1. 07 Sep, 2012 5 commits
    • Mimi Zohar's avatar
      ima: add appraise action keywords and default rules · 07f6a794
      Mimi Zohar authored
      Unlike the IMA measurement policy, the appraise policy can not be dependent
      on runtime process information, such as the task uid, as the 'security.ima'
      xattr is written on file close and must be updated each time the file changes,
      regardless of the current task uid.
      
      This patch extends the policy language with 'fowner', defines an appraise
      policy, which appraises all files owned by root, and defines 'ima_appraise_tcb',
      a new boot command line option, to enable the appraise policy.
      
      Changelog v3:
      - separate the measure from the appraise rules in order to support measuring
        without appraising and appraising without measuring.
      - change appraisal default for filesystems without xattr support to fail
      - update default appraise policy for cgroups
      
      Changelog v1:
      - don't appraise RAMFS (Dmitry Kasatkin)
      - merged rest of "ima: ima_must_appraise_or_measure API change" commit
        (Dmtiry Kasatkin)
      
        ima_must_appraise_or_measure() called ima_match_policy twice, which
        searched the policy for a matching rule.  Once for a matching measurement
        rule and subsequently for an appraisal rule. Searching the policy twice
        is unnecessary overhead, which could be noticeable with a large policy.
      
        The new version of ima_must_appraise_or_measure() does everything in a
        single iteration using a new version of ima_match_policy().  It returns
        IMA_MEASURE, IMA_APPRAISE mask.
      
        With the use of action mask only one efficient matching function
        is enough.  Removed other specific versions of matching functions.
      
      Changelog:
      - change 'owner' to 'fowner' to conform to the new LSM conditions posted by
        Roberto Sassu.
      - fix calls to ima_log_string()
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      07f6a794
    • Mimi Zohar's avatar
      ima: integrity appraisal extension · 2fe5d6de
      Mimi Zohar authored
      IMA currently maintains an integrity measurement list used to assert the
      integrity of the running system to a third party.  The IMA-appraisal
      extension adds local integrity validation and enforcement of the
      measurement against a "good" value stored as an extended attribute
      'security.ima'.  The initial methods for validating 'security.ima' are
      hashed based, which provides file data integrity, and digital signature
      based, which in addition to providing file data integrity, provides
      authenticity.
      
      This patch creates and maintains the 'security.ima' xattr, containing
      the file data hash measurement.  Protection of the xattr is provided by
      EVM, if enabled and configured.
      
      Based on policy, IMA calls evm_verifyxattr() to verify a file's metadata
      integrity and, assuming success, compares the file's current hash value
      with the one stored as an extended attribute in 'security.ima'.
      
      Changelov v4:
      - changed iint cache flags to hex values
      
      Changelog v3:
      - change appraisal default for filesystems without xattr support to fail
      
      Changelog v2:
      - fix audit msg 'res' value
      - removed unused 'ima_appraise=' values
      
      Changelog v1:
      - removed unused iint mutex (Dmitry Kasatkin)
      - setattr hook must not reset appraised (Dmitry Kasatkin)
      - evm_verifyxattr() now differentiates between no 'security.evm' xattr
        (INTEGRITY_NOLABEL) and no EVM 'protected' xattrs included in the
        'security.evm' (INTEGRITY_NOXATTRS).
      - replace hash_status with ima_status (Dmitry Kasatkin)
      - re-initialize slab element ima_status on free (Dmitry Kasatkin)
      - include 'security.ima' in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA
      - merged half "ima: ima_must_appraise_or_measure API change" (Dmitry Kasatkin)
      - removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)
      - use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured
        (moved ima_inode_post_setattr() to ima_appraise.c)
      - make sure ima_collect_measurement() can read file
      
      Changelog:
      - add 'iint' to evm_verifyxattr() call (Dimitry Kasatkin)
      - fix the race condition between chmod, which takes the i_mutex and then
        iint->mutex, and ima_file_free() and process_measurement(), which take
        the locks in the reverse order, by eliminating iint->mutex. (Dmitry Kasatkin)
      - cleanup of ima_appraise_measurement() (Dmitry Kasatkin)
      - changes as a result of the iint not allocated for all regular files, but
        only for those measured/appraised.
      - don't try to appraise new/empty files
      - expanded ima_appraisal description in ima/Kconfig
      - IMA appraise definitions required even if IMA_APPRAISE not enabled
      - add return value to ima_must_appraise() stub
      - unconditionally set status = INTEGRITY_PASS *after* testing status,
        not before.  (Found by Joe Perches)
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      2fe5d6de
    • Mimi Zohar's avatar
      vfs: move ima_file_free before releasing the file · 4199d35c
      Mimi Zohar authored
      ima_file_free(), called on __fput(), currently flags files that have
      changed, so that the file is re-measured.  For appraising a files's
      integrity, the file's hash must be re-calculated and stored in the
      'security.ima' xattr to reflect any changes.
      
      This patch moves the ima_file_free() call to before releasing the file
      in preparation of ima-appraisal measuring the file and updating the
      'security.ima' xattr.
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Acked-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
      Acked-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      4199d35c
    • Mimi Zohar's avatar
      vfs: extend vfs_removexattr locking · 2ab51f37
      Mimi Zohar authored
      This patch takes the i_mutex lock before security_inode_removexattr(),
      instead of after, in preparation of calling ima_inode_removexattr().
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@nokia.com>
      2ab51f37
    • Kees Cook's avatar
      Yama: handle 32-bit userspace prctl · 2e4930eb
      Kees Cook authored
      When running a 64-bit kernel and receiving prctls from a 32-bit
      userspace, the "-1" used as an unsigned long will end up being
      misdetected. The kernel is looking for 0xffffffffffffffff instead of
      0xffffffff. Since prctl lacks a distinct compat interface, Yama needs
      to handle this translation itself. As such, support either value as
      meaning PR_SET_PTRACER_ANY, to avoid breaking the ABI for 64-bit.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      2e4930eb
  2. 05 Sep, 2012 1 commit
  3. 04 Sep, 2012 1 commit
  4. 22 Aug, 2012 13 commits
  5. 17 Aug, 2012 1 commit
  6. 16 Aug, 2012 11 commits
  7. 15 Aug, 2012 3 commits
    • Dave Airlie's avatar
      Merge branch 'drm-nouveau-fixes' of git://git.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes · 2e26c73a
      Dave Airlie authored
      * 'drm-nouveau-fixes' of git://git.freedesktop.org/git/nouveau/linux-2.6:
        drm/nv86/fifo: suspend fix
        drm/nouveau: disable copy engine on NVAF
        nouveau: fixup scanout enable in nvc0_pm
        drm/nouveau/aux: mask off higher bits of auxch index in i2c table entry
        drm/nvd0/disp: mask off high 16 bit of negative cursor x-coordinate
        drm/nve0/fifo: add support for the flip completion swmthd
      2e26c73a
    • Dave Airlie's avatar
      Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes · a389b6a1
      Dave Airlie authored
      Daniel Vetter writes:
      
      "A few important fixers:
      - fix various lvds backlight issues, regressed in 3.6 (Takashi Iwai)
      - make the retina mbp work (ignore bogus edp bpc value in vbt)
      - fix a gmbus regression introduced in (iirc) 3.4 (Jani Nikula)
      - fix an edp panel power sequence regression, fixes the new macbook air
      - apply the tlb invalidate w/a
      
      Otherwise we still have another gmbus regression (patches are awaiting
      tested-bys) and there's something odd going with some rare systems not
      entering rc6 often enough (and hence blowing through too much power).  It
      seems to be a timing-related issue and can be mitigated by frobbing the
      magic tuning parameters. We're still working on that one. Also, we still
      have some fallout from the hw context support, but you can only hit that
      with mesa master."
      
      * 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
        drm/i915: Apply post-sync write for pipe control invalidates
        drm/i915: reorder edp disabling to fix ivb MacBook Air
        drm/i915: ensure i2c adapter is all set before adding it
        drm/i915: ignore eDP bpc settings from vbt
        drm/i915: Fix blank panel at reopening lid
      a389b6a1
    • David S. Miller's avatar
      sparc64: Be less verbose during vmemmap population. · 2856cc2e
      David S. Miller authored
      On a 2-node machine with 256GB of ram we get 512 lines of
      console output, which is just too much.
      
      This mimicks Yinghai Lu's x86 commit c2b91e2e
      (x86_64/mm: check and print vmemmap allocation continuous) except that
      we aren't ever going to get contiguous block pointers in between calls
      so just print when the virtual address or node changes.
      
      This decreases the output by an order of 16.
      
      Also demote this to KERN_DEBUG.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2856cc2e
  8. 14 Aug, 2012 5 commits
    • Chris Wilson's avatar
      drm/i915: Apply post-sync write for pipe control invalidates · 7d54a904
      Chris Wilson authored
      When invalidating the TLBs it is documentated as requiring a post-sync
      write. Failure to do so seems to result in a GPU hang.
      
      Exposure to this hang on IVB seems to be a result of removing the extra
      stalls required for SNB pipecontrol workarounds:
      
      commit 6c6cf5aa
      Author: Chris Wilson <chris@chris-wilson.co.uk>
      Date:   Fri Jul 20 18:02:28 2012 +0100
      
          drm/i915: Only apply the SNB pipe control w/a to gen6
      
      Note: Manually switch the pipe_control cmd to 4 dwords to avoid a
      (silent) functional conflict with -next. This way will get a loud (but
      conflict with next (since the scratch_addr has been deleted there).
      
      Reported-and-tested-by: yex.tian@intel.com
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=53322Acked-by: default avatarBen Widawsky <ben@bwidawsk.net>
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      [danvet: added note about merge conflict with -next.]
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      7d54a904
    • Daniel Vetter's avatar
      drm/i915: reorder edp disabling to fix ivb MacBook Air · 35a38556
      Daniel Vetter authored
      eDP is tons of fun. It turns out that at least the new MacBook Air 5,1
      model absolutely doesn't like the new force vdd dance we've introduced
      in
      
      commit 6cb49835
      Author: Daniel Vetter <daniel.vetter@ffwll.ch>
      Date:   Sun May 20 17:14:50 2012 +0200
      
          drm/i915: enable vdd when switching off the eDP panel
      
      But that patch also tried to fix some neat edp sequence issue with the
      force_vdd timings. Closer inspection reveals that we've raised
      force_vdd only to do the aux channel communication dp_sink_dpms. If we
      move the edp_panel_off below that, we don't need any force_vdd for the
      disable sequence, which makes the Air happy.
      
      Unfortunately the reporter of the original bug that the above commit
      fixed is travelling, so we can't test whether this regresses things.
      But my theory is that since we don't check for any power-off ->
      force_vdd-on delays in edp_panel_vdd_on, this was the actual
      root-cause of this failure. With that force_vdd dance completely
      eliminated, I'm hopeful the original bug stays fixed, too.
      
      For reference the old bug, which hopefully doesn't get broken by this:
      
      https://bugzilla.kernel.org/show_bug.cgi?id=43163
      
      In any case, regression fixers win over plain bugfixes, so this needs
      to go in asap.
      
      v2: The crucial pieces seems to be to clear the force_vdd flag
      uncoditionally, too, in edp_panel_off. Looks like this is left behind
      by the firmware somehow.
      
      v3: The Apple firmware seems to switch off the panel on it's own, hence
      we still need to keep force_vdd on, but properly clear it when switching
      the panel off.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=45671Tested-by: default avatarRoberto Romer <sildurin@gmail.com>
      Tested-by: default avatarDaniel Wagner <wagi@monom.org>
      Tested-by: default avatarKeith Packard <keithp@keithp.com>
      Cc: stable@vger.kernel.org
      Cc: Keith Packard <keithp@keithp.com>
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      35a38556
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ddf343f6
      Linus Torvalds authored
      Pull s390 patches from Martin Schwidefsky:
       "Included are bug fixes and a patch to enable system call filtering
        with BPF."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/compat: fix mmap compat system calls
        s390/compat: fix compat wrappers for process_vm system calls
        s390: do not clobber personality flags in sys_32_personality()
        s390/seccomp: add support for system call filtering using BPF
        s390/sclp_sdias: Add missing break and "fall through"
        s390/mm: remove MAX_PHYSADDR_BITS define
      ddf343f6
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 930a93a5
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Radeon and intel fixes mostly, one fix to the mgag200 driver to not
        hang on certain server variants."
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (32 commits)
        drm/radeon: fix typo in function header comment
        drm/radeon/kms: implement timestamp userspace query (v2)
        drm/radeon/kms: add MSAA texture support for r600-evergreen
        drm/radeon/kms: reorder code in r600_check_texture_resource
        drm/radeon: fence virtual address and free it once idle v4
        drm/radeon: fix some missing parens in asic macros
        drm/radeon: add some new SI pci ids
        drm/radeon: fix ordering in pll picking on dce4+
        drm/radeon: do not reenable crtc after moving vram start address
        drm/radeon: fix bank tiling parameters on cayman
        drm/radeon: fix bank tiling parameters on evergreen
        drm/radeon: fix bank tiling parameters on SI
        drm/radeon: properly handle crtc powergating
        drm/radeon: properly handle SS overrides on TN (v2)
        drm/radeon/dce4+: set a more reasonable cursor watermark
        drm/radeon: fix handling for ddc type 5 on combios
        drm/mgag200: fix G200ER pll picking algorithm
        drm/edid: Fix potential memory leak in edid_load()
        drm/udl: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(.. [1]
        drm/radeon/kms: allow "invalid" DB formats as a means to disable DB
        ...
      930a93a5
    • Arnd Bergmann's avatar
      GPIO: gpio-pxa: fix building without CONFIG_OF · f43e04ec
      Arnd Bergmann authored
      Commit 72121572 ("GPIO: gpio-pxa: fix devicetree functions") added an
      "xlate" function pointer to the irq_domain_ops, but this function is nor
      declared or defined anywhere when CONFIG_OF is disabled, causing the
      build error:
      
        drivers/gpio/gpio-pxa.c:532:11: error: 'irq_domain_xlate_twocell' undeclared here (not in a function)
      
      Extending the DT-only code section to cover the irq_domain_ops and the
      pxa_gpio_dt_ids solves this problem and makes it clearer which code is
      actually used without DT.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f43e04ec