* Re: [PATCH] usb: hid: Do not bind to Microchip Pick16F1454
From: Jiri Kosina @ 2015-01-20 19:14 UTC (permalink / raw)
To: Kristian Evensen; +Cc: linux-input, linux-usb
In-Reply-To: <1421772903-27746-1-git-send-email-kristian.evensen@gmail.com>
On Tue, 20 Jan 2015, Kristian Evensen wrote:
> The Microchip Pick16F1454 is exported as a HID device and is used by for example
> the Yepkit YKUSH three-port switchable USB hub. However, it is not an actual
> HID-device. On the Yepkit, it is used to power up/down the ports on the hub. The
> HID driver should ignore this device.
>
> Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Applied, thanks.
--
Jiri Kosina
SUSE Labs
^ permalink raw reply
* Questions on Interruption handling
From: Angelo Brito @ 2015-01-20 19:13 UTC (permalink / raw)
In-Reply-To: <CAMjVwgQb9P7V6zv3YAFBBjW7wVOr2KO7obfdD3cYY3kZ3UqSzw@mail.gmail.com>
Hi all,
So I just checked that a new version of the Specification 1.2 was
released in November and no modifications were done for this issue.
Do you guys have any news?
Regards,
Angelo Silva Brito.
Digital Systems Engineer at Silicon Reef
http://about.me/angelobrito
_________________________________________________
On Fri, Oct 24, 2014@2:59 PM, Angelo Brito <asb@cin.ufpe.br> wrote:
> Thanks for looking into it.
> Simply masking and unmasking the interruptions fixed our problems but
> perhaps it creates other issues.
> So please keep us posted. We will watch out ECN.
>
> Regards,
> Angelo Brito
>
>
> On Fri, Oct 24, 2014@2:49 PM, Matthew Wilcox <willy@linux.intel.com> wrote:
>> On Fri, Oct 24, 2014@01:51:59PM -0300, Angelo Brito wrote:
>>> We can look more carefuly at those functions you stated, but perhaps
>>> there is a small difference on how we are reading the spec. We do not
>>> send a MSI for every single CQ because the spec states a different
>>> functionality in section 7.5.1. It defines that the internal IS vector
>>> should have a bit high when there are unanswered CQ entries and the
>>> vector is not masked. The table then states that the MSI should be
>>> sent only when a bit in the IS vector rises, meaning it either had
>>> entries and was unmasked or it did not have entries and an entry came
>>> in. I presume that was to reduce traffic in a very overloaded system.
>>> This is for MSI and legacy only, of course, MSI-X uses a different
>>> mechanism.
>>>
>>> Now, there is a window that we noticed. After the interrupt was
>>> triggered it starts reading the CQs. It takes a few hundred
>>> nanoseconds from the time the CQs have been read to the time the
>>> doorbell arives at the controller, and the controller will take time
>>> to process it as well, probably up to a few microsencods. If the
>>> controller decides to write a new entry in a CQ in this time the
>>> corresponding bit in the IS vector will already be high, therefore
>>> there should be no new MSI. The host though already checked the CQs so
>>> it will not see that new entries came in.
>>>
>>> We believe that is why section 7.5.1.1 states that the host should
>>> mask interrupts and then release them. This way the host forces the
>>> bits in the IS vector in the controller to go low and high again (see
>>> section 7.5.1). If the host did not answer every single CQ entry, then
>>> when the INTMC register is written a new MSI will be issued.
>>
>> Argh, the spec is buggy. It should say that if the CQ doorbell write is
>> less than the controller's notion of the CQ head, that the controller
>> should send another interrupt. I've sent in a request to the NVMe
>> workgroup that we do an ECN to fix this.
>>
^ permalink raw reply
* [PATCH v1 00/11] extend initramfs archive format to support xattrs
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to be initialized during initcall and enabled as
early as possible for complete security coverage.
The linux kernel creates the rootfs file system and extracts the contents
of the initramfs, a compressed CPIO archive, onto it. If CONFIG_TMPFS is
enabled (and "root=" is not specified on the boot command line), rootfs
will use tmpfs instead of ramfs by default. Although the tmpfs filesystem
supports xattrs, the CPIO archive specification does not define a method
for including them in the archive. Other archive formats have added xattr
support (eg. tar).
There are a couple of ways to include and label the rootfs filesystem:
- include a file manifest containing the xattrs in the initramfs
- extend CPIO to support xattrs
- add tar support
This patch set extends the existing newc CPIO archive format to include
xattrs in the initramfs. This change affects usr/gen_init_cpio,
scripts/gen_initramfs_list.sh, and init/initramfs.c. Included in this
patch set are the associated IMA and EVM policy changes.
Changelog v1:
- Patch "init: remove "root=" command line option test for tmpfs decision"
was previously included for testing without userspace application (eg.
systemd, dracut) changes. The associated userspace changes will be
posted to the relevant mailing lists. Patch dropped.
- replace simple_strtoul with kstrtoul
- add some input data checking
- change size of mtime and file length to 64 bits
- define new gen_initramfs_list.sh "-x" command line option
- define new IMA_APPRAISE_ROOTFS Kconfig option
Mimi
Mimi Zohar (11):
initramfs: separate reading cpio method from header
initramfs: replace simple_strtoul() with kstrtoul()
initramfs: add extended attribute support
initramfs: change size of mtime and file length to 64 bits
gen_init_cpio: replace inline format string with common variable
gen_init_cpio: define new CPIO format to support xattrs
gen_init_cpio: include the file extended attributes
gen_init_cpio: change size of mtime and file length to 64 bits
gen_initramfs_list.sh: include xattrs
evm: make rootfs a special case
ima: include rootfs (tmpfs) in ima_appraise_tcb policy
init/initramfs.c | 130 +++++++++++++++++++++++++----
scripts/gen_initramfs_list.sh | 8 +-
security/integrity/evm/evm_main.c | 12 ++-
security/integrity/ima/Kconfig | 12 +++
security/integrity/ima/ima_policy.c | 8 ++
usr/gen_init_cpio.c | 159 ++++++++++++++++++++++++++++++------
6 files changed, 282 insertions(+), 47 deletions(-)
--
1.8.1.4
^ permalink raw reply
* master - vgimportclone: remove arg check that uses pvs
From: David Teigland @ 2015-01-20 19:13 UTC (permalink / raw)
To: lvm-devel
Gitweb: http://git.fedorahosted.org/git/?p=lvm2.git;a=commitdiff;h=a164d603d386c5daed06b46316ef3c001807dff9
Commit: a164d603d386c5daed06b46316ef3c001807dff9
Parent: 404c834e14657645d70d19b825d328bff5b165b7
Author: David Teigland <teigland@redhat.com>
AuthorDate: Tue Jan 20 13:08:22 2015 -0600
Committer: David Teigland <teigland@redhat.com>
CommitterDate: Tue Jan 20 13:08:22 2015 -0600
vgimportclone: remove arg check that uses pvs
The arg check using pvs is unnecessary. If the arg is not a PV,
the command will just fail later. Using the pvs command at this
point in the command is a problem when lvmetad is running, because
the pvs command does not report duplicate PVs when using lvmetad.
(Alternatively, use_lvmetad could be disabled by adding a --config
override to this pvs command.)
---
scripts/vgimportclone.sh | 5 -----
1 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/scripts/vgimportclone.sh b/scripts/vgimportclone.sh
index 9d319bd..388d14c 100755
--- a/scripts/vgimportclone.sh
+++ b/scripts/vgimportclone.sh
@@ -204,11 +204,6 @@ for ARG
do
if [ -b "$ARG" ]
then
- PVS_OUT=`"${LVM}" pvs ${LVM_OPTS} --noheadings -o vg_name "$ARG"`
- checkvalue $? "$ARG could not be verified to be a PV without errors."
- PV_VGNAME=$(echo $PVS_OUT | $GREP -v '[[:space:]]+$')
- [ -z "$PV_VGNAME" ] && die 3 "$ARG is not in a VG."
-
ln -s "$ARG" ${TMP_LVM_SYSTEM_DIR}/vgimport${DEVNO}
DISKS="${DISKS} ${TMP_LVM_SYSTEM_DIR}/vgimport${DEVNO}"
DEVNO=$((${DEVNO}+1))
^ permalink raw reply related
* [PATCH v1 11/11] ima: include rootfs (tmpfs) in ima_appraise_tcb policy
From: Mimi Zohar @ 2015-01-20 19:13 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
When rootfs supports extended attributes and CONFIG_IMA_APPRAISE_ROOTFS
is enabled, appraise the xattrs.
Changelog v1:
- limit appraising tmpfs to rootfs
- define new IMA_APPRAISE_ROOTFS Kconfig option (based on Josh Boyer's
comment).
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/ima/Kconfig | 12 ++++++++++++
security/integrity/ima/ima_policy.c | 8 ++++++++
2 files changed, 20 insertions(+)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 57515bc..fe2fd5f 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -156,3 +156,15 @@ config IMA_APPRAISE_SIGNED_INIT
default n
help
This option requires user-space init to be signed.
+
+config IMA_APPRAISE_ROOTFS
+ bool "Require labeled rootfs"
+ depends on IMA_LOAD_X509
+ default n
+ help
+ This option is dependent on the initramfs including
+ extended attributes(xattrs) in the CPIO file and the
+ rootfs file system for supporting them.
+
+ The new CPIO format (070703) includes xattrs in the
+ initramfs. Use tmpfs as the rootfs.
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index d1eefb9..7748332 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -27,6 +27,7 @@
#define IMA_UID 0x0008
#define IMA_FOWNER 0x0010
#define IMA_FSUUID 0x0020
+#define IMA_SBID 0x0040
#define UNKNOWN 0
#define MEASURE 0x0001 /* same as IMA_MEASURE */
@@ -49,6 +50,7 @@ struct ima_rule_entry {
enum ima_hooks func;
int mask;
unsigned long fsmagic;
+ char sbid[32];
u8 fsuuid[16];
kuid_t uid;
kuid_t fowner;
@@ -93,6 +95,10 @@ static struct ima_rule_entry default_appraise_rules[] = {
{.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
+#ifdef CONFIG_IMA_APPRAISE_ROOTFS
+ {.action = APPRAISE, .fsmagic = TMPFS_MAGIC, .sbid="rootfs",
+ .flags = IMA_FSMAGIC | IMA_SBID},
+#endif
{.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
@@ -188,6 +194,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
if ((rule->flags & IMA_FSUUID) &&
memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
return false;
+ if ((rule->flags & IMA_SBID) && strcmp(rule->sbid, inode->i_sb->s_id))
+ return false;
if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
return false;
if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid))
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 10/11] evm: make rootfs a special case
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
Both the EVM HMAC and signature xattr formats are file system
specific and can not be copied from one filesystem to another.
EVM differentiates files without any xattrs (INTEGRITY_UNKNOWN)
from those having protected xattrs (INTEGRITY_NOLABEL). This
patch treats the rootfs filesystem as a special case, returning
INTEGRITY_UNKNOWN.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/evm/evm_main.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index f589c9a0..9140016 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -19,6 +19,7 @@
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/audit.h>
+#include <linux/magic.h>
#include <linux/xattr.h>
#include <linux/integrity.h>
#include <linux/evm.h>
@@ -128,11 +129,16 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
if (rc <= 0) {
evm_status = INTEGRITY_FAIL;
if (rc == -ENODATA) {
+ struct super_block *sb = dentry->d_inode->i_sb;
+
rc = evm_find_protected_xattrs(dentry);
- if (rc > 0)
- evm_status = INTEGRITY_NOLABEL;
- else if (rc == 0)
+ if (rc == 0)
evm_status = INTEGRITY_NOXATTRS; /* new file */
+ else if (rc > 0 && sb->s_magic == TMPFS_MAGIC
+ && strcmp(sb->s_id, "rootfs") == 0)
+ evm_status = INTEGRITY_UNKNOWN;
+ else if (rc > 0)
+ evm_status = INTEGRITY_NOLABEL;
} else if (rc == -EOPNOTSUPP) {
evm_status = INTEGRITY_UNKNOWN;
}
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 09/11] gen_initramfs_list.sh: include xattrs
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
Support the new gen_init_cpio option to include extended attributes.
This patch adds support for the "-x" option and passes it to
gen_init_cpio.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
scripts/gen_initramfs_list.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/scripts/gen_initramfs_list.sh b/scripts/gen_initramfs_list.sh
index 17fa901..8d10b9d 100755
--- a/scripts/gen_initramfs_list.sh
+++ b/scripts/gen_initramfs_list.sh
@@ -24,6 +24,7 @@ $0 [-o <file>] [-u <uid>] [-g <gid>] {-d | <cpio_source>} ...
-g <gid> Group ID to map to group ID 0 (root).
<gid> is only meaningful if <cpio_source> is a
directory. "squash" forces all files to gid 0.
+ -x include file extended attributes in cpio archive.
<cpio_source> File list or directory for cpio archive.
If <cpio_source> is a .cpio file it will be used
as direct input to initramfs.
@@ -223,6 +224,7 @@ root_gid=0
dep_list=
cpio_file=
cpio_list=
+cpio_opts=
output="/dev/stdout"
output_file=""
is_cpio_compressed=
@@ -278,6 +280,9 @@ while [ $# -gt 0 ]; do
default_list="$arg"
${dep_list}default_initramfs
;;
+ "-x") # include extended attributers
+ cpio_opts="-x"
+ ;;
"-h")
usage
exit 0
@@ -307,7 +312,8 @@ if [ ! -z ${output_file} ]; then
fi
fi
cpio_tfile="$(mktemp ${TMPDIR:-/tmp}/cpiofile.XXXXXX)"
- usr/gen_init_cpio $timestamp ${cpio_list} > ${cpio_tfile}
+ usr/gen_init_cpio $timestamp ${cpio_opts} ${cpio_list} \
+ > ${cpio_tfile}
else
cpio_tfile=${cpio_file}
fi
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 08/11] gen_init_cpio: change size of mtime and file length to 64 bits
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
Either we keep the current field ordering, making some fields
64 bits or move the larger fields to the end. This patch keeps
the same field ordering.
Requested-by: Rob Landley <rob@landley.net>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
usr/gen_init_cpio.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
index 08994d6..55dab65 100644
--- a/usr/gen_init_cpio.c
+++ b/usr/gen_init_cpio.c
@@ -1,5 +1,6 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
@@ -23,14 +24,15 @@
static char *newcfmt = "%s%08X%08X%08lX%08lX%08X%08lX"
"%08X%08X%08X%08X%08X%08X%15$08X";
-static char *newcxfmt = "%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X%08X";
+static char *newcxfmt = "%s%08X%08X%08lX%08lX%08X%016llX"
+ "%016llX%08X%08X%08X%08X%08X%08X%08X";
static int newcx;
static unsigned int offset;
static unsigned int ino = 721;
static time_t default_mtime;
+static uint64_t default_mtime_usec;
struct file_handler {
const char *type;
@@ -128,7 +130,7 @@ static void push_rest(const char *name)
putchar(0);
offset += name_len;
- tmp_ofs = name_len + (newcx ? 118 : 110);
+ tmp_ofs = name_len + (newcx ? 130 : 110);
while (tmp_ofs & 3) {
putchar(0);
offset++;
@@ -139,7 +141,7 @@ static void push_rest(const char *name)
static void push_hdr(const char *s)
{
fputs(s, stdout);
- offset += newcx ? 118 : 110;
+ offset += newcx ? 130 : 110;
}
static void cpio_trailer(void)
@@ -199,7 +201,8 @@ static int cpio_mkslink(const char *name, const char *target,
(long) uid, /* uid */
(long) gid, /* gid */
1, /* nlink */
- (long) default_mtime, /* mtime */
+ newcx ? default_mtime_usec :
+ (long) default_mtime, /* mtime */
(unsigned)strlen(target)+1, /* filesize */
3, /* major */
1, /* minor */
@@ -251,7 +254,8 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
(long) uid, /* uid */
(long) gid, /* gid */
2, /* nlink */
- (long) default_mtime, /* mtime */
+ newcx ? default_mtime_usec :
+ (long) default_mtime, /* mtime */
0, /* filesize */
3, /* major */
1, /* minor */
@@ -347,7 +351,8 @@ static int cpio_mknod(const char *name, unsigned int mode,
(long) uid, /* uid */
(long) gid, /* gid */
1, /* nlink */
- (long) default_mtime, /* mtime */
+ newcx ? default_mtime_usec :
+ (long) default_mtime, /* mtime */
0, /* filesize */
3, /* major */
1, /* minor */
@@ -389,7 +394,7 @@ static int cpio_mkfile(const char *name, const char *location,
char s[256];
char *filebuf = NULL;
struct stat buf;
- long size;
+ uint64_t size;
int file = -1;
int retval;
int rc = -1;
@@ -442,7 +447,8 @@ static int cpio_mkfile(const char *name, const char *location,
(long) uid, /* uid */
(long) gid, /* gid */
nlinks, /* nlink */
- (long) buf.st_mtime, /* mtime */
+ newcx ? (uint64_t) buf.st_mtime * 1000000 :
+ (long) buf.st_mtime, /* mtime */
size, /* filesize */
3, /* major */
1, /* minor */
@@ -664,6 +670,7 @@ int main (int argc, char *argv[])
exit(1);
}
+ default_mtime_usec = default_mtime * 1000000;
while (fgets(line, LINE_SIZE, cpio_list)) {
int type_idx;
size_t slen = strlen(line);
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 07/11] gen_init_cpio: include the file extended attributes
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
This patch reads the xattr(s), creating a buffer containing the
number of xattrs, the xattr(s) name, data size, and data. The
resulting buffer size is included in the CPIO header and the
buffer data is written after the file name.
This patch also defines the '-x' option to enable the inclusion
of the xattrs.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
usr/gen_init_cpio.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 100 insertions(+), 7 deletions(-)
diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
index 0d9c6e8..08994d6 100644
--- a/usr/gen_init_cpio.c
+++ b/usr/gen_init_cpio.c
@@ -9,6 +9,7 @@
#include <errno.h>
#include <ctype.h>
#include <limits.h>
+#include <attr/xattr.h>
/*
* Original work by Jeff Garzik
@@ -36,6 +37,71 @@ struct file_handler {
int (*handler)(const char *line);
};
+#define MAX_XATTRNAMES_SIZE 500
+static char xattr_names[MAX_XATTRNAMES_SIZE];
+static char xattr_header[8]; /* number xattrs */
+static ssize_t xattr_nameslen;
+static unsigned int xattrs_buflen;
+
+static char xattr_buf[1000];
+static unsigned int get_xattrs(const char *name)
+{
+ char xattr_num[9];
+ char *xname, *buf, *bufend;
+ int xattrsize = 0, num_xattrs = 0;
+
+ xattr_nameslen = listxattr(name, NULL, 0);
+ if (xattr_nameslen <= 0 || xattr_nameslen > MAX_XATTRNAMES_SIZE)
+ return 0;
+
+ xattr_names[xattr_nameslen] = 0;
+ xattr_nameslen = listxattr(name, xattr_names, xattr_nameslen);
+ if (xattr_nameslen <= 0)
+ return 0;
+
+ /* xattr format: name value-len value */
+ buf = xattr_buf + sizeof xattr_header;
+ bufend = xattr_buf + sizeof xattr_buf;
+
+ for (xname = xattr_names; xname < (xattr_names + xattr_nameslen);
+ xname += strlen(xname) + 1) {
+ char sizebuf[9];
+ int offset;
+
+ /* skip security.evm as it is file system specific */
+ if (strcmp(xname, "security.evm") == 0)
+ continue;
+
+ offset = strlen(xname) + 1 + 8;
+ xattrsize = getxattr(name, xname, NULL, 0);
+ if (buf + offset + xattrsize > bufend) {
+ fprintf(stderr, "%s: xattrs too large \n", name);
+ return 0;
+ }
+
+ xattrsize = getxattr(name, xname, buf + offset,
+ bufend - (buf + offset));
+ if (xattrsize <= 0)
+ continue;
+
+ num_xattrs++;
+ fprintf(stderr, "%s: %s %x (%d)\n", name, xname, xattrsize,
+ num_xattrs);
+ strcpy(buf, xname);
+ buf += strlen(xname) + 1;
+ sprintf(sizebuf, "%08X", (int)xattrsize);
+ memcpy(buf, sizebuf, 8);
+ buf += (8 + xattrsize);
+ }
+
+ *buf = 0;
+ buf++;
+ sprintf(xattr_num, "%08X", num_xattrs);
+ memcpy(xattr_buf, xattr_num, 8);
+
+ return buf - xattr_buf;
+}
+
static void push_string(const char *name)
{
unsigned int name_len = strlen(name) + 1;
@@ -106,11 +172,24 @@ static void cpio_trailer(void)
}
}
+static void include_xattrs(void)
+{
+ if (!xattrs_buflen)
+ return;
+
+ if (fwrite(xattr_buf, xattrs_buflen, 1, stdout) != 1)
+ fprintf(stderr, "writing xattrs failed\n");
+ offset += xattrs_buflen;
+
+ push_pad();
+}
+
static int cpio_mkslink(const char *name, const char *target,
unsigned int mode, uid_t uid, gid_t gid)
{
char s[256];
+ xattrs_buflen = newcx ? get_xattrs(name) : 0;
if (name[0] == '/')
name++;
sprintf(s, newcx ? newcxfmt : newcfmt,
@@ -127,13 +206,15 @@ static int cpio_mkslink(const char *name, const char *target,
0, /* rmajor */
0, /* rminor */
(unsigned)strlen(name) + 1,/* namesize */
- 0, /* xattrs-size */
+ xattrs_buflen, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_string(name);
push_pad();
push_string(target);
push_pad();
+ if (newcx)
+ include_xattrs();
return 0;
}
@@ -160,6 +241,7 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
{
char s[256];
+ xattrs_buflen = newcx ? get_xattrs(name) : 0;
if (name[0] == '/')
name++;
sprintf(s, newcx ? newcxfmt : newcfmt,
@@ -176,10 +258,12 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
0, /* rmajor */
0, /* rminor */
(unsigned)strlen(name) + 1,/* namesize */
- 0, /* xattrs-size */
+ xattrs_buflen, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_rest(name);
+ if (newcx)
+ include_xattrs();
return 0;
}
@@ -339,9 +423,14 @@ static int cpio_mkfile(const char *name, const char *location,
}
size = 0;
+ xattrs_buflen = 0;
for (i = 1; i <= nlinks; i++) {
/* data goes on last link */
- if (i == nlinks) size = buf.st_size;
+ if (i == nlinks) {
+ size = buf.st_size;
+ if (newcx)
+ xattrs_buflen = get_xattrs(location);
+ }
if (name[0] == '/')
name++;
@@ -360,12 +449,13 @@ static int cpio_mkfile(const char *name, const char *location,
0, /* rmajor */
0, /* rminor */
namesize, /* namesize */
- 0, /* xattrs-size */
+ xattrs_buflen, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_string(name);
push_pad();
-
+ if (newcx)
+ include_xattrs();
if (size) {
if (fwrite(filebuf, size, 1, stdout) != 1) {
fprintf(stderr, "writing filebuf failed\n");
@@ -458,7 +548,7 @@ static int cpio_mkfile_line(const char *line)
static void usage(const char *prog)
{
fprintf(stderr, "Usage:\n"
- "\t%s [-t <timestamp>] <cpio_list>\n"
+ "\t%s [-t <timestamp>] [-x] <cpio_list>\n"
"\n"
"<cpio_list> is a file containing newline separated entries that\n"
"describe the files to be included in the initramfs archive:\n"
@@ -535,7 +625,7 @@ int main (int argc, char *argv[])
default_mtime = time(NULL);
while (1) {
- int opt = getopt(argc, argv, "t:h");
+ int opt = getopt(argc, argv, "t:h:x");
char *invalid;
if (opt == -1)
@@ -550,6 +640,9 @@ int main (int argc, char *argv[])
exit(1);
}
break;
+ case 'x':
+ newcx = 1;
+ break;
case 'h':
case '?':
usage(argv[0]);
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 06/11] gen_init_cpio: define new CPIO format to support xattrs
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
This patch defines a new CPIO method 070703 for including xattrs.
The new format extends the existing NEWC header to include the
buffer size containing the number of xattrs, the xattr(s) name,
data size, and data.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
usr/gen_init_cpio.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
index ee35361..0d9c6e8 100644
--- a/usr/gen_init_cpio.c
+++ b/usr/gen_init_cpio.c
@@ -21,7 +21,11 @@
#define str(s) xstr(s)
static char *newcfmt = "%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X";
+ "%08X%08X%08X%08X%08X%08X%15$08X";
+static char *newcxfmt = "%s%08X%08X%08lX%08lX%08X%08lX"
+ "%08X%08X%08X%08X%08X%08X%08X%08X";
+
+static int newcx;
static unsigned int offset;
static unsigned int ino = 721;
@@ -58,7 +62,7 @@ static void push_rest(const char *name)
putchar(0);
offset += name_len;
- tmp_ofs = name_len + 110;
+ tmp_ofs = name_len + (newcx ? 118 : 110);
while (tmp_ofs & 3) {
putchar(0);
offset++;
@@ -69,7 +73,7 @@ static void push_rest(const char *name)
static void push_hdr(const char *s)
{
fputs(s, stdout);
- offset += 110;
+ offset += newcx ? 118 : 110;
}
static void cpio_trailer(void)
@@ -77,8 +81,8 @@ static void cpio_trailer(void)
char s[256];
const char name[] = "TRAILER!!!";
- sprintf(s, newcfmt,
- "070701", /* magic */
+ sprintf(s, newcx ? newcxfmt : newcfmt,
+ newcx ? "070703": "070701",/* magic */
0, /* ino */
0, /* mode */
(long) 0, /* uid */
@@ -91,6 +95,7 @@ static void cpio_trailer(void)
0, /* rmajor */
0, /* rminor */
(unsigned)strlen(name)+1, /* namesize */
+ 0, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_rest(name);
@@ -108,8 +113,8 @@ static int cpio_mkslink(const char *name, const char *target,
if (name[0] == '/')
name++;
- sprintf(s, newcfmt,
- "070701", /* magic */
+ sprintf(s, newcx ? newcxfmt : newcfmt,
+ newcx ? "070703": "070701",/* magic */
ino++, /* ino */
S_IFLNK | mode, /* mode */
(long) uid, /* uid */
@@ -122,6 +127,7 @@ static int cpio_mkslink(const char *name, const char *target,
0, /* rmajor */
0, /* rminor */
(unsigned)strlen(name) + 1,/* namesize */
+ 0, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_string(name);
@@ -156,8 +162,8 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
if (name[0] == '/')
name++;
- sprintf(s, newcfmt,
- "070701", /* magic */
+ sprintf(s, newcx ? newcxfmt : newcfmt,
+ newcx ? "070703": "070701",/* magic */
ino++, /* ino */
mode, /* mode */
(long) uid, /* uid */
@@ -170,6 +176,7 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
0, /* rmajor */
0, /* rminor */
(unsigned)strlen(name) + 1,/* namesize */
+ 0, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_rest(name);
@@ -249,8 +256,8 @@ static int cpio_mknod(const char *name, unsigned int mode,
if (name[0] == '/')
name++;
- sprintf(s, newcfmt,
- "070701", /* magic */
+ sprintf(s, newcx ? newcxfmt : newcfmt,
+ newcx ? "070703": "070701",/* magic */
ino++, /* ino */
mode, /* mode */
(long) uid, /* uid */
@@ -263,6 +270,7 @@ static int cpio_mknod(const char *name, unsigned int mode,
maj, /* rmajor */
min, /* rminor */
(unsigned)strlen(name) + 1,/* namesize */
+ 0, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_rest(name);
@@ -338,8 +346,8 @@ static int cpio_mkfile(const char *name, const char *location,
if (name[0] == '/')
name++;
namesize = strlen(name) + 1;
- sprintf(s, newcfmt,
- "070701", /* magic */
+ sprintf(s, newcx ? newcxfmt : newcfmt,
+ newcx ? "070703": "070701",/* magic */
ino, /* ino */
mode, /* mode */
(long) uid, /* uid */
@@ -352,6 +360,7 @@ static int cpio_mkfile(const char *name, const char *location,
0, /* rmajor */
0, /* rminor */
namesize, /* namesize */
+ 0, /* xattrs-size */
0); /* chksum */
push_hdr(s);
push_string(name);
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 05/11] gen_init_cpio: replace inline format string with common variable
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
The same printf format string is used in a number of places. This
patch replaces the inline format string with a single common variable
called newcfmt.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
usr/gen_init_cpio.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
index 225ad24..ee35361 100644
--- a/usr/gen_init_cpio.c
+++ b/usr/gen_init_cpio.c
@@ -20,6 +20,9 @@
#define xstr(s) #s
#define str(s) xstr(s)
+static char *newcfmt = "%s%08X%08X%08lX%08lX%08X%08lX"
+ "%08X%08X%08X%08X%08X%08X%08X";
+
static unsigned int offset;
static unsigned int ino = 721;
static time_t default_mtime;
@@ -74,8 +77,7 @@ static void cpio_trailer(void)
char s[256];
const char name[] = "TRAILER!!!";
- sprintf(s, "%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X",
+ sprintf(s, newcfmt,
"070701", /* magic */
0, /* ino */
0, /* mode */
@@ -106,8 +108,7 @@ static int cpio_mkslink(const char *name, const char *target,
if (name[0] == '/')
name++;
- sprintf(s,"%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X",
+ sprintf(s, newcfmt,
"070701", /* magic */
ino++, /* ino */
S_IFLNK | mode, /* mode */
@@ -155,8 +156,7 @@ static int cpio_mkgeneric(const char *name, unsigned int mode,
if (name[0] == '/')
name++;
- sprintf(s,"%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X",
+ sprintf(s, newcfmt,
"070701", /* magic */
ino++, /* ino */
mode, /* mode */
@@ -249,8 +249,7 @@ static int cpio_mknod(const char *name, unsigned int mode,
if (name[0] == '/')
name++;
- sprintf(s,"%s%08X%08X%08lX%08lX%08X%08lX"
- "%08X%08X%08X%08X%08X%08X%08X",
+ sprintf(s, newcfmt,
"070701", /* magic */
ino++, /* ino */
mode, /* mode */
@@ -339,8 +338,7 @@ static int cpio_mkfile(const char *name, const char *location,
if (name[0] == '/')
name++;
namesize = strlen(name) + 1;
- sprintf(s,"%s%08X%08X%08lX%08lX%08X%08lX"
- "%08lX%08X%08X%08X%08X%08X%08X",
+ sprintf(s, newcfmt,
"070701", /* magic */
ino, /* ino */
mode, /* mode */
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 04/11] initramfs: change size of mtime and file length to 64 bits
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
Either we keep the current field ordering, making some fields
64 bits, or move the larger fields to the end. This patch keeps
the same field ordering.
Requested-by: Rob Landley <rob@landley.net>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
init/initramfs.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/init/initramfs.c b/init/initramfs.c
index 8917065..cec6fe1 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -155,7 +155,8 @@ static __initdata time_t mtime;
static __initdata unsigned long ino, major, minor, nlink;
static __initdata umode_t mode;
-static __initdata unsigned long body_len, name_len, xattr_buflen;
+static __initdata uint64_t body_len;
+static __initdata unsigned long name_len, xattr_buflen;
static __initdata uid_t uid;
static __initdata gid_t gid;
static __initdata unsigned rdev;
@@ -164,14 +165,21 @@ static __initdata int newcx;
static void __init parse_header(char *s)
{
unsigned long parsed[13];
- char buf[9];
- int ret;
+ uint64_t parsed64[2];
+ char buf[17];
+ bool ull = 0;
+ int ret = 0;
int i;
- buf[8] = '\0';
- for (i = 0; i < (!newcx ? 12 : 13); i++, s += 8) {
- memcpy(buf, s, 8);
- ret = kstrtoul(buf, 16, &parsed[i]);
+ buf[16] = '\0';
+ for (i = 0; i < (!newcx ? 12 : 13); i++, s += (ull ? 16 : 8)) {
+ ull = newcx && (i == 5 || i == 6);
+
+ buf[8] = '\0';
+ memcpy(buf, s, ull ? 16 : 8);
+
+ ret = ull ? kstrtoull(buf, 16, &parsed64[i - 5]) :
+ kstrtoul(buf, 16, &parsed[i]);
if (ret)
pr_err("invalid cpio header field (%d)", ret);
}
@@ -180,8 +188,8 @@ static void __init parse_header(char *s)
uid = parsed[2];
gid = parsed[3];
nlink = parsed[4];
- mtime = parsed[5];
- body_len = parsed[6];
+ mtime = !newcx ? parsed[5] : parsed64[0] / 1000000;
+ body_len = !newcx ? parsed[6] : parsed64[1];
major = parsed[7];
minor = parsed[8];
rdev = new_encode_dev(MKDEV(parsed[9], parsed[10]));
@@ -272,7 +280,7 @@ static int __init do_format(void)
error("no cpio magic");
return 1;
}
- read_into(header_buf, !newcx ? 104: 112, GotHeader);
+ read_into(header_buf, !newcx ? 104: 128, GotHeader);
return 0;
}
@@ -539,7 +547,7 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len)
const char *compress_name;
static __initdata char msg_buf[64];
- header_buf = kmalloc(118, GFP_KERNEL);
+ header_buf = kmalloc(128, GFP_KERNEL);
symlink_buf = kmalloc(PATH_MAX + N_ALIGN(PATH_MAX) + 1, GFP_KERNEL);
name_buf = kmalloc(N_ALIGN(PATH_MAX), GFP_KERNEL);
xattr_buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 03/11] initramfs: add extended attribute support
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
This patch writes out the extended attributes included in the cpio file.
As the "security.ima" xattr needs to be written after the file data,
this patch separates extracting and setting the xattrs by defining two
new states "GotXattrs" and "SetXattrs".
Changelog:
- "way too trusting of input data" - Rob Landley. Added some checking...
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
init/initramfs.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 87 insertions(+), 10 deletions(-)
diff --git a/init/initramfs.c b/init/initramfs.c
index 5dd93ca..8917065 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -52,6 +52,7 @@ static void __init error(char *x)
/* link hash */
#define N_ALIGN(len) ((((len) + 1) & ~3) + 2)
+#define X_ALIGN(len) ((len + 3) & ~3)
static __initdata struct hash {
int ino, minor, major;
@@ -154,20 +155,21 @@ static __initdata time_t mtime;
static __initdata unsigned long ino, major, minor, nlink;
static __initdata umode_t mode;
-static __initdata unsigned long body_len, name_len;
+static __initdata unsigned long body_len, name_len, xattr_buflen;
static __initdata uid_t uid;
static __initdata gid_t gid;
static __initdata unsigned rdev;
+static __initdata int newcx;
static void __init parse_header(char *s)
{
- unsigned long parsed[12];
+ unsigned long parsed[13];
char buf[9];
int ret;
int i;
buf[8] = '\0';
- for (i = 0, s += 6; i < 12; i++, s += 8) {
+ for (i = 0; i < (!newcx ? 12 : 13); i++, s += 8) {
memcpy(buf, s, 8);
ret = kstrtoul(buf, 16, &parsed[i]);
if (ret)
@@ -184,6 +186,7 @@ static void __init parse_header(char *s)
minor = parsed[8];
rdev = new_encode_dev(MKDEV(parsed[9], parsed[10]));
name_len = parsed[11];
+ xattr_buflen = newcx ? parsed[12] : 0;
}
/* FSM */
@@ -195,7 +198,9 @@ static __initdata enum state {
GotHeader,
SkipIt,
GotName,
+ GotXattrs,
CopyFile,
+ SetXattrs,
GotSymlink,
Reset
} state, next_state;
@@ -212,6 +217,8 @@ static inline void __init eat(unsigned n)
}
static __initdata char *vcollected;
+static __initdata char *ncollected;
+static __initdata u8 *xcollected;
static __initdata char *collected;
static long remains __initdata;
static __initdata char *collect;
@@ -230,7 +237,7 @@ static void __init read_into(char *buf, unsigned size, enum state next)
}
}
-static __initdata char *header_buf, *symlink_buf, *name_buf;
+static __initdata char *header_buf, *symlink_buf, *name_buf, *xattr_buf;
static int __init do_start(void)
{
@@ -254,22 +261,26 @@ static int __init do_collect(void)
static int __init do_format(void)
{
+ newcx = 0;
if (memcmp(collected, "070707", 6)==0) {
error("incorrect cpio method used: use -H newc option");
return 1;
}
- if (memcmp(collected, "070701", 6)) {
+ if (memcmp(collected, "070703", 6) == 0)
+ newcx = 1;
+ else if (memcmp(collected, "070701", 6)) {
error("no cpio magic");
return 1;
}
- read_into(header_buf, 104, GotHeader);
+ read_into(header_buf, !newcx ? 104: 112, GotHeader);
return 0;
}
static int __init do_header(void)
{
parse_header(collected);
- next_header = this_header + N_ALIGN(name_len) + body_len;
+ next_header = this_header + N_ALIGN(name_len) + X_ALIGN(xattr_buflen)
+ + body_len;
next_header = (next_header + 3) & ~3;
state = SkipIt;
if (name_len <= 0 || name_len > PATH_MAX)
@@ -331,8 +342,64 @@ static void __init clean_path(char *path, umode_t fmode)
}
}
-static __initdata int wfd;
+static int __init do_xattrs(void)
+{
+ state = next_state;
+ xcollected = kmalloc(xattr_buflen, GFP_KERNEL);
+ if (!xcollected)
+ panic("can't allocate xattr buffer");
+ memcpy(xcollected, collected, xattr_buflen);
+ return 0;
+}
+
+static int __init do_setxattrs(void)
+{
+ char *xattr_name = NULL;
+ int i, offset = 8, num_xattrs = 0;
+ unsigned xattr_value_size;
+ u8 *buf = xcollected;
+ u8 *bufend = buf + xattr_buflen - 1;
+
+ state = SkipIt;
+ next_state = Reset;
+
+ if (!newcx || xattr_buflen == 0 || !buf)
+ return 0;
+
+ *bufend = '\0';
+ sscanf(buf, "%08X", &num_xattrs);
+
+ /* xattr format: name value-len value */
+ for (i = 0; i < num_xattrs || buf + offset > bufend; i++) {
+ u8 *xattr_buf;
+ int ret;
+ xattr_name = buf + offset;
+ offset += (strlen(xattr_name) + 1);
+ if (buf + offset + 8 > bufend) {
+ error("malformed xattrs");
+ break;
+ }
+
+ ret = sscanf(buf + offset, "%08X", &xattr_value_size);
+ xattr_buf = buf + offset + 8;
+ if (ret != 1 || xattr_buf + xattr_value_size > bufend) {
+ error("malformed xattrs");
+ break;
+ }
+
+ ret = sys_setxattr(ncollected, xattr_name, xattr_buf,
+ xattr_value_size, 0);
+ pr_debug("%s: %s size: %u (ret: %d)\n", ncollected, xattr_name,
+ xattr_value_size, ret);
+ offset += (8 + xattr_value_size);
+ }
+ kfree(ncollected);
+ kfree(xcollected);
+ return 0;
+}
+
+static __initdata int wfd;
static int __init do_name(void)
{
state = SkipIt;
@@ -373,6 +440,12 @@ static int __init do_name(void)
do_utime(collected, mtime);
}
}
+
+ if (xattr_buflen > 0) {
+ ncollected = kstrdup(collected, GFP_KERNEL);
+ next_state = (state == SkipIt) ? SetXattrs : state;
+ read_into(xattr_buf, X_ALIGN(xattr_buflen), GotXattrs);
+ }
return 0;
}
@@ -385,7 +458,7 @@ static int __init do_copy(void)
do_utime(vcollected, mtime);
kfree(vcollected);
eat(body_len);
- state = SkipIt;
+ state = (newcx && xattr_buflen > 0)? SetXattrs : SkipIt;
return 0;
} else {
if (xwrite(wfd, victim, byte_count) != byte_count)
@@ -415,7 +488,9 @@ static __initdata int (*actions[])(void) = {
[GotHeader] = do_header,
[SkipIt] = do_skip,
[GotName] = do_name,
+ [GotXattrs] = do_xattrs,
[CopyFile] = do_copy,
+ [SetXattrs] = do_setxattrs,
[GotSymlink] = do_symlink,
[Reset] = do_reset,
};
@@ -464,9 +539,10 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len)
const char *compress_name;
static __initdata char msg_buf[64];
- header_buf = kmalloc(110, GFP_KERNEL);
+ header_buf = kmalloc(118, GFP_KERNEL);
symlink_buf = kmalloc(PATH_MAX + N_ALIGN(PATH_MAX) + 1, GFP_KERNEL);
name_buf = kmalloc(N_ALIGN(PATH_MAX), GFP_KERNEL);
+ xattr_buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!header_buf || !symlink_buf || !name_buf)
panic("can't allocate buffers");
@@ -513,6 +589,7 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len)
len -= my_inptr;
}
dir_utime();
+ kfree(xattr_buf);
kfree(name_buf);
kfree(symlink_buf);
kfree(header_buf);
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 02/11] initramfs: replace simple_strtoul() with kstrtoul()
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
Replace existing obsolete simple_strtoul() call with kstrtoul(),
before making other changes.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
init/initramfs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/init/initramfs.c b/init/initramfs.c
index bb51b5b..5dd93ca 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -163,12 +163,15 @@ static void __init parse_header(char *s)
{
unsigned long parsed[12];
char buf[9];
+ int ret;
int i;
buf[8] = '\0';
for (i = 0, s += 6; i < 12; i++, s += 8) {
memcpy(buf, s, 8);
- parsed[i] = simple_strtoul(buf, NULL, 16);
+ ret = kstrtoul(buf, 16, &parsed[i]);
+ if (ret)
+ pr_err("invalid cpio header field (%d)", ret);
}
ino = parsed[0];
mode = parsed[1];
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 01/11] initramfs: separate reading cpio method from header
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
In-Reply-To: <1421781180-24425-1-git-send-email-zohar@linux.vnet.ibm.com>
In preparation for adding xattr support, read the CPIO method
separately from the rest of the header.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
init/initramfs.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/init/initramfs.c b/init/initramfs.c
index ad1bd77..bb51b5b 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -187,6 +187,7 @@ static void __init parse_header(char *s)
static __initdata enum state {
Start,
+ GotFormat,
Collect,
GotHeader,
SkipIt,
@@ -230,7 +231,7 @@ static __initdata char *header_buf, *symlink_buf, *name_buf;
static int __init do_start(void)
{
- read_into(header_buf, 110, GotHeader);
+ read_into(header_buf, 6, GotFormat);
return 0;
}
@@ -248,7 +249,7 @@ static int __init do_collect(void)
return 0;
}
-static int __init do_header(void)
+static int __init do_format(void)
{
if (memcmp(collected, "070707", 6)==0) {
error("incorrect cpio method used: use -H newc option");
@@ -258,6 +259,12 @@ static int __init do_header(void)
error("no cpio magic");
return 1;
}
+ read_into(header_buf, 104, GotHeader);
+ return 0;
+}
+
+static int __init do_header(void)
+{
parse_header(collected);
next_header = this_header + N_ALIGN(name_len) + body_len;
next_header = (next_header + 3) & ~3;
@@ -400,6 +407,7 @@ static int __init do_symlink(void)
static __initdata int (*actions[])(void) = {
[Start] = do_start,
+ [GotFormat] = do_format,
[Collect] = do_collect,
[GotHeader] = do_header,
[SkipIt] = do_skip,
--
1.8.1.4
^ permalink raw reply related
* [PATCH v1 00/11] extend initramfs archive format to support xattrs
From: Mimi Zohar @ 2015-01-20 19:12 UTC (permalink / raw)
To: initramfs
Cc: Mimi Zohar, Al Viro, linux-ima-devel, linux-security-module,
linux-kernel
Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to be initialized during initcall and enabled as
early as possible for complete security coverage.
The linux kernel creates the rootfs file system and extracts the contents
of the initramfs, a compressed CPIO archive, onto it. If CONFIG_TMPFS is
enabled (and "root=" is not specified on the boot command line), rootfs
will use tmpfs instead of ramfs by default. Although the tmpfs filesystem
supports xattrs, the CPIO archive specification does not define a method
for including them in the archive. Other archive formats have added xattr
support (eg. tar).
There are a couple of ways to include and label the rootfs filesystem:
- include a file manifest containing the xattrs in the initramfs
- extend CPIO to support xattrs
- add tar support
This patch set extends the existing newc CPIO archive format to include
xattrs in the initramfs. This change affects usr/gen_init_cpio,
scripts/gen_initramfs_list.sh, and init/initramfs.c. Included in this
patch set are the associated IMA and EVM policy changes.
Changelog v1:
- Patch "init: remove "root=" command line option test for tmpfs decision"
was previously included for testing without userspace application (eg.
systemd, dracut) changes. The associated userspace changes will be
posted to the relevant mailing lists. Patch dropped.
- replace simple_strtoul with kstrtoul
- add some input data checking
- change size of mtime and file length to 64 bits
- define new gen_initramfs_list.sh "-x" command line option
- define new IMA_APPRAISE_ROOTFS Kconfig option
Mimi
Mimi Zohar (11):
initramfs: separate reading cpio method from header
initramfs: replace simple_strtoul() with kstrtoul()
initramfs: add extended attribute support
initramfs: change size of mtime and file length to 64 bits
gen_init_cpio: replace inline format string with common variable
gen_init_cpio: define new CPIO format to support xattrs
gen_init_cpio: include the file extended attributes
gen_init_cpio: change size of mtime and file length to 64 bits
gen_initramfs_list.sh: include xattrs
evm: make rootfs a special case
ima: include rootfs (tmpfs) in ima_appraise_tcb policy
init/initramfs.c | 130 +++++++++++++++++++++++++----
scripts/gen_initramfs_list.sh | 8 +-
security/integrity/evm/evm_main.c | 12 ++-
security/integrity/ima/Kconfig | 12 +++
security/integrity/ima/ima_policy.c | 8 ++
usr/gen_init_cpio.c | 159 ++++++++++++++++++++++++++++++------
6 files changed, 282 insertions(+), 47 deletions(-)
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [Bugfix v4 1/2] xen/pci: Fix xen IRQ allocation failure caused by commit b81975eade8c
From: Konrad Rzeszutek Wilk @ 2015-01-20 19:12 UTC (permalink / raw)
To: Jiang Liu
Cc: Len Brown, Rafael J . Wysocki, Tony Luck, linux-pci, linux-pm,
x86, Rafael J. Wysocki, linux-kernel, Sander Eikelenboom,
Ingo Molnar, David Vrabel, Pavel Machek, H. Peter Anvin,
Bjorn Helgaas, xen-devel, Thomas Gleixner
In-Reply-To: <54BC8AF4.6010504@linux.intel.com>
On Mon, Jan 19, 2015 at 12:41:24PM +0800, Jiang Liu wrote:
>
> On 2015/1/17 2:13, Konrad Rzeszutek Wilk wrote:
> > On Thu, Jan 15, 2015 at 09:04:35PM +0800, Jiang Liu wrote:
> <snit>
> >>
> >> Note: we need to test this patch on those special AMD systems which
> >> override normal SCI GSI (9) with strange GSI (20).
> >
> > [ 0.000000] DMI: Supermicro X8DTN/X8DTN, BIOS 2.1c 10/28/2011
> > ..
> > 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
> > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 20 low level)
> > [ 0.000000] ACPI: IRQ0 used by override.
> > ..
> > 6.358737] xen: registering gsi 20 triggering 0 polarity 1
> > [ 6.358756] xen: --> pirq=20 -> irq=20 (gsi=20)
> > ...
> > -bash-4.1# cat /proc/interrupts |grep acpi
> > 20: 0 0 0 xen-pirq-ioapic-level acpi
> Hi Konrad,
> May I assume an Tested-by from you here?
Yes for this particular use case. I hadn't yet tried to push the ACPI buttons
(this printout was from an server in a basement).
> Thanks!
> Gerry
^ permalink raw reply
* Re: [Bugfix v4 1/2] xen/pci: Fix xen IRQ allocation failure caused by commit b81975eade8c
From: Konrad Rzeszutek Wilk @ 2015-01-20 19:12 UTC (permalink / raw)
To: Jiang Liu
Cc: Sander Eikelenboom, David Vrabel, Thomas Gleixner, Bjorn Helgaas,
Rafael J. Wysocki, Len Brown, Pavel Machek, Ingo Molnar,
H. Peter Anvin, x86, Rafael J . Wysocki, Tony Luck, linux-kernel,
linux-pm, xen-devel, linux-pci
In-Reply-To: <54BC8AF4.6010504@linux.intel.com>
On Mon, Jan 19, 2015 at 12:41:24PM +0800, Jiang Liu wrote:
>
> On 2015/1/17 2:13, Konrad Rzeszutek Wilk wrote:
> > On Thu, Jan 15, 2015 at 09:04:35PM +0800, Jiang Liu wrote:
> <snit>
> >>
> >> Note: we need to test this patch on those special AMD systems which
> >> override normal SCI GSI (9) with strange GSI (20).
> >
> > [ 0.000000] DMI: Supermicro X8DTN/X8DTN, BIOS 2.1c 10/28/2011
> > ..
> > 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
> > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 20 low level)
> > [ 0.000000] ACPI: IRQ0 used by override.
> > ..
> > 6.358737] xen: registering gsi 20 triggering 0 polarity 1
> > [ 6.358756] xen: --> pirq=20 -> irq=20 (gsi=20)
> > ...
> > -bash-4.1# cat /proc/interrupts |grep acpi
> > 20: 0 0 0 xen-pirq-ioapic-level acpi
> Hi Konrad,
> May I assume an Tested-by from you here?
Yes for this particular use case. I hadn't yet tried to push the ACPI buttons
(this printout was from an server in a basement).
> Thanks!
> Gerry
^ permalink raw reply
* Re: [PATCH v2 2/2] livepatch: support for repatching a function
From: Jiri Kosina @ 2015-01-20 19:11 UTC (permalink / raw)
To: Josh Poimboeuf
Cc: Jiri Slaby, Seth Jennings, Vojtech Pavlik, live-patching,
linux-kernel
In-Reply-To: <20150120154736.GA4417@treble.redhat.com>
On Tue, 20 Jan 2015, Josh Poimboeuf wrote:
> Yeah, maybe, depending on the nature of the bug.
>
> > WARN_ON_RATELIMIT?
>
> Since this warning should never happen unless there's a code bug, I
> think WARN_ON_ONCE should be sufficient?
Yeah. The stacktrace is likely not to point to the source of the problem
anyway, so spamming dmesg with it is rather pointless.
I've changed WARN_ON() in ftrace handler to WARN_ON_ONCE() and applied.
Thanks,
--
Jiri Kosina
SUSE Labs
^ permalink raw reply
* Re: [Mesa-dev] [mesa 7/9] glx/dri2: Add DRI2GetParam()
From: Ian Romanick @ 2015-01-20 19:11 UTC (permalink / raw)
To: Chris Wilson, xorg-devel-go0+a7rfsptAfugRpC6u6w,
dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW,
mesa-dev-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
In-Reply-To: <1421665245-5994-8-git-send-email-chris-Y6uKTt2uX1cEflXRtASbqLVCufUGDwFn@public.gmane.org>
On 01/19/2015 03:00 AM, Chris Wilson wrote:
> Available since the inclusion of dri2proto 1.4 is a DRI2 request to
> query and set certain parameters about the X/DDX configuration. This
> implements the getter request.
>
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
This patch is
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
> ---
> src/glx/dri2.c | 29 +++++++++++++++++++++++++++++
> src/glx/dri2.h | 4 ++++
> 2 files changed, 33 insertions(+)
>
> diff --git a/src/glx/dri2.c b/src/glx/dri2.c
> index cc6c164..6d9403e 100644
> --- a/src/glx/dri2.c
> +++ b/src/glx/dri2.c
> @@ -546,4 +546,33 @@ DRI2CopyRegion(Display * dpy, XID drawable, XserverRegion region,
> SyncHandle();
> }
>
> +Bool
> +DRI2GetParam(Display * dpy, XID drawable, CARD32 param, CARD64 *value)
> +{
> + XExtDisplayInfo *info = DRI2FindDisplay(dpy);
> + xDRI2GetParamReply rep;
> + xDRI2GetParamReq *req;
> +
> + XextCheckExtension(dpy, info, dri2ExtensionName, False);
> +
> + LockDisplay(dpy);
> + GetReq(DRI2GetParam, req);
> + req->reqType = info->codes->major_opcode;
> + req->dri2ReqType = X_DRI2GetParam;
> + req->drawable = drawable;
> + req->param = param;
> +
> + if (!_XReply(dpy, (xReply *) & rep, 0, xFalse)) {
> + UnlockDisplay(dpy);
> + SyncHandle();
> + return False;
> + }
> +
> + *value = (CARD64)rep.value_hi << 32 | rep.value_lo;
> + UnlockDisplay(dpy);
> + SyncHandle();
> +
> + return rep.is_param_recognized;
> +}
> +
> #endif /* GLX_DIRECT_RENDERING */
> diff --git a/src/glx/dri2.h b/src/glx/dri2.h
> index 4be5bf8..a5b23f0 100644
> --- a/src/glx/dri2.h
> +++ b/src/glx/dri2.h
> @@ -88,4 +88,8 @@ DRI2CopyRegion(Display * dpy, XID drawable,
> XserverRegion region,
> CARD32 dest, CARD32 src);
>
> +extern Bool
> +DRI2GetParam(Display * dpy, XID drawable,
> + CARD32 param, CARD64 *value);
> +
> #endif
>
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
^ permalink raw reply
* [U-Boot] Disable tftp and access
From: Jakub Jančo @ 2015-01-20 19:09 UTC (permalink / raw)
To: u-boot
Hello,
I want to disable uboot tftp on my device and if uboot allow some
login/access(eg. by console) then disable it too.
My aim is to lock uboot except booting image(OS), I want manage it only
from OS(changing env variables only from OS)
I want to ask what env variables I should change to disable tftp functions
and access?
Thanks,
Kubco
^ permalink raw reply
* Re: [PATCH] n_tty: Remove LINEMODE support
From: Peter Hurley @ 2015-01-20 19:08 UTC (permalink / raw)
To: Howard Chu
Cc: Greg Kroah-Hartman, One Thousand Gnomes, Jiri Slaby,
Linux Kernel Mailing List, linux-serial, Theodore Ts'o
In-Reply-To: <54BEA0E0.9080807@symas.com>
On 01/20/2015 01:39 PM, Howard Chu wrote:
> Peter Hurley wrote:
>> On 01/19/2015 02:43 PM, Howard Chu wrote:
[...]
>> So it's really back to the question of, does allowing EXTPROC for regular
>> ttys have _value_?
>
> Does preventing it have value?
Not that that is the appropriate metric for kernel behavior,
but yes, preventing it has value: it significantly limits
the matrix required for testing.
> I like having the option of turning linemode on and off in a session, for debugging purposes if nothing else.
... which is just as achievable with a pty-specific ioctl.
Regards,
Peter Hurley
^ permalink raw reply
* Re: Inconsistent behaviour between 'jobs' and 'echo "$(jobs)"'
From: Seb @ 2015-01-20 19:07 UTC (permalink / raw)
To: dash; +Cc: Damian Wrobel
In-Reply-To: <54BE89D6.7040101@ertelnet.rybnik.pl>
On Tue, Jan 20, 2015 at 06:01:10PM +0100, Damian Wrobel wrote:
> On 01/20/2015 09:44 AM, Seb wrote:
> >On Mon, Jan 19, 2015 at 07:01:53PM +0100, Damian Wrobel wrote:
> >
> >Hello,
> >
> >>I'm observing an inconsistent behaviour between:
> >> jobs
> >>and
> >> echo "$(jobs)"
> >
> >It's because the command is ran in a sub-shell, where there is indeed no
> >running job.
> >
> >Bash has a special mechanism to handle this and get the current shell
> >context returned, that's why you may feel some inconsistency here (like
> >I myself did :)
>
> There is an application usage [1] where this case is specifically mentioned
> with a suggestion that: "For this reason, jobs is generally implemented as a
> shell regular built-in."
Indeed, it seems the standard requires, or at least expects this to
work:
"The -p option is the only portable way to find out the
process group of a job because different implementations
have different strategies for defining the process group of
the job. Usage such as $(jobs -p) provides a way of
referring to the process group of the job in an
implementation-independent way."
> Now it looks that even the following doesn't work in a dash:
>
> $ jobs -p | xargs kill
For the same reason as above: each member of the pipe is ran in its own
sub-shell.
> I would prefer not to code something like the following:
>
> $ jobs -p >/tmp/jobs-$$ && kill $(cat /tmp/jobs-$$); rm /tmp/jobs-$$
I agree it's not very nice.
++
Seb.
^ permalink raw reply
* Re: Xen 4.5 Development Update (GA slip by a week)
From: Konrad Rzeszutek Wilk @ 2015-01-20 19:07 UTC (permalink / raw)
To: Jan Beulich; +Cc: Lars Kurth, xen-devel
In-Reply-To: <54BE27440200007800056CFE@mail.emea.novell.com>
On Tue, Jan 20, 2015 at 09:00:36AM +0000, Jan Beulich wrote:
> >>> On 05.01.15 at 21:08, <konrad.wilk@oracle.com> wrote:
> > = Timeline =
> >
> > Xen 4.5 is a 10 month release. The dates are:
> >
> > * Feature Freeze: 24th September 2014
> > * First RC: 24th October [Friday!]
> > * RC2: Nov 11th
> > * RC2 Test-day: Nov 13th
> > * RC3: Dec 3rd.
> > * RC3 Test-day: Dec 4th
> > * RC4: Dec 15th
> > * RC4 Test-day: Dec 17th
> >
> > <==== WE ARE HERE ===>
> >
> > Release Date: Jan 14th.
>
> So when is it intended to announce the release, at once opening the
> 4.5 tree for backports (of interest to me in case I'm going to continue
> to be the stable tree maintainer, the voting on which was also
> supposed to be happening already afaict), leaving aside the fact
> that there's already a tools side one?
You are the stable 4.5 maintainer and can commit to the Xen 4.5 stable
tree at any time and select the whenever you want to release it.
Thank you!
>
> Jan
>
^ permalink raw reply
* Re: [Qemu-devel] cpu hotplug and windows guest (win2012r2)
From: Alexandre DERUMIER @ 2015-01-20 19:06 UTC (permalink / raw)
To: Andrey Korolyov; +Cc: qemu-devel
In-Reply-To: <1789085063.4708770.1421780811020.JavaMail.zimbra@oxygem.tv>
Hi,
I have tried with numa enabled, and it's still don't work.
Can you send me your vm qemu command line ?
Also, with numa I have notice something strange with "info numa" command.
starting with -smp socket=2,cores=1
# info numa
2 nodes
node 0 cpus: 0
node 0 size: 2048 MB
node 1 cpus: 1
node 1 size: 2048 MB
ok
now:
starting with -smp 1,socket=2,cores=1,maxcpus=2
# info numa
2 nodes
node 0 cpus: 0
node 0 size: 2048 MB
node 1 cpus:
node 1 size: 2048 MB
ok
now hotplug cpu
# cpu-add 1
# info numa
2 nodes
node 0 cpus: 0 1
node 0 size: 2048 MB
node 1 cpus:
node 1 size: 2048 MB
cpu1 has been hotplugged on numa node0 ??????
----- Mail original -----
De: "Andrey Korolyov" <andrey@xdel.ru>
À: "aderumier" <aderumier@odiso.com>
Cc: "qemu-devel" <qemu-devel@nongnu.org>
Envoyé: Mercredi 14 Janvier 2015 17:07:41
Objet: Re: [Qemu-devel] cpu hotplug and windows guest (win2012r2)
On Fri, Jan 9, 2015 at 4:35 PM, Andrey Korolyov <andrey@xdel.ru> wrote:
> On Fri, Jan 9, 2015 at 1:26 PM, Alexandre DERUMIER <aderumier@odiso.com> wrote:
>> Hi,
>>
>> I'm currently testing cpu hotplug with a windows 2012R2 standard guest,
>>
>> and I can't get it too work. (works fine with linux guest).
>>
>> host kernel : rhel7 3.10 kernel
>> qemu 2.2
>>
>>
>> qemu command line : -smp cpus=1,sockets=2,cores=1,maxcpus=2
>>
>> Started with 1cpu, topogoly is 2sockets with 1cores.
>>
>>
>> Then
>>
>> qmp# cpu-add 1
>>
>>
>> I can see a new cpu is windows device manager, and event log in the device said that it's online.
>>
>> So it should be ok, but.
>>
>> I can't see new processor in taskmanager or perfmon. (I had tried to relaunch them to be sure.).
>>
>>
>> So, it is a windows bug ? Does I need to do something else ?
>>
>
> Did you populated appropriate topology in arguments? As far as I can
> remember from pre-1.1 era CPU hotplug not worked with windows, so it
> should be neither lack of configured NUMA or a simply OS-specific
> issue.
Just to let anyone know that it works well:
http://xdel.ru/downloads/windows-hotplugged-cpu.png
Topology is a bit rotten (I have two sockets with single CPU in each)
and I *need* to specify non-zero amount of memory for each numa node
to be seen, if each CPU belongs to different node for example but
everything else is just fine.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.