1. 20 Apr, 2017 30 commits
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/video/ · c729203d
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/video/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
      cc: linux-fbdev@vger.kernel.org
      c729203d
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/tty/ · 3b60daf8
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/tty/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc: Jiri Slaby <jslaby@suse.com>
      cc: linux-serial@vger.kernel.org
      3b60daf8
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/staging/vme/ · ea38fd72
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/staging/vme/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Martyn Welch <martyn@welchs.me.uk>
      cc: Manohar Vanga <manohar.vanga@gmail.com>
      cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc: devel@driverdev.osuosl.org
      ea38fd72
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/staging/speakup/ · dbf05cb0
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/staging/speakup/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc: speakup@linux-speakup.org
      cc: devel@driverdev.osuosl.org
      dbf05cb0
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/staging/media/ · 32820d8a
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/staging/media/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      cc: linux-media@vger.kernel.org
      cc: devel@driverdev.osuosl.org
      32820d8a
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/scsi/ · 88f06b76
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/scsi/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: "Juergen E. Fischer" <fischer@norbit.de>
      cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
      cc: "Martin K. Petersen" <martin.petersen@oracle.com>
      cc: Dario Ballabio <ballabio_dario@emc.com>
      cc: Finn Thain <fthain@telegraphics.com.au>
      cc: Michael Schmitz <schmitzmic@gmail.com>
      cc: Achim Leubner <achim_leubner@adaptec.com>
      cc: linux-scsi@vger.kernel.org
      88f06b76
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/pcmcia/ · 9149ba1f
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/pcmcia/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-pcmcia@lists.infradead.org
      9149ba1f
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/pci/hotplug/ · 01b961b7
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/pci/hotplug/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      cc: Scott Murray <scott@spiteful.org>
      cc: linux-pci@vger.kernel.org
      01b961b7
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/parport/ · c8fc074d
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/parport/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
      c8fc074d
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/wireless/ · 767c13e6
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/wireless/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Kalle Valo <kvalo@codeaurora.org>
      cc: linux-wireless@vger.kernel.org
      cc: netdev@vger.kernel.org
      767c13e6
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/wan/ · af28a03c
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/wan/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: "Jan \"Yenya\" Kasprzak" <kas@fi.muni.cz>
      cc: netdev@vger.kernel.org
      af28a03c
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/irda/ · 4f06e652
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/irda/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Samuel Ortiz <samuel@sortiz.org>
      cc: netdev@vger.kernel.org
      4f06e652
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/hamradio/ · b658e5d8
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/hamradio/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Thomas Sailer <t.sailer@alumni.ethz.ch>
      cc: Joerg Reuter <jreuter@yaina.de>
      cc: linux-hams@vger.kernel.org
      cc: netdev@vger.kernel.org
      b658e5d8
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/ethernet/ · df298408
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/ethernet/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Steffen Klassert <steffen.klassert@secunet.com>
      cc: Jaroslav Kysela <perex@perex.cz>
      cc: netdev@vger.kernel.org
      cc: linux-parisc@vger.kernel.org
      df298408
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/can/ · e43f2c52
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/can/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      cc: Wolfgang Grandegger <wg@grandegger.com>
      cc: linux-can@vger.kernel.org
      cc: netdev@vger.kernel.org
      e43f2c52
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/arcnet/ · 06a5128a
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/arcnet/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Michael Grzeschik <m.grzeschik@pengutronix.de>
      cc: netdev@vger.kernel.org
      06a5128a
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/net/appletalk/ · 6621f85d
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/net/appletalk/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      cc: netdev@vger.kernel.org
      6621f85d
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/mmc/host/ · dac562fc
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/mmc/host/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Pierre Ossman <pierre@ossman.eu>
      cc: Ulf Hansson <ulf.hansson@linaro.org>
      cc: linux-mmc@vger.kernel.org
      dac562fc
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/misc/ · 4f1927dc
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/misc/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc: Arnd Bergmann <arnd@arndb.de>
      4f1927dc
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/media/ · 5a8fc6a3
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/media/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      cc: mjpeg-users@lists.sourceforge.net
      cc: linux-media@vger.kernel.org
      5a8fc6a3
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/isdn/ · b9351f7e
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/isdn/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Karsten Keil <isdn@linux-pingi.de>
      cc: netdev@vger.kernel.org
      b9351f7e
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/input/ · f6b12d04
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/input/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      cc: linux-input@vger.kernel.org
      f6b12d04
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/iio/ · 8863b3e7
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/iio/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarWilliam Breathitt Gray <vilhelm.gray@gmail.com>
      Acked-by: default avatarJonathan Cameron <jic23@kernel.org>
      cc: linux-iio@vger.kernel.org
      8863b3e7
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/i2c/ · c78babcc
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/i2c/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarWolfram Sang <wsa@the-dreams.de>
      Acked-by: default avatarJean Delvare <jdelvare@suse.de>
      cc: linux-i2c@vger.kernel.org
      c78babcc
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/gpio/ · d759f906
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/gpio/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarWilliam Breathitt Gray <vilhelm.gray@gmail.com>
      Acked-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      cc: Alexandre Courbot <gnurou@gmail.com>
      cc: linux-gpio@vger.kernel.org
      d759f906
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/cpufreq/ · 40059ec6
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/cpufreq/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatar"Rafael J. Wysocki" <rjw@rjwysocki.net>
      Acked-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
      cc: linux-pm@vger.kernel.org
      40059ec6
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/clocksource/ · cc9c6175
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/clocksource/.
      
      [Note: With regard to cs5535-clockevt.c, Thomas Gleixner asked whether the
       timer_irq parameter is required for the driver to work on anything other than
       arbitrary hardware which has it mapped to 0.  Jens Rottmann replied that the
       parameter defaults to 0, which means:
      
      	1. autodetect (=keep IRQ BIOS has set up)
      	2. if that fails use CONFIG_CS5535_MFGPT_DEFAULT_IRQ
      	   (see drivers/misc/cs5535-mfgpt.c: cs5535_mfgpt_set_irq())
      
       Jens further noted that there may not be any systems that have CS5535/36
       devices that support EFI and secure boot.]
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Daniel Lezcano <daniel.lezcano@linaro.org>
      cc: Thomas Gleixner <tglx@linutronix.de>
      cc: Jens Rottmann <Jens.Rottmann@ADLINKtech.com>
      cc: linux-kernel@vger.kernel.org
      cc9c6175
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/char/ · 1c37ab5e
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/char/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc: Arnd Bergmann <arnd@arndb.de>
      1c37ab5e
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/char/mwave/ · 94b599bc
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/char/mwave/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      94b599bc
    • David Howells's avatar
      Annotate hardware config module parameters in drivers/char/ipmi/ · 684497bf
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in drivers/char/ipmi/.
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarCorey Minyard <cminyard@mvista.com>
      cc: openipmi-developer@lists.sourceforge.net
      684497bf
  2. 04 Apr, 2017 2 commits
    • David Howells's avatar
      Annotate hardware config module parameters in arch/x86/mm/ · 3c2e2e68
      David Howells authored
      When the kernel is running in secure boot mode, we lock down the kernel to
      prevent userspace from modifying the running kernel image.  Whilst this
      includes prohibiting access to things like /dev/mem, it must also prevent
      access by means of configuring driver modules in such a way as to cause a
      device to access or modify the kernel image.
      
      To this end, annotate module_param* statements that refer to hardware
      configuration and indicate for future reference what type of parameter they
      specify.  The parameter parser in the core sees this information and can
      skip such parameters with an error message if the kernel is locked down.
      The module initialisation then runs as normal, but just sees whatever the
      default values for those parameters is.
      
      Note that we do still need to do the module initialisation because some
      drivers have viable defaults set in case parameters aren't specified and
      some drivers support automatic configuration (e.g. PNP or PCI) in addition
      to manually coded parameters.
      
      This patch annotates drivers in arch/x86/mm/.
      
      [Note: With respect to testmmiotrace, an additional patch will be added
       separately that makes the module refuse to load if the kernel is locked
       down.]
      Suggested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      cc: Ingo Molnar <mingo@kernel.org>
      cc: Thomas Gleixner <tglx@linutronix.de>
      cc: "H. Peter Anvin" <hpa@zytor.com>
      cc: x86@kernel.org
      cc: linux-kernel@vger.kernel.org
      cc: nouveau@lists.freedesktop.org
      3c2e2e68
    • David Howells's avatar
      Annotate module params that specify hardware parameters (eg. ioport) · bf616d21
      David Howells authored
      Provided an annotation for module parameters that specify hardware
      parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
      dma buffers and other types).
      
      This will enable such parameters to be locked down in the core parameter
      parser for secure boot support.
      
      I've also included annotations as to what sort of hardware configuration
      each module is dealing with for future use.  Some of these are
      straightforward (ioport, iomem, irq, dma), but there are also:
      
       (1) drivers that switch the semantics of a parameter between ioport and
           iomem depending on a second parameter,
      
       (2) drivers that appear to reserve a CPU memory buffer at a fixed address,
      
       (3) other parameters, such as bus types and irq selection bitmasks.
      
      For the moment, the hardware configuration type isn't actually stored,
      though its validity is checked.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      bf616d21
  3. 03 Apr, 2017 2 commits
  4. 30 Mar, 2017 1 commit
  5. 28 Mar, 2017 2 commits
    • Tetsuo Handa's avatar
      LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob. · e4e55b47
      Tetsuo Handa authored
      We switched from "struct task_struct"->security to "struct cred"->security
      in Linux 2.6.29. But not all LSM modules were happy with that change.
      TOMOYO LSM module is an example which want to use per "struct task_struct"
      security blob, for TOMOYO's security context is defined based on "struct
      task_struct" rather than "struct cred". AppArmor LSM module is another
      example which want to use it, for AppArmor is currently abusing the cred
      a little bit to store the change_hat and setexeccon info. Although
      security_task_free() hook was revived in Linux 3.4 because Yama LSM module
      wanted to release per "struct task_struct" security blob,
      security_task_alloc() hook and "struct task_struct"->security field were
      not revived. Nowadays, we are getting proposals of lightweight LSM modules
      which want to use per "struct task_struct" security blob.
      
      We are already allowing multiple concurrent LSM modules (up to one fully
      armored module which uses "struct cred"->security field or exclusive hooks
      like security_xfrm_state_pol_flow_match(), plus unlimited number of
      lightweight modules which do not use "struct cred"->security nor exclusive
      hooks) as long as they are built into the kernel. But this patch does not
      implement variable length "struct task_struct"->security field which will
      become needed when multiple LSM modules want to use "struct task_struct"->
      security field. Although it won't be difficult to implement variable length
      "struct task_struct"->security field, let's think about it after we merged
      this patch.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Tested-by: default avatarDjalal Harouni <tixxdz@gmail.com>
      Acked-by: default avatarJosé Bollo <jobol@nonadev.net>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: James Morris <james.l.morris@oracle.com>
      Cc: José Bollo <jobol@nonadev.net>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      e4e55b47
    • James Morris's avatar
      840c91dc
  6. 26 Mar, 2017 3 commits
    • Linus Torvalds's avatar
      Linux 4.11-rc4 · c02ed2e7
      Linus Torvalds authored
      c02ed2e7
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 0dc82fa5
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "A smattering of different small fixes for some random driver
        subsystems. Nothing all that major, just resolutions for reported
        issues and bugs.
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
        extcon: int3496: Set the id pin to direction-input if necessary
        extcon: int3496: Use gpiod_get instead of gpiod_get_index
        extcon: int3496: Add dependency on X86 as it's Intel specific
        extcon: int3496: Add GPIO ACPI mapping table
        extcon: int3496: Rename GPIO pins in accordance with binding
        vmw_vmci: handle the return value from pci_alloc_irq_vectors correctly
        ppdev: fix registering same device name
        parport: fix attempt to write duplicate procfiles
        auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
        Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
        Drivers: hv: vmbus: Don't leak channel ids
        Drivers: hv: util: don't forget to init host_ts.lock
        Drivers: hv: util: move waiting for release to hv_utils_transport itself
        vmbus: remove hv_event_tasklet_disable/enable
        vmbus: use rcu for per-cpu channel list
        mei: don't wait for os version message reply
        mei: fix deadlock on mei reset
        intel_th: pci: Add Gemini Lake support
        intel_th: pci: Add Denverton SOC support
        intel_th: Don't leak module refcount on failure to activate
        ...
      0dc82fa5
    • Linus Torvalds's avatar
      Merge tag 'driver-core-4.11-rc4' of... · 9e54ef9d
      Linus Torvalds authored
      Merge tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fix from Greg KH:
       "Here is a single kernfs fix for 4.11-rc4 that resolves a reported
        issue.
      
        It has been in linux-next with no reported issues"
      
      * tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file()
      9e54ef9d