1. 01 Aug, 2017 6 commits
    • Kees Cook's avatar
      smack: Refactor to remove bprm_secureexec hook · ccbb6e10
      Kees Cook authored
      The Smack bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, the test can just happen at the end of the bprm_set_creds hook,
      and the bprm_secureexec hook can be dropped.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      ccbb6e10
    • Kees Cook's avatar
      selinux: Refactor to remove bprm_secureexec hook · 62874c3a
      Kees Cook authored
      The SELinux bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, the test can just happen at the end of the bprm_set_creds hook,
      and the bprm_secureexec hook can be dropped.
      
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarPaul Moore <paul@paul-moore.com>
      Tested-by: default avatarPaul Moore <paul@paul-moore.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      62874c3a
    • Kees Cook's avatar
      apparmor: Refactor to remove bprm_secureexec hook · 993b3ab0
      Kees Cook authored
      The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, all the comments describe how secureexec is actually calculated
      during bprm_set_creds, so this actually does it, drops the bprm flag that
      was being used internally by AppArmor, and drops the bprm_secureexec hook.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      993b3ab0
    • Kees Cook's avatar
      binfmt: Introduce secureexec flag · c425e189
      Kees Cook authored
      The bprm_secureexec hook can be moved earlier. Right now, it is called
      during create_elf_tables(), via load_binary(), via search_binary_handler(),
      via exec_binprm(). Nearly all (see exception below) state used by
      bprm_secureexec is created during the bprm_set_creds hook, called from
      prepare_binprm().
      
      For all LSMs (except commoncaps described next), only the first execution
      of bprm_set_creds takes any effect (they all check bprm->called_set_creds
      which prepare_binprm() sets after the first call to the bprm_set_creds
      hook).  However, all these LSMs also only do anything with bprm_secureexec
      when they detected a secure state during their first run of bprm_set_creds.
      Therefore, it is functionally identical to move the detection into
      bprm_set_creds, since the results from secureexec here only need to be
      based on the first call to the LSM's bprm_set_creds hook.
      
      The single exception is that the commoncaps secureexec hook also examines
      euid/uid and egid/gid differences which are controlled by bprm_fill_uid(),
      via prepare_binprm(), which can be called multiple times (e.g.
      binfmt_script, binfmt_misc), and may clear the euid/egid for the final
      load (i.e. the script interpreter). However, while commoncaps specifically
      ignores bprm->cred_prepared, and runs its bprm_set_creds hook each time
      prepare_binprm() may get called, it needs to base the secureexec decision
      on the final call to bprm_set_creds. As a result, it will need special
      handling.
      
      To begin this refactoring, this adds the secureexec flag to the bprm
      struct, and calls the secureexec hook during setup_new_exec(). This is
      safe since all the cred work is finished (and past the point of no return).
      This explicit call will be removed in later patches once the hook has been
      removed.
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      c425e189
    • Kees Cook's avatar
      exec: Correct comments about "point of no return" · a9208e42
      Kees Cook authored
      In commit 221af7f8 ("Split 'flush_old_exec' into two functions"),
      the comment about the point of no return should have stayed in
      flush_old_exec() since it refers to "bprm->mm = NULL;" line, but prior
      changes in commits c89681ed ("remove steal_locks()"), and
      fd8328be ("sanitize handling of shared descriptor tables in failing
      execve()") made it look like it meant the current->sas_ss_sp line instead.
      
      The comment was referring to the fact that once bprm->mm is NULL, all
      failures from a binfmt load_binary hook (e.g. load_elf_binary), will
      get SEGV raised against current. Move this comment and expand the
      explanation a bit, putting it above the assignment this time, and add
      details about the true nature of "point of no return" being the call
      to flush_old_exec() itself.
      
      This also removes an erroneous commet about when credentials are being
      installed. That has its own dedicated function, install_exec_creds(),
      which carries a similar (and correct) comment, so remove the bogus comment
      where installation is not actually happening.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      a9208e42
    • Kees Cook's avatar
      exec: Rename bprm->cred_prepared to called_set_creds · ddb4a144
      Kees Cook authored
      The cred_prepared bprm flag has a misleading name. It has nothing to do
      with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has
      been called. Rename this flag and improve its comment.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarPaul Moore <paul@paul-moore.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      ddb4a144
  2. 23 Jul, 2017 8 commits
  3. 22 Jul, 2017 6 commits
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-linus-v4.13-rc2' of... · 4b162c53
      Linus Torvalds authored
      Merge tag 'hwmon-for-linus-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fix from Guenter Roeck:
       "Avoid buffer overruns in applesmc driver"
      
      * tag 'hwmon-for-linus-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (applesmc) Avoid buffer overruns
      4b162c53
    • Linus Torvalds's avatar
      Merge tag 'tty-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · ae75d1ae
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small tty and serial driver fixes for 4.13-rc2. Nothing
        huge at all, a revert of a patch that turned out to break things, a
        fix up for a new tty ioctl we added in 4.13-rc1 to get the uapi
        definition correct, and a few minor serial driver fixes for reported
        issues.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: Fix TIOCGPTPEER ioctl definition
        tty: hide unused pty_get_peer function
        tty: serial: lpuart: Fix the logic for detecting the 32-bit type UART
        serial: imx: Prevent TX buffer PIO write when a DMA has been started
        Revert "serial: imx-serial - move DMA buffer configuration to DT"
        serial: sh-sci: Uninitialized variables in sysfs files
        serial: st-asc: Potential error pointer dereference
      ae75d1ae
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · dedaff2f
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 4.13-rc2. All fix
        reported problems with 4.13-rc1 or older kernels (like the binder
        fixes). Full details in the shortlog.
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        w1: omap-hdq: fix error return code in omap_hdq_probe()
        regmap: regmap-w1: Fix build troubles
        w1: Fix slave count on 1-Wire bus (resend)
        mux: mux-core: unregister mux_class in mux_exit()
        mux: remove the Kconfig question for the subsystem
        nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse
        drivers/fsi: fix fsi_slave_mode prototype
        fsi: core: register with postcore_initcall
        thunderbolt: Correct access permissions for active NVM contents
        vmbus: re-enable channel tasklet
        spmi: pmic-arb: Always allocate ppid_to_apid table
        MAINTAINERS: Add entry for SPMI subsystem
        spmi: Include OF based modalias in device uevent
        binder: Use wake up hint for synchronous transactions.
        binder: use group leader instead of open thread
        Revert "android: binder: Sanity check at binder ioctl"
      dedaff2f
    • Linus Torvalds's avatar
      Merge tag 'usb-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 55fd939e
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 4.13-rc2.
      
        The usual batch, gadget fixes for reported issues, as well as xhci
        fixes, and a small random collection of other fixes for reported
        issues.
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits)
        xhci: fix memleak in xhci_run()
        usb: xhci: fix spinlock recursion for USB2 test mode
        xhci: fix 20000ms port resume timeout
        usb: xhci: Issue stop EP command only when the EP state is running
        xhci: Bad Ethernet performance plugged in ASM1042A host
        xhci: Fix NULL pointer dereference when cleaning up streams for removed host
        usb: renesas_usbhs: gadget: disable all eps when the driver stops
        usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
        usb: gadget: udc: renesas_usb3: protect usb3_ep->started in usb3_start_pipen()
        usb: gadget: udc: renesas_usb3: fix zlp transfer by the dmac
        usb: gadget: udc: renesas_usb3: fix free size in renesas_usb3_dma_free_prd()
        usb: gadget: f_uac2: endianness fixes.
        usb: gadget: f_uac1: endianness fixes.
        include: usb: audio: specify exact endiannes of descriptors
        usb: gadget: udc: start_udc() can be static
        usb: dwc2: gadget: On USB RESET reset device address to zero
        usb: storage: return on error to avoid a null pointer dereference
        usb: typec: include linux/device.h in ucsi.h
        USB: cdc-acm: add device-id for quirky printer
        usb: dwc3: gadget: only unmap requests from DMA if mapped
        ...
      55fd939e
    • Linus Torvalds's avatar
      Merge tag 'staging-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · bcb53e57
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are some small staging driver fixes for reported issues for
        4.13-rc2.
      
        Also in here is a new driver, the virtualbox DRM driver. It's
        stand-alone and got acks from the DRM developers to go in through this
        tree. It's a new thing, but it should be fine for this point in the rc
        cycle due to it being independent.
      
        All of this has been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8188eu: add TL-WN722N v2 support
        staging: speakup: safely register and unregister ldisc
        staging: speakup: add functions to register and unregister ldisc
        staging: speakup: safely close tty
        staging: sm750fb: avoid conflicting vesafb
        staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
        staging: vboxvideo: Add vboxvideo to drivers/staging
        staging: sm750fb: fixed a assignment typo
        staging: rtl8188eu: memory leak in rtw_free_cmd_obj()
        staging: vchiq_arm: fix error codes in probe
        staging: comedi: ni_mio_common: fix AO timer off-by-one regression
      bcb53e57
    • Randy Dunlap's avatar
      MAINTAINERS: fix alphabetical ordering · 82abbea7
      Randy Dunlap authored
      Fix major alphabetic errors.  No attempt to fix items that all begin
      with the same word (like ARM, BROADCOM, DRM, EDAC, FREESCALE, INTEL,
      OMAP, PCI, SAMSUNG, TI, USB, etc.).
      
      (diffstat +/- is different by one line because TI KEYSTONE MULTICORE
      had 2 blank lines after it.)
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      82abbea7
  4. 21 Jul, 2017 20 commits