#
22d91ed3 |
| 18-Mar-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.1-rc1' into asoc-5.1
Linux 5.1-rc1
|
Revision tags: v4.19.29, v5.0.2, v4.19.28, v5.0.1 |
|
#
ae5906ce |
| 07-Mar-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- Extend LSM stacking to allow sharing of cre
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- Extend LSM stacking to allow sharing of cred, file, ipc, inode, and task blobs. This paves the way for more full-featured LSMs to be merged, and is specifically aimed at LandLock and SARA LSMs. This work is from Casey and Kees.
- There's a new LSM from Micah Morton: "SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist." This feature is currently shipping in ChromeOS.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits) keys: fix missing __user in KEYCTL_PKEY_QUERY LSM: Update list of SECURITYFS users in Kconfig LSM: Ignore "security=" when "lsm=" is specified LSM: Update function documentation for cap_capable security: mark expected switch fall-throughs and add a missing break tomoyo: Bump version. LSM: fix return value check in safesetid_init_securityfs() LSM: SafeSetID: add selftest LSM: SafeSetID: remove unused include LSM: SafeSetID: 'depend' on CONFIG_SECURITY LSM: Add 'name' field for SafeSetID in DEFINE_LSM LSM: add SafeSetID module that gates setid calls LSM: add SafeSetID module that gates setid calls tomoyo: Allow multiple use_group lines. tomoyo: Coding style fix. tomoyo: Swicth from cred->security to task_struct->security. security: keys: annotate implicit fall throughs security: keys: annotate implicit fall throughs security: keys: annotate implicit fall through capabilities:: annotate implicit fall through ...
show more ...
|
Revision tags: v4.19.27, v5.0 |
|
#
b102c11e |
| 28-Feb-2019 |
Petr Vorel <pvorel@suse.cz> |
LSM: Update list of SECURITYFS users in Kconfig
Remove modules not using it (SELinux and SMACK aren't the only ones not using it).
Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: James Mo
LSM: Update list of SECURITYFS users in Kconfig
Remove modules not using it (SELinux and SMACK aren't the only ones not using it).
Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: James Morris <james.morris@microsoft.com>
show more ...
|
Revision tags: v4.19.26, v4.19.25, v4.19.24, v4.19.23, v4.19.22, v4.19.21 |
|
#
82ffd045 |
| 07-Feb-2019 |
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> |
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to prepare a
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to prepare a base for fbdev-v5.1 changes.
show more ...
|
Revision tags: v4.19.20, v4.19.19, v4.19.18, v4.19.17, v4.19.16 |
|
#
aeca4e2c |
| 16-Jan-2019 |
Micah Morton <mortonm@chromium.org> |
LSM: add SafeSetID module that gates setid calls
SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist.
LSM: add SafeSetID module that gates setid calls
SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set.
Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
show more ...
|
#
3eb66e91 |
| 14-Jan-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v4.20' into for-linus
Sync with mainline to get linux/overflow.h among other things.
|
#
4116941b |
| 14-Jan-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v4.20' into next
Merge with mainline to bring in the new APIs.
|
Revision tags: v4.19.15 |
|
#
23d19ba0 |
| 11-Jan-2019 |
Maxime Ripard <maxime.ripard@bootlin.com> |
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
show more ...
|
#
2233975c |
| 10-Jan-2019 |
James Morris <james.morris@microsoft.com> |
Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general
LSM: Module stacking for SARA and Landlock
The combined series of LSM refacto
Merge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-general
LSM: Module stacking for SARA and Landlock
The combined series of LSM refactoring and addition of blob-sharing for SARA and Landlock.
From Casey:
v5: Include Kees Cook's rework of the lsm command line interface. v4: Finer granularity in the patches and other cleanups suggested by Kees Cook. Removed dead code created by the removal of SELinux credential blob poisoning. v3: Add ipc blob for SARA and task blob for Landlock. Removing the SELinux cred blob pointer poisoning results selinux_is_enabled() being unused, so it and all it's overhead has been removed. Broke up the cred infrastructure patch. v2: Reduce the patchset to what is required to support the proposed SARA and LandLock security modules
The SARA security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. It also uses the ipc security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr.
The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file, inode and task security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs are provided.
A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules.
The mechanism for configuring which security modules are enabled has to change when stacking in enabled. Any module that uses just the security blobs that are shared can be selected. Additionally, one other "major" module can be selected.
The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, SARA and LandLock.
show more ...
|
#
49e41801 |
| 10-Jan-2019 |
James Morris <james.morris@microsoft.com> |
Merge tag 'v5.0-rc1' into next-general
Linux 5.0-rc1
Sync to pick up LSM stacking work (which is based on -rc1).
|
Revision tags: v4.19.14, v4.19.13, v4.19.12, v4.19.11, v4.19.10, v4.19.9, v4.19.8, v4.19.7, v4.19.6, v4.19.5, v4.19.4, v4.18.20, v4.19.3, v4.18.19, v4.19.2, v4.18.18, v4.18.17, v4.19.1, v4.19, v4.18.16, v4.18.15, v4.18.14, v4.18.13, v4.18.12, v4.18.11, v4.18.10, v4.18.9 |
|
#
d6aed64b |
| 14-Sep-2018 |
Kees Cook <keescook@chromium.org> |
Yama: Initialize as ordered LSM
This converts Yama from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufle
Yama: Initialize as ordered LSM
This converts Yama from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
show more ...
|
#
70b62c25 |
| 14-Sep-2018 |
Kees Cook <keescook@chromium.org> |
LoadPin: Initialize as ordered LSM
This converts LoadPin from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@sc
LoadPin: Initialize as ordered LSM
This converts LoadPin from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
show more ...
|
#
79f7865d |
| 19-Sep-2018 |
Kees Cook <keescook@chromium.org> |
LSM: Introduce "lsm=" for boottime LSM selection
Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs.
Signed-off-by: Kees Cook <keescook@chro
LSM: Introduce "lsm=" for boottime LSM selection
Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs.
Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
#
13e735c0 |
| 09-Oct-2018 |
Kees Cook <keescook@chromium.org> |
LSM: Introduce CONFIG_LSM
This provides a way to declare LSM initialization order via the new CONFIG_LSM. Currently only non-major LSMs are recognized. This will be expanded in future patches.
Sign
LSM: Introduce CONFIG_LSM
This provides a way to declare LSM initialization order via the new CONFIG_LSM. Currently only non-major LSMs are recognized. This will be expanded in future patches.
Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
#
3eb0930a |
| 08-Jan-2019 |
Jani Nikula <jani.nikula@intel.com> |
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function") 0b2c8f8b6b0c ("i91
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function") 0b2c8f8b6b0c ("i915: fix missing user_access_end() in page fault exception case") 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
show more ...
|
#
d538d94f |
| 04-Jan-2019 |
Michael Ellerman <mpe@ellerman.id.au> |
Merge branch 'master' into fixes
We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type' argument from access_ok() function"), so merge master to get it.
|
#
769e4709 |
| 29-Dec-2018 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kconfig updates from Masahiro Yamada:
- support -y option for merge_config.sh to avoid downgr
Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kconfig updates from Masahiro Yamada:
- support -y option for merge_config.sh to avoid downgrading =y to =m
- remove S_OTHER symbol type, and touch include/config/*.h files correctly
- fix file name and line number in lexer warnings
- fix memory leak when EOF is encountered in quotation
- resolve all shift/reduce conflicts of the parser
- warn no new line at end of file
- make 'source' statement more strict to take only string literal
- rewrite the lexer and remove the keyword lookup table
- convert to SPDX License Identifier
- compile C files independently instead of including them from zconf.y
- fix various warnings of gconfig
- misc cleanups
* tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (39 commits) kconfig: surround dbg_sym_flags with #ifdef DEBUG to fix gconf warning kconfig: split images.c out of qconf.cc/gconf.c to fix gconf warnings kconfig: add static qualifiers to fix gconf warnings kconfig: split the lexer out of zconf.y kconfig: split some C files out of zconf.y kconfig: convert to SPDX License Identifier kconfig: remove keyword lookup table entirely kconfig: update current_pos in the second lexer kconfig: switch to ASSIGN_VAL state in the second lexer kconfig: stop associating kconf_id with yylval kconfig: refactor end token rules kconfig: stop supporting '.' and '/' in unquoted words treewide: surround Kconfig file paths with double quotes microblaze: surround string default in Kconfig with double quotes kconfig: use T_WORD instead of T_VARIABLE for variables kconfig: use specific tokens instead of T_ASSIGN for assignments kconfig: refactor scanning and parsing "option" properties kconfig: use distinct tokens for type and default properties kconfig: remove redundant token defines kconfig: rename depends_list to comment_option_list ...
show more ...
|
#
8636a1f9 |
| 11-Dec-2018 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
treewide: surround Kconfig file paths with double quotes
The Kconfig lexer supports special characters such as '.' and '/' in the parameter context. In my understanding, the reason is just to suppor
treewide: surround Kconfig file paths with double quotes
The Kconfig lexer supports special characters such as '.' and '/' in the parameter context. In my understanding, the reason is just to support bare file paths in the source statement.
I do not see a good reason to complicate Kconfig for the room of ambiguity.
The majority of code already surrounds file paths with double quotes, and it makes sense since file paths are constant string literals.
Make it treewide consistent now.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Wolfram Sang <wsa@the-dreams.de> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Ingo Molnar <mingo@kernel.org>
show more ...
|
#
26b76320 |
| 12-Nov-2018 |
James Morris <james.morris@microsoft.com> |
Merge tag 'v4.20-rc2' into next-general
Sync to Linux 4.20-rc2 for downstream developers.
|
#
07fa3fa2 |
| 08-Nov-2018 |
Tony Lindgren <tony@atomide.com> |
Merge tag 'v4.20-rc1' into omap-for-v4.21/dt-ti-sysc
Linux 4.20-rc1
|
#
91e43395 |
| 08-Nov-2018 |
Tony Lindgren <tony@atomide.com> |
Merge branch 'fixes-dts' into omap-for-v4.20/fixes
|
#
7a085c3a |
| 02-Nov-2018 |
Jani Nikula <jani.nikula@intel.com> |
Merge drm/drm-next into drm-intel-next-queued
Although there's nothing crucial missing, it's been a long time since the last backmerge. Catch up with drm-next.
Signed-off-by: Jani Nikula <jani.niku
Merge drm/drm-next into drm-intel-next-queued
Although there's nothing crucial missing, it's been a long time since the last backmerge. Catch up with drm-next.
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
show more ...
|
#
a600ffe6 |
| 23-Oct-2018 |
Jiri Kosina <jkosina@suse.cz> |
Merge branch 'for-4.20/google' into for-linus
Whisker device specific fixes to hid-google driver
|
#
5e3cdecf |
| 22-Oct-2018 |
Takashi Iwai <tiwai@suse.de> |
Merge tag 'asoc-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Updates for v5.0/v4.20
As ever there's a lot of small and driver specific changes going o
Merge tag 'asoc-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Updates for v5.0/v4.20
As ever there's a lot of small and driver specific changes going on here, but we do also have some relatively large changes in the core thanks to the hard work of Charles and Morimoto-san:
- More component transitions from Morimoto-san, I think we're about finished with this. Thanks for all the hard work! - Morimoto-san also added a bunch of for_each_foo macros - A bunch of cleanups and fixes for DAPM from Charles. - MCLK support for several different devices, including CS42L51, STM32 SAI, and MAX98373. - Support for Allwinner A64 CODEC analog, Intel boards with DA7219 and MAX98927, Meson AXG PDM inputs, Nuvoton NAU8822, Renesas R8A7744 and TI PCM3060.
show more ...
|
#
ec57e2f0 |
| 16-Oct-2018 |
Ingo Molnar <mingo@kernel.org> |
Merge branch 'x86/build' into locking/core, to pick up dependent patches and unify jump-label work
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|