#
eceb995e |
| 20-May-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.2-rc1' into spi-5.3
Linux 5.2-rc1
|
#
96d82e9d |
| 20-May-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.2-rc1' into regulator-5.3
Linux 5.2-rc1
|
#
1c7c3237 |
| 20-May-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.2-rc1' into asoc-5.3
Linux 5.2-rc1
|
#
2a267e7c |
| 10-May-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v5.1' into next
Sync up with mainline to bring in the latest APIs.
|
#
82045dd8 |
| 13-May-2019 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'linus' into core/urgent, to merge in dependent changes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
14be4c61 |
| 07-May-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Martin Schwidefsky:
- Support for kernel address space layout randomization
- Add suppor
Merge tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Martin Schwidefsky:
- Support for kernel address space layout randomization
- Add support for kernel image signature verification
- Convert s390 to the generic get_user_pages_fast code
- Convert s390 to the stack unwind API analog to x86
- Add support for CPU directed interrupts for PCI devices
- Provide support for MIO instructions to the PCI base layer, this will allow the use of direct PCI mappings in user space code
- Add the basic KVM guest ultravisor interface for protected VMs
- Add AT_HWCAP bits for several new hardware capabilities
- Update the CPU measurement facility counter definitions to SVN 6
- Arnds cleanup patches for his quest to get LLVM compiles working
- A vfio-ccw update with bug fixes and support for halt and clear
- Improvements for the hardware TRNG code
- Another round of cleanup for the QDIO layer
- Numerous cleanups and bug fixes
* tag 's390-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (98 commits) s390/vdso: drop unnecessary cc-ldoption s390: fix clang -Wpointer-sign warnigns in boot code s390: drop CONFIG_VIRT_TO_BUS s390: boot, purgatory: pass $(CLANG_FLAGS) where needed s390: only build for new CPUs with clang s390: simplify disabled_wait s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR s390/unwind: introduce stack unwind API s390/opcodes: add missing instructions to the disassembler s390/bug: add entry size to the __bug_table section s390: use proper expoline sections for .dma code s390/nospec: rename assembler generated expoline thunks s390: add missing ENDPROC statements to assembler functions locking/lockdep: check for freed initmem in static_obj() s390/kernel: add support for kernel address space layout randomization (KASLR) s390/kernel: introduce .dma sections s390/sclp: do not use static sccbs s390/kprobes: use static buffer for insn_page s390/kernel: convert SYSCALL and PGM_CHECK handlers to .quad s390/kernel: build a relocatable kernel ...
show more ...
|
Revision tags: v5.1, v5.1-rc7, v5.1-rc6, v5.1-rc5, v5.1-rc4, v5.1-rc3, v5.1-rc2, v5.1-rc1, v5.0, v5.0-rc8 |
|
#
9641b8cc |
| 21-Feb-2019 |
Martin Schwidefsky <schwidefsky@de.ibm.com> |
s390/ipl: read IPL report at early boot
Read the IPL Report block provided by secure-boot, add the entries of the certificate list to the system key ring and print the list of components.
PR: Adjus
s390/ipl: read IPL report at early boot
Read the IPL Report block provided by secure-boot, add the entries of the certificate list to the system key ring and print the list of components.
PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list for later use in kexec_file.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Philipp Rudo <prudo@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
show more ...
|
#
95d002e0 |
| 16-Apr-2019 |
Zhenyu Wang <zhenyuw@linux.intel.com> |
Merge tag 'drm-intel-next-2019-04-04' into gvt-next
Merge back drm-intel-next for engine name definition refinement and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses") tha
Merge tag 'drm-intel-next-2019-04-04' into gvt-next
Merge back drm-intel-next for engine name definition refinement and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses") that would need gvt fixes to depend on.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
show more ...
|
Revision tags: v5.0-rc7, v5.0-rc6 |
|
#
82ffd045 |
| 07-Feb-2019 |
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> |
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to prepare a
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to prepare a base for fbdev-v5.1 changes.
show more ...
|
Revision tags: v5.0-rc5, v5.0-rc4, v5.0-rc3, v5.0-rc2 |
|
#
23d19ba0 |
| 11-Jan-2019 |
Maxime Ripard <maxime.ripard@bootlin.com> |
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
show more ...
|
#
49e41801 |
| 10-Jan-2019 |
James Morris <james.morris@microsoft.com> |
Merge tag 'v5.0-rc1' into next-general
Linux 5.0-rc1
Sync to pick up LSM stacking work (which is based on -rc1).
|
#
3eb0930a |
| 08-Jan-2019 |
Jani Nikula <jani.nikula@intel.com> |
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function") 0b2c8f8b6b0c ("i91
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function") 0b2c8f8b6b0c ("i915: fix missing user_access_end() in page fault exception case") 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
show more ...
|
Revision tags: v5.0-rc1 |
|
#
d538d94f |
| 04-Jan-2019 |
Michael Ellerman <mpe@ellerman.id.au> |
Merge branch 'master' into fixes
We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type' argument from access_ok() function"), so merge master to get it.
|
#
f218a29c |
| 02-Jan-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris: "In Linux 4.19, a new LSM hook named security_kernel_
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris: "In Linux 4.19, a new LSM hook named security_kernel_load_data was upstreamed, allowing LSMs and IMA to prevent the kexec_load syscall. Different signature verification methods exist for verifying the kexec'ed kernel image. This adds additional support in IMA to prevent loading unsigned kernel images via the kexec_load syscall, independently of the IMA policy rules, based on the runtime "secure boot" flag. An initial IMA kselftest is included.
In addition, this pull request defines a new, separate keyring named ".platform" for storing the preboot/firmware keys needed for verifying the kexec'ed kernel image's signature and includes the associated IMA kexec usage of the ".platform" keyring.
(David Howell's and Josh Boyer's patches for reading the preboot/firmware keys, which were previously posted for a different use case scenario, are included here)"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: Remove references to module keyring ima: Use inode_is_open_for_write ima: Support platform keyring for kernel appraisal efi: Allow the "db" UEFI variable to be suppressed efi: Import certificates from UEFI Secure Boot efi: Add an EFI signature blob parser efi: Add EFI signature data types integrity: Load certs to the platform keyring integrity: Define a trusted platform keyring selftests/ima: kexec_load syscall test ima: don't measure/appraise files on efivarfs x86/ima: retry detecting secure boot mode docs: Extend trusted keys documentation for TPM 2.0 x86/ima: define arch_get_ima_policy() for x86 ima: add support for arch specific policies ima: refactor ima_init_policy() ima: prevent kexec_load syscall based on runtime secureboot flag x86/ima: define arch_ima_get_secureboot integrity: support new struct public_key_signature encoding field
show more ...
|
#
769e4709 |
| 29-Dec-2018 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kconfig updates from Masahiro Yamada:
- support -y option for merge_config.sh to avoid downgr
Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kconfig updates from Masahiro Yamada:
- support -y option for merge_config.sh to avoid downgrading =y to =m
- remove S_OTHER symbol type, and touch include/config/*.h files correctly
- fix file name and line number in lexer warnings
- fix memory leak when EOF is encountered in quotation
- resolve all shift/reduce conflicts of the parser
- warn no new line at end of file
- make 'source' statement more strict to take only string literal
- rewrite the lexer and remove the keyword lookup table
- convert to SPDX License Identifier
- compile C files independently instead of including them from zconf.y
- fix various warnings of gconfig
- misc cleanups
* tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (39 commits) kconfig: surround dbg_sym_flags with #ifdef DEBUG to fix gconf warning kconfig: split images.c out of qconf.cc/gconf.c to fix gconf warnings kconfig: add static qualifiers to fix gconf warnings kconfig: split the lexer out of zconf.y kconfig: split some C files out of zconf.y kconfig: convert to SPDX License Identifier kconfig: remove keyword lookup table entirely kconfig: update current_pos in the second lexer kconfig: switch to ASSIGN_VAL state in the second lexer kconfig: stop associating kconf_id with yylval kconfig: refactor end token rules kconfig: stop supporting '.' and '/' in unquoted words treewide: surround Kconfig file paths with double quotes microblaze: surround string default in Kconfig with double quotes kconfig: use T_WORD instead of T_VARIABLE for variables kconfig: use specific tokens instead of T_ASSIGN for assignments kconfig: refactor scanning and parsing "option" properties kconfig: use distinct tokens for type and default properties kconfig: remove redundant token defines kconfig: rename depends_list to comment_option_list ...
show more ...
|
Revision tags: v4.20, v4.20-rc7 |
|
#
8636a1f9 |
| 11-Dec-2018 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
treewide: surround Kconfig file paths with double quotes
The Kconfig lexer supports special characters such as '.' and '/' in the parameter context. In my understanding, the reason is just to suppor
treewide: surround Kconfig file paths with double quotes
The Kconfig lexer supports special characters such as '.' and '/' in the parameter context. In my understanding, the reason is just to support bare file paths in the source statement.
I do not see a good reason to complicate Kconfig for the room of ambiguity.
The majority of code already surrounds file paths with double quotes, and it makes sense since file paths are constant string literals.
Make it treewide consistent now.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Wolfram Sang <wsa@the-dreams.de> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Ingo Molnar <mingo@kernel.org>
show more ...
|
#
5580b4a1 |
| 17-Dec-2018 |
James Morris <james.morris@microsoft.com> |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity
From Mimi:
In Linux 4.19, a new LSM hook named security_kernel_load_data was
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity
From Mimi:
In Linux 4.19, a new LSM hook named security_kernel_load_data was upstreamed, allowing LSMs and IMA to prevent the kexec_load syscall. Different signature verification methods exist for verifying the kexec'ed kernel image. This pull request adds additional support in IMA to prevent loading unsigned kernel images via the kexec_load syscall, independently of the IMA policy rules, based on the runtime "secure boot" flag. An initial IMA kselftest is included.
In addition, this pull request defines a new, separate keyring named ".platform" for storing the preboot/firmware keys needed for verifying the kexec'ed kernel image's signature and includes the associated IMA kexec usage of the ".platform" keyring.
(David Howell's and Josh Boyer's patches for reading the preboot/firmware keys, which were previously posted for a different use case scenario, are included here.)
show more ...
|
Revision tags: v4.20-rc6 |
|
#
9dc92c45 |
| 08-Dec-2018 |
Nayna Jain <nayna@linux.ibm.com> |
integrity: Define a trusted platform keyring
On secure boot enabled systems, a verified kernel may need to kexec additional kernels. For example, it may be used as a bootloader needing to kexec a ta
integrity: Define a trusted platform keyring
On secure boot enabled systems, a verified kernel may need to kexec additional kernels. For example, it may be used as a bootloader needing to kexec a target kernel or it may need to kexec a crashdump kernel. In such cases, it may want to verify the signature of the next kernel image.
It is further possible that the kernel image is signed with third party keys which are stored as platform or firmware keys in the 'db' variable. The kernel, however, can not directly verify these platform keys, and an administrator may therefore not want to trust them for arbitrary usage. In order to differentiate platform keys from other keys and provide the necessary separation of trust, the kernel needs an additional keyring to store platform keys.
This patch creates the new keyring called ".platform" to isolate keys provided by platform from keys by kernel. These keys are used to facilitate signature verification during kexec. Since the scope of this keyring is only the platform/firmware keys, it cannot be updated from userspace.
This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.morris@microsoft.com> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
show more ...
|
Revision tags: v4.20-rc5, v4.20-rc4, v4.20-rc3, v4.20-rc2, v4.20-rc1, v4.19, v4.19-rc8, v4.19-rc7, v4.19-rc6, v4.19-rc5, v4.19-rc4, v4.19-rc3, v4.19-rc2, v4.19-rc1, v4.18, v4.18-rc8, v4.18-rc7, v4.18-rc6, v4.18-rc5, v4.18-rc4, v4.18-rc3, v4.18-rc2, v4.18-rc1, v4.17, v4.17-rc7, v4.17-rc6, v4.17-rc5, v4.17-rc4, v4.17-rc3, v4.17-rc2, v4.17-rc1, v4.16, v4.16-rc7, v4.16-rc6, v4.16-rc5, v4.16-rc4, v4.16-rc3, v4.16-rc2, v4.16-rc1, v4.15, v4.15-rc9, v4.15-rc8, v4.15-rc7, v4.15-rc6, v4.15-rc5, v4.15-rc4, v4.15-rc3, v4.15-rc2, v4.15-rc1, v4.14, v4.14-rc8, v4.14-rc7, v4.14-rc6, v4.14-rc5, v4.14-rc4, v4.14-rc3, v4.14-rc2, v4.14-rc1, v4.13, v4.13-rc7, v4.13-rc6, v4.13-rc5, v4.13-rc4, v4.13-rc3, v4.13-rc2, v4.13-rc1, v4.12, v4.12-rc7, v4.12-rc6, v4.12-rc5, v4.12-rc4, v4.12-rc3, v4.12-rc2, v4.12-rc1, v4.11, v4.11-rc8, v4.11-rc7, v4.11-rc6, v4.11-rc5, v4.11-rc4, v4.11-rc3, v4.11-rc2, v4.11-rc1, v4.10, v4.10-rc8, v4.10-rc7, v4.10-rc6, v4.10-rc5, v4.10-rc4, v4.10-rc3, v4.10-rc2, v4.10-rc1 |
|
#
f26e8817 |
| 16-Dec-2016 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare input updates for 4.10 merge window.
|
Revision tags: v4.9, v4.9-rc8, v4.9-rc7, v4.9-rc6, v4.9-rc5, v4.9-rc4, v4.9-rc3, v4.9-rc2, v4.9-rc1 |
|
#
4a7126a2 |
| 14-Oct-2016 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v4.8' into next
Sync up with mainline to bring in I2C host notify changes and other updates.
|
Revision tags: v4.8, v4.8-rc8, v4.8-rc7, v4.8-rc6, v4.8-rc5, v4.8-rc4, v4.8-rc3, v4.8-rc2, v4.8-rc1 |
|
#
e82a82c1 |
| 28-Jul-2016 |
Jiri Kosina <jkosina@suse.cz> |
Merge branches 'for-4.8/alps', 'for-4.8/apple', 'for-4.8/i2c-hid', 'for-4.8/uhid-offload-hid-device-add' and 'for-4.8/upstream' into for-linus
|
Revision tags: v4.7 |
|
#
8c57a5e7 |
| 19-Jul-2016 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'for-linus' into next
Sync up to bring in wacom_w8001 changes to avoid merge conflicts later.
|
Revision tags: v4.7-rc7 |
|
#
946e0f6f |
| 08-Jul-2016 |
Ingo Molnar <mingo@kernel.org> |
Merge tag 'v4.7-rc6' into x86/mm, to merge fixes before applying new changes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
b6d90158 |
| 07-Jul-2016 |
Rafael J. Wysocki <rafael.j.wysocki@intel.com> |
Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'
* acpica-fixes: ACPICA: Namespace: Fix namespace/interpreter lock ordering
* acpi-pci-fixes: ACPI,PCI,IRQ: separate ISA pe
Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'
* acpica-fixes: ACPICA: Namespace: Fix namespace/interpreter lock ordering
* acpi-pci-fixes: ACPI,PCI,IRQ: separate ISA penalty calculation Revert "ACPI, PCI, IRQ: remove redundant code in acpi_irq_penalty_init()" ACPI,PCI,IRQ: factor in PCI possible
* acpi-debug-fixes: ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal
show more ...
|
#
ea1a25c3 |
| 06-Jul-2016 |
James Bottomley <James.Bottomley@HansenPartnership.com> |
Merge branch 'jejb-fixes' into fixes
|