- 20 Apr, 2016 13 commits
-
-
David Howells authored
BugLink: http://bugs.launchpad.net/bugs/1569924 Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN set rather than setting it after the fact. Signed-off-by:
David Howells <dhowells@redhat.com> Acked-by:
Mimi Zohar <zohar@linux.vnet.ibm.com> (cherry picked from commit 5d2787cf) Signed-off-by:
Tim Gardner <tim.gardner@canonical.com> Signed-off-by:
Andy Whitcroft <andy.whitcroft@canonical.com> Signed-off-by:
Stefan Bader <stefan.bader@canonical.com>
-
Petko Manolov authored
BugLink: http://bugs.launchpad.net/bugs/1569924 This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively forming a simple CA hierarchy. To successfully import a key into .ima_mok it must be signed by a key which CA is in .system keyring. On turn any key that needs to go in .ima keyring must be signed by CA in either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot. IMA blacklist keyring contains all revoked IMA keys. It is consulted before any other keyring. If the search is successful the requested operation is rejected and error is returned to the caller. Signed-off-by:
Petko Manolov <petkan@mip-labs.com> Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1569924Signed-off-by:
-
Dave Howells authored
BugLink: http://bugs.launchpad.net/bugs/1569924 X.509 certificates are loaded into the specified keyring as asymmetric type keys. Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1569924Signed-off-by:
-
Tadeusz Struk authored
BugLink: http://bugs.launchpad.net/bugs/1569924 This patch converts the module verification code to the new akcipher API. Signed-off-by:
Tadeusz Struk <tadeusz.struk@intel.com> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Dave Howells authored
BugLink: http://bugs.launchpad.net/bugs/1569924 Add the data types that are used for containing hashes, keys and certificates for cryptographic verification. Bugzilla: N/A Upstream-status: Fedora mustard for now Signed-off-by:
-
Ard Biesheuvel authored
BugLink: http://bugs.launchpad.net/bugs/1569924 This exposes the firmware's implementation of EFI_RNG_PROTOCOL via a new function efi_get_random_bytes(). Reviewed-by:
Matt Fleming <matt@codeblueprint.co.uk> Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
Catalin Marinas <catalin.marinas@arm.com> (back ported from commit e4fbf476) Signed-off-by:
-
Peter Jones authored
BugLink: http://bugs.launchpad.net/bugs/1569924 This makes it much easier to hunt for typos in the GUID definitions. It also makes checkpatch complain less about efi.h GUID additions, so that if you add another one with the same style, checkpatch won't complain about it. Signed-off-by:
Peter Jones <pjones@redhat.com> Signed-off-by:
Ingo Molnar <mingo@kernel.org> (cherry picked from commit 662b1d89) Signed-off-by:
-
Robert Elliott authored
BugLink: http://bugs.launchpad.net/bugs/1569924 Add the NV memory attribute introduced in UEFI 2.5 and add a column for it in the types and attributes string used when printing the UEFI memory map. old: efi: mem61: [type=14 | | | | | | | |WB|WT|WC|UC] range=[0x0000000880000000-0x0000000c7fffffff) (16384MB) new: efi: mem61: [type=14 | | |NV| | | | | |WB|WT|WC|UC] range=[0x0000000880000000-0x0000000c7fffffff) (16384MB) Signed-off-by:
Robert Elliott <elliott@hpe.com> Signed-off-by:
Laszlo Ersek <lersek@redhat.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Taku Izumi <izumi.taku@jp.fujitsu.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1454364428-494-13-git-send-email-matt@codeblueprint.co.ukSigned-off-by:
-
Ard Biesheuvel authored
BugLink: http://bugs.launchpad.net/bugs/1569924 The function efi_query_variable_store() may be invoked by efivar_entry_set_nonblocking(), which itself takes care to only call a non-blocking version of the SetVariable() runtime wrapper. However, efi_query_variable_store() may call the SetVariable() wrapper directly, as well as the wrapper for QueryVariableInfo(), both of which could deadlock in the same way we are trying to prevent by calling efivar_entry_set_nonblocking() in the first place. So instead, modify efi_query_variable_store() to use the non-blocking variants of QueryVariableInfo() (and give up rather than free up space if the available space is below EFI_MIN_RESERVE) if invoked with the 'nonblocking' argument set to true. Signed-off-by:
-
Ard Biesheuvel authored
BugLink: http://bugs.launchpad.net/bugs/1569924 This introduces a new runtime wrapper for the QueryVariableInfo() UEFI Runtime Service, which gives up immediately rather than spins on failure to grab the efi_runtime spinlock. This is required in the non-blocking path of the efi-pstore code. Signed-off-by:
-
Ard Biesheuvel authored
BugLink: http://bugs.launchpad.net/bugs/1569924 There is no need for a separate nonblocking prototype definition for the SetVariable() UEFI Runtime Service, since it is identical to the blocking version. Signed-off-by:
-
- 19 Apr, 2016 1 commit
-
-
Tim Gardner authored
Ignore: yes Signed-off-by:
-
- 18 Apr, 2016 5 commits
-
-
Tim Gardner authored
Signed-off-by: -
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1571691 It would be much simpler if one could pass MOKSBState via a global variable, but the the EFI bits appear to be managed and linked a bit differently then a normal text section. Hence the shennanigans with boot_params.secure_boot. Signed-off-by:
Kamal Mostafa <kamal@canonical.com>
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1571691 git://pkgs.fedoraproject.org/rpms/kernel.git A user can manually tell the shim boot loader to disable validation of images it loads. When a user does this, it creates a UEFI variable called MokSBState that does not have the runtime attribute set. Given that the user explicitly disabled validation, we can honor that and not enable secure boot mode if that variable is set. Signed-off-by:
Josh Boyer <jwboyer@fedoraproject.org> Signed-off-by:
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1571691 git://pkgs.fedoraproject.org/rpms/kernel.git Secure Boot stores a list of allowed certificates in the 'db' variable. This imports those certificates into the system trusted keyring. This allows for a third party signing certificate to be used in conjunction with signed modules. By importing the public certificate into the 'db' variable, a user can allow a module signed with that certificate to load. The shim UEFI bootloader has a similar certificate list stored in the 'MokListRT' variable. We import those as well. In the opposite case, Secure Boot maintains a list of disallowed certificates in the 'dbx' variable. We load those certificates into the newly introduced system blacklist keyring and forbid any module signed with those from loading. Signed-off-by:
-
Tim Gardner authored
Ignore: yes Signed-off-by:
-
- 15 Apr, 2016 8 commits
-
-
Tim Gardner authored
Signed-off-by: -
Seth Forshee authored
BugLink: http://bugs.launchpad.net/bugs/1570906 Two kernfs-based filesystems are currently mountable from non-init user namespaces, sysfs and cgroupfs. Both of these have use cases which end up attempting to mount the same superblock from different user namespaces, but sget() no longer allows this so these mount attempts will fail. Update kernfs_test_super() to return false whenever s_user_ns is not the current user namespace, resulting in a new super block being allocated for these mounts. kernfs, sysfs, and cgroupfs are all equipped to handle this situation. Tested-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Leann Ogasawara <leann.ogasawara@canonical.com> Signed-off-by:
-
Peter Zijlstra authored
BugLink: http://bugs.launchpad.net/bugs/1570441 It turns out AMD gets x86_max_cores wrong when there are compute units. The issue is that Linux assumes: nr_logical_cpus = nr_cores * nr_siblings But AMD reports its CU unit as 2 cores, but then sets num_smp_siblings to 2 as well. Boris: fixup ras/mce_amd_inj.c too, to compute the Node Base Core properly, according to the new nomenclature. Fixes: 1f12e32f ("x86/topology: Create logical package id") Reported-by:
Xiong Zhou <jencce.kernel@gmail.com> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by:
Borislav Petkov <bp@suse.de> Cc: Andreas Herrmann <aherrmann@suse.com> Cc: Andy Lutomirski <luto@kernel.org> Link: http://lkml.kernel.org/r/20160317095220.GO6344@twins.programming.kicks-ass.netSigned-off-by:
Thomas Gleixner <tglx@linutronix.de> (cherry picked from commit ee6825c8) Signed-off-by:
Colin King <colin.king@canonical.com> Signed-off-by:
-
Boris Ostrovsky authored
BugLink: http://bugs.launchpad.net/bugs/1570441 Currently Xen uses default_cpu_present_to_apicid() which will always report BAD_APICID for PV guests since x86_bios_cpu_apic_id is initialised to that value and is never updated. With commit 1f12e32f ("x86/topology: Create logical package id"), this op is now called by smp_init_package_map() when deciding whether to call topology_update_package_map() which sets cpu_data(cpu).logical_proc_id. The latter (as topology_logical_package_id(cpu)) may be used, for example, by cpu_to_rapl_pmu() as an array index. Since uninitialized logical_package_id is set to -1, the index will become 64K which is obviously problematic. While RAPL code (and any other users of logical_package_id) should be careful in their assumptions about id's validity, Xen's cpu_present_to_apicid op should still provide value consistent with its own xen_apic_read(APIC_ID). Signed-off-by:
Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by:
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> (cherry picked from commit ed6069be) Signed-off-by:
-
Thomas Gleixner authored
BugLink: http://bugs.launchpad.net/bugs/1570441 nr_cpu_ids can be limited on the command line via nr_cpus=. That can break the logical package management because it results in a smaller number of packages, but the cpus to online are occupying the full package space as the hyper threads are enumerated after the physical cores typically. total_cpus is the real possible cpu space not limited by nr_cpus command line and gives us the proper number of packages. Reported-by:
Mike Galbraith <umgwanakikbuti@gmail.com> Fixes: 1f12e32f ("x86/topology: Create logical package id") Signed-off-by:
-
Peter Zijlstra authored
BugLink: http://bugs.launchpad.net/bugs/1570441 As per the comment in the code; due to BIOS it is sometimes impossible to know if there actually are smp siblings until the machine is fully enumerated. So we rather overestimate the number of possible packages. Fixes: 1f12e32f ("x86/topology: Create logical package id") Signed-off-by:
-
Peter Zijlstra authored
BugLink: http://bugs.launchpad.net/bugs/1570441 That first branch testing pkg against __max_logical_packages is wrong, because if the first pkg id is larger, then the find_first_zero will find us logical package id 0. However, if the second pkg id is indeed 0, we'll again claim it without testing if it was already taken. Also, it fails to print the mapping. Fixes: 1f12e32f ("x86/topology: Create logical package id") Reported-by:
-
John Stultz authored
BugLink: http://bugs.launchpad.net/bugs/1566465 Recently, in commit 37cf4dc3 I forgot to check if the timeval being passed was actually a timespec (as is signaled with ADJ_NANO). This resulted in that patch breaking ADJ_SETOFFSET users who set ADJ_NANO, by rejecting valid timespecs that were compared with valid timeval ranges. This patch addresses this by checking for the ADJ_NANO flag and using the timepsec check instead in that case. Reported-by:
Harald Hoyer <harald@redhat.com> Reported-by:
Kay Sievers <kay@vrfy.org> Fixes: 37cf4dc3 "time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow" Signed-off-by:
John Stultz <john.stultz@linaro.org> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: David Herrmann <dh.herrmann@gmail.com> Link: http://lkml.kernel.org/r/1453417415-19110-2-git-send-email-john.stultz@linaro.orgSigned-off-by:
-
- 14 Apr, 2016 2 commits
-
-
Tim Gardner authored
Ignore: yes Signed-off-by: -
Tim Gardner authored
Signed-off-by:
-
- 13 Apr, 2016 7 commits
-
-
Willy Tarreau authored
On no-so-small systems, it is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4000 pipes with 1 MB of data will use 4 GB of memory. On small systems it may be tricky to set the pipe max size to prevent this from happening. This patch makes it possible to enforce a per-user soft limit above which new pipes will be limited to a single page, effectively limiting them to 4 kB each, as well as a hard limit above which no new pipes may be created for this user. This has the effect of protecting the system against memory abuse without hurting other users, and still allowing pipes to work correctly though with less data at once. The limit are controlled by two new sysctls : pipe-user-pages-soft, and pipe-user-pages-hard. Both may be disabled by setting them to zero. The default soft limit allows the default number of FDs per process (1024) to create pipes of the default size (64kB), thus reaching a limit of 64MB before starting to create only smaller pipes. With 256 processes limited to 1024 FDs each, this results in 1024*64kB + (256*1024 - 1024) * 4kB = 1084 MB of memory allocated for a user. The hard limit is disabled by default to avoid breaking existing applications that make intensive use of pipes (eg: for splicing). Reported-by: socketpair@gmail.com Reported-by:
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Mitigates: CVE-2013-4312 (Linux 2.0+) Suggested-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Willy Tarreau <w@1wt.eu> Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit 759c0114) CVE-2016-2847 BugLink: https://bugs.launchpad.net/bugs/1554260Signed-off-by:
Luis Henriques <luis.henriques@canonical.com> Signed-off-by:
-
Quinn Tran authored
BugLink: http://bugs.launchpad.net/bugs/1554003 Commit cdb898c5 introduced a regression by accessing a Null pointer. This occured when checking older 4G adapters, that do not have MSIX support. Add a check for rsp->msix. Fixes: commit cdb898c5: ("qla2xxx: Add irq affinity notification") Signed-off-by:
Joseph Salisbury <joseph.salisbury@canonical.com> Signed-off-by:
-
Marc Zyngier authored
BugLink: http://bugs.launchpad.net/bugs/1549494 On a host that runs NTP, corrections can have a direct impact on the background timer that we program on the behalf of a vcpu. In particular, NTP performing a forward correction will result in a timer expiring sooner than expected from a guest point of view. Not a big deal, we kick the vcpu anyway. But on wake-up, the vcpu thread is going to perform a check to find out whether or not it should block. And at that point, the timer check is going to say "timer has not expired yet, go back to sleep". This results in the timer event being lost forever. There are multiple ways to handle this. One would be record that the timer has expired and let kvm_cpu_has_pending_timer return true in that case, but that would be fairly invasive. Another is to check for the "short sleep" condition in the hrtimer callback, and restart the timer for the remaining time when the condition is detected. This patch implements the latter, with a bit of refactoring in order to avoid too much code duplication. Cc: <stable@vger.kernel.org> Reported-by:
Alexander Graf <agraf@suse.de> Reviewed-by:
Marc Zyngier <marc.zyngier@arm.com> Signed-off-by:
Christoffer Dall <christoffer.dall@linaro.org> (cherry picked from linux-next commit 1c5631c7) Signed-off-by:
dann frazier <dann.frazier@canonical.com> Acked-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1566221Signed-off-by:
-
Tim Gardner authored
Should have run updateconfigs after committing 'UBUNTU: SAUCE: i915_bpo: Disable preliminary hw support' Signed-off-by: -
Pavel Rojtberg authored
Track the status of the irq_out URB to prevent submission iof new requests while current one is active. Failure to do so results in the "URB submitted while active" warning/stack trace. Store pending brightness and FF effect in the driver structure and replace it with the latest requests until the device is ready to process next request. Alternate serving LED vs FF requests to make sure one does not starve another. See [1] for discussion. Inspired by patch of Sarah Bessmer [2]. [1]: http://www.spinics.net/lists/linux-input/msg40708.html [2]: http://www.spinics.net/lists/linux-input/msg31450.htmlSigned-off-by:
Pavel Rojtberg <rojtberg@gmail.com> Signed-off-by:
Dmitry Torokhov <dmitry.torokhov@gmail.com> (cherry picked from commit 7fc595f4) Signed-off-by:
-
Christian Borntraeger authored
BugLink: http://bugs.launchpad.net/bugs/1555344 we have to check bit 40 of the facility list before issuing LPP and not bit 48. Otherwise a guest running on a system with "The decimal-floating-point zoned-conversion facility" and without the "The set-program-parameters facility" might crash on an lpp instruction. Signed-off-by:
Christian Borntraeger <borntraeger@de.ibm.com> Cc: stable@vger.kernel.org # v4.4+ Fixes: e22cf8ca ("s390/cpumf: rework program parameter setting to detect guest samples") Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> (cherry picked from commit 7a76aa95) Signed-off-by:
Seth Forshee <seth.forshee@canonical.com> Signed-off-by:
-
- 11 Apr, 2016 4 commits
-
-
Heiko Carstens authored
BugLink: http://bugs.launchpad.net/bugs/1555344 head.s contains an stfle instruction which stores it result at the storage location that is assigned to the stfl instruction. This is currently no problem, since we only care about one double word. However if the number of double words in the ALS bitfield grows the current code is not very stable. E.g. before issuing the stfle command the memory to which it stores must be cleared, since the instruction may or may not clear memory contents where no bits are set. In order to simplify the code a bit always use the storage location that we reserved for the stfle result. Signed-off-by:
Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by:
-
Heiko Carstens authored
BugLink: http://bugs.launchpad.net/bugs/1555344 Now that 31 bit support is gone, the assembler always knows about the stfl instruction. Therefore lets use a readable mnemonic. Also remove the not needed extable entry for the inline assembly and fix the output constraint. Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1536245Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1567581 This reverts commit ebfd4a07. Acked-by: seth.forshee@canonical.com Acked-by: stefan.bader@canonical.com Signed-off-by:
-
