* Linux 5.1-rc2 @ 2019-03-24 21:26 Linus Torvalds 2019-03-25 2:31 ` Randy Dunlap 0 siblings, 1 reply; 14+ messages in thread From: Linus Torvalds @ 2019-03-24 21:26 UTC (permalink / raw) To: Linux List Kernel Mailing Well, we're a week away from the merge window close, and here's rc2. Things look fairly normal, but honestly, rc2 is usually too early to tell. People haven't necessarily had time to notice problems yet. Which is just another way of saying "please test harder". Nothing particularly stands out. Yes, we had some fixes for the new io_ring code for issues that were discussed when merging it. Other than that, worth noting is that the bulk of the patches are for tooling, not the core kernel. In fact, about two thirds of the patch is just for the tools/ subdirectory, most of it due to some late perf tool updates. The people involved promise they're done. Ignoring the tools thing, the rest is just spread all over, and it's all pretty small. It's _roughly_ evenly split between arch updates, drivers and filesystem code, but that's partially because of the aforementioned io_ring thing (making the filesystem side pop a bit). But there's minor noise elsewhere too. Most of the arch/ code is a late ARC update. But none of it really is all that large or worrisome. Shortlog appended for a flavor of the details (and you'll see the perf dominance there) Go test, Linus --- Aditya Pakki (1): x86/hpet: Prevent potential NULL pointer dereference Adrian Hunter (1): perf probe: Fix getting the kernel map Alexander Shiyan (2): mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages" clocksource/drivers/clps711x: Remove board support Alexey Brodkin (1): ARC: DTB: [scripted] fix node name and address spelling Andi Kleen (22): perf script: Support insn output for normal samples perf report: Support output in nanoseconds perf time-utils: Add utility function to print time stamps in nanoseconds perf report: Parse time quantum perf report: Use less for scripts output perf script: Filter COMM/FORK/.. events by CPU perf report: Support time sort key perf report: Support running scripts for current time range perf report: Support builtin perf script in scripts menu perf report: Implement browsing of individual samples perf tools: Add some new tips describing the new options perf script: Add array bound checking to list_scripts perf ui browser: Fix ui popup argv browser for many entries perf tools report: Add custom scripts to script menu perf list: Filter metrics too perf record: Allow to limit number of reported perf.data files perf record: Clarify help for --switch-output perf report: Show all sort keys in help output perf report: Indicate JITed code better in report perf script: Support relative time perf stat: Fix --no-scale perf stat: Improve scaling Andrzej Hajda (1): drm/exynos/mixer: fix MIXER shadow registry synchronisation code Andy Shevchenko (6): auxdisplay: hd44780: Fix memory leak on ->remove() auxdisplay: charlcd: Move to_priv() to charlcd namespace auxdisplay: charlcd: Introduce charlcd_free() helper auxdisplay: panel: Convert to use charlcd_free() auxdisplay: hd44780: Convert to use charlcd_free() ACPI / utils: Drop reference in test for device presence Archer Yan (1): MIPS: Fix kernel crash for R6 in jump label branch function Arnaldo Carvalho de Melo (5): perf tools: Update x86's syscall_64.tbl, no change in tools/perf behaviour tools headers uapi: Sync copy of asm-generic/unistd.h with the kernel sources tools headers uapi: Update linux/in.h copy tools lib bpf: Fix the build by adding a missing stdarg.h include perf evsel: Free evsel->counts in perf_evsel__exit() Arnd Bergmann (3): irqchip/imx-irqsteer: Fix of_property_read_u32() error handling mmc: pxamci: fix enum type confusion mmc: davinci: remove extraneous __init annotation Atish Patra (1): clocksource/drivers/riscv: Fix clocksource mask Aya Levin (1): IB/mlx5: Fix mapping of link-mode to IB width and speed Bart Van Assche (6): scsi: core: Also call destroy_rcu_head() for passthrough requests scsi: core: Avoid that a kernel warning appears during system resume block: Unexport blk_mq_add_to_requeue_list() blk-iolatency: #include "blk.h" blkcg: Fix kernel-doc warnings workqueue: Only unregister a registered lockdep key Ben Hutchings (1): powerpc/mm: Only define MAX_PHYSMEM_BITS in SPARSEMEM configurations Borislav Petkov (1): x86/microcode: Announce reload operation's completion Changbin Du (15): perf tools: Add doc about how to build perf with Asan and UBSan perf list: Don't forget to drop the reference to the allocated thread_map perf tools: Fix errors under optimization level '-Og' perf config: Fix an error in the config template documentation perf config: Fix a memory leak in collect_config() perf build-id: Fix memory leak in print_sdt_events() perf top: Delete the evlist before perf_session, fixing heap-use-after-free issue perf top: Fix error handling in cmd_top() perf hist: Add missing map__put() in error case perf map: Remove map from 'names' tree in __maps__remove() perf maps: Purge all maps from the 'names' tree perf top: Fix global-buffer-overflow issue perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test perf tests: Fix memory leak by expr__find_other() in test__expr() perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() Chen Jie (1): futex: Ensure that futex address is aligned in handle_futex_death() Chris Wilson (2): drm/i915: Fix off-by-one in reporting hanging process drm/i915: Sanity check mmap length against object size Christian König (2): drm/amdgpu: revert "cleanup setting bulk_movable" drm/amdgpu: fix invalid use of change_bit Christophe Leroy (1): powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32 Colin Ian King (2): ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration x86/lib: Fix indentation issue, remove extra tab Corentin Labbe (1): arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM Dan Carpenter (1): drm/nouveau/dmem: Fix a NULL vs IS_ERR() check Daniel Drake (1): mmc: alcor: fix DMA reads Darrick J. Wong (1): ext4: prohibit fstrim in norecovery mode Dave Airlie (1): drm/udl: use drm_gem_object_put_unlocked. David Arcari (1): tools/power turbostat: return the exit status of a command Deepak Rawat (1): drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's Dongli Zhang (2): loop: access lo_backing_file only when the loop device is Lo_bound blk-mq: remove unused 'nr_expired' from blk_mq_hw_ctx Enrico Weigelt, metux IT consult (1): arch: arc: Kconfig: pedantic formatting Eugeniy Paltsev (5): ARC: [plat-hsdk]: Add reset controller handle to manage USB reset ARC: [plat-hsdk]: Enable AXI DW DMAC support ARCv2: lib: introduce memcpy optimized for unaligned access ARCv2: Add explcit unaligned access support (and ability to disable too) ARC: u-boot args: check that magic number is correct Fabien Dessenne (2): irqchip/stm32: Don't clear rising/falling config registers at init irqchip/stm32: Don't set rising configuration registers at init Fabrizio Castro (1): dt-bindings: irqchip: renesas-irqc: Document r8a774c0 support Feng Tang (1): i40iw: Avoid panic when handling the inetdev event Guenter Roeck (1): platform/chrome: cros_ec_debugfs: cancel/schedule logging work only if supported Gustavo A. R. Silva (1): genirq: Mark expected switch case fall-through Hanjun Guo (2): arm64: Add MIDR encoding for HiSilicon Taishan CPUs arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs Himanshu Madhani (1): scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID Hui Wang (2): ALSA: hda - Don't trigger jackpoll_work in azx_resume ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec Ilya Dryomov (3): rbd: set io_min, io_opt and discard_granularity to alloc_size libceph: wait for latest osdmap in ceph_monc_blacklist_add() rbd: drop wait_for_latest_osdmap() Ingo Molnar (1): x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header Jack Morgenstein (1): IB/mlx4: Fix race condition between catas error reset and aliasguid flows Jan Kara (4): ext4: avoid panic during forced reboot udf: Fix crash on IO error during truncate udf: Propagate errors from udf_truncate_extents() fanotify: Allow copying of file handle to userspace Jaroslav Kysela (1): ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist Jason Yan (1): ext4: remove useless ext4_pin_inode() Jens Axboe (11): io_uring: use regular request ref counts io_uring: make io_read/write return an integer io_uring: add prepped flag io_uring: fix fget/fput handling io_uring: fix poll races paride/pf: cleanup queues when detection fails paride/pcd: cleanup queues when detection fails io_uring: retry bulk slab allocs as single allocs io_uring: mark me as the maintainer iov_iter: add ITER_BVEC_FLAG_NO_REF flag block: add BIO_NO_PAGE_REF flag Jiada Wang (1): PM / Domains: Avoid a potential deadlock Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286 Jianguo Chen (1): irqchip/mbigen: Don't clear eventid when freeing an MSI Jiri Olsa (6): perf data: Support having perf.data stored as a directory perf data: Don't store auxtrace index for directory data file perf data: Add perf_data__update_dir() function perf data: Make perf_data__size() work over directory perf header: Add DIR_FORMAT feature to describe directory data perf session: Add process callback to reader object Jiufei Xue (1): ext4: fix NULL pointer dereference while journal is aborted Josh Poimboeuf (1): objtool: Move objtool_file struct off the stack Jérôme Glisse (1): drm/nouveau/dmem: empty chunk do not have a buffer object associated with them. Kairui Song (1): x86/gart: Exclude GART aperture from kcore Kangjie Lu (3): ALSA: echoaudio: add a check for ioremap_nocache ALSA: sb8: add a check for request_region x86/hyperv: Prevent potential NULL pointer dereference Kishon Vijay Abraham I (1): mmc: sdhci-omap: Set caps2 to indicate no physical write protect pin Konstantin Khlebnikov (1): sched/core: Fix buffer overflow in cgroup2 property cpu.max Linus Torvalds (1): Linux 5.1-rc2 Long Li (2): CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN Lu Baolu (2): iommu/vt-d: Check capability before disabling protected memory iommu/vt-d: Save the right domain ID used by hardware Luc Van Oostenryck (1): thermal/intel_powerclamp: fix __percpu declaration of worker_data Lukas Czerner (3): ext4: fix data corruption caused by unaligned direct AIO ext4: add missing brelse() in add_new_gdb_meta_bg() ext4: report real fs size after failed resize Luo Jiaxing (1): scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() Mamatha Inamdar (1): perf vendor events: Remove P8 HW events which are not supported Mans Rullgard (3): auxdisplay: deconfuse configuration auxdisplay: charlcd: simplify init message display auxdisplay: charlcd: make backlight initial state configurable Marc Zyngier (1): irqchip/gic: Drop support for secondary GIC in non-DT systems Marek Szyprowski (1): thermal: samsung: Fix incorrect check after code merge Mark Rutland (1): arm64: apply workaround on A64FX v1r0 Martin Liška (1): perf vendor events amd: perf PMU events for AMD Family 17h Masami Hiramatsu (4): arm64: kprobes: Move extable address check into arch_prepare_kprobe() arm64: kprobes: Remove unneeded RODATA check arm64: kprobes: Move exception_text check in blacklist arm64: kprobes: Use arch_populate_kprobe_blacklist() Matteo Croce (1): x86/mm: Don't leak kernel addresses Matthew Garrett (2): thermal/int340x_thermal: Add additional UUIDs thermal/int340x_thermal: fix mode setting Matthew Whitehead (2): x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors x86/cpu/cyrix: Remove {get,set}Cx86_old macros used for Cyrix processors Matthias Kaehlcke (1): arm64: remove obsolete selection of MULTI_IRQ_HANDLER Maurizio Lombardi (1): scsi: iscsi: flush running unbind operations when removing a session Michael Ellerman (2): powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 powerpc/security: Fix spectre_v2 reporting Nathan Chancellor (1): x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error Nick Crews (1): platform/chrome: Fix locking pattern in wilco_ec_mailbox() Nick Desaulniers (1): x86/boot: Restrict header scope to make Clang happy Ondrej Mosnacek (1): selinux: fix NULL dereference in policydb_destroy() Paul Burton (1): MIPS: Remove custom MIPS32 __kernel_fsid_t type Paulo Alcantara (SUSE) (1): cifs: Fix slab-out-of-bounds when tracing SMB tcon Peter Xu (1): genirq: Fix typo in comment of IRQD_MOVE_PCNTXT Peter Zijlstra (1): sched/cpufreq: Fix 32-bit math overflow Petr Štetiar (1): mips: bcm47xx: Enable USB power on Netgear WNDR3400v2 Phil Elwell (1): thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs Pi-Hsun Shih (1): thermal: mtk: Allocate enough space for mtk_thermal. Quinn Tran (1): scsi: qla2xxx: Fix FC-AL connection target discovery Rasmus Villemoes (1): irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp Robert Richter (1): iommu/iova: Fix tracking of recently failed iova address Ronnie Sahlberg (1): cifs: allow guest mounts to work for smb3.11 Shaokun Zhang (1): thermal: cpu_cooling: Remove unused cur_freq variable Shenghui Wang (1): sbitmap: trivial - update comment for sbitmap_deferred_clear_bit Song Liu (19): perf record: Replace option --bpf-event with --no-bpf-event tools lib bpf: Introduce bpf_program__get_prog_info_linear() bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump() perf bpf: Synthesize bpf events with bpf_program__get_prog_info_linear() perf bpf: Make synthesize_bpf_events() receive perf_session pointer instead of perf_tool perf bpf: Save bpf_prog_info in a rbtree in perf_env perf bpf: Save bpf_prog_info information as headers to perf.data perf bpf: Save BTF in a rbtree in perf_env perf bpf: Save BTF information as headers to perf.data perf top: Add option --no-bpf-event perf feature detection: Add -lopcodes to feature-libbfd perf symbols: Introduce DSO_BINARY_TYPE__BPF_PROG_INFO perf bpf: Process PERF_BPF_EVENT_PROG_LOAD for annotation perf build: Check what binutils's 'disassembler()' signature to use perf annotate: Enable annotation of BPF programs perf evlist: Introduce side band thread perf tools: Save bpf_prog_info and BTF of new BPF programs perf bpf: Extract logic to create program names from perf_event__synthesize_one_bpf_prog() perf bpf: Show more BPF program info in print_bpf_prog_info() Stanislaw Gruszka (1): iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE Stephane Eranian (1): perf/core: Restore mmap record type correctly Steve French (3): fix incorrect error code mapping for OBJECTID_NOT_FOUND SMB3: Fix SMB3.1.1 guest mounts to Samba cifs: update internal module version number Takashi Sakamoto (1): ALSA: firewire-motu: use 'version' field of unit directory to identify model Thomas Preston (1): drm/i915/bios: assume eDP is present on port A when there is no VBT Thomas Zimmermann (1): drm/vmwgfx: Don't double-free the mode stored in par->set_mode Tony Jones (4): perf script python: Add Python3 support to exported-sql-viewer.py perf script python: Add Python3 support to export-to-postgresql.py perf script python: Add Python3 support to export-to-sqlite.py perf script python: Add printdate function to SQL exporters Tyrel Datwyler (2): scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton scsi: ibmvscsi: Fix empty event pool access during host removal Valdis Kletnieks (4): x86/mm/pti: Make local symbols static genirq/devres: Remove excess parameter from kernel doc time/jiffies: Make refined_jiffies static watchdog/core: Make variables static Valentin Schneider (3): sched/fair: Comment some nohz_balancer_kick() kick conditions sched/fair: Tune down misfit NOHZ kicks sched/fair: Skip LLC NOHZ logic for asymmetric systems Vineet Gupta (5): ARC: perf: bpok condition only exists for ARCompact ARCv2: boot log: refurbish HS core/release identification ARC: boot log: cut down on verbosity ARC: unaligned: relax the check for gcc supporting -mno-unaligned-access ARCv2: spinlock: remove the extra smp_mb before lock, after unlock William Cohen (1): arm64/stacktrace: Export save_stack_trace_regs() Wolfram Sang (1): mmc: renesas_sdhi: limit block count to 16 bit for old revisions Xiaoli Feng (1): cifs: fix that return -EINVAL when do dedupe operationAditya Pakki (1): x86/hpet: Prevent potential NULL pointer dereference Adrian Hunter (1): perf probe: Fix getting the kernel map Alexander Shiyan (2): mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages" clocksource/drivers/clps711x: Remove board support Alexey Brodkin (1): ARC: DTB: [scripted] fix node name and address spelling Andi Kleen (22): perf script: Support insn output for normal samples perf report: Support output in nanoseconds perf time-utils: Add utility function to print time stamps in nanoseconds perf report: Parse time quantum perf report: Use less for scripts output perf script: Filter COMM/FORK/.. events by CPU perf report: Support time sort key perf report: Support running scripts for current time range perf report: Support builtin perf script in scripts menu perf report: Implement browsing of individual samples perf tools: Add some new tips describing the new options perf script: Add array bound checking to list_scripts perf ui browser: Fix ui popup argv browser for many entries perf tools report: Add custom scripts to script menu perf list: Filter metrics too perf record: Allow to limit number of reported perf.data files perf record: Clarify help for --switch-output perf report: Show all sort keys in help output perf report: Indicate JITed code better in report perf script: Support relative time perf stat: Fix --no-scale perf stat: Improve scaling Andrzej Hajda (1): drm/exynos/mixer: fix MIXER shadow registry synchronisation code Andy Shevchenko (6): auxdisplay: hd44780: Fix memory leak on ->remove() auxdisplay: charlcd: Move to_priv() to charlcd namespace auxdisplay: charlcd: Introduce charlcd_free() helper auxdisplay: panel: Convert to use charlcd_free() auxdisplay: hd44780: Convert to use charlcd_free() ACPI / utils: Drop reference in test for device presence Archer Yan (1): MIPS: Fix kernel crash for R6 in jump label branch function Arnaldo Carvalho de Melo (5): perf tools: Update x86's syscall_64.tbl, no change in tools/perf behaviour tools headers uapi: Sync copy of asm-generic/unistd.h with the kernel sources tools headers uapi: Update linux/in.h copy tools lib bpf: Fix the build by adding a missing stdarg.h include perf evsel: Free evsel->counts in perf_evsel__exit() Arnd Bergmann (3): irqchip/imx-irqsteer: Fix of_property_read_u32() error handling mmc: pxamci: fix enum type confusion mmc: davinci: remove extraneous __init annotation Atish Patra (1): clocksource/drivers/riscv: Fix clocksource mask Aya Levin (1): IB/mlx5: Fix mapping of link-mode to IB width and speed Bart Van Assche (6): scsi: core: Also call destroy_rcu_head() for passthrough requests scsi: core: Avoid that a kernel warning appears during system resume block: Unexport blk_mq_add_to_requeue_list() blk-iolatency: #include "blk.h" blkcg: Fix kernel-doc warnings workqueue: Only unregister a registered lockdep key Ben Hutchings (1): powerpc/mm: Only define MAX_PHYSMEM_BITS in SPARSEMEM configurations Borislav Petkov (1): x86/microcode: Announce reload operation's completion Changbin Du (15): perf tools: Add doc about how to build perf with Asan and UBSan perf list: Don't forget to drop the reference to the allocated thread_map perf tools: Fix errors under optimization level '-Og' perf config: Fix an error in the config template documentation perf config: Fix a memory leak in collect_config() perf build-id: Fix memory leak in print_sdt_events() perf top: Delete the evlist before perf_session, fixing heap-use-after-free issue perf top: Fix error handling in cmd_top() perf hist: Add missing map__put() in error case perf map: Remove map from 'names' tree in __maps__remove() perf maps: Purge all maps from the 'names' tree perf top: Fix global-buffer-overflow issue perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test perf tests: Fix memory leak by expr__find_other() in test__expr() perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() Chen Jie (1): futex: Ensure that futex address is aligned in handle_futex_death() Chris Wilson (2): drm/i915: Fix off-by-one in reporting hanging process drm/i915: Sanity check mmap length against object size Christian König (2): drm/amdgpu: revert "cleanup setting bulk_movable" drm/amdgpu: fix invalid use of change_bit Christophe Leroy (1): powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32 Colin Ian King (2): ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration x86/lib: Fix indentation issue, remove extra tab Corentin Labbe (1): arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM Dan Carpenter (1): drm/nouveau/dmem: Fix a NULL vs IS_ERR() check Daniel Drake (1): mmc: alcor: fix DMA reads Darrick J. Wong (1): ext4: prohibit fstrim in norecovery mode Dave Airlie (1): drm/udl: use drm_gem_object_put_unlocked. David Arcari (1): tools/power turbostat: return the exit status of a command Deepak Rawat (1): drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's Dongli Zhang (2): loop: access lo_backing_file only when the loop device is Lo_bound blk-mq: remove unused 'nr_expired' from blk_mq_hw_ctx Enrico Weigelt, metux IT consult (1): arch: arc: Kconfig: pedantic formatting Eugeniy Paltsev (5): ARC: [plat-hsdk]: Add reset controller handle to manage USB reset ARC: [plat-hsdk]: Enable AXI DW DMAC support ARCv2: lib: introduce memcpy optimized for unaligned access ARCv2: Add explcit unaligned access support (and ability to disable too) ARC: u-boot args: check that magic number is correct Fabien Dessenne (2): irqchip/stm32: Don't clear rising/falling config registers at init irqchip/stm32: Don't set rising configuration registers at init Fabrizio Castro (1): dt-bindings: irqchip: renesas-irqc: Document r8a774c0 support Feng Tang (1): i40iw: Avoid panic when handling the inetdev event Guenter Roeck (1): platform/chrome: cros_ec_debugfs: cancel/schedule logging work only if supported Gustavo A. R. Silva (1): genirq: Mark expected switch case fall-through Hanjun Guo (2): arm64: Add MIDR encoding for HiSilicon Taishan CPUs arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs Himanshu Madhani (1): scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID Hui Wang (2): ALSA: hda - Don't trigger jackpoll_work in azx_resume ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec Ilya Dryomov (3): rbd: set io_min, io_opt and discard_granularity to alloc_size libceph: wait for latest osdmap in ceph_monc_blacklist_add() rbd: drop wait_for_latest_osdmap() Ingo Molnar (1): x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header Jack Morgenstein (1): IB/mlx4: Fix race condition between catas error reset and aliasguid flows Jan Kara (4): ext4: avoid panic during forced reboot udf: Fix crash on IO error during truncate udf: Propagate errors from udf_truncate_extents() fanotify: Allow copying of file handle to userspace Jaroslav Kysela (1): ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist Jason Yan (1): ext4: remove useless ext4_pin_inode() Jens Axboe (11): io_uring: use regular request ref counts io_uring: make io_read/write return an integer io_uring: add prepped flag io_uring: fix fget/fput handling io_uring: fix poll races paride/pf: cleanup queues when detection fails paride/pcd: cleanup queues when detection fails io_uring: retry bulk slab allocs as single allocs io_uring: mark me as the maintainer iov_iter: add ITER_BVEC_FLAG_NO_REF flag block: add BIO_NO_PAGE_REF flag Jiada Wang (1): PM / Domains: Avoid a potential deadlock Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286 Jianguo Chen (1): irqchip/mbigen: Don't clear eventid when freeing an MSI Jiri Olsa (6): perf data: Support having perf.data stored as a directory perf data: Don't store auxtrace index for directory data file perf data: Add perf_data__update_dir() function perf data: Make perf_data__size() work over directory perf header: Add DIR_FORMAT feature to describe directory data perf session: Add process callback to reader object Jiufei Xue (1): ext4: fix NULL pointer dereference while journal is aborted Josh Poimboeuf (1): objtool: Move objtool_file struct off the stack Jérôme Glisse (1): drm/nouveau/dmem: empty chunk do not have a buffer object associated with them. Kairui Song (1): x86/gart: Exclude GART aperture from kcore Kangjie Lu (3): ALSA: echoaudio: add a check for ioremap_nocache ALSA: sb8: add a check for request_region x86/hyperv: Prevent potential NULL pointer dereference Kishon Vijay Abraham I (1): mmc: sdhci-omap: Set caps2 to indicate no physical write protect pin Konstantin Khlebnikov (1): sched/core: Fix buffer overflow in cgroup2 property cpu.max Linus Torvalds (1): Linux 5.1-rc2 Long Li (2): CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN Lu Baolu (2): iommu/vt-d: Check capability before disabling protected memory iommu/vt-d: Save the right domain ID used by hardware Luc Van Oostenryck (1): thermal/intel_powerclamp: fix __percpu declaration of worker_data Lukas Czerner (3): ext4: fix data corruption caused by unaligned direct AIO ext4: add missing brelse() in add_new_gdb_meta_bg() ext4: report real fs size after failed resize Luo Jiaxing (1): scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() Mamatha Inamdar (1): perf vendor events: Remove P8 HW events which are not supported Mans Rullgard (3): auxdisplay: deconfuse configuration auxdisplay: charlcd: simplify init message display auxdisplay: charlcd: make backlight initial state configurable Marc Zyngier (1): irqchip/gic: Drop support for secondary GIC in non-DT systems Marek Szyprowski (1): thermal: samsung: Fix incorrect check after code merge Mark Rutland (1): arm64: apply workaround on A64FX v1r0 Martin Liška (1): perf vendor events amd: perf PMU events for AMD Family 17h Masami Hiramatsu (4): arm64: kprobes: Move extable address check into arch_prepare_kprobe() arm64: kprobes: Remove unneeded RODATA check arm64: kprobes: Move exception_text check in blacklist arm64: kprobes: Use arch_populate_kprobe_blacklist() Matteo Croce (1): x86/mm: Don't leak kernel addresses Matthew Garrett (2): thermal/int340x_thermal: Add additional UUIDs thermal/int340x_thermal: fix mode setting Matthew Whitehead (2): x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors x86/cpu/cyrix: Remove {get,set}Cx86_old macros used for Cyrix processors Matthias Kaehlcke (1): arm64: remove obsolete selection of MULTI_IRQ_HANDLER Maurizio Lombardi (1): scsi: iscsi: flush running unbind operations when removing a session Michael Ellerman (2): powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 powerpc/security: Fix spectre_v2 reporting Nathan Chancellor (1): x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error Nick Crews (1): platform/chrome: Fix locking pattern in wilco_ec_mailbox() Nick Desaulniers (1): x86/boot: Restrict header scope to make Clang happy Ondrej Mosnacek (1): selinux: fix NULL dereference in policydb_destroy() Paul Burton (1): MIPS: Remove custom MIPS32 __kernel_fsid_t type Paulo Alcantara (SUSE) (1): cifs: Fix slab-out-of-bounds when tracing SMB tcon Peter Xu (1): genirq: Fix typo in comment of IRQD_MOVE_PCNTXT Peter Zijlstra (1): sched/cpufreq: Fix 32-bit math overflow Petr Štetiar (1): mips: bcm47xx: Enable USB power on Netgear WNDR3400v2 Phil Elwell (1): thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs Pi-Hsun Shih (1): thermal: mtk: Allocate enough space for mtk_thermal. Quinn Tran (1): scsi: qla2xxx: Fix FC-AL connection target discovery Rasmus Villemoes (1): irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp Robert Richter (1): iommu/iova: Fix tracking of recently failed iova address Ronnie Sahlberg (1): cifs: allow guest mounts to work for smb3.11 Shaokun Zhang (1): thermal: cpu_cooling: Remove unused cur_freq variable Shenghui Wang (1): sbitmap: trivial - update comment for sbitmap_deferred_clear_bit Song Liu (19): perf record: Replace option --bpf-event with --no-bpf-event tools lib bpf: Introduce bpf_program__get_prog_info_linear() bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump() perf bpf: Synthesize bpf events with bpf_program__get_prog_info_linear() perf bpf: Make synthesize_bpf_events() receive perf_session pointer instead of perf_tool perf bpf: Save bpf_prog_info in a rbtree in perf_env perf bpf: Save bpf_prog_info information as headers to perf.data perf bpf: Save BTF in a rbtree in perf_env perf bpf: Save BTF information as headers to perf.data perf top: Add option --no-bpf-event perf feature detection: Add -lopcodes to feature-libbfd perf symbols: Introduce DSO_BINARY_TYPE__BPF_PROG_INFO perf bpf: Process PERF_BPF_EVENT_PROG_LOAD for annotation perf build: Check what binutils's 'disassembler()' signature to use perf annotate: Enable annotation of BPF programs perf evlist: Introduce side band thread perf tools: Save bpf_prog_info and BTF of new BPF programs perf bpf: Extract logic to create program names from perf_event__synthesize_one_bpf_prog() perf bpf: Show more BPF program info in print_bpf_prog_info() Stanislaw Gruszka (1): iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE Stephane Eranian (1): perf/core: Restore mmap record type correctly Steve French (3): fix incorrect error code mapping for OBJECTID_NOT_FOUND SMB3: Fix SMB3.1.1 guest mounts to Samba cifs: update internal module version number Takashi Sakamoto (1): ALSA: firewire-motu: use 'version' field of unit directory to identify model Thomas Preston (1): drm/i915/bios: assume eDP is present on port A when there is no VBT Thomas Zimmermann (1): drm/vmwgfx: Don't double-free the mode stored in par->set_mode Tony Jones (4): perf script python: Add Python3 support to exported-sql-viewer.py perf script python: Add Python3 support to export-to-postgresql.py perf script python: Add Python3 support to export-to-sqlite.py perf script python: Add printdate function to SQL exporters Tyrel Datwyler (2): scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton scsi: ibmvscsi: Fix empty event pool access during host removal Valdis Kletnieks (4): x86/mm/pti: Make local symbols static genirq/devres: Remove excess parameter from kernel doc time/jiffies: Make refined_jiffies static watchdog/core: Make variables static Valentin Schneider (3): sched/fair: Comment some nohz_balancer_kick() kick conditions sched/fair: Tune down misfit NOHZ kicks sched/fair: Skip LLC NOHZ logic for asymmetric systems Vineet Gupta (5): ARC: perf: bpok condition only exists for ARCompact ARCv2: boot log: refurbish HS core/release identification ARC: boot log: cut down on verbosity ARC: unaligned: relax the check for gcc supporting -mno-unaligned-access ARCv2: spinlock: remove the extra smp_mb before lock, after unlock William Cohen (1): arm64/stacktrace: Export save_stack_trace_regs() Wolfram Sang (1): mmc: renesas_sdhi: limit block count to 16 bit for old revisions Xiaoli Feng (1): cifs: fix that return -EINVAL when do dedupe operation Yasha Cherikovsky (1): MIPS: Ensure ELF appended dtb is relocated Yifeng Li (1): mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction. Yishai Hadas (2): net/mlx5: Fix DCT creation bad flow IB/mlx5: Use mlx5 core to create/destroy a DEVX DCT YueHaibing (10): drivers: base: swnode: Make two functions static irqchip/brcmstb-l2: Make two init functions static irqchip/mmp: Make mmp_irq_domain_ops static irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static drm/nouveau/dmem: remove set but not used variable 'drm' drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure clocksource/drivers/clps711x: Make clps711x_clksrc_init() static clocksource/drivers/tcb_clksrc: Make tc_clksrc_suspend/resume() static clocksource/drivers/timer-ti-dm: Make omap_dm_timer_set_load_start() static clocksource/drivers/mips-gic-timer: Make gic_compare_irqaction static Yufen Yu (2): blk-mq: use blk_mq_sched_mark_restart_hctx to set RESTART block: add BLK_MQ_POLL_CLASSIC for hybrid poll and return EINVAL for unexpected value Zhang Rui (1): thermal/intel_powerclamp: fix truncated kthread name ZhangXiaoxu (1): inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() zhangyi (F) (2): ext4: brelse all indirect buffer in ext4_ind_remove_space() ext4: cleanup bh release code in ext4_ind_remove_space() Yasha Cherikovsky (1): MIPS: Ensure ELF appended dtb is relocated Yifeng Li (1): mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction. Yishai Hadas (2): net/mlx5: Fix DCT creation bad flow IB/mlx5: Use mlx5 core to create/destroy a DEVX DCT YueHaibing (10): drivers: base: swnode: Make two functions static irqchip/brcmstb-l2: Make two init functions static irqchip/mmp: Make mmp_irq_domain_ops static irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static drm/nouveau/dmem: remove set but not used variable 'drm' drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure clocksource/drivers/clps711x: Make clps711x_clksrc_init() static clocksource/drivers/tcb_clksrc: Make tc_clksrc_suspend/resume() static clocksource/drivers/timer-ti-dm: Make omap_dm_timer_set_load_start() static clocksource/drivers/mips-gic-timer: Make gic_compare_irqaction static Yufen Yu (2): blk-mq: use blk_mq_sched_mark_restart_hctx to set RESTART block: add BLK_MQ_POLL_CLASSIC for hybrid poll and return EINVAL for unexpected value Zhang Rui (1): thermal/intel_powerclamp: fix truncated kthread name ZhangXiaoxu (1): inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() zhangyi (F) (2): ext4: brelse all indirect buffer in ext4_ind_remove_space() ext4: cleanup bh release code in ext4_ind_remove_space() ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-24 21:26 Linux 5.1-rc2 Linus Torvalds @ 2019-03-25 2:31 ` Randy Dunlap 2019-03-25 19:08 ` James Morris 0 siblings, 1 reply; 14+ messages in thread From: Randy Dunlap @ 2019-03-25 2:31 UTC (permalink / raw) To: Linus Torvalds, Linux List Kernel Mailing Cc: linux-security-module, Kees Cook, Tetsuo Handa, James Morris On 3/24/19 2:26 PM, Linus Torvalds wrote: > Well, we're a week away from the merge window close, and here's rc2. > Things look fairly normal, but honestly, rc2 is usually too early to > tell. People haven't necessarily had time to notice problems yet. > Which is just another way of saying "please test harder". > > Nothing particularly stands out. Yes, we had some fixes for the new > io_ring code for issues that were discussed when merging it. Other > than that, worth noting is that the bulk of the patches are for > tooling, not the core kernel. In fact, about two thirds of the patch > is just for the tools/ subdirectory, most of it due to some late perf > tool updates. The people involved promise they're done. Hmph. I'm still looking for the patch that restores the various CONFIG_DEFAULT_<security> kconfig options to be merged. https://lore.kernel.org/linux-security-module/2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp/ since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow. -- ~Randy ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-25 2:31 ` Randy Dunlap @ 2019-03-25 19:08 ` James Morris 2019-03-25 21:05 ` Tetsuo Handa 0 siblings, 1 reply; 14+ messages in thread From: James Morris @ 2019-03-25 19:08 UTC (permalink / raw) To: Randy Dunlap Cc: Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Kees Cook, Tetsuo Handa On Sun, 24 Mar 2019, Randy Dunlap wrote: > On 3/24/19 2:26 PM, Linus Torvalds wrote: > > Well, we're a week away from the merge window close, and here's rc2. > > Things look fairly normal, but honestly, rc2 is usually too early to > > tell. People haven't necessarily had time to notice problems yet. > > Which is just another way of saying "please test harder". > > > > Nothing particularly stands out. Yes, we had some fixes for the new > > io_ring code for issues that were discussed when merging it. Other > > than that, worth noting is that the bulk of the patches are for > > tooling, not the core kernel. In fact, about two thirds of the patch > > is just for the tools/ subdirectory, most of it due to some late perf > > tool updates. The people involved promise they're done. > > Hmph. I'm still looking for the patch that restores the various > CONFIG_DEFAULT_<security> kconfig options to be merged. > > https://lore.kernel.org/linux-security-module/2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp/ > > since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow. AFAICT we don't have a finalized version of the patch yet. Kees? -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-25 19:08 ` James Morris @ 2019-03-25 21:05 ` Tetsuo Handa 2019-03-27 19:16 ` Kees Cook 0 siblings, 1 reply; 14+ messages in thread From: Tetsuo Handa @ 2019-03-25 21:05 UTC (permalink / raw) To: James Morris, Randy Dunlap Cc: Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Kees Cook On 2019/03/26 4:08, James Morris wrote: > On Sun, 24 Mar 2019, Randy Dunlap wrote: > >> On 3/24/19 2:26 PM, Linus Torvalds wrote: >>> Well, we're a week away from the merge window close, and here's rc2. >>> Things look fairly normal, but honestly, rc2 is usually too early to >>> tell. People haven't necessarily had time to notice problems yet. >>> Which is just another way of saying "please test harder". >>> >>> Nothing particularly stands out. Yes, we had some fixes for the new >>> io_ring code for issues that were discussed when merging it. Other >>> than that, worth noting is that the bulk of the patches are for >>> tooling, not the core kernel. In fact, about two thirds of the patch >>> is just for the tools/ subdirectory, most of it due to some late perf >>> tool updates. The people involved promise they're done. >> >> Hmph. I'm still looking for the patch that restores the various >> CONFIG_DEFAULT_<security> kconfig options to be merged. >> >> https://lore.kernel.org/linux-security-module/2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp/ >> >> since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow. > > AFAICT we don't have a finalized version of the patch yet. > > Kees? > As far as I can tell, Kees's comment It breaks the backward-compat for the "security=" line. If a system is booted with CONFIG_LSM="minors...,apparmor" and "security=selinux", neither apparmor nor selinux will be initialized. The logic on "security=..." depends on the other LSMs being present in the list. was just a confusion, and I think that this version can become the finalized version. From 72f5f21b800c87f9ec3600f6e3acfb654690d8f0 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Tue, 26 Mar 2019 05:56:30 +0900 Subject: [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig" Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a default value. That commit expected that existing users (upgrading from Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But since users might forget to edit CONFIG_LSM value, this patch revives the choice (only for providing the default value for CONFIG_LSM) in order to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their old kernel configs. Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Casey Schaufler <casey@schaufler-ca.com> --- security/Kconfig | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/security/Kconfig b/security/Kconfig index 1d6463f..2f29805 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -239,9 +239,44 @@ source "security/safesetid/Kconfig" source "security/integrity/Kconfig" +choice + prompt "Default security module [superseded by 'Ordered list of enabled LSMs' below]" + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO + default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR + default DEFAULT_SECURITY_DAC + + help + This choice is there only for converting CONFIG_DEFAULT_SECURITY in old + kernel config to CONFIG_LSM in new kernel config. Don't change this choice + unless you are creating a fresh kernel config, for this choice will be + ignored after CONFIG_LSM is once defined. + + config DEFAULT_SECURITY_SELINUX + bool "SELinux" if SECURITY_SELINUX=y + + config DEFAULT_SECURITY_SMACK + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y + + config DEFAULT_SECURITY_TOMOYO + bool "TOMOYO" if SECURITY_TOMOYO=y + + config DEFAULT_SECURITY_APPARMOR + bool "AppArmor" if SECURITY_APPARMOR=y + + config DEFAULT_SECURITY_DAC + bool "Unix Discretionary Access Controls" + +endchoice + config LSM string "Ordered list of enabled LSMs" - default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" + default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX + default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO + default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR + default "yama,loadpin,safesetid,integrity" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-25 21:05 ` Tetsuo Handa @ 2019-03-27 19:16 ` Kees Cook 2019-03-27 20:30 ` Tetsuo Handa 0 siblings, 1 reply; 14+ messages in thread From: Kees Cook @ 2019-03-27 19:16 UTC (permalink / raw) To: Tetsuo Handa Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module On Mon, Mar 25, 2019 at 2:06 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/03/26 4:08, James Morris wrote: > > On Sun, 24 Mar 2019, Randy Dunlap wrote: > > > >> On 3/24/19 2:26 PM, Linus Torvalds wrote: > >>> Well, we're a week away from the merge window close, and here's rc2. > >>> Things look fairly normal, but honestly, rc2 is usually too early to > >>> tell. People haven't necessarily had time to notice problems yet. > >>> Which is just another way of saying "please test harder". > >>> > >>> Nothing particularly stands out. Yes, we had some fixes for the new > >>> io_ring code for issues that were discussed when merging it. Other > >>> than that, worth noting is that the bulk of the patches are for > >>> tooling, not the core kernel. In fact, about two thirds of the patch > >>> is just for the tools/ subdirectory, most of it due to some late perf > >>> tool updates. The people involved promise they're done. > >> > >> Hmph. I'm still looking for the patch that restores the various > >> CONFIG_DEFAULT_<security> kconfig options to be merged. > >> > >> https://lore.kernel.org/linux-security-module/2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp/ > >> > >> since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow. > > > > AFAICT we don't have a finalized version of the patch yet. > > > > Kees? Sorry for the delay -- back from travel now. > As far as I can tell, Kees's comment > > It breaks the backward-compat for the "security=" line. If a system is > booted with CONFIG_LSM="minors...,apparmor" and "security=selinux", > neither apparmor nor selinux will be initialized. The logic on > "security=..." depends on the other LSMs being present in the list. > > was just a confusion Yes, you are correct here. This is what I get for drive-by comments while travelling. :) However, I don't like that it creates an incomplete LSM list for no reason. I'd like CONFIG_LSM to be built in a way that future stack-enabling will Just Work. Leaving off LSMs means it won't. My original patch doesn't change the behavior relative to the old configs (i.e. the CONFIG_DEFAULT_SECURITY_* will still be selected and turn off the others) but does allow the other LSMs to be initialized in the future once earlier ones in the list become stackable. The part I don't understand is what you've said about TOMOYO being primary and not wanting the others stackable? That kind of goes against the point, but I'm happy to do that if you want it that way. If so, my current proposal would be: config LSM string "Ordered list of enabled LSMs" + default "yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK + default "yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO + default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" Note that the last default line holds for both "new build" and "selinux chosen". The other change from my earlier patch is that _DAC must turn off all the legacy major LSMs to get the behavior Randy was expecting. Shall I send a patch that does the above, or is there another wrinkle? Thanks! -Kees > the finalized version. > > From 72f5f21b800c87f9ec3600f6e3acfb654690d8f0 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Tue, 26 Mar 2019 05:56:30 +0900 > Subject: [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig" > > Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed > CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from > security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a > default value. That commit expected that existing users (upgrading from > Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with > their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But > since users might forget to edit CONFIG_LSM value, this patch revives > the choice (only for providing the default value for CONFIG_LSM) in order > to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their > old kernel configs. > > Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com> > Signed-off-by: Kees Cook <keescook@chromium.org> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Acked-by: Casey Schaufler <casey@schaufler-ca.com> > --- > security/Kconfig | 37 ++++++++++++++++++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 1d6463f..2f29805 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -239,9 +239,44 @@ source "security/safesetid/Kconfig" > > source "security/integrity/Kconfig" > > +choice > + prompt "Default security module [superseded by 'Ordered list of enabled LSMs' below]" > + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX > + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK > + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO > + default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR > + default DEFAULT_SECURITY_DAC > + > + help > + This choice is there only for converting CONFIG_DEFAULT_SECURITY in old > + kernel config to CONFIG_LSM in new kernel config. Don't change this choice > + unless you are creating a fresh kernel config, for this choice will be > + ignored after CONFIG_LSM is once defined. > + > + config DEFAULT_SECURITY_SELINUX > + bool "SELinux" if SECURITY_SELINUX=y > + > + config DEFAULT_SECURITY_SMACK > + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y > + > + config DEFAULT_SECURITY_TOMOYO > + bool "TOMOYO" if SECURITY_TOMOYO=y > + > + config DEFAULT_SECURITY_APPARMOR > + bool "AppArmor" if SECURITY_APPARMOR=y > + > + config DEFAULT_SECURITY_DAC > + bool "Unix Discretionary Access Controls" > + > +endchoice > + > config LSM > string "Ordered list of enabled LSMs" > - default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" > + default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX > + default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK > + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO > + default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR > + default "yama,loadpin,safesetid,integrity" > help > A comma-separated list of LSMs, in initialization order. > Any LSMs left off this list will be ignored. This can be > -- > 1.8.3.1 -- Kees Cook ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 19:16 ` Kees Cook @ 2019-03-27 20:30 ` Tetsuo Handa 2019-03-27 20:45 ` Kees Cook 0 siblings, 1 reply; 14+ messages in thread From: Tetsuo Handa @ 2019-03-27 20:30 UTC (permalink / raw) To: Kees Cook Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module On 2019/03/28 4:16, Kees Cook wrote: > The part I don't understand is what you've said about TOMOYO being > primary and not wanting the others stackable? That kind of goes > against the point, but I'm happy to do that if you want it that way. Automatically enabling multiple legacy major LSMs might result in a confusion like Jakub encountered. For a few releases from 5.1 (about one year or so?), since CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in their kernel configs, I guess that it is better not to enable TOMOYO automatically until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM and get used to use lsm= kernel command line option rather than security= kernel command line option. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 20:30 ` Tetsuo Handa @ 2019-03-27 20:45 ` Kees Cook 2019-03-27 21:05 ` Tetsuo Handa 0 siblings, 1 reply; 14+ messages in thread From: Kees Cook @ 2019-03-27 20:45 UTC (permalink / raw) To: Tetsuo Handa Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/03/28 4:16, Kees Cook wrote: > > The part I don't understand is what you've said about TOMOYO being > > primary and not wanting the others stackable? That kind of goes > > against the point, but I'm happy to do that if you want it that way. > > Automatically enabling multiple legacy major LSMs might result in a confusion like > Jakub encountered. The confusion wasn't multiple enabled: it was a change of what was enabled (due to ignoring the old config). (My very first suggested patch fixed this...) > For a few releases from 5.1 (about one year or so?), since > CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in > their kernel configs, I guess that it is better not to enable TOMOYO automatically > until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM > and get used to use lsm= kernel command line option rather than security= kernel > command line option. It sounds like you want TOMOYO to stay an exclusive LSM? Should we revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be exclusive") instead? (I'm against this idea, but defer to you. I think it should stay stackable since the goal is to entirely remove the concept of exclusive LSMs.) I don't see problems for an exclusive LSM user (AA, SELinux, Smack) also initializing TOMOYO, though. It should be a no-op. Is there some situation where this is not true? The situation you helped me see was that a TOMOYO user with CONFIG_DEFAULT_SECURITY_TOMOYO would not want to see any exclusive LSM also initialized, since that may NOT be a no-op. So, AFAICT, my proposal fixes both Jakub's issue (CONFIG_DEFAULT_SECURITY_* oldconfig entirely ignored) and Randy's issue (subset of Jakub's: choosing DAC should mean no legacy major initializes), and the "TOMOYO user surprised to see an exclusive LSM also initialized". If you're happy with the proposed change in my prior email, I'll send it properly to James. If not, what do you see that needs changing? Thanks! -Kees -- Kees Cook ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 20:45 ` Kees Cook @ 2019-03-27 21:05 ` Tetsuo Handa 2019-03-27 21:43 ` Kees Cook 0 siblings, 1 reply; 14+ messages in thread From: Tetsuo Handa @ 2019-03-27 21:05 UTC (permalink / raw) To: Kees Cook Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On 2019/03/28 5:45, Kees Cook wrote: > On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa > <penguin-kernel@i-love.sakura.ne.jp> wrote: >> >> On 2019/03/28 4:16, Kees Cook wrote: >>> The part I don't understand is what you've said about TOMOYO being >>> primary and not wanting the others stackable? That kind of goes >>> against the point, but I'm happy to do that if you want it that way. >> >> Automatically enabling multiple legacy major LSMs might result in a confusion like >> Jakub encountered. > > The confusion wasn't multiple enabled: it was a change of what was > enabled (due to ignoring the old config). (My very first suggested > patch fixed this...) Someone else might get confused when TOMOYO is automatically enabled despite they did not specify TOMOYO in lsm= or security= or CONFIG_LSM. > >> For a few releases from 5.1 (about one year or so?), since >> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in >> their kernel configs, I guess that it is better not to enable TOMOYO automatically >> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM >> and get used to use lsm= kernel command line option rather than security= kernel >> command line option. > > It sounds like you want TOMOYO to stay an exclusive LSM? Should we > revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be > exclusive") instead? (I'm against this idea, but defer to you. I think > it should stay stackable since the goal is to entirely remove the > concept of exclusive LSMs.) I never want to revert a5e2fe7ede12. For transition period, I just don't want to automatically enable TOMOYO when people did not specify TOMOYO. > > I don't see problems for an exclusive LSM user (AA, SELinux, Smack) > also initializing TOMOYO, though. It should be a no-op. Is there some > situation where this is not true? There should be no problem except some TOMOYO messages are printed. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 21:05 ` Tetsuo Handa @ 2019-03-27 21:43 ` Kees Cook 2019-03-27 22:05 ` Tetsuo Handa 2019-03-29 18:07 ` James Morris 0 siblings, 2 replies; 14+ messages in thread From: Kees Cook @ 2019-03-27 21:43 UTC (permalink / raw) To: Tetsuo Handa Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On Wed, Mar 27, 2019 at 2:05 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/03/28 5:45, Kees Cook wrote: > > On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa > > <penguin-kernel@i-love.sakura.ne.jp> wrote: > >> > >> On 2019/03/28 4:16, Kees Cook wrote: > >>> The part I don't understand is what you've said about TOMOYO being > >>> primary and not wanting the others stackable? That kind of goes > >>> against the point, but I'm happy to do that if you want it that way. > >> > >> Automatically enabling multiple legacy major LSMs might result in a confusion like > >> Jakub encountered. > > > > The confusion wasn't multiple enabled: it was a change of what was > > enabled (due to ignoring the old config). (My very first suggested > > patch fixed this...) > > Someone else might get confused when TOMOYO is automatically enabled > despite they did not specify TOMOYO in lsm= or security= or CONFIG_LSM. > > > > >> For a few releases from 5.1 (about one year or so?), since > >> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in > >> their kernel configs, I guess that it is better not to enable TOMOYO automatically > >> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM > >> and get used to use lsm= kernel command line option rather than security= kernel > >> command line option. > > > > It sounds like you want TOMOYO to stay an exclusive LSM? Should we > > revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be > > exclusive") instead? (I'm against this idea, but defer to you. I think > > it should stay stackable since the goal is to entirely remove the > > concept of exclusive LSMs.) > > I never want to revert a5e2fe7ede12. For transition period, I just don't > want to automatically enable TOMOYO when people did not specify TOMOYO. > > > > > I don't see problems for an exclusive LSM user (AA, SELinux, Smack) > > also initializing TOMOYO, though. It should be a no-op. Is there some > > situation where this is not true? > > There should be no problem except some TOMOYO messages are printed. Okay, so I should send my latest version of the patch to James? Or do you explicitly want TOMOYO removed from all the CONFIG_LSM default lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry the latter will lead to less testing of the stacking.) -- Kees Cook ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 21:43 ` Kees Cook @ 2019-03-27 22:05 ` Tetsuo Handa 2019-03-27 22:23 ` Casey Schaufler 2019-03-29 18:07 ` James Morris 1 sibling, 1 reply; 14+ messages in thread From: Tetsuo Handa @ 2019-03-27 22:05 UTC (permalink / raw) To: Kees Cook Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On 2019/03/28 6:43, Kees Cook wrote: >>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>> also initializing TOMOYO, though. It should be a no-op. Is there some >>> situation where this is not true? >> >> There should be no problem except some TOMOYO messages are printed. > > Okay, so I should send my latest version of the patch to James? Or do > you explicitly want TOMOYO removed from all the CONFIG_LSM default > lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry > the latter will lead to less testing of the stacking.) > My approach is "opt-in" while your approach is "opt-out". And the problem here is that people might fail to change CONFIG_LSM from the default value to what they need. (And Jakub did not change CONFIG_LSM to reflect CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest "opt-in" approach; which includes up to only one legacy major LSM and allows people to change the default value to include multiple legacy major LSMs. You can propose your latest version. If SELinux/Smack/AppArmor people prefer "opt-out" approach, I'm fine with "opt-out" approach. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 22:05 ` Tetsuo Handa @ 2019-03-27 22:23 ` Casey Schaufler 2019-03-27 22:55 ` Randy Dunlap 0 siblings, 1 reply; 14+ messages in thread From: Casey Schaufler @ 2019-03-27 22:23 UTC (permalink / raw) To: Tetsuo Handa, Kees Cook Cc: James Morris, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On 3/27/2019 3:05 PM, Tetsuo Handa wrote: > On 2019/03/28 6:43, Kees Cook wrote: >>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>>> also initializing TOMOYO, though. It should be a no-op. Is there some >>>> situation where this is not true? >>> There should be no problem except some TOMOYO messages are printed. >> Okay, so I should send my latest version of the patch to James? Or do >> you explicitly want TOMOYO removed from all the CONFIG_LSM default >> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry >> the latter will lead to less testing of the stacking.) >> > My approach is "opt-in" while your approach is "opt-out". And the problem > here is that people might fail to change CONFIG_LSM from the default value > to what they need. (And Jakub did not change CONFIG_LSM to reflect > CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest > "opt-in" approach; which includes up to only one legacy major LSM and allows > people to change the default value to include multiple legacy major LSMs. > > You can propose your latest version. If SELinux/Smack/AppArmor people > prefer "opt-out" approach, I'm fine with "opt-out" approach. In the long haul we want people to use CONFIG_LSM to set their list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH makes some sense, but it's important that we encourage a mindset change. Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the value from CONFIG_LSM, and make it the default? ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 22:23 ` Casey Schaufler @ 2019-03-27 22:55 ` Randy Dunlap 2019-03-27 23:22 ` Casey Schaufler 0 siblings, 1 reply; 14+ messages in thread From: Randy Dunlap @ 2019-03-27 22:55 UTC (permalink / raw) To: Casey Schaufler, Tetsuo Handa, Kees Cook Cc: James Morris, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On 3/27/19 3:23 PM, Casey Schaufler wrote: > On 3/27/2019 3:05 PM, Tetsuo Handa wrote: >> On 2019/03/28 6:43, Kees Cook wrote: >>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>>>> also initializing TOMOYO, though. It should be a no-op. Is there some >>>>> situation where this is not true? >>>> There should be no problem except some TOMOYO messages are printed. >>> Okay, so I should send my latest version of the patch to James? Or do >>> you explicitly want TOMOYO removed from all the CONFIG_LSM default >>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry >>> the latter will lead to less testing of the stacking.) >>> >> My approach is "opt-in" while your approach is "opt-out". And the problem >> here is that people might fail to change CONFIG_LSM from the default value >> to what they need. (And Jakub did not change CONFIG_LSM to reflect >> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest >> "opt-in" approach; which includes up to only one legacy major LSM and allows >> people to change the default value to include multiple legacy major LSMs. >> >> You can propose your latest version. If SELinux/Smack/AppArmor people >> prefer "opt-out" approach, I'm fine with "opt-out" approach. > > In the long haul we want people to use CONFIG_LSM to set their > list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH > makes some sense, but it's important that we encourage a mindset change. > Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the > value from CONFIG_LSM, and make it the default? > Hi, I'm still confused. Does this mindset change include removing support of SECURITY_DAC? If so, where was this discussed and decided? And if so (again), that feels like enforcing some kind of policy in the kernel. thanks. -- ~Randy ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 22:55 ` Randy Dunlap @ 2019-03-27 23:22 ` Casey Schaufler 0 siblings, 0 replies; 14+ messages in thread From: Casey Schaufler @ 2019-03-27 23:22 UTC (permalink / raw) To: Randy Dunlap, Tetsuo Handa, Kees Cook Cc: James Morris, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On 3/27/2019 3:55 PM, Randy Dunlap wrote: > On 3/27/19 3:23 PM, Casey Schaufler wrote: >> On 3/27/2019 3:05 PM, Tetsuo Handa wrote: >>> On 2019/03/28 6:43, Kees Cook wrote: >>>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>>>>> also initializing TOMOYO, though. It should be a no-op. Is there some >>>>>> situation where this is not true? >>>>> There should be no problem except some TOMOYO messages are printed. >>>> Okay, so I should send my latest version of the patch to James? Or do >>>> you explicitly want TOMOYO removed from all the CONFIG_LSM default >>>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry >>>> the latter will lead to less testing of the stacking.) >>>> >>> My approach is "opt-in" while your approach is "opt-out". And the problem >>> here is that people might fail to change CONFIG_LSM from the default value >>> to what they need. (And Jakub did not change CONFIG_LSM to reflect >>> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest >>> "opt-in" approach; which includes up to only one legacy major LSM and allows >>> people to change the default value to include multiple legacy major LSMs. >>> >>> You can propose your latest version. If SELinux/Smack/AppArmor people >>> prefer "opt-out" approach, I'm fine with "opt-out" approach. >> In the long haul we want people to use CONFIG_LSM to set their >> list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH >> makes some sense, but it's important that we encourage a mindset change. >> Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the >> value from CONFIG_LSM, and make it the default? >> > Hi, > > I'm still confused. Does this mindset change include removing support of > SECURITY_DAC? No. > If so, where was this discussed and decided? linux-security-module@vger.kernel.org on threads related to security module stacking. It's easy to get the same result with a CONFIG_LSM that includes none of the SELinux, Smack, TOMOYO or AppArmor. > And if so (again), that feels like enforcing some kind of policy in the kernel. Again, not so. It's a change from "The not-more-the One Major Module" to "Whatever set of policies works for you". The NULL set is completely supported. The current flap is that it's more difficult to express doing things the old way. Kees and Tetsuo are hashing out how best to support old .confg files in support of automated tools. > thanks. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Linux 5.1-rc2 2019-03-27 21:43 ` Kees Cook 2019-03-27 22:05 ` Tetsuo Handa @ 2019-03-29 18:07 ` James Morris 1 sibling, 0 replies; 14+ messages in thread From: James Morris @ 2019-03-29 18:07 UTC (permalink / raw) To: Kees Cook Cc: Tetsuo Handa, Randy Dunlap, Linus Torvalds, Linux List Kernel Mailing, linux-security-module, Jakub Kicinski On Wed, 27 Mar 2019, Kees Cook wrote: > > There should be no problem except some TOMOYO messages are printed. > > Okay, so I should send my latest version of the patch to James? Or do > you explicitly want TOMOYO removed from all the CONFIG_LSM default > lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry > the latter will lead to less testing of the stacking.) Kees, send me your final patch as soon as it's ready. -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-03-29 18:08 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-03-24 21:26 Linux 5.1-rc2 Linus Torvalds 2019-03-25 2:31 ` Randy Dunlap 2019-03-25 19:08 ` James Morris 2019-03-25 21:05 ` Tetsuo Handa 2019-03-27 19:16 ` Kees Cook 2019-03-27 20:30 ` Tetsuo Handa 2019-03-27 20:45 ` Kees Cook 2019-03-27 21:05 ` Tetsuo Handa 2019-03-27 21:43 ` Kees Cook 2019-03-27 22:05 ` Tetsuo Handa 2019-03-27 22:23 ` Casey Schaufler 2019-03-27 22:55 ` Randy Dunlap 2019-03-27 23:22 ` Casey Schaufler 2019-03-29 18:07 ` James Morris
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.