James Bottomley [Thu, 4 Apr 2019 13:39:11 +0000 (15:39 +0200)]
UBUNTU: SAUCE: shiftfs: uid/gid shifting bind mount
BugLink: https://bugs.launchpad.net/bugs/1823186
This allows any subtree to be uid/gid shifted and bound elsewhere. It
does this by operating simlarly to overlayfs. Its primary use is for
shifting the underlying uids of filesystems used to support
unpriviliged (uid shifted) containers. The usual use case here is
that the container is operating with an uid shifted unprivileged root
but sometimes needs to make use of or work with a filesystem image
that has root at real uid 0.
The mechanism is to allow any subordinate mount namespace to mount a
shiftfs filesystem (by marking it FS_USERNS_MOUNT) but only allowing
it to mount marked subtrees (using the -o mark option as root). Once
mounted, the subtree is mapped via the super block user namespace so
that the interior ids of the mounting user namespace are the ids
written to the filesystem.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
[ saf: use designated initializers for path declarations to fix errors
with struct randomization ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[update: port to 5.0] Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Mon, 4 Feb 2019 13:23:14 +0000 (05:23 -0800)]
UBUNTU: SAUCE: apparmor: add proc subdir to attrs
This patch provides a /proc/<pid>/attr/apparmor/
subdirectory. Enabling userspace to use the apparmor attributes
without having to worry about collisions with selinux or smack on
interface files in /proc/<pid>/attr.
Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Casey Schaufler [Sat, 29 Dec 2018 01:35:55 +0000 (17:35 -0800)]
UBUNTU: SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display
Create a new entry "display" in /proc/.../attr for controlling
which LSM security information is displayed for a process.
The name of an active LSM that supplies hooks for human readable
data may be written to "display" to set the value. The name of
the LSM currently in use can be read from "display".
Casey Schaufler [Wed, 12 Dec 2018 01:10:15 +0000 (17:10 -0800)]
UBUNTU: SAUCE: LSM: Limit calls to certain module hooks
LSM hooks dealing with security context strings should
only be called for one security module. Add call macros
that invoke a single module hook and us in for those cases.
John Johansen [Mon, 18 Mar 2019 23:11:45 +0000 (16:11 -0700)]
UBUNTU: SAUCE: LSM: Infrastructure management of the sock security
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
[ saf: resolve minor conflict in security/selinux/netlabel.c
when rebasing to 5.2-rc1 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Wed, 27 Feb 2019 14:17:08 +0000 (08:17 -0600)]
UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on xfail
I changed the test for VXLAN underlay in non-default VRF to print
XFAIL for expected failure, but the script still exits with an
error which makes the test overall fail. Fix this to still exit
successfully following the xfail.
Seth Forshee [Mon, 25 Feb 2019 15:13:40 +0000 (09:13 -0600)]
UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-default VRF an expected failure
This is a new test and fails with older Ubuntu kernels, so it's
not a regression. Change the output from "FAIL" to "XFAIL" for
now so it won't cause test failures. This is temporary until we
find out the reason the test fails.
Seth Forshee [Wed, 20 Feb 2019 21:11:18 +0000 (22:11 +0100)]
UBUNTU: SAUCE: selftests: pmtu: disable accept_dad for tests
The pmtu_ipv6_exception can fail if IPv6 DAD has not completd
by the time the test attempts to make use of the interface.
Prevent this by disabling DAD on the interfaces.
UBUNTU: SAUCE: prevent a glibc test failure when looking for obsolete types on headers
BugLink: https://bugs.launchpad.net/bugs/1813060
glibc will look for ulong and other obsolete types on headers, including linux
headers, and warn of their use. That, unfortunately, makes automated testing
fail.
Though that type is only referred inside a comment, and the test is what needs
fixing, we are temporarily changing the comment to make tests pass.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Seth Forshee [Wed, 6 Feb 2019 21:17:10 +0000 (15:17 -0600)]
UBUNTU: hio -- part_round_stats() removed in 5.0
This can no longer be called. The only place which was still
calling it for 4.14 and later was ssd_update_smart(), and it was
not updating any statistics used there anyhow, so there's no need
to replace the call with anything else.
Seth Forshee [Wed, 6 Feb 2019 20:12:43 +0000 (14:12 -0600)]
UBUNTU: hio -- replace use of do_gettimeofday()
This function was removed in 5.0. In all cases only the seconds
component of the time is used, and we don't have to worry about
backward compatibility, so just replace it with
ktime_get_real_seconds();
Seth Forshee [Wed, 6 Feb 2019 19:49:13 +0000 (13:49 -0600)]
UBUNTU: hio -- stub out BIOVEC_PHYS_MERGEABLE for 4.20+
This was moved to be internal to the block core in 4.20. It looks
to me like the driver doesn't need to be doing this anyway, as
the block layer already tries to merge bio segments when possible.
But in the worst case we still just end up with segments which
could have been merged but are not merged, which doesn't look to
be fatal.
UBUNTU: SAUCE: selftests: net: fix "from" match test in fib_rule_tests.sh
Fix the IPv4 address of the dummy0 interface and ensure that ip_forward
is enabled in the network space to get a valid response when checking
for routes between the gateway and other hosts.
Seth Forshee [Fri, 25 Jan 2019 18:43:49 +0000 (12:43 -0600)]
UBUNTU: SAUCE: selftests/ftrace: Fix tab expansion in trace_marker snapshot trigger test
When trace lines are passed through echo tabs are being changed
to spaces, causing later string comparisons to fail. Add quotes
around the variables to prevent this.
UBUNTU: SAUCE: binder: give binder_alloc its own debug mask file
Currently both binder.c and binder_alloc.c both register the
/sys/module/binder_linux/paramters/debug_mask file which leads to conflicts
in sysfs. This commit gives binder_alloc.c its own
/sys/module/binder_linux/paramters/alloc_debug_mask file.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
The Android binder driver needs to become a module for the sake of shipping
Anbox. To do this we need to export the following functions since binder is
currently still using them:
The Android ashmem driver needs to become a module for the sake of Anbox.
To do this we need to export shmem_zero_setup() since ashmem is currently
using is.
Note, the abomination that is the Android ashmem driver will go away in the
not so distant future in favour of memfds.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Juerg Haefliger [Fri, 18 Jan 2019 12:40:02 +0000 (13:40 +0100)]
UBUNTU: SAUCE: fan: Fix NULL pointer dereference
BugLink: https://bugs.launchpad.net/bugs/1811803
Fix a NULL pointer dereference in fan code that can easily be triggered
by running:
$ sudo ip link add foo type ipip
Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kai-Heng Feng [Thu, 6 Dec 2018 07:00:41 +0000 (15:00 +0800)]
UBUNTU: SAUCE: Add r8822be to signature inclusion list
BugLink: https://bugs.launchpad.net/bugs/1806472
r8822be is sent and maintained by pkshih@realtek.com, so it's in a good
shape. Let's add it to signature inclusion list.
Kai-Heng Feng [Mon, 3 Dec 2018 06:27:20 +0000 (14:27 +0800)]
UBUNTU: SAUCE: (noup) USB: usb-storage: Make MMC support optional on ums-realtek
BugLink: https://bugs.launchpad.net/bugs/1806335
Hardware vendors may not pay the MMC royalty, so MMC support needs to be
disabled on Ubuntu pre-installed hardwares.
The current approach is to use an out-of-tree module to disable MMC
support, but it's hard to maintain and it disables secure boot.
Use a new knob "enable_mmc" to enable/disable mmc support, so
pre-installed systems can easily turn MMC off.
Realtek doesn't want this feature in mainline kernel, but they are okay
to have this in Ubuntu's kernel. So let's have it here.
Andy Whitcroft [Fri, 19 Oct 2018 16:44:53 +0000 (16:44 +0000)]
UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading directories
BugLink: https://launchpad.net/bugs/1793458
When reading directory contents ensure the mounter has permissions for
the operation over the constituent parts (lower and upper). Where we are
in a namespace this ensures that the mounter (root in that namespace)
has permissions over the files and directories, preventing exposure of
protected files and directory contents.
CVE-2018-6559
Signed-off-by: Andy Whitcroft <apw@canonical.com>
[tyhicks: make use of new upstream check in ovl_permission() for copy-ups]
[tyhicks: make use of creator (mounter) creds hanging off the super block] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Kai-Heng Feng [Thu, 22 Nov 2018 07:15:09 +0000 (07:15 +0000)]
UBUTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3
BugLink: https://bugs.launchpad.net/bugs/1804588
It leads to the power consumption increases 2.8W during s2idle, while it
consumes much less idle if forbidding put Intel NVMe to D3 and before
entering S2Idle.
Windows doesn't put NVMe to D3 in Modern Standby, and uses its own APST
feature to do the power management. To leverage its APST feature during
s2idle, we can't disable nvme device while suspending, too.
So, here is what we do to the driver:
- Prevent nvme from entering D3,
- Prevent nvme from being disabled when suspending.
UBUNTU: SAUCE: x86/quirks: Scan all busses for early PCI quirks
BugLink: https://bugs.launchpad.net/bugs/1797990
Recently was noticed in an HP GEN9 system that kdump couldn't succeed
due to an irq storm coming from an Intel NIC, narrowed down to be lack
of clearing the MSI/MSI-X enable bits during the kdump kernel boot.
For that, we need an early quirk to manually turn off MSI/MSI-X for
PCI devices - this was worked as an optional boot parameter in a
(~subsequent~) previous patch.
Problem is that in our test system, the Intel NICs were not present in
any secondary bus under the first PCIe root complex, so they couldn't
be reached by the recursion in check_dev_quirk(). Modern systems,
specially with multi-processors and multiple NUMA nodes expose multiple
root complexes, describing more than one PCI hierarchy domain. Currently
the simple recursion present in the early-quirks code from x86 starts a
descending recursion from bus 0000:00, and reach many other busses by
navigating this hierarchy walking through the bridges. This is not
enough in systems with more than one root complex/host bridge, since
the recursion won't "traverse" to other root complexes by starting
statically in 0000:00 (for more details, see [0]).
This patch hence implements the full bus/device/function scan in
early_quirks(), by checking all possible busses instead of using a
recursion based on the first root bus or limiting the search scope to
the first 32 busses (like it was done in the beginning [1]).
[1] From historical perspective, early PCI scan dates back
to BitKeeper, added by Andi Kleen's "[PATCH] APIC fixes for x86-64",
on October/2003. It initially restricted the search to the first
32 busses and slots.
Due to a potential bug found in Nvidia chipsets, the scan
was changed to run only in the first root bus: see
commit 8659c406ade3 ("x86: only scan the root bus in early PCI quirks")
Finally, secondary busses reachable from the 1st bus were re-added back by:
commit 850c321027c2 ("x86/quirks: Reintroduce scanning of secondary buses")
Reported-by: Dan Streetman <ddstreet@canonical.com> Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
[mfo: v2:
- gate the bus-scan differences with the cmdline option.
- update changelog: subsequent/previous patch.] Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
UBUNTU: SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
BugLink: https://bugs.launchpad.net/bugs/1797990
We observed a kdump failure in x86 that was narrowed down to MSI irq
storm coming from a PCI network device. The bug manifests as a lack of
progress in the boot process of kdump kernel, and a flood of kernel
messages like:
[...]
[ 342.265294] do_IRQ: 0.155 No irq handler for vector
[ 342.266916] do_IRQ: 0.155 No irq handler for vector
[ 347.258422] do_IRQ: 14053260 callbacks suppressed
[...]
The root cause of the issue is that kexec process of the kdump kernel
doesn't ensure PCI devices are reset or MSI capabilities are disabled,
so a PCI adapter could produce a huge amount of irqs which would steal
all the processing time for the CPU (specially since we usually restrict
kdump kernel to use a single CPU only).
This patch implements the kernel parameter "pci=clearmsi" to clear the
MSI/MSI-X enable bits in the Message Control register for all PCI devices
during early boot time, thus preventing potential issues in the kexec'ed
kernel. PCI spec also supports/enforces this need (see PCI Local Bus
spec sections 6.8.1.3 and 6.8.2.3).
Suggested-by: Dan Streetman <ddstreet@canonical.com> Suggested-by: Gavin Shan <shan.gavin@linux.alibaba.com> Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com> Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
UBUNTU: SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
BugLink: https://bugs.launchpad.net/bugs/1797990
This patch exports (and renames) the function find_cap() to be used
in the early PCI quirk code, by the next patch.
This is being moved out from AGP code to generic early-PCI code
since it's not AGP-specific and can be used for any PCI device.
No functional changes intended.
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com> Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
AceLan Kao [Tue, 6 Nov 2018 10:53:13 +0000 (18:53 +0800)]
UBUNTU: SAUCE: pci: prevent sk hynix nvme from entering D3
BugLink: https://bugs.launchpad.net/bugs/1801875
It leads to the power consumption raises to 2.2W during s2idle, while
it consumes less than 1W during long idle if put SK hynix nvme to D3
and then enter s2idle.
From SK hynix FE, MS Windows doesn't put nvme to D3, and uses its own
APST feature to do the power management.
To leverage its APST feature during s2idle, we can't disable nvme
device while suspending, too.
BTW, prevent it from entering D3 will increase the power consumtion around
0.13W ~ 0.15W during short/long idle, and the power consumption during
s2idle becomes 0.77W.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
AceLan Kao [Thu, 20 Sep 2018 08:41:14 +0000 (16:41 +0800)]
UBUNTU: SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
BugLink: https://bugs.launchpad.net/bugs/1727235
The Dell AIO machines released after 2017 come with a UART interface
to communicate with the backlight scalar board. This driver creates
a standard backlight interface and talks to the scalar board through
UART.
In DSDT this uart port will be defined as
Name (_HID, "DELL0501")
Name (_CID, EisaId ("PNP0501")
The 8250 PNP driver will be loaded by default, and this driver uses
"DELL0501" to confirm the uart port is a backlight interface and
leverage the port created by 8250 PNP driver to communicate with
the scalar board.
v2:
1. move struct uart_cmd to .c file
2. make dell_uart_get_bl_power() inline
3. add space to ternary operator "bl_cmd->cmd[2] = power ? 0 : 1;"
4. check return value of kzalloc()
5. add kzfree()
6. check return value of backlight_device_register()
7. check return value of filp_open() at init
v3:
1. Fix compiling warning.
v4:
1. make *tty and *ftty static
2. bl_cmd->ret[0] will never be less than 0, fixed the if statement
3. fix some line over 80 chars warnings.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active
BugLink: https://bugs.launchpad.net/bugs/1793430
[Description]
In a heavily loaded system where the system pagecache is nearing memory limits and fscache is enabled,
pages can be leaked by fscache while trying read pages from cachefiles backend.
This can happen because two applications can be reading same page from a single mount,
two threads can be trying to read the backing page at same time. This results in one of the thread
finding that a page for the backing file or netfs file is already in the radix tree. During the error
handling cachefiles does not cleanup the reference on backing page, leading to page leak.
[Fix]
The fix is straightforward, to decrement the reference when error is encounterd.
[Testing]
I have tested the fix using following method for 12+ hrs.
1) mkdir -p /mnt/nfs ; mount -o vers=3,fsc <server_ip>:/export /mnt/nfs
2) create 10000 files of 2.8MB in a NFS mount.
3) start a thread to simulate heavy VM presssure
(while true ; do echo 3 > /proc/sys/vm/drop_caches ; sleep 1 ; done)&
4) start multiple parallel reader for data set at same time
find /mnt/nfs -type f | xargs -P 80 cat > /dev/null &
find /mnt/nfs -type f | xargs -P 80 cat > /dev/null &
find /mnt/nfs -type f | xargs -P 80 cat > /dev/null &
..
..
find /mnt/nfs -type f | xargs -P 80 cat > /dev/null &
find /mnt/nfs -type f | xargs -P 80 cat > /dev/null &
5) finally check using cat /proc/fs/fscache/stats | grep -i pages ;
free -h , cat /proc/meminfo and page-types -r -b lru
to ensure all pages are freed.
Reviewed-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Shantanu Goel <sgoel01@yahoo.com> Signed-off-by: Kiran Kumar Modukuri <kiran.modukuri@gmail.com>
[dja: forward ported to current upstream] Signed-off-by: Daniel Axtens <dja@axtens.net>
[applied from
https://www.redhat.com/archives/linux-cachefs/2018-September/msg00002.html
This is v3 of the patch. v2 has sat on the list for weeks without
any response or forward progress. v1 was first posted in 2014 and
was reposted this August.] Signed-off-by: Daniel Axtens <daniel.axtens@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Andy Whitcroft [Wed, 12 Sep 2018 08:50:46 +0000 (09:50 +0100)]
UBUNTU: SAUCE: vfio -- release device lock before userspace requests
During a hotplug event vfio_pci_remove() will call
vfio_del_group_dev() to release the device group. This may trigger
a userspace request. Currently this userspace request is performed
while holding the device lock. This leads userspace to deadlock
against it while trying to perform the requested cleanup.
Drop the device lock while the userspace request is in flight.
After it completes reaquire the lock and revalidate the device as
it may have been successfully removed by a concurrent operation.
As the remove callback may now drop the lock also check and
revalidation at the end of that operation.
BugLink: http://bugs.launchpad.net/bugs/1792099 Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com>
[ saf: resolve conflicts when rebasing to 5.2-rc1 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Mon, 26 Feb 2018 21:32:55 +0000 (15:32 -0600)]
UBUNTU: SAUCE: tools: use CC for linking acpi tools
Prior to 7ed1c1901fe5 ("tools: fix cross-compile var clobbering")
the acpi tools makefiles were using gcc for linking. That commit
causes ld to be used instead, however this doesn't work as the
flags supplied are meant for gcc and not ld. Change the acpi
tools rules to use $(QUIET_LINK)$(CC) for linking to fix this
regression.
Seth Forshee [Tue, 28 Aug 2018 15:57:44 +0000 (10:57 -0500)]
UBUNTU: SAUCE: Revert "vti6: fix PMTU caching and reporting on xmit"
BugLink: https://bugs.launchpad.net/bugs/1789436
The net/pmtu.sh self test is hanging due to a dangling reference
to a veth device which prevents module unload. We haven't yet
determined the root cause, but given that the problem being fixed
was introduced in 4.1 it should be safe to revert the change as a
temporary measure. So temporarily revert commit d6990976af7c5d8f55903bfb4289b6fb030bf754 until we have a better
fix.
The apparmor policy language current does not allow expressing of the
locking permission for no-fs unix sockets. However the kernel is
enforcing mediation.
Add the AA_MAY_LOCK perm to the computed perm mask which will grant
permission for all current abi profiles, but still allow specifying
auditing of the operation if needed.
BugLink: http://bugs.launchpad.net/bugs/1780227 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Ben Hutchings [Wed, 4 Jul 2018 14:15:50 +0000 (16:15 +0200)]
UBUNTU: SAUCE: random: Make getrandom() ready earlier
This effectively reverts commit 725e828 "random: fix crng_ready()
test" which was commit 43838a23a05f upstream. Unfortunately some
users of getrandom() don't expect it to block for long, and they need
to be fixed before we can allow this change into stable.
This doesn't directly revert that commit, but only weakens the ready
condition used by getrandom() when the GRND_RANDOM flag is not set.
Calls to getrandom() that return before the RNG is fully seeded will
generate warnings, just like reads from /dev/urandom.
BugLink: https://bugs.launchpad.net/bugs/1780062
(backported from ://salsa.debian.org/kernel-team/linux/raw/stretch/debian/patches/debian/random-make-getrandom-ready-earlier.patch)
[smb: open code waiting in getrandom directly] Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Khaled Elmously <khalid.elmously@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: (namespace) block_dev: Forbid unprivileged mounting when device is opened for writing
For unprivileged mounts to be safe the user must not be able to
make changes to the backing store while it is mounted. This patch
takes a step towards preventing this by refusing to mount in a
user namepspace if the block device is open for writing and
refusing attempts to open the block device for writing by non-
root while it is mounted in a user namespace.
To prevent this from happening we use i_writecount in the inodes
of the bdev filesystem similarly to how it is used for regular
files. Whenever the device is opened for writing i_writecount
is checked; if it is negative the open returns -EBUSY, otherwise
i_writecount is incremented. On mount, a positive i_writecount
results in mount_bdev returning -EBUSY, otherwise i_writecount
is decremented. Opens by root and mounts from init_user_ns do not
check nor modify i_writecount.
Seth Forshee [Tue, 9 Feb 2016 19:26:34 +0000 (13:26 -0600)]
UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts
This is still an experimental feature, so disable it by default
and allow it only when the system administrator supplies the
userns_mounts=true module parameter.
Seth Forshee [Sat, 18 Oct 2014 11:02:09 +0000 (13:02 +0200)]
UBUNTU: SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces
Support unprivileged mounting of ext4 volumes from user
namespaces. This requires the following changes:
- Perform all uid, gid, and projid conversions to/from disk
relative to s_user_ns. In many cases this will already be
handled by the vfs helper functions. This also requires
updates to handle cases where ids may not map into s_user_ns.
A new helper, projid_valid_eq(), is added to help with this.
- Update most capability checks to check for capabilities in
s_user_ns rather than init_user_ns. These mostly reflect
changes to the filesystem that a user in s_user_ns could
already make externally by virtue of having write access to
the backing device.
- Restrict unsafe options in either the mount options or the
ext4 superblock. Currently the only concerning option is
errors=panic, and this is made to require CAP_SYS_ADMIN in
init_user_ns.
- Verify that unprivileged users have the required access to the
journal device at the path passed via the journal_path mount
option.
Note that for the journal_path and the journal_dev mount
options, and for external journal devices specified in the
ext4 superblock, devcgroup restrictions will be enforced by
__blkdev_get(), (via blkdev_get_by_dev()), ensuring that the
user has been granted appropriate access to the block device.
- Set the FS_USERNS_MOUNT flag on the filesystem types supported
by ext4.
sysfs attributes for ext4 mounts remain writable only by real
root.
Seth Forshee [Wed, 7 Oct 2015 19:53:33 +0000 (14:53 -0500)]
UBUNTU: SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting
Unprivileged users should not be able to mount mtd block devices
when they lack sufficient privileges towards the block device
inode. Update mount_mtd() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
Seth Forshee [Wed, 7 Oct 2015 19:49:47 +0000 (14:49 -0500)]
UBUNTU: SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting
Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
UBUNTU: SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev()
When looking up a block device by path no permission check is
done to verify that the user has access to the block device inode
at the specified path. In some cases it may be necessary to
check permissions towards the inode, such as allowing
unprivileged users to mount block devices in user namespaces.
Add an argument to lookup_bdev() to optionally perform this
permission check. A value of 0 skips the permission check and
behaves the same as before. A non-zero value specifies the mask
of access rights required towards the inode at the specified
path. The check is always skipped if the user has CAP_SYS_ADMIN.
All callers of lookup_bdev() currently pass a mask of 0, so this
patch results in no functional change. Subsequent patches will
add permission checks where appropriate.
John Johansen [Sun, 17 Jun 2018 10:56:25 +0000 (03:56 -0700)]
UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules
The networking rules upstreamed in 4.17 have a deliberate abi break
with the older 2.x network rules.
This patch provides compatibility with the older rules for those
still using an apparmor 2.x userspace and still want network rules
to work on a newer kernel.
Signed-off-by: John Johansen <john.johansen@canonical.com>
[ saf: resolve conflicts when rebasing to 4.20 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Paolo Pisati [Thu, 14 Jun 2018 10:08:56 +0000 (12:08 +0200)]
UBUNTU: SAUCE: wcn36xx: read MAC from file or randomly generate one
BugLink: http://bugs.launchpad.net/bugs/1776491
By default, wcn36xx initializes itself with a dummy 00:00:00:00:00:00 MAC
address, preventing the interface from working until a valid MAC address was set.
While not an issue on Ubuntu Classic (where the user can always set it
later on the command line or via /etc/network/interfaces), it became a problem
on Ubuntu Core where the wifi interface is probed during installation,
before the user has any chance to set a new MAC address.
To overcome this scenario, the wcn36xx driver in Xenial had a couple of features:
1) during probe, if /lib/firmware/wlan/macaddr0 was present, its content was
used as the new MAC address
2) if that failed, a pseudo-random MAC addres was generated and set
and this is a port of a the corresponding Xenial code to Bionic:
see xenial/snapdragon tree,
drivers/net/wireless/ath/wcn36xx/wcn36xx-msm.c::wcn36xx_msm_get_hw_mac().
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
AceLan Kao [Thu, 24 May 2018 05:41:21 +0000 (13:41 +0800)]
UBUNTU: SAUCE: alx: add enable_wol paramenter
BugLink: https://launchpad.net/bugs/1772610
The WoL feature was reported broken and will lead to the system resumes
immediately after suspended. This symptom is not happening on every
system, and we don't have any machines can reproduce this issue.
To avoid regression, adding enable_wol option and disable
WoL feature by default to prevent the issue from happening.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Kleber Souza <kleber.souza@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
[ saf: hold rtnl during _alx_open() as in bc800e8b39ba "alx: take rtnl before
calling __alx_open from resume" ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm
BugLink: http://bugs.launchpad.net/bugs/1764816
This has the same name as another module, and due to some quirk
only one of them will get installed. Which one it is seems to be
nondeterministic, but if the drm module is missing in our
snapdragon flavor then the display and audio will fail to work.
Rename the module to avoid the duplication.
Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Ryan Harper [Mon, 11 Dec 2017 14:12:01 +0000 (09:12 -0500)]
UBUNTU: SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
BugLink: http://bugs.launchpad.net/bugs/1729145
- decouple emitting a cached_dev CHANGE uevent which includes dev.uuid
and dev.label from bch_cached_dev_run() which only happens when a
bcacheX device is bound to the actual backing block device (bcache0 -> vdb)
- update bch_cached_dev_run() to invoke bch_cached_dev_emit_change() as
needed; no functional code path changes here
- Modify register_bcache to detect a re-registering of a bcache
cached_dev, and in that case call bcache_cached_dev_emit_change() to
Signed-off-by: Ryan Harper <ryan.harper@canonical.com> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
[ saf: adjust context for 5.3-rc1 ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Raymond Liu <raymondx.liu@intel.com> Signed-off-by: Wen-chien Jesse Sung <jesse.sung@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Andy Whitcroft [Tue, 13 Feb 2018 14:48:56 +0000 (14:48 +0000)]
UBUNTU: SAUCE: tools -- add ability to disable libbfd
We do not want to be linked to libbfd as this is a tightly versioned
package which does not maintain its ABI. This prevents us from have
multiple tools packages installed. Turn that off and we will fallback
to libiberty.
BugLink: http://bugs.launchpad.net/bugs/1748922 Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Mon, 4 Dec 2017 13:14:41 +0000 (07:14 -0600)]
UBUNTU: SAUCE: mm: fix memory hotplug in ZONE_HIGHMEM
BugLink: http://bugs.launchpad.net/bugs/1732463
Prior to f1dd2cd13c4b "mm, memory_hotplug: do not associate
hotadded memory to zones until online" 32-bit x86 with
CONFIG_HIGHMEM=y would default to ZONE_HIGHMEM for hotplugged
memory. That commit changed this to ZONE_NORMAL and made it
impossible for hotplugged memory to be added to ZONE_HIGHMEM,
resulting in oopses whenever the kernel tries to use hotplugged
memory that should have been placed in ZONE_HIGHMEM.
This has been reported upstream, but as a temporary fix make the
following changes:
- If CONFIG_HIGHMEM=y, also look in ZONE_HIGHMEM when searching
for a matching zone for memory being onlined.
- Allow the arch to specify the default zone to be used if no
matching zone is found.
- Change 32-bit x86 to set the default zone to ZONE_HIGHMEM if
CONFIG_HIGHMEM=y.
Seth Forshee [Fri, 1 Dec 2017 21:08:32 +0000 (15:08 -0600)]
UBUNTU: SAUCE: mm: disable vma based swap readahead by default
BugLink: http://bugs.launchpad.net/bugs/1732463
Starting with 4.14 our test for CVE-2015-7550 started oopsing the
kernel on i386 with the following stack trace:
I'm not able to reproduce this outside of ADT, but vma based swap
readahead is a new feature in 4.14 so it seems quite likely that
this is where the bug lies. However I'm not able to reproduce the
problem outside of ADT to confirm this.
So for now disable this feature by default so we can see if that
gets the test to pass. It can still be enabled by writing to
/sys/kernel/mm/swap/vma_ra_enabled if desired.
Inlining cpu_to_node ends up with the GPL exported array cpu_topology
being pulled into all sources that call cpu_to_node and indirectly
makes cpu_to_node into a function that has the same GPL exported
constraints. This is unlike any other architecture where cpu_to_node
does not have this constraint. Fix this by making cpu_to_node a macro
that calls a non-inlined __cpu_to_node helper function that performs
the same as the original cpu_to_node.
Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Mon, 23 Oct 2017 17:43:58 +0000 (12:43 -0500)]
UBUNTU: hio: Update io stat accounting for 4.14
In 4.14-rc1 invflight accounting calls were updated to require a
request queue be passed, and part_(inc|dec)_in_flight() were
moved out of linux/genhd.h and are not exported to modules. Make
a couple of updates to cope with these changes:
- Pass the rq to part_round_stats for 4.14 and later.
- Use generic_(start|end)_io_acct() helpers for io accounting
with 4.14 and later. These do exactly what was being done with
the no-longer-exported interfaces.
Seth Forshee [Mon, 23 Oct 2017 17:38:10 +0000 (12:38 -0500)]
UBUNTU: hio: Use correct sizes when initializing ssd_index_bits* arrays
The memsets which initialize these arrays use a size of the
number of elements in the array without multplying by the size of
the array elements, therefore these arrays are only partially
initialized. Fix this by using sizeof to trivially get the
correct size for these arrays.
UBUNTU: SAUCE: PCI: Disable broken RTIT_BAR of Intel TH
BugLink: http://bugs.launchpad.net/bugs/1715833
On some intergrations of the Intel TH the reported size of RTIT_BAR
doesn't match its actual size, which leads to overlaps with other
devices' resources.
For this reason, we need to disable the RTIT_BAR on Denverton where
it would overlap with XHCI MMIO space and effectively kill usb dead.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: hio: Fix incorrect use of enum req_opf values
BugLink: http://bugs.launchpad.net/bugs/1701316
Patch from Huawei to fix incorrect use of enumerated values for
bio operations as bitmasks. A reordering of the enum in 4.10
caused a change in behavior which has been leading to data
corruption.
UBUNTU: SAUCE: (no-up) net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
CVE-2014-9900
memset() the structure ethtool_wolinfo that has padded bytes
but the padded bytes have not been zeroed out.
Change-Id: If3fd2d872a1b1ab9521d937b86a29fc468a8bbfe Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org> Signed-off-by: Brad Figg <brad.figg@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Fri, 12 May 2017 20:29:18 +0000 (15:29 -0500)]
UBUNTU: SAUCE: Fix module signing exclusion in package builds
BugLink: http://bugs.launchpad.net/bugs/1690908
The current module signing exclusion implementation suffers from
two problems. First, it looks for the signed-inclusion file
relative to the path where make is executed and thus doesn't work
if the source and build directories are different. Second, the
signed-inclusion file lists only the module name, but the strings
searched for in the file include the path (and the path to the
module install location at that).
Fix these problems by updating scripts/Makefile.modinst to look
for signed-inclusion relative to the path of the source tree and
to use only the module name when matching against the contents of
that file.
Jay Vosburgh [Wed, 11 Nov 2015 13:04:50 +0000 (13:04 +0000)]
UBUNTU: SAUCE: fan: add VXLAN implementation
Generify the fan mapping support and utilise that to implement fan
mappings over vxlan transport.
Expose the existance of this functionality (when the module is loaded)
via an additional sysctl marker.
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
[apw@canonical.com: added feature marker for fan over vxlan.] Signed-off-by: Andy Whitcroft <apw@canonical.com>
Conflicts:
drivers/net/vxlan.c
include/uapi/linux/if_link.h
net/ipv4/ipip.c
Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Switch to a single tunnel for all mappings, this removes the limitations
on how many mappings each tunnel can handle, and therefore how many Fan
slices each local address may hold.
NOTE: This introduces a new kernel netlink interface which needs updated
iproute2 support.
BugLink: http://bugs.launchpad.net/bugs/1470091 Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
[saf: Fix conflicts during rebase to 4.12] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Conflicts:
include/uapi/linux/if_tunnel.h
net/ipv4/ipip.c
Seth Forshee [Tue, 19 Jan 2016 19:12:02 +0000 (13:12 -0600)]
UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
The original mounter had CAP_SYS_ADMIN in the user namespace
where the mount happened, and the vfs has validated that the user
has permission to do the requested operation. This is sufficient
for allowing the kernel to write these specific xattrs, so we can
bypass the permission checks for these xattrs.
To support this, export __vfs_setxattr_noperm and add an similar
__vfs_removexattr_noperm which is also exported. Use these when
setting or removing trusted.overlayfs.* xattrs.
projects / mirror_ubuntu-eoan-kernel.git / log