[PATCH v5 0/3]

[PATCH v5 0/3]

[Mark Salyzyn]

overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
overlayfs: check CAP_MKNOD before issuing vfs_whiteout

Assumption never checked, should fail if the mounter creds are not
sufficient.

overlayfs: override_creds=off option bypass creator_cred

By default, all access to the upper, lower and work directories is the
recorded mounter's MAC and DAC credentials.  The incoming accesses are
checked against the caller's credentials.

If the principles of least privilege are applied, the mounter's
credentials might not overlap the credentials of the caller's when
accessing the overlayfs filesystem.  For example, a file that a lower
DAC privileged caller can execute, is MAC denied to the generally
higher DAC privileged mounter, to prevent an attack vector.

We add the option to turn off override_creds in the mount options; all
subsequent operations after mount on the filesystem will be only the
caller's credentials.  This option default is set in the CONFIG
OVERLAY_FS_OVERRIDE_CREDS or in the module option override_creds.

The module boolean parameter and mount option override_creds is also
added as a presence check for this "feature" by checking existence of
/sys/module/overlay/parameters/overlay_creds.  This will allow user
space to determine if the option can be supplied successfully to the
mount(2) operation.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-unionfs@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org

v2:
- Forward port changed attr to stat, resulting in a build error.
- altered commit message.

v3:
- Change name from caller_credentials / creator_credentials to the
  boolean override_creds.
- Changed from creator to mounter credentials.
- Updated and fortified the documentation.
- Added CONFIG_OVERLAY_FS_OVERRIDE_CREDS

v4:
- spelling and grammar errors in text

v5:
- beefed up the caveats in the Documentation
- Is dependent on
  "overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh"
  "overlayfs: check CAP_MKNOD before issuing vfs_whiteout"
- Added prwarn when override_creds=off

[PATCH v5 0/3]

[Kaaira Gupta]

Changes since v4:
	- Add another patch which changes char argument to const char
	in function tpg_gen_text()
	- Return const char * from function tpg_g_color_order() in patch
	  2
	In 3rd patch:
	- Check font in probe() instead of s_stream()
	- Use dev_err instead of pr_err
	- Fix errors in commit message.
	- Base VIMC_CID_SHOW_INFO on VIVID_CID_OSD_TEXT_MODE

Changes since v3:
        In 1st patch:
        -Improved formatting of returned string.

        In 2nd patch:
         - Add CID prefix in control name and change it to a more
           generic name.
         - Rename bool variable to a generic name.
         - Disable text rendering instead of stopping stream if no
           font found.
         - Display more info like VIVID in VIMC.

Changes since v2:
        In 1st patch:
        - Create a 'define' to prevent repetition of the common color
          sequence string.
        - Use 'fallthrough' on case statement to prevent repetition of
          code.

Changes since v1:
        - Divided the patch into two patches.
        - Returned NULL for patterns whose color order cannot be
          defined. (Reported-by: kernel test robot <lkp@intel.com>)
        - Made separate switch cases for separate test patterns
         (Reported-by: kernel test robot <lkp@intel.com>)
        - Renamed variables from camelcase to use '_'
        - prefixed 'media' to the patches.

Kaaira Gupta (3):
  media: tpg: change char argument to const char
  media: tpg: Add function to return colors' order of test image
  media: vimc: Add a control to display info on test image

 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 39 ++++++++++---
 drivers/media/test-drivers/vimc/Kconfig       |  2 +
 drivers/media/test-drivers/vimc/vimc-common.h |  1 +
 drivers/media/test-drivers/vimc/vimc-core.c   | 10 ++++
 drivers/media/test-drivers/vimc/vimc-sensor.c | 57 +++++++++++++++++++
 include/media/tpg/v4l2-tpg.h                  |  3 +-
 6 files changed, 104 insertions(+), 8 deletions(-)

-- 
2.17.1

[PATCH v5 0/3]

[Vijay Thakkar]

This series of patches brings the PMU events for AMD family 17h series
of processors up to date with the latest versions of the AMD processor
programming reference manuals, all of which can be found at:
https://bugzilla.kernel.org/show_bug.cgi?id=206537

Change summary:
Patch 1: changes the pmu events mapfile to be more selective for
the model number rather than blanket detecting all f17h processors to
have the same events directory. This is required for the later patch
where we add events for zen2 based processors.

Patch 2: adds the PMU events for zen2.

Patch 3: updates the zen1 PMU events to be in accordance
with the latest PPR version and bumps up the events version to v2,
mainly adding some events that were previously missing, and
cleaning up some fpu counters.

Details of what changed between patch revisions is included within the
commits.

Vijay Thakkar (3):
  perf vendor events amd: restrict model detection for zen1 based
    processors
  perf vendor events amd: add Zen2 events
  perf vendor events amd: update Zen1 events to V2

 .../pmu-events/arch/x86/amdfam17h/branch.json |  12 -
 .../pmu-events/arch/x86/amdfam17h/cache.json  | 329 -----------------
 .../pmu-events/arch/x86/amdfam17h/other.json  |  65 ----
 .../pmu-events/arch/x86/amdzen1/branch.json   |  23 ++
 .../pmu-events/arch/x86/amdzen1/cache.json    | 294 +++++++++++++++
 .../arch/x86/{amdfam17h => amdzen1}/core.json |  15 +-
 .../floating-point.json                       |  64 +++-
 .../x86/{amdfam17h => amdzen1}/memory.json    |  82 +++--
 .../pmu-events/arch/x86/amdzen1/other.json    |  56 +++
 .../pmu-events/arch/x86/amdzen2/branch.json   |  52 +++
 .../pmu-events/arch/x86/amdzen2/cache.json    | 338 +++++++++++++++++
 .../pmu-events/arch/x86/amdzen2/core.json     | 130 +++++++
 .../arch/x86/amdzen2/floating-point.json      | 112 ++++++
 .../pmu-events/arch/x86/amdzen2/memory.json   | 341 ++++++++++++++++++
 .../pmu-events/arch/x86/amdzen2/other.json    | 115 ++++++
 tools/perf/pmu-events/arch/x86/mapfile.csv    |   3 +-
 16 files changed, 1578 insertions(+), 453 deletions(-)
 delete mode 100644 tools/perf/pmu-events/arch/x86/amdfam17h/branch.json
 delete mode 100644 tools/perf/pmu-events/arch/x86/amdfam17h/cache.json
 delete mode 100644 tools/perf/pmu-events/arch/x86/amdfam17h/other.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen1/branch.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen1/cache.json
 rename tools/perf/pmu-events/arch/x86/{amdfam17h => amdzen1}/core.json (87%)
 rename tools/perf/pmu-events/arch/x86/{amdfam17h => amdzen1}/floating-point.json (61%)
 rename tools/perf/pmu-events/arch/x86/{amdfam17h => amdzen1}/memory.json (63%)
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen1/other.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/branch.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/cache.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/core.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/floating-point.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/memory.json
 create mode 100644 tools/perf/pmu-events/arch/x86/amdzen2/other.json

-- 
2.25.1