Re: [PATCH 03/14] mm/hmm: HMM should have a callback before MM is destroyed v2

On Fri, Mar 16, 2018 at 02:12:21PM -0700, Andrew Morton wrote: > On Fri, 16 Mar 2018 15:14:08 -0400 jgli...@redhat.com wrote: > > > The hmm_mirror_register() function registers a callback for when > > the CPU pagetable is modified. Normally, the device driver will > > call hmm_mirror_unregister()

Re: [PATCH] mm: add config for readahead window

On Fri, Mar 16, 2018 at 1:56 PM, Kirill A. Shutemov wrote: > > Increase of readahead window was proposed several times. And rejected. > IIRC, Linus was against it. I have never seen any valid situation that wasn't tuning for one odd machine, usually with a horribly crappy disk setup and very

[PATCH v7 0/2] hwmon: (ucd9000) Add gpio and debugfs interfaces

The ucd9000 series chips have gpio pins. Add a gpio chip interface to the ucd device so that users can query and set the state of the gpio pins. Add a debugfs interface using the existing pmbus debugfs directory to provide MFR_STATUS and the status of the gpi faults to users. Changes since v6:

[PATCH v7 0/2] hwmon: (ucd9000) Add gpio and debugfs interfaces

The ucd9000 series chips have gpio pins. Add a gpio chip interface to the ucd device so that users can query and set the state of the gpio pins. Add a debugfs interface using the existing pmbus debugfs directory to provide MFR_STATUS and the status of the gpi faults to users. Changes since v6:

[PATCH v7 1/2] hwmon: (ucd9000) Add gpio chip interface

From: Christopher Bostic Add a struct gpio_chip and define some methods so that this device's I/O can be accessed via /sys/class/gpio. Signed-off-by: Christopher Bostic Signed-off-by: Andrew Jeffery Signed-off-by: Eddie

[PATCH v7 2/2] hwmon: (ucd9000) Add debugfs attributes to provide mfr_status

From: Christopher Bostic Expose the gpiN_fault fields of mfr_status as individual debugfs attributes. This provides a way for users to be easily notified of gpi faults. Also provide the whole mfr_status register in debugfs. Signed-off-by: Christopher Bostic

[PATCH v7 1/2] hwmon: (ucd9000) Add gpio chip interface

From: Christopher Bostic Add a struct gpio_chip and define some methods so that this device's I/O can be accessed via /sys/class/gpio. Signed-off-by: Christopher Bostic Signed-off-by: Andrew Jeffery Signed-off-by: Eddie James --- drivers/hwmon/pmbus/ucd9000.c | 212

[PATCH v7 2/2] hwmon: (ucd9000) Add debugfs attributes to provide mfr_status

From: Christopher Bostic Expose the gpiN_fault fields of mfr_status as individual debugfs attributes. This provides a way for users to be easily notified of gpi faults. Also provide the whole mfr_status register in debugfs. Signed-off-by: Christopher Bostic Signed-off-by: Andrew Jeffery

Re: [PATCH 02/14] mm/hmm: fix header file if/else/endif maze

On Fri, Mar 16, 2018 at 02:09:59PM -0700, Andrew Morton wrote: > On Fri, 16 Mar 2018 15:14:07 -0400 jgli...@redhat.com wrote: > > > From: Jérôme Glisse > > > > The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. > > "were wrong" is not a sufficient explanation of

Re: [PATCH 02/14] mm/hmm: fix header file if/else/endif maze

On Fri, Mar 16, 2018 at 02:09:59PM -0700, Andrew Morton wrote: > On Fri, 16 Mar 2018 15:14:07 -0400 jgli...@redhat.com wrote: > > > From: Jérôme Glisse > > > > The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. > > "were wrong" is not a sufficient explanation of the problem,

Re: [PATCH 0/2] net: phy: relax error checking when creating sysfs link netdev->phydev

> I agree, let's not have you run into circles, let's just use your > patches as they are since they fix the problem and are not intrusive in > any way. Agreed, this is too complex, for little gain. Andrew

Re: [PATCH 0/2] net: phy: relax error checking when creating sysfs link netdev->phydev

> I agree, let's not have you run into circles, let's just use your > patches as they are since they fix the problem and are not intrusive in > any way. Agreed, this is too complex, for little gain. Andrew

Re: [PATCH 03/14] mm/hmm: HMM should have a callback before MM is destroyed v2

On Fri, 16 Mar 2018 15:14:08 -0400 jgli...@redhat.com wrote: > The hmm_mirror_register() function registers a callback for when > the CPU pagetable is modified. Normally, the device driver will > call hmm_mirror_unregister() when the process using the device is > finished. However, if the process

Re: [PATCH 03/14] mm/hmm: HMM should have a callback before MM is destroyed v2

On Fri, 16 Mar 2018 15:14:08 -0400 jgli...@redhat.com wrote: > The hmm_mirror_register() function registers a callback for when > the CPU pagetable is modified. Normally, the device driver will > call hmm_mirror_unregister() when the process using the device is > finished. However, if the process

[patch -mm 0/6] rewrite cgroup aware oom killer for general use

There are three significant concerns about the cgroup aware oom killer as it is implemented in -mm: (1) allows users to evade the oom killer by creating subcontainers or using other controllers since scoring is done per cgroup and not hierarchically, (2) unfairly compares the root

[patch -mm 0/6] rewrite cgroup aware oom killer for general use

There are three significant concerns about the cgroup aware oom killer as it is implemented in -mm: (1) allows users to evade the oom killer by creating subcontainers or using other controllers since scoring is done per cgroup and not hierarchically, (2) unfairly compares the root

Re: [PATCH 0/2] net: phy: relax error checking when creating sysfs link netdev->phydev

On 03/16/2018 01:13 PM, Grygorii Strashko wrote: > > > On 03/16/2018 02:54 PM, Andrew Lunn wrote: >>> The phydrv->mdiodrv.flags can be accessible only after call to >>> of_phy_connect()/phy_connect(), >> >> You need to use a function like of_phy_find_device() to get the >> phydev, set the flag,

[patch -mm 2/6] mm, memcg: replace cgroup aware oom killer mount option with tunable

Now that each mem cgroup on the system has a memory.oom_policy tunable to specify oom kill selection behavior, remove the needless "groupoom" mount option that requires (1) the entire system to be forced, perhaps unnecessarily, perhaps unexpectedly, into a single oom policy that differs from the

Re: [PATCH 0/2] net: phy: relax error checking when creating sysfs link netdev->phydev

On 03/16/2018 01:13 PM, Grygorii Strashko wrote: > > > On 03/16/2018 02:54 PM, Andrew Lunn wrote: >>> The phydrv->mdiodrv.flags can be accessible only after call to >>> of_phy_connect()/phy_connect(), >> >> You need to use a function like of_phy_find_device() to get the >> phydev, set the flag,

[patch -mm 2/6] mm, memcg: replace cgroup aware oom killer mount option with tunable

Now that each mem cgroup on the system has a memory.oom_policy tunable to specify oom kill selection behavior, remove the needless "groupoom" mount option that requires (1) the entire system to be forced, perhaps unnecessarily, perhaps unexpectedly, into a single oom policy that differs from the

Re: [PATCH 02/14] mm/hmm: fix header file if/else/endif maze

On Fri, 16 Mar 2018 15:14:07 -0400 jgli...@redhat.com wrote: > From: Jérôme Glisse > > The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. "were wrong" is not a sufficient explanation of the problem, especially if we're requesting a -stable backport. Please fully

Re: [PATCH 02/14] mm/hmm: fix header file if/else/endif maze

On Fri, 16 Mar 2018 15:14:07 -0400 jgli...@redhat.com wrote: > From: Jérôme Glisse > > The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. "were wrong" is not a sufficient explanation of the problem, especially if we're requesting a -stable backport. Please fully describe the effects

[patch -mm 5/6] mm, memcg: separate oom_group from selection criteria

With the current implementation of the cgroup-aware oom killer, memory.oom_group defines two behaviors: - consider the footprint of the "group" consisting of the mem cgroup itself and all descendants for comparison with other cgroups, and - when selected as the victim mem cgroup, kill all

[patch -mm 5/6] mm, memcg: separate oom_group from selection criteria

With the current implementation of the cgroup-aware oom killer, memory.oom_group defines two behaviors: - consider the footprint of the "group" consisting of the mem cgroup itself and all descendants for comparison with other cgroups, and - when selected as the victim mem cgroup, kill all

[patch -mm 4/6] mm, memcg: evaluate root and leaf memcgs fairly on oom

There are several downsides to the current implementation that compares the root mem cgroup with leaf mem cgroups for the cgroup-aware oom killer. For example, /proc/pid/oom_score_adj is accounted for processes attached to the root mem cgroup but not leaves. This leads to wild inconsistencies

[patch -mm 3/6] mm, memcg: add hierarchical usage oom policy

One of the three significant concerns brought up about the cgroup aware oom killer is that its decisionmaking is completely evaded by creating subcontainers and attaching processes such that the ancestor's usage does not exceed another cgroup on the system. Consider the example from the previous

[patch -mm 1/6] mm, memcg: introduce per-memcg oom policy tunable

The cgroup aware oom killer is needlessly enforced for the entire system by a mount option. It's unnecessary to force the system into a single oom policy: either cgroup aware, or the traditional process aware. This patch introduces a memory.oom_policy tunable for all mem cgroups. It is currently

[patch -mm 3/6] mm, memcg: add hierarchical usage oom policy

One of the three significant concerns brought up about the cgroup aware oom killer is that its decisionmaking is completely evaded by creating subcontainers and attaching processes such that the ancestor's usage does not exceed another cgroup on the system. Consider the example from the previous

[patch -mm 1/6] mm, memcg: introduce per-memcg oom policy tunable

The cgroup aware oom killer is needlessly enforced for the entire system by a mount option. It's unnecessary to force the system into a single oom policy: either cgroup aware, or the traditional process aware. This patch introduces a memory.oom_policy tunable for all mem cgroups. It is currently

[patch -mm 4/6] mm, memcg: evaluate root and leaf memcgs fairly on oom

There are several downsides to the current implementation that compares the root mem cgroup with leaf mem cgroups for the cgroup-aware oom killer. For example, /proc/pid/oom_score_adj is accounted for processes attached to the root mem cgroup but not leaves. This leads to wild inconsistencies

[patch -mm 6/6] mm, memcg: disregard mempolicies for cgroup-aware oom killer

The cgroup-aware oom killer currently considers the set of allowed nodes for the allocation that triggers the oom killer and discounts usage from disallowed nodes when comparing cgroups. If a cgroup has both the cpuset and memory controllers enabled, it may be possible to restrict allocations to

[patch -mm 6/6] mm, memcg: disregard mempolicies for cgroup-aware oom killer

The cgroup-aware oom killer currently considers the set of allowed nodes for the allocation that triggers the oom killer and discounts usage from disallowed nodes when comparing cgroups. If a cgroup has both the cpuset and memory controllers enabled, it may be possible to restrict allocations to

Re: [PATCH 13/22] signal: Move addr_lsb into the _sigfault union for clarity

Dave Hansen writes: > On 03/16/2018 01:06 PM, Eric W. Biederman wrote: >>> It does not revert cleanly so I reverted it manually. Patch doing that >>> is attached. Should we do this, or is there a better option? >> Please see: >> 859d880cf544 ("signal: Correct the offset

Re: [PATCH 13/22] signal: Move addr_lsb into the _sigfault union for clarity

Dave Hansen writes: > On 03/16/2018 01:06 PM, Eric W. Biederman wrote: >>> It does not revert cleanly so I reverted it manually. Patch doing that >>> is attached. Should we do this, or is there a better option? >> Please see: >> 859d880cf544 ("signal: Correct the offset of si_pkey in struct

[PATCHv2] mm/shmem: Do not wait for lock_page() in shmem_unused_huge_shrink()

shmem_unused_huge_shrink() gets called from reclaim path. Waiting for page lock may lead to deadlock there. There was a bug report that may be attributed to this: http://lkml.kernel.org/r/alpine.lrh.2.11.1801242349220.30...@mail.ewheeler.net Replace lock_page() with trylock_page() and skip the

[PATCHv2] mm/shmem: Do not wait for lock_page() in shmem_unused_huge_shrink()

shmem_unused_huge_shrink() gets called from reclaim path. Waiting for page lock may lead to deadlock there. There was a bug report that may be attributed to this: http://lkml.kernel.org/r/alpine.lrh.2.11.1801242349220.30...@mail.ewheeler.net Replace lock_page() with trylock_page() and skip the

[PATCH] drm: Reduce object size of DRM_DEV_ uses

These macros are similar to the DRM_ with the addition of a struct device * to the arguments. Convert the single drm_dev_printk function into 2 separate functions. drm_dev_printk with a KERN_ * for generic use and drm_dev_dbg for conditional masked use. Remove the __func__ argument and use

[PATCH] drm: Reduce object size of DRM_DEV_ uses

These macros are similar to the DRM_ with the addition of a struct device * to the arguments. Convert the single drm_dev_printk function into 2 separate functions. drm_dev_printk with a KERN_ * for generic use and drm_dev_dbg for conditional masked use. Remove the __func__ argument and use

Re: [PATCH] mm: add config for readahead window

On Fri, Mar 16, 2018 at 11:25:08AM -0700, Wei Wang wrote: > From: Wei Wang > > Change VM_MAX_READAHEAD value from the default 128KB to a configurable > value. This will allow the readahead window to grow to a maximum size > bigger than 128KB during boot, which could benefit to

Re: [PATCH] mm: add config for readahead window

On Fri, Mar 16, 2018 at 11:25:08AM -0700, Wei Wang wrote: > From: Wei Wang > > Change VM_MAX_READAHEAD value from the default 128KB to a configurable > value. This will allow the readahead window to grow to a maximum size > bigger than 128KB during boot, which could benefit to sequential read >

Re: [PATCH 12/31] x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points

On Fri, Mar 2, 2018 at 9:10 AM, Joerg Roedel wrote: > On Thu, Mar 01, 2018 at 10:38:21AM -0800, Linus Torvalds wrote: >> Note that debug traps can happen regardless of TF, Think kgdb etc. >> Arguably kgdb users get what they deserve, but still.. I think root >> can set kernel

Re: [PATCH 12/31] x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points

On Fri, Mar 2, 2018 at 9:10 AM, Joerg Roedel wrote: > On Thu, Mar 01, 2018 at 10:38:21AM -0800, Linus Torvalds wrote: >> Note that debug traps can happen regardless of TF, Think kgdb etc. >> Arguably kgdb users get what they deserve, but still.. I think root >> can set kernel breakpoints too. > >

Re: [PATCH] libata: blacklist Micron 500IT SSD with MU01 firmware

Hi Martin, On Fri, Mar 16, 2018 at 11:54:30AM -0400, Martin K. Petersen wrote: > > Sudip, > > > While whitelisting Micron M500DC drives, the tweaked blacklist entry > > enabled queued TRIM from M500IT variants also. But these do not support > > queued TRIM. And while using those SSDs with the

Re: [PATCH] libata: blacklist Micron 500IT SSD with MU01 firmware

Hi Martin, On Fri, Mar 16, 2018 at 11:54:30AM -0400, Martin K. Petersen wrote: > > Sudip, > > > While whitelisting Micron M500DC drives, the tweaked blacklist entry > > enabled queued TRIM from M500IT variants also. But these do not support > > queued TRIM. And while using those SSDs with the

Re: [PATCH v6 2/2] hwmon: (ucd9000) Add debugfs attributes to provide mfr_status

On Fri, Mar 16, 2018 at 03:04:47PM -0500, Eddie James wrote: > > > On 03/16/2018 02:59 PM, Guenter Roeck wrote: > >On Fri, Mar 16, 2018 at 02:25:59PM -0500, Eddie James wrote: > >>From: Christopher Bostic > >> > >>Expose the gpiN_fault fields of mfr_status as

Re: [PATCH v6 2/2] hwmon: (ucd9000) Add debugfs attributes to provide mfr_status

On Fri, Mar 16, 2018 at 03:04:47PM -0500, Eddie James wrote: > > > On 03/16/2018 02:59 PM, Guenter Roeck wrote: > >On Fri, Mar 16, 2018 at 02:25:59PM -0500, Eddie James wrote: > >>From: Christopher Bostic > >> > >>Expose the gpiN_fault fields of mfr_status as individual debugfs > >>attributes.

Re: [PATCH] mm: add config for readahead window

On Fri, Mar 16, 2018 at 06:49:08PM +, Wei Wang wrote: > Android devices boot time benefits by bigger readahead window setting from > init. This patch will make readahead window a config so early boot can > benefit by it as well. Why not put that in the changelog text?

Re: [PATCH] mm: add config for readahead window

On Fri, Mar 16, 2018 at 06:49:08PM +, Wei Wang wrote: > Android devices boot time benefits by bigger readahead window setting from > init. This patch will make readahead window a config so early boot can > benefit by it as well. Why not put that in the changelog text?

Re: [PATCH] net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred

Le 16/03/2018 à 20:27, David Miller a écrit : From: Christophe JAILLET Date: Wed, 14 Mar 2018 22:09:34 +0100 diff --git a/drivers/net/ethernet/arc/emac_rockchip.c b/drivers/net/ethernet/arc/emac_rockchip.c index 16f9bee992fe..8ee9dfd0e363 100644 ---

Re: [PATCH] net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred

Le 16/03/2018 à 20:27, David Miller a écrit : From: Christophe JAILLET Date: Wed, 14 Mar 2018 22:09:34 +0100 diff --git a/drivers/net/ethernet/arc/emac_rockchip.c b/drivers/net/ethernet/arc/emac_rockchip.c index 16f9bee992fe..8ee9dfd0e363 100644 --- a/drivers/net/ethernet/arc/emac_rockchip.c

Re: [PATCH] net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred

Le 16/03/2018 à 20:27, David Miller a écrit : From: Christophe JAILLET Date: Wed, 14 Mar 2018 22:09:34 +0100 diff --git a/drivers/net/ethernet/arc/emac_rockchip.c b/drivers/net/ethernet/arc/emac_rockchip.c index 16f9bee992fe..8ee9dfd0e363 100644 ---

Re: [PATCH] net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred

Le 16/03/2018 à 20:27, David Miller a écrit : From: Christophe JAILLET Date: Wed, 14 Mar 2018 22:09:34 +0100 diff --git a/drivers/net/ethernet/arc/emac_rockchip.c b/drivers/net/ethernet/arc/emac_rockchip.c index 16f9bee992fe..8ee9dfd0e363 100644 --- a/drivers/net/ethernet/arc/emac_rockchip.c

Re: [PATCH 01/14] Input: atmel_mxt_ts - do not pass suspend mode in platform data

On Thu, Mar 15, 2018 at 04:56:21PM -0700, Dmitry Torokhov wrote: > On Wed, Mar 14, 2018 at 08:51:24PM +, Nick Dyer wrote: > > On Mon, Mar 12, 2018 at 12:08:54PM -0700, Dmitry Torokhov wrote: > > > The way we are supposed to put controller to sleep and wake it up does not > > > depend on the

Re: [PATCH 01/14] Input: atmel_mxt_ts - do not pass suspend mode in platform data

On Thu, Mar 15, 2018 at 04:56:21PM -0700, Dmitry Torokhov wrote: > On Wed, Mar 14, 2018 at 08:51:24PM +, Nick Dyer wrote: > > On Mon, Mar 12, 2018 at 12:08:54PM -0700, Dmitry Torokhov wrote: > > > The way we are supposed to put controller to sleep and wake it up does not > > > depend on the

Re: [PATCH 14/14] Input: atmel_mxt_ts - remove platform data support

On Thu, Mar 15, 2018 at 05:06:14PM -0700, Dmitry Torokhov wrote: > On Wed, Mar 14, 2018 at 08:59:38PM +, Nick Dyer wrote: > > On Mon, Mar 12, 2018 at 12:09:07PM -0700, Dmitry Torokhov wrote: > > > - /* > > > - * Ignore ACPI devices representing bootloader mode. > > > - * > > > - * This is a

Re: [PATCH 14/14] Input: atmel_mxt_ts - remove platform data support

On Thu, Mar 15, 2018 at 05:06:14PM -0700, Dmitry Torokhov wrote: > On Wed, Mar 14, 2018 at 08:59:38PM +, Nick Dyer wrote: > > On Mon, Mar 12, 2018 at 12:09:07PM -0700, Dmitry Torokhov wrote: > > > - /* > > > - * Ignore ACPI devices representing bootloader mode. > > > - * > > > - * This is a

[PATCH v6 10/12] ima: Add functions to read and verify a modsig signature

This is the code needed by IMA-appraise to work with modsig signatures. It will be used by the next two patches. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig | 3 + security/integrity/ima/ima.h| 41

[PATCH v6 10/12] ima: Add functions to read and verify a modsig signature

This is the code needed by IMA-appraise to work with modsig signatures. It will be used by the next two patches. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig | 3 + security/integrity/ima/ima.h| 41 security/integrity/ima/ima_modsig.c | 181

[PATCH v6 00/12] Appended signatures support for IMA appraisal

Hello, The main highlight in this version is that it's not necessary to appraise the file before storing its measurement anymore. This is possible due to a new approach that Mimi suggested: we decide whether the modsig should be used or not at the time it is read from the file, while before we

[PATCH v6 00/12] Appended signatures support for IMA appraisal

Hello, The main highlight in this version is that it's not necessary to appraise the file before storing its measurement anymore. This is possible due to a new approach that Mimi suggested: we decide whether the modsig should be used or not at the time it is read from the file, while before we

[PATCH v6 03/12] PKCS#7: Introduce pkcs7_get_digest()

IMA will need to access the digest of the PKCS7 message (as calculated by the kernel) before the signature is verified, so introduce pkcs7_get_digest() for that purpose. Also, modify pkcs7_digest() to detect when the digest was already calculated so that it doesn't have to do redundant work.

[PATCH v6 03/12] PKCS#7: Introduce pkcs7_get_digest()

IMA will need to access the digest of the PKCS7 message (as calculated by the kernel) before the signature is verified, so introduce pkcs7_get_digest() for that purpose. Also, modify pkcs7_digest() to detect when the digest was already calculated so that it doesn't have to do redundant work.

[PATCH v6 07/12] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v6 07/12] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v6 05/12] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +---

[PATCH v6 05/12] integrity: Introduce integrity_keyring_from_id()

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +--- security/integrity/integrity.h | 6 ++ 2 files

[PATCH v6 09/12] ima: Add modsig appraise_type option for module-style appended signatures

This patch introduces the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig With this rule, IMA will accept

[PATCH v6 09/12] ima: Add modsig appraise_type option for module-style appended signatures

This patch introduces the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig With this rule, IMA will accept

[PATCH v6 06/12] integrity: Introduce asymmetric_sig_has_known_key()

IMA will only look for a modsig if the xattr sig references a key which is not in the expected kernel keyring. To that end, introduce asymmetric_sig_has_known_key(). The logic of extracting the key used in the xattr sig is factored out from asymmetric_verify() so that it can be used by the new

[PATCH v6 06/12] integrity: Introduce asymmetric_sig_has_known_key()

IMA will only look for a modsig if the xattr sig references a key which is not in the expected kernel keyring. To that end, introduce asymmetric_sig_has_known_key(). The logic of extracting the key used in the xattr sig is factored out from asymmetric_verify() so that it can be used by the new

[PATCH v6 11/12] ima: Implement support for module-style appended signatures

This patch actually implements the appraise_type=imasig|modsig option, allowing IMA to read and verify modsig signatures. In case both are present in the same file, IMA will first check whether the key used by the xattr signature is present in the kernel keyring. If not, it will try the appended

[PATCH v6 11/12] ima: Implement support for module-style appended signatures

This patch actually implements the appraise_type=imasig|modsig option, allowing IMA to read and verify modsig signatures. In case both are present in the same file, IMA will first check whether the key used by the xattr signature is present in the kernel keyring. If not, it will try the appended

[PATCH v6 12/12] ima: Write modsig to the measurement list

Define new "d-sig" template field which holds the digest that is expected to match the one contained in the modsig. Also add modsig support to the "sig" template field, allowing the the contents of the modsig to be included in the measurement list. Suggested-by: Mimi Zohar

[PATCH v6 12/12] ima: Write modsig to the measurement list

Define new "d-sig" template field which holds the digest that is expected to match the one contained in the modsig. Also add modsig support to the "sig" template field, allowing the the contents of the modsig to be included in the measurement list. Suggested-by: Mimi Zohar Signed-off-by: Thiago

[PATCH v6 08/12] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff

[PATCH v6 08/12] ima: Export func_tokens

ima_read_modsig() will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git

[PATCH v6 02/12] PKCS#7: Introduce pkcs7_get_message_sig() and verify_pkcs7_message_sig()

IMA will need to know the key that signed a given PKCS#7 message, so add pkcs7_get_message_sig(). It will also need to verify an already parsed PKCS#7 message. For this purpose, add verify_pkcs7_message_sig() which takes a struct pkcs7_message for verification instead of the raw bytes that

[PATCH v6 04/12] ima: Introduce is_ima_sig()

With the introduction of another IMA signature type (modsig), some places will need to check for both of them. It is cleaner to do that if there's a helper function to tell whether an xattr_value represents an IMA signature. Suggested-by: Mimi Zohar Signed-off-by:

[PATCH v6 04/12] ima: Introduce is_ima_sig()

With the introduction of another IMA signature type (modsig), some places will need to check for both of them. It is cleaner to do that if there's a helper function to tell whether an xattr_value represents an IMA signature. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann ---

[PATCH v6 02/12] PKCS#7: Introduce pkcs7_get_message_sig() and verify_pkcs7_message_sig()

IMA will need to know the key that signed a given PKCS#7 message, so add pkcs7_get_message_sig(). It will also need to verify an already parsed PKCS#7 message. For this purpose, add verify_pkcs7_message_sig() which takes a struct pkcs7_message for verification instead of the raw bytes that

[PATCH v6 01/12] MODSIGN: Export module signature definitions

IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use validate_module_sig()

[PATCH v6 01/12] MODSIGN: Export module signature definitions

IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use validate_module_sig()

[PATCH v2 1/5] KVM: VMX: Fix the module parameters for vmx

The vmx module parameters are supposed to be unsigned variants. Also fixed the checkpatch errors like the one below. WARNING: Symbolic permissions 'S_IRUGO' are not preferred. Consider using octal permissions '0444'. +module_param(ple_gap, uint, S_IRUGO); Signed-off-by: Babu Moger

[PATCH v2 1/5] KVM: VMX: Fix the module parameters for vmx

The vmx module parameters are supposed to be unsigned variants. Also fixed the checkpatch errors like the one below. WARNING: Symbolic permissions 'S_IRUGO' are not preferred. Consider using octal permissions '0444'. +module_param(ple_gap, uint, S_IRUGO); Signed-off-by: Babu Moger ---

[PATCH v2 4/5] KVM: SVM: Add pause filter threshold

This patch adds the support for pause filtering threshold. This feature support is indicated by CPUID Fn8000_000A_EDX. See AMD APM Vol 2 Section 15.14.4 Pause Intercept Filtering for more details. In this mode, a 16-bit pause filter threshold field is added in VMCB. The threshold value is a cycle

[PATCH v2 0/5] KVM: x86: Implement Pause Loop Exit for SVM

This series adds PLE(pause loop exit) logic from VMX to SVM. We have noticed considerable reduction in number of VMEXITS due to pause interceptions after these changes. Here are the numbers on one guest with 32 vcpus on AMD EPYC system. We have used boot parameter idle=poll to simulate extensive

[PATCH v2 3/5] KVM: VMX: Bring the common code to header file

This patch brings some of the code from vmx to x86.h header file. Now, we can share this code between vmx and svm. Modified couple functions to make it common. Signed-off-by: Babu Moger --- arch/x86/kvm/vmx.c | 48 +---

[PATCH v2 4/5] KVM: SVM: Add pause filter threshold

This patch adds the support for pause filtering threshold. This feature support is indicated by CPUID Fn8000_000A_EDX. See AMD APM Vol 2 Section 15.14.4 Pause Intercept Filtering for more details. In this mode, a 16-bit pause filter threshold field is added in VMCB. The threshold value is a cycle

[PATCH v2 0/5] KVM: x86: Implement Pause Loop Exit for SVM

This series adds PLE(pause loop exit) logic from VMX to SVM. We have noticed considerable reduction in number of VMEXITS due to pause interceptions after these changes. Here are the numbers on one guest with 32 vcpus on AMD EPYC system. We have used boot parameter idle=poll to simulate extensive

[PATCH v2 3/5] KVM: VMX: Bring the common code to header file

This patch brings some of the code from vmx to x86.h header file. Now, we can share this code between vmx and svm. Modified couple functions to make it common. Signed-off-by: Babu Moger --- arch/x86/kvm/vmx.c | 48 +--- arch/x86/kvm/x86.h | 35

[PATCH v2 5/5] KVM: SVM: Implement pause loop exit logic in SVM

Bring the PLE(pause loop exit) logic to AMD svm driver. While testing, we found this helping in situations where numerous pauses are generated. Without these patches we could see continuos VMEXITS due to pause interceptions. Tested it on AMD EPYC server with boot parameter idle=poll on a VM with

[PATCH v2 5/5] KVM: SVM: Implement pause loop exit logic in SVM

Bring the PLE(pause loop exit) logic to AMD svm driver. While testing, we found this helping in situations where numerous pauses are generated. Without these patches we could see continuos VMEXITS due to pause interceptions. Tested it on AMD EPYC server with boot parameter idle=poll on a VM with

[PATCH v2 2/5] KVM: VMX: Remove ple_window_actual_max

Get rid of ple_window_actual_max, because its benefits are really minuscule and the logic is complicated. The overflows(and underflow) are controlled in __ple_window_grow and _ple_window_shrink respectively. Suggested-by: Radim Krčmář Signed-off-by: Babu Moger

[PATCH v2 2/5] KVM: VMX: Remove ple_window_actual_max

Get rid of ple_window_actual_max, because its benefits are really minuscule and the logic is complicated. The overflows(and underflow) are controlled in __ple_window_grow and _ple_window_shrink respectively. Suggested-by: Radim Krčmář Signed-off-by: Babu Moger --- arch/x86/kvm/vmx.c | 22

Re: [PATCH v3 01/15] dt-bindings: clock: mediatek: add missing required #reset-cells

Quoting sean.w...@mediatek.com (2018-02-17 11:54:36) > From: Sean Wang > > All ethsys, pciesys and ssusbsys internally include reset controller, so > explicitly add back these missing cell definitions to related bindings > and examples. > > Signed-off-by: Sean Wang

[PATCH 11/14] mm/hmm: move hmm_pfns_clear() closer to where it is use

From: Jérôme Glisse Move hmm_pfns_clear() closer to where it is use to make it clear it is not use by page table walkers. Signed-off-by: Jérôme Glisse Cc: Evgeny Baskakov Cc: Ralph Campbell Cc: Mark Hairgrove

Re: [PATCH v3 01/15] dt-bindings: clock: mediatek: add missing required #reset-cells

Quoting sean.w...@mediatek.com (2018-02-17 11:54:36) > From: Sean Wang > > All ethsys, pciesys and ssusbsys internally include reset controller, so > explicitly add back these missing cell definitions to related bindings > and examples. > > Signed-off-by: Sean Wang > Cc: Rob Herring > Cc:

[PATCH 11/14] mm/hmm: move hmm_pfns_clear() closer to where it is use

From: Jérôme Glisse Move hmm_pfns_clear() closer to where it is use to make it clear it is not use by page table walkers. Signed-off-by: Jérôme Glisse Cc: Evgeny Baskakov Cc: Ralph Campbell Cc: Mark Hairgrove Cc: John Hubbard --- mm/hmm.c | 16 1 file changed, 8

[PATCH 10/14] mm/hmm: rename HMM_PFN_DEVICE_UNADDRESSABLE to HMM_PFN_DEVICE_PRIVATE

From: Jérôme Glisse Make naming consistent accross code, DEVICE_PRIVATE is the name use outside HMM code so use that one. Signed-off-by: Jérôme Glisse Cc: Evgeny Baskakov Cc: Ralph Campbell Cc: Mark Hairgrove

[PATCH 13/14] mm/hmm: change hmm_vma_fault() to allow write fault on page basis

From: Jérôme Glisse This change hmm_vma_fault() to not take a global write fault flag for a range but instead rely on caller to populate HMM pfns array with proper fault flag ie HMM_PFN_VALID if driver want read fault for that address or HMM_PFN_VALID and HMM_PFN_WRITE for

<    1   2   3   4   5   6   7   8   9   10   >