Lukasz Pawelczyk | 21 May 13:53 2015

[PATCH 0/8] Smack namespace

Hello,

Some time ago I sent a Smack namespace documentation and a preliminary
LSM namespace for RFC. I've been suggested that there shouldn't be a
separate LSM namespace and that it should live within user namespace.
And this version does. This is a complete set of patches required for
Smack namespace.

This was designed with a collaboration of Smack maintainer Casey
Schaufler.

Smack namespace have been implemented using user namespace hooks added
by one of the patches. To put some context to it I paste here a
documentation on what Smack namespace wants to achieve.

LSM hooks themselves are documented in the security.h file inside the
patch.

The patches are based on:
https://github.com/cschaufler/smack-next/tree/smack-for-4.2-stacked

===================================================================

--- What is a Smack namespace ---

Smack namespace was developed to make it possible for Smack to work
nicely with Linux containers where there is a full operating system
with its own init inside the namespace. Such a system working with
Smack expects to have at least partially working SMACK_MAC_ADMIN to be
able to change labels of processes and files. This is required to be
(Continue reading)

Alban Crequy | 21 May 12:30 2015
Picon

[PATCH] [RFC] fs, proc: don't guard /proc/≤pid>/task/≤tid>/children on CONFIG_CHECKPOINT_RESTORE

From: Alban Crequy <alban@...>

commit 818411616baf ("fs, proc: introduce
/proc/≤pid>/task/≤tid>/children entry") introduced the children entry
for checkpoint restore and the file is only available on kernels
configured with CONFIG_EXPERT and CONFIG_CHECKPOINT_RESTORE.

This is available in most distributions (Fedora, Debian, Ubuntu, CoreOS)
because they usually enable CONFIG_EXPERT and CONFIG_CHECKPOINT_RESTORE.
But Arch does not enable CONFIG_EXPERT or CONFIG_CHECKPOINT_RESTORE.

However, the children proc file is useful outside of checkpoint restore.
I would like to use it in rkt. The rkt process exec() another program it
does not control, and that other program will fork()+exec() a child
process. I would like to find the pid of the child process from an
external tool without iterating in /proc over all processes to find
which one has a parent pid equal to rkt.

Since the children proc file is useful outside of checkpoint-restore,
I am removing the guard on CONFIG_CHECKPOINT_RESTORE.

Signed-off-by: Alban Crequy <alban@...>
Cc: Iago Lopez Galeiras <iago@...>
---
 fs/proc/array.c | 2 --
 fs/proc/base.c  | 2 --
 2 files changed, 4 deletions(-)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index fd02a9e..6edec57 100644
(Continue reading)

Jarkko Sakkinen | 20 May 15:49 2015
Picon

[PATCH v6 0/3] Enable PPI sysfs interface for TPM 2.0

Changes since v5:
* Updated documentation.

Changes since v4:
* Removed dangling export of kernfs_remove_by_name_ns() from the sysfs
  patch.

Changes since v3:
* Use sysfs_remove_link()

Changes since v2:
* Fixed to_tpm_chip() macro.
* Split into two patches.
* Renamed sysfs_link_group_to_kobj to sysfs_link_entry_to_kobj
* Only create the "backwards compatibility" symlink for TPM 1.x devices.

Jarkko Sakkinen (3):
  sysfs: added sysfs_link_entry_to_kobj()
  tpm: move the PPI attributes to character device directory.
  tpm: update PPI documentation to address the location change.

 Documentation/ABI/testing/sysfs-driver-ppi | 19 +++++++++-----
 drivers/char/tpm/tpm-chip.c                | 24 +++++++++++------
 drivers/char/tpm/tpm.h                     | 17 +++++-------
 drivers/char/tpm/tpm_ppi.c                 | 34 ++++++++----------------
 fs/sysfs/group.c                           | 42 ++++++++++++++++++++++++++++++
 include/linux/sysfs.h                      |  8 ++++++
 6 files changed, 95 insertions(+), 49 deletions(-)

--

-- 
(Continue reading)

Alexei Starovoitov | 20 May 01:59 2015

[PATCH net-next 0/4] bpf: introduce bpf_tail_call() helper

Hi All,

introduce bpf_tail_call(ctx, &jmp_table, index) helper function
which can be used from BPF programs like:
int bpf_prog(struct pt_regs *ctx)
{
  ...
  bpf_tail_call(ctx, &jmp_table, index);
  ...
}
that is roughly equivalent to:
int bpf_prog(struct pt_regs *ctx)
{
  ...
  if (jmp_table[index])
    return (*jmp_table[index])(ctx);
  ...
}
The important detail that it's not a normal call, but a tail call.
The kernel stack is precious, so this helper reuses the current
stack frame and jumps into another BPF program without adding
extra call frame.
It's trivially done in interpreter and a bit trickier in JITs.

Use cases:
- simplify complex programs
- dispatch into other programs
  (for example: index in jump table can be syscall number or network protocol)
- build dynamic chains of programs

(Continue reading)

Mathieu Desnoyers | 17 May 01:48 2015

[PATCH for v4.2 0/3] membarrier system call

Hi,

At this point, all we're awaiting for is formal Acked-by by affected
maintainers.

Andrew, should you eventually pick it up into your tree ? Or perhaps it should
go through Paul McKenney's tree, given that it uses synchronize_sched() ?

The only change since last post is a layout change in the patch changelog, so
I'm not even bumping the patch version (kept at v18).

Thanks,

Mathieu

Mathieu Desnoyers (2):
  sys_membarrier(): system-wide memory barrier (generic, x86) (v18)
  selftests: enhance membarrier syscall test

Pranith Kumar (1):
  selftests: add membarrier syscall test

 MAINTAINERS                                        |    8 ++
 arch/x86/syscalls/syscall_32.tbl                   |    1 +
 arch/x86/syscalls/syscall_64.tbl                   |    1 +
 include/linux/syscalls.h                           |    2 +
 include/uapi/asm-generic/unistd.h                  |    4 +-
 include/uapi/linux/Kbuild                          |    1 +
 include/uapi/linux/membarrier.h                    |   53 +++++++++
 init/Kconfig                                       |   12 ++
(Continue reading)

Shuah Khan | 15 May 20:47 2015

[GIT PULL] kselftest fixes for 4.1-rc4

Hi Linus,

Please pull the following Kselftest fixes for 4.1-rc4

thanks,
-- Shuah

The following changes since commit b787f68c36d49bb1d9236f403813641efa74a031:

  Linux 4.1-rc1 (2015-04-26 17:59:10 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
tags/linux-kselftest-4.1-rc4

for you to fetch changes up to e9886ace222eb48bb57bd541320056ca334bd3a0:

  selftests, x86: Rework x86 target architecture detection (2015-05-12
20:02:40 -0600)

----------------------------------------------------------------
linux-kselftest-4.1-rc4

Urgent fix for Kselftest regression introduced in 4.1-rc1
by the new x86 test due to its hard dependency on 32-bit
build environment. A set of 5 patches fix the make kselftest
run and kselftest install.

----------------------------------------------------------------
(Continue reading)

Mathieu Poirier | 13 May 18:34 2015

[PATCH v4 00/13] Support for coresight ETMv4 tracer

Please find in this patchset a driver implementation that conforms
to the coresight framework and provide support for the Embedded
Trace Macrocell version 4.

Regards,
Mathieu

---
Changes for v4:
  - Restored cell ID 0x0003b95d.
  - breakdown of multi-line output in sysfs entries.   

Mathieu Poirier (2):
  coresight-etm4x: Read only access to the main management registers
  coresight-etm4x: Read only access to the tracer's ID registers

Pratik Patel (11):
  coresight-etm4x: Adding CoreSight ETM4x driver
  coresight-etm4x: Controls pertaining to tracer configuration
  coresight-etm4x: Controls pertaining to the reset, mode, pe and events
  coresight-etm4x: Controls pertaining to various configuration options
  coresight-etm4x: Controls pertaining to the ViewInst register
  coresight-etm4x: Controls pertaining to the address comparator
    functions
  coresight-etm4x: Controls pertaining to the sequencer functions
  coresight-etm4x: Controls pertaining to the counter functions
  coresight-etm4x: Controls pertaining to the selection of resources
  coresight-etm4x: Controls pertaining to the context ID functions
  coresight-etm4x: Controls pertaining to the VM ID functions

(Continue reading)

Darren Hart | 13 May 06:07 2015
Picon

[PATCH v4 0/6] selftests: Add futex functional tests

Hi Shuah,

This series begins the process of migrating my futextest tests into kselftest.
I've started with only the functional tests, as the performance and stress may
not be appropriate for kselftest as they stand.

I cleaned up various complaints from checkpatch, but I ignored others that would
require significant rework of the testcases, such as not using volatile and not
creating new typedefs.

Since v1:
Avoid checkpatch errors on 1/5 by:
 - combining a later patch which did substantial cleanup.
 - removing file-local typedefs and replacing with structs
 - correcting all >80 char lines, except for quoted strings and header boiler
   plate due to long email addresses

I did *not* make changes for the following:
 - Use of new typdefs for types futex_t and atomic_t as they are used throughout
   the test suite and I consider them to be worth while.
 - Use of volatile as the warning is about use of volatile in kernel code. The
   usage in futextest is correct, as an indicator that other threads may modify
   the value.
 - Adding parentheses around complex defines as it would break one use case and
   change the behavior of another.

Since v2:
 - Remove trailing newline from selftests/futex/functional/run.sh

Since v3:
(Continue reading)

Eric Wong | 13 May 04:37 2015
Picon

[RFC] net: support SOCK_DONTWAIT for non-blocking accept4

It may occasionally be useful to share a listen socket between two
or more tasks with different processing models (blocking and
non-blocking).

This may happen during a software upgrade when an older process
(using blocking I/O) shares the listen socket with a new process
which wants to use non-blocking I/O, but still provides a path for
the old process to fall back to blocking I/O and avoiding poll()
for exclusive wakeup if the upgrade does not work out.

Proposed manpage addtion:

  SOCK_DONTWAIT

  Enable non-blocking operation on the listen socket for this call only.
  Unlike SOCK_NONBLOCK, this does not affect the accepted socket, nor does
  it change the file status flag of the listen socket for other calls.

Signed-off-by: Eric Wong <normalperson@...>
---
  RFC since this seems a bit esoteric, and I'm not sure if it'd be
  useful to others.  I've certainly wished I've had it a few times
  along with an opposite SOCK_MUSTWAIT flag to ignore O_NONBLOCK on
  a listen socket.

 include/linux/net.h |  3 +++
 net/socket.c        | 10 ++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/linux/net.h b/include/linux/net.h
(Continue reading)

Josh Triplett | 11 May 21:30 2015

[PATCHv2 2/2] x86: Opt into HAVE_COPY_THREAD_TLS, for both 32-bit and 64-bit

For 32-bit userspace on a 64-bit kernel, this requires modifying
stub32_clone to actually swap the appropriate arguments to match
CONFIG_CLONE_BACKWARDS, rather than just leaving the C argument for tls
broken.

Patch co-authored by Josh Triplett and Thiago Macieira.

Signed-off-by: Josh Triplett <josh@...>
Acked-by: Andy Lutomirski <luto@...>
---
 arch/x86/Kconfig             | 1 +
 arch/x86/ia32/ia32entry.S    | 2 +-
 arch/x86/kernel/process_32.c | 6 +++---
 arch/x86/kernel/process_64.c | 8 ++++----
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b7d31ca..4960b0d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
 <at>  <at>  -124,6 +124,7  <at>  <at>  config X86
 	select MODULES_USE_ELF_REL if X86_32
 	select MODULES_USE_ELF_RELA if X86_64
 	select CLONE_BACKWARDS if X86_32
+	select HAVE_COPY_THREAD_TLS
 	select ARCH_USE_BUILTIN_BSWAP
 	select ARCH_USE_QUEUE_RWLOCK
 	select OLD_SIGSUSPEND3 if X86_32 || IA32_EMULATION
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 156ebca..0286735 100644
(Continue reading)

Josh Triplett | 11 May 21:29 2015

[PATCHv2 1/2] clone: Support passing tls argument via C rather than pt_regs magic

clone with CLONE_SETTLS accepts an argument to set the thread-local
storage area for the new thread.  sys_clone declares an int argument
tls_val in the appropriate point in the argument list (based on the
various CLONE_BACKWARDS variants), but doesn't actually use or pass
along that argument.  Instead, sys_clone calls do_fork, which calls
copy_process, which calls the arch-specific copy_thread, and copy_thread
pulls the corresponding syscall argument out of the pt_regs captured at
kernel entry (knowing what argument of clone that architecture passes
tls in).

Apart from being awful and inscrutable, that also only works because
only one code path into copy_thread can pass the CLONE_SETTLS flag, and
that code path comes from sys_clone with its architecture-specific
argument-passing order.  This prevents introducing a new version of the
clone system call without propagating the same architecture-specific
position of the tls argument.

However, there's no reason to pull the argument out of pt_regs when
sys_clone could just pass it down via C function call arguments.

Introduce a new CONFIG_HAVE_COPY_THREAD_TLS for architectures to opt
into, and a new copy_thread_tls that accepts the tls parameter as an
additional unsigned long (syscall-argument-sized) argument.
Change sys_clone's tls argument to an unsigned long (which does
not change the ABI), and pass that down to copy_thread_tls.

Architectures that don't opt into copy_thread_tls will continue to
ignore the C argument to sys_clone in favor of the pt_regs captured at
kernel entry, and thus will be unable to introduce new versions of the
clone syscall.
(Continue reading)


Gmane