Re: [PATCH v3 3/4] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime

2019-10-07 Thread Daniel Axtens
Russell Currey writes: > Very rudimentary, just > > echo 1 > [debugfs]/check_wx_pages > > and check the kernel log. Useful for testing strict module RWX. I was very confused that this requires the boot-time testing to be enabled to appear in debugfs. Could you change the kconfig snippet

RE: [PATCH v4 11/11] misc: pci_endpoint_test: Add LS1088a in pci_device_id table

2019-10-07 Thread Xiaowei Bao
> -Original Message- > From: Andrew Murray > Sent: 2019年9月30日 22:57 > To: Xiaowei Bao > Cc: robh...@kernel.org; mark.rutl...@arm.com; shawn...@kernel.org; Leo > Li ; kis...@ti.com; lorenzo.pieral...@arm.com; M.h. > Lian ; Mingkai Hu ; Roy > Zang ; jingooh...@gmail.com; >

[PATCH v7 8/8] powerpc/ima: update ima arch policy to check for blacklist

2019-10-07 Thread Nayna Jain
This patch updates the arch specific policies for PowernV systems to add check against blacklisted binary hashes before doing the verification. Signed-off-by: Nayna Jain --- arch/powerpc/kernel/ima_arch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

[PATCH v7 7/8] ima: check against blacklisted hashes for files with modsig

2019-10-07 Thread Nayna Jain
Asymmetric private keys are used to sign multiple files. The kernel currently support checking against the blacklisted keys. However, if the public key is blacklisted, any file signed by the blacklisted key will automatically fail signature verification. We might not want to blacklist all the

[PATCH v7 6/8] certs: add wrapper function to check blacklisted binary hash

2019-10-07 Thread Nayna Jain
The existing is_hash_blacklisted() function returns -EKEYREJECTED error code for both the blacklisted keys and binaries. This patch adds a wrapper function is_binary_blacklisted() to check against binary hashes and returns -EPERM. Signed-off-by: Nayna Jain --- certs/blacklist.c | 9

[PATCH v7 5/8] ima: make process_buffer_measurement() generic

2019-10-07 Thread Nayna Jain
An additional measurement record is needed to indicate the blacklisted binary. The record will measure the blacklisted binary hash. This patch makes the function process_buffer_measurement() generic to be called by the blacklisting function. It modifies the function to handle more than just the

[PATCH v7 4/8] powerpc/ima: add measurement rules to ima arch specific policy

2019-10-07 Thread Nayna Jain
This patch adds the measurement rules to the arch specific policies on trusted boot enabled systems. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar --- arch/powerpc/kernel/ima_arch.c | 45 +++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git

[PATCH v7 3/8] powerpc: detect the trusted boot state of the system

2019-10-07 Thread Nayna Jain
PowerNV systems enables the IMA measurement rules only if the trusted boot is enabled on the system. This patch adds the function to detect if the system has trusted boot enabled. Signed-off-by: Nayna Jain --- arch/powerpc/include/asm/secure_boot.h | 6 + arch/powerpc/kernel/secure_boot.c

[PATCH v7 1/8] powerpc: detect the secure boot mode of the system

2019-10-07 Thread Nayna Jain
Secure boot on PowerNV defines different IMA policies based on the secure boot state of the system. This patch defines a function to detect the secure boot state of the system. The PPC_SECURE_BOOT config represents the base enablement of secureboot on POWER. Signed-off-by: Nayna Jain ---

[PATCH v7 2/8] powerpc: add support to initialize ima policy rules

2019-10-07 Thread Nayna Jain
PowerNV systems uses kernel based bootloader, thus its secure boot implementation uses kernel IMA security subsystem to verify the kernel before kexec. Since the verification policy might differ based on the secure boot mode of the system, the policies are defined at runtime. This patch

[PATCH v7 0/8] powerpc: Enabling IMA arch specific secure boot policies

2019-10-07 Thread Nayna Jain
This patchset extends the previous version of the patchset[1] by adding the support for checking against the binary blacklisted hashes. IMA subsystem supports custom, built-in, arch-specific policies to define the files to be measured and appraised. These policies are honored based on the

Re: [PATCH] powerpc/kvm: Fix kvmppc_vcore->in_guest value in kvmhv_switch_to_host

2019-10-07 Thread Alistair Popple
On Friday, 4 October 2019 12:53:17 PM AEDT Jordan Niethe wrote: > kvmhv_switch_to_host() in arch/powerpc/kvm/book3s_hv_rmhandlers.S needs > to set kvmppc_vcore->in_guest to 0 to signal secondary CPUs to continue. > This happens after resetting the PCR. Before commit 13c7bb3c57dc > ("powerpc/64s:

Re: [RESEND TRIVIAL 3/3] treewide: arch: Fix Kconfig indentation

2019-10-07 Thread Geert Uytterhoeven
On Fri, Oct 4, 2019 at 4:57 PM Krzysztof Kozlowski wrote: > Adjust indentation from spaces to tab (+optional two spaces) as in > coding style with command like: > $ sed -e 's/^/\t/' -i */Kconfig > > Signed-off-by: Krzysztof Kozlowski > arch/m68k/Kconfig.bus | 2 +-

[PATCH v11 06/22] powerpc: mm: Add p?d_leaf() definitions

2019-10-07 Thread Steven Price
walk_page_range() is going to be allowed to walk page tables other than those of user space. For this it needs to know when it has reached a 'leaf' entry in the page tables. This information is provided by the p?d_leaf() functions/macros. For powerpc pmd_large() already exists and does what we

Re: [PATCH V4 2/2] mm/pgtable/debug: Add test validating architecture page table helpers

2019-10-07 Thread Kirill A. Shutemov
On Mon, Oct 07, 2019 at 03:51:58PM +0200, Ingo Molnar wrote: > > * Kirill A. Shutemov wrote: > > > On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote: > > > > > > * Anshuman Khandual wrote: > > > > > > > This adds a test module which will validate architecture page table > > > >

Re: [PATCH V4 2/2] mm/pgtable/debug: Add test validating architecture page table helpers

2019-10-07 Thread Ingo Molnar
* Kirill A. Shutemov wrote: > On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote: > > > > * Anshuman Khandual wrote: > > > > > This adds a test module which will validate architecture page table > > > helpers > > > and accessors regarding compliance with generic MM semantics

Re: [PATCH V4 2/2] mm/pgtable/debug: Add test validating architecture page table helpers

2019-10-07 Thread Kirill A. Shutemov
On Mon, Oct 07, 2019 at 03:06:17PM +0200, Ingo Molnar wrote: > > * Anshuman Khandual wrote: > > > This adds a test module which will validate architecture page table helpers > > and accessors regarding compliance with generic MM semantics expectations. > > This will help various architectures

Re: [PATCH V4 2/2] mm/pgtable/debug: Add test validating architecture page table helpers

2019-10-07 Thread Ingo Molnar
* Anshuman Khandual wrote: > This adds a test module which will validate architecture page table helpers > and accessors regarding compliance with generic MM semantics expectations. > This will help various architectures in validating changes to the existing > page table helpers or addition of

Applied "ASoC: fsl_mqs: Fix error handling in probe" to the asoc tree

2019-10-07 Thread Mark Brown
The patch ASoC: fsl_mqs: Fix error handling in probe has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and

Applied "ASoC: fsl_mqs: remove set but not used variable 'bclk'" to the asoc tree

2019-10-07 Thread Mark Brown
The patch ASoC: fsl_mqs: remove set but not used variable 'bclk' has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24

Re: [PATCH v8 1/5] kasan: support backing vmalloc space with real shadow memory

2019-10-07 Thread Uladzislau Rezki
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index a3c70e275f4e..9fb7a16f42ae 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -690,8 +690,19 @@ merge_or_add_vmap_area(struct vmap_area *va, > struct list_head *next; > struct rb_node **link; > struct rb_node *parent; > +

Re: [PATCH v4 0/5] Powerpc/Watchpoint: Few important fixes

2019-10-07 Thread Ravi Bangoria
On 9/25/19 9:36 AM, Ravi Bangoria wrote: v3: https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-July/193339.html v3->v4: - Instead of considering exception as extraneous when dar is outside of user specified range, analyse the instruction and check for overlap between user