| Age | Commit message (Collapse) | Author |
|---|
|
Add a read/write semaphore around the ops function pointers so
ops can be set to null when the driver un-registers.
Previously the tpm core expected module locking to be enough to
ensure that tpm_unregister could not be called during certain times,
however that hasn't been sufficient for a long time.
Introduce a read/write semaphore around 'ops' so the core can set
it to null when unregistering. This provides a strong fence around
the driver callbacks, guaranteeing to the driver that no callbacks
are running or will run again.
For now the ops_lock is placed very high in the call stack, it could
be pushed down and made more granular in future if necessary.
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Now that we have a proper struct device just use dev_name() to
access this value instead of keeping two copies.
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
This is a hold over from before the struct device conversion.
- All prints should be using &chip->dev, which is the Linux
standard. This changes prints to use tpm0 as the device name,
not the PnP/etc ID.
- The few places involving sysfs/modules that really do need the
parent just use chip->dev.parent instead
- We no longer need to get_device(pdev) in any places since it is no
longer used by any of the code. The kref on the parent is held
by the device core during device_add and dropped in device_del
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Simplify st33zp24_spi_acpi_request_resources, st33zp24_spi_of_request_resources
and st33zp24_spi_request_resources to have the same prototype and using
spi_get_drvdata.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Simplify st33zp24_i2c_acpi_request_resources, st33zp24_i2c_of_request_resources
and st33zp24_i2c_request_resources to have the same prototype and using
i2c_get_clientdata.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add support for acpi probing. SMO3324 is used for st33zp24.
It has been tested with the following acpi node on Minnowboard:
Device (TPM1)
{
Name (_ADR, Zero) // _ADR: Address
Name (_HID, "SMO3324") // _HID: Hardware ID
Name (_CID, "SMO3324") // _CID: Compatible ID
Name (_DDN, "SMO TPM") // _DDN: DOS Device Name
Name (_UID, One) // _UID: Unique ID
Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings
{
Name (SBUF, ResourceTemplate ()
{
SpiSerialBus (0, PolarityLow, FourWireMode, 8,
ControllerInitiated, 4000000, ClockPolarityLow,
ClockPhaseFirst, "\\_SB.SPI1",
0x00, ResourceConsumer, ,)
GpioInt (Edge, ActiveHigh, ExclusiveAndWake, PullNone, 0x0000,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0001
}
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0002,
}
})
Return (SBUF) /* \_SB_.SPI1.TPM1._CRS.SBUF */
}
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
}
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add support for acpi probing. SMO3324 is used for st33zp24.
It has been tested with the following acpi node on Minnowboard:
Device (TPM1)
{
Name (_ADR, Zero) // _ADR: Address
Name (_HID, "SMO3324") // _HID: Hardware ID
Name (_CID, "SMO3324") // _CID: Compatible ID
Name (_DDN, "SMO TPM") // _DDN: DOS Device Name
Name (_UID, One) // _UID: Unique ID
Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings
{
Name (SBUF, ResourceTemplate ()
{
I2cSerialBus (0x0013, ControllerInitiated, 400000,
AddressingMode7Bit, "\\_SB.I2C7",
0x00, ResourceConsumer, ,)
GpioInt (Edge, ActiveHigh, ExclusiveAndWake, PullNone, 0x0000,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0001
}
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0002,
}
})
Return (SBUF) /* \_SB_.I2C7.TPM1._CRS.SBUF */
}
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
}
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Extend copyright header to 2016
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add check in st33zp24_spi_evaluate_latency helping to diagnose if the chip
is present or in a bad state.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
DT headers already define NOOP routines when CONFIG_OF is not defined.
[jarkko.sakkinen@linux.intel.com: I tested that the driver compiles
without warnings and errors with and without CONFIG_OF flag.]
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Remove spi_xfer from st33zp24_spi_phy structure and declare local spi_xfer
when needed instead.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
An affectation is enough when copying 1 byte. Remove memcpy usage where
possible.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Make sure every function name use st33zp24_spi_ prefix.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
nbr_dummy_bytes variable could be easily replaced by phy->latency in
st33zp24_spi_send and st33zp24_spi_recv.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Simplify st33zp24_spi_acpi_request_resources, st33zp24_spi_of_request_resources
and st33zp24_spi_request_resources to have the same prototype and using
spi_get_drvdata.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Simplify st33zp24_i2c_acpi_request_resources, st33zp24_i2c_of_request_resources
and st33zp24_i2c_request_resources to have the same prototype and using
i2c_get_clientdata.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add support for acpi probing. SMO3324 is used for st33zp24.
It has been tested with the following acpi node on Minnowboard:
Device (TPM1)
{
Name (_ADR, Zero) // _ADR: Address
Name (_HID, "SMO3324") // _HID: Hardware ID
Name (_CID, "SMO3324") // _CID: Compatible ID
Name (_DDN, "SMO TPM") // _DDN: DOS Device Name
Name (_UID, One) // _UID: Unique ID
Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings
{
Name (SBUF, ResourceTemplate ()
{
SpiSerialBus (0, PolarityLow, FourWireMode, 8,
ControllerInitiated, 4000000, ClockPolarityLow,
ClockPhaseFirst, "\\_SB.SPI1",
0x00, ResourceConsumer, ,)
GpioInt (Edge, ActiveHigh, ExclusiveAndWake, PullNone, 0x0000,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0001
}
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0002,
}
})
Return (SBUF) /* \_SB_.SPI1.TPM1._CRS.SBUF */
}
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
}
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add support for acpi probing. SMO3324 is used for st33zp24.
It has been tested with the following acpi node on Minnowboard:
Device (TPM1)
{
Name (_ADR, Zero) // _ADR: Address
Name (_HID, "SMO3324") // _HID: Hardware ID
Name (_CID, "SMO3324") // _CID: Compatible ID
Name (_DDN, "SMO TPM") // _DDN: DOS Device Name
Name (_UID, One) // _UID: Unique ID
Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings
{
Name (SBUF, ResourceTemplate ()
{
I2cSerialBus (0x0013, ControllerInitiated, 400000,
AddressingMode7Bit, "\\_SB.I2C7",
0x00, ResourceConsumer, ,)
GpioInt (Edge, ActiveHigh, ExclusiveAndWake, PullNone, 0x0000,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0001
}
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.GPO2", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0002,
}
})
Return (SBUF) /* \_SB_.I2C7.TPM1._CRS.SBUF */
}
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
}
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Extend copyright header to 2016
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Add check in st33zp24_spi_evaluate_latency helping to diagnose if the chip
is present or in a bad state.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
The core st33zp24 module is useless without either the I2C or the
SPI access module. So hide NFC_ST_NCI and select it automatically
if either TCG_TIS_ST33ZP24_I2C or TCG_TIS_ST33ZP24_SPI is selected.
This avoids presenting TCG_TIS_ST33ZP24 when neither TCG_TIS_ST33ZP24_I2C
nor TCG_TIS_ST33ZP24_SPI can be selected.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
DT headers already define NOOP routines when CONFIG_OF is not defined.
[jarkko.sakkinen@linux.intel.com: I tested that the driver compiles
without warnings and errors with and without CONFIG_OF flag.]
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Remove spi_xfer from st33zp24_spi_phy structure and declare local spi_xfer
when needed instead.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
An affectation is enough when copying 1 byte. Remove memcpy usage where
possible.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Make sure every function name use st33zp24_spi_ prefix.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
nbr_dummy_bytes variable could be easily replaced by phy->latency in
st33zp24_spi_send and st33zp24_spi_recv.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
avc_cache_threshold is of type unsigned int. Do not use a signed
new_value in sscanf(page, "%u", &new_value).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[PM: subject prefix fix, description cleanup]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: user-mode-linux-devel@lists.sourceforge.net
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Chris Metcalf <cmetcalf@mellanox.com>
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: linuxppc-dev@lists.ozlabs.org
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: linux-s390@vger.kernel.org
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Helge Deller <deller@gmx.de>
Cc: linux-parisc@vger.kernel.org
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: "Maciej W. Rozycki" <macro@imgtec.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
|
|
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Russell King <linux@armlinux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
|
|
This moves seccomp after ptrace on x86 to that seccomp can catch changes
made by ptrace. Emulation should skip the rest of processing too.
We can get rid of test_thread_flag because there's no longer any
opportunity for seccomp to mess with ptrace state before invoking
ptrace.
Suggested-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Cc: Andy Lutomirski <luto@kernel.org>
|
|
When RET_TRACE triggers, a tracer may change a syscall into something that
should be filtered by seccomp. This re-runs seccomp after a trace event
to make sure things continue to pass.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
|
|
Since nothing is using the 2-phase API, and it adds more complexity than
benefit, remove it.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
|
|
I added two-phase syscall entry work back when the entry slow path
was very slow. Nowadays, the entry slow path is fast and two-phase
entry work serves no purpose. Remove it.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Currently, if arch code wants to supply seccomp_data directly to
seccomp (which is generally much faster than having seccomp do it
using the syscall_get_xyz() API), it has to use the two-phase
seccomp hooks. Add it to the easy hooks, too.
Cc: linux-arch@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
One problem with seccomp was that ptrace could be used to change a
syscall after seccomp filtering had completed. This was a well documented
limitation, and it was recommended to block ptrace when defining a filter
to avoid this problem. This can be quite a limitation for containers or
other places where ptrace is desired even under seccomp filters.
This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
|
|
Make sign-file determine the format of the X.509 certificate by reading the
first two bytes and seeing if the first byte is 0x30 and the second
0x81-0x84. If this is the case, assume it's DER encoded, otherwise assume
it to be PEM encoded.
Without this, it gets awkward to deal with the error messages from
d2i_X509_bio() when we want to call BIO_reset() and then PEM_read_bio() in
case the certificate was PEM encoded rather than X.509 encoded.
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Ben Hutchings <ben@decadent.org.uk>
cc: David Woodhouse <dwmw2@infradead.org>
cc: Juerg Haefliger <juerg.haefliger@hpe.com>
cc: Ben Hutchings <ben@decadent.org.uk>
|
|
Strip some trailing spaces.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
In cases where the category bitmap is sparse enough that gaps exist
between netlbl_lsm_catmap structs, callers to netlbl_catmap_getlong()
could find themselves prematurely ending their search through the
category bitmap. Further, the methods used to calculate the 'idx'
and 'off' values were incorrect for bitmaps this large. This patch
changes the netlbl_catmap_getlong() behavior so that it always skips
over gaps and calculates the index and offset values correctly.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
The existing ebitmap_netlbl_import() code didn't correctly handle the
case where the ebitmap_node was not aligned/sized to a power of two,
this patch fixes this (on x86_64 ebitmap_node contains six bitmaps
making a range of 0..383).
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
Kill with signal number 0 is commonly used for checking PID existence.
Smack treated such cases like any other kills, although no signal is
actually delivered when sig == 0.
Checking permissions when sig == 0 didn't prevent an unprivileged caller
from learning whether PID exists or not. When it existed, kernel returned
EPERM, when it didn't - ESRCH. The only effect of policy check in such
case is noise in audit logs.
This change lets Smack silently ignore kill() invocations with sig == 0.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
|
|
Much like we had to do for AF_BLUETOOTH and AF_ALG, make sure we
properly clone the parent socket's LSM attributes to newly created
child sockets.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
It seems risky to always rely on the caller to ensure the socket's
address family is correct before passing it to the NetLabel kAPI,
especially since we see at least one LSM which didn't. Add address
family checks to the *_delattr() functions to help prevent future
problems.
Cc: <stable@vger.kernel.org>
Reported-by: Maninder Singh <maninder1.s@samsung.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
The code is doing the equivalent of the kthread_run macro.
Signed-off-by: Mike Danese <mikedanese@google.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.
The denial audit message caused confusion for some application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.
BugLink: https://launchpad.net/bugs/1465724
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
