#
c900529f |
| 12-Sep-2023 |
Thomas Zimmermann <tzimmermann@suse.de> |
Merge drm/drm-fixes into drm-misc-fixes
Forwarding to v6.6-rc1.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
|
Revision tags: v6.6-rc1 |
|
#
34069d12 |
| 05-Sep-2023 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v6.5' into next
Sync up with mainline to bring in updates to the shared infrastructure.
|
#
1ac731c5 |
| 31-Aug-2023 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare input updates for 6.6 merge window.
|
#
1dbae189 |
| 30-Aug-2023 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: "Thirty three SELinux patches, which is a pretty big number fo
Merge tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: "Thirty three SELinux patches, which is a pretty big number for us, but there isn't really anything scary in here; in fact we actually manage to remove 10 lines of code with this :)
- Promote the SELinux DEBUG_HASHES macro to CONFIG_SECURITY_SELINUX_DEBUG
The DEBUG_HASHES macro was a buried SELinux specific preprocessor debug macro that was a problem waiting to happen. Promoting the debug macro to a proper Kconfig setting should help both improve the visibility of the feature as well enable improved test coverage. We've moved some additional debug functions under the CONFIG_SECURITY_SELINUX_DEBUG flag and we may see more work in the future.
- Emit a pr_notice() message if virtual memory is executable by default
As this impacts the SELinux access control policy enforcement, if the system's configuration is such that virtual memory is executable by default we print a single line notice to the console.
- Drop avtab_search() in favor of avtab_search_node()
Both functions are nearly identical so we removed avtab_search() and converted the callers to avtab_search_node().
- Add some SELinux network auditing helpers
The helpers not only reduce a small amount of code duplication, but they provide an opportunity to improve UDP flood performance slightly by delaying initialization of the audit data in some cases.
- Convert GFP_ATOMIC allocators to GFP_KERNEL when reading SELinux policy
There were two SELinux policy load helper functions that were allocating memory using GFP_ATOMIC, they have been converted to GFP_KERNEL.
- Quiet a KMSAN warning in selinux_inet_conn_request()
A one-line error path (re)set patch that resolves a KMSAN warning. It is important to note that this doesn't represent a real bug in the current code, but it quiets KMSAN and arguably hardens the code against future changes.
- Cleanup the policy capability accessor functions
This is a follow-up to the patch which reverted SELinux to using a global selinux_state pointer. This patch cleans up some artifacts of that change and turns each accessor into a one-line READ_ONCE() call into the policy capabilities array.
- A number of patches from Christian Göttsche
Christian submitted almost two-thirds of the patches in this pull request as he worked to harden the SELinux code against type differences, variable overflows, etc.
- Support for separating early userspace from the kernel in policy, with a later revert
We did have a patch that added a new userspace initial SID which would allow SELinux to distinguish between early user processes created before the initial policy load and the kernel itself.
Unfortunately additional post-merge testing revealed a problematic interaction with an old SELinux userspace on an old version of Ubuntu so we've reverted the patch until we can resolve the compatibility issue.
- Remove some outdated comments dealing with LSM hook registration
When we removed the runtime disable functionality we forgot to remove some old comments discussing the importance of LSM hook registration ordering.
- Minor administrative changes
Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux". We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense"
* tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: (33 commits) selinux: prevent KMSAN warning in selinux_inet_conn_request() selinux: use unsigned iterator in nlmsgtab code selinux: avoid implicit conversions in policydb code selinux: avoid implicit conversions in selinuxfs code selinux: make left shifts well defined selinux: update type for number of class permissions in services code selinux: avoid implicit conversions in avtab code selinux: revert SECINITSID_INIT support selinux: use GFP_KERNEL while reading binary policy selinux: update comment on selinux_hooks[] selinux: avoid implicit conversions in services code selinux: avoid implicit conversions in mls code selinux: use identical iterator type in hashtab_duplicate() selinux: move debug functions into debug configuration selinux: log about VM being executable by default selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif() selinux: introduce SECURITY_SELINUX_DEBUG configuration selinux: introduce and use lsm_ad_net_init*() helpers selinux: update my email address selinux: add missing newlines in pr_err() statements ...
show more ...
|
Revision tags: v6.5, v6.5-rc7 |
|
#
1df83cbf |
| 15-Aug-2023 |
Andrew Kanner <andrew.kanner@gmail.com> |
selinux: prevent KMSAN warning in selinux_inet_conn_request()
KMSAN reports the following issue: [ 81.822503] ===================================================== [ 81.823222] BUG: KMSAN: unini
selinux: prevent KMSAN warning in selinux_inet_conn_request()
KMSAN reports the following issue: [ 81.822503] ===================================================== [ 81.823222] BUG: KMSAN: uninit-value in selinux_inet_conn_request+0x2c8/0x4b0 [ 81.823891] selinux_inet_conn_request+0x2c8/0x4b0 [ 81.824385] security_inet_conn_request+0xc0/0x160 [ 81.824886] tcp_v4_route_req+0x30e/0x490 [ 81.825343] tcp_conn_request+0xdc8/0x3400 [ 81.825813] tcp_v4_conn_request+0x134/0x190 [ 81.826292] tcp_rcv_state_process+0x1f4/0x3b40 [ 81.826797] tcp_v4_do_rcv+0x9ca/0xc30 [ 81.827236] tcp_v4_rcv+0x3bf5/0x4180 [ 81.827670] ip_protocol_deliver_rcu+0x822/0x1230 [ 81.828174] ip_local_deliver_finish+0x259/0x370 [ 81.828667] ip_local_deliver+0x1c0/0x450 [ 81.829105] ip_sublist_rcv+0xdc1/0xf50 [ 81.829534] ip_list_rcv+0x72e/0x790 [ 81.829941] __netif_receive_skb_list_core+0x10d5/0x1180 [ 81.830499] netif_receive_skb_list_internal+0xc41/0x1190 [ 81.831064] napi_complete_done+0x2c4/0x8b0 [ 81.831532] e1000_clean+0x12bf/0x4d90 [ 81.831983] __napi_poll+0xa6/0x760 [ 81.832391] net_rx_action+0x84c/0x1550 [ 81.832831] __do_softirq+0x272/0xa6c [ 81.833239] __irq_exit_rcu+0xb7/0x1a0 [ 81.833654] irq_exit_rcu+0x17/0x40 [ 81.834044] common_interrupt+0x8d/0xa0 [ 81.834494] asm_common_interrupt+0x2b/0x40 [ 81.834949] default_idle+0x17/0x20 [ 81.835356] arch_cpu_idle+0xd/0x20 [ 81.835766] default_idle_call+0x43/0x70 [ 81.836210] do_idle+0x258/0x800 [ 81.836581] cpu_startup_entry+0x26/0x30 [ 81.837002] __pfx_ap_starting+0x0/0x10 [ 81.837444] secondary_startup_64_no_verify+0x17a/0x17b [ 81.837979] [ 81.838166] Local variable nlbl_type.i created at: [ 81.838596] selinux_inet_conn_request+0xe3/0x4b0 [ 81.839078] security_inet_conn_request+0xc0/0x160
KMSAN warning is reproducible with: * netlabel_mgmt_protocount is 0 (e.g. netlbl_enabled() returns 0) * CONFIG_SECURITY_NETWORK_XFRM may be set or not * CONFIG_KMSAN=y * `ssh USER@HOSTNAME /bin/date`
selinux_skb_peerlbl_sid() will call selinux_xfrm_skb_sid(), then fall to selinux_netlbl_skbuff_getsid() which will not initialize nlbl_type, but it will be passed to:
err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
and checked by KMSAN, although it will not be used inside security_net_peersid_resolve() (at least now), since this function will check either (xfrm_sid == SECSID_NULL) or (nlbl_sid == SECSID_NULL) first and return before using uninitialized nlbl_type.
Signed-off-by: Andrew Kanner <andrew.kanner@gmail.com> [PM: subject line tweak, removed 'fixes' tag as code is not broken] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.5-rc6 |
|
#
2612e3bb |
| 07-Aug-2023 |
Rodrigo Vivi <rodrigo.vivi@intel.com> |
Merge drm/drm-next into drm-intel-next
Catching-up with drm-next and drm-intel-gt-next. It will unblock a code refactor around the platform definitions (names vs acronyms).
Signed-off-by: Rodrigo V
Merge drm/drm-next into drm-intel-next
Catching-up with drm-next and drm-intel-gt-next. It will unblock a code refactor around the platform definitions (names vs acronyms).
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
show more ...
|
#
9f771739 |
| 07-Aug-2023 |
Joonas Lahtinen <joonas.lahtinen@linux.intel.com> |
Merge drm/drm-next into drm-intel-gt-next
Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as a dependency for https://patchwork.freedesktop.org/series/1
Merge drm/drm-next into drm-intel-gt-next
Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as a dependency for https://patchwork.freedesktop.org/series/121735/
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
show more ...
|
Revision tags: v6.5-rc5, v6.5-rc4 |
|
#
61b73694 |
| 24-Jul-2023 |
Thomas Zimmermann <tzimmermann@suse.de> |
Merge drm/drm-next into drm-misc-next
Backmerging to get v6.5-rc2.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
|
Revision tags: v6.5-rc3 |
|
#
50501936 |
| 17-Jul-2023 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v6.4' into next
Sync up with mainline to bring in updates to shared infrastructure.
|
#
0791faeb |
| 17-Jul-2023 |
Mark Brown <broonie@kernel.org> |
ASoC: Merge v6.5-rc2
Get a similar baseline to my other branches, and fixes for people using the branch.
|
Revision tags: v6.5-rc2 |
|
#
2f98e686 |
| 11-Jul-2023 |
Maxime Ripard <mripard@kernel.org> |
Merge v6.5-rc1 into drm-misc-fixes
Boris needs 6.5-rc1 in drm-misc-fixes to prevent a conflict.
Signed-off-by: Maxime Ripard <mripard@kernel.org>
|
Revision tags: v6.5-rc1 |
|
#
44f10dbe |
| 30-Jun-2023 |
Andrew Morton <akpm@linux-foundation.org> |
Merge branch 'master' into mm-hotfixes-stable
|
#
729b39ec |
| 28-Jun-2023 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Thanks to help from the MPTCP folks, it looks like we have
Merge tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Thanks to help from the MPTCP folks, it looks like we have finally sorted out a proper solution to the MPTCP socket labeling issue, see the new security_mptcp_add_subflow() LSM hook.
- Fix the labeled NFS handling such that a labeled NFS share mounted prior to the initial SELinux policy load is properly labeled once a policy is loaded; more information in the commit description.
- Two patches to security/selinux/Makefile, the first took the cleanups in v6.4 a bit further and the second removed the grouped targets support as that functionality doesn't appear to be properly supported prior to make v4.3.
- Deprecate the "fs" object context type in SELinux policies. The fs object context type was an old vestige that was introduced back in v2.6.12-rc2 but never really used.
- A number of small changes that remove dead code, clean up some awkward bits, and generally improve the quality of the code. See the individual commit descriptions for more information.
* tag 'selinux-pr-20230626' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: avoid bool as identifier name selinux: fix Makefile for versions of make < v4.3 selinux: make labeled NFS work when mounted before policy load selinux: cleanup exit_sel_fs() declaration selinux: deprecated fs ocon selinux: make header files self-including selinux: keep context struct members in sync selinux: Implement mptcp_add_subflow hook security, lsm: Introduce security_mptcp_add_subflow() selinux: small cleanups in selinux_audit_rule_init() selinux: declare read-only data arrays const selinux: retain const qualifier on string literal in avtab_hash_eval() selinux: drop return at end of void function avc_insert() selinux: avc: drop unused function avc_disable() selinux: adjust typos in comments selinux: do not leave dangling pointer behind selinux: more Makefile tweaks
show more ...
|
Revision tags: v6.4, v6.4-rc7 |
|
#
db6da59c |
| 15-Jun-2023 |
Thomas Zimmermann <tzimmermann@suse.de> |
Merge drm/drm-next into drm-misc-next-fixes
Backmerging to sync drm-misc-next-fixes with drm-misc-next.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
|
#
03c60192 |
| 12-Jun-2023 |
Dmitry Baryshkov <dmitry.baryshkov@linaro.org> |
Merge branch 'drm-next' of git://anongit.freedesktop.org/drm/drm into msm-next-lumag-base
Merge the drm-next tree to pick up the DRM DSC helpers (merged via drm-intel-next tree). MSM DSC v1.2 patche
Merge branch 'drm-next' of git://anongit.freedesktop.org/drm/drm into msm-next-lumag-base
Merge the drm-next tree to pick up the DRM DSC helpers (merged via drm-intel-next tree). MSM DSC v1.2 patches depend on these helpers.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
show more ...
|
Revision tags: v6.4-rc6 |
|
#
5c680050 |
| 06-Jun-2023 |
Miquel Raynal <miquel.raynal@bootlin.com> |
Merge tag 'v6.4-rc4' into wpan-next/staging
Linux 6.4-rc4
|
#
9ff17e6b |
| 05-Jun-2023 |
Tvrtko Ursulin <tvrtko.ursulin@intel.com> |
Merge drm/drm-next into drm-intel-gt-next
For conflict avoidance we need the following commit:
c9a9f18d3ad8 drm/i915/huc: use const struct bus_type pointers
Signed-off-by: Tvrtko Ursulin <tvrtko
Merge drm/drm-next into drm-intel-gt-next
For conflict avoidance we need the following commit:
c9a9f18d3ad8 drm/i915/huc: use const struct bus_type pointers
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
show more ...
|
Revision tags: v6.4-rc5, v6.4-rc4, v6.4-rc3, v6.4-rc2, v6.4-rc1, v6.3 |
|
#
85c3222d |
| 20-Apr-2023 |
Paolo Abeni <pabeni@redhat.com> |
selinux: Implement mptcp_add_subflow hook
Newly added subflows should inherit the LSM label from the associated MPTCP socket regardless of the current context.
This patch implements the above copyi
selinux: Implement mptcp_add_subflow hook
Newly added subflows should inherit the LSM label from the associated MPTCP socket regardless of the current context.
This patch implements the above copying sid and class from the MPTCP socket context, deleting the existing subflow label, if any, and then re-creating the correct one.
The new helper reuses the selinux_netlbl_sk_security_free() function, and the latter can end-up being called multiple times with the same argument; we additionally need to make it idempotent.
Signed-off-by: Paolo Abeni <pabeni@redhat.com> Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
9c3a985f |
| 17-May-2023 |
Rodrigo Vivi <rodrigo.vivi@intel.com> |
Merge drm/drm-next into drm-intel-next
Backmerge to get some hwmon dependencies.
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
|
#
50282fd5 |
| 12-May-2023 |
Maxime Ripard <maxime@cerno.tech> |
Merge drm/drm-fixes into drm-misc-fixes
Let's bring 6.4-rc1 in drm-misc-fixes to start the new fix cycle.
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
|
#
ff32fcca |
| 09-May-2023 |
Maxime Ripard <maxime@cerno.tech> |
Merge drm/drm-next into drm-misc-next
Start the 6.5 release cycle.
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
|
#
72eaa096 |
| 24-Apr-2023 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Stop passing the 'selinux_state' pointers as function argum
Merge tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Stop passing the 'selinux_state' pointers as function arguments
As discussed during the end of the last development cycle, passing a selinux_state pointer through the SELinux code has a noticeable impact on performance, and with the current code it is not strictly necessary.
This simplifies things by referring directly to the single selinux_state global variable which should help improve SELinux performance.
- Uninline the unlikely portions of avc_has_perm_noaudit()
This change was also based on a discussion from the last development cycle, and is heavily based on an initial proof of concept patch from you. The core issue was that avc_has_perm_noaudit() was not able to be inlined, as intended, due to its size. We solved this issue by extracting the less frequently hit portions of avc_has_perm_noaudit() into a separate function, reducing the size of avc_has_perm_noaudit() to the point where the compiler began inlining the function. We also took the opportunity to clean up some ugly RCU locking in the code that became uglier with the change.
- Remove the runtime disable functionality
After several years of work by the userspace and distro folks, we are finally in a place where we feel comfortable removing the runtime disable functionality which we initially deprecated at the start of 2020.
There is plenty of information in the kernel's deprecation (now removal) notice, but the main motivation was to be able to safely mark the LSM hook structures as '__ro_after_init'.
LWN also wrote a good summary of the deprecation this morning which offers a more detailed history:
https://lwn.net/SubscriberLink/927463/dcfa0d4ed2872f03
- Remove the checkreqprot functionality
The original checkreqprot deprecation notice stated that the removal would happen no sooner than June 2021, which means this falls hard into the "better late than never" bucket.
The Kconfig and deprecation notice has more detail on this setting, but the basic idea is that we want to ensure that the SELinux policy allows for the memory protections actually applied by the kernel, and not those requested by the process.
While we haven't found anyone running a supported distro that is affected by this deprecation/removal, anyone who is affected would only need to update their policy to reflect the reality of their applications' mapping protections.
- Minor Makefile improvements
Some minor Makefile improvements to correct some dependency issues likely only ever seen by SELinux developers. I expect we will have at least one more tweak to the Makefile during the next merge window, but it didn't quite make the cutoff this time around.
* tag 'selinux-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: ensure av_permissions.h is built when needed selinux: fix Makefile dependencies of flask.h selinux: stop returning node from avc_insert() selinux: clean up dead code after removing runtime disable selinux: update the file list in MAINTAINERS selinux: remove the runtime disable functionality selinux: remove the 'checkreqprot' functionality selinux: stop passing selinux_state pointers and their offspring selinux: uninline unlikely parts of avc_has_perm_noaudit()
show more ...
|
Revision tags: v6.3-rc7, v6.3-rc6, v6.3-rc5, v6.3-rc4, v6.3-rc3, v6.3-rc2 |
|
#
e67b7985 |
| 09-Mar-2023 |
Stephen Smalley <stephen.smalley.work@gmail.com> |
selinux: stop passing selinux_state pointers and their offspring
Linus observed that the pervasive passing of selinux_state pointers introduced by me in commit aa8e712cee93 ("selinux: wrap global se
selinux: stop passing selinux_state pointers and their offspring
Linus observed that the pervasive passing of selinux_state pointers introduced by me in commit aa8e712cee93 ("selinux: wrap global selinux state") adds overhead and complexity without providing any benefit. The original idea was to pave the way for SELinux namespaces but those have not yet been implemented and there isn't currently a concrete plan to do so. Remove the passing of the selinux_state pointers, reverting to direct use of the single global selinux_state, and likewise remove passing of child pointers like the selinux_avc. The selinux_policy pointer remains as it is needed for atomic switching of policies.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Reported-by: kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202303101057.mZ3Gv5fK-lkp@intel.com/ Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.3-rc1, v6.2, v6.2-rc8, v6.2-rc7, v6.2-rc6, v6.2-rc5, v6.2-rc4, v6.2-rc3, v6.2-rc2, v6.2-rc1, v6.1, v6.1-rc8, v6.1-rc7, v6.1-rc6, v6.1-rc5, v6.1-rc4, v6.1-rc3, v6.1-rc2, v6.1-rc1, v6.0, v6.0-rc7, v6.0-rc6, v6.0-rc5, v6.0-rc4, v6.0-rc3, v6.0-rc2, v6.0-rc1, v5.19, v5.19-rc8, v5.19-rc7, v5.19-rc6, v5.19-rc5, v5.19-rc4, v5.19-rc3, v5.19-rc2, v5.19-rc1 |
|
#
03ab8e62 |
| 31-May-2022 |
Konstantin Komarov <almaz.alexandrovich@paragon-software.com> |
Merge tag 'v5.18'
Linux 5.18
|
Revision tags: v5.18, v5.18-rc7, v5.18-rc6, v5.18-rc5, v5.18-rc4, v5.18-rc3, v5.18-rc2, v5.18-rc1, v5.17, v5.17-rc8, v5.17-rc7 |
|
#
1136fa0c |
| 01-Mar-2022 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v5.17-rc4' into for-linus
Merge with mainline to get the Intel ASoC generic helpers header and other changes.
|