1. 07 Mar, 2014 8 commits
  2. 04 Mar, 2014 1 commit
  3. 28 Feb, 2014 1 commit
  4. 24 Feb, 2014 1 commit
  5. 17 Feb, 2014 1 commit
  6. 06 Feb, 2014 2 commits
  7. 08 Jan, 2014 1 commit
  8. 07 Jan, 2014 1 commit
    • Tetsuo Handa's avatar
      SELinux: Fix memory leak upon loading policy · 8ed81460
      Tetsuo Handa authored
      Hello.
      
      I got below leak with linux-3.10.0-54.0.1.el7.x86_64 .
      
      [  681.903890] kmemleak: 5538 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
      
      Below is a patch, but I don't know whether we need special handing for undoing
      ebitmap_set_bit() call.
      ----------
      >>From fe97527a90fe95e2239dfbaa7558f0ed559c0992 Mon Sep 17 00:00:00 2001
      From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Date: Mon, 6 Jan 2014 16:30:21 +0900
      Subject: [PATCH] SELinux: Fix memory leak upon loading policy
      
      Commit 2463c26d "SELinux: put name based create rules in a hashtable" did not
      check return value from hashtab_insert() in filename_trans_read(). It leaks
      memory if hashtab_insert() returns error.
      
        unreferenced object 0xffff88005c9160d0 (size 8):
          comm "systemd", pid 1, jiffies 4294688674 (age 235.265s)
          hex dump (first 8 bytes):
            57 0b 00 00 6b 6b 6b a5                          W...kkk.
          backtrace:
            [<ffffffff816604ae>] kmemleak_alloc+0x4e/0xb0
            [<ffffffff811cba5e>] kmem_cache_alloc_trace+0x12e/0x360
            [<ffffffff812aec5d>] policydb_read+0xd1d/0xf70
            [<ffffffff812b345c>] security_load_policy+0x6c/0x500
            [<ffffffff812a623c>] sel_write_load+0xac/0x750
            [<ffffffff811eb680>] vfs_write+0xc0/0x1f0
            [<ffffffff811ec08c>] SyS_write+0x4c/0xa0
            [<ffffffff81690419>] system_call_fastpath+0x16/0x1b
            [<ffffffffffffffff>] 0xffffffffffffffff
      
      However, we should not return EEXIST error to the caller, or the systemd will
      show below message and the boot sequence freezes.
      
        systemd[1]: Failed to load SELinux policy. Freezing.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Acked-by: default avatarEric Paris <eparis@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      8ed81460
  9. 06 Jan, 2014 17 commits
  10. 04 Jan, 2014 1 commit
  11. 03 Jan, 2014 6 commits
    • Linus Torvalds's avatar
      Merge tag 'for-v3.13-fixes' of git://git.infradead.org/battery-2.6 · 9a2f1aad
      Linus Torvalds authored
      Pull battery fixes from Anton Vorontsov:
       "Two fixes:
      
         - fix build error caused by max17042_battery conversion to the regmap
           API.
      
         - fix kernel oops when booting with wakeup_source_activate enabled"
      
      * tag 'for-v3.13-fixes' of git://git.infradead.org/battery-2.6:
        max17042_battery: Fix build errors caused by missing REGMAP_I2C config
        power_supply: Fix Oops from NULL pointer dereference from wakeup_source_activate
      9a2f1aad
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 23e8e590
      Linus Torvalds authored
      Pull ACPI and PM fixes and new device IDs from Rafael Wysocki:
       "These commits, except for one, are regression fixes and the remaining
        one fixes a divide error leading to a kernel panic.  The majority of
        the regressions fixed here were introduced during the 3.12 cycle, one
        of them is from this cycle and one is older.
      
        Specifics:
      
         - VGA switcheroo was broken for some users as a result of the
           ACPI-based PCI hotplug (ACPIPHP) changes in 3.12, because some
           previously ignored hotplug events started to be handled.  The fix
           causes them to be ignored again.
      
         - There are two more issues related to cpufreq's suspend/resume
           handling changes from the 3.12 cycle addressed by Viresh Kumar's
           fixes.
      
         - intel_pstate triggers a divide error in a timer function if the
           P-state information it needs is missing during initialization.
           This leads to kernel panics on nested KVM clients and is fixed by
           failing the initialization cleanly in those cases.
      
         - PCI initalization code changes during the 3.9 cycle uncovered BIOS
           issues related to ACPI wakeup notifications (some BIOSes send them
           for devices that aren't supposed to support ACPI wakeup).  Work
           around them by installing an ACPI wakeup notify handler for all PCI
           devices with ACPI support.
      
         - The Calxeda cpuilde driver's probe function is tagged as __init,
           which is incorrect and causes a section mismatch to occur during
           build.  Fix from Andre Przywara removes the __init tag from there.
      
         - During the 3.12 cycle ACPIPHP started to print warnings about
           missing _ADR for devices that legitimately don't have it.  Fix from
           Toshi Kani makes it only print the warnings where they make sense"
      
      * tag 'pm+acpi-3.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPIPHP / radeon / nouveau: Fix VGA switcheroo problem related to hotplug
        intel_pstate: Fail initialization if P-state information is missing
        ARM/cpuidle: remove __init tag from Calxeda cpuidle probe function
        PCI / ACPI: Install wakeup notify handlers for all PCI devs with ACPI
        cpufreq: preserve user_policy across suspend/resume
        cpufreq: Clean up after a failing light-weight initialization
        ACPI / PCI / hotplug: Avoid warning when _ADR not present
      23e8e590
    • Roberto Sassu's avatar
      ima: remove unneeded size_limit argument from ima_eventdigest_init_common() · dcf4e392
      Roberto Sassu authored
      This patch removes the 'size_limit' argument from
      ima_eventdigest_init_common(). Since the 'd' field will never include
      the hash algorithm as prefix and the 'd-ng' will always have it, we can
      use the hash algorithm to differentiate the two cases in the modified
      function (it is equal to HASH_ALGO__LAST in the first case, the opposite
      in the second).
      Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      dcf4e392
    • Mimi Zohar's avatar
      ima: update IMA-templates.txt documentation · ef8894b0
      Mimi Zohar authored
      Patch "ima: extend the measurement list to include the file signature"
      defined a new field called 'sig' and a new template called 'ima-sig'.
      This patch updates the Documentation/security/IMA-templates.txt.
      
      Changelog:
       - fixed formatting issues (Roberto Sassu)
      Reported-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      ef8894b0
    • Roberto Sassu's avatar
      ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init() · 712a49bd
      Roberto Sassu authored
      Replace the '-1' value with HASH_ALGO__LAST in ima_eventdigest_init()
      as the called function ima_eventdigest_init_common() expects an unsigned
      char.
      
      Fix commit:
        4d7aeee ima: define new template ima-ng and template fields d-ng and n-ng
      Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      712a49bd
    • Roberto Sassu's avatar
      ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init() · c502c78b
      Roberto Sassu authored
      Replace HASH_ALGO__LAST with HASH_ALGO_SHA1 as the initial value of
      the hash algorithm so that the prefix 'sha1:' is added to violation
      digests.
      
      Fix commit:
        4d7aeee ima: define new template ima-ng and template fields d-ng and n-ng
      Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      Cc: <stable@vger.kernel.org> # 3.13.x
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      c502c78b