Andy Lutomirski [Thu, 29 May 2014 03:09:58 +0000 (23:09 -0400)]
auditsc: audit_krule mask accesses need bounds checking
Fixes an easy DoS and possible information disclosure.
This does nothing about the broken state of x32 auditing.
eparis: If the admin has enabled auditd and has specifically loaded
audit rules. This bug has been around since before git. Wow...
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
a3c54931199565930d6d84f4c3456f6440aefd41
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Change-Id: Ic36da623453b4507d93be2c68f8be6945da2df6c
Maciej Wereski [Wed, 17 Jun 2015 08:29:43 +0000 (10:29 +0200)]
Tune config to meet systemd requirements
Change-Id: I65497741bf2fd7d77bf25fa2b4c744b0aa2ccaf1
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Casey Schaufler [Wed, 11 Feb 2015 20:52:32 +0000 (12:52 -0800)]
Smack: secmark connections
If the secmark is available us it on connection as
well as packet delivery.
Change-Id: I28a4c7b50829f2bcfd6ad784b652485550935855
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Fri, 23 Jan 2015 17:31:01 +0000 (09:31 -0800)]
Smack: Repair netfilter dependency
On 1/23/2015 8:20 AM, Jim Davis wrote:
> Building with the attached random configuration file,
>
> security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:
> security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no
> member named ‘secmark’
> skb->secmark = skp->smk_secid;
> ^
> make[2]: *** [security/smack/smack_netfilter.o] Error 1
The existing Makefile used the wrong configuration option to
determine if smack_netfilter should be built. This sets it right.
Change-Id: Iffa88f6fd53d030f2881231d488c238444565692
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Andrey Ryabinin [Tue, 13 Jan 2015 15:52:40 +0000 (18:52 +0300)]
smack: fix possible use after frees in task_security() callers
We hit use after free on dereferncing pointer to task_smack struct in
smk_of_task() called from smack_task_to_inode().
task_security() macro uses task_cred_xxx() to get pointer to the task_smack.
task_cred_xxx() could be used only for non-pointer members of task's
credentials. It cannot be used for pointer members since what they point
to may disapper after dropping RCU read lock.
Mainly task_security() used this way:
smk_of_task(task_security(p))
Intead of this introduce function smk_of_task_struct() which
takes task_struct as argument and returns pointer to smk_known struct
and do this under RCU read lock.
Bogus task_security() macro is not used anymore, so remove it.
KASan's report for this:
AddressSanitizer: use after free in smack_task_to_inode+0x50/0x70 at addr
c4635600
=============================================================================
BUG kmalloc-64 (Tainted: PO): kasan error
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Allocated in new_task_smack+0x44/0xd8 age=39 cpu=0 pid=1866
kmem_cache_alloc_trace+0x88/0x1bc
new_task_smack+0x44/0xd8
smack_cred_prepare+0x48/0x21c
security_prepare_creds+0x44/0x4c
prepare_creds+0xdc/0x110
smack_setprocattr+0x104/0x150
security_setprocattr+0x4c/0x54
proc_pid_attr_write+0x12c/0x194
vfs_write+0x1b0/0x370
SyS_write+0x5c/0x94
ret_fast_syscall+0x0/0x48
INFO: Freed in smack_cred_free+0xc4/0xd0 age=27 cpu=0 pid=1564
kfree+0x270/0x290
smack_cred_free+0xc4/0xd0
security_cred_free+0x34/0x3c
put_cred_rcu+0x58/0xcc
rcu_process_callbacks+0x738/0x998
__do_softirq+0x264/0x4cc
do_softirq+0x94/0xf4
irq_exit+0xbc/0x120
handle_IRQ+0x104/0x134
gic_handle_irq+0x70/0xac
__irq_svc+0x44/0x78
_raw_spin_unlock+0x18/0x48
sync_inodes_sb+0x17c/0x1d8
sync_filesystem+0xac/0xfc
vdfs_file_fsync+0x90/0xc0
vfs_fsync_range+0x74/0x7c
INFO: Slab 0xd3b23f50 objects=32 used=31 fp=0xc4635600 flags=0x4080
INFO: Object 0xc4635600 @offset=5632 fp=0x (null)
Bytes b4
c46355f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
Object
c4635600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object
c4635610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object
c4635620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object
c4635630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk.
Redzone
c4635640: bb bb bb bb ....
Padding
c46356e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
Padding
c46356f8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 5 PID: 834 Comm: launchpad_prelo Tainted: PBO 3.10.30 #1
Backtrace:
[<
c00233a4>] (dump_backtrace+0x0/0x158) from [<
c0023dec>] (show_stack+0x20/0x24)
r7:
c4634010 r6:
d3b23f50 r5:
c4635600 r4:
d1002140
[<
c0023dcc>] (show_stack+0x0/0x24) from [<
c06d6d7c>] (dump_stack+0x20/0x28)
[<
c06d6d5c>] (dump_stack+0x0/0x28) from [<
c01c1d50>] (print_trailer+0x124/0x144)
[<
c01c1c2c>] (print_trailer+0x0/0x144) from [<
c01c1e88>] (object_err+0x3c/0x44)
r7:
c4635600 r6:
d1002140 r5:
d3b23f50 r4:
c4635600
[<
c01c1e4c>] (object_err+0x0/0x44) from [<
c01cac18>] (kasan_report_error+0x2b8/0x538)
r6:
d1002140 r5:
d3b23f50 r4:
c6429cf8 r3:
c09e1aa7
[<
c01ca960>] (kasan_report_error+0x0/0x538) from [<
c01c9430>] (__asan_load4+0xd4/0xf8)
[<
c01c935c>] (__asan_load4+0x0/0xf8) from [<
c031e168>] (smack_task_to_inode+0x50/0x70)
r5:
c4635600 r4:
ca9da000
[<
c031e118>] (smack_task_to_inode+0x0/0x70) from [<
c031af64>] (security_task_to_inode+0x3c/0x44)
r5:
cca25e80 r4:
c0ba9780
[<
c031af28>] (security_task_to_inode+0x0/0x44) from [<
c023d614>] (pid_revalidate+0x124/0x178)
r6:
00000000 r5:
cca25e80 r4:
cbabe3c0 r3:
00008124
[<
c023d4f0>] (pid_revalidate+0x0/0x178) from [<
c01db98c>] (lookup_fast+0x35c/0x43y4)
r9:
c6429efc r8:
00000101 r7:
c079d940 r6:
c6429e90 r5:
c6429ed8 r4:
c83c4148
[<
c01db630>] (lookup_fast+0x0/0x434) from [<
c01deec8>] (do_last.isra.24+0x1c0/0x1108)
[<
c01ded08>] (do_last.isra.24+0x0/0x1108) from [<
c01dff04>] (path_openat.isra.25+0xf4/0x648)
[<
c01dfe10>] (path_openat.isra.25+0x0/0x648) from [<
c01e1458>] (do_filp_open+0x3c/0x88)
[<
c01e141c>] (do_filp_open+0x0/0x88) from [<
c01ccb28>] (do_sys_open+0xf0/0x198)
r7:
00000001 r6:
c0ea2180 r5:
0000000b r4:
00000000
[<
c01cca38>] (do_sys_open+0x0/0x198) from [<
c01ccc00>] (SyS_open+0x30/0x34)
[<
c01ccbd0>] (SyS_open+0x0/0x34) from [<
c001db80>] (ret_fast_syscall+0x0/0x48)
Read of size 4 by thread T834:
Memory state around the buggy address:
c4635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
c4635400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
c4635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
c4635500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
c4635580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>
c4635600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
c4635680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
c4635700: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
c4635780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
c4635800: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc
c4635880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Change-Id: I802504c9adfab5c2bc5053c54534bcdc9ae08b03
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: <stable@vger.kernel.org>
Rafal Krypa [Thu, 8 Jan 2015 17:52:45 +0000 (18:52 +0100)]
smack: Add missing logging in bidirectional UDS connect check
During UDS connection check, both sides are checked for write access to
the other side. But only the first check is performed with audit support.
The second one didn't produce any audit logs. This simple patch fixes that.
Change-Id: I33f417de07310c227ebb3fa1548c990e5521991b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Casey Schaufler [Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)]
Smack: secmark support for netfilter
Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.
As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.
The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.
All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>
Change-Id: Ibbc245581caae49706652a39510f665ced8accaf
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Sat, 13 Dec 2014 01:19:19 +0000 (17:19 -0800)]
Smack: Rework file hooks
This is one of those cases where you look at code you did
years ago and wonder what you might have been thinking.
There are a number of LSM hooks that work off of file pointers,
and most of them really want the security data from the inode.
Some, however, really want the security context that the process
had when the file was opened. The difference went undetected in
Smack until it started getting used in a real system with real
testing. At that point it was clear that something was amiss.
This patch corrects the misuse of the f_security value in several
of the hooks. The behavior will not usually be any different, as
the process had to be able to open the file in the first place, and
the old check almost always succeeded, as will the new, but for
different reasons.
Thanks to the Samsung Tizen development team that identified this.
Change-Id: I9b16be5337f00131b8b6b6936f79f27caa1cb8b0
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Zbigniew Jasinski [Mon, 29 Dec 2014 14:34:58 +0000 (15:34 +0100)]
smack: Fix a bidirectional UDS connect check typo
The
54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo subject's OUT label is checked with
object's OUT. Should be OUT to IN.
Change-Id: I57b910b14501407dd089c317c517e6b6b2c66858
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Łukasz Stelmach [Tue, 16 Dec 2014 15:53:08 +0000 (16:53 +0100)]
smack: introduce a special case for tmpfs in smack_d_instantiate()
Files created with __shmem_file_stup() appear to have somewhat fake
dentries which make them look like root directories and not get
the label the current process or ("*") star meant for tmpfs files.
Change-Id: I05c13597e8a26524a7b0c3a3686f64d4ff71deaf
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Lukasz Pawelczyk [Wed, 26 Nov 2014 14:31:07 +0000 (15:31 +0100)]
smack: fix logic in smack_inode_init_security function
In principle if this function was called with "value" == NULL and "len"
not NULL it could return different results for the "len" compared to a
case where "name" was not NULL. This is a hypothetical case that does
not exist in the kernel, but it's a logic bug nonetheless.
Change-Id: I081705e02c2944eeed1f5ec65891cd20751936b6
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Wed, 26 Nov 2014 14:31:06 +0000 (15:31 +0100)]
smack: miscellaneous small fixes in function comments
Change-Id: I78b48447467300c74296d313456a161cd21b2843
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Andrey Ryabinin [Sat, 8 Nov 2014 14:48:05 +0000 (17:48 +0300)]
security: smack: fix out-of-bounds access in smk_parse_smack()
Setting smack label on file (e.g. 'attr -S -s SMACK64 -V "test" test')
triggered following spew on the kernel with KASan applied:
==================================================================
BUG: AddressSanitizer: out of bounds access in strncpy+0x28/0x60 at addr
ffff8800059ad064
=============================================================================
BUG kmalloc-8 (Not tainted): kasan error
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Slab 0xffffea0000166b40 objects=128 used=7 fp=0xffff8800059ad080 flags=0x4000000000000080
INFO: Object 0xffff8800059ad060 @offset=96 fp=0xffff8800059ad080
Bytes b4
ffff8800059ad050: a0 df 9a 05 00 88 ff ff 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
Object
ffff8800059ad060: 74 65 73 74 6b 6b 6b a5 testkkk.
Redzone
ffff8800059ad068: cc cc cc cc cc cc cc cc ........
Padding
ffff8800059ad078: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 0 PID: 528 Comm: attr Tainted: G B 3.18.0-rc1-mm1+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
0000000000000000 ffff8800059ad064 ffffffff81534cf2 ffff880005a5bc40
ffffffff8112fe1a 0000000100800006 0000000f059ad060 ffff880006000f90
0000000000000296 ffffea0000166b40 ffffffff8107ca97 ffff880005891060
Call Trace:
? dump_stack (lib/dump_stack.c:52)
? kasan_report_error (mm/kasan/report.c:102 mm/kasan/report.c:178)
? preempt_count_sub (kernel/sched/core.c:2651)
? __asan_load1 (mm/kasan/kasan.h:50 mm/kasan/kasan.c:248 mm/kasan/kasan.c:358)
? strncpy (lib/string.c:121)
? strncpy (lib/string.c:121)
? smk_parse_smack (security/smack/smack_access.c:457)
? setxattr (fs/xattr.c:343)
? smk_import_entry (security/smack/smack_access.c:514)
? smack_inode_setxattr (security/smack/smack_lsm.c:1093 (discriminator 1))
? security_inode_setxattr (security/security.c:602)
? vfs_setxattr (fs/xattr.c:134)
? setxattr (fs/xattr.c:343)
? setxattr (fs/xattr.c:360)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __percpu_counter_add (arch/x86/include/asm/preempt.h:98 lib/percpu_counter.c:90)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __mnt_want_write (arch/x86/include/asm/preempt.h:98 fs/namespace.c:359)
? path_setxattr (fs/xattr.c:380)
? SyS_lsetxattr (fs/xattr.c:397)
? system_call_fastpath (arch/x86/kernel/entry_64.S:423)
Read of size 1 by task attr:
Memory state around the buggy address:
ffff8800059ace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
ffff8800059ad000: 00 fc fc fc 00 fc fc fc 05 fc fc fc 04 fc fc fc
^
ffff8800059ad080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
strncpy() copies one byte more than the source string has.
Fix this by passing the correct length to strncpy().
Now we can remove initialization of the last byte in 'smack' string
because kzalloc() already did this for us.
Change-Id: I63b8f1e24c8c2076173df9b28d7a869c4a8d38a4
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Rohit [Wed, 15 Oct 2014 12:10:41 +0000 (17:40 +0530)]
Security: smack: replace kzalloc with kmem_cache for inode_smack
The patch use kmem_cache to allocate/free inode_smack since they are
alloced in high volumes making it a perfect case for kmem_cache.
As per analysis, 24 bytes of memory is wasted per allocation due
to internal fragmentation. With kmem_cache, this can be avoided.
Accounting of memory allocation is below :
total slack net count-alloc/free caller
Before (with kzalloc)
1919872 719952 1919872 29998/0 new_inode_smack+0x14
After (with kmem_cache)
1201680 0 1201680 30042/0 new_inode_smack+0x18
>From above data, we found that 719952 bytes(~700 KB) of memory is
saved on allocation of 29998 smack inodes.
Change-Id: I1737bc9056d24afd38b1b4d712ff39dbc8fcd0d8
Signed-off-by: Rohit <rohit.kr@samsung.com>
Casey Schaufler [Thu, 9 Oct 2014 23:18:55 +0000 (16:18 -0700)]
Smack: Lock mode for the floor and hat labels
The lock access mode allows setting a read lock on a file
for with the process has only read access. The floor label is
defined to make it easy to have the basic system installed such
that everyone can read it. Once there's a desire to read lock
(rationally or otherwise) a floor file a rule needs to get set.
This happens all the time, so make the floor label a little bit
more special and allow everyone lock access, too. By implication,
give processes with the hat label (hat can read everything)
lock access as well. This reduces clutter in the Smack rule set.
Change-Id: I522f453d37463709947af77fe541fbe2d5b27421
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:55 +0000 (17:02 +0200)]
Make Smack operate on smack_known struct where it still used char*
Smack used to use a mix of smack_known struct and char* throughout its
APIs and implementation. This patch unifies the behaviour and makes it
store and operate exclusively on smack_known struct pointers when managing
labels.
Change-Id: Ib132bfc3294100edd5753917a71a41ac4097f335
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:54 +0000 (17:02 +0200)]
Fix a bidirectional UDS connect check typo
The
54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo the second check was incorrect.
Change-Id: I9c9337c9b31bc6247ba4f86017f6112f38cdf9db
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:53 +0000 (17:02 +0200)]
Small fixes in comments describing function parameters
Change-Id: I00ba993eb0f09b0ba7660c4c13f71cf6a5590298
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Rafal Krypa [Thu, 23 Oct 2014 16:09:42 +0000 (18:09 +0200)]
Smack: Bring-up access mode
People keep asking me for permissive mode, and I keep saying "no".
Permissive mode is wrong for more reasons than I can enumerate,
but the compelling one is that it's once on, never off.
Nonetheless, there is an argument to be made for running a
process with lots of permissions, logging which are required,
and then locking the process down. There wasn't a way to do
that with Smack, but this provides it.
The notion is that you start out by giving the process an
appropriate Smack label, such as "ATBirds". You create rules
with a wide range of access and the "b" mode. On Tizen it
might be:
ATBirds System rwxalb
ATBirds User rwxalb
ATBirds _ rwxalb
User ATBirds wb
System ATBirds wb
Accesses that fail will generate audit records. Accesses
that succeed because of rules marked with a "b" generate
log messages identifying the rule, the program and as much
object information as is convenient.
When the system is properly configured and the programs
brought in line with the labeling scheme the "b" mode can
be removed from the rules. When the system is ready for
production the facility can be configured out.
This provides the developer the convenience of permissive
mode without creating a system that looks like it is
enforcing a policy while it is not.
Change-Id: I7288e51166d4ed3df9c829a43fd1ba86a54ea224
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:49 +0000 (20:52 +0400)]
Smack: remove unneeded NULL-termination from securtity label
Values of extended attributes are stored as binary blobs. NULL-termination
of them isn't required. It just wastes disk space and confuses command-line
tools like getfattr because they have to print that zero byte at the end.
This patch removes terminating zero byte from initial security label in
smack_inode_init_security and cuts it out in function smack_inode_getsecurity
which is used by syscall getxattr. This change seems completely safe, because
function smk_parse_smack ignores everything after first zero byte.
Change-Id: Ia84dd11ac7fdec1b570da2659d5e86896344540a
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:43 +0000 (20:52 +0400)]
Smack: handle zero-length security labels without panic
Zero-length security labels are invalid but kernel should handle them.
This patch fixes kernel panic after setting zero-length security labels:
And after writing zero-length string into smackfs files syslog and onlycp:
The problem is caused by brain-damaged logic in function smk_parse_smack()
which takes pointer to buffer and its length but if length below or equal zero
it thinks that the buffer is zero-terminated. Unfortunately callers of this
function are widely used and proper fix requires serious refactoring.
Change-Id: Icf462c7ac2464d86093fa42a0ed012281b952571
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:33 +0000 (20:52 +0400)]
Smack: fix behavior of smack_inode_listsecurity
Security operation ->inode_listsecurity is used for generating list of
available extended attributes for syscall listxattr. Currently it's used
only in nfs4 or if filesystem doesn't provide i_op->listxattr.
The list is the set of NULL-terminated names, one after the other.
This method must include zero byte at the and into result.
Also this function must return length even if string does not fit into
output buffer or it is NULL, see similar method in selinux and man listxattr.
Change-Id: Ib6d53bb93a1487ce9cb47a63376a5e17976ea384
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
jinhyung.jo [Mon, 10 Nov 2014 03:55:41 +0000 (12:55 +0900)]
package: version up(2.0.6)
Change-Id: I7cfdce16be70f0b3d0fdb49ddf03d0f8be44d1a8
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Mon, 23 Jun 2014 07:34:18 +0000 (16:34 +0900)]
v4l2-core: Modified error code
The gst-plugins-good0.10 does not handle this error code(ENODATA).
Thus, using the error code(ENOTTY), it can handle.
Temporary patch, until gst-plugins-good is updated.
Change-Id: I95d6f01c1051e0f98f7ae1bbc1d386a04817bf65
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Alice Liu [Fri, 7 Nov 2014 06:14:14 +0000 (14:14 +0800)]
build: package version up (2.0.5)
Change-Id: I76a8d2c8eb6fcdeb0c7cd7f13c6188f4ae1a9aeb
Signed-off-by: Alice Liu <alice.liu@intel.com>
SeokYeon Hwang [Wed, 29 Oct 2014 11:47:47 +0000 (04:47 -0700)]
Merge "Revert "uname: Add Emulator specific name"" into tizen
SeokYeon Hwang [Wed, 29 Oct 2014 04:56:55 +0000 (13:56 +0900)]
config: enable CONFIG_FHANDLE
Enable CONFIG_FHANDLE for systemd >= 209.
Change-Id: I4f17ab5b6dc0d203812aad11d1dbf4e8bf50fb98
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
SeokYeon Hwang [Wed, 29 Oct 2014 04:49:17 +0000 (13:49 +0900)]
remove IVI specific config file
remove IVI specific config file and build script. It is not necessary anymore.
Change-Id: Ie477812d7b703a0fd7a0474c1b8f3a090f65793d
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Maciej Wereski [Fri, 24 Oct 2014 09:21:16 +0000 (11:21 +0200)]
Revert "uname: Add Emulator specific name"
This commit breaks userspace. systemd > 210 is unable to start, it also
causes problems with RPM.
Bug-Tizen: TC-1908
This reverts commit
3cbb49dcb48458572169d94bf7ec6015ed748f1b.
Change-Id: I46eba1846884f42503874921815eb5fac470fbce
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Jinhyung Choi [Wed, 15 Oct 2014 09:57:10 +0000 (18:57 +0900)]
sensor: added pressure, ultraviolet, and hrm sensor
- modified and converted the value (sync with sensor fw)
Change-Id: I087418ae5c756042489d558d32b92baef6492e6a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Chanho Park [Fri, 12 Sep 2014 02:03:01 +0000 (11:03 +0900)]
perf tools: define _DEFAULT_SOURCE for glibc_2.20
_BSD_SOURCE was deprecated in favour of _DEFAULT_SOURCE since glibc
2.20[1]. To avoid build warning on glibc2.20, _DEFAULT_SOURCE should
also be defined.
[1]: https://sourceware.org/glibc/wiki/Release/2.20
Change-Id: If79141944eab78f0fa6a747a4cf1c9109d59485e
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Philippe Coval [Tue, 30 Sep 2014 13:34:42 +0000 (15:34 +0200)]
packaging: makes repo / tarball name matching and other config fixes
Change-Id: I99ec485c8cf4cb7c3f8f460a730dc3f8d42d9559
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
Philippe Coval [Fri, 5 Sep 2014 09:09:23 +0000 (11:09 +0200)]
packaging: workaround missing v3.12.18 tag from upstream git
The right way to fix it maintainer side is :
git remote add upstream https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable
git fetch --tags
git push --tags origin
Change-Id: I0443946e85fc43d474afe4f8f48c87f571becacb
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
SeokYeon Hwang [Mon, 15 Sep 2014 04:50:59 +0000 (21:50 -0700)]
Merge "VIGS: Remove rotation definitions" into tizen
Vasiliy Ulyanov [Thu, 11 Sep 2014 13:17:35 +0000 (17:17 +0400)]
VIGS: Remove rotation definitions
Change-Id: I1f2b1044eef71954fe678cf037837e3d9d615f8e
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
Philippe Coval [Fri, 5 Sep 2014 09:55:44 +0000 (11:55 +0200)]
packaging: build only for emulator supported target
At the moment only ia32 emulator is supported.
It may be expanded to other targets later if supported
Change-Id: If75035c02606b5ea1cf71eeea1c3c8de7084cb90
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
Sangho Park [Fri, 5 Sep 2014 00:50:39 +0000 (17:50 -0700)]
Merge "package: Prevent marking "+" at kernel version." into tizen
Sangho Park [Thu, 4 Sep 2014 12:29:28 +0000 (05:29 -0700)]
Merge "Smack: Fix setting label on successful file open" into tizen
Sangho Park [Thu, 4 Sep 2014 12:27:52 +0000 (05:27 -0700)]
Merge "packaging: Initial packaging on 3.12.18 for Tizen" into tizen
SeokYeon Hwang [Thu, 4 Sep 2014 02:08:40 +0000 (11:08 +0900)]
package: Prevent marking "+" at kernel version.
Prevent marking "+" at kernel version.
Version up 2.0.4.
Change-Id: I21f1d0da59007e343533b43ea48fbefc689ad540
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Philippe Coval [Fri, 29 Aug 2014 16:46:21 +0000 (18:46 +0200)]
packaging: Initial packaging on 3.12.18 for Tizen
kernel-emulator.spec file is based on current version of kernel-common
.gbs.conf uses tags from upstream
Change-Id: I7cf72591d5acfb68b9a7127b577dbad5c02f3813
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
jinhyung.jo [Thu, 28 Aug 2014 01:13:25 +0000 (10:13 +0900)]
package: version up
up to 2.0.3
Change-Id: I856f8c95254491106ed40cc0a2969ce67f7b9fb4
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:31 +0000 (04:34 -0700)]
Merge changes Ic127028b,I00f81cd8 into tizen
* changes:
VIGS: Implement plane flip/rotate
VIGS: fix DPMS deadlock
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:08 +0000 (04:34 -0700)]
Merge changes If3e687d6,Ic16f1bd8 into tizen
* changes:
VIGS: Support YUV420 planar format
VIGS: Support DP memory and planar pixel formats
Marcin Niesluchowski [Tue, 19 Aug 2014 12:26:32 +0000 (14:26 +0200)]
Smack: Fix setting label on successful file open
While opening with CAP_MAC_OVERRIDE file label is not set.
Other calls may access it after CAP_MAC_OVERRIDE is dropped from process.
Change-Id: I1d9cdeb325c397dfb0b97e60eb7b2842c1819d99
Signed-off-by: Marcin Niesluchowski <m.niesluchow@samsung.com>
Stanislav Vorobiov [Fri, 22 Aug 2014 06:53:21 +0000 (10:53 +0400)]
VIGS: Implement plane flip/rotate
Planes can now be horizontally/vertically flipped
and rotated by 90, 180 or 270 degrees
Change-Id: Ic127028b25fcb4f83ef4edb488c49c2da71cf8ec
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Fri, 4 Jul 2014 13:31:29 +0000 (17:31 +0400)]
VIGS: Support YUV420 planar format
Change-Id: If3e687d6e8a53fe0ab551475c90851b4e60ebf79
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Tue, 5 Aug 2014 10:16:32 +0000 (14:16 +0400)]
VIGS: fix DPMS deadlock
fb call chain callback might issue FB_BLANK event
itself, this leads to DPMS call in DRM. If fb call
chain walk is initiated from DPMS then this leads to
deadlock
Change-Id: I00f81cd8f81ea783f740f11767f65e4c01097989
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Stanislav Vorobiov [Wed, 11 Jun 2014 15:25:52 +0000 (19:25 +0400)]
VIGS: Support DP memory and planar pixel formats
DP memory is used by some of the tizen
gstreamer plugins, TBM and X.Org video driver.
Its main purpose is to share GEM buffers between
media decoding and presentation layers
Planar pixel formats such as NV21 need to be
supported in order to be able to play video right
from decoder's output buffer, i.e. without
converting it to RGB
Change-Id: Ic16f1bd8b53e73b8ca0d3a5a3a52442f3c04770c
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
SeokYeon Hwang [Wed, 13 Aug 2014 04:31:07 +0000 (13:31 +0900)]
brillcodec: add new command for reducing I/O
Add command CODEC_DECODE_VIDEO2.
Clean-up source.
Change-Id: I37f8a6b3c08021e3db4a4f020b663c3f89ad8edf
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Munkyu Im [Fri, 11 Jul 2014 11:57:26 +0000 (20:57 +0900)]
package: version up
Change-Id: Iffa790f15e45521b19a77f1a45d1562fd2e1dff8
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Munkyu Im [Fri, 11 Jul 2014 11:56:55 +0000 (20:56 +0900)]
uname: Add Emulator specific name
To distinguish between real device and emulator,
add "_emulated" postfix into machine hardware name.
Change-Id: I0a801a127d0fb62314d6d30cac03febfd6d49801
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Jinhyung Choi [Mon, 7 Jul 2014 04:58:00 +0000 (13:58 +0900)]
sensor: added rotation vector sensor driver
also added error handling of sensor init when one of sensors' init is failed.
Change-Id: I1fcaa4c454da8270c07c035789ace91225f2993b
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 4 Jul 2014 07:31:47 +0000 (16:31 +0900)]
debug: changed the way to print debug message
To enable debug message,
use 'echo 1 > /sys/module/maru_virtio_sensor/parameters/sensor_driver_debug'
Change-Id: I6c4b783b83563ea89c28161bed67af6e8dccb8c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
SeokYeon Hwang [Tue, 24 Jun 2014 04:46:07 +0000 (21:46 -0700)]
Merge "build: package version up (2.0.1)" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:44:46 +0000 (21:44 -0700)]
Merge "sensors: device name changed to maru_sensor_[sensor_name]_1" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:43:54 +0000 (21:43 -0700)]
Merge "sensor: haptic device is added." into tizen
SeokYeon Hwang [Mon, 23 Jun 2014 06:29:11 +0000 (23:29 -0700)]
Merge changes I6ad55d04,I63d57bc6,I42bb66ba,I73e29d98,Iaf0039c2,Ie71e8684,I5459ff41,I43d82d48,I8ed75cea,Ib922cfec,I318b7d92,Ie9d53eca,Ibe366a4b,I473b1f61 into tizen
* changes:
Warning in scanf string typing
Smack: Verify read access on file open - v3
Smack: bidirectional UDS connect check
Smack: Correctly remove SMACK64TRANSMUTE attribute
SMACK: Fix handling value==NULL in post setxattr
bugfix patch for SMACK
Smack: adds smackfs/ptrace interface
Smack: unify all ptrace accesses in the smack
Smack: fix the subject/object order in smack_ptrace_traceme()
Minor improvement of 'smack_sb_kern_mount'
smack: call WARN_ONCE() instead of calling audit_log_start()
Smack: File receive audit correction
Smack: Rationalize mount restrictions
Smack: change rule cap check
SeokYeon Hwang [Mon, 23 Jun 2014 06:26:07 +0000 (23:26 -0700)]
Merge "Smack: Prevent the * and @ labels from being used in SMACK64EXEC" into tizen
Toralf Förster [Sun, 27 Apr 2014 17:33:34 +0000 (19:33 +0200)]
Warning in scanf string typing
This fixes a warning about the mismatch of types between
the declared unsigned and integer.
Change-Id: I6ad55d04b096092ae557ff0abf4e6bd87faab806
Signed-off-by: Toralf Förster <toralf.foerster@gmx.de>
Casey Schaufler [Mon, 21 Apr 2014 18:10:26 +0000 (11:10 -0700)]
Smack: Verify read access on file open - v3
Smack believes that many of the operatons that can
be performed on an open file descriptor are read operations.
The fstat and lseek system calls are examples.
An implication of this is that files shouldn't be open
if the task doesn't have read access even if it has
write access and the file is being opened write only.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I63d57bc62cd08fa4e1f128b544e7ed7316456e4c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:37:08 +0000 (16:37 -0700)]
Smack: bidirectional UDS connect check
Smack IPC policy requires that the sender have write access
to the receiver. UDS streams don't do per-packet checks. The
only check is done at connect time. The existing code checks
if the connecting process can write to the other, but not the
other way around. This change adds a check that the other end
can write to the connecting process.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I42bb66ba2f73c8e604bee85002fc9e419337732c
Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 10 Apr 2014 23:35:36 +0000 (16:35 -0700)]
Smack: Correctly remove SMACK64TRANSMUTE attribute
Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I73e29d988fd5ca7502aeab01e340189420a95c75
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
José Bollo [Thu, 3 Apr 2014 11:48:41 +0000 (13:48 +0200)]
SMACK: Fix handling value==NULL in post setxattr
The function `smack_inode_post_setxattr` is called each
time that a setxattr is done, for any value of name.
The kernel allow to put value==NULL when size==0
to set an empty attribute value. The systematic
call to smk_import_entry was causing the dereference
of a NULL pointer hence a KERNEL PANIC!
The problem can be produced easily by issuing the
command `setfattr -n user.data file` under bash prompt
when SMACK is active.
Moving the call to smk_import_entry as proposed by this
patch is correcting the behaviour because the function
smack_inode_post_setxattr is called for the SMACK's
attributes only if the function smack_inode_setxattr validated
the value and its size (what will not be the case when size==0).
It also has a benefical effect to not fill the smack hash
with garbage values coming from any extended attribute
write.
Change-Id: Iaf0039c2be9bccb6cee11c24a3b44d209101fe47
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Pankaj Kumar [Fri, 13 Dec 2013 09:42:22 +0000 (15:12 +0530)]
bugfix patch for SMACK
1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But user without having this
capability is able to remove SMACK64MMAP security attribute.
2. While validating size and value of smack extended attribute in
smack_inode_setsecurity hook, wrong error code is returned.
Change-Id: Ie71e86840f47b6810aaf4ff9a577cdea8274925b
Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:06 +0000 (17:07 +0100)]
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.
Change-Id: I5459ff414e96dde0430ed8febd92c361c9dc1d81
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:05 +0000 (17:07 +0100)]
Smack: unify all ptrace accesses in the smack
The decision whether we can trace a process is made in the following
functions:
smack_ptrace_traceme()
smack_ptrace_access_check()
smack_bprm_set_creds() (in case the proces is traced)
This patch unifies all those decisions by introducing one function that
checks whether ptrace is allowed: smk_ptrace_rule_check().
This makes possible to actually trace with TRACEME where first the
TRACEME itself must be allowed and then exec() on a traced process.
Additional bugs fixed:
- The decision is made according to the mode parameter that is now correctly
translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1.
PTRACE_MODE_READ requires MAY_READ.
PTRACE_MODE_ATTACH requires MAY_READWRITE.
- Add a smack audit log in case of exec() refused by bprm_set_creds().
- Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info
in case this flag is set.
Change-Id: I43d82d480f331e8ef90da7c287b1e414d55ff394
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:04 +0000 (17:07 +0100)]
Smack: fix the subject/object order in smack_ptrace_traceme()
The order of subject/object is currently reversed in
smack_ptrace_traceme(). It is currently checked if the tracee has a
capability to trace tracer and according to this rule a decision is made
whether the tracer will be allowed to trace tracee.
Change-Id: I8ed75ceabe822c70cf9bdccda004139c4c817248
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
José Bollo [Wed, 8 Jan 2014 14:53:05 +0000 (15:53 +0100)]
Minor improvement of 'smack_sb_kern_mount'
Fix a possible memory access fault when transmute is true and isp is NULL.
Change-Id: Ib922cfec405067ec5592880c4ae447969ba96633
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Richard Guy Briggs [Thu, 21 Nov 2013 18:57:33 +0000 (13:57 -0500)]
smack: call WARN_ONCE() instead of calling audit_log_start()
Remove the call to audit_log() (which call audit_log_start()) and deal with
the errors in the caller, logging only once if the condition is met. Calling
audit_log_start() in this location makes buffer allocation and locking more
complicated in the calling tree (audit_filter_user()).
Change-Id: I318b7d926a10e9d63dfe170450345799788c6f12
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Casey Schaufler [Tue, 31 Dec 2013 01:37:45 +0000 (17:37 -0800)]
Smack: File receive audit correction
Eric Paris politely points out:
Inside smack_file_receive() it seems like you are initting the audit
field with LSM_AUDIT_DATA_TASK. And then use
smk_ad_setfield_u_fs_path().
Seems like LSM_AUDIT_DATA_PATH would make more sense. (and depending
on how it's used fix a crash...)
He is correct. This puts things in order.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ie9d53ecac34d6332658c74739596ae7056574bad
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Mon, 30 Dec 2013 17:38:00 +0000 (09:38 -0800)]
Smack: Rationalize mount restrictions
The mount restrictions imposed by Smack rely heavily on the
use of the filesystem "floor", which is the label that all
processes writing to the filesystem must have access to. It
turns out that while the "floor" notion is sound, it has yet
to be fully implemented and has never been used.
The sb_mount and sb_umount hooks only make sense if the
filesystem floor is used actively, and it isn't. They can
be reintroduced if a rational restriction comes up. Until
then, they get removed.
The sb_kern_mount hook is required for the option processing.
It is too permissive in the case of unprivileged mounts,
effectively bypassing the CAP_MAC_ADMIN restrictions if
any of the smack options are specified. Unprivileged mounts
are no longer allowed to set Smack filesystem options.
Additionally, the root and default values are set to the
label of the caller, in keeping with the policy that objects
get the label of their creator.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ibe366a4b0d1827d271de8700446e3fa8d7e0b8df
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Thu, 19 Dec 2013 21:23:26 +0000 (13:23 -0800)]
Smack: change rule cap check
smk_write_change_rule() is calling capable rather than
the more correct smack_privileged(). This allows for setting
rules in violation of the onlycap facility. This is the
simple repair.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I473b1f610e0bc8f349babfac440b77e26fb1f073
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 17 Dec 2013 00:27:26 +0000 (16:27 -0800)]
Smack: Prevent the * and @ labels from being used in SMACK64EXEC
Smack prohibits processes from using the star ("*") and web ("@") labels
because we don't want files with those labels getting created implicitly.
All setting of those labels should be done explicitly. The trouble is that
there is no check for these labels in the processing of SMACK64EXEC. That
is repaired.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ie95848da70efd6f5a5b7081a4bf943891396e748
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Jinhyung Choi [Fri, 20 Jun 2014 05:25:31 +0000 (14:25 +0900)]
build: package version up (2.0.1)
Change-Id: I9ea7ba4297541cf1d9e59afc4a8c31e8a2e1cbfe
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 20 Jun 2014 03:37:28 +0000 (12:37 +0900)]
sensors: device name changed to maru_sensor_[sensor_name]_1
Change-Id: I845d1bb1ae551ad1cea8640e372acbdbe5b4919c
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Wed, 18 Jun 2014 08:05:19 +0000 (17:05 +0900)]
sensor: haptic device is added.
Change-Id: Ib91965250546c302afab31969a8ff3ccc3fab4c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:37:27 +0000 (10:37 +0900)]
sensors: created virtual device for accel, gyro, geo, light, and proxi
Change-Id: I554643e382212dcb06ef82e8b7cc00424b321e42
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:36:24 +0000 (10:36 +0900)]
evdi: added guest emuld connection message to qemu
Change-Id: I045e87cca57859c72e15a806463fe9726b42f72a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 16 Jun 2014 01:34:47 +0000 (10:34 +0900)]
jacks & power: changed max buf size to 512
Change-Id: I02fd40b37f6d295e546122e8f18ca1c1ddb7d5fc
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Sooyoung Ha [Mon, 16 Jun 2014 11:19:51 +0000 (20:19 +0900)]
vmodem: make a vmodem device driver using virtio.
Change-Id: I792569d5718e72ff25410b13fc3b03c3631b3bff
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
jinhyung.jo [Wed, 11 Jun 2014 06:14:24 +0000 (15:14 +0900)]
maru-overlay: remove device
Since VIGS supports the planes,
the maru overlay is unnecessary
Change-Id: I0bfd0120eb64684d144b0c82bf845c56af668048
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
SeokYeon Hwang [Tue, 10 Jun 2014 05:19:05 +0000 (14:19 +0900)]
package: major version up to 2.0.0
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Stanislav Vorobiov [Wed, 4 Jun 2014 07:33:19 +0000 (11:33 +0400)]
config: disable seccomp
seccomp is currently causing problems with
xwalk/chromium, GPU process is crashing because
it accesses files/devices not whitelisted in sandbox.
Currently both Tizen IVI device kernel and Tizen Mobile
kernel have this disabled in their configs, so we
should do this too
Change-Id: Ie50e1c4b00fea42f20b7749ab7ad496a715ab846
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Munkyu Im [Tue, 13 May 2014 10:08:56 +0000 (19:08 +0900)]
nfc: Support old protocol
Change nfc packet size
Change-Id: I0af5d7699434f2ac94e28dfb26eb3fb673f9b00a
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Kitae Kim [Tue, 13 May 2014 06:14:16 +0000 (15:14 +0900)]
package: version up
1.4.36
Change-Id: I84892ed263ef33cf95132c770e17a470bc3a38bf
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
SeokYeon Hwang [Tue, 13 May 2014 02:35:05 +0000 (11:35 +0900)]
Merge branch 'tizen_linux_3.12' into tizen_linux_3.12
Change-Id: I13bba253a3677ca51a9d15c0f3e31f57aba70270
Kitae Kim [Fri, 9 May 2014 08:56:58 +0000 (17:56 +0900)]
package: add dibs build script
Change-Id: If1a0bcd4c1a91e6a74415e04f2505509eceed565
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
SeokYeon Hwang [Wed, 7 May 2014 06:36:57 +0000 (15:36 +0900)]
Merge branch 'linux-3.12.y' into tizen_linux_3.12
Jiri Slaby [Fri, 18 Apr 2014 09:14:28 +0000 (11:14 +0200)]
Linux 3.12.18
Ard Biesheuvel [Thu, 27 Mar 2014 17:14:40 +0000 (18:14 +0100)]
crypto: ghash-clmulni-intel - use C implementation for setkey()
commit
8ceee72808d1ae3fb191284afc2257a2be964725 upstream.
The GHASH setkey() function uses SSE registers but fails to call
kernel_fpu_begin()/kernel_fpu_end(). Instead of adding these calls, and
then having to deal with the restriction that they cannot be called from
interrupt context, move the setkey() implementation to the C domain.
Note that setkey() does not use any particular SSE features and is not
expected to become a performance bottleneck.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Fixes:
0e1227d356e9b (crypto: ghash - Add PCLMULQDQ accelerated implementation)
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Vineet Gupta [Sat, 5 Apr 2014 10:00:22 +0000 (15:30 +0530)]
ARC: [nsimosci] Unbork console
commit
61fb4bfc010b0d2940f7fd87acbce6a0f03217cb upstream.
Despite the switch to right UART driver (prev patch), serial console
still doesn't work due to missing CONFIG_SERIAL_OF_PLATFORM
Also fix the default cmdline in DT to not refer to out-of-tree
ARC framebuffer driver for console.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Mischa Jonker [Thu, 16 May 2013 17:36:08 +0000 (19:36 +0200)]
ARC: [nsimosci] Change .dts to use generic 8250 UART
commit
6eda477b3c54b8236868c8784e5e042ff14244f0 upstream.
The Synopsys APB DW UART has a couple of special features that are not
in the System C model. In 3.8, the 8250_dw driver didn't really use these
features, but from 3.9 onwards, the 8250_dw driver has become incompatible
with our model.
Signed-off-by: Mischa Jonker <mjonker@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Sasha Levin [Sun, 30 Mar 2014 00:39:35 +0000 (20:39 -0400)]
rds: prevent dereference of a NULL device in rds_iw_laddr_check
[ Upstream commit
bf39b4247b8799935ea91d90db250ab608a58e50 ]
Binding might result in a NULL device which is later dereferenced
without checking.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Dan Carpenter [Tue, 8 Apr 2014 09:23:09 +0000 (12:23 +0300)]
isdnloop: several buffer overflows
[ Upstream commit
7563487cbf865284dcd35e9ef5a95380da046737 ]
There are three buffer overflows addressed in this patch.
1) In isdnloop_fake_err() we add an 'E' to a 60 character string and
then copy it into a 60 character buffer. I have made the destination
buffer 64 characters and I'm changed the sprintf() to a snprintf().
2) In isdnloop_parse_cmd(), p points to a 6 characters into a 60
character buffer so we have 54 characters. The ->eazlist[] is 11
characters long. I have modified the code to return if the source
buffer is too long.
3) In isdnloop_command() the cbuf[] array was 60 characters long but the
max length of the string then can be up to 79 characters. I made the
cbuf array 80 characters long and changed the sprintf() to snprintf().
I also removed the temporary "dial" buffer and changed it to use "p"
directly.
Unfortunately, we pass the "cbuf" string from isdnloop_command() to
isdnloop_writecmd() which truncates anything over 60 characters to make
it fit in card->omsg[]. (It can accept values up to 255 characters so
long as there is a '\n' character every 60 characters). For now I have
just fixed the memory corruption bug and left the other problems in this
driver alone.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
YOSHIFUJI Hideaki [Wed, 2 Apr 2014 03:48:42 +0000 (12:48 +0900)]
isdnloop: Validate NUL-terminated strings from user.
[ Upstream commit
77bc6bed7121936bb2e019a8c336075f4c8eef62 ]
Return -EINVAL unless all of user-given strings are correctly
NUL-terminated.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Mike Rapoport [Tue, 1 Apr 2014 06:23:01 +0000 (09:23 +0300)]
net: vxlan: fix crash when interface is created with no group
[ Upstream commit
5933a7bbb5de66482ea8aa874a7ebaf8e67603c4 ]
If the vxlan interface is created without explicit group definition,
there are corner cases which may cause kernel panic.
For instance, in the following scenario:
node A:
$ ip link add dev vxlan42 address 2c:c2:60:00:10:20 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.1/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.2 2c:c2:60:00:01:02
$ bridge fdb add dev vxlan42 to 2c:c2:60:00:01:02 dst <IPv4 address>
$ ping 10.0.0.2
node B:
$ ip link add dev vxlan42 address 2c:c2:60:00:01:02 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.2/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.1 2c:c2:60:00:10:20
node B crashes:
vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
BUG: unable to handle kernel NULL pointer dereference at
0000000000000046
IP: [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
PGD
7bd89067 PUD
7bd4e067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.0-rc8-hvx-xen-00019-g97a5221-dirty #154
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task:
ffff88007c774f50 ti:
ffff88007c79c000 task.ti:
ffff88007c79c000
RIP: 0010:[<
ffffffff8143c459>] [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
RSP: 0018:
ffff88007fd03668 EFLAGS:
00010282
RAX:
0000000000000000 RBX:
ffffffff8186a000 RCX:
0000000000000040
RDX:
0000000000000000 RSI:
ffff88007b0e4a80 RDI:
ffff88007fd03754
RBP:
ffff88007fd03688 R08:
ffff88007b0e4a80 R09:
0000000000000000
R10:
0200000a0100000a R11:
0001002200000000 R12:
ffff88007fd03740
R13:
ffff88007b0e4a80 R14:
ffff88007b0e4a80 R15:
ffff88007bba0c50
FS:
0000000000000000(0000) GS:
ffff88007fd00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000046 CR3:
000000007bb60000 CR4:
00000000000006e0
Stack:
0000000000000000 ffff88007fd037a0 ffffffff8186a000 ffff88007fd03740
ffff88007fd036c8 ffffffff814320bb 0000000000006e49 ffff88007b8b7360
ffff88007bdbf200 ffff88007bcbc000 ffff88007b8b7000 ffff88007b8b7360
Call Trace:
<IRQ>
[<
ffffffff814320bb>] ip6_dst_lookup_tail+0x2d/0xa4
[<
ffffffff814322a5>] ip6_dst_lookup+0x10/0x12
[<
ffffffff81323b4e>] vxlan_xmit_one+0x32a/0x68c
[<
ffffffff814a325a>] ? _raw_spin_unlock_irqrestore+0x12/0x14
[<
ffffffff8104c551>] ? lock_timer_base.isra.23+0x26/0x4b
[<
ffffffff8132451a>] vxlan_xmit+0x66a/0x6a8
[<
ffffffff8141a365>] ? ipt_do_table+0x35f/0x37e
[<
ffffffff81204ba2>] ? selinux_ip_postroute+0x41/0x26e
[<
ffffffff8139d0c1>] dev_hard_start_xmit+0x2ce/0x3ce
[<
ffffffff8139d491>] __dev_queue_xmit+0x2d0/0x392
[<
ffffffff813b380f>] ? eth_header+0x28/0xb5
[<
ffffffff8139d569>] dev_queue_xmit+0xb/0xd
[<
ffffffff813a5aa6>] neigh_resolve_output+0x134/0x152
[<
ffffffff813db741>] ip_finish_output2+0x236/0x299
[<
ffffffff813dc074>] ip_finish_output+0x98/0x9d
[<
ffffffff813dc749>] ip_output+0x62/0x67
[<
ffffffff813da9f2>] dst_output+0xf/0x11
[<
ffffffff813dc11c>] ip_local_out+0x1b/0x1f
[<
ffffffff813dcf1b>] ip_send_skb+0x11/0x37
[<
ffffffff813dcf70>] ip_push_pending_frames+0x2f/0x33
[<
ffffffff813ff732>] icmp_push_reply+0x106/0x115
[<
ffffffff813ff9e4>] icmp_reply+0x142/0x164
[<
ffffffff813ffb3b>] icmp_echo.part.16+0x46/0x48
[<
ffffffff813c1d30>] ? nf_iterate+0x43/0x80
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813ffb62>] icmp_echo+0x25/0x27
[<
ffffffff814005f7>] icmp_rcv+0x1d2/0x20a
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813d810d>] ip_local_deliver_finish+0xd6/0x14f
[<
ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
[<
ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
[<
ffffffff813d82bf>] ip_local_deliver+0x4a/0x4f
[<
ffffffff813d7f7b>] ip_rcv_finish+0x253/0x26a
[<
ffffffff813d7d28>] ? inet_add_protocol+0x3e/0x3e
[<
ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
[<
ffffffff813d856a>] ip_rcv+0x2a6/0x2ec
[<
ffffffff8139a9a0>] __netif_receive_skb_core+0x43e/0x478
[<
ffffffff812a346f>] ? virtqueue_poll+0x16/0x27
[<
ffffffff8139aa2f>] __netif_receive_skb+0x55/0x5a
[<
ffffffff8139aaaa>] process_backlog+0x76/0x12f
[<
ffffffff8139add8>] net_rx_action+0xa2/0x1ab
[<
ffffffff81047847>] __do_softirq+0xca/0x1d1
[<
ffffffff81047ace>] irq_exit+0x3e/0x85
[<
ffffffff8100b98b>] do_IRQ+0xa9/0xc4
[<
ffffffff814a37ad>] common_interrupt+0x6d/0x6d
<EOI>
[<
ffffffff810378db>] ? native_safe_halt+0x6/0x8
[<
ffffffff810110c7>] default_idle+0x9/0xd
[<
ffffffff81011694>] arch_cpu_idle+0x13/0x1c
[<
ffffffff8107480d>] cpu_startup_entry+0xbc/0x137
[<
ffffffff8102e741>] start_secondary+0x1a0/0x1a5
Code: 24 14 e8 f1 e5 01 00 31 d2 a8 32 0f 95 c2 49 8b 44 24 2c 49 0b 44 24 24 74 05 83 ca 04 eb 1c 4d 85 ed 74 17 49 8b 85 a8 02 00 00 <66> 8b 40 46 66 c1 e8 07 83 e0 07 c1 e0 03 09 c2 4c 89 e6 48 89
RIP [<
ffffffff8143c459>] ip6_route_output+0x58/0x82
RSP <
ffff88007fd03668>
CR2:
0000000000000046
---[ end trace
4612329caab37efd ]---
When vxlan interface is created without explicit group definition, the
default_dst protocol family is initialiazed to AF_UNSPEC and the driver
assumes IPv4 configuration. On the other side, the default_dst protocol
family is used to differentiate between IPv4 and IPv6 cases and, since,
AF_UNSPEC != AF_INET, the processing takes the IPv6 path.
Making the IPv4 assumption explicit by settting default_dst protocol
family to AF_INET4 and preventing mixing of IPv4 and IPv6 addresses in
snooped fdb entries fixes the corner case crashes.
Signed-off-by: Mike Rapoport <mike.rapoport@ravellosystems.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Wei Liu [Tue, 1 Apr 2014 11:46:12 +0000 (12:46 +0100)]
xen-netback: disable rogue vif in kthread context
[ Upstream commit
e9d8b2c2968499c1f96563e6522c56958d5a1d0d ]
When netback discovers frontend is sending malformed packet it will
disables the interface which serves that frontend.
However disabling a network interface involving taking a mutex which
cannot be done in softirq context, so we need to defer this process to
kthread context.
This patch does the following:
1. introduce a flag to indicate the interface is disabled.
2. check that flag in TX path, don't do any work if it's true.
3. check that flag in RX path, turn off that interface if it's true.
The reason to disable it in RX path is because RX uses kthread. After
this change the behavior of netback is still consistent -- it won't do
any TX work for a rogue frontend, and the interface will be eventually
turned off.
Also change a "continue" to "break" after xenvif_fatal_tx_err, as it
doesn't make sense to continue processing packets if frontend is rogue.
This is a fix for XSA-90.
Reported-by: Török Edwin <edwin@etorok.net>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Pablo Neira [Tue, 1 Apr 2014 17:38:44 +0000 (19:38 +0200)]
netlink: don't compare the nul-termination in nla_strcmp
[ Upstream commit
8b7b932434f5eee495b91a2804f5b64ebb2bc835 ]
nla_strcmp compares the string length plus one, so it's implicitly
including the nul-termination in the comparison.
int nla_strcmp(const struct nlattr *nla, const char *str)
{
int len = strlen(str) + 1;
...
d = memcmp(nla_data(nla), str, len);
However, if NLA_STRING is used, userspace can send us a string without
the nul-termination. This is a problem since the string
comparison will not match as the last byte may be not the
nul-termination.
Fix this by skipping the comparison of the nul-termination if the
attribute data is nul-terminated. Suggested by Thomas Graf.
Cc: Florian Westphal <fw@strlen.de>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Hannes Frederic Sowa [Mon, 31 Mar 2014 18:14:10 +0000 (20:14 +0200)]
ipv6: some ipv6 statistic counters failed to disable bh
[ Upstream commit
43a43b6040165f7b40b5b489fe61a4cb7f8c4980 ]
After commit
c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify
processing to workqueue") some counters are now updated in process context
and thus need to disable bh before doing so, otherwise deadlocks can
happen on 32-bit archs. Fabio Estevam noticed this while while mounting
a NFS volume on an ARM board.
As a compensation for missing this I looked after the other *_STATS_BH
and found three other calls which need updating:
1) icmp6_send: ip6_fragment -> icmpv6_send -> icmp6_send (error handling)
2) ip6_push_pending_frames: rawv6_sendmsg -> rawv6_push_pending_frames -> ...
(only in case of icmp protocol with raw sockets in error handling)
3) ping6_v6_sendmsg (error handling)
Fixes:
c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify processing to workqueue")
Reported-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
projects / sdk / emulator / emulator-kernel.git / log