11:01 +0900)]
Merge "build: package version up (3.14.2)" into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 02:01:11 +0000 (11:01 +0900)]
Merge "netfilter: conntrack: disable generic tracking for known protocols" into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 02:00:58 +0000 (11:00 +0900)]
Merge "isofs: Fix unchecked printing of ER records" into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 02:00:47 +0000 (11:00 +0900)]
Merge "userns: Document what the invariant required for safe unprivileged mappings." into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 01:59:56 +0000 (10:59 +0900)]
Merge "isofs: Fix infinite looping over CE entries" into tizen_2.4
Sangho Park [Fri, 13 Mar 2015 01:59:36 +0000 (10:59 +0900)]
Merge "KEYS: close race between key lookup and freeing" into tizen_2.4
Sooyoung Ha [Thu, 12 Mar 2015 07:36:48 +0000 (16:36 +0900)]
packaging: apply spec file to build emulator-kernel-user-headers
this header package is for SWAP module build
Change-Id: Ib27108b391903ddf7eb79959a9117c7b4218c125
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
Jinhyung Choi [Thu, 12 Mar 2015 02:53:23 +0000 (11:53 +0900)]
build: package version up (3.14.2)
Change-Id: I1196a65af8298d2630f2f1230c9970aed0d77e28
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Thu, 12 Mar 2015 02:50:00 +0000 (11:50 +0900)]
sensor: a global sensor mutex for message transfer
Change-Id: I49f9506634aeb2d87cc24b931c186a8d24e25161
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Florian Westphal [Fri, 26 Sep 2014 09:35:42 +0000 (11:35 +0200)]
netfilter: conntrack: disable generic tracking for known protocols
Given following iptables ruleset:
-P FORWARD DROP
-A FORWARD -m sctp --dport 9 -j ACCEPT
-A FORWARD -p tcp --dport 80 -j ACCEPT
-A FORWARD -p tcp -m conntrack -m state ESTABLISHED,RELATED -j ACCEPT
One would assume that this allows SCTP on port 9 and TCP on port 80.
Unfortunately, if the SCTP conntrack module is not loaded, this allows
*all* SCTP communication, to pass though, i.e. -p sctp -j ACCEPT,
which we think is a security issue.
This is because on the first SCTP packet on port 9, we create a dummy
"generic l4" conntrack entry without any port information (since
conntrack doesn't know how to extract this information).
All subsequent packets that are unknown will then be in established
state since they will fallback to proto_generic and will match the
'generic' entry.
Our originally proposed version [1] completely disabled generic protocol
tracking, but Jozsef suggests to not track protocols for which a more
suitable helper is available, hence we now mitigate the issue for in
tree known ct protocol helpers only, so that at least NAT and direction
information will still be preserved for others.
[1] http://www.spinics.net/lists/netfilter-devel/msg33430.html
Joint work with Daniel Borkmann.
Change-Id: Ic099f9cb24e84946e6d0f4352ce1201380cef2e9
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Kara [Thu, 18 Dec 2014 16:26:10 +0000 (17:26 +0100)]
isofs: Fix unchecked printing of ER records
We didn't check length of rock ridge ER records before printing them.
Thus corrupted isofs image can cause us to access and print some memory
behind the buffer with obvious consequences.
Change-Id: Ie5dbb6d4e0773320442e26ab1fbd01a52f3f8042
Reported-and-tested-by: Carl Henrik Lunde <chlunde@ping.uio.no>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Eric W. Biederman [Fri, 5 Dec 2014 23:51:47 +0000 (17:51 -0600)]
userns: Document what the invariant required for safe unprivileged mappings.
The rule is simple. Don't allow anything that wouldn't be allowed
without unprivileged mappings.
It was previously overlooked that establishing gid mappings would
allow dropping groups and potentially gaining permission to files and
directories that had lesser permissions for a specific group than for
all other users.
This is the rule needed to fix CVE-2014-8989 and prevent any other
security issues with new_idmap_permitted.
The reason for this rule is that the unix permission model is old and
there are programs out there somewhere that take advantage of every
little corner of it. So allowing a uid or gid mapping to be
established without privielge that would allow anything that would not
be allowed without that mapping will result in expectations from some
code somewhere being violated. Violated expectations about the
behavior of the OS is a long way to say a security issue.
Change-Id: I66a4970dab52327190bc2c4540c4558219703267
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Jan Kara [Mon, 15 Dec 2014 13:22:46 +0000 (14:22 +0100)]
isofs: Fix infinite looping over CE entries
Rock Ridge extensions define so called Continuation Entries (CE) which
define where is further space with Rock Ridge data. Corrupted isofs
image can contain arbitrarily long chain of these, including a one
containing loop and thus causing kernel to end in an infinite loop when
traversing these entries.
Limit the traversal to 32 entries which should be more than enough space
to store all the Rock Ridge data.
Change-Id: Ia0475fc07ee3e8ecc1d53673439f32c175acc10b
Reported-by: P J P <ppandit@redhat.com>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Sasha Levin [Mon, 29 Dec 2014 14:39:01 +0000 (09:39 -0500)]
KEYS: close race between key lookup and freeing
When a key is being garbage collected, it's key->user would get put before
the ->destroy() callback is called, where the key is removed from it's
respective tracking structures.
This leaves a key hanging in a semi-invalid state which leaves a window open
for a different task to try an access key->user. An example is
find_keyring_by_name() which would dereference key->user for a key that is
in the process of being garbage collected (where key->user was freed but
->destroy() wasn't called yet - so it's still present in the linked list).
This would cause either a panic, or corrupt memory.
Fixes CVE-2014-9529.
Change-Id: I878791feeef1325bec21f3b69f4c0e449cdf32f2
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
sungmin ha [Wed, 11 Mar 2015 05:37:39 +0000 (14:37 +0900)]
package: version up(3.14.1)
Change-Id: Id1b14d75ade23a897789cfb4f35b994d2771d0c2
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
Vasiliy Ulyanov [Wed, 11 Mar 2015 02:47:27 +0000 (11:47 +0900)]
VIGS: workaround for qHD (540x960) video mode
Horizontal resolution was rounded up to 544 (GTF algorithm). It was
causing wrong rendering on emulator (black screen).
Change-Id: I15de1b24773c955c470db49f0ebb080f2e823989
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
Vasiliy Ulyanov [Mon, 9 Feb 2015 09:00:22 +0000 (12:00 +0300)]
VIGS: add new plane for cursor support
Change-Id: I20dcfa298a7223d6fb58e5781748b09d0978dc3d
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
SeokYeon Hwang [Mon, 26 Jan 2015 06:37:13 +0000 (15:37 +0900)]
initramfs: introduced prerun scripts.
It is very useful for manipulating some files on rootfs before init.
(Configuration files, ...)
Change-Id: I356a9190b80d3c46fb8f84e8f91d346c24263901
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Jinhyung Choi [Sun, 28 Dec 2014 03:07:51 +0000 (12:07 +0900)]
evdi: added IOCTL for booting done log
Change-Id: I08bc0f9ff1122efc84925c0af60d359c881a8ac1
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 5 Jan 2015 13:26:03 +0000 (22:26 +0900)]
evdi: removed emuld connection nofication.
- The connection message is sent by emuld.
Change-Id: I3d40c422c44e74bdf79b86e6ffe7c1ebe2e1a653
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
SeokYeon Hwang [Tue, 13 Jan 2015 10:43:23 +0000 (19:43 +0900)]
initramfs: support new-partitioned image
Support new-partitioned image.
Introduce rescue shell for emergency situation.
Change-Id: I4e81f3c7cbbf440a6812a85385869972892a491f
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Tue, 13 Jan 2015 10:40:51 +0000 (19:40 +0900)]
initramfs: using new built busybox
Using new built busybox for rich usage.
Change-Id: I8dc348dc5d8a1bc7d20a2aa6e5dd9bcfd79193e1
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Tue, 13 Jan 2015 10:39:28 +0000 (19:39 +0900)]
initramfs: generate /dev/console to avoid warning
Change-Id: Icbb2b0da9c2ddd846bd1d6853f987eb58808d2c1
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Mon, 12 Jan 2015 07:08:38 +0000 (16:08 +0900)]
initramfs: respect "init=", "root=" in kernel parameters
Change-Id: Id35d3b96deefc9df2b22471b734f6cebd9c79b97
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Mon, 12 Jan 2015 06:47:06 +0000 (15:47 +0900)]
initramfs: cleaned up
Using devtmpfs for populating /dev.
Removed pre-made dev nodes.
Removed pre-linked binaries to busybox.
Change-Id: I10be92fe41da52d3b8b05edbffd2a798a199b9ca
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Alice Liu [Mon, 22 Dec 2014 06:41:36 +0000 (14:41 +0800)]
build: package version up (2.0.8)
Change-Id: I3e8e1f5b24167c2b12cb25232026a9e0a5cd7ba4
Signed-off-by: Alice Liu <alice.liu@intel.com>
SeokYeon Hwang [Mon, 22 Dec 2014 05:15:22 +0000 (14:15 +0900)]
Merge branch 'tizen_next_linux_3.14' into tizen_next
Sooyoung Ha [Thu, 18 Dec 2014 06:30:47 +0000 (15:30 +0900)]
code conventions: apply the code conventions
You should use tab instead of space for indentation.
Change-Id: I43fb0cf0d397eeb84ffde490c19689e98f41ff16
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
Sooyoung Ha [Thu, 18 Dec 2014 06:12:26 +0000 (15:12 +0900)]
permission: remove useless execute permission
Change-Id: I0e44e362f0cbfd16b788613be637954b21111da7
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
sungmin ha [Tue, 16 Dec 2014 06:21:14 +0000 (15:21 +0900)]
hwkey: added virtqueue_add_inbuf before virtqueue_kick
Change-Id: Icf632a24426b6fb51cf77d59cea07e4bc6e73b23
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
gunsoo83.kim [Thu, 4 Dec 2014 07:27:39 +0000 (16:27 +0900)]
brillcodec: add ioctl/mmio command for profile module.
- To check the profile status, add ioctl/mmio command
in brillcodec driver.
Change-Id: Ia03f1b65f16ad8240214f267bf5839202f36ded3
Signed-off-by: gunsoo83.kim <gunsoo83.kim@samsung.com>
SeokYeon Hwang [Sun, 14 Sep 2014 10:01:14 +0000 (19:01 +0900)]
brillcodec: introduce new feature MEMORY_MONOPOLIZING
Change-Id: I9a35dce462efee60149ee5b168d3f2ba4c65ffff
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Sat, 13 Sep 2014 04:38:10 +0000 (13:38 +0900)]
brillcodec: re-arrange device command
Re-arrange device command.
Apply strict version checking.
Change-Id: Ia473254cef42b077662922a151314dbf51c6def4
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Fri, 12 Sep 2014 08:33:56 +0000 (17:33 +0900)]
brillcodec: introduce brillcodec version 3
Change-Id: Ie08b8b4ee8094ce20b9f80f52c72aadcd4f34df5
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Marcin Niesluchowski [Tue, 19 Aug 2014 12:26:32 +0000 (14:26 +0200)]
Smack: Fix setting label on successful file open
While opening with CAP_MAC_OVERRIDE file label is not set.
Other calls may access it after CAP_MAC_OVERRIDE is dropped from process.
Change-Id: I1d9cdeb325c397dfb0b97e60eb7b2842c1819d99
Signed-off-by: Marcin Niesluchowski <m.niesluchow@samsung.com>
Casey Schaufler [Mon, 21 Apr 2014 18:10:26 +0000 (11:10 -0700)]
Smack: Verify read access on file open - v3
Smack believes that many of the operatons that can
be performed on an open file descriptor are read operations.
The fstat and lseek system calls are examples.
An implication of this is that files shouldn't be open
if the task doesn't have read access even if it has
write access and the file is being opened write only.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I63d57bc62cd08fa4e1f128b544e7ed7316456e4c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:37:08 +0000 (16:37 -0700)]
Smack: bidirectional UDS connect check
Smack IPC policy requires that the sender have write access
to the receiver. UDS streams don't do per-packet checks. The
only check is done at connect time. The existing code checks
if the connecting process can write to the other, but not the
other way around. This change adds a check that the other end
can write to the connecting process.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I42bb66ba2f73c8e604bee85002fc9e419337732c
Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:35:36 +0000 (16:35 -0700)]
Smack: Correctly remove SMACK64TRANSMUTE attribute
Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I73e29d988fd5ca7502aeab01e340189420a95c75
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
José Bollo [Thu, 3 Apr 2014 11:48:41 +0000 (13:48 +0200)]
SMACK: Fix handling value==NULL in post setxattr
The function `smack_inode_post_setxattr` is called each
time that a setxattr is done, for any value of name.
The kernel allow to put value==NULL when size==0
to set an empty attribute value. The systematic
call to smk_import_entry was causing the dereference
of a NULL pointer hence a KERNEL PANIC!
The problem can be produced easily by issuing the
command `setfattr -n user.data file` under bash prompt
when SMACK is active.
Moving the call to smk_import_entry as proposed by this
patch is correcting the behaviour because the function
smack_inode_post_setxattr is called for the SMACK's
attributes only if the function smack_inode_setxattr validated
the value and its size (what will not be the case when size==0).
It also has a benefical effect to not fill the smack hash
with garbage values coming from any extended attribute
write.
Change-Id: Iaf0039c2be9bccb6cee11c24a3b44d209101fe47
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Pankaj Kumar [Fri, 13 Dec 2013 09:42:22 +0000 (15:12 +0530)]
bugfix patch for SMACK
1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But user without having this
capability is able to remove SMACK64MMAP security attribute.
2. While validating size and value of smack extended attribute in
smack_inode_setsecurity hook, wrong error code is returned.
Change-Id: Ie71e86840f47b6810aaf4ff9a577cdea8274925b
Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:06 +0000 (17:07 +0100)]
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.
Change-Id: I5459ff414e96dde0430ed8febd92c361c9dc1d81
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:05 +0000 (17:07 +0100)]
Smack: unify all ptrace accesses in the smack
The decision whether we can trace a process is made in the following
functions:
smack_ptrace_traceme()
smack_ptrace_access_check()
smack_bprm_set_creds() (in case the proces is traced)
This patch unifies all those decisions by introducing one function that
checks whether ptrace is allowed: smk_ptrace_rule_check().
This makes possible to actually trace with TRACEME where first the
TRACEME itself must be allowed and then exec() on a traced process.
Additional bugs fixed:
- The decision is made according to the mode parameter that is now correctly
translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1.
PTRACE_MODE_READ requires MAY_READ.
PTRACE_MODE_ATTACH requires MAY_READWRITE.
- Add a smack audit log in case of exec() refused by bprm_set_creds().
- Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info
in case this flag is set.
Change-Id: I43d82d480f331e8ef90da7c287b1e414d55ff394
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>