Age | Commit message (Collapse) | Author |
|
This change fixes abnormal signal handling in tf driver.
Tf_daemon(user thread) is waiting for the signal when coming out of LP0,
but tf_daemon never gets the signal because tf driver can't handle the
signal properly. If there's a pending signal when coming out of LP0,
this fix clears the pending signal.
Bug 1244750
Bug 1309812
Change-Id: I7849866c7993af8716c17f6b7a06692271334664
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/253586
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Jun Yan <juyan@nvidia.com>
Tested-by: Jun Yan <juyan@nvidia.com>
Reviewed-by: Anshul Jain (SW) <anshulj@nvidia.com>
|
|
This reverts commit 8067f19868040be42e53bb05778138502c899632.
Change-Id: I6bf285be6a0ff3657d33bc3ecc99544cd4f83344
Signed-off-by: Jun Yan <juyan@nvidia.com>
Reviewed-on: http://git-master/r/253585
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Anshul Jain (SW) <anshulj@nvidia.com>
|
|
This reverts commit ac475a8eef3acc44297d4853fde82b87c31dda2b.
Change-Id: I07d9672f3eadbdeebd85829480597661ce5259f5
Signed-off-by: Jun Yan <juyan@nvidia.com>
Reviewed-on: http://git-master/r/253114
Reviewed-by: Anshul Jain (SW) <anshulj@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
|
|
K3.4 does not need this code maintain to PF_KTHREAD
Bug 1244750
Change-Id: Iec2fdf2cf4646ea3415f370a45376b1757498854
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/251113
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Anshul Jain (SW) <anshulj@nvidia.com>
Tested-by: Peter Zu <pzu@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.08.40475
1. This version improves TF time to go to sleep for secure cores (~20%)
and wake up time both for secure (~25%) and non-secure (~50%) cores.
2. Apply missing arm errata for A15.
Bug 1198125
Change-Id: I9bd6ebb9b15c53a7bce1d3cd2209a3cee0cea4da
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/215285
(cherry picked from commit d2d7ad718c3203928bd39f4d7cbabe4e5b3e366f)
Reviewed-on: http://git-master/r/221141
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Tested-by: Sang-Hun Lee <sanlee@nvidia.com>
Reviewed-by: Ankit Pashiney <apashiney@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.06.40323
Added support of secure interrupts in the custom drivers.
Bug 969938
Change-Id: Ic08d0a9c73cf6ab2f147bf89377c306fbe58fd2a
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/202154
(cherry picked from commit fd6034d233f615f0a442ddc2cde1f0363e4571c6)
Reviewed-on: http://git-master/r/221140
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Tested-by: Sang-Hun Lee <sanlee@nvidia.com>
Reviewed-by: Ankit Pashiney <apashiney@nvidia.com>
|
|
This change fixes incorrect cpu affinity after excuting tf_driver.
The process using tf_driver sometimes can't be schecduled to
available onlined cpu. It is because cpu affinity has changed
after using tf_driver. tf_driver saves current cpu affinity by
calling sched_getaffinity which returns cpu affinity AND-masked
by onlined cpus. tf_driver should save just current cpu affinity,
not cpu affinity AND-masked by onlined cpus.
bug 1218943
cherry picked from commit bba209aa7fe8b4f52f5d42acc1b21d8f54c18fe0)
Reviewed-on: http://git-master/r/#change,195830
Change-Id: I5fbc1e6a3c67fbd01e4f2f5321aea168f7ba07c9
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/198842
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.05.40075
1. The LP0 Warmboot code of TF has been updated to reflect last changes
of Tegra bootloader. TF boot parameters which are passed to secure os
are removed in warmboot code. They can't live in warmboot code anymore
because of PKC boot feature in T114.
2. Disable L2 prefetch throttle to enhance performance.
Bug 1211749
Change-Id: I09648482766ef117f200729ab7220655f93163a4
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/193165
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.03.39731
1. Support GCC for Secure services and drivers
2. Enables hazard detection timeout at TF boot time on all cores
Bug 1186790
Change-Id: I95adbb9d978ae36dc7b3550f8b3e169b95575091
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/172650
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.02.39373
Create a new SMC (0xFFFFFFE7) for no flush operations in cluster power down.
Bug 969937
Change-Id: Ie91d1ab2560ab56ee9ca2c8f35757a9bb5222c26
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/168212
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
Add new tracepoint events for SecureOS-related tracing.
The timestamp traces measure the number of cycles taken
to switch between normal world and secure world using the
CP15 cycle counter.
Bug 1042455
Change-Id: Ia7f0718a0fcc399875a175670b80dfe33f79b95e
Signed-off-by: Charles Tan <ctan@nvidia.com>
Reviewed-on: http://git-master/r/159367
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Antti Miettinen <amiettinen@nvidia.com>
Tested-by: Antti Miettinen <amiettinen@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
|
|
Tegra4 version: TF_TEGRA4_AC02.01.39197.zip
Support PM features
1) Cluster power down(LP2)
2) Low Power SoC Suspend(LP0, LP1)
3) Dynamic CPU Core & Cluster Switching
Bug 969937
Bug 1178454
Change-Id: I27d994e19c65eb928177c816dfa97be01ad5c1e1
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/166483
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Krishna Reddy <vdumpa@nvidia.com>
|
|
V9 version for Tegra3: TF_TEGRA3_AB02.02.38127
V9 version for Tegra4: TF_TEGRA4_AC02.01e1.38186
This package is the first release of Trusted Foundations v9
It supports all the features supported by TFv8 (i.e. TF_TEGRA3_AB01.13)
1) Dynamic loading of secure services is supported
2) ARM generic and Tegra specific code are regrouped in HAL driversthat can be repostlinked
3) The fix for imprecise abort observed during Widvine session
bug 969937
bug 969981
Change-Id: I1fd0d0df21ead84fb226ba2e0a6b3cf463472a26
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/147176
GVS: Gerrit_Virtual_Submit
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
Tegra 3 version: TF_TEGRA3_AB01.16.37161
Improvements in maintenance operations of L2 Cache Controlller.
Change-Id: Iddbd61b21b6d83548d5a8c636e26b07b3b4f1385
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/128948
(cherry picked from commit 9bc5ccb125f8c32733a73bbc560ee71ac143f359)
Reviewed-on: http://git-master/r/131895
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: James Zhao <jamesz@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
Tested-by: Bharat Nihalani <bnihalani@nvidia.com>
|
|
Tegra 3 version: TF_TEGRA3_AB01.15.36932
1)Fix an issue in GIC controller
2)Add a task profiler option into the Trusted Foundations
3)Fixes the RCU stalls
Change-Id: Ib137dc4f155765cb7d7084f1f9a6f75d3bf38116
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-on: http://git-master/r/122808
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: James Zhao <jamesz@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
|
|
In K3.1, this code was setting PF_FREEZER_NOSIG, which meant
freeze_task would signal this thread to TIF_FREEZE later.
In K3.4, PF_FREEZER_NOSIG was removed and the code ported to
toggle PF_KTHREAD instead. But, in the port we missed restoring
the previous task value (leaving PF_KTHREAD still set).
Bug 988873
Change-Id: I1071ea33c08c64288162cd628977081a422c716f
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/123535
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
Linux v3.4.8
Conflicts:
drivers/net/tun.c
kernel/power/suspend.c
Change-Id: Ia26546425cd20f127dbf4dd58cfca41bda47d23d
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
commit 8ded2bbc1845e19c771eb55209aab166ef011243 upstream.
Recently, glibc made a change to suppress sign-conversion warnings in
FD_SET (glibc commit ceb9e56b3d1). This uncovered an issue with the
kernel's definition of __NFDBITS if applications #include
<linux/types.h> after including <sys/select.h>. A build failure would
be seen when passing the -Werror=sign-compare and -D_FORTIFY_SOURCE=2
flags to gcc.
It was suggested that the kernel should either match the glibc
definition of __NFDBITS or remove that entirely. The current in-kernel
uses of __NFDBITS can be replaced with BITS_PER_LONG, and there are no
uses of the related __FDELT and __FDMASK defines. Given that, we'll
continue the cleanup that was started with commit 8b3d1cda4f5f
("posix_types: Remove fd_set macros") and drop the remaining unused
macros.
Additionally, linux/time.h has similar macros defined that expand to
nothing so we'll remove those at the same time.
Reported-by: Jeff Law <law@redhat.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
[ .. and fix up whitespace as per akpm ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Tegra 3 version: TF_TEGRA3_AB01.14.36781
1)Kernel boot addr in TF boot args, branch prediction activated early,
fix in system driver mapping.
2)Several improvments in boot and L2CC operations
3)Fix to support Neon
Signed-off-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Change-Id: I16ed5d46d196875dece1f0006a0b04dbfdb58d42
Reviewed-on: http://git-master/r/119790
Reviewed-by: James Zhao <jamesz@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-by: Dan Willemsen <dwillemsen@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Tested-by: Hyung Taek Ryoo <hryoo@nvidia.com>
|
|
Tegra 3 version: TF_TEGRA3_AB01.11.35578, TF_TEGRA3_AB01.11p1.35578
TF_TEGRA3_AB01.11p2.36386, TF_TEGRA3_AB01.11p3.36518
TF_TEGRA3_AB01.11p4.36577, TF_TEGRA3_AB01.11p5.36677
1)Add memory profiling tool to debug secure services's stack and heap
2)Add support to enable dynamic clock gating feature in PL310 register
3)TEE client API at kernel level
4)Stable FIQ debugging (SDK ver 1.09)
5)clrex stability change
6)GIC controller stability settings
7)Fix LP1
8)Fix floating pt support
Bug 1021831
Change-Id: I5c2a693a27dc591b62863aa0fe4ff65163e67aba
Signed-off-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-on: http://git-master/r/117515
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Reviewed-by: Marvin Zhang <mzhang@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
|
|
Update TL's SDK to ver 01.12. New SDK adds -
1) LP2 exit time optimization
2) L2 cache optimization - stop only, no flush
3) PL310 - set dynamic clock gate
4) Support for TEEE client api's for drivers
bug 996822
Change-Id: Id46b7dd153ef05cffeed76558fa7a8c50cae5bd7
Signed-off-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-on: http://git-master/r/108025
(cherry picked from commit 3f2b434827ef9456b12dab23339de19afa1ff77c)
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
Change-Id: I44399a9c79dba6439858d1bcdf8cd8add1fb3a8b
Reviewed-on: http://git-master/r/109535
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
Conflicts:
drivers/i2c/busses/i2c-tegra.c
drivers/usb/gadget/fsl_udc_core.c
Change-Id: Ibfc3a8edc3665b832ddc94f89fc17b556629d104
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
commit 154c50ca4eb9ae472f50b6a481213e21ead4457d upstream.
We reset the bool names and values array to NULL, but do not reset the
number of entries in these arrays to 0. If we error out and then get back
into this function we will walk these NULL pointers based on the belief
that they are non-zero length.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Tegra 2 version: TF_TEGRA2_AA01.09.34784
Tegra 3 version: TF_TEGRA3_AB01.08.34931
Add dynamic support for UART used by the Secure World trace driver.
The files are from the Tegra 3 version of SDK.
Bug 960201.
Change-Id: I14c3cfc35f81d3a37981e82760c2a2259164a904
Signed-off-by: Marvin Zhang <mzhang@nvidia.com>
Reviewed-on: http://git-master/r/94306
(cherry picked from commit 173b55aa4d30fc3771719093d675972fca600cd3)
Reviewed-on: http://git-master/r/104037
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Tested-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
GVS: Gerrit_Virtual_Submit
|
|
bug 949219
Change-Id: Ia7d23d3aab631e6a78c53518bc1f608d46e8f341
Signed-off-by: Sanjay Singh Rawat <srawat@nvidia.com>
Reviewed-on: http://git-master/r/92260
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>
|
|
Tegra 2 version: TF_TEGRA2_AA01.07.34078
Tegra 3 version: TF_TEGRA3_AB01.06.34049
Bug 950169
Signed-off-by: Chris Johnson <cwj@nvidia.com>
Reviewed-on: http://git-master/r/89927
(cherry picked from commit 28fc4a5b80a0f6db3e6dc50efd8c0412e2ae11bf)
Change-Id: I41413b4f00d243e3bb56d44fb32eea29d0291401
Reviewed-on: http://git-master/r/90445
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Chris Johnson <cwj@nvidia.com>
Tested-by: Chris Johnson <cwj@nvidia.com>
Reviewed-by: Karan Jhavar <kjhavar@nvidia.com>
Reviewed-by: Yu-Huan Hsu <yhsu@nvidia.com>
Conflicts:
security/tf_driver/tf_comm.c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
Add missing "personality.h"
security/commoncap.c: In function 'cap_bprm_set_creds':
security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
security/commoncap.c:510: error: (Each undeclared identifier is reported only once
security/commoncap.c:510: error: for each function it appears in.)
Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
If a process increases permissions using fcaps all of the dangerous
personality flags which are cleared for suid apps should also be cleared.
Thus programs given priviledge with fcaps will continue to have address space
randomization enabled even if the parent tried to disable it to make it
easier to attack.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
A kernel with Smack enabled will fail if tmpfs has xattr support.
Move the initialization of predefined Smack label
list entries to the LSM initialization from the
smackfs setup. This became an issue when tmpfs
acquired xattr support, but was never correct.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
Add CONFIG_ANDROID_PARANOID_NETWORK for Android specific capabilities
Change-Id: Ic9a44e4f754445fbf59a52e5aa75a2d8e3d0930f
Signed-off-by: Preetham Chandru R <pchandru@nvidia.com>
Reviewed-on: http://git-master/r/97519
Reviewed-by: Sanjay Singh Rawat <srawat@nvidia.com>
Reviewed-by: Kiran Adduri <kadduri@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
Add missing "personality.h"
security/commoncap.c: In function 'cap_bprm_set_creds':
security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
security/commoncap.c:510: error: (Each undeclared identifier is reported only once
security/commoncap.c:510: error: for each function it appears in.)
Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
This fixes builds where CONFIG_AUDIT is not defined and
CONFIG_SECURITY_SMACK=y.
This got introduced by the stack-usage reducation commit 48c62af68a40
("LSM: shrink the common_audit_data data union").
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
common_audit_data'
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.
So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Instead of declaring the entire selinux_audit_data on the stack when we
start an operation on declare it on the stack if we are going to use it.
We know it's usefulness at the end of the security decision and can declare
it there.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We don't use the argument, so remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We do not use it. Remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
After shrinking the common_audit_data stack usage for private LSM data I'm
not going to shrink the data union. To do this I'm going to move anything
larger than 2 void * ptrs to it's own structure and require it to be declared
separately on the calling stack. Thus hot paths which don't need more than
a couple pointer don't have to declare space to hold large unneeded
structures. I could get this down to one void * by dealing with the key
struct and the struct path. We'll see if that is helpful after taking care of
networking.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
If a process increases permissions using fcaps all of the dangerous
personality flags which are cleared for suid apps should also be cleared.
Thus programs given priviledge with fcaps will continue to have address space
randomization enabled even if the parent tried to disable it to make it
easier to attack.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
A kernel with Smack enabled will fail if tmpfs has xattr support.
Move the initialization of predefined Smack label
list entries to the LSM initialization from the
smackfs setup. This became an issue when tmpfs
acquired xattr support, but was never correct.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
Conflicts:
security/commoncap.c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
This fixes builds where CONFIG_AUDIT is not defined and
CONFIG_SECURITY_SMACK=y.
This got introduced by the stack-usage reducation commit 48c62af68a40
("LSM: shrink the common_audit_data data union").
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Change-Id: Ib3b69ffc5ac3e07c9cc44cc49e9142088eec477e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
common_audit_data'
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.
So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Instead of declaring the entire selinux_audit_data on the stack when we
start an operation on declare it on the stack if we are going to use it.
We know it's usefulness at the end of the security decision and can declare
it there.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We don't use the argument, so remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We do not use it. Remove it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
After shrinking the common_audit_data stack usage for private LSM data I'm
not going to shrink the data union. To do this I'm going to move anything
larger than 2 void * ptrs to it's own structure and require it to be declared
separately on the calling stack. Thus hot paths which don't need more than
a couple pointer don't have to declare space to hold large unneeded
structures. I could get this down to one void * by dealing with the key
struct and the struct path. We'll see if that is helpful after taking care of
networking.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull second try at vfs part d#2 from Al Viro:
"Miklos' first series (with do_lookup() rewrite split into edible
chunks) + assorted bits and pieces.
The 'untangling of do_lookup()' series is is a splitup of what used to
be a monolithic patch from Miklos, so this series is basically "how do
I convince myself that his patch is correct (or find a hole in it)".
No holes found and I like the resulting cleanup, so in it went..."
Changes from try 1: Fix a boot problem with selinux, and commit messages
prettied up a bit.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)
vfs: fix out-of-date dentry_unhash() comment
vfs: split __lookup_hash
untangling do_lookup() - take __lookup_hash()-calling case out of line.
untangling do_lookup() - switch to calling __lookup_hash()
untangling do_lookup() - merge d_alloc_and_lookup() callers
untangling do_lookup() - merge failure exits in !dentry case
untangling do_lookup() - massage !dentry case towards __lookup_hash()
untangling do_lookup() - get rid of need_reval in !dentry case
untangling do_lookup() - eliminate a loop.
untangling do_lookup() - expand the area under ->i_mutex
untangling do_lookup() - isolate !dentry stuff from the rest of it.
vfs: move MAY_EXEC check from __lookup_hash()
vfs: don't revalidate just looked up dentry
vfs: fix d_need_lookup/d_revalidate order in do_lookup
ext3: move headers to fs/ext3/
migrate ext2_fs.h guts to fs/ext2/ext2.h
new helper: ext2_image_size()
get rid of pointless includes of ext2_fs.h
ext2: No longer export ext2_fs.h to user space
mtdchar: kill persistently held vfsmount
...
|