mirror of
https://github.com/gta7lite/android_kernel_samsung_ot8.git
synced 2026-02-08 17:24:41 -08:00
master
322 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Todd Kjos
|
1d737b4473 |
[ALPS06511517] binder: use cred instead of task for getsecid
Use the struct cred saved at binder_open() to lookup the security ID via security_cred_getsecid(). This ensures that the security context that opened binder is the one used to generate the secctx. MTK-Commit-Id: f818064bac90605f4d0a1d2c1163f959d9cb4b53 Cc: stable@vger.kernel.org # 5.4+ Fixes: ec74136ded79 ("binder: create node flag to request senders security context") Signed-off-by: Todd Kjos <tkjos@google.com> Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reported-by: kernel test robot <lkp@intel.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Change-Id: Ia7b59804a0bdbd51191bbcca556414840307c623 Bug: 200688826 Signed-off-by: Frankie Chang <frankie.chang@mediatek.com> CR-Id: ALPS06511517 Feature: Google Security Patch |
||
|
Todd Kjos
|
e3b2c5e01c |
[ALPS06511517] binder: use cred instead of task for selinux checks
Since binder was integrated with selinux, it has passed
struct task_struct associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the struct cred saved during binder_open and pass
it to the selinux subsystem.
MTK-Commit-Id: dc0f56b195ff4cd16b66bc8deecc56ab2b5c9d3b
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
Greg Kroah-Hartman
|
07ce88e9de |
Merge 4.19.164 into android-4.19-stable
Changes in 4.19.164
Kbuild: do not emit debug info for assembly with LLVM_IAS=1
x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S
spi: bcm2835aux: Fix use-after-free on unbind
spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
iwlwifi: pcie: limit memory read spin time
arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards.
iwlwifi: mvm: fix kernel panic in case of assert during CSA
powerpc: Drop -me200 addition to build flags
ARC: stack unwinding: don't assume non-current task is sleeping
scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend
soc: fsl: dpio: Get the cpumask through cpumask_of(cpu)
platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e
platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen
platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE
platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC
Input: cm109 - do not stomp on control URB
Input: i8042 - add Acer laptops to the i8042 reset list
pinctrl: amd: remove debounce filter setting in IRQ type setting
mmc: block: Fixup condition for CMD13 polling for RPMB requests
kbuild: avoid static_assert for genksyms
scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP
x86/membarrier: Get rid of a dubious optimization
x86/apic/vector: Fix ordering in vector assignment
compiler.h: fix barrier_data() on clang
PCI: qcom: Add missing reset for ipq806x
mac80211: mesh: fix mesh_pathtbl_init() error path
net: stmmac: free tx skb buffer in stmmac_resume()
tcp: select sane initial rcvq_space.space for big MSS
tcp: fix cwnd-limited bug for TSO deferral where we send nothing
net/mlx4_en: Avoid scheduling restart task if it is already running
lan743x: fix for potential NULL pointer dereference with bare card
net/mlx4_en: Handle TX error CQE
net: stmmac: delete the eee_ctrl_timer after napi disabled
net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux
net: bridge: vlan: fix error return code in __vlan_add()
ktest.pl: If size of log is too big to email, email error message
USB: dummy-hcd: Fix uninitialized array use in init()
USB: add RESET_RESUME quirk for Snapscan 1212
ALSA: usb-audio: Fix potential out-of-bounds shift
ALSA: usb-audio: Fix control 'access overflow' errors from chmap
xhci: Give USB2 ports time to enter U3 in bus suspend
USB: UAS: introduce a quirk to set no_write_same
USB: sisusbvga: Make console support depend on BROKEN
ALSA: pcm: oss: Fix potential out-of-bounds shift
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
drm/xen-front: Fix misused IS_ERR_OR_NULL checks
drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
arm64: lse: fix LSE atomics with LLVM's integrated assembler
arm64: lse: Fix LSE atomics with LLVM
arm64: Change .weak to SYM_FUNC_START_WEAK_PI for arch/arm64/lib/mem*.S
x86/resctrl: Remove unused struct mbm_state::chunks_bw
x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled
pinctrl: merrifield: Set default bias in case no particular value given
pinctrl: baytrail: Avoid clearing debounce value when turning it off
ARM: dts: sun8i: v3s: fix GIC node memory range
gpio: mvebu: fix potential user-after-free on probe
scsi: bnx2i: Requires MMU
xsk: Fix xsk_poll()'s return type
can: softing: softing_netdev_open(): fix error handling
clk: renesas: r9a06g032: Drop __packed for portability
block: factor out requeue handling from dispatch code
netfilter: x_tables: Switch synchronization to RCU
gpio: eic-sprd: break loop when getting NULL device resource
selftests/bpf/test_offload.py: Reset ethtool features after failed setting
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
ixgbe: avoid premature Rx buffer reuse
drm/tegra: replace idr_init() by idr_init_base()
kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
drm/tegra: sor: Disable clocks on error in tegra_sor_init()
arm64: syscall: exit userspace before unmasking exceptions
vxlan: Add needed_headroom for lower device
vxlan: Copy needed_tailroom from lowerdev
scsi: mpt3sas: Increase IOCInit request timeout to 30s
dm table: Remove BUG_ON(in_interrupt())
soc/tegra: fuse: Fix index bug in get_process_id
USB: serial: option: add interface-number sanity check to flag handling
USB: gadget: f_acm: add support for SuperSpeed Plus
USB: gadget: f_midi: setup SuperSpeed Plus descriptors
usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
coresight: tmc-etr: Check if page is valid before dma_map_page()
scsi: megaraid_sas: Check user-provided offsets
HID: i2c-hid: add Vero K147 to descriptor override
serial_core: Check for port state when tty is in error state
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
quota: Sanity-check quota file headers on load
media: msi2500: assign SPI bus number dynamically
crypto: af_alg - avoid undefined behavior accessing salg_name
md: fix a warning caused by a race between concurrent md_ioctl()s
perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata
perf cs-etm: Move definition of 'traceid_list' global variable from header file
drm/gma500: fix double free of gma_connector
drm/tve200: Fix handling of platform_get_irq() error
soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()
soc: mediatek: Check if power domains can be powered on at boot time
soc: qcom: geni: More properly switch to DMA mode
RDMA/bnxt_re: Set queue pair state when being queried
selinux: fix error initialization in inode_doinit_with_dentry()
ARM: dts: aspeed: s2600wf: Fix VGA memory region location
RDMA/rxe: Compute PSN windows correctly
x86/mm/ident_map: Check for errors from ident_pud_init()
ARM: p2v: fix handling of LPAE translation in BE mode
x86/apic: Fix x2apic enablement without interrupt remapping
sched/deadline: Fix sched_dl_global_validate()
sched: Reenable interrupts in do_sched_yield()
crypto: talitos - Endianess in current_desc_hdr()
crypto: talitos - Fix return type of current_desc_hdr()
crypto: inside-secure - Fix sizeof() mismatch
powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
spi: img-spfi: fix reference leak in img_spfi_resume
drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
ASoC: pcm: DRAIN support reactivation
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7
arm64: dts: exynos: Correct psci compatible used on Exynos7
Bluetooth: Fix null pointer dereference in hci_event_packet()
Bluetooth: hci_h5: fix memory leak in h5_close
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
spi: tegra20-slink: fix reference leak in slink ops of tegra20
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
spi: tegra114: fix reference leak in tegra spi ops
spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume
mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
ASoC: wm8998: Fix PM disable depth imbalance on error
ASoC: arizona: Fix a wrong free in wm8997_probe
RDMa/mthca: Work around -Wenum-conversion warning
MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
staging: greybus: codecs: Fix reference counter leak in error handling
staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c
media: tm6000: Fix sizeof() mismatches
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm()
ASoC: meson: fix COMPILE_TEST error
scsi: core: Fix VPD LUN ID designator priorities
media: solo6x10: fix missing snd_card_free in error handling case
video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
Input: ads7846 - fix race that causes missing releases
Input: ads7846 - fix integer overflow on Rt calculation
Input: ads7846 - fix unaligned access on 7845
usb/max3421: fix return error code in max3421_probe()
spi: mxs: fix reference leak in mxs_spi_probe
powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
spi: fix resource leak for drivers without .remove callback
soc: ti: knav_qmss: fix reference leak in knav_queue_probe
soc: ti: Fix reference imbalance in knav_dma_probe
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
Input: omap4-keypad - fix runtime PM error handling
RDMA/cxgb4: Validate the number of CQEs
memstick: fix a double-free bug in memstick_check
ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
orinoco: Move context allocation after processing the skb
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
media: siano: fix memory leak of debugfs members in smsdvb_hotplug
platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration
platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration
samples: bpf: Fix lwt_len_hist reusing previous BPF map
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
media: max2175: fix max2175_set_csm_mode() error code
slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
ARM: dts: Remove non-existent i2c1 from 98dx3236
arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching
power: supply: bq24190_charger: fix reference leak
genirq/irqdomain: Don't try to free an interrupt that has no mapping
PCI: Bounds-check command-line resource alignment requests
PCI: Fix overflow in command-line resource alignment requests
PCI: iproc: Fix out-of-bound array accesses
arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
ARM: dts: at91: at91sam9rl: fix ADC triggers
platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init
ath10k: Fix the parsing error in service available event
ath10k: Fix an error handling path
ath10k: Release some resources in an error handling path
NFSv4.2: condition READDIR's mask for security label based on LSM state
SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
lockd: don't use interval-based rebinding over TCP
NFS: switch nfsiod to be an UNBOUND workqueue.
vfio-pci: Use io_remap_pfn_range() for PCI IO memory
media: saa7146: fix array overflow in vidioc_s_audio()
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
ARM: dts: at91: sama5d2: map securam as device
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
arm64: dts: rockchip: Fix UART pull-ups on rk3328
memstick: r592: Fix error return in r592_probe()
net/mlx5: Properly convey driver version to firmware
ASoC: jz4740-i2s: add missed checks for clk_get()
dm ioctl: fix error return code in target_message
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
cpufreq: st: Add missing MODULE_DEVICE_TABLE
cpufreq: loongson1: Add missing MODULE_ALIAS
cpufreq: scpi: Add missing MODULE_ALIAS
scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
scsi: pm80xx: Fix error return in pm8001_pci_probe()
seq_buf: Avoid type mismatch for seq_buf_init
scsi: fnic: Fix error return code in fnic_probe()
platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems
powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
powerpc/pseries/hibernation: remove redundant cacheinfo update
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
usb: oxu210hp-hcd: Fix memory leak in oxu_create
speakup: fix uninitialized flush_lock
nfsd: Fix message level for normal termination
nfs_common: need lock during iterate through the list
x86/kprobes: Restore BTF if the single-stepping is cancelled
bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
clk: tegra: Fix duplicated SE clock entry
extcon: max77693: Fix modalias string
mac80211: don't set set TDLS STA bandwidth wider than possible
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
watchdog: sprd: remove watchdog disable from resume fail path
watchdog: sprd: check busy bit before new loading rather than after that
watchdog: Fix potential dereferencing of null pointer
um: Monitor error events in IRQ controller
um: tty: Fix handling of close in tty lines
um: chan_xterm: Fix fd leak
nfc: s3fwrn5: Release the nfc firmware
powerpc/ps3: use dma_mapping_error()
checkpatch: fix unescaped left brace
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
net: korina: fix return value
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
watchdog: qcom: Avoid context switch in restart handler
watchdog: coh901327: add COMMON_CLK dependency
clk: ti: Fix memleak in ti_fapll_synth_setup
pwm: zx: Add missing cleanup in error path
pwm: lp3943: Dynamically allocate PWM chip base
perf record: Fix memory leak when using '--user-regs=?' to list registers
qlcnic: Fix error code in probe
clk: s2mps11: Fix a resource leak in error handling paths in the probe function
clk: sunxi-ng: Make sure divider tables have sentinel
kconfig: fix return value of do_error_if()
ARM: sunxi: Add machine match for the Allwinner V3 SoC
cfg80211: initialize rekey_data
fix namespaced fscaps when !CONFIG_SECURITY
lwt: Disable BH too in run_lwt_bpf()
Input: cros_ec_keyb - send 'scancodes' in addition to key events
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
media: gspca: Fix memory leak in probe
media: sunxi-cir: ensure IR is handled when it is continuous
media: netup_unidvb: Don't leak SPI master in probe error path
media: ipu3-cio2: Remove traces of returned buffers
media: ipu3-cio2: Return actual subdev format
media: ipu3-cio2: Serialise access to pad format
media: ipu3-cio2: Validate mbus format in setting subdev format
media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE
Input: cyapa_gen6 - fix out-of-bounds stack access
ALSA: hda/ca0132 - Change Input Source enum strings.
PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
ACPI: PNP: compare the string length in the matching_id()
ALSA: hda: Fix regressions on clear and reconfig sysfs
ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
ALSA: pcm: oss: Fix a few more UBSAN fixes
ALSA: hda/realtek: Add quirk for MSI-GP73
ALSA: hda/realtek: Apply jack fixup for Quanta NL3
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
ALSA: usb-audio: Disable sample read check if firmware doesn't give back
s390/smp: perform initial CPU reset also for SMT siblings
s390/kexec_file: fix diag308 subcode when loading crash kernel
s390/dasd: fix hanging device offline processing
s390/dasd: prevent inconsistent LCU device data
s390/dasd: fix list corruption of pavgroup group list
s390/dasd: fix list corruption of lcu list
staging: comedi: mf6x4: Fix AI end-of-conversion detection
powerpc/perf: Exclude kernel samples while counting events in user space.
crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
EDAC/amd64: Fix PCI component registration
USB: serial: mos7720: fix parallel-port state restore
USB: serial: digi_acceleport: fix write-wakeup deadlocks
USB: serial: keyspan_pda: fix dropped unthrottle interrupts
USB: serial: keyspan_pda: fix write deadlock
USB: serial: keyspan_pda: fix stalled writes
USB: serial: keyspan_pda: fix write-wakeup use-after-free
USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
USB: serial: keyspan_pda: fix write unthrottling
ext4: fix a memory leak of ext4_free_data
ext4: fix deadlock with fs freezing and EA inodes
KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES
ARM: dts: at91: sama5d2: fix CAN message ram offset and size
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
powerpc/xmon: Change printk() to pr_cont()
powerpc/powernv/memtrace: Don't leak kernel memory to user space
powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently
ima: Don't modify file descriptor mode on the fly
ceph: fix race in concurrent __ceph_remove_cap invocations
SMB3: avoid confusing warning message on mount to Azure
SMB3.1.1: do not log warning message if server doesn't populate salt
ubifs: wbuf: Don't leak kernel memory to flash
jffs2: Fix GC exit abnormally
jfs: Fix array index bounds check in dbAdjTree
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
spi: spi-sh: Fix use-after-free on unbind
spi: davinci: Fix use-after-free on unbind
spi: pic32: Don't leak DMA channels in probe error path
spi: rb4xx: Don't leak SPI master in probe error path
spi: sc18is602: Don't leak SPI master in probe error path
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
soc: qcom: smp2p: Safely acquire spinlock without IRQs
mtd: spinand: Fix OOB read
mtd: parser: cmdline: Fix parsing of part-names with colons
mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
iio: buffer: Fix demux update
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
iio:light:rpr0521: Fix timestamp alignment and prevent data leak.
iio:light:st_uvis25: Fix timestamp alignment and prevent data leak.
iio:pressure:mpl3115: Force alignment of buffer
iio:imu:bmi160: Fix too large a buffer.
md/cluster: block reshape with remote resync job
md/cluster: fix deadlock when node is doing resync job
pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
xen/xenbus: Allow watches discard events before queueing
xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
xen/xenbus/xen_bus_type: Support will_handle watch callback
xen/xenbus: Count pending messages for each watch
xenbus/xenbus_backend: Disallow pending watch messages
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12
PCI: Fix pci_slot_release() NULL pointer dereference
platform/x86: mlx-platform: remove an unused variable
Linux 4.19.164
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8e2d24b45393ee2360186893d4e578e20156c7f1
|
||
Serge Hallyn
|
9f0e4cd4ef |
fix namespaced fscaps when !CONFIG_SECURITY
[ Upstream commit ed9b25d1970a4787ac6a39c2091e63b127ecbfc1 ]
Namespaced file capabilities were introduced in
|
||
|
Greg Kroah-Hartman
|
8cb4870403 |
Merge 4.19.98 into android-4.19
Changes in 4.19.98 ARM: dts: meson8: fix the size of the PMU registers clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs dt-bindings: reset: meson8b: fix duplicate reset IDs ARM: dts: imx6q-dhcom: fix rtc compatible clk: Don't try to enable critical clocks if prepare failed ASoC: msm8916-wcd-digital: Reset RX interpolation path after use iio: buffer: align the size of scan bytes to size of the largest element USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx USB: serial: option: Add support for Quectel RM500Q USB: serial: opticon: fix control-message timeouts USB: serial: option: add support for Quectel RM500Q in QDL mode USB: serial: suppress driver bind attributes USB: serial: ch341: handle unbound port at reset_resume USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: io_edgeport: add missing active-port sanity check USB: serial: keyspan: handle unbound ports USB: serial: quatech2: handle unbound ports scsi: fnic: fix invalid stack access scsi: mptfusion: Fix double fetch bug in ioctl ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection ALSA: dice: fix fallback from protocol extension into limited functionality ALSA: seq: Fix racy access for queue timer in proc read ALSA: usb-audio: fix sync-ep altsetting sanity check arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator Fix built-in early-load Intel microcode alignment block: fix an integer overflow in logical block size ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number LSM: generalize flag passing to security_capable ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() usb: core: hub: Improved device recognition on remote wakeup x86/resctrl: Fix an imbalance in domain_remove_cpu() x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained x86/efistub: Disable paging at mixed mode entry drm/i915: Add missing include file <linux/math64.h> x86/resctrl: Fix potential memory leak perf hists: Fix variable name's inconsistency in hists__for_each() macro perf report: Fix incorrectly added dimensions as switch perf data file mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid btrfs: rework arguments of btrfs_unlink_subvol btrfs: fix invalid removal of root ref btrfs: do not delete mismatched root refs btrfs: fix memory leak in qgroup accounting mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6 ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support net: stmmac: 16KB buffer must be 16 byte aligned net: stmmac: Enable 16KB buffer size mm/huge_memory.c: make __thp_get_unmapped_area static mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment arm64: dts: agilex/stratix10: fix pmu interrupt numbers bpf: Fix incorrect verifier simulation of ARSH under ALU32 cfg80211: fix deadlocks in autodisconnect work cfg80211: fix memory leak in cfg80211_cqm_rssi_update cfg80211: fix page refcount issue in A-MSDU decap netfilter: fix a use-after-free in mtype_destroy() netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct netfilter: nft_tunnel: fix null-attribute check netfilter: nf_tables: remove WARN and add NLA_STRING upper limits netfilter: nf_tables: store transaction list locally while requesting module netfilter: nf_tables: fix flowtable list del corruption NFC: pn533: fix bulk-message timeout batman-adv: Fix DAT candidate selection on little endian systems macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() hv_netvsc: Fix memory leak when removing rndis device net: dsa: tag_qca: fix doubled Tx statistics net: hns: fix soft lockup when there is not enough memory net: usb: lan78xx: limit size of local TSO packets net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info ptp: free ptp device pin descriptors properly r8152: add missing endpoint sanity check tcp: fix marked lost packets not being retransmitted sh_eth: check sh_eth_cpu_data::dual_port when dumping registers mlxsw: spectrum: Wipe xstats.backlog of down ports mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk tcp: refine rule to allow EPOLLOUT generation under mem pressure irqchip: Place CONFIG_SIFIVE_PLIC into the menu cw1200: Fix a signedness bug in cw1200_load_firmware() arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node cfg80211: check for set_wiphy_params tick/sched: Annotate lockless access to last_jiffies_update arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment Revert "arm64: dts: juno: add dma-ranges property" mtd: devices: fix mchp23k256 read and write drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: qla4xxx: fix double free bug scsi: bnx2i: fix potential use after free scsi: target: core: Fix a pr_debug() argument scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan scsi: core: scsi_trace: Use get_unaligned_be*() perf probe: Fix wrong address verification clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call Linux 4.19.98 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I74a43a9e60734aec6d24b10374ba97de89172eca |
||
Micah Morton
|
87ca9aaf0c |
LSM: generalize flag passing to security_capable
[ Upstream commit c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f ] This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Joel Fernandes (Google)
|
89ae5a7cad |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, and folded in upstream ae79d5588a04 (perf/core: Fix !CONFIG_PERF_EVENTS build warnings and failures). This should fix the build errors from the previous backport attempt, where certain configurations would end up with functions referring to the perf_event struct prior to its declaration (and therefore declaring it with a different scope). ] Bug: 137092007 Signed-off-by: Ryan Savitski <rsavitski@google.com> Change-Id: Ief8c669083c81f4ea2fa75d5c0d947d19ea741b3 |
||
|
Greg Kroah-Hartman
|
58fd41cb2d |
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
This reverts commit
|
||
|
Joel Fernandes (Google)
|
8af21ac176 |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org Bug: 137092007 Change-Id: I591c6ad6c82ab9133409e51383d2c9b9f6ae4545 (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, no new functionality ] Signed-off-by: Ryan Savitski <rsavitski@google.com> |
||
Linus Torvalds
|
92d4a03674 |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: - kstrdup() return value fix from Eric Biggers - Add new security_load_data hook to differentiate security checking of kernel-loaded binaries in the case of there being no associated file descriptor, from Mimi Zohar. - Add ability to IMA to specify a policy at build-time, rather than just via command line params or by loading a custom policy, from Mimi. - Allow IMA and LSMs to prevent sysfs firmware load fallback (e.g. if using signed firmware), from Mimi. - Allow IMA to deny loading of kexec kernel images, as they cannot be measured by IMA, from Mimi. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: check for kstrdup() failure in lsm_append() security: export security_kernel_load_data function ima: based on policy warn about loading firmware (pre-allocated buffer) module: replace the existing LSM hook in init_module ima: add build time policy ima: based on policy require signed firmware (sysfs fallback) firmware: add call to LSM hook before firmware sysfs fallback ima: based on policy require signed kexec kernel images kexec: add call to LSM hook in original kexec_load syscall security: define new LSM hook named security_kernel_load_data MAINTAINERS: remove the outdated "LINUX SECURITY MODULE (LSM) FRAMEWORK" entry |
||
Mimi Zohar
|
377179cd28 |
security: define new LSM hook named security_kernel_load_data
Differentiate between the kernel reading a file specified by userspace from the kernel loading a buffer containing data provided by userspace. This patch defines a new LSM hook named security_kernel_load_data(). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
Al Viro
|
e3f20ae210 |
security_file_open(): lose cred argument
Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
David Herrmann
|
aae7cfcbb7 |
security: add hook for socketpair()
Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior of socketpair() can be emulated by creating a listener socket, connecting to it, and then discarding the initial listener socket. With this workaround, SO_PEERSEC would return the caller's security context. However, with socketpair(), the uninitialized context is returned unconditionally. This is unexpected and makes socketpair() less useful in situations where the security context is crucial to the application. With the new socketpair-hook this disparity can be solved by making socketpair() return the expected security context. Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Tom Gundersen <teg@jklm.no> Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
James Morris
|
b393a707c8 |
Merge tag 'v4.17-rc2' into next-general
Sync to Linux 4.17-rc2 for developers. |
||
Sargun Dhillon
|
e59644b720 |
security: remove security_settime
security_settime was a wrapper around security_settime64. There are no more
users of it. Therefore it can be removed. It was removed in:
commit
|
||
|
Linus Torvalds
|
f8cf2f16a7 |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"A mixture of bug fixes, code cleanup, and continues to close
IMA-measurement, IMA-appraisal, and IMA-audit gaps.
Also note the addition of a new cred_getsecid LSM hook by Matthew
Garrett:
For IMA purposes, we want to be able to obtain the prepared secid
in the bprm structure before the credentials are committed. Add a
cred_getsecid hook that makes this possible.
which is used by a new CREDS_CHECK target in IMA:
In ima_bprm_check(), check with both the existing process
credentials and the credentials that will be committed when the new
process is started. This will not change behaviour unless the
system policy is extended to include CREDS_CHECK targets -
BPRM_CHECK will continue to check the same credentials that it did
previously"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: Fallback to the builtin hash algorithm
ima: Add smackfs to the default appraise/measure list
evm: check for remount ro in progress before writing
ima: Improvements in ima_appraise_measurement()
ima: Simplify ima_eventsig_init()
integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
ima: drop vla in ima_audit_measurement()
ima: Fix Kconfig to select TPM 2.0 CRB interface
evm: Constify *integrity_status_msg[]
evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
fuse: define the filesystem as untrusted
ima: fail signature verification based on policy
ima: clear IMA_HASH
ima: re-evaluate files on privileged mounted filesystems
ima: fail file signature verification on non-init mounted filesystems
IMA: Support using new creds in appraisal policy
security: Add a cred_getsecid hook
|
||
|
Linus Torvalds
|
3612605a5a |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris: - Convert security hooks from list to hlist, a nice cleanup, saving about 50% of space, from Sargun Dhillon. - Only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill (as the secid can be determined from the cred), from Stephen Smalley. - Close a potential race in kernel_read_file(), by making the file unwritable before calling the LSM check (vs after), from Kees Cook. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: convert security hooks to use hlist exec: Set file unwritable before LSM check usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill |
||
|
Linus Torvalds
|
9eda2d2dca |
Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"A bigger than usual pull request for SELinux, 13 patches (lucky!)
along with a scary looking diffstat.
Although if you look a bit closer, excluding the usual minor
tweaks/fixes, there are really only two significant changes in this
pull request: the addition of proper SELinux access controls for SCTP
and the encapsulation of a lot of internal SELinux state.
The SCTP changes are the result of a multi-month effort (maybe even a
year or longer?) between the SELinux folks and the SCTP folks to add
proper SELinux controls. A special thanks go to Richard for seeing
this through and keeping the effort moving forward.
The state encapsulation work is a bit of janitorial work that came out
of some early work on SELinux namespacing. The question of namespacing
is still an open one, but I believe there is some real value in the
encapsulation work so we've split that out and are now sending that up
to you"
* tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: wrap AVC state
selinux: wrap selinuxfs state
selinux: fix handling of uninitialized selinux state in get_bools/classes
selinux: Update SELinux SCTP documentation
selinux: Fix ltp test connect-syscall failure
selinux: rename the {is,set}_enforcing() functions
selinux: wrap global selinux state
selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration
selinux: Add SCTP support
sctp: Add LSM hooks
sctp: Add ip option support
security: Add support for SCTP security hooks
netlabel: If PF_INET6, check sk_buff ip header version
|
||
Matthew Garrett
|
3ec3011326 |
security: Add a cred_getsecid hook
For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Paul Moore <paul@paul-moore.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
Eric W. Biederman
|
d8c6e85432 |
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
All of the implementations of security hooks that take msg_queue only access q_perm the struct kern_ipc_perm member. This means the dependencies of the msg_queue security hooks can be simplified by passing the kern_ipc_perm member of msg_queue. Making this change will allow struct msg_queue to become private to ipc/msg.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
7191adff2a |
shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks
All of the implementations of security hooks that take shmid_kernel only access shm_perm the struct kern_ipc_perm member. This means the dependencies of the shm security hooks can be simplified by passing the kern_ipc_perm member of shmid_kernel.. Making this change will allow struct shmid_kernel to become private to ipc/shm.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
aefad9593e |
sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
Stephen Smalley
|
6b4f3d0105 |
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
commit
|
||
Richard Haines
|
72e89f5008 |
security: Add support for SCTP security hooks
The SCTP security hooks are explained in: Documentation/security/LSM-sctp.rst Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
Jakub Kicinski
|
1495dc9f0a |
security: bpf: replace include of linux/bpf.h with forward declarations
Touching linux/bpf.h makes us rebuild a surprisingly large portion of the kernel. Remove the unnecessary dependency from security.h, it only needs forward declarations. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net> |