Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:53 +0000 (17:02 +0200)]
Small fixes in comments describing function parameters
Change-Id: I00ba993eb0f09b0ba7660c4c13f71cf6a5590298
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Rafal Krypa [Thu, 23 Oct 2014 16:09:42 +0000 (18:09 +0200)]
Smack: Bring-up access mode
People keep asking me for permissive mode, and I keep saying "no".
Permissive mode is wrong for more reasons than I can enumerate,
but the compelling one is that it's once on, never off.
Nonetheless, there is an argument to be made for running a
process with lots of permissions, logging which are required,
and then locking the process down. There wasn't a way to do
that with Smack, but this provides it.
The notion is that you start out by giving the process an
appropriate Smack label, such as "ATBirds". You create rules
with a wide range of access and the "b" mode. On Tizen it
might be:
ATBirds System rwxalb
ATBirds User rwxalb
ATBirds _ rwxalb
User ATBirds wb
System ATBirds wb
Accesses that fail will generate audit records. Accesses
that succeed because of rules marked with a "b" generate
log messages identifying the rule, the program and as much
object information as is convenient.
When the system is properly configured and the programs
brought in line with the labeling scheme the "b" mode can
be removed from the rules. When the system is ready for
production the facility can be configured out.
This provides the developer the convenience of permissive
mode without creating a system that looks like it is
enforcing a policy while it is not.
Change-Id: I7288e51166d4ed3df9c829a43fd1ba86a54ea224
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:49 +0000 (20:52 +0400)]
Smack: remove unneeded NULL-termination from securtity label
Values of extended attributes are stored as binary blobs. NULL-termination
of them isn't required. It just wastes disk space and confuses command-line
tools like getfattr because they have to print that zero byte at the end.
This patch removes terminating zero byte from initial security label in
smack_inode_init_security and cuts it out in function smack_inode_getsecurity
which is used by syscall getxattr. This change seems completely safe, because
function smk_parse_smack ignores everything after first zero byte.
Change-Id: Ia84dd11ac7fdec1b570da2659d5e86896344540a
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:43 +0000 (20:52 +0400)]
Smack: handle zero-length security labels without panic
Zero-length security labels are invalid but kernel should handle them.
This patch fixes kernel panic after setting zero-length security labels:
And after writing zero-length string into smackfs files syslog and onlycp:
The problem is caused by brain-damaged logic in function smk_parse_smack()
which takes pointer to buffer and its length but if length below or equal zero
it thinks that the buffer is zero-terminated. Unfortunately callers of this
function are widely used and proper fix requires serious refactoring.
Change-Id: Icf462c7ac2464d86093fa42a0ed012281b952571
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:33 +0000 (20:52 +0400)]
Smack: fix behavior of smack_inode_listsecurity
Security operation ->inode_listsecurity is used for generating list of
available extended attributes for syscall listxattr. Currently it's used
only in nfs4 or if filesystem doesn't provide i_op->listxattr.
The list is the set of NULL-terminated names, one after the other.
This method must include zero byte at the and into result.
Also this function must return length even if string does not fit into
output buffer or it is NULL, see similar method in selinux and man listxattr.
Change-Id: Ib6d53bb93a1487ce9cb47a63376a5e17976ea384
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
jinhyung.jo [Mon, 10 Nov 2014 03:55:41 +0000 (12:55 +0900)]
package: version up(2.0.6)
Change-Id: I7cfdce16be70f0b3d0fdb49ddf03d0f8be44d1a8
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Mon, 23 Jun 2014 07:34:18 +0000 (16:34 +0900)]
v4l2-core: Modified error code
The gst-plugins-good0.10 does not handle this error code(ENODATA).
Thus, using the error code(ENOTTY), it can handle.
Temporary patch, until gst-plugins-good is updated.
Change-Id: I95d6f01c1051e0f98f7ae1bbc1d386a04817bf65
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Alice Liu [Fri, 7 Nov 2014 06:14:14 +0000 (14:14 +0800)]
build: package version up (2.0.5)
Change-Id: I76a8d2c8eb6fcdeb0c7cd7f13c6188f4ae1a9aeb
Signed-off-by: Alice Liu <alice.liu@intel.com>
SeokYeon Hwang [Wed, 29 Oct 2014 11:47:47 +0000 (04:47 -0700)]
Merge "Revert "uname: Add Emulator specific name"" into tizen
SeokYeon Hwang [Wed, 29 Oct 2014 04:56:55 +0000 (13:56 +0900)]
config: enable CONFIG_FHANDLE
Enable CONFIG_FHANDLE for systemd >= 209.
Change-Id: I4f17ab5b6dc0d203812aad11d1dbf4e8bf50fb98
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Wed, 29 Oct 2014 04:49:17 +0000 (13:49 +0900)]
remove IVI specific config file
remove IVI specific config file and build script. It is not necessary anymore.
Change-Id: Ie477812d7b703a0fd7a0474c1b8f3a090f65793d
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Maciej Wereski [Fri, 24 Oct 2014 09:21:16 +0000 (11:21 +0200)]
Revert "uname: Add Emulator specific name"
This commit breaks userspace. systemd > 210 is unable to start, it also
causes problems with RPM.
Bug-Tizen: TC-1908
This reverts commit
3cbb49dcb48458572169d94bf7ec6015ed748f1b.
Change-Id: I46eba1846884f42503874921815eb5fac470fbce
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Jinhyung Choi [Wed, 15 Oct 2014 09:57:10 +0000 (18:57 +0900)]
sensor: added pressure, ultraviolet, and hrm sensor
- modified and converted the value (sync with sensor fw)
Change-Id: I087418ae5c756042489d558d32b92baef6492e6a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Chanho Park [Fri, 12 Sep 2014 02:03:01 +0000 (11:03 +0900)]
perf tools: define _DEFAULT_SOURCE for glibc_2.20
_BSD_SOURCE was deprecated in favour of _DEFAULT_SOURCE since glibc
2.20[1]. To avoid build warning on glibc2.20, _DEFAULT_SOURCE should
also be defined.
[1]: https://sourceware.org/glibc/wiki/Release/2.20
Change-Id: If79141944eab78f0fa6a747a4cf1c9109d59485e
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Philippe Coval [Tue, 30 Sep 2014 13:34:42 +0000 (15:34 +0200)]
packaging: makes repo / tarball name matching and other config fixes
Change-Id: I99ec485c8cf4cb7c3f8f460a730dc3f8d42d9559
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
Philippe Coval [Fri, 5 Sep 2014 09:09:23 +0000 (11:09 +0200)]
packaging: workaround missing v3.12.18 tag from upstream git
The right way to fix it maintainer side is :
git remote add upstream https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable
git fetch --tags
git push --tags origin
Change-Id: I0443946e85fc43d474afe4f8f48c87f571becacb
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
SeokYeon Hwang [Mon, 15 Sep 2014 04:50:59 +0000 (21:50 -0700)]
Merge "VIGS: Remove rotation definitions" into tizen
Vasiliy Ulyanov [Thu, 11 Sep 2014 13:17:35 +0000 (17:17 +0400)]
VIGS: Remove rotation definitions
Change-Id: I1f2b1044eef71954fe678cf037837e3d9d615f8e
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
Philippe Coval [Fri, 5 Sep 2014 09:55:44 +0000 (11:55 +0200)]
packaging: build only for emulator supported target
At the moment only ia32 emulator is supported.
It may be expanded to other targets later if supported
Change-Id: If75035c02606b5ea1cf71eeea1c3c8de7084cb90
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
Sangho Park [Fri, 5 Sep 2014 00:50:39 +0000 (17:50 -0700)]
Merge "package: Prevent marking "+" at kernel version." into tizen
Sangho Park [Thu, 4 Sep 2014 12:29:28 +0000 (05:29 -0700)]
Merge "Smack: Fix setting label on successful file open" into tizen
Sangho Park [Thu, 4 Sep 2014 12:27:52 +0000 (05:27 -0700)]
Merge "packaging: Initial packaging on 3.12.18 for Tizen" into tizen
SeokYeon Hwang [Thu, 4 Sep 2014 02:08:40 +0000 (11:08 +0900)]
package: Prevent marking "+" at kernel version.
Prevent marking "+" at kernel version.
Version up 2.0.4.
Change-Id: I21f1d0da59007e343533b43ea48fbefc689ad540
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Philippe Coval [Fri, 29 Aug 2014 16:46:21 +0000 (18:46 +0200)]
packaging: Initial packaging on 3.12.18 for Tizen
kernel-emulator.spec file is based on current version of kernel-common
.gbs.conf uses tags from upstream
Change-Id: I7cf72591d5acfb68b9a7127b577dbad5c02f3813
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
jinhyung.jo [Thu, 28 Aug 2014 01:13:25 +0000 (10:13 +0900)]
package: version up
up to 2.0.3
Change-Id: I856f8c95254491106ed40cc0a2969ce67f7b9fb4
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:31 +0000 (04:34 -0700)]
Merge changes Ic127028b,I00f81cd8 into tizen
* changes:
VIGS: Implement plane flip/rotate
VIGS: fix DPMS deadlock
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:08 +0000 (04:34 -0700)]
Merge changes If3e687d6,Ic16f1bd8 into tizen
* changes:
VIGS: Support YUV420 planar format
VIGS: Support DP memory and planar pixel formats
Marcin Niesluchowski [Tue, 19 Aug 2014 12:26:32 +0000 (14:26 +0200)]
Smack: Fix setting label on successful file open
While opening with CAP_MAC_OVERRIDE file label is not set.
Other calls may access it after CAP_MAC_OVERRIDE is dropped from process.
Change-Id: I1d9cdeb325c397dfb0b97e60eb7b2842c1819d99
Signed-off-by: Marcin Niesluchowski <m.niesluchow@samsung.com>
Stanislav Vorobiov [Fri, 22 Aug 2014 06:53:21 +0000 (10:53 +0400)]
VIGS: Implement plane flip/rotate
Planes can now be horizontally/vertically flipped
and rotated by 90, 180 or 270 degrees
Change-Id: Ic127028b25fcb4f83ef4edb488c49c2da71cf8ec
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Fri, 4 Jul 2014 13:31:29 +0000 (17:31 +0400)]
VIGS: Support YUV420 planar format
Change-Id: If3e687d6e8a53fe0ab551475c90851b4e60ebf79
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Tue, 5 Aug 2014 10:16:32 +0000 (14:16 +0400)]
VIGS: fix DPMS deadlock
fb call chain callback might issue FB_BLANK event
itself, this leads to DPMS call in DRM. If fb call
chain walk is initiated from DPMS then this leads to
deadlock
Change-Id: I00f81cd8f81ea783f740f11767f65e4c01097989
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Wed, 11 Jun 2014 15:25:52 +0000 (19:25 +0400)]
VIGS: Support DP memory and planar pixel formats
DP memory is used by some of the tizen
gstreamer plugins, TBM and X.Org video driver.
Its main purpose is to share GEM buffers between
media decoding and presentation layers
Planar pixel formats such as NV21 need to be
supported in order to be able to play video right
from decoder's output buffer, i.e. without
converting it to RGB
Change-Id: Ic16f1bd8b53e73b8ca0d3a5a3a52442f3c04770c
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
SeokYeon Hwang [Wed, 13 Aug 2014 04:31:07 +0000 (13:31 +0900)]
brillcodec: add new command for reducing I/O
Add command CODEC_DECODE_VIDEO2.
Clean-up source.
Change-Id: I37f8a6b3c08021e3db4a4f020b663c3f89ad8edf
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Munkyu Im [Fri, 11 Jul 2014 11:57:26 +0000 (20:57 +0900)]
package: version up
Change-Id: Iffa790f15e45521b19a77f1a45d1562fd2e1dff8
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Munkyu Im [Fri, 11 Jul 2014 11:56:55 +0000 (20:56 +0900)]
uname: Add Emulator specific name
To distinguish between real device and emulator,
add "_emulated" postfix into machine hardware name.
Change-Id: I0a801a127d0fb62314d6d30cac03febfd6d49801
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Jinhyung Choi [Mon, 7 Jul 2014 04:58:00 +0000 (13:58 +0900)]
sensor: added rotation vector sensor driver
also added error handling of sensor init when one of sensors' init is failed.
Change-Id: I1fcaa4c454da8270c07c035789ace91225f2993b
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 4 Jul 2014 07:31:47 +0000 (16:31 +0900)]
debug: changed the way to print debug message
To enable debug message,
use 'echo 1 > /sys/module/maru_virtio_sensor/parameters/sensor_driver_debug'
Change-Id: I6c4b783b83563ea89c28161bed67af6e8dccb8c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
SeokYeon Hwang [Tue, 24 Jun 2014 04:46:07 +0000 (21:46 -0700)]
Merge "build: package version up (2.0.1)" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:44:46 +0000 (21:44 -0700)]
Merge "sensors: device name changed to maru_sensor_[sensor_name]_1" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:43:54 +0000 (21:43 -0700)]
Merge "sensor: haptic device is added." into tizen
SeokYeon Hwang [Mon, 23 Jun 2014 06:29:11 +0000 (23:29 -0700)]
Merge changes I6ad55d04,I63d57bc6,I42bb66ba,I73e29d98,Iaf0039c2,Ie71e8684,I5459ff41,I43d82d48,I8ed75cea,Ib922cfec,I318b7d92,Ie9d53eca,Ibe366a4b,I473b1f61 into tizen
* changes:
Warning in scanf string typing
Smack: Verify read access on file open - v3
Smack: bidirectional UDS connect check
Smack: Correctly remove SMACK64TRANSMUTE attribute
SMACK: Fix handling value==NULL in post setxattr
bugfix patch for SMACK
Smack: adds smackfs/ptrace interface
Smack: unify all ptrace accesses in the smack
Smack: fix the subject/object order in smack_ptrace_traceme()
Minor improvement of 'smack_sb_kern_mount'
smack: call WARN_ONCE() instead of calling audit_log_start()
Smack: File receive audit correction
Smack: Rationalize mount restrictions
Smack: change rule cap check
SeokYeon Hwang [Mon, 23 Jun 2014 06:26:07 +0000 (23:26 -0700)]
Merge "Smack: Prevent the * and @ labels from being used in SMACK64EXEC" into tizen
Toralf Förster [Sun, 27 Apr 2014 17:33:34 +0000 (19:33 +0200)]
Warning in scanf string typing
This fixes a warning about the mismatch of types between
the declared unsigned and integer.
Change-Id: I6ad55d04b096092ae557ff0abf4e6bd87faab806
Signed-off-by: Toralf Förster <toralf.foerster@gmx.de>
Casey Schaufler [Mon, 21 Apr 2014 18:10:26 +0000 (11:10 -0700)]
Smack: Verify read access on file open - v3
Smack believes that many of the operatons that can
be performed on an open file descriptor are read operations.
The fstat and lseek system calls are examples.
An implication of this is that files shouldn't be open
if the task doesn't have read access even if it has
write access and the file is being opened write only.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I63d57bc62cd08fa4e1f128b544e7ed7316456e4c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:37:08 +0000 (16:37 -0700)]
Smack: bidirectional UDS connect check
Smack IPC policy requires that the sender have write access
to the receiver. UDS streams don't do per-packet checks. The
only check is done at connect time. The existing code checks
if the connecting process can write to the other, but not the
other way around. This change adds a check that the other end
can write to the connecting process.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I42bb66ba2f73c8e604bee85002fc9e419337732c
Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:35:36 +0000 (16:35 -0700)]
Smack: Correctly remove SMACK64TRANSMUTE attribute
Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I73e29d988fd5ca7502aeab01e340189420a95c75
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
José Bollo [Thu, 3 Apr 2014 11:48:41 +0000 (13:48 +0200)]
SMACK: Fix handling value==NULL in post setxattr
The function `smack_inode_post_setxattr` is called each
time that a setxattr is done, for any value of name.
The kernel allow to put value==NULL when size==0
to set an empty attribute value. The systematic
call to smk_import_entry was causing the dereference
of a NULL pointer hence a KERNEL PANIC!
The problem can be produced easily by issuing the
command `setfattr -n user.data file` under bash prompt
when SMACK is active.
Moving the call to smk_import_entry as proposed by this
patch is correcting the behaviour because the function
smack_inode_post_setxattr is called for the SMACK's
attributes only if the function smack_inode_setxattr validated
the value and its size (what will not be the case when size==0).
It also has a benefical effect to not fill the smack hash
with garbage values coming from any extended attribute
write.
Change-Id: Iaf0039c2be9bccb6cee11c24a3b44d209101fe47
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Pankaj Kumar [Fri, 13 Dec 2013 09:42:22 +0000 (15:12 +0530)]
bugfix patch for SMACK
1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But user without having this
capability is able to remove SMACK64MMAP security attribute.
2. While validating size and value of smack extended attribute in
smack_inode_setsecurity hook, wrong error code is returned.
Change-Id: Ie71e86840f47b6810aaf4ff9a577cdea8274925b
Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:06 +0000 (17:07 +0100)]
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.
Change-Id: I5459ff414e96dde0430ed8febd92c361c9dc1d81
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:05 +0000 (17:07 +0100)]
Smack: unify all ptrace accesses in the smack
The decision whether we can trace a process is made in the following
functions:
smack_ptrace_traceme()
smack_ptrace_access_check()
smack_bprm_set_creds() (in case the proces is traced)
This patch unifies all those decisions by introducing one function that
checks whether ptrace is allowed: smk_ptrace_rule_check().
This makes possible to actually trace with TRACEME where first the
TRACEME itself must be allowed and then exec() on a traced process.
Additional bugs fixed:
- The decision is made according to the mode parameter that is now correctly
translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1.
PTRACE_MODE_READ requires MAY_READ.
PTRACE_MODE_ATTACH requires MAY_READWRITE.
- Add a smack audit log in case of exec() refused by bprm_set_creds().
- Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info
in case this flag is set.
Change-Id: I43d82d480f331e8ef90da7c287b1e414d55ff394
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:04 +0000 (17:07 +0100)]
Smack: fix the subject/object order in smack_ptrace_traceme()
The order of subject/object is currently reversed in
smack_ptrace_traceme(). It is currently checked if the tracee has a
capability to trace tracer and according to this rule a decision is made
whether the tracer will be allowed to trace tracee.
Change-Id: I8ed75ceabe822c70cf9bdccda004139c4c817248
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
José Bollo [Wed, 8 Jan 2014 14:53:05 +0000 (15:53 +0100)]
Minor improvement of 'smack_sb_kern_mount'
Fix a possible memory access fault when transmute is true and isp is NULL.
Change-Id: Ib922cfec405067ec5592880c4ae447969ba96633
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Richard Guy Briggs [Thu, 21 Nov 2013 18:57:33 +0000 (13:57 -0500)]
smack: call WARN_ONCE() instead of calling audit_log_start()
Remove the call to audit_log() (which call audit_log_start()) and deal with
the errors in the caller, logging only once if the condition is met. Calling
audit_log_start() in this location makes buffer allocation and locking more
complicated in the calling tree (audit_filter_user()).
Change-Id: I318b7d926a10e9d63dfe170450345799788c6f12
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Casey Schaufler [Tue, 31 Dec 2013 01:37:45 +0000 (17:37 -0800)]
Smack: File receive audit correction
Eric Paris politely points out:
Inside smack_file_receive() it seems like you are initting the audit
field with LSM_AUDIT_DATA_TASK. And then use
smk_ad_setfield_u_fs_path().
Seems like LSM_AUDIT_DATA_PATH would make more sense. (and depending
on how it's used fix a crash...)
He is correct. This puts things in order.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ie9d53ecac34d6332658c74739596ae7056574bad
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Mon, 30 Dec 2013 17:38:00 +0000 (09:38 -0800)]
Smack: Rationalize mount restrictions
The mount restrictions imposed by Smack rely heavily on the
use of the filesystem "floor", which is the label that all
processes writing to the filesystem must have access to. It
turns out that while the "floor" notion is sound, it has yet
to be fully implemented and has never been used.
The sb_mount and sb_umount hooks only make sense if the
filesystem floor is used actively, and it isn't. They can
be reintroduced if a rational restriction comes up. Until
then, they get removed.
The sb_kern_mount hook is required for the option processing.
It is too permissive in the case of unprivileged mounts,
effectively bypassing the CAP_MAC_ADMIN restrictions if
any of the smack options are specified. Unprivileged mounts
are no longer allowed to set Smack filesystem options.
Additionally, the root and default values are set to the
label of the caller, in keeping with the policy that objects
get the label of their creator.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ibe366a4b0d1827d271de8700446e3fa8d7e0b8df
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 19 Dec 2013 21:23:26 +0000 (13:23 -0800)]
Smack: change rule cap check
smk_write_change_rule() is calling capable rather than
the more correct smack_privileged(). This allows for setting
rules in violation of the onlycap facility. This is the
simple repair.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I473b1f610e0bc8f349babfac440b77e26fb1f073
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 17 Dec 2013 00:27:26 +0000 (16:27 -0800)]
Smack: Prevent the * and @ labels from being used in SMACK64EXEC
Smack prohibits processes from using the star ("*") and web ("@") labels
because we don't want files with those labels getting created implicitly.
All setting of those labels should be done explicitly. The trouble is that
there is no check for these labels in the processing of SMACK64EXEC. That
is repaired.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ie95848da70efd6f5a5b7081a4bf943891396e748
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Jinhyung Choi [Fri, 20 Jun 2014 05:25:31 +0000 (14:25 +0900)]
build: package version up (2.0.1)
Change-Id: I9ea7ba4297541cf1d9e59afc4a8c31e8a2e1cbfe
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 20 Jun 2014 03:37:28 +0000 (12:37 +0900)]
sensors: device name changed to maru_sensor_[sensor_name]_1
Change-Id: I845d1bb1ae551ad1cea8640e372acbdbe5b4919c
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Wed, 18 Jun 2014 08:05:19 +0000 (17:05 +0900)]
sensor: haptic device is added.
Change-Id: Ib91965250546c302afab31969a8ff3ccc3fab4c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:37:27 +0000 (10:37 +0900)]
sensors: created virtual device for accel, gyro, geo, light, and proxi
Change-Id: I554643e382212dcb06ef82e8b7cc00424b321e42
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:36:24 +0000 (10:36 +0900)]
evdi: added guest emuld connection message to qemu
Change-Id: I045e87cca57859c72e15a806463fe9726b42f72a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:34:47 +0000 (10:34 +0900)]
jacks & power: changed max buf size to 512
Change-Id: I02fd40b37f6d295e546122e8f18ca1c1ddb7d5fc
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Sooyoung Ha [Mon, 16 Jun 2014 11:19:51 +0000 (20:19 +0900)]
vmodem: make a vmodem device driver using virtio.
Change-Id: I792569d5718e72ff25410b13fc3b03c3631b3bff
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
jinhyung.jo [Wed, 11 Jun 2014 06:14:24 +0000 (15:14 +0900)]
maru-overlay: remove device
Since VIGS supports the planes,
the maru overlay is unnecessary
Change-Id: I0bfd0120eb64684d144b0c82bf845c56af668048
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Tue, 10 Jun 2014 05:19:05 +0000 (14:19 +0900)]
package: major version up to 2.0.0
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Stanislav Vorobiov [Wed, 4 Jun 2014 07:33:19 +0000 (11:33 +0400)]
config: disable seccomp
seccomp is currently causing problems with
xwalk/chromium, GPU process is crashing because
it accesses files/devices not whitelisted in sandbox.
Currently both Tizen IVI device kernel and Tizen Mobile
kernel have this disabled in their configs, so we
should do this too
Change-Id: Ie50e1c4b00fea42f20b7749ab7ad496a715ab846
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Munkyu Im [Tue, 13 May 2014 10:08:56 +0000 (19:08 +0900)]
nfc: Support old protocol
Change nfc packet size
Change-Id: I0af5d7699434f2ac94e28dfb26eb3fb673f9b00a
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Kitae Kim [Tue, 13 May 2014 06:14:16 +0000 (15:14 +0900)]
package: version up
1.4.36
Change-Id: I84892ed263ef33cf95132c770e17a470bc3a38bf
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
SeokYeon Hwang [Tue, 13 May 2014 02:35:05 +0000 (11:35 +0900)]
Merge branch 'tizen_linux_3.12' into tizen_linux_3.12
Change-Id: I13bba253a3677ca51a9d15c0f3e31f57aba70270
Kitae Kim [Fri, 9 May 2014 08:56:58 +0000 (17:56 +0900)]
package: add dibs build script
Change-Id: If1a0bcd4c1a91e6a74415e04f2505509eceed565
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
SeokYeon Hwang [Wed, 7 May 2014 06:36:57 +0000 (15:36 +0900)]
Merge branch 'linux-3.12.y' into tizen_linux_3.12
Jiri Slaby [Fri, 18 Apr 2014 09:14:28 +0000 (11:14 +0200)]
Linux 3.12.18
Ard Biesheuvel [Thu, 27 Mar 2014 17:14:40 +0000 (18:14 +0100)]
crypto: ghash-clmulni-intel - use C implementation for setkey()
commit
8ceee72808d1ae3fb191284afc2257a2be964725 upstream.
The GHASH setkey() function uses SSE registers but fails to call
kernel_fpu_begin()/kernel_fpu_end(). Instead of adding these calls, and
then having to deal with the restriction that they cannot be called from
interrupt context, move the setkey() implementation to the C domain.
Note that setkey() does not use any particular SSE features and is not
expected to become a performance bottleneck.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Fixes:
0e1227d356e9b (crypto: ghash - Add PCLMULQDQ accelerated implementation)
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Vineet Gupta [Sat, 5 Apr 2014 10:00:22 +0000 (15:30 +0530)]
ARC: [nsimosci] Unbork console
commit
61fb4bfc010b0d2940f7fd87acbce6a0f03217cb upstream.
Despite the switch to right UART driver (prev patch), serial console
still doesn't work due to missing CONFIG_SERIAL_OF_PLATFORM
Also fix the default cmdline in DT to not refer to out-of-tree
ARC framebuffer driver for console.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Mischa Jonker [Thu, 16 May 2013 17:36:08 +0000 (19:36 +0200)]
ARC: [nsimosci] Change .dts to use generic 8250 UART
commit
6eda477b3c54b8236868c8784e5e042ff14244f0 upstream.
The Synopsys APB DW UART has a couple of special features that are not
in the System C model. In 3.8, the 8250_dw driver didn't really use these
features, but from 3.9 onwards, the 8250_dw driver has become incompatible
with our model.
Signed-off-by: Mischa Jonker <mjonker@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Sasha Levin [Sun, 30 Mar 2014 00:39:35 +0000 (20:39 -0400)]
rds: prevent dereference of a NULL device in rds_iw_laddr_check
[ Upstream commit
bf39b4247b8799935ea91d90db250ab608a58e50 ]
Binding might result in a NULL device which is later dereferenced
without checking.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Dan Carpenter [Tue, 8 Apr 2014 09:23:09 +0000 (12:23 +0300)]
isdnloop: several buffer overflows
[ Upstream commit
7563487cbf865284dcd35e9ef5a95380da046737 ]
There are three buffer overflows addressed in this patch.
1) In isdnloop_fake_err() we add an 'E' to a 60 character string and
then copy it into a 60 character buffer. I have made the destination
buffer 64 characters and I'm changed the sprintf() to a snprintf().
2) In isdnloop_parse_cmd(), p points to a 6 characters into a 60
character buffer so we have 54 characters. The ->eazlist[] is 11
characters long. I have modified the code to return if the source
buffer is too long.
3) In isdnloop_command() the cbuf[] array was 60 characters long but the
max length of the string then can be up to 79 characters. I made the
cbuf array 80 characters long and changed the sprintf() to snprintf().
I also removed the temporary "dial" buffer and changed it to use "p"
directly.
Unfortunately, we pass the "cbuf" string from isdnloop_command() to
isdnloop_writecmd() which truncates anything over 60 characters to make
it fit in card->omsg[]. (It can accept values up to 255 characters so
long as there is a '\n' character every 60 characters). For now I have
just fixed the memory corruption bug and left the other problems in this
driver alone.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
YOSHIFUJI Hideaki [Wed, 2 Apr 2014 03:48:42 +0000 (12:48 +0900)]
isdnloop: Validate NUL-terminated strings from user.
[ Upstream commit
77bc6bed7121936bb2e019a8c336075f4c8eef62 ]
Return -EINVAL unless all of user-given strings are correctly
NUL-terminated.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Mike Rapoport [Tue, 1 Apr 2014 06:23:01 +0000 (09:23 +0300)]
net: vxlan: fix crash when interface is created with no group
[ Upstream commit
5933a7bbb5de66482ea8aa874a7ebaf8e67603c4 ]
If the vxlan interface is created without explicit group definition,
there are corner cases which may cause kernel panic.
For instance, in the following scenario:
node A:
$ ip link add dev vxlan42 address 2c:c2:60:00:10:20 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.1/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.2 2c:c2:60:00:01:02
$ bridge fdb add dev vxlan42 to 2c:c2:60:00:01:02 dst <IPv4 address>
$ ping 10.0.0.2
node B:
$ ip link add dev vxlan42 address 2c:c2:60:00:01:02 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.2/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.1 2c:c2:60:00:10:20
node B crashes:
vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
BUG: unable to handle kernel NULL pointer dereference at
0000000000000046
IP: [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
PGD
7bd89067 PUD
7bd4e067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.0-rc8-hvx-xen-00019-g97a5221-dirty #154
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task:
ffff88007c774f50 ti:
ffff88007c79c000 task.ti:
ffff88007c79c000
RIP: 0010:[<
ffffffff8143c459>] [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
RSP: 0018:
ffff88007fd03668 EFLAGS:
00010282
RAX:
0000000000000000 RBX:
ffffffff8186a000 RCX:
0000000000000040
RDX:
0000000000000000 RSI:
ffff88007b0e4a80 RDI:
ffff88007fd03754
RBP:
ffff88007fd03688 R08:
ffff88007b0e4a80 R09:
0000000000000000
R10:
0200000a0100000a R11:
0001002200000000 R12:
ffff88007fd03740
R13:
ffff88007b0e4a80 R14:
ffff88007b0e4a80 R15:
ffff88007bba0c50
FS:
0000000000000000(0000) GS:
ffff88007fd00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000046 CR3:
000000007bb60000 CR4:
00000000000006e0
Stack:
0000000000000000 ffff88007fd037a0 ffffffff8186a000 ffff88007fd03740
ffff88007fd036c8 ffffffff814320bb 0000000000006e49 ffff88007b8b7360
ffff88007bdbf200 ffff88007bcbc000 ffff88007b8b7000 ffff88007b8b7360
Call Trace:
<IRQ>
[<
ffffffff814320bb>] ip6_dst_lookup_tail+0x2d/0xa4
[<
ffffffff814322a5>] ip6_dst_lookup+0x10/0x12
[<
ffffffff81323b4e>] vxlan_xmit_one+0x32a/0x68c
[<
ffffffff814a325a>] ? _raw_spin_unlock_irqrestore+0x12/0x14
[<
ffffffff8104c551>] ? lock_timer_base.isra.23+0x26/0x4b
[<
ffffffff8132451a>] vxlan_xmit+0x66a/0x6a8
[<
ffffffff8141a365>] ? ipt_do_table+0x35f/0x37e
[<
ffffffff81204ba2>] ? selinux_ip_postroute+0x41/0x26e
[<
ffffffff8139d0c1>] dev_hard_start_xmit+0x2ce/0x3ce
[<
ffffffff8139d491>] __dev_queue_xmit+0x2d0/0x392
[<
ffffffff813b380f>] ? eth_header+0x28/0xb5
[<
ffffffff8139d569>] dev_queue_xmit+0xb/0xd
[<
ffffffff813a5aa6>] neigh_resolve_output+0x134/0x152
[<
ffffffff813db741>] ip_finish_output2+0x236/0x299
[<
ffffffff813dc074>] ip_finish_output+0x98/0x9d
[<
ffffffff813dc749>] ip_output+0x62/0x67
[<
ffffffff813da9f2>] dst_output+0xf/0x11
[<
ffffffff813dc11c>] ip_local_out+0x1b/0x1f
[<
ffffffff813dcf1b>] ip_send_skb+0x11/0x37
[<
ffffffff813dcf70>] ip_push_pending_frames+0x2f/0x33
[<
ffffffff813ff732>] icmp_push_reply+0x106/0x115
[<
ffffffff813ff9e4>] icmp_reply+0x142/0x164
[<
ffffffff813ffb3b>] icmp_echo.part.16+0x46/0x48
[<
ffffffff813c1d30>] ? nf_iterate+0x43/0x80
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813ffb62>] icmp_echo+0x25/0x27
[<
ffffffff814005f7>] icmp_rcv+0x1d2/0x20a
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813d810d>] ip_local_deliver_finish+0xd6/0x14f
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
[<
ffffffff813d82bf>] ip_local_deliver+0x4a/0x4f
[<
ffffffff813d7f7b>] ip_rcv_finish+0x253/0x26a
[<
ffffffff813d7d28>] ? inet_add_protocol+0x3e/0x3e
[<
ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
[<
ffffffff813d856a>] ip_rcv+0x2a6/0x2ec
[<
ffffffff8139a9a0>] __netif_receive_skb_core+0x43e/0x478
[<
ffffffff812a346f>] ? virtqueue_poll+0x16/0x27
[<
ffffffff8139aa2f>] __netif_receive_skb+0x55/0x5a
[<
ffffffff8139aaaa>] process_backlog+0x76/0x12f
[<
ffffffff8139add8>] net_rx_action+0xa2/0x1ab
[<
ffffffff81047847>] __do_softirq+0xca/0x1d1
[<
ffffffff81047ace>] irq_exit+0x3e/0x85
[<
ffffffff8100b98b>] do_IRQ+0xa9/0xc4
[<
ffffffff814a37ad>] common_interrupt+0x6d/0x6d
<EOI>
[<
ffffffff810378db>] ? native_safe_halt+0x6/0x8
[<
ffffffff810110c7>] default_idle+0x9/0xd
[<
ffffffff81011694>] arch_cpu_idle+0x13/0x1c
[<
ffffffff8107480d>] cpu_startup_entry+0xbc/0x137
[<
ffffffff8102e741>] start_secondary+0x1a0/0x1a5
Code: 24 14 e8 f1 e5 01 00 31 d2 a8 32 0f 95 c2 49 8b 44 24 2c 49 0b 44 24 24 74 05 83 ca 04 eb 1c 4d 85 ed 74 17 49 8b 85 a8 02 00 00 <66> 8b 40 46 66 c1 e8 07 83 e0 07 c1 e0 03 09 c2 4c 89 e6 48 89
RIP [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
RSP <
ffff88007fd03668>
CR2:
0000000000000046
---[ end trace
4612329caab37efd ]---
When vxlan interface is created without explicit group definition, the
default_dst protocol family is initialiazed to AF_UNSPEC and the driver
assumes IPv4 configuration. On the other side, the default_dst protocol
family is used to differentiate between IPv4 and IPv6 cases and, since,
AF_UNSPEC != AF_INET, the processing takes the IPv6 path.
Making the IPv4 assumption explicit by settting default_dst protocol
family to AF_INET4 and preventing mixing of IPv4 and IPv6 addresses in
snooped fdb entries fixes the corner case crashes.
Signed-off-by: Mike Rapoport <mike.rapoport@ravellosystems.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Wei Liu [Tue, 1 Apr 2014 11:46:12 +0000 (12:46 +0100)]
xen-netback: disable rogue vif in kthread context
[ Upstream commit
e9d8b2c2968499c1f96563e6522c56958d5a1d0d ]
When netback discovers frontend is sending malformed packet it will
disables the interface which serves that frontend.
However disabling a network interface involving taking a mutex which
cannot be done in softirq context, so we need to defer this process to
kthread context.
This patch does the following:
1. introduce a flag to indicate the interface is disabled.
2. check that flag in TX path, don't do any work if it's true.
3. check that flag in RX path, turn off that interface if it's true.
The reason to disable it in RX path is because RX uses kthread. After
this change the behavior of netback is still consistent -- it won't do
any TX work for a rogue frontend, and the interface will be eventually
turned off.
Also change a "continue" to "break" after xenvif_fatal_tx_err, as it
doesn't make sense to continue processing packets if frontend is rogue.
This is a fix for XSA-90.
Reported-by: Török Edwin <edwin@etorok.net>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Pablo Neira [Tue, 1 Apr 2014 17:38:44 +0000 (19:38 +0200)]
netlink: don't compare the nul-termination in nla_strcmp
[ Upstream commit
8b7b932434f5eee495b91a2804f5b64ebb2bc835 ]
nla_strcmp compares the string length plus one, so it's implicitly
including the nul-termination in the comparison.
int nla_strcmp(const struct nlattr *nla, const char *str)
{
int len = strlen(str) + 1;
...
d = memcmp(nla_data(nla), str, len);
However, if NLA_STRING is used, userspace can send us a string without
the nul-termination. This is a problem since the string
comparison will not match as the last byte may be not the
nul-termination.
Fix this by skipping the comparison of the nul-termination if the
attribute data is nul-terminated. Suggested by Thomas Graf.
Cc: Florian Westphal <fw@strlen.de>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Hannes Frederic Sowa [Mon, 31 Mar 2014 18:14:10 +0000 (20:14 +0200)]
ipv6: some ipv6 statistic counters failed to disable bh
[ Upstream commit
43a43b6040165f7b40b5b489fe61a4cb7f8c4980 ]
After commit
c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify
processing to workqueue") some counters are now updated in process context
and thus need to disable bh before doing so, otherwise deadlocks can
happen on 32-bit archs. Fabio Estevam noticed this while while mounting
a NFS volume on an ARM board.
As a compensation for missing this I looked after the other *_STATS_BH
and found three other calls which need updating:
1) icmp6_send: ip6_fragment -> icmpv6_send -> icmp6_send (error handling)
2) ip6_push_pending_frames: rawv6_sendmsg -> rawv6_push_pending_frames -> ...
(only in case of icmp protocol with raw sockets in error handling)
3) ping6_v6_sendmsg (error handling)
Fixes:
c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify processing to workqueue")
Reported-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Paul Durrant [Fri, 28 Mar 2014 11:39:05 +0000 (11:39 +0000)]
xen-netback: remove pointless clause from if statement
[ Upstream commit
0576eddf24df716d8570ef8ca11452a9f98eaab2 ]
This patch removes a test in start_new_rx_buffer() that checks whether
a copy operation is less than MAX_BUFFER_OFFSET in length, since
MAX_BUFFER_OFFSET is defined to be PAGE_SIZE and the only caller of
start_new_rx_buffer() already limits copy operations to PAGE_SIZE or less.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Sander Eikelenboom <linux@eikelenboom.it>
Reported-By: Sander Eikelenboom <linux@eikelenboom.it>
Tested-By: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Michael S. Tsirkin [Thu, 27 Mar 2014 10:53:37 +0000 (12:53 +0200)]
vhost: validate vhost_get_vq_desc return value
[ Upstream commit
a39ee449f96a2cd44ce056d8a0a112211a9b1a1f ]
vhost fails to validate negative error code
from vhost_get_vq_desc causing
a crash: we are using -EFAULT which is 0xfffffff2
as vector size, which exceeds the allocated size.
The code in question was introduced in commit
8dd014adfea6f173c1ef6378f7e5e7924866c923
vhost-net: mergeable buffers support
CVE-2014-0055
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Michael S. Tsirkin [Thu, 27 Mar 2014 10:00:26 +0000 (12:00 +0200)]
vhost: fix total length when packets are too short
[ Upstream commit
d8316f3991d207fe32881a9ac20241be8fa2bad0 ]
When mergeable buffers are disabled, and the
incoming packet is too large for the rx buffer,
get_rx_bufs returns success.
This was intentional in order for make recvmsg
truncate the packet and then handle_rx would
detect err != sock_len and drop it.
Unfortunately we pass the original sock_len to
recvmsg - which means we use parts of iov not fully
validated.
Fix this up by detecting this overrun and doing packet drop
immediately.
CVE-2014-0077
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Vlad Yasevich [Wed, 26 Mar 2014 15:47:56 +0000 (11:47 -0400)]
vlan: Set hard_header_len according to available acceleration
[ Upstream commit
fc0d48b8fb449ca007b2057328abf736cb516168 ]
Currently, if the card supports CTAG acceleration we do not
account for the vlan header even if we are configuring an
8021AD vlan. This may not be best since we'll do software
tagging for 8021AD which will cause data copy on skb head expansion
Configure the length based on available hw offload capabilities and
vlan protocol.
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Oliver Neukum [Wed, 26 Mar 2014 13:32:51 +0000 (14:32 +0100)]
usbnet: include wait queue head in device structure
[ Upstream commit
14a0d635d18d0fb552dcc979d6d25106e6541f2e ]
This fixes a race which happens by freeing an object on the stack.
Quoting Julius:
> The issue is
> that it calls usbnet_terminate_urbs() before that, which temporarily
> installs a waitqueue in dev->wait in order to be able to wait on the
> tasklet to run and finish up some queues. The waiting itself looks
> okay, but the access to 'dev->wait' is totally unprotected and can
> race arbitrarily. I think in this case usbnet_bh() managed to succeed
> it's dev->wait check just before usbnet_terminate_urbs() sets it back
> to NULL. The latter then finishes and the waitqueue_t structure on its
> stack gets overwritten by other functions halfway through the
> wake_up() call in usbnet_bh().
The fix is to just not allocate the data structure on the stack.
As dev->wait is abused as a flag it also takes a runtime PM change
to fix this bug.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Grant Grundler <grundler@google.com>
Tested-by: Grant Grundler <grundler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Vlad Yasevich [Mon, 24 Mar 2014 21:52:12 +0000 (17:52 -0400)]
tg3: Do not include vlan acceleration features in vlan_features
[ Upstream commit
51dfe7b944998eaeb2b34d314f3a6b16a5fd621b ]
Including hardware acceleration features in vlan_features breaks
stacked vlans (Q-in-Q) by marking the bottom vlan interface as
capable of acceleration. This causes one of the tags to be lost
and the packets are sent with a sing vlan header.
CC: Nithin Nayak Sujir <nsujir@broadcom.com>
CC: Michael Chan <mchan@broadcom.com>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Pravin B Shelar [Mon, 24 Mar 2014 05:06:36 +0000 (22:06 -0700)]
ip_tunnel: Fix dst ref-count.
[ Upstream commit
fbd02dd405d0724a0f25897ed4a6813297c9b96f ]
Commit
10ddceb22ba (ip_tunnel:multicast process cause panic due
to skb->_skb_refdst NULL pointer) removed dst-drop call from
ip-tunnel-recv.
Following commit reintroduce dst-drop and fix the original bug by
checking loopback packet before releasing dst.
Original bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681
CC: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Erik Hugne [Mon, 24 Mar 2014 15:56:38 +0000 (16:56 +0100)]
tipc: fix spinlock recursion bug for failed subscriptions
[ Upstream commit
a5d0e7c037119484a7006b883618bfa87996cb41 ]
If a topology event subscription fails for any reason, such as out
of memory, max number reached or because we received an invalid
request the correct behavior is to terminate the subscribers
connection to the topology server. This is currently broken and
produces the following oops:
[27.953662] tipc: Subscription rejected, illegal request
[27.955329] BUG: spinlock recursion on CPU#1, kworker/u4:0/6
[27.957066] lock: 0xffff88003c67f408, .magic:
dead4ead, .owner: kworker/u4:0/6, .owner_cpu: 1
[27.958054] CPU: 1 PID: 6 Comm: kworker/u4:0 Not tainted 3.14.0-rc6+ #5
[27.960230] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[27.960874] Workqueue: tipc_rcv tipc_recv_work [tipc]
[27.961430]
ffff88003c67f408 ffff88003de27c18 ffffffff815c0207 ffff88003de1c050
[27.962292]
ffff88003de27c38 ffffffff815beec5 ffff88003c67f408 ffffffff817f0a8a
[27.963152]
ffff88003de27c58 ffffffff815beeeb ffff88003c67f408 ffffffffa0013520
[27.964023] Call Trace:
[27.964292] [<
ffffffff815c0207>] dump_stack+0x45/0x56
[27.964874] [<
ffffffff815beec5>] spin_dump+0x8c/0x91
[27.965420] [<
ffffffff815beeeb>] spin_bug+0x21/0x26
[27.965995] [<
ffffffff81083df6>] do_raw_spin_lock+0x116/0x140
[27.966631] [<
ffffffff815c6215>] _raw_spin_lock_bh+0x15/0x20
[27.967256] [<
ffffffffa0008540>] subscr_conn_shutdown_event+0x20/0xa0 [tipc]
[27.968051] [<
ffffffffa000fde4>] tipc_close_conn+0xa4/0xb0 [tipc]
[27.968722] [<
ffffffffa00101ba>] tipc_conn_terminate+0x1a/0x30 [tipc]
[27.969436] [<
ffffffffa00089a2>] subscr_conn_msg_event+0x1f2/0x2f0 [tipc]
[27.970209] [<
ffffffffa0010000>] tipc_receive_from_sock+0x90/0xf0 [tipc]
[27.970972] [<
ffffffffa000fa79>] tipc_recv_work+0x29/0x50 [tipc]
[27.971633] [<
ffffffff8105dbf5>] process_one_work+0x165/0x3e0
[27.972267] [<
ffffffff8105e869>] worker_thread+0x119/0x3a0
[27.972896] [<
ffffffff8105e750>] ? manage_workers.isra.25+0x2a0/0x2a0
[27.973622] [<
ffffffff810648af>] kthread+0xdf/0x100
[27.974168] [<
ffffffff810647d0>] ? kthread_create_on_node+0x1a0/0x1a0
[27.974893] [<
ffffffff815ce13c>] ret_from_fork+0x7c/0xb0
[27.975466] [<
ffffffff810647d0>] ? kthread_create_on_node+0x1a0/0x1a0
The recursion occurs when subscr_terminate tries to grab the
subscriber lock, which is already taken by subscr_conn_msg_event.
We fix this by checking if the request to establish a new
subscription was successful, and if not we initiate termination of
the subscriber after we have released the subscriber lock.
Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Li RongQing [Fri, 21 Mar 2014 12:53:57 +0000 (20:53 +0800)]
netpoll: fix the skb check in pkt_is_ns
[ Not applicable upstream commit, the code here has been removed
upstream. ]
Neighbor Solicitation is ipv6 protocol, so we should check
skb->protocol with ETH_P_IPV6
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Cc: WANG Cong <amwang@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Nishanth Menon [Fri, 21 Mar 2014 06:52:48 +0000 (01:52 -0500)]
net: micrel : ks8851-ml: add vdd-supply support
[ Upstream commit
ebf4ad955d3e26d4d2a33709624fc7b5b9d3b969 ]
Few platforms use external regulator to keep the ethernet MAC supplied.
So, request and enable the regulator for driver functionality.
Fixes:
66fda75f47dc (regulator: core: Replace direct ops->disable usage)
Reported-by: Russell King <rmk+kernel@arm.linux.org.uk>
Suggested-by: Markus Pargmann <mpa@pengutronix.de>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Nicolas Dichtel [Wed, 19 Mar 2014 16:47:51 +0000 (17:47 +0100)]
ip6mr: fix mfc notification flags
[ Upstream commit
f518338b16038beeb73e155e60d0f70beb9379f4 ]
Commit
812e44dd1829 ("ip6mr: advertise new mfc entries via rtnl") reuses the
function ip6mr_fill_mroute() to notify mfc events.
But this function was used only for dump and thus was always setting the
flag NLM_F_MULTI, which is wrong in case of a single notification.
Libraries like libnl will wait forever for NLMSG_DONE.
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Nicolas Dichtel [Wed, 19 Mar 2014 16:47:50 +0000 (17:47 +0100)]
ipmr: fix mfc notification flags
[ Upstream commit
65886f439ab0fdc2dff20d1fa87afb98c6717472 ]
Commit
8cd3ac9f9b7b ("ipmr: advertise new mfc entries via rtnl") reuses the
function ipmr_fill_mroute() to notify mfc events.
But this function was used only for dump and thus was always setting the
flag NLM_F_MULTI, which is wrong in case of a single notification.
Libraries like libnl will wait forever for NLMSG_DONE.
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Nicolas Dichtel [Wed, 19 Mar 2014 16:47:49 +0000 (17:47 +0100)]
rtnetlink: fix fdb notification flags
[ Upstream commit
1c104a6bebf3c16b6248408b84f91d09ac8a26b6 ]
Commit
3ff661c38c84 ("net: rtnetlink notify events for FDB NTF_SELF adds and
deletes") reuses the function nlmsg_populate_fdb_fill() to notify fdb events.
But this function was used only for dump and thus was always setting the
flag NLM_F_MULTI, which is wrong in case of a single notification.
Libraries like libnl will wait forever for NLMSG_DONE.
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Eric Dumazet [Thu, 20 Mar 2014 04:02:21 +0000 (21:02 -0700)]
tcp: syncookies: do not use getnstimeofday()
[ Upstream commit
632623153196bf183a69686ed9c07eee98ff1bf8 ]
While it is true that getnstimeofday() uses about 40 cycles if TSC
is available, it can use 1600 cycles if hpet is the clocksource.
Switch to get_jiffies_64(), as this is more than enough, and
go back to 60 seconds periods.
Fixes:
8c27bd75f04f ("tcp: syncookies: reduce cookie lifetime to 128 seconds")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
David Stevens [Mon, 24 Mar 2014 14:39:58 +0000 (10:39 -0400)]
vxlan: fix nonfunctional neigh_reduce()
[ Upstream commit
4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa ]
The VXLAN neigh_reduce() code is completely non-functional since
check-in. Specific errors:
1) The original code drops all packets with a multicast destination address,
even though neighbor solicitations are sent to the solicited-node
address, a multicast address. The code after this check was never run.
2) The neighbor table lookup used the IPv6 header destination, which is the
solicited node address, rather than the target address from the
neighbor solicitation. So neighbor lookups would always fail if it
got this far. Also for L3MISSes.
3) The code calls ndisc_send_na(), which does a send on the tunnel device.
The context for neigh_reduce() is the transmit path, vxlan_xmit(),
where the host or a bridge-attached neighbor is trying to transmit
a neighbor solicitation. To respond to it, the tunnel endpoint needs
to do a *receive* of the appropriate neighbor advertisement. Doing a
send, would only try to send the advertisement, encapsulated, to the
remote destinations in the fdb -- hosts that definitely did not do the
corresponding solicitation.
4) The code uses the tunnel endpoint IPv6 forwarding flag to determine the
isrouter flag in the advertisement. This has nothing to do with whether
or not the target is a router, and generally won't be set since the
tunnel endpoint is bridging, not routing, traffic.
The patch below creates a proxy neighbor advertisement to respond to
neighbor solicitions as intended, providing proper IPv6 support for neighbor
reduction.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
David Stevens [Tue, 18 Mar 2014 16:32:29 +0000 (12:32 -0400)]
vxlan: fix potential NULL dereference in arp_reduce()
[ Upstream commit
7346135dcd3f9b57f30a5512094848c678d7143e ]
This patch fixes a NULL pointer dereference in the event of an
skb allocation failure in arp_reduce().
Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
Acked-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
lucien [Mon, 17 Mar 2014 04:51:01 +0000 (12:51 +0800)]
ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment properly
[ Upstream commit
e367c2d03dba4c9bcafad24688fadb79dd95b218 ]
In ip6_append_data_mtu(), when the xfrm mode is not tunnel(such as
transport),the ipsec header need to be added in the first fragment, so the mtu
will decrease to reserve space for it, then the second fragment come, the mtu
should be turn back, as the commit
0c1833797a5a6ec23ea9261d979aa18078720b74
said. however, in the commit
a493e60ac4bbe2e977e7129d6d8cbb0dd236be, it use
*mtu = min(*mtu, ...) to change the mtu, which lead to the new mtu is alway
equal with the first fragment's. and cannot turn back.
when I test through ping6 -c1 -s5000 $ip (mtu=1280):
...frag (0|1232) ESP(spi=0x00002000,seq=0xb), length 1232
...frag (1232|1216)
...frag (2448|1216)
...frag (3664|1216)
...frag (4880|164)
which should be:
...frag (0|1232) ESP(spi=0x00001000,seq=0x1), length 1232
...frag (1232|1232)
...frag (2464|1232)
...frag (3696|1232)
...frag (4928|116)
so delete the min() when change back the mtu.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Fixes:
75a493e60ac4bb ("ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size")
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
projects / sdk / emulator / emulator-kernel.git / log