mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 00:48:50 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/powerpc/kernel
History
Linus Torvalds 17ae69aba8 Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com> 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ
 BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW
 OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T
 TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu
 bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL
 W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA
 VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+
 5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R
 TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr
 ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR
 1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg
 yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM=
 =uCN4
 -----END PGP SIGNATURE-----

Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull Landlock LSM from James Morris:
 "Add Landlock, a new LSM from Mickaël Salaün.

  Briefly, Landlock provides for unprivileged application sandboxing.

  From Mickaël's cover letter:
    "The goal of Landlock is to enable to restrict ambient rights (e.g.
     global filesystem access) for a set of processes. Because Landlock
     is a stackable LSM [1], it makes possible to create safe security
     sandboxes as new security layers in addition to the existing
     system-wide access-controls. This kind of sandbox is expected to
     help mitigate the security impact of bugs or unexpected/malicious
     behaviors in user-space applications. Landlock empowers any
     process, including unprivileged ones, to securely restrict
     themselves.

     Landlock is inspired by seccomp-bpf but instead of filtering
     syscalls and their raw arguments, a Landlock rule can restrict the
     use of kernel objects like file hierarchies, according to the
     kernel semantic. Landlock also takes inspiration from other OS
     sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
     Pledge/Unveil.

     In this current form, Landlock misses some access-control features.
     This enables to minimize this patch series and ease review. This
     series still addresses multiple use cases, especially with the
     combined use of seccomp-bpf: applications with built-in sandboxing,
     init systems, security sandbox tools and security-oriented APIs [2]"

  The cover letter and v34 posting is here:

      https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/

  See also:

      https://landlock.io/

  This code has had extensive design discussion and review over several
  years"

Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]

* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  landlock: Enable user space to infer supported features
  landlock: Add user and kernel documentation
  samples/landlock: Add a sandbox manager example
  selftests/landlock: Add user space tests
  landlock: Add syscall implementations
  arch: Wire up Landlock syscalls
  fs,security: Add sb_delete hook
  landlock: Support filesystem access-control
  LSM: Infrastructure management of the superblock
  landlock: Add ptrace restrictions
  landlock: Set up the security framework and manage credentials
  landlock: Add ruleset and domain management
  landlock: Add object management
2021-05-01 18:50:44 -07:00
..
ptrace powerpc updates for 5.13 2021-04-30 12:22:28 -07:00
syscalls Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com> 2021-05-01 18:50:44 -07:00
trace powerpc: Rename probe_kernel_read_inst() 2021-04-21 22:52:33 +10:00
vdso32 powerpc updates for 5.13 2021-04-30 12:22:28 -07:00
vdso64 powerpc/vdso: Add support for time namespaces 2021-04-14 23:04:44 +10:00
.gitignore
align.c powerpc: Rename probe_kernel_read_inst() 2021-04-21 22:52:33 +10:00
asm-offsets.c powerpc/64e/interrupt: use new interrupt return 2021-04-14 23:04:20 +10:00
audit.c
btext.c treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
cacheinfo.c powerpc/cacheinfo: Print correct cache-sibling map/list for L2 cache 2020-12-11 00:10:25 +11:00
cacheinfo.h
compat_audit.c
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_fsl_booke.S powerpc: Retire e200 core (mpc555x processor) 2020-12-05 21:49:18 +11:00
cpu_setup_pa6t.S
cpu_setup_power.c powerpc/perf: MMCR0 control for PMU registers under PMCC=00 2020-12-04 01:01:29 +11:00
cpu_setup_ppc970.S
cputable.c arch: powerpc: Stop building and using oprofile 2021-01-29 10:05:51 +05:30
crash_dump.c
dawr.c powerpc/watchpoint: Guest support for 2nd DAWR hcall 2020-07-26 23:34:19 +10:00
dbell.c powerpc: handle irq_enter/irq_exit in interrupt handler wrappers 2021-02-09 00:10:49 +11:00
dma-iommu.c powerpc/dma: Fallback to dma_ops when persistent memory present 2020-11-27 10:33:42 +01:00
dma-mask.c
dma-swiotlb.c
dt_cpu_ftrs.c arch: powerpc: Stop building and using oprofile 2021-01-29 10:05:51 +05:30
early_32.c
eeh.c powerpc/eeh: remove unneeded semicolon 2021-04-23 01:38:04 +10:00
eeh_cache.c powerpc/eeh_cache: Fix a possible debugfs deadlock 2020-11-02 12:54:20 +11:00
eeh_driver.c pci-v5.9-changes 2020-08-07 18:48:15 -07:00
eeh_event.c
eeh_pe.c powerpc/eeh: Delete eeh_pe->config_addr 2020-10-07 22:34:47 +11:00
eeh_sysfs.c powerpc/eeh: Pass eeh_dev to eeh_ops->resume_notify() 2020-07-26 23:34:20 +10:00
entry_32.S powerpc/32: Manage KUAP in C 2021-03-29 13:22:11 +11:00
entry_64.S powerpc/64e/interrupt: reconcile irq soft-mask state in C 2021-04-14 23:04:43 +10:00
epapr_hcalls.S
epapr_paravirt.c
exceptions-64e.S powerpc/64e/interrupt: handle bad_page_fault in C 2021-04-14 23:04:43 +10:00
exceptions-64s.S Merge branch 'topic/ppc-kvm' into next 2021-04-18 23:55:12 +10:00
fadump.c powerpc/fadump: Fix sparse warnings 2021-04-22 20:59:04 +10:00
firmware.c powerpc: Reintroduce is_kvm_guest() as a fast-path check 2020-12-04 01:01:22 +11:00
fpu.S powerpc/32: Always enable data translation in exception prolog 2021-03-29 13:22:05 +11:00
fsl_booke_entry_mapping.S
head_8xx.S powerpc/8xx: Enhance readability of trap types 2021-04-21 22:52:31 +10:00
head_32.h powerpc/32s: Move KUEP locking/unlocking in C 2021-03-29 13:22:10 +11:00
head_40x.S powerpc/32: Refactor saving of volatile registers in exception prologs 2021-03-29 13:22:10 +11:00
head_44x.S powerpc/32: Remove the xfer parameter in EXCEPTION() macro 2021-03-29 13:22:09 +11:00
head_64.S powerpc/64s: Remove MSR[ISF] bit 2020-12-09 23:48:14 +11:00
head_book3s_32.S powerpc/32s: Enhance readability of trap types 2021-04-21 22:52:31 +10:00
head_booke.h powerpc/32s: Move KUEP locking/unlocking in C 2021-03-29 13:22:10 +11:00
head_fsl_booke.S powerpc/64e: Trivial spelling fixes throughout head_fsl_booke.S 2021-03-29 13:22:12 +11:00
hw_breakpoint.c powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions 2020-12-11 00:09:10 +11:00
hw_breakpoint_constraints.c powerpc/uaccess: Remove __get/put_user_inatomic() 2021-04-03 21:21:41 +11:00
idle.c sched/idle: Fix arch_cpu_idle() vs tracing 2020-11-24 16:47:35 +01:00
idle_6xx.S powerpc/32: Return directly from power_save_ppc32_restore() 2021-03-29 13:22:10 +11:00
idle_book3e.S
idle_book3s.S powerpc/64s: power4 nap fixup in C 2021-04-08 21:17:45 +10:00
idle_e500.S powerpc/32: Return directly from power_save_ppc32_restore() 2021-03-29 13:22:10 +11:00
ima_arch.c
interrupt.c powerpc/traps: Enhance readability for trap types 2021-04-17 22:20:19 +10:00
io-workarounds.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
io.c
iomap.c powerpc: inline iomap accessors 2020-12-04 01:01:09 +11:00
iommu.c powerpc/kernel/iommu: Use largepool as a last resort when !largealloc 2021-04-23 12:54:58 +10:00
irq.c powerpc/irq: Enhance readability of trap types 2021-04-21 22:52:32 +10:00
isa-bridge.c mm/vmalloc: remove unmap_kernel_range 2021-04-30 11:20:40 -07:00
jump_label.c powerpc: Switch to relative jump labels 2021-04-03 21:22:21 +11:00
kgdb.c powerpc/kernel: Trivial typo fix in kgdb.c 2021-03-29 13:22:15 +11:00
kprobes-ftrace.c ftrace: Have the callbacks receive a struct ftrace_regs instead of pt_regs 2020-11-13 12:14:55 -05:00
kprobes.c powerpc: kprobes: Use generic kretprobe trampoline handler 2020-09-08 11:52:34 +02:00
kvm.c
kvm_emul.S
l2cr_6xx.S powerpc: Drop SYNC_601() ISYNC_601() and SYNC() 2020-10-08 21:17:13 +11:00
legacy_serial.c powerpc/legacy_serial: Use early_ioremap() 2021-04-22 20:59:15 +10:00
Makefile powerpc/vdso: Make sure vdso_wrapper.o is rebuilt everytime vdso.so is rebuilt 2021-04-02 00:18:09 +11:00
mce.c powerpc/mce: save ignore_event flag unconditionally for UE 2021-04-21 22:52:32 +10:00
mce_power.c powerpc/64s/pseries: Add ERAT specific machine check handler 2020-12-04 01:01:23 +11:00
misc.S
misc_32.S powerpc/irq: Inline call_do_irq() and call_do_softirq() 2021-03-29 13:22:17 +11:00
misc_64.S powerpc/irq: Inline call_do_irq() and call_do_softirq() 2021-03-29 13:22:17 +11:00
module.c powerpc/modules: Load modules closer to kernel text 2021-04-14 23:04:13 +10:00
module_32.c
module_64.c maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault 2020-06-17 10:57:41 -07:00
msi.c
note.S
nvram_64.c printk: introduce a kmsg_dump iterator 2021-03-08 11:43:27 +01:00
of_platform.c powerpc/eeh: Remove eeh_dev_phb_init_dynamic() 2020-07-26 23:34:19 +10:00
optprobes.c powerpc: Enable OPTPROBES on PPC32 2021-04-21 22:52:32 +10:00
optprobes_head.S powerpc: Enable OPTPROBES on PPC32 2021-04-21 22:52:32 +10:00
paca.c powerpc: Avoid broken GCC __attribute__((optimize)) 2020-11-19 14:50:14 +11:00
pci-common.c powerpc/pci: Add ppc_md.discover_phbs() 2021-02-03 09:46:36 +11:00
pci-hotplug.c
pci_32.c
pci_64.c mm/vmalloc: remove unmap_kernel_range 2021-04-30 11:20:40 -07:00
pci_dn.c powerpc/pci: Move PHB discovery for PCI_DN using platforms 2021-02-09 00:01:05 +11:00
pci_of_scan.c
pmc.c
ppc32.h
ppc_save_regs.S
proc_powerpc.c
process.c powerpc/traps: Enhance readability for trap types 2021-04-17 22:20:19 +10:00
prom.c powerpc/smp: Cache CPU to chip lookup 2021-04-17 10:40:51 +10:00
prom_init.c powerpc: remove unneeded semicolon 2021-03-24 14:09:29 +11:00
prom_init_check.sh
prom_parse.c
reloc_32.S
reloc_64.S
rtas-proc.c powerpc/rtas: rename RTAS_RMOBUF_MAX to RTAS_USER_REGION_SIZE 2021-04-14 23:04:16 +10:00
rtas-rtc.c
rtas.c powerpc/rtas: rename RTAS_RMOBUF_MAX to RTAS_USER_REGION_SIZE 2021-04-14 23:04:16 +10:00
rtas_flash.c
rtas_pci.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
rtasd.c powerpc/rtasd: simplify handle_rtas_event(), emit message on events 2020-07-16 13:12:38 +10:00
secure_boot.c powerpc/pseries: Detect secure and trusted boot state of the system. 2020-07-16 14:49:53 +10:00
security.c powerpc/security: Make symbol 'stf_barrier' static 2021-04-14 23:04:13 +10:00
secvar-ops.c
secvar-sysfs.c
setup-common.c powerpc: Fix section mismatch warning in smp_setup_pacas() 2021-03-29 13:22:14 +11:00
setup.h powerpc: remove unneeded semicolons 2021-02-09 00:10:50 +11:00
setup_32.c powerpc/32: Statically initialise first emergency context 2021-03-29 13:22:06 +11:00
setup_64.c powerpc/powernv: Enable HAIL (HV AIL) for ISA v3.1 processors 2021-04-18 23:19:29 +10:00
signal.c powerpc/64: context tracking remove _TIF_NOHZ 2021-02-09 00:02:12 +11:00
signal.h powerpc/signal32: Convert do_setcontext[_tm]() to user access block 2021-04-03 21:22:19 +11:00
signal_32.c powerpc updates for 5.13 2021-04-30 12:22:28 -07:00
signal_64.c powerpc: remove partial register save logic 2021-04-14 23:04:44 +10:00
smp-tbsync.c
smp.c powerpc/smp: Set numa node before updating mask 2021-04-17 22:46:31 +10:00
stacktrace.c powerpc: Fix arch_stack_walk() to have running function as first entry 2021-03-29 13:22:16 +11:00
suspend.c
swsusp.c
swsusp_32.S
swsusp_64.c
swsusp_asm64.S
swsusp_booke.S
sys_ppc32.c powerpc/compat_sys: swap hi/lo parts of 64-bit syscall args in LE mode 2021-02-11 23:35:07 +11:00
syscalls.c powerpc/syscalls: Use sys_old_select() in ppc_select() 2021-03-26 23:19:42 +11:00
sysfs.c powerpc/sysfs: Remove unused 'err' variable in sysfs_create_dscr_default() 2020-09-18 20:05:24 +10:00
systbl.S powerpc/syscalls: switch to generic syscalltbl.sh 2021-04-14 23:04:16 +10:00
systbl_chk.sh
tau_6xx.c powerpc: handle irq_enter/irq_exit in interrupt handler wrappers 2021-02-09 00:10:49 +11:00
time.c powerpc: handle irq_enter/irq_exit in interrupt handler wrappers 2021-02-09 00:10:49 +11:00
tm.S powerpc/tm: Save and restore AMR on treclaim and trechkpt 2020-10-06 23:22:25 +11:00
traps.c powerpc/traps: Enhance readability for trap types 2021-04-17 22:20:19 +10:00
ucall.S
udbg.c
udbg_16550.c
uprobes.c powerpc/uprobes: Validation for prefixed instruction 2021-03-29 12:52:24 +11:00
vdso.c powerpc/vdso: Add support for time namespaces 2021-04-14 23:04:44 +10:00
vdso32_wrapper.S powerpc/vdso: fix unnecessary rebuilds of vgettimeofday.o 2021-01-30 22:23:42 +11:00
vdso64_wrapper.S powerpc/vdso: fix unnecessary rebuilds of vgettimeofday.o 2021-01-30 22:23:42 +11:00
vecemu.c
vector.S powerpc/32: Always enable data translation in exception prolog 2021-03-29 13:22:05 +11:00
vmlinux.lds.S powerpc/64s: fix scv entry fallback flush vs interrupt 2021-01-20 15:58:19 +11:00
watchdog.c powerpc: move NMI entry/exit code into wrapper 2021-02-09 00:10:50 +11:00