1. 30 Mar, 2019 1 commit
  2. 25 Mar, 2019 3 commits
  3. 22 Mar, 2019 1 commit
  4. 21 Mar, 2019 7 commits
    • Ondrej Mosnacek's avatar
      kernfs: initialize security of newly created nodes · e19dfdc8
      Ondrej Mosnacek authored
      Use the new security_kernfs_init_security() hook to allow LSMs to
      possibly assign a non-default security context to a newly created kernfs
      node based on the attributes of the new node and also its parent node.
      
      This fixes an issue with cgroupfs under SELinux, where newly created
      cgroup subdirectories/files would not inherit its parent's context if
      it had been set explicitly to a non-default value (other than the genfs
      context specified by the policy). This can be reproduced as follows (on
      Fedora/RHEL):
      
          # mkdir /sys/fs/cgroup/unified/test
          # # Need permissive to change the label under Fedora policy:
          # setenforce 0
          # chcon -t container_file_t /sys/fs/cgroup/unified/test
          # ls -lZ /sys/fs/cgroup/unified
          total 0
          -r--r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.controllers
          -rw-r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.max.depth
          -rw-r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.max.descendants
          -rw-r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.procs
          -r--r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.stat
          -rw-r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.subtree_control
          -rw-r--r--.  1 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 cgroup.threads
          drwxr-xr-x.  2 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 init.scope
          drwxr-xr-x. 26 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:21 system.slice
          drwxr-xr-x.  3 root root system_u:object_r:container_file_t:s0 0 Jan 29 03:15 test
          drwxr-xr-x.  3 root root system_u:object_r:cgroup_t:s0         0 Jan 29 03:06 user.slice
          # mkdir /sys/fs/cgroup/unified/test/subdir
      
      Actual result:
      
          # ls -ldZ /sys/fs/cgroup/unified/test/subdir
          drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:s0 0 Jan 29 03:15 /sys/fs/cgroup/unified/test/subdir
      
      Expected result:
      
          # ls -ldZ /sys/fs/cgroup/unified/test/subdir
          drwxr-xr-x. 2 root root unconfined_u:object_r:container_file_t:s0 0 Jan 29 03:15 /sys/fs/cgroup/unified/test/subdir
      
      Link: https://github.com/SELinuxProject/selinux-kernel/issues/39Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e19dfdc8
    • Ondrej Mosnacek's avatar
      selinux: implement the kernfs_init_security hook · ec882da5
      Ondrej Mosnacek authored
      The hook applies the same logic as selinux_determine_inode_label(), with
      the exception of the super_block handling, which will be enforced on the
      actual inodes later by other hooks.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      [PM: minor merge fixes]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      ec882da5
    • Ondrej Mosnacek's avatar
      LSM: add new hook for kernfs node initialization · b230d5ab
      Ondrej Mosnacek authored
      This patch introduces a new security hook that is intended for
      initializing the security data for newly created kernfs nodes, which
      provide a way of storing a non-default security context, but need to
      operate independently from mounts (and therefore may not have an
      associated inode at the moment of creation).
      
      The main motivation is to allow kernfs nodes to inherit the context of
      the parent under SELinux, similar to the behavior of
      security_inode_init_security(). Other LSMs may implement their own logic
      for handling the creation of new nodes.
      
      This patch also adds helper functions to <linux/kernfs.h> for
      getting/setting security xattrs of a kernfs node so that LSMs hooks are
      able to do their job. Other important attributes should be accessible
      direcly in the kernfs_node fields (in case there is need for more, then
      new helpers should be added to kernfs.h along with the patch that needs
      them).
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      [PM: more manual merge fixes]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      b230d5ab
    • Ondrej Mosnacek's avatar
      kernfs: use simple_xattrs for security attributes · 0ac6075a
      Ondrej Mosnacek authored
      Replace the special handling of security xattrs with simple_xattrs, as
      is already done for the trusted xattrs. This simplifies the code and
      allows LSMs to use more than just a single xattr to do their business.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      [PM: manual merge fixes]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      0ac6075a
    • Ondrej Mosnacek's avatar
      selinux: try security xattr after genfs for kernfs filesystems · b754026b
      Ondrej Mosnacek authored
      Since kernfs supports the security xattr handlers, we can simply use
      these to determine the inode's context, dropping the need to update it
      from kernfs explicitly using a security_inode_notifysecctx() call.
      
      We achieve this by setting a new sbsec flag SE_SBGENFS_XATTR to all
      mounts that are known to use kernfs under the hood and then fetching the
      xattrs after determining the fallback genfs sid in
      inode_doinit_with_dentry() when this flag is set.
      
      This will allow implementing full security xattr support in kernfs and
      removing the ...notifysecctx() call in a subsequent patch.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      [PM: more manual merge fixups]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      b754026b
    • Ondrej Mosnacek's avatar
      kernfs: do not alloc iattrs in kernfs_xattr_get · d0c9c153
      Ondrej Mosnacek authored
      This is a read-only operation, so we can simply return -ENODATA if
      kn->iattr is NULL.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      [PM: minor merge fixes]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      d0c9c153
    • Ondrej Mosnacek's avatar
      kernfs: clean up struct kernfs_iattrs · 05895219
      Ondrej Mosnacek authored
      Right now, kernfs_iattrs embeds the whole struct iattr, even though it
      doesn't really use half of its fields... This both leads to wasting
      space and makes the code look awkward. Let's just list the few fields
      we need directly in struct kernfs_iattrs.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      [PM: merged a number of chunks manually due to fuzz]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      05895219
  5. 19 Mar, 2019 1 commit
  6. 18 Mar, 2019 2 commits
    • Paulo Alcantara's avatar
      selinux: use kernel linux/socket.h for genheaders and mdp · ff1bf4c0
      Paulo Alcantara authored
      When compiling genheaders and mdp from a newer host kernel, the
      following error happens:
      
          In file included from scripts/selinux/genheaders/genheaders.c:18:
          ./security/selinux/include/classmap.h:238:2: error: #error New
          address family defined, please update secclass_map.  #error New
          address family defined, please update secclass_map.  ^~~~~
          make[3]: *** [scripts/Makefile.host:107:
          scripts/selinux/genheaders/genheaders] Error 1 make[2]: ***
          [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2
          make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2
          make[1]: *** Waiting for unfinished jobs....
      
      Instead of relying on the host definition, include linux/socket.h in
      classmap.h to have PF_MAX.
      Signed-off-by: default avatarPaulo Alcantara <paulo@paulo.ac>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      [PM: manually merge in mdp.c, subject line tweaks]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      ff1bf4c0
    • Stephen Smalley's avatar
      scripts/selinux: modernize mdp · e37c1877
      Stephen Smalley authored
      Derived in part from a patch by Dominick Grift.
      
      The MDP example no longer works on modern systems.  Fix it.
      While we are at it, add MLS support and enable it.
      
      NB This still does not work on systems using dbus-daemon instead of
      dbus-broker because dbus-daemon does not yet gracefully handle unknown
      classes/permissions.  This appears to be a deficiency in libselinux's
      selinux_set_mapping() interface and underlying implementation,
      which was never fully updated to deal with unknown classes/permissions
      unlike the kernel.  The same problem also occurs with XSELinux.
      Programs that instead use selinux_check_access() like dbus-broker
      should not have this problem.
      
      Changes to mdp:
      Add support for devtmpfs, required by modern Linux distributions.
      Add MLS support, with sample sensitivities, categories, and constraints.
      Generate fs_use and genfscon rules based on kernel configuration.
      Update list of filesystem types for fs_use and genfscon rules.
      Use object_r for object contexts.
      
      Changes to install_policy.sh:
      Bail immediately on any errors.
      Provide more helpful error messages when unable to find userspace tools.
      Refuse to run if SELinux is already enabled.
      Unconditionally move aside /etc/selinux/config and create a new one.
      Build policy with -U allow so that userspace object managers do not break.
      Build policy with MLS enabled by default.
      Create seusers, failsafe_context, and default_contexts for use by
      pam_selinux / libselinux.
      Create x_contexts for the SELinux X extension.
      Create virtual_domain_context and virtual_image_context for libvirtd.
      Set to permissive mode rather than enforcing to permit initial autorelabel.
      Update the list of filesystem types to be relabeled.
      Write -F to /.autorelabel to cause a forced autorelabel on reboot.
      Drop broken attempt to relabel the /dev mountpoint directory.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: default avatarDominick Grift <dominick.grift@defensec.nl>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e37c1877
  7. 17 Mar, 2019 14 commits
  8. 16 Mar, 2019 9 commits
    • Linus Torvalds's avatar
      Merge tag 'pidfd-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux · a9dce667
      Linus Torvalds authored
      Pull pidfd system call from Christian Brauner:
       "This introduces the ability to use file descriptors from /proc/<pid>/
        as stable handles on struct pid. Even if a pid is recycled the handle
        will not change. For a start these fds can be used to send signals to
        the processes they refer to.
      
        With the ability to use /proc/<pid> fds as stable handles on struct
        pid we can fix a long-standing issue where after a process has exited
        its pid can be reused by another process. If a caller sends a signal
        to a reused pid it will end up signaling the wrong process.
      
        With this patchset we enable a variety of use cases. One obvious
        example is that we can now safely delegate an important part of
        process management - sending signals - to processes other than the
        parent of a given process by sending file descriptors around via scm
        rights and not fearing that the given process will have been recycled
        in the meantime. It also allows for easy testing whether a given
        process is still alive or not by sending signal 0 to a pidfd which is
        quite handy.
      
        There has been some interest in this feature e.g. from systems
        management (systemd, glibc) and container managers. I have requested
        and gotten comments from glibc to make sure that this syscall is
        suitable for their needs as well. In the future I expect it to take on
        most other pid-based signal syscalls. But such features are left for
        the future once they are needed.
      
        This has been sitting in linux-next for quite a while and has not
        caused any issues. It comes with selftests which verify basic
        functionality and also test that a recycled pid cannot be signaled via
        a pidfd.
      
        Jon has written about a prior version of this patchset. It should
        cover the basic functionality since not a lot has changed since then:
      
            https://lwn.net/Articles/773459/
      
        The commit message for the syscall itself is extensively documenting
        the syscall, including it's functionality and extensibility"
      
      * tag 'pidfd-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
        selftests: add tests for pidfd_send_signal()
        signal: add pidfd_send_signal() syscall
      a9dce667
    • Linus Torvalds's avatar
      Merge tag 'devdax-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · f67e3fb4
      Linus Torvalds authored
      Pull device-dax updates from Dan Williams:
       "New device-dax infrastructure to allow persistent memory and other
        "reserved" / performance differentiated memories, to be assigned to
        the core-mm as "System RAM".
      
        Some users want to use persistent memory as additional volatile
        memory. They are willing to cope with potential performance
        differences, for example between DRAM and 3D Xpoint, and want to use
        typical Linux memory management apis rather than a userspace memory
        allocator layered over an mmap() of a dax file. The administration
        model is to decide how much Persistent Memory (pmem) to use as System
        RAM, create a device-dax-mode namespace of that size, and then assign
        it to the core-mm. The rationale for device-dax is that it is a
        generic memory-mapping driver that can be layered over any "special
        purpose" memory, not just pmem. On subsequent boots udev rules can be
        used to restore the memory assignment.
      
        One implication of using pmem as RAM is that mlock() no longer keeps
        data off persistent media. For this reason it is recommended to enable
        NVDIMM Security (previously merged for 5.0) to encrypt pmem contents
        at rest. We considered making this recommendation an actively enforced
        requirement, but in the end decided to leave it as a distribution /
        administrator policy to allow for emulation and test environments that
        lack security capable NVDIMMs.
      
        Summary:
      
         - Replace the /sys/class/dax device model with /sys/bus/dax, and
           include a compat driver so distributions can opt-in to the new ABI.
      
         - Allow for an alternative driver for the device-dax address-range
      
         - Introduce the 'kmem' driver to hotplug / assign a device-dax
           address-range to the core-mm.
      
         - Arrange for the device-dax target-node to be onlined so that the
           newly added memory range can be uniquely referenced by numa apis"
      
      NOTE! I'm not entirely happy with the whole "PMEM as RAM" model because
      we currently have special - and very annoying rules in the kernel about
      accessing PMEM only with the "MC safe" accessors, because machine checks
      inside the regular repeat string copy functions can be fatal in some
      (not described) circumstances.
      
      And apparently the PMEM modules can cause that a lot more than regular
      RAM.  The argument is that this happens because PMEM doesn't necessarily
      get scrubbed at boot like RAM does, but that is planned to be added for
      the user space tooling.
      
      Quoting Dan from another email:
       "The exposure can be reduced in the volatile-RAM case by scanning for
        and clearing errors before it is onlined as RAM. The userspace tooling
        for that can be in place before v5.1-final. There's also runtime
        notifications of errors via acpi_nfit_uc_error_notify() from
        background scrubbers on the DIMM devices. With that mechanism the
        kernel could proactively clear newly discovered poison in the volatile
        case, but that would be additional development more suitable for v5.2.
      
        I understand the concern, and the need to highlight this issue by
        tapping the brakes on feature development, but I don't see PMEM as RAM
        making the situation worse when the exposure is also there via DAX in
        the PMEM case. Volatile-RAM is arguably a safer use case since it's
        possible to repair pages where the persistent case needs active
        application coordination"
      
      * tag 'devdax-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        device-dax: "Hotplug" persistent memory for use like normal RAM
        mm/resource: Let walk_system_ram_range() search child resources
        mm/memory-hotplug: Allow memory resources to be children
        mm/resource: Move HMM pr_debug() deeper into resource code
        mm/resource: Return real error codes from walk failures
        device-dax: Add a 'modalias' attribute to DAX 'bus' devices
        device-dax: Add a 'target_node' attribute
        device-dax: Auto-bind device after successful new_id
        acpi/nfit, device-dax: Identify differentiated memory with a unique numa-node
        device-dax: Add /sys/class/dax backwards compatibility
        device-dax: Add support for a dax override driver
        device-dax: Move resource pinning+mapping into the common driver
        device-dax: Introduce bus + driver model
        device-dax: Start defining a dax bus model
        device-dax: Remove multi-resource infrastructure
        device-dax: Kill dax_region base
        device-dax: Kill dax_region ida
      f67e3fb4
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 477558d7
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "This is the final round of mostly small fixes and performance
        improvements to our initial submit.
      
        The main regression fix is the ia64 simscsi build failure which was
        missed in the serial number elimination conversion"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (24 commits)
        scsi: ia64: simscsi: use request tag instead of serial_number
        scsi: aacraid: Fix performance issue on logical drives
        scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup()
        scsi: libiscsi: Hold back_lock when calling iscsi_complete_task
        scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink
        scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port
        scsi: hisi_sas: Set PHY linkrate when disconnected
        scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw
        scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
        scsi: hisi_sas: Change return variable type in phy_up_v3_hw()
        scsi: qla2xxx: check for kstrtol() failure
        scsi: lpfc: fix 32-bit format string warning
        scsi: lpfc: fix unused variable warning
        scsi: target: tcmu: Switch to bitmap_zalloc()
        scsi: libiscsi: fall back to sendmsg for slab pages
        scsi: qla2xxx: avoid printf format warning
        scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset
        scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check
        scsi: ufs: hisi: fix ufs_hba_variant_ops passing
        scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show
        ...
      477558d7
    • Linus Torvalds's avatar
      Merge tag 'for-5.1/block-post-20190315' of git://git.kernel.dk/linux-block · 11efae35
      Linus Torvalds authored
      Pull more block layer changes from Jens Axboe:
       "This is a collection of both stragglers, and fixes that came in after
        I finalized the initial pull. This contains:
      
         - An MD pull request from Song, with a few minor fixes
      
         - Set of NVMe patches via Christoph
      
         - Pull request from Konrad, with a few fixes for xen/blkback
      
         - pblk fix IO calculation fix (Javier)
      
         - Segment calculation fix for pass-through (Ming)
      
         - Fallthrough annotation for blkcg (Mathieu)"
      
      * tag 'for-5.1/block-post-20190315' of git://git.kernel.dk/linux-block: (25 commits)
        blkcg: annotate implicit fall through
        nvme-tcp: support C2HData with SUCCESS flag
        nvmet: ignore EOPNOTSUPP for discard
        nvme: add proper write zeroes setup for the multipath device
        nvme: add proper discard setup for the multipath device
        nvme: remove nvme_ns_config_oncs
        nvme: disable Write Zeroes for qemu controllers
        nvmet-fc: bring Disconnect into compliance with FC-NVME spec
        nvmet-fc: fix issues with targetport assoc_list list walking
        nvme-fc: reject reconnect if io queue count is reduced to zero
        nvme-fc: fix numa_node when dev is null
        nvme-fc: use nr_phys_segments to determine existence of sgl
        nvme-loop: init nvmet_ctrl fatal_err_work when allocate
        nvme: update comment to make the code easier to read
        nvme: put ns_head ref if namespace fails allocation
        nvme-trace: fix cdw10 buffer overrun
        nvme: don't warn on block content change effects
        nvme: add get-feature to admin cmds tracer
        md: Fix failed allocation of md_register_thread
        It's wrong to add len to sector_nr in raid10 reshape twice
        ...
      11efae35
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.1-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 465c209d
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Bugfixes:
         - Fix an Oops in SUNRPC back channel tracepoints
         - Fix a SUNRPC client regression when handling oversized replies
         - Fix the minimal size for SUNRPC reply buffer allocation
         - rpc_decode_header() must always return a non-zero value on error
         - Fix a typo in pnfs_update_layout()
      
        Cleanup:
         - Remove redundant check for the reply length in call_decode()"
      
      * tag 'nfs-for-5.1-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        SUNRPC: Remove redundant check for the reply length in call_decode()
        SUNRPC: Handle the SYSTEM_ERR rpc error
        SUNRPC: rpc_decode_header() must always return a non-zero value on error
        SUNRPC: Use the ENOTCONN error on socket disconnect
        SUNRPC: Fix the minimal size for reply buffer allocation
        SUNRPC: Fix a client regression when handling oversized replies
        pNFS: Fix a typo in pnfs_update_layout
        fix null pointer deref in tracepoints in back channel
      465c209d
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · a9c55d58
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "One fix to prevent runtime allocation of 16GB pages when running in a
        VM (as opposed to bare metal), because it doesn't work.
      
        A small fix to our recently added KCOV support to exempt some more
        code from being instrumented.
      
        Plus a few minor build fixes, a small dead code removal and a
        defconfig update.
      
        Thanks to: Alexey Kardashevskiy, Aneesh Kumar K.V, Christophe Leroy,
        Jason Yan, Joel Stanley, Mahesh Salgaonkar, Mathieu Malaterre"
      
      * tag 'powerpc-5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s: Include <asm/nmi.h> header file to fix a warning
        powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS
        powerpc/mm: Disable kcov for SLB routines
        powerpc: remove dead code in head_fsl_booke.S
        powerpc/configs: Sync skiroot defconfig
        powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
      a9c55d58
    • Linus Torvalds's avatar
      Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 92497350
      Linus Torvalds authored
      Pull vfs mount infrastructure fix from Al Viro:
       "Fixup for sysfs braino.
      
        Capabilities checks for sysfs mount do include those on netns, but
        only if CONFIG_NET_NS is enabled. Sorry, should've caught that
        earlier..."
      
      * 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fix sysfs_init_fs_context() in !CONFIG_NET_NS case
      92497350
    • Al Viro's avatar
      fix sysfs_init_fs_context() in !CONFIG_NET_NS case · ab81dabd
      Al Viro authored
      Permission checks on current's netns should be done only when
      netns are enabled.
      Reported-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Fixes: 23bf1b6bSigned-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      ab81dabd
    • Linus Torvalds's avatar
      Merge tag '5.1-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6 · 9c7dc824
      Linus Torvalds authored
      Pull more smb3 updates from Steve French:
       "Various tracing and debugging improvements, crediting fixes, some
        cleanup, and important fallocate fix (fixes three xfstests) and lock
        fix.
      
        Summary:
      
         - Various additional dynamic tracing tracepoints
      
         - Debugging improvements (including ability to query the server via
           SMB3 fsctl from userspace tools which can help with stats and
           debugging)
      
         - One minor performance improvement (root directory inode caching)
      
         - Crediting (SMB3 flow control) fixes
      
         - Some cleanup (docs and to mknod)
      
         - Important fixes: one to smb3 implementation of fallocate zero range
           (which fixes three xfstests) and a POSIX lock fix"
      
      * tag '5.1-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6: (22 commits)
        CIFS: fix POSIX lock leak and invalid ptr deref
        SMB3: Allow SMB3 FSCTL queries to be sent to server from tools
        cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc
        smb2: fix typo in definition of a few error flags
        CIFS: make mknod() an smb_version_op
        cifs: minor documentation updates
        cifs: remove unused value pointed out by Coverity
        SMB3: passthru query info doesn't check for SMB3 FSCTL passthru
        smb3: add dynamic tracepoints for simple fallocate and zero range
        cifs: fix smb3_zero_range so it can expand the file-size when required
        cifs: add SMB2_ioctl_init/free helpers to be used with compounding
        smb3: Add dynamic trace points for various compounded smb3 ops
        cifs: cache FILE_ALL_INFO for the shared root handle
        smb3: display volume serial number for shares in /proc/fs/cifs/DebugData
        cifs: simplify how we handle credits in compound_send_recv()
        smb3: add dynamic tracepoint for timeout waiting for credits
        smb3: display security information in /proc/fs/cifs/DebugData more accurately
        cifs: add a timeout argument to wait_for_free_credits
        cifs: prevent starvation in wait_for_free_credits for multi-credit requests
        cifs: wait_for_free_credits() make it possible to wait for >=1 credits
        ...
      9c7dc824
  9. 15 Mar, 2019 2 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml · 6c83d0d5
      Linus Torvalds authored
      Pull UML updates from Richard Weinberger:
       "Bugfix for the UML block device driver"
      
      * 'for-linus-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
        um: Fix for a possible OOPS in ubd initialization
        um: Remove duplicated include from vector_user.c
      6c83d0d5
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 636deed6
      Linus Torvalds authored
      Pull KVM updates from Paolo Bonzini:
       "ARM:
         - some cleanups
         - direct physical timer assignment
         - cache sanitization for 32-bit guests
      
        s390:
         - interrupt cleanup
         - introduction of the Guest Information Block
         - preparation for processor subfunctions in cpu models
      
        PPC:
         - bug fixes and improvements, especially related to machine checks
           and protection keys
      
        x86:
         - many, many cleanups, including removing a bunch of MMU code for
           unnecessary optimizations
         - AVIC fixes
      
        Generic:
         - memcg accounting"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (147 commits)
        kvm: vmx: fix formatting of a comment
        KVM: doc: Document the life cycle of a VM and its resources
        MAINTAINERS: Add KVM selftests to existing KVM entry
        Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
        KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()
        KVM: PPC: Fix compilation when KVM is not enabled
        KVM: Minor cleanups for kvm_main.c
        KVM: s390: add debug logging for cpu model subfunctions
        KVM: s390: implement subfunction processor calls
        arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
        KVM: arm/arm64: Remove unused timer variable
        KVM: PPC: Book3S: Improve KVM reference counting
        KVM: PPC: Book3S HV: Fix build failure without IOMMU support
        Revert "KVM: Eliminate extra function calls in kvm_get_dirty_log_protect()"
        x86: kvmguest: use TSC clocksource if invariant TSC is exposed
        KVM: Never start grow vCPU halt_poll_ns from value below halt_poll_ns_grow_start
        KVM: Expose the initial start value in grow_halt_poll_ns() as a module parameter
        KVM: grow_halt_poll_ns() should never shrink vCPU halt_poll_ns
        KVM: x86/mmu: Consolidate kvm_mmu_zap_all() and kvm_mmu_zap_mmio_sptes()
        KVM: x86/mmu: WARN if zapping a MMIO spte results in zapping children
        ...
      636deed6