Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/arch/x86/ia32?h=master 2022-04-11T16:04:27Z 2022-04-11T16:04:27Z Borislav Petkov bp@suse.de 2022-01-13T13:26:10Z urn:sha1:c7bda0dca98cca351a9bc852b3df8b9b99ffd400 Commit eac616557050 ("x86: Deprecate a.out support") deprecated a.out support with the promise to remove it a couple of releases later. That commit landed in v5.1. Now it is more than a couple of releases later, no one has complained so remove it. Fold in a hunk removing the reference to arch/x86/ia32/ia32_aout.c in MAINTAINERS: https://lore.kernel.org/r/20220316050828.17255-1-lukas.bulwahn@gmail.com Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220113160115.5375-1-bp@alien8.de 2021-11-02T04:17:39Z Linus Torvalds torvalds@linux-foundation.org 2021-11-02T04:17:39Z urn:sha1:d2fac0afe89fe30c39eaa98dda71f7c4cea190c2 Pull audit updates from Paul Moore: "Add some additional audit logging to capture the openat2() syscall open_how struct info. Previous variations of the open()/openat() syscalls allowed audit admins to inspect the syscall args to get the information contained in the new open_how struct used in openat2()" * tag 'audit-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: return early if the filter rule has a lower priority audit: add OPENAT2 record to list "how" info audit: add support for the openat2 syscall audit: replace magic audit syscall class numbers with macros lsm_audit: avoid overloading the "key" audit field audit: Convert to SPDX identifier audit: rename struct node to struct audit_node to prevent future name collisions 2021-10-20T13:27:29Z Thomas Gleixner tglx@linutronix.de 2021-10-15T01:16:35Z urn:sha1:0ae67cc34f765078a63137120e4567ad2f050b75 In order to remove internal.h make signal.h independent of it. Include asm/fpu/xstate.h to fix a missing update_regset_xstate_info() prototype, which is Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20211015011539.844565975@linutronix.de 2021-10-01T20:52:48Z Richard Guy Briggs rgb@redhat.com 2021-05-19T20:00:21Z urn:sha1:1c30e3af8a79260cdba833a719209b01e6b92300 The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 ("open: introduce openat2(2) syscall"). Add the openat2(2) syscall to the audit syscall classifier. Link: https://github.com/linux-audit/audit-kernel/issues/67 Link: https://lore.kernel.org/r/f5f1a4d8699613f8c02ce762807228c841c2e26f.1621363275.git.rgb@redhat.com Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> [PM: merge fuzz due to previous header rename, commit line wraps] Signed-off-by: Paul Moore <paul@paul-moore.com> 2021-10-01T20:41:33Z Richard Guy Briggs rgb@redhat.com 2021-05-19T20:00:20Z urn:sha1:42f355ef59a2f98fa4affb4265d3ba3e2d86baf1 Replace audit syscall class magic numbers with macros. This required putting the macros into new header file include/linux/audit_arch.h since the syscall macros were included for both 64 bit and 32 bit in any compat code, causing redefinition warnings. Link: https://lore.kernel.org/r/2300b1083a32aade7ae7efb95826e8f3f260b1df.1621363275.git.rgb@redhat.com Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> [PM: renamed header to audit_arch.h after consulting with Richard] Signed-off-by: Paul Moore <paul@paul-moore.com> 2021-09-14T19:10:03Z Thomas Gleixner tglx@linutronix.de 2021-09-08T13:29:37Z urn:sha1:f3305be5feecae62adfa5a6a1441a76493fe7412 None of the call sites cares about the error code. All they need to know is whether the function succeeded or not. Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20210908132525.909065931@linutronix.de 2021-09-14T19:10:03Z Thomas Gleixner tglx@linutronix.de 2021-09-08T13:29:35Z urn:sha1:ee4ecdfbd28954086a09740dc931c10c93e39370 None of the call sites cares about the return code. All they are interested in is success or fail. Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20210908132525.851280949@linutronix.de 2021-09-14T19:10:03Z Thomas Gleixner tglx@linutronix.de 2021-09-08T13:29:32Z urn:sha1:052adee668284b67105375c0a524f16a423f1424 None of the call sites cares about the actual return code. Change the return type to boolean and return 'true' on success. Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20210908132525.736773588@linutronix.de 2021-09-03T16:42:01Z David Hildenbrand david@redhat.com 2021-04-23T07:42:41Z urn:sha1:4589ff7ca81516381393649dec8dd4948884b2b2 At exec time when we mmap the new executable via MAP_DENYWRITE we have it opened via do_open_execat() and already deny_write_access()'ed the file successfully. Once exec completes, we allow_write_acces(); however, we set mm->exe_file in begin_new_exec() via set_mm_exe_file() and also deny_write_access() as long as mm->exe_file remains set. We'll effectively deny write access to our executable via mm->exe_file until mm->exe_file is changed -- when the process is removed, on new exec, or via sys_prctl(PR_SET_MM_MAP/EXE_FILE). Let's remove all usage of MAP_DENYWRITE, it's no longer necessary for mm->exe_file. In case of an elf interpreter, we'll now only deny write access to the file during exec. This is somewhat okay, because the interpreter behaves (and sometime is) a shared library; all shared libraries, especially the ones loaded directly in user space like via dlopen() won't ever be mapped via MAP_DENYWRITE, because we ignore that from user space completely; these shared libraries can always be modified while mapped and executed. Let's only special-case the main executable, denying write access while being executed by a process. This can be considered a minor user space visible change. While this is a cleanup, it also fixes part of a problem reported with VM_DENYWRITE on overlayfs, as VM_DENYWRITE is effectively unused with this patch and will be removed next: "Overlayfs did not honor positive i_writecount on realfile for VM_DENYWRITE mappings." [1] [1] https://lore.kernel.org/r/YNHXzBgzRrZu1MrD@miu.piliscsaba.redhat.com/ Reported-by: Chengguang Xu <cgxu519@mykernel.net> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Christian König <christian.koenig@amd.com> Signed-off-by: David Hildenbrand <david@redhat.com> 2021-09-03T16:42:01Z David Hildenbrand david@redhat.com 2021-04-22T10:53:00Z urn:sha1:42be8b42535183f84df99acbaf799e38724348f3 uselib() is the legacy systemcall for loading shared libraries. Nowadays, applications use dlopen() to load shared libraries, completely implemented in user space via mmap(). For example, glibc uses MAP_COPY to mmap shared libraries. While this maps to MAP_PRIVATE | MAP_DENYWRITE on Linux, Linux ignores any MAP_DENYWRITE specification from user space in mmap. With this change, all remaining in-tree users of MAP_DENYWRITE use it to map an executable. We will be able to open shared libraries loaded via uselib() writable, just as we already can via dlopen() from user space. This is one step into the direction of removing MAP_DENYWRITE from the kernel. This can be considered a minor user space visible change. Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Christian König <christian.koenig@amd.com> Signed-off-by: David Hildenbrand <david@redhat.com>