| Age | Commit message (Collapse) | Author |
|---|
|
linux-linaro-lsk-v3.14-android
* 'android-3.14' of ../../android/aosp:
wakeup: Add the guard condition for len in pm_get_active_wakeup_sources
mm: reorder can_do_mlock to fix audit denial
staging: ion: debugfs to shrink pool
selinux: Android kernel compatibility with M userspace
selinux: extended permissions for ioctls
security: add ioctl specific auditing to lsm_audit
selinux: remove unnecessary pointer reassignment
Revert "security: lsm_audit: add ioctl specific auditing"
Revert "SELinux: per-command whitelisting of ioctls"
Revert "SELinux: use deletion-safe iterator to free list"
Revert "SELinux: ss: Fix policy write for ioctl operations"
arm: mm: support ARCH_MMAP_RND_BITS.
mm: mmap: Add new /proc tunable for mmap_base ASLR.
uid_cputime: Check for the range while removing range of UIDs.
|
|
NOT intended for new Android devices - this commit is unnecessary
for a target device that does not have a previous M variant.
DO NOT upstream. Android only.
Motivation:
This commit mitigates a mismatch between selinux kernel and
selinux userspace. The selinux ioctl white-listing binary policy
format that was accepted into Android M differs slightly from what
was later accepted into the upstream kernel. This leaves Android
master branch kernels incompatible with Android M releases. This
patch restores backwards compatibility. This is important because:
1. kernels may be updated on a different cycle than the rest of the
OS e.g. security patching.
2. Android M bringup may still be ongoing for some devices. The
same kernel should work for both M and master.
Backwards compatibility is achieved by checking for an Android M
policy characteristic during initial policy read and converting to
upstream policy format. The inverse conversion is done for policy
write as required for CTS testing.
Bug: 22846070
Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
(cherry picked from commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a)
Add extended permissions logic to selinux. Extended permissions
provides additional permissions in 256 bit increments. Extend the
generic ioctl permission check to use the extended permissions for
per-command filtering. Source/target/class sets including the ioctl
permission may additionally include a set of commands. Example:
allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds
auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds
Where unpriv_app_socket_cmds and priv_gpu_cmds are macros
representing commonly granted sets of ioctl commands.
When ioctl commands are omitted only the permissions are checked.
This feature is intended to provide finer granularity for the ioctl
permission that may be too imprecise. For example, the same driver
may use ioctls to provide important and benign functionality such as
driver version or socket type as well as dangerous capabilities such
as debugging features, read/write/execute to physical memory or
access to sensitive data. Per-command filtering provides a mechanism
to reduce the attack surface of the kernel, and limit applications
to the subset of commands required.
The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format
change.
The extended permissions logic is deliberately generic to allow
components to be reused e.g. netlink filters
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I74ce041142b545288ededfac7ca9446975dcf2f5
|
|
(cherry pick from commit 671a2781ff01abf4fdc8904881fc3abd3a8279af)
Add information about ioctl calls to the LSM audit data. Log the
file path and command number.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I7e5450238fd99e320b3ce0caea699ccd48da2088
|
|
(cherry pick from commit 83d4a806ae46397f606de7376b831524bd3a21e5)
Commit f01e1af445fa ("selinux: don't pass in NULL avd to avc_has_perm_noaudit")
made this pointer reassignment unnecessary. Avd should continue to reference
the stack-based copy.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: tweaked subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I5c84a73efb6328b96bc4792125403d869d839bd5
|
|
This reverts commit 039cffc9e001f7842b7d8a4ce7c632f2cda2897d.
Bug: 22846070
Change-Id: I3f6adea49afdb858bc6d9f6aff531c04ce56115d
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
This reverts commit a33bad10e8ed54cbc74e7af1286d72359fde1114.
Bug: 22846070
Change-Id: I878a1b9a032156f75c08a508fe312bf8efdd8010
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
This reverts commit 9edb3fccaa78521133ec46678cc5b71d903353f7.
Bug: 22846070
Change-Id: I0c96a5b72f4c004f725344053c5f5a9268e8a114
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
This reverts commit 03e3404e522043dd487793a8e02042ecc09032da.
Bug: 22846070
Change-Id: I483399347867f54746f6b19bb953d077c61852c2
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
linux-linaro-lsk-v3.14-android
Conflicts:
drivers/staging/android/ion/ion_priv.h
Resolution: add/add conflict for include; misc whitespace conflicts
|
|
Use the ATTR_FILE attribute to distinguish between truncate()
and ftruncate() system calls. The two other cases where
do_truncate is called with a filp (and therefore ATTR_FILE is set)
are for coredump files and for open(O_TRUNC). In both of those cases
the open permission has already been checked during file open and
therefore does not need to be repeated.
Commit 95dbf739313f ("SELinux: check OPEN on truncate calls")
fixed a major issue where domains were allowed to truncate files
without the open permission. However, it introduced a new bug where
a domain with the write permission can no longer ftruncate files
without the open permission, even when they receive an already open
file.
(cherry picked from commit b21800f304392ee5d20f411c37470183cc779f11)
Bug: 22567870
Change-Id: I3cc600a5d2e343914e7a2ae1866998c7f6bb1a72
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
* linux-linaro-lsk-v3.14: (66 commits)
Linux 3.14.52
arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
SCSI: Fix NULL pointer dereference in runtime PM
arm64/mm: Remove hack in mmap randomize layout
crypto: caam - fix memory corruption in ahash_final_ctx
regmap: regcache-rbtree: Clean new present bits on present bitmap resize
libfc: Fix fc_fcp_cleanup_each_cmd()
libfc: Fix fc_exch_recv_req() error path
drm/vmwgfx: Fix execbuf locking issues
drm/radeon: add new OLAND pci id
EDAC, ppc4xx: Access mci->csrows array elements properly
localmodconfig: Use Kbuild files too
dm thin metadata: delete btrees when releasing metadata snapshot
perf: Fix PERF_EVENT_IOC_PERIOD migration race
perf: Fix fasync handling on inherited events
xen-blkfront: don't add indirect pages to list when !feature_persistent
mm/hwpoison: fix page refcount of unknown non LRU page
ipc/sem.c: update/correct memory barriers
ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits
arm64: el0_dbg does not set link reg for return to user path, breaks debug
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into linux-linaro-lsk-v3.14
This is the 3.14.52 stable release
* tag 'v3.14.52' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable: (64 commits)
Linux 3.14.52
arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
SCSI: Fix NULL pointer dereference in runtime PM
arm64/mm: Remove hack in mmap randomize layout
crypto: caam - fix memory corruption in ahash_final_ctx
regmap: regcache-rbtree: Clean new present bits on present bitmap resize
libfc: Fix fc_fcp_cleanup_each_cmd()
libfc: Fix fc_exch_recv_req() error path
drm/vmwgfx: Fix execbuf locking issues
drm/radeon: add new OLAND pci id
EDAC, ppc4xx: Access mci->csrows array elements properly
localmodconfig: Use Kbuild files too
dm thin metadata: delete btrees when releasing metadata snapshot
perf: Fix PERF_EVENT_IOC_PERIOD migration race
perf: Fix fasync handling on inherited events
xen-blkfront: don't add indirect pages to list when !feature_persistent
mm/hwpoison: fix page refcount of unknown non LRU page
ipc/sem.c: update/correct memory barriers
ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits
Linux 3.14.51
...
|
|
commit 4351c294b8c1028077280f761e158d167b592974 upstream.
The current "mask" policy option matches files opened as MAY_READ,
MAY_WRITE, MAY_APPEND or MAY_EXEC. This patch extends the "mask"
option to match files opened containing one of these modes. For
example, "mask=^MAY_READ" would match files opened read-write.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 139069eff7388407f19794384c42a534d618ccd7 upstream.
The new "euid" policy condition measures files with the specified
effective uid (euid). In addition, for CAP_SETUID files it measures
files with the specified uid or suid.
Changelog:
- fixed checkpatch.pl warnings
- fixed avc denied {setuid} messages - based on Roberto's feedback
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
* linux-linaro-lsk-v3.14: (126 commits)
Linux 3.14.49
MIPS: KVM: Do not sign extend on unsigned MMIO load
qla2xxx: Mark port lost when we receive an RSCN for it.
Fix firmware loader uevent buffer NULL pointer dereference
hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead
arm64: Don't report clear pmds and puds as huge
agp/intel: Fix typo in needs_ilk_vtd_wa()
rbd: use GFP_NOIO in rbd_obj_request_create()
9p: don't leave a half-initialized inode sitting around
9p: forgetting to cancel request on interrupted zero-copy RPC
SUNRPC: Fix a memory leak in the backchannel code
nfs: increase size of EXCHANGE_ID name string buffer
fixing infinite OPEN loop in 4.0 stateid recovery
NFS: Fix size of NFSACL SETACL operations
watchdog: omap: assert the counter being stopped before reprogramming
of: return NUMA_NO_NODE from fallback of_node_to_nid()
block: Do a full clone when splitting discard bios
USB: usbfs: allow URBs to be reaped after disconnection
dell-laptop: Fix allocating & freeing SMI buffer page
ideapad: fix software rfkill setting
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into linux-linaro-lsk-v3.14
This is the 3.14.49 stable release
* tag 'v3.14.49' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable: (126 commits)
Linux 3.14.49
MIPS: KVM: Do not sign extend on unsigned MMIO load
qla2xxx: Mark port lost when we receive an RSCN for it.
Fix firmware loader uevent buffer NULL pointer dereference
hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead
arm64: Don't report clear pmds and puds as huge
agp/intel: Fix typo in needs_ilk_vtd_wa()
rbd: use GFP_NOIO in rbd_obj_request_create()
9p: don't leave a half-initialized inode sitting around
9p: forgetting to cancel request on interrupted zero-copy RPC
SUNRPC: Fix a memory leak in the backchannel code
nfs: increase size of EXCHANGE_ID name string buffer
fixing infinite OPEN loop in 4.0 stateid recovery
NFS: Fix size of NFSACL SETACL operations
watchdog: omap: assert the counter being stopped before reprogramming
of: return NUMA_NO_NODE from fallback of_node_to_nid()
block: Do a full clone when splitting discard bios
USB: usbfs: allow URBs to be reaped after disconnection
dell-laptop: Fix allocating & freeing SMI buffer page
ideapad: fix software rfkill setting
...
|
|
commit 5101a1850bb7ccbf107929dee9af0cd2f400940f upstream.
To prevent offline stripping of existing file xattrs and relabeling of
them at runtime, EVM allows only newly created files to be labeled. As
pseudo filesystems are not persistent, stripping of xattrs is not a
concern.
Some LSMs defer file labeling on pseudo filesystems. This patch
permits the labeling of existing files on pseudo files systems.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 45b26133b97871896b8c5241d59f4ff7839db7b2 upstream.
This patch fixes a bug introduced in "4d7aeee ima: define new template
ima-ng and template fields d-ng and n-ng".
Changelog:
- change int to uint32 (Roberto Sassu's suggestion)
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 upstream.
__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().
The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Conflicts:
fs/exec.c
Solutions:
follow commit d221244a7
sched: move no_new_privs into new atomic flags
to use task_no_new_privs(current).
|
|
git://android.git.linaro.org/kernel/linaro-android into linux-linaro-lsk-v3.14-android
* 'linaro-android-3.14-lsk' of git://android.git.linaro.org/kernel/linaro-android:
fix: align closely to AOSP.
sched: cpufreq: update power usage only if cpufreq_stat is enabled
uid_cputime: Extends the cputime functionality to report power per uid
sched: cpufreq: Adds a field cpu_power in the task_struct
cpufreq_stats: Adds the fucntionality to load current values for each frequency for all the cores.
New Build Breakage in branch: kernel-m-dev-tegra-flounder-3.10 @ 1960706
net/unix: sk_socket can disappear when state is unlocked
selinux: enable genfscon labeling for sysfs and pstore files
ext4: don't save the error information if the block device is read-only
selinux: enable per-file labeling for debugfs files.
cpufreq: interactive: Rearm governor timer at max freq
cpufreq: interactive: Implement cluster-based min_sample_time
cpufreq: interactive: Exercise hispeed settings at a policy level
suspend: Return error when pending wakeup source is found.
proc: uid_cputime: fix show_uid_stat permission
nf: IDLETIMER: Fix broken uid field in the msg
|
|
Support per-file labeling of sysfs and pstore files based on
genfscon policy entries. This is safe because the sysfs
and pstore directory tree cannot be manipulated by userspace,
except to unlink pstore entries.
This provides an alternative method of assigning per-file labeling
to sysfs or pstore files without needing to set the labels from
userspace on each boot. The advantages of this approach are that
the labels are assigned as soon as the dentry is first instantiated
and userspace does not need to walk the sysfs or pstore tree and
set the labels on each boot. The limitations of this approach are
that the labels can only be assigned based on pathname prefix matching.
You can initially assign labels using this mechanism and then change
them at runtime via setxattr if allowed to do so by policy.
Change-Id: If5999785fdc1d24d869b23ae35cd302311e94562
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Suggested-by: Dominick Grift <dac.override@gmail.com>
|
|
upstream commit 6f29997f4a3117169eeabd41dbea4c1bd94a739c
Add support for per-file labeling of debugfs files so that
we can distinguish them in policy. This is particularly
important in Android where certain debugfs files have to be writable
by apps and therefore the debugfs directory tree can be read and
searched by all.
Since debugfs is entirely kernel-generated, the directory tree is
immutable by userspace, and the inodes are pinned in memory, we can
simply use the same approach as with proc and label the inodes from
policy based on pathname from the root of the debugfs filesystem.
Generalize the existing labeling support used for proc and reuse it
for debugfs too.
Change-Id: I6460fbed6bb6bd36eb8554ac8c4fdd574edf3b07
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
git://android.git.linaro.org/kernel/linaro-android into linux-linaro-lsk-v3.14-android
* 'linaro-android-3.14-lsk' of git://android.git.linaro.org/kernel/linaro-android:
nf: IDLETIMER: Fix broken uid field in the msg
ipv4: Missing sk_nulls_node_init() in ping_unhash().
cpufreq: interactive: Round up timer_rate to match jiffy
cpufreq: interactive: Don't set floor_validate_time during boost
SELinux: ss: Fix policy write for ioctl operations
nf: IDLETIMER: Adds the uid field in the msg
android: configs: Enable SELinux and its dependencies.
SELinux: use deletion-safe iterator to free list
subsystem: CPU FREQUENCY DRIVERS- Set cpu_load calculation on current frequency
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into linux-linaro-lsk-v3.14
|
|
Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.
Bug: 20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)
|
|
commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.
move d_rcu from overlapping d_child to overlapping d_alias
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ben Hutchings <ben@decadent.org.uk>
[hujianyang: Backported to 3.14 refer to the work of Ben Hutchings in 3.2:
- Apply name changes in all the different places we use d_alias and d_child
- Move the WARN_ON() in __d_free() to d_free() as we don't have dentry_free()]
Signed-off-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This code is not exercised by policy version 26, but will be upon
upgrade to policy version 30.
Bug: 18087110
Change-Id: I07c6f34607713294a6a12c43a64d9936f0602200
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
|
|
This is the 3.14.39 stable release
|
|
commit 6436a123a147db51a0b06024a8350f4c230e73ff upstream.
Return a negative error value like the rest of the entries in this function.
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: tweaked subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Conflicts:
arch/x86/syscalls/syscall_64.tbl
|
|
Commit 7177a9c4b509 ("fs: call rename2 if exists") changed
"struct inode_operations"->rename == NULL if
"struct inode_operations"->rename2 != NULL .
TOMOYO needs to check for both ->rename and ->rename2 , or
a system on (e.g.) ext4 filesystem won't boot.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
(cherry picked from commit 8fe7a268b18ebc89203c766b020b9e32f1cfeebf)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 627bf81ac625f05060db033a0f3791521ad7bd79)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
|
|
If flags contain RENAME_EXCHANGE then exchange source and destination files.
There's no restriction on the type of the files; e.g. a directory can be
exchanged with a symlink.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
(cherry picked from commit da1ce0670c14d8380e423a3239e562a1dc15fa9e)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
|
|
Add flags to security_path_rename() and security_inode_rename() hooks.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
(cherry picked from commit 0b3974eb04c4874e85fa1d4fc70450d12f28611d)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
|
|
git://android.git.linaro.org/kernel/linaro-android into linux-linaro-lsk-v3.14-android
|
|
Extend the generic ioctl permission check with support for per-command
filtering. Source/target/class sets including the ioctl permission may
additionally include a set of commands. Example:
allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 }
auditallow <source> <target>:<class> 0x892A
When ioctl commands are omitted only the permissions are checked. This
feature is intended to provide finer granularity for the ioctl
permission which may be too imprecise in some circumstances. For
example, the same driver may use ioctls to provide important and
benign functionality such as driver version or socket type as well as
dangerous capabilities such as debugging features, read/write/execute
to physical memory or access to sensitive data. Per-command filtering
provides a mechanism to reduce the attack surface of the kernel, and
limit applications to the subset of commands required.
The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change.
Bug: 18087110
Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
Add information about ioctl calls to the LSM audit data. Log the
file path and command number.
Bug: 18087110
Change-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
|
|
commit bd2cba07381a6dba60bc1c87ed8b37931d244da1 upstream (net-next).
This command is missing.
Change-Id: Ida52130382e42355e5f3b39134aa61a1ea98026d
Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink")
CC: Martin Willi <martin@strongswan.org>
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit 8d465bb777179c4bea731b828ec484088cc9fbc1 upstream (net-next).
This command is missing.
Change-Id: Id2c9344ca1ab2c96e0b758ad1efb38e16cf23b86
Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit b0b59b0056acd6f157a04cc895f7e24692fb08aa upstream (net-next).
This command is missing.
Change-Id: I8fa3b1b9815296d3b001244d2212f79f5654bd01
Fixes: 97a64b4577ae ("[XFRM]: Introduce XFRM_MSG_REPORT.")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit 5b5800fad072133e4a9c2efbf735baaac83dec86 upstream (net-next).
These commands are missing.
Change-Id: I3fd1d3d700592c653e1a5c5199125805d55aaa95
Fixes: 28d8909bc790 ("[XFRM]: Export SAD info.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit 5e6deebafb45fb271ae6939d48832e920b8fb74e upstream (net-next).
This command is missing.
Change-Id: Id0a0d9bf7a4af98a8f761fec902d1296138a911f
Fixes: ecfd6b183780 ("[XFRM]: Export SPD info")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit 2b7834d3e1b828429faa5dc41a480919e52d3f31 upstream (net-next).
This new command is missing.
Change-Id: If511000c19aa9af7220ff775d88ace9834b35dcb
Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
* linaro-android-3.14-lsk: (52 commits)
xt_qtaguid: use sock_gen_put() instead of xt_socket_put_sk()
android: base-cfg: enable ARMV8_DEPRECATED and subfeatures
arm64: kconfig: move emulation option under kernel features
kbuild: make it possible to specify the module output dir
arm64: Emulate SETEND for AArch32 tasks
arm64: Consolidate hotplug notifier for instruction emulation
arm64: kernel: explicitly add include in armv8_deprecated
arm64: Track system support for mixed endian EL0
arm64: Fix up /proc/cpuinfo
arm64: cpuinfo: record cpu system register values
arm64: add MIDR_EL1 field accessors
arm64: fix return code check when changing emulation handler
arm64: Trace emulation of AArch32 legacy instructions
arm64: Emulate CP15 Barrier instructions
arm64: barriers: add dmb barrier
arm64: Port SWP/SWPB emulation support from arm
arm64: Add framework for legacy instruction emulation
arm64: Add AArch32 instruction set condition code checks
arm64: Add support for hooks to handle undefined instructions
arm64: kernel: Explicitly add include in traps.c
...
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Conflicts:
arch/arm64/include/asm/barrier.h
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/insn.h
arch/arm64/kernel/Makefile
arch/arm64/kernel/setup.c
|
|
|
|
commit a3a8784454692dd72e5d5d34dcdab17b4420e74c upstream.
When a key is being garbage collected, it's key->user would get put before
the ->destroy() callback is called, where the key is removed from it's
respective tracking structures.
This leaves a key hanging in a semi-invalid state which leaves a window open
for a different task to try an access key->user. An example is
find_keyring_by_name() which would dereference key->user for a key that is
in the process of being garbage collected (where key->user was freed but
->destroy() wasn't called yet - so it's still present in the linked list).
This would cause either a panic, or corrupt memory.
Fixes CVE-2014-9529.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Commit 899838b25f063a94594b1df6e0100aea1ec57fac eliminated the need
to initialize selinux_audit_data except in the slow path, when it is
handled by slow_avc_audit(). That commit removed all other initializations
of selinux_audit_data but this one remained since the binder security
hooks are not yet upstream (posted them to linux-kernel today).
Change-Id: I735e4500cde23275686cb3208068cbf8dd7bccd7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
