This patch fixes the detection of the 'open_writers' violation for mmaped
files.
before) an 'open_writers' violation is detected if the policy contains
a rule with the criteria: func=FILE_CHECK mask=MAY_READ
after) an 'open_writers' violation is detected if the current event
matches one of the policy rules.
With the old behaviour, the 'open_writers' violation is not detected
in the following case:
policy:
measure func=FILE_MMAP mask=MAY_EXEC
steps:
1) open a shared library for writing
2) execute a binary that links that shared library
3) during the binary execution, modify the shared library and save
the change
result:
the 'open_writers' violation measurement is not present in the IMA list.
Only binaries executed are protected from writes. For libraries mapped
in memory there is the flag MAP_DENYWRITE for this purpose, but according
to the output of 'man mmap', the mmap flag is ignored.
Since ima_rdwr_violation_check() is now called by process_measurement()
the information about if the inode must be measured is already provided
by ima_get_action(). Thus the unnecessary function ima_must_measure()
has been removed.
Changes in v3 (Dmitry Kasatkin):
- Violation for MMAP_CHECK function are verified since this patch
- Changed patch description a bit
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This patch fixes a race condition between two functions that try to access
the same inode. Since the i_mutex lock is held and released separately
in the two functions, there may be the possibility that a violation is
not correctly detected.
Suppose there are two processes, A (reader) and B (writer), if the
following sequence happens:
A: ima_rdwr_violation_check()
B: ima_rdwr_violation_check()
B: process_measurement()
B: starts writing the inode
A: process_measurement()
the ToMToU violation (a reader may be accessing a content different from
that measured, due to a concurrent modification by a writer) will not be
detected. To avoid this issue, the violation check and the measurement
must be done atomically.
This patch fixes the problem by moving the violation check inside
process_measurement() when the i_mutex lock is held. Differently from
the old code, the violation check is executed also for the MMAP_CHECK
hook (other than for FILE_CHECK). This allows to detect ToMToU violations
that are possible because shared libraries can be opened for writing
while they are in use (according to the output of 'man mmap', the mmap()
flag MAP_DENYWRITE is ignored).
Changes in v5 (Roberto Sassu):
* get iint if action is not zero
* exit process_measurement() after the violation check if action is zero
* reverse order process_measurement() exit cleanup (Mimi)
Changes in v4 (Dmitry Kasatkin):
* iint allocation is done before calling ima_rdrw_violation_check()
(Suggested-by Mimi)
* do not check for violations if the policy does not contain 'measure'
rules (done by Roberto Sassu)
Changes in v3 (Dmitry Kasatkin):
* no violation checking for MMAP_CHECK function in this patch
* remove use of filename from violation
* removes checking if ima is enabled from ima_rdrw_violation_check
* slight style change
Suggested-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
We set the DMA configuration on USARTs in the SoC DT in (ARM: at91: sama5d3:
add usart dma configurations). As the audio must work with DMA channels, we
reserve some dma channels for audio, or else audio won't work.
Signed-off-by: Bo Shen <voice.shen@atmel.com>
[nicolas.ferre@atmel.com: move to the sama5d3xmb.dtsi to cover all board variants]
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Don't abort clock initialization if we cannot match an entry in
tegra_clk_init_table to a valid entry in the clk array.
Also log a corresponding error message.
This was discovered when testing a patch that removed the EMC clock from
tegra124_clks but left a mention in tegra_clk_init_table.
Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Commit "drm/rcar-du: Use struct videomode in platform data" touches board code
in arch/arm/mach-shmobile. There is, to the best of my knowledge, no risk of
conflict for v3.18. Simon, are you fine with getting those changes merged
through Dave's tree (and could you confirm that no conflict should occur) ?
Simon acked the merge:
Acked-by: Simon Horman <horms+renesas@verge.net.au>
* 'drm/next/du' of git://linuxtv.org/pinchartl/fbdev:
drm/rcar-du: Add OF support
drm/rcar-du: Use struct videomode in platform data
video: Add DT bindings for the R-Car Display Unit
video: Add THC63LVDM83D DT bindings documentation
video: Add ADV7123 DT bindings documentation
video: Add DT binding documentation for VGA connector
devicetree: Add vendor prefix "thine" to vendor-prefixes.txt
devicetree: Add vendor prefix "mitsubishi" to vendor-prefixes.txt
drm/shmob: Update copyright notice
drm/rcar-du: Update copyright notice
The limited color range knob is in the port registers on
g4x and vlv/chv for HDMI, and on g4x for DP. Add the relevant code
to read out the hardware state into pipe config. On vlv/chv the
DP port limited color range knob is in PIPECONF for which we
already have readout code.
Cc: Chris Clayton <chris2553@googlemail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Tested-by: Chris Clayton <chris2553@googlemail.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Again, we should not be directly using netif_printk, as we have our own
error print routines that we generate. In addition, instead of using an
early return we can just use the else block of this one line if
statement.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
In this case, disabling DCB is not an error. We can still function, but
we just have to let the user know. In addition, since we call this
during probe before allocating our netdevice structure, we should use
e_dev_warn instead of e_warn.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Our calculated v_budget doesn't matter except if we allocate MSI-X
vectors. We shouldn't need to calculate this outside of the function, so
don't. Instead, only calculate it once we attempt to acquire MSI-X
vectors. This helps collocate all of the MSI-X vector code together.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Add these clocks to the binding header so that EMC timings that have
them as parent can refer to the clocks.
Signed-off-by: Mikko Perttunen <mperttunen@nvidia.com>
We already have to kfree this value if we fail, and this is only part of
MSI-X mode, so we should simply allocate the value where we need it.
This is cleaner, and makes it a lot more obvious why we are freeing it
inside of ixgbe_acquire_msix_vectors.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Similar to how ixgbevf handles acquiring MSI-X vectors, we can return an
error code instead of relying on the flag being set. This makes it more
clear that we have failed to setup MSI-X mode, and also will make it
easier to consolidate MSI-X related code all into the single function.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
The netif_printk relies on our netdevice structure to be registered
already. We may call ixgbe_acquire_msix_vectors prior to registering our
netdevice, so we should not use the netdevice specific printk.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
If a hardware Tx timestamp is requested, an uninitialized
workqueue entry may be scheduled, especially on an 82598 adapter.
Add a check for a PTP clock to avoid that. Also only apply the
unlikely to the first term of the conditional. That will make the
rest of the checks be in the cold path.
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Acked-by: Matthew Vick <matthew.vick@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Because bd_number is not useful anymore, so remove it from adapter struct, or
if keep it, we have to fix the boards driven counter bug in ixgbe_remove() and
ixgbe_probe() only for trivial debug purpose -- other output is enough.
Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
This patch increases the mask in the FLEXCAN_MCR_MAXMB() to 7 bits as in the
newer flexcan cores the MAXMB field is 7 bits wide.
Reported-by: David Jander <david@protonic.nl>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
After sending a RTR frame the TX mailbox becomes a RX_EMPTY mailbox. To avoid
side effects when the RX-FIFO is full, this patch puts the TX mailbox into
TX_INACTIVE mode in the transmission complete interrupt handler. This, of
course, leaves a race window between the actual completion of the transmission
and the handling of tx-complete interrupt. However this is the best we can do
without busy polling the tx complete interrupt.
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
This patch implements the workaround mentioned in ERR005829:
ERR005829: FlexCAN: FlexCAN does not transmit a message that is enabled to
be transmitted in a specific moment during the arbitration process.
Workaround: The workaround consists of two extra steps after setting up a
message for transmission:
Step 8: Reserve the first valid mailbox as an inactive mailbox (CODE=0b1000).
If RX FIFO is disabled, this mailbox must be message buffer 0. Otherwise, the
first valid mailbox can be found using the "RX FIFO filters" table in the
FlexCAN chapter of the chip reference manual.
Step 9: Write twice INACTIVE code (0b1000) into the first valid mailbox.
Signed-off-by: David Jander <david@protonic.nl>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Apparently mailboxes may contain random data at startup, causing some of them
being prepared for message reception. This causes overruns being missed or even
confusing the IRQ check for trasmitted messages, increasing the transmit
counter instead of the error counter.
This patch initializes all mailboxes after the FIFO as RX_INACTIVE.
Signed-off-by: David Jander <david@protonic.nl>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
This patch fixes the initialization of the TX mailbox. It is now correctly
initialized as TX_INACTIVE not RX_EMPTY.
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Add PCI ID definition for the single channel PCAN ExpressCard 34 adapter. Due
to the subsystem id evaluation the correct number of channels (here 1) is
created at initialization time. Tested including the LED functionality.
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Pass the correct 'mask' and 'value' bits to c_can_hw_raminit_wait_ti(). They
seem to have been swapped in the usage instances.
Reported-by: Jay Schroeder <jay.schroeder@garmin.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Simon Horman says:
====================
This pull requests makes the following changes:
* Add simple weighted fail-over scheduler.
- Unlike other IPVS schedulers this offers fail-over rather than load
balancing. Connections are directed to the appropriate server based
solely on highest weight value and server availability.
- Thanks to Kenny Mathis
* Support IPv6 real servers in IPv4 virtual-services and vice versa
- This feature is supported in conjunction with the tunnel (IPIP)
forwarding mechanism. That is, IPv4 may be forwarded in IPv6 and
vice versa.
- The motivation for this is to allow more flexibility in the
choice of IP version offered by both virtual-servers and
real-servers as they no longer need to match: An IPv4 connection from an
end-user may be forwarded to a real-server using IPv6 and vice versa.
- Further work need to be done to support this feature in conjunction
with connection synchronisation. For now such configurations are
not allowed.
- This change includes update to netlink protocol, adding a new
destination address family attribute. And the necessary changes
to plumb this information throughout IPVS.
- Thanks to Alex Gartrell and Julian Anastasov
====================
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.
In fact it seems that we've already done all the work needed
to remove it apart from actually removing it. This limit was
there in order to limit stack usage. Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.
This patch kills all references to it, including the BUG_ONs
that led me here.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
As suggeested by checkpatch:
WARNING: Prefer ether_addr_copy() over memcpy() if the Ethernet addresses are __aligned(2)
In wmi.c I had to change due to sparse warnings copying of struct wmi_mac_addr
from form &cmd->peer_macaddr.addr to cmd->peer_macaddr.addr. In
ath10k_wmi_set_ap_ps_param() I also added the missing ".addr" to the copy
command.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Makes it more readable and fixes checkpatch warnings:
drivers/net/wireless/ath/ath10k/debug.c:593: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:594: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:595: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:596: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:597: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:599: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:600: WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
ath10k/htc.c:49: WARNING: Possible unnecessary 'out of memory' message
ath10k/htc.c:810: WARNING: Possible unnecessary 'out of memory' message
ath10k/htt.h:1034: CHECK: Please use a blank line after function/struct/union/enum declarations
ath10k/htt_rx.c:135: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/htt_rx.c:173: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/pci.c:633: WARNING: macros should not use a trailing semicolon
ath10k/wmi.c:3594: WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
WARNING: Missing a blank line after declarations
Please note that some of the cases I fixed by moving the variable declarations
to the beginning of the function, which is the preferred style in ath10k.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
It looks like this header file is a concatenation of two headers.
Anyway, the include guard should be renamed and placed at the correct
postion and the license block in the middle should be deleted.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
This follows Chapter 2 of Linux's CodingStyle:
> However, never break user-visible strings such as printk messages,
> because that breaks the ability to grep for them.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
This won't be used by NAND subsystem as we implement cmdfunc on our
own, but will allow us to write a bit cleaner code.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
That field has been deprecated in favour of getting the necessary
information from ACPI/DT.
However, we still need to deal systems that are PCI only (no ACPI to back
up). In order to support such systems, we allow the DMA filter function and
its corresponding parameter via pxa2xx_spi_master platform data. Then when
the pxa2xx_spi_dma_setup() doesn't find the channel via ACPI, it falls back
to use the given filter function.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
