On Wed, Oct 24, 2018 at 1:56 AM, Casey Schaufler wrote:
> On 10/23/2018 12:05 PM, Casey Schaufler wrote:
>> On 10/23/2018 11:50 AM, Kees Cook wrote:
>>
>>> Did you poke around at my combined series?
>>> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linu
guide/sphinx.html#writing-documentation
As for the content, though:
Reviewed-by: Kees Cook <keesc...@chromium.org>
-Kees
> ---
>
> Changes in v4:
> - Update according to the syntax change
>
> Changes in v3:
> - Newly added
>
> Changes in
s
>> * Patch 4
>> - A function comment for audit_seccomp() was added to explain, among other
>> things, that event filtering is performed in seccomp_log()
>
> Kees, are you still okay with v3? Also, are you okay with these
> patches going in via the audit tree, o
ry-model/blob/master/Documentation/explanation.txt
> +tools/memory-model/Documentation/explanation.txt.
>
> memory-barriers.txt and atomic_t.txt provide more background to the
> memory ordering in general and for atomic operations specifically.
Will this get linkified by rst ?
-Kees
y change this to show the "exception"
case as "out of line" of normal code flow. i.e. instead of "if (log)
audit_seccomp", invert it to return early:
...
if (!log)
return;
audit_seccomp(syscall, signr, action);
}
But if there isn't some other
gives out pcsr hexadecimal value.
>
> So this commit removes useless %px and update section "Output format"
> in the document for alignment between the code and document.
>
> Suggested-by: Kees Cook <keesc...@chromium.org>
> Cc: Mathieu Poirier <mathieu.poi
eems like it'd make sense to make this a helper of some kind?
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ntel.com>
> Cc: Thomas Gleixner <t...@linutronix.de>
> Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
> Cc: Linus Torvalds <torva...@linux-foundation.org>
> Cc: Alan Cox <gno...@lxorguk.ukuu.org.uk>
> Cc: Andrea Arcangeli <aarca...@r
xample, letting secur...@kernel.org know about a flaw and then
tell us to sit on it for 2 months until some public presentation,
that's not going to happen.
Additionally, we frequently make all network bugs immediately public,
since the net subsystem tends to reject embargoes.
So, maybe we could be more ex
On Wed, Feb 21, 2018 at 8:43 PM, Randy Dunlap <rdun...@infradead.org> wrote:
> On 02/21/2018 04:37 PM, Kees Cook wrote:
>> As recently pointed out by Linus, "Root-caused-by" is a good tag to include
>> since it can indicate significantly more work than &qu
On Wed, Feb 21, 2018 at 6:13 PM, Joe Perches <j...@perches.com> wrote:
> On Wed, 2018-02-21 at 16:37 -0800, Kees Cook wrote:
>> As recently pointed out by Linus, "Root-caused-by" is a good tag to include
>> since it can indicate significantly more work than &qu
h.pl to match the process docs.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/process/5.Posting.rst | 7 +++
scripts/checkpatch.pl | 2 ++
2 files changed, 9 insertions(+)
diff --git a/Documentation/process/5.Posting.rst
b/Documentation/proc
This cleans up the taint flags and documentation before adding a new
one for randstruct. This v2 reverts the #define->enum change as some
architectures include TAINT flags in assembly source, which cannot
use enums.
Patch 3/3 reads:
Since the randstruct plugin can intentionally produce extremely
This converts to using indexed initializers instead of comments, adds a
comment on why the taint flags can't be an enum, and make sure that no one
forgets to update the taint_flags when adding new bits.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/kernel.h | 1 +
This consolidates the taint bit documentation into a single place with
both numeric and letter values. Additionally adds the missing TAINT_AUX
documentation.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/sysctl/kernel.tx
the new flag and initializes taint_mask immediately when built
with randstruct.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/sysctl/kernel.txt | 1 +
include/linux/kernel.h | 3 ++-
kernel/panic.c | 4 +++-
3 files changed, 6 insertions
ng git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Kees-Cook/taint-Add-taint-for-randstruct/20180218-100113
> config: arm64-defconfig (attached as .config)
> compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-1
On Fri, Feb 16, 2018 at 1:02 PM, Andrew Morton
<a...@linux-foundation.org> wrote:
> On Thu, 15 Feb 2018 19:37:44 -0800 Kees Cook <keesc...@chromium.org> wrote:
>
>> --- a/Documentation/sysctl/kernel.txt
>> +++ b/Documentation/sysctl/kernel.txt
>> @@ -991,6
This cleans up the taint flags and documentation before adding a new
one for randstruct. Patch 3/3 reads:
Since the randstruct plugin can intentionally produce extremely unusual
kernel structure layouts (even performance pathological ones), some
maintainers want to be able to trivially determine
the new flag and initializes taint_mask immediately when built
with randstruct.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/sysctl/kernel.txt | 1 +
include/linux/kernel.h | 1 +
kernel/panic.c | 4 +++-
3 files changed, 5 insertions(+), 1 de
This consolidates the taint bit documentation into a single place with
both numeric and letter values. Additionally adds the missing TAINT_AUX
documentation.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/sysctl/kernel.tx
This converts the taint bit defines to an enum, uses indexed initializers
instead of comments, and make sure that no one forgets to update the
taint_flags when adding new bits.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/kernel.
of git-author,
and tag order be? I'm assuming it should be:
git-author: B
...
Signed-off-by: A
Co-Developed-by: A
Signed-off-by: B
It's not clear to me if git-author should instead be A, and/or
Co-Developed-by should be B...
Thanks!
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from th
et a moment.
I did notice that, yeah. It seemed like a bunch of kernel-doc was
living in the driver-api manual, where it should be in core. Since
atomics were already there, I put refcount_t there...
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe
On Thu, Dec 7, 2017 at 4:46 PM, Tobin C. Harding <m...@tobin.cc> wrote:
> On Thu, Dec 07, 2017 at 04:19:56PM -0800, Kees Cook wrote:
>> On Thu, Dec 7, 2017 at 3:44 PM, Tobin C. Harding <m...@tobin.cc> wrote:
>> > Cheers Kees. FTR, changes to implement are:
>&
was just an example).
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
long
> - * - 'O' For a kobject based struct. Must be one of the following:
> - * - 'OF[fnpPcCF]' For a device tree object
> - * Without any optional arguments prints the full_name
> - *f device node full_name
> - *
refcount.h change) or did you have some other
> path in mind?
FWIW, I had assumed this would go via the docs tree.
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
> documentation appropriately.
>
> Add documentation regarding printing kernel addresses.
>
> Signed-off-by: Tobin C. Harding <m...@tobin.cc>
Acked-by: Kees Cook <keesc...@chromium.org>
> ---
>
> Is there a proffered method for subscripts in sphinx kernel docs?
On Mon, Dec 4, 2017 at 3:39 PM, Tobin C. Harding <m...@tobin.cc> wrote:
> On Mon, Dec 04, 2017 at 01:51:42PM -0800, Kees Cook wrote:
>> On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <m...@tobin.cc> wrote:
>> > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wr
On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <m...@tobin.cc> wrote:
> On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote:
>> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <m...@tobin.cc> wrote:
>> > Advice about what to use as a unique identifier is no
ace. Printk specifier %p hashes addresses by default now and can be
> +used as a unique identifier.
>
> Memory initialization
> -
> --
> 2.7.4
>
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc&
This updates basics.rst to include refcount_t so it can be referenced by
other .rst files, fixes a kernel-doc typo in refcount.h so the struct
will be documented, and enhances the markup of the refcount-vs-atomic doc.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This
f-by: Elena Reshetova <elena.reshet...@intel.com>
Thanks for the improvements!
I have some markup changes to add, but I'll send that as a separate patch.
Acked-by: Kees Cook <keesc...@chromium.org>
-Kees
> ---
> Documentation/core-api/index.rst | 1 +
> Documenta
writable if they're normally
read-only.
> It would be much easier for an attacker to just set ima_policy_flag to
> zero.
That's a fair point. I wonder if ima_policy_flag could be marked
__ro_after_init? Most of the writes are from __init sections, but I
haven't looked closely at when ima_
ory ordering guarantees changes:
> +fully ordered --> RELEASE ordering + control dependency
> +
> +Note: atomic_add_unless() only provides full order on success.
Same.
> +
> +
> +case 6) - lock-based RMW
> +
> +
> +Function cha
onfigurations be cascading? (For example, all of net/ uses
a different comment style, so having that recorded in a single file
would be nice.)
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
our docs tree is not web viewable, is it? I would look at it (but not
> clone it) to check this.
>
> ta.
> --
> ~Randy
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Aug 14, 2017 at 1:46 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Fri, Aug 11, 2017 at 6:05 PM, Kees Cook <keesc...@chromium.org> wrote:
>> This series is the result of Fabricio, Tyler, Will and I going around a
>> few times on possible solutions for findin
duce RET_KILL_THREAD).
Cc: Paul Moore <p...@paul-moore.com>
Cc: Fabricio Voznika <fvozn...@google.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/userspace-api/seccomp_filter.rst | 7 ++-
include/uapi/linux/seccomp.h | 1 +
kernel/secco
In preparation for adding SECCOMP_RET_KILL_PROCESS, rename SECCOMP_RET_KILL
to the more accurate SECCOMP_RET_KILL_THREAD.
The existing selftest values are intentionally left as SECCOMP_RET_KILL
just to be sure we're exercising the alias.
Signed-off-by: Kees Cook <keesc...@chromium.
This series is the result of Fabricio, Tyler, Will and I going around a
few times on possible solutions for finding a way to enhance RET_KILL
to kill the process group. There's a lot of ways this could be done,
but I wanted something that felt cleanest. My sense of what constitutes
"clean" has
This introduces the BPF return value for SECCOMP_RET_KILL_PROCESS to kill
an entire process. This cannot yet be reached by seccomp, but it changes
the default-kill behavior (for unknown return values) from kill-thread to
kill-process.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
i
This verifies that SECCOMP_RET_KILL_PROCESS is higher priority than
SECCOMP_RET_KILL_THREAD. (This also moves a bunch of defines up earlier
in the file to use them earlier.)
Signed-off-by: Kees Cook <keesc...@chromium.org>
Reviewed-by: Tyler Hicks <tyhi...@canonical.com>
---
t
th the kernel docs moving to ReST markup[1], perhaps reformat this
to a .rst file and link to it from somewhere sensible in the ReST
tree, perhaps the userspace API section in
Documentation/userspace-api/index.rst?
-Kees
[1] https://www.kernel.org/doc/html/latest/doc-guide/sphinx.html
--
Kees
| 10 +
> init/do_mounts_dm.c | 459
>
> 9 files changed, 596 insertions(+)
> create mode 100644 Documentation/device-mapper/dm-boot.txt
> create mode 100644 init/do_mounts_dm.c
>
> --
> 2.
On Fri, Jun 23, 2017 at 7:06 AM, Michal Hocko <mho...@kernel.org> wrote:
> On Tue 20-06-17 16:09:11, Kees Cook wrote:
>> Some hardened environments want to build kernels with slab_nomerge
>> already set (so that they do not depend on remembering to set the kernel
&
out a month now with no further nitpicks. What tree should these changes
> go through if there are no issues? Andrew's, Jessica's ?
Seems like going through Jessica's would make the most sense?
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jun 20, 2017 at 4:16 PM, Randy Dunlap <rdun...@infradead.org> wrote:
> On 06/20/2017 04:09 PM, Kees Cook wrote:
>> Some hardened environments want to build kernels with slab_nomerge
>> already set (so that they do not depend on remembering to set the kernel
&
sor <d...@nullcore.net>
Cc: Eric Biggers <ebigge...@gmail.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
v2: split out of slab whitelisting series
---
Documentation/admin-guide/kernel-parameters.txt | 10 --
init/Kconfig
rvalho Chehab <mche...@s-opensource.com>
Thanks! This should maybe get moved/indexed in dev-tools/. What do you think?
Regardless:
Acked-by: Kees Cook <keesc...@chromium.org>
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linu
oload logic in the following patches. That way the "infrastructure"
changes happen separately and do not change any behaviors, but moves
the caps test down where its wanted in the LSM, before then augmenting
the logic.
> I just need a bit of free time to check again everything and will send
&g
On Wed, May 24, 2017 at 7:16 AM, Djalal Harouni <tix...@gmail.com> wrote:
> On Tue, May 23, 2017 at 9:19 PM, Kees Cook <keesc...@google.com> wrote:
>> On Tue, May 23, 2017 at 3:29 AM, Djalal Harouni <tix...@gmail.com> wrote:
>> Even in the existing code, the
; tools/testing/selftests/seccomp/Makefile | 2 +
> tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +-
> 7 files changed, 520 insertions(+), 280 deletions(-)
> rename Documentation/{kselftest.txt => dev-tools/kselftest.rst} (52%)
> rename tools/testing/selft
e v4:
> * standalone patch to ease the review (requested by Kees Cook)
>
> Signed-off-by: Mickaël Salaün <m...@digikod.net>
> Cc: Andy Lutomirski <l...@amacapital.net>
> Cc: Jonathan Corbet <cor...@lwn.net>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Shuah Khan
On Fri, May 26, 2017 at 11:44 AM, Mickaël Salaün <m...@digikod.net> wrote:
> Add ReST metadata to kselftest_harness.h to be able to include the
> comments in the Sphinx documentation.
>
> Changes since v4:
> * exclude the TEST_API() changes (requested by Kees Cook)
e second? Regardless, it looks good. Thanks!
-Kees
>
> Changes since v2:
> * add reference to the full documentation in the header file (suggested
> by Kees Cook)
>
> Signed-off-by: Mickaël Salaün <m...@digikod.net>
> Acked-by: Kees Cook <keesc...@chromium.org
arvalho Chehab <mche...@s-opensource.com>
Acked-by: Kees Cook <keesc...@chromium.org>
This should probably get moved under "Kernel API documentation" but
may need a new sub-category, maybe "instrumentation"? Things like
KASan could be put under that too.
-Ke
On Tue, May 23, 2017 at 3:29 AM, Djalal Harouni <tix...@gmail.com> wrote:
> On Tue, May 23, 2017 at 12:20 AM, Kees Cook <keesc...@chromium.org> wrote:
>> On Mon, May 22, 2017 at 4:57 AM, Djalal Harouni <tix...@gmail.com> wrote:
>>> This is a preparation patch
e systems start implementing
CONFIG_STATIC_USERMODEHELPER and kernel.modprobe becomes read-only
(though the userspace implementation may allow for some way to disable
it, etc). I just like avoiding the upcall to modprobe at all.
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from thi
g user process memory.
Here, it's CAP_SYS_MODULE... it's hard to imagine the situation where
a CAP_SYS_MODULE-capable process could write to this sysctl but NOT
issue direct modprobe requests, but it's _possible_ via crazy symlink
games to trick capable processes into writing to sysctls. We've seen
this multiple times before, and it's a way for attackers to turn a
single privileged write into a privileged exec.
I might turn the question around, though: why would we want to have it
changeable at this setting?
I'm fine leaving that piece off, either way.
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
lid */
> + if (capable(CAP_SYS_MODULE) ||
> + (allow_cap > 0 && capable(allow_cap)))
With the allow_cap check already happening in my suggestion for
__request_module(), it's not needed here. (In fact, it's not even
really needed to plumb this into the
ntly the only user of
> security_kernel_module_request() hook.
>
> Based on patch by Rusty Russell:
> https://lkml.org/lkml/2017/4/26/735
>
> Cc: Serge Hallyn <se...@hallyn.com>
> Cc: Andy Lutomirski <l...@kernel.org>
> Suggested-by: Rusty Russell <ru...@rustcorp
On Thu, May 18, 2017 at 9:49 AM, Jonathan Corbet <cor...@lwn.net> wrote:
> On Sat, 13 May 2017 04:51:36 -0700
> Kees Cook <keesc...@chromium.org> wrote:
>
>> This ReSTifies everything under Documentation/security/, and reorganizes
>> some of it (mainly the LS
On Mon, May 15, 2017 at 10:26 AM, Jonathan Corbet <cor...@lwn.net> wrote:
> On Sat, 13 May 2017 04:51:36 -0700
> Kees Cook <keesc...@chromium.org> wrote:
>
>> This ReSTifies everything under Documentation/security/, and reorganizes
>> some of it (mainly the LS
On Sun, May 14, 2017 at 5:00 PM, Casey Schaufler <ca...@schaufler-ca.com> wrote:
> On 5/13/2017 4:51 AM, Kees Cook wrote:
>> These fixes were needed to parse lsm_hooks.h kernel-doc. More work is
>> needed, but this is the first step.
>>
>> Cc: Casey Schaufler <c
Adjust IMA-templates.txt for ReST markup and add to the index for
security/, under the Kernel API Documentation.
Cc: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/security/00-INDEX| 2 -
.../{IMA-template
This updates the credentials API documentation to ReST markup and moves
it under the security subsection of kernel API documentation.
Cc: David Howells <dhowe...@redhat.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/security/00-INDEX
These fixes were needed to parse lsm_hooks.h kernel-doc. More work is
needed, but this is the first step.
Cc: Casey Schaufler <ca...@schaufler-ca.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/lsm_hooks.h | 25 -
1 file changed, 1
This updates no_new_privs documentation to ReST markup and adds it to
the user-space API documentation.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/userspace-api/index.rst | 1 +
.../no_new_privs.rst}
Adjusts for ReST markup and moves under LSM admin guide.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
.../Yama.txt => admin-guide/LSM/Yama.rst} | 55 --
Documentation/admin-guide/LSM/index.rst| 1 +
Documentation/security
Adjusts for ReST markup and moves under LSM admin guide.
Cc: Casey Schaufler <ca...@schaufler-ca.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
.../Smack.txt => admin-guide/LSM/Smack.rst}| 273 ++---
Documentation/admin-guide/LSM/index.rst
This creates a new section in the security development index for kernel
keys, and adjusts for ReST markup.
Cc: David Howells <dhowe...@redhat.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Documentation/crypto/asymmetric-keys.txt | 2 +-
Documentation/secur
On Wed, May 3, 2017 at 1:02 PM, Matt Brown <m...@nmatt.com> wrote:
> On 05/03/2017 03:45 PM, Greg KH wrote:
>>
>> On Wed, May 03, 2017 at 12:32:07PM -0700, Kees Cook wrote:
>>>
>>> On Mon, Apr 24, 2017 at 6:57 AM, Serge E. Hallyn <se...@hallyn.com&g
nclude/linux/tty.h
>> index 1017e904..d902d42 100644
>> --- a/include/linux/tty.h
>> +++ b/include/linux/tty.h
>> @@ -12,6 +12,7 @@
>> #include
>> #include
>> #include
>> +#include
>>
>>
>> /*
>> @@ -333,6 +334,7 @@ st
.
This looks like it's ready to go. Greg, can you include this in your
tree? That seems like the best place, even though it touches a few
areas.
Please consider it:
Reviewed-by: Kees Cook <keesc...@chromium.org>
Thanks!
-Kees
>
> # Changes since v4:
> * fixed typo
>
> # Chan
; selftests: Cosmetic renames in kselftest_harness.h
> selftests/seccomp: Force rebuild according to dependencies
> Documentation/dev-tools: Add kselftest
For these four:
Acked-by: Kees Cook <keesc...@chromium.org>
> Documentation/dev-tools: Use reStructuredText mar
tal.net>
> Cc: Jonathan Corbet <cor...@lwn.net>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Shuah Khan <sh...@kernel.org>
> Cc: Will Drewry <w...@chromium.org>
> ---
> Documentation/dev-tools/kselftest.rst | 57 ++
> tools/testing/selftest
+.. code-block:: sh
> +
> +cd kselftest
> +./run_kselftest.sh
>
> Contributing new tests
> -==
> +--
>
> In general, the rules for selftests are
>
> @@ -96,8 +127,8 @@ In general, the rules for selftests are
> * Don't cause the top-level "make run_tests" to fail if your feature is
> unconfigured.
>
> -Contributing new tests(details)
> -===
> +Contributing new tests (details)
> +
>
> * Use TEST_GEN_XXX if such binaries or files are generated during
> compiling.
> --
> 2.11.0
>
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
e.g. LD_*)
It seems most aren't explicitly marked up in existing docs. Sometimes
functions are wrapped in `` marks, same for pathnames. Any opinions
would be appreciated. :)
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body
On Mon, May 1, 2017 at 8:11 AM, Jonathan Corbet <cor...@lwn.net> wrote:
> On Fri, 28 Apr 2017 13:24:36 -0700
> Kees Cook <keesc...@google.com> wrote:
>
>> I was curious if the conversion of security/ (and prctl/ which only
>> has two files that should p
584 insertions(+), 8 deletions(-)
> create mode 100644 Documentation/device-mapper/boot.txt
> create mode 100644 init/do_mounts_dm.c
>
> --
> 2.9.3
>
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sat, Mar 25, 2017 at 7:54 AM, Evgenii Shatokhin
<eugene.shatok...@yandex.ru> wrote:
> On 23.03.2017 18:30, Rafael J. Wysocki wrote:
>>
>> On Thu, Mar 23, 2017 at 2:23 PM, Evgenii Shatokhin
>> <eugene.shatok...@yandex.ru> wrote:
>>>
ibernation (with a warning). Booting with "nokaslr" will disable KASLR
and enable hibernation.
Reported-by: Evgenii Shatokhin <eugene.shatok...@yandex.ru>
Signed-off-by: Kees Cook <keesc...@chromium.org>
Cc: sta...@vger.kernel.org # v4.8+
---
Documentation/admin-guide/kernel
or mine?
If you have other changes queued for v4.11, please take it via your
tree. Otherwise, perhaps the docs tree or mine? (I don't currently
have any fixes queued; I'm just trying to minimize pull requests going
to Linus...)
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send
On Tue, Mar 7, 2017 at 8:16 AM, Namhyung Kim <namhy...@gmail.com> wrote:
> Hi Kees,
>
> On Tue, Mar 7, 2017 at 6:55 AM, Kees Cook <keesc...@chromium.org> wrote:
>> Technically, it might be possible for struct pstore_info to go out of
>> scope after the module_
On Tue, Mar 7, 2017 at 8:22 AM, Namhyung Kim <namhy...@gmail.com> wrote:
> On Tue, Mar 7, 2017 at 6:55 AM, Kees Cook <keesc...@chromium.org> wrote:
>> The read/mkfile pair pass the same arguments and should be cleared
>> between calls. Move to a structure and wipe it aft
On Mon, Mar 6, 2017 at 11:27 PM, Jonathan Corbet <cor...@lwn.net> wrote:
> On Mon, 6 Mar 2017 11:13:51 -0800
> Kees Cook <keesc...@chromium.org> wrote:
>
>> The kernel security team is regularly asked to provide CVE identifiers,
>> which we don't normally d
Technically, it might be possible for struct pstore_info to go out of
scope after the module_put(), so report the backend name first.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/
When built as a module and running with update_ms >= 0, pstore will Oops
during module unload since the work timer is still running. This makes sure
the worker is stopped before unloading.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Cc: sta...@vger.kernel.org
---
fs/pstore/platfo
Instead of the long list of arguments, just pass the new record struct.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/inode.c| 57 +---
fs/pstore/internal.h | 5 +
fs/pstore/platform.c | 6 +-
3 files chang
This moves the record decompression logic out to a separate function
to avoid the deep indentation.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 67 +---
1 file changed, 37 insertions(+), 30 deletions(-)
diff
This switches the inode-private data from carrying duplicate metadata to
keeping the record passed in during pstore_mkfile().
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/inode.c| 57 ++--
fs/pstore/platform.c | 6 ++-
For a long time I've been bothered by the complexity of argument passing
in the pstore internals, which makes understanding things and changing
things extremely fragile.
With the proposal of a new backend (EPI capsules), and my attempts to
reorganize things for the proposed multiple-pmsg
This removes the argument list for the erase() callback and replaces it
with a pointer to the backend record details to be removed.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/acpi/apei/erst.c | 8 +++-
drivers/firmware/efi/efi-pstore.
In preparation for handling records off to pstore_mkfile(), allocate the
record instead of reusing stack. This still always frees the record,
though, since pstore_mkfile() isn't yet keeping it.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.
Removes argument list in favor of pstore record, though the user buffer
remains passed separately since it must carry the __user annotation.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 35 ---
fs/pstore/pmsg.c
Uncommon errors are better to get reported to dmesg so developers can
more easily figure out why pstore is unhappy with a backend attempting
to register.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
The argument list for the pstore_read() interface is unwieldy. This changes
passes the new struct pstore_record instead. The erst backend was already
doing something similar internally.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/powerpc/kernel/nvram_64.c
Currently, pstore_mkfile() performs a memcpy() of the record contents,
so it can live anywhere. However, this is needlessly wasteful. In
preparation of pstore_mkfile() keeping the record contents, always
allocate a buffer for the contents.
Signed-off-by: Kees Cook <keesc...@chromium.org>
-
1 - 100 of 199 matches
Mail list logo