2019-03-24 21:27:25

by Linus Torvalds

[permalink] [raw]
Subject: Linux 5.1-rc2

Well, we're a week away from the merge window close, and here's rc2.
Things look fairly normal, but honestly, rc2 is usually too early to
tell. People haven't necessarily had time to notice problems yet.
Which is just another way of saying "please test harder".

Nothing particularly stands out. Yes, we had some fixes for the new
io_ring code for issues that were discussed when merging it. Other
than that, worth noting is that the bulk of the patches are for
tooling, not the core kernel. In fact, about two thirds of the patch
is just for the tools/ subdirectory, most of it due to some late perf
tool updates. The people involved promise they're done.

Ignoring the tools thing, the rest is just spread all over, and it's
all pretty small. It's _roughly_ evenly split between arch updates,
drivers and filesystem code, but that's partially because of the
aforementioned io_ring thing (making the filesystem side pop a bit).
But there's minor noise elsewhere too. Most of the arch/ code is a
late ARC update. But none of it really is all that large or worrisome.

Shortlog appended for a flavor of the details (and you'll see the perf
dominance there)

Go test,

Linus

---

Aditya Pakki (1):
x86/hpet: Prevent potential NULL pointer dereference

Adrian Hunter (1):
perf probe: Fix getting the kernel map

Alexander Shiyan (2):
mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages"
clocksource/drivers/clps711x: Remove board support

Alexey Brodkin (1):
ARC: DTB: [scripted] fix node name and address spelling

Andi Kleen (22):
perf script: Support insn output for normal samples
perf report: Support output in nanoseconds
perf time-utils: Add utility function to print time stamps in nanoseconds
perf report: Parse time quantum
perf report: Use less for scripts output
perf script: Filter COMM/FORK/.. events by CPU
perf report: Support time sort key
perf report: Support running scripts for current time range
perf report: Support builtin perf script in scripts menu
perf report: Implement browsing of individual samples
perf tools: Add some new tips describing the new options
perf script: Add array bound checking to list_scripts
perf ui browser: Fix ui popup argv browser for many entries
perf tools report: Add custom scripts to script menu
perf list: Filter metrics too
perf record: Allow to limit number of reported perf.data files
perf record: Clarify help for --switch-output
perf report: Show all sort keys in help output
perf report: Indicate JITed code better in report
perf script: Support relative time
perf stat: Fix --no-scale
perf stat: Improve scaling

Andrzej Hajda (1):
drm/exynos/mixer: fix MIXER shadow registry synchronisation code

Andy Shevchenko (6):
auxdisplay: hd44780: Fix memory leak on ->remove()
auxdisplay: charlcd: Move to_priv() to charlcd namespace
auxdisplay: charlcd: Introduce charlcd_free() helper
auxdisplay: panel: Convert to use charlcd_free()
auxdisplay: hd44780: Convert to use charlcd_free()
ACPI / utils: Drop reference in test for device presence

Archer Yan (1):
MIPS: Fix kernel crash for R6 in jump label branch function

Arnaldo Carvalho de Melo (5):
perf tools: Update x86's syscall_64.tbl, no change in tools/perf behaviour
tools headers uapi: Sync copy of asm-generic/unistd.h with the
kernel sources
tools headers uapi: Update linux/in.h copy
tools lib bpf: Fix the build by adding a missing stdarg.h include
perf evsel: Free evsel->counts in perf_evsel__exit()

Arnd Bergmann (3):
irqchip/imx-irqsteer: Fix of_property_read_u32() error handling
mmc: pxamci: fix enum type confusion
mmc: davinci: remove extraneous __init annotation

Atish Patra (1):
clocksource/drivers/riscv: Fix clocksource mask

Aya Levin (1):
IB/mlx5: Fix mapping of link-mode to IB width and speed

Bart Van Assche (6):
scsi: core: Also call destroy_rcu_head() for passthrough requests
scsi: core: Avoid that a kernel warning appears during system resume
block: Unexport blk_mq_add_to_requeue_list()
blk-iolatency: #include "blk.h"
blkcg: Fix kernel-doc warnings
workqueue: Only unregister a registered lockdep key

Ben Hutchings (1):
powerpc/mm: Only define MAX_PHYSMEM_BITS in SPARSEMEM configurations

Borislav Petkov (1):
x86/microcode: Announce reload operation's completion

Changbin Du (15):
perf tools: Add doc about how to build perf with Asan and UBSan
perf list: Don't forget to drop the reference to the allocated thread_map
perf tools: Fix errors under optimization level '-Og'
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Delete the evlist before perf_session, fixing
heap-use-after-free issue
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf map: Remove map from 'names' tree in __maps__remove()
perf maps: Purge all maps from the 'names' tree
perf top: Fix global-buffer-overflow issue
perf tests: Fix a memory leak of cpu_map object in the
openat_syscall_event_on_all_cpus test
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()

Chen Jie (1):
futex: Ensure that futex address is aligned in handle_futex_death()

Chris Wilson (2):
drm/i915: Fix off-by-one in reporting hanging process
drm/i915: Sanity check mmap length against object size

Christian König (2):
drm/amdgpu: revert "cleanup setting bulk_movable"
drm/amdgpu: fix invalid use of change_bit

Christophe Leroy (1):
powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32

Colin Ian King (2):
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition
and declaration
x86/lib: Fix indentation issue, remove extra tab

Corentin Labbe (1):
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM

Dan Carpenter (1):
drm/nouveau/dmem: Fix a NULL vs IS_ERR() check

Daniel Drake (1):
mmc: alcor: fix DMA reads

Darrick J. Wong (1):
ext4: prohibit fstrim in norecovery mode

Dave Airlie (1):
drm/udl: use drm_gem_object_put_unlocked.

David Arcari (1):
tools/power turbostat: return the exit status of a command

Deepak Rawat (1):
drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's

Dongli Zhang (2):
loop: access lo_backing_file only when the loop device is Lo_bound
blk-mq: remove unused 'nr_expired' from blk_mq_hw_ctx

Enrico Weigelt, metux IT consult (1):
arch: arc: Kconfig: pedantic formatting

Eugeniy Paltsev (5):
ARC: [plat-hsdk]: Add reset controller handle to manage USB reset
ARC: [plat-hsdk]: Enable AXI DW DMAC support
ARCv2: lib: introduce memcpy optimized for unaligned access
ARCv2: Add explcit unaligned access support (and ability to disable too)
ARC: u-boot args: check that magic number is correct

Fabien Dessenne (2):
irqchip/stm32: Don't clear rising/falling config registers at init
irqchip/stm32: Don't set rising configuration registers at init

Fabrizio Castro (1):
dt-bindings: irqchip: renesas-irqc: Document r8a774c0 support

Feng Tang (1):
i40iw: Avoid panic when handling the inetdev event

Guenter Roeck (1):
platform/chrome: cros_ec_debugfs: cancel/schedule logging work
only if supported

Gustavo A. R. Silva (1):
genirq: Mark expected switch case fall-through

Hanjun Guo (2):
arm64: Add MIDR encoding for HiSilicon Taishan CPUs
arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs

Himanshu Madhani (1):
scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID

Hui Wang (2):
ALSA: hda - Don't trigger jackpoll_work in azx_resume
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec

Ilya Dryomov (3):
rbd: set io_min, io_opt and discard_granularity to alloc_size
libceph: wait for latest osdmap in ceph_monc_blacklist_add()
rbd: drop wait_for_latest_osdmap()

Ingo Molnar (1):
x86/cpufeature: Fix various quality problems in the
<asm/cpu_device_hd.h> header

Jack Morgenstein (1):
IB/mlx4: Fix race condition between catas error reset and aliasguid flows

Jan Kara (4):
ext4: avoid panic during forced reboot
udf: Fix crash on IO error during truncate
udf: Propagate errors from udf_truncate_extents()
fanotify: Allow copying of file handle to userspace

Jaroslav Kysela (1):
ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist

Jason Yan (1):
ext4: remove useless ext4_pin_inode()

Jens Axboe (11):
io_uring: use regular request ref counts
io_uring: make io_read/write return an integer
io_uring: add prepped flag
io_uring: fix fget/fput handling
io_uring: fix poll races
paride/pf: cleanup queues when detection fails
paride/pcd: cleanup queues when detection fails
io_uring: retry bulk slab allocs as single allocs
io_uring: mark me as the maintainer
iov_iter: add ITER_BVEC_FLAG_NO_REF flag
block: add BIO_NO_PAGE_REF flag

Jiada Wang (1):
PM / Domains: Avoid a potential deadlock

Jian-Hong Pan (1):
ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286

Jianguo Chen (1):
irqchip/mbigen: Don't clear eventid when freeing an MSI

Jiri Olsa (6):
perf data: Support having perf.data stored as a directory
perf data: Don't store auxtrace index for directory data file
perf data: Add perf_data__update_dir() function
perf data: Make perf_data__size() work over directory
perf header: Add DIR_FORMAT feature to describe directory data
perf session: Add process callback to reader object

Jiufei Xue (1):
ext4: fix NULL pointer dereference while journal is aborted

Josh Poimboeuf (1):
objtool: Move objtool_file struct off the stack

Jérôme Glisse (1):
drm/nouveau/dmem: empty chunk do not have a buffer object
associated with them.

Kairui Song (1):
x86/gart: Exclude GART aperture from kcore

Kangjie Lu (3):
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
x86/hyperv: Prevent potential NULL pointer dereference

Kishon Vijay Abraham I (1):
mmc: sdhci-omap: Set caps2 to indicate no physical write protect pin

Konstantin Khlebnikov (1):
sched/core: Fix buffer overflow in cgroup2 property cpu.max

Linus Torvalds (1):
Linux 5.1-rc2

Long Li (2):
CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN
CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN

Lu Baolu (2):
iommu/vt-d: Check capability before disabling protected memory
iommu/vt-d: Save the right domain ID used by hardware

Luc Van Oostenryck (1):
thermal/intel_powerclamp: fix __percpu declaration of worker_data

Lukas Czerner (3):
ext4: fix data corruption caused by unaligned direct AIO
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize

Luo Jiaxing (1):
scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()

Mamatha Inamdar (1):
perf vendor events: Remove P8 HW events which are not supported

Mans Rullgard (3):
auxdisplay: deconfuse configuration
auxdisplay: charlcd: simplify init message display
auxdisplay: charlcd: make backlight initial state configurable

Marc Zyngier (1):
irqchip/gic: Drop support for secondary GIC in non-DT systems

Marek Szyprowski (1):
thermal: samsung: Fix incorrect check after code merge

Mark Rutland (1):
arm64: apply workaround on A64FX v1r0

Martin Liška (1):
perf vendor events amd: perf PMU events for AMD Family 17h

Masami Hiramatsu (4):
arm64: kprobes: Move extable address check into arch_prepare_kprobe()
arm64: kprobes: Remove unneeded RODATA check
arm64: kprobes: Move exception_text check in blacklist
arm64: kprobes: Use arch_populate_kprobe_blacklist()

Matteo Croce (1):
x86/mm: Don't leak kernel addresses

Matthew Garrett (2):
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting

Matthew Whitehead (2):
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/cpu/cyrix: Remove {get,set}Cx86_old macros used for Cyrix processors

Matthias Kaehlcke (1):
arm64: remove obsolete selection of MULTI_IRQ_HANDLER

Maurizio Lombardi (1):
scsi: iscsi: flush running unbind operations when removing a session

Michael Ellerman (2):
powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
powerpc/security: Fix spectre_v2 reporting

Nathan Chancellor (1):
x86/hw_breakpoints: Make default case in
hw_breakpoint_arch_parse() return an error

Nick Crews (1):
platform/chrome: Fix locking pattern in wilco_ec_mailbox()

Nick Desaulniers (1):
x86/boot: Restrict header scope to make Clang happy

Ondrej Mosnacek (1):
selinux: fix NULL dereference in policydb_destroy()

Paul Burton (1):
MIPS: Remove custom MIPS32 __kernel_fsid_t type

Paulo Alcantara (SUSE) (1):
cifs: Fix slab-out-of-bounds when tracing SMB tcon

Peter Xu (1):
genirq: Fix typo in comment of IRQD_MOVE_PCNTXT

Peter Zijlstra (1):
sched/cpufreq: Fix 32-bit math overflow

Petr Štetiar (1):
mips: bcm47xx: Enable USB power on Netgear WNDR3400v2

Phil Elwell (1):
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs

Pi-Hsun Shih (1):
thermal: mtk: Allocate enough space for mtk_thermal.

Quinn Tran (1):
scsi: qla2xxx: Fix FC-AL connection target discovery

Rasmus Villemoes (1):
irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp

Robert Richter (1):
iommu/iova: Fix tracking of recently failed iova address

Ronnie Sahlberg (1):
cifs: allow guest mounts to work for smb3.11

Shaokun Zhang (1):
thermal: cpu_cooling: Remove unused cur_freq variable

Shenghui Wang (1):
sbitmap: trivial - update comment for sbitmap_deferred_clear_bit

Song Liu (19):
perf record: Replace option --bpf-event with --no-bpf-event
tools lib bpf: Introduce bpf_program__get_prog_info_linear()
bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump()
perf bpf: Synthesize bpf events with bpf_program__get_prog_info_linear()
perf bpf: Make synthesize_bpf_events() receive perf_session
pointer instead of perf_tool
perf bpf: Save bpf_prog_info in a rbtree in perf_env
perf bpf: Save bpf_prog_info information as headers to perf.data
perf bpf: Save BTF in a rbtree in perf_env
perf bpf: Save BTF information as headers to perf.data
perf top: Add option --no-bpf-event
perf feature detection: Add -lopcodes to feature-libbfd
perf symbols: Introduce DSO_BINARY_TYPE__BPF_PROG_INFO
perf bpf: Process PERF_BPF_EVENT_PROG_LOAD for annotation
perf build: Check what binutils's 'disassembler()' signature to use
perf annotate: Enable annotation of BPF programs
perf evlist: Introduce side band thread
perf tools: Save bpf_prog_info and BTF of new BPF programs
perf bpf: Extract logic to create program names from
perf_event__synthesize_one_bpf_prog()
perf bpf: Show more BPF program info in print_bpf_prog_info()

Stanislaw Gruszka (1):
iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE

Stephane Eranian (1):
perf/core: Restore mmap record type correctly

Steve French (3):
fix incorrect error code mapping for OBJECTID_NOT_FOUND
SMB3: Fix SMB3.1.1 guest mounts to Samba
cifs: update internal module version number

Takashi Sakamoto (1):
ALSA: firewire-motu: use 'version' field of unit directory to
identify model

Thomas Preston (1):
drm/i915/bios: assume eDP is present on port A when there is no VBT

Thomas Zimmermann (1):
drm/vmwgfx: Don't double-free the mode stored in par->set_mode

Tony Jones (4):
perf script python: Add Python3 support to exported-sql-viewer.py
perf script python: Add Python3 support to export-to-postgresql.py
perf script python: Add Python3 support to export-to-sqlite.py
perf script python: Add printdate function to SQL exporters

Tyrel Datwyler (2):
scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
scsi: ibmvscsi: Fix empty event pool access during host removal

Valdis Kletnieks (4):
x86/mm/pti: Make local symbols static
genirq/devres: Remove excess parameter from kernel doc
time/jiffies: Make refined_jiffies static
watchdog/core: Make variables static

Valentin Schneider (3):
sched/fair: Comment some nohz_balancer_kick() kick conditions
sched/fair: Tune down misfit NOHZ kicks
sched/fair: Skip LLC NOHZ logic for asymmetric systems

Vineet Gupta (5):
ARC: perf: bpok condition only exists for ARCompact
ARCv2: boot log: refurbish HS core/release identification
ARC: boot log: cut down on verbosity
ARC: unaligned: relax the check for gcc supporting -mno-unaligned-access
ARCv2: spinlock: remove the extra smp_mb before lock, after unlock

William Cohen (1):
arm64/stacktrace: Export save_stack_trace_regs()

Wolfram Sang (1):
mmc: renesas_sdhi: limit block count to 16 bit for old revisions

Xiaoli Feng (1):
cifs: fix that return -EINVAL when do dedupe operationAditya Pakki (1):
x86/hpet: Prevent potential NULL pointer dereference

Adrian Hunter (1):
perf probe: Fix getting the kernel map

Alexander Shiyan (2):
mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages"
clocksource/drivers/clps711x: Remove board support

Alexey Brodkin (1):
ARC: DTB: [scripted] fix node name and address spelling

Andi Kleen (22):
perf script: Support insn output for normal samples
perf report: Support output in nanoseconds
perf time-utils: Add utility function to print time stamps in nanoseconds
perf report: Parse time quantum
perf report: Use less for scripts output
perf script: Filter COMM/FORK/.. events by CPU
perf report: Support time sort key
perf report: Support running scripts for current time range
perf report: Support builtin perf script in scripts menu
perf report: Implement browsing of individual samples
perf tools: Add some new tips describing the new options
perf script: Add array bound checking to list_scripts
perf ui browser: Fix ui popup argv browser for many entries
perf tools report: Add custom scripts to script menu
perf list: Filter metrics too
perf record: Allow to limit number of reported perf.data files
perf record: Clarify help for --switch-output
perf report: Show all sort keys in help output
perf report: Indicate JITed code better in report
perf script: Support relative time
perf stat: Fix --no-scale
perf stat: Improve scaling

Andrzej Hajda (1):
drm/exynos/mixer: fix MIXER shadow registry synchronisation code

Andy Shevchenko (6):
auxdisplay: hd44780: Fix memory leak on ->remove()
auxdisplay: charlcd: Move to_priv() to charlcd namespace
auxdisplay: charlcd: Introduce charlcd_free() helper
auxdisplay: panel: Convert to use charlcd_free()
auxdisplay: hd44780: Convert to use charlcd_free()
ACPI / utils: Drop reference in test for device presence

Archer Yan (1):
MIPS: Fix kernel crash for R6 in jump label branch function

Arnaldo Carvalho de Melo (5):
perf tools: Update x86's syscall_64.tbl, no change in tools/perf behaviour
tools headers uapi: Sync copy of asm-generic/unistd.h with the
kernel sources
tools headers uapi: Update linux/in.h copy
tools lib bpf: Fix the build by adding a missing stdarg.h include
perf evsel: Free evsel->counts in perf_evsel__exit()

Arnd Bergmann (3):
irqchip/imx-irqsteer: Fix of_property_read_u32() error handling
mmc: pxamci: fix enum type confusion
mmc: davinci: remove extraneous __init annotation

Atish Patra (1):
clocksource/drivers/riscv: Fix clocksource mask

Aya Levin (1):
IB/mlx5: Fix mapping of link-mode to IB width and speed

Bart Van Assche (6):
scsi: core: Also call destroy_rcu_head() for passthrough requests
scsi: core: Avoid that a kernel warning appears during system resume
block: Unexport blk_mq_add_to_requeue_list()
blk-iolatency: #include "blk.h"
blkcg: Fix kernel-doc warnings
workqueue: Only unregister a registered lockdep key

Ben Hutchings (1):
powerpc/mm: Only define MAX_PHYSMEM_BITS in SPARSEMEM configurations

Borislav Petkov (1):
x86/microcode: Announce reload operation's completion

Changbin Du (15):
perf tools: Add doc about how to build perf with Asan and UBSan
perf list: Don't forget to drop the reference to the allocated thread_map
perf tools: Fix errors under optimization level '-Og'
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Delete the evlist before perf_session, fixing
heap-use-after-free issue
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf map: Remove map from 'names' tree in __maps__remove()
perf maps: Purge all maps from the 'names' tree
perf top: Fix global-buffer-overflow issue
perf tests: Fix a memory leak of cpu_map object in the
openat_syscall_event_on_all_cpus test
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()

Chen Jie (1):
futex: Ensure that futex address is aligned in handle_futex_death()

Chris Wilson (2):
drm/i915: Fix off-by-one in reporting hanging process
drm/i915: Sanity check mmap length against object size

Christian König (2):
drm/amdgpu: revert "cleanup setting bulk_movable"
drm/amdgpu: fix invalid use of change_bit

Christophe Leroy (1):
powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32

Colin Ian King (2):
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition
and declaration
x86/lib: Fix indentation issue, remove extra tab

Corentin Labbe (1):
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM

Dan Carpenter (1):
drm/nouveau/dmem: Fix a NULL vs IS_ERR() check

Daniel Drake (1):
mmc: alcor: fix DMA reads

Darrick J. Wong (1):
ext4: prohibit fstrim in norecovery mode

Dave Airlie (1):
drm/udl: use drm_gem_object_put_unlocked.

David Arcari (1):
tools/power turbostat: return the exit status of a command

Deepak Rawat (1):
drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's

Dongli Zhang (2):
loop: access lo_backing_file only when the loop device is Lo_bound
blk-mq: remove unused 'nr_expired' from blk_mq_hw_ctx

Enrico Weigelt, metux IT consult (1):
arch: arc: Kconfig: pedantic formatting

Eugeniy Paltsev (5):
ARC: [plat-hsdk]: Add reset controller handle to manage USB reset
ARC: [plat-hsdk]: Enable AXI DW DMAC support
ARCv2: lib: introduce memcpy optimized for unaligned access
ARCv2: Add explcit unaligned access support (and ability to disable too)
ARC: u-boot args: check that magic number is correct

Fabien Dessenne (2):
irqchip/stm32: Don't clear rising/falling config registers at init
irqchip/stm32: Don't set rising configuration registers at init

Fabrizio Castro (1):
dt-bindings: irqchip: renesas-irqc: Document r8a774c0 support

Feng Tang (1):
i40iw: Avoid panic when handling the inetdev event

Guenter Roeck (1):
platform/chrome: cros_ec_debugfs: cancel/schedule logging work
only if supported

Gustavo A. R. Silva (1):
genirq: Mark expected switch case fall-through

Hanjun Guo (2):
arm64: Add MIDR encoding for HiSilicon Taishan CPUs
arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs

Himanshu Madhani (1):
scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID

Hui Wang (2):
ALSA: hda - Don't trigger jackpoll_work in azx_resume
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec

Ilya Dryomov (3):
rbd: set io_min, io_opt and discard_granularity to alloc_size
libceph: wait for latest osdmap in ceph_monc_blacklist_add()
rbd: drop wait_for_latest_osdmap()

Ingo Molnar (1):
x86/cpufeature: Fix various quality problems in the
<asm/cpu_device_hd.h> header

Jack Morgenstein (1):
IB/mlx4: Fix race condition between catas error reset and aliasguid flows

Jan Kara (4):
ext4: avoid panic during forced reboot
udf: Fix crash on IO error during truncate
udf: Propagate errors from udf_truncate_extents()
fanotify: Allow copying of file handle to userspace

Jaroslav Kysela (1):
ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist

Jason Yan (1):
ext4: remove useless ext4_pin_inode()

Jens Axboe (11):
io_uring: use regular request ref counts
io_uring: make io_read/write return an integer
io_uring: add prepped flag
io_uring: fix fget/fput handling
io_uring: fix poll races
paride/pf: cleanup queues when detection fails
paride/pcd: cleanup queues when detection fails
io_uring: retry bulk slab allocs as single allocs
io_uring: mark me as the maintainer
iov_iter: add ITER_BVEC_FLAG_NO_REF flag
block: add BIO_NO_PAGE_REF flag

Jiada Wang (1):
PM / Domains: Avoid a potential deadlock

Jian-Hong Pan (1):
ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286

Jianguo Chen (1):
irqchip/mbigen: Don't clear eventid when freeing an MSI

Jiri Olsa (6):
perf data: Support having perf.data stored as a directory
perf data: Don't store auxtrace index for directory data file
perf data: Add perf_data__update_dir() function
perf data: Make perf_data__size() work over directory
perf header: Add DIR_FORMAT feature to describe directory data
perf session: Add process callback to reader object

Jiufei Xue (1):
ext4: fix NULL pointer dereference while journal is aborted

Josh Poimboeuf (1):
objtool: Move objtool_file struct off the stack

Jérôme Glisse (1):
drm/nouveau/dmem: empty chunk do not have a buffer object
associated with them.

Kairui Song (1):
x86/gart: Exclude GART aperture from kcore

Kangjie Lu (3):
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
x86/hyperv: Prevent potential NULL pointer dereference

Kishon Vijay Abraham I (1):
mmc: sdhci-omap: Set caps2 to indicate no physical write protect pin

Konstantin Khlebnikov (1):
sched/core: Fix buffer overflow in cgroup2 property cpu.max

Linus Torvalds (1):
Linux 5.1-rc2

Long Li (2):
CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN
CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN

Lu Baolu (2):
iommu/vt-d: Check capability before disabling protected memory
iommu/vt-d: Save the right domain ID used by hardware

Luc Van Oostenryck (1):
thermal/intel_powerclamp: fix __percpu declaration of worker_data

Lukas Czerner (3):
ext4: fix data corruption caused by unaligned direct AIO
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize

Luo Jiaxing (1):
scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()

Mamatha Inamdar (1):
perf vendor events: Remove P8 HW events which are not supported

Mans Rullgard (3):
auxdisplay: deconfuse configuration
auxdisplay: charlcd: simplify init message display
auxdisplay: charlcd: make backlight initial state configurable

Marc Zyngier (1):
irqchip/gic: Drop support for secondary GIC in non-DT systems

Marek Szyprowski (1):
thermal: samsung: Fix incorrect check after code merge

Mark Rutland (1):
arm64: apply workaround on A64FX v1r0

Martin Liška (1):
perf vendor events amd: perf PMU events for AMD Family 17h

Masami Hiramatsu (4):
arm64: kprobes: Move extable address check into arch_prepare_kprobe()
arm64: kprobes: Remove unneeded RODATA check
arm64: kprobes: Move exception_text check in blacklist
arm64: kprobes: Use arch_populate_kprobe_blacklist()

Matteo Croce (1):
x86/mm: Don't leak kernel addresses

Matthew Garrett (2):
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting

Matthew Whitehead (2):
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/cpu/cyrix: Remove {get,set}Cx86_old macros used for Cyrix processors

Matthias Kaehlcke (1):
arm64: remove obsolete selection of MULTI_IRQ_HANDLER

Maurizio Lombardi (1):
scsi: iscsi: flush running unbind operations when removing a session

Michael Ellerman (2):
powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
powerpc/security: Fix spectre_v2 reporting

Nathan Chancellor (1):
x86/hw_breakpoints: Make default case in
hw_breakpoint_arch_parse() return an error

Nick Crews (1):
platform/chrome: Fix locking pattern in wilco_ec_mailbox()

Nick Desaulniers (1):
x86/boot: Restrict header scope to make Clang happy

Ondrej Mosnacek (1):
selinux: fix NULL dereference in policydb_destroy()

Paul Burton (1):
MIPS: Remove custom MIPS32 __kernel_fsid_t type

Paulo Alcantara (SUSE) (1):
cifs: Fix slab-out-of-bounds when tracing SMB tcon

Peter Xu (1):
genirq: Fix typo in comment of IRQD_MOVE_PCNTXT

Peter Zijlstra (1):
sched/cpufreq: Fix 32-bit math overflow

Petr Štetiar (1):
mips: bcm47xx: Enable USB power on Netgear WNDR3400v2

Phil Elwell (1):
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs

Pi-Hsun Shih (1):
thermal: mtk: Allocate enough space for mtk_thermal.

Quinn Tran (1):
scsi: qla2xxx: Fix FC-AL connection target discovery

Rasmus Villemoes (1):
irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp

Robert Richter (1):
iommu/iova: Fix tracking of recently failed iova address

Ronnie Sahlberg (1):
cifs: allow guest mounts to work for smb3.11

Shaokun Zhang (1):
thermal: cpu_cooling: Remove unused cur_freq variable

Shenghui Wang (1):
sbitmap: trivial - update comment for sbitmap_deferred_clear_bit

Song Liu (19):
perf record: Replace option --bpf-event with --no-bpf-event
tools lib bpf: Introduce bpf_program__get_prog_info_linear()
bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump()
perf bpf: Synthesize bpf events with bpf_program__get_prog_info_linear()
perf bpf: Make synthesize_bpf_events() receive perf_session
pointer instead of perf_tool
perf bpf: Save bpf_prog_info in a rbtree in perf_env
perf bpf: Save bpf_prog_info information as headers to perf.data
perf bpf: Save BTF in a rbtree in perf_env
perf bpf: Save BTF information as headers to perf.data
perf top: Add option --no-bpf-event
perf feature detection: Add -lopcodes to feature-libbfd
perf symbols: Introduce DSO_BINARY_TYPE__BPF_PROG_INFO
perf bpf: Process PERF_BPF_EVENT_PROG_LOAD for annotation
perf build: Check what binutils's 'disassembler()' signature to use
perf annotate: Enable annotation of BPF programs
perf evlist: Introduce side band thread
perf tools: Save bpf_prog_info and BTF of new BPF programs
perf bpf: Extract logic to create program names from
perf_event__synthesize_one_bpf_prog()
perf bpf: Show more BPF program info in print_bpf_prog_info()

Stanislaw Gruszka (1):
iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE

Stephane Eranian (1):
perf/core: Restore mmap record type correctly

Steve French (3):
fix incorrect error code mapping for OBJECTID_NOT_FOUND
SMB3: Fix SMB3.1.1 guest mounts to Samba
cifs: update internal module version number

Takashi Sakamoto (1):
ALSA: firewire-motu: use 'version' field of unit directory to
identify model

Thomas Preston (1):
drm/i915/bios: assume eDP is present on port A when there is no VBT

Thomas Zimmermann (1):
drm/vmwgfx: Don't double-free the mode stored in par->set_mode

Tony Jones (4):
perf script python: Add Python3 support to exported-sql-viewer.py
perf script python: Add Python3 support to export-to-postgresql.py
perf script python: Add Python3 support to export-to-sqlite.py
perf script python: Add printdate function to SQL exporters

Tyrel Datwyler (2):
scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
scsi: ibmvscsi: Fix empty event pool access during host removal

Valdis Kletnieks (4):
x86/mm/pti: Make local symbols static
genirq/devres: Remove excess parameter from kernel doc
time/jiffies: Make refined_jiffies static
watchdog/core: Make variables static

Valentin Schneider (3):
sched/fair: Comment some nohz_balancer_kick() kick conditions
sched/fair: Tune down misfit NOHZ kicks
sched/fair: Skip LLC NOHZ logic for asymmetric systems

Vineet Gupta (5):
ARC: perf: bpok condition only exists for ARCompact
ARCv2: boot log: refurbish HS core/release identification
ARC: boot log: cut down on verbosity
ARC: unaligned: relax the check for gcc supporting -mno-unaligned-access
ARCv2: spinlock: remove the extra smp_mb before lock, after unlock

William Cohen (1):
arm64/stacktrace: Export save_stack_trace_regs()

Wolfram Sang (1):
mmc: renesas_sdhi: limit block count to 16 bit for old revisions

Xiaoli Feng (1):
cifs: fix that return -EINVAL when do dedupe operation

Yasha Cherikovsky (1):
MIPS: Ensure ELF appended dtb is relocated

Yifeng Li (1):
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.

Yishai Hadas (2):
net/mlx5: Fix DCT creation bad flow
IB/mlx5: Use mlx5 core to create/destroy a DEVX DCT

YueHaibing (10):
drivers: base: swnode: Make two functions static
irqchip/brcmstb-l2: Make two init functions static
irqchip/mmp: Make mmp_irq_domain_ops static
irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static
drm/nouveau/dmem: remove set but not used variable 'drm'
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
clocksource/drivers/clps711x: Make clps711x_clksrc_init() static
clocksource/drivers/tcb_clksrc: Make tc_clksrc_suspend/resume() static
clocksource/drivers/timer-ti-dm: Make
omap_dm_timer_set_load_start() static
clocksource/drivers/mips-gic-timer: Make gic_compare_irqaction static

Yufen Yu (2):
blk-mq: use blk_mq_sched_mark_restart_hctx to set RESTART
block: add BLK_MQ_POLL_CLASSIC for hybrid poll and return EINVAL
for unexpected value

Zhang Rui (1):
thermal/intel_powerclamp: fix truncated kthread name

ZhangXiaoxu (1):
inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch()

zhangyi (F) (2):
ext4: brelse all indirect buffer in ext4_ind_remove_space()
ext4: cleanup bh release code in ext4_ind_remove_space()


Yasha Cherikovsky (1):
MIPS: Ensure ELF appended dtb is relocated

Yifeng Li (1):
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.

Yishai Hadas (2):
net/mlx5: Fix DCT creation bad flow
IB/mlx5: Use mlx5 core to create/destroy a DEVX DCT

YueHaibing (10):
drivers: base: swnode: Make two functions static
irqchip/brcmstb-l2: Make two init functions static
irqchip/mmp: Make mmp_irq_domain_ops static
irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static
drm/nouveau/dmem: remove set but not used variable 'drm'
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
clocksource/drivers/clps711x: Make clps711x_clksrc_init() static
clocksource/drivers/tcb_clksrc: Make tc_clksrc_suspend/resume() static
clocksource/drivers/timer-ti-dm: Make
omap_dm_timer_set_load_start() static
clocksource/drivers/mips-gic-timer: Make gic_compare_irqaction static

Yufen Yu (2):
blk-mq: use blk_mq_sched_mark_restart_hctx to set RESTART
block: add BLK_MQ_POLL_CLASSIC for hybrid poll and return EINVAL
for unexpected value

Zhang Rui (1):
thermal/intel_powerclamp: fix truncated kthread name

ZhangXiaoxu (1):
inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch()

zhangyi (F) (2):
ext4: brelse all indirect buffer in ext4_ind_remove_space()
ext4: cleanup bh release code in ext4_ind_remove_space()


2019-03-25 02:32:19

by Randy Dunlap

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 3/24/19 2:26 PM, Linus Torvalds wrote:
> Well, we're a week away from the merge window close, and here's rc2.
> Things look fairly normal, but honestly, rc2 is usually too early to
> tell. People haven't necessarily had time to notice problems yet.
> Which is just another way of saying "please test harder".
>
> Nothing particularly stands out. Yes, we had some fixes for the new
> io_ring code for issues that were discussed when merging it. Other
> than that, worth noting is that the bulk of the patches are for
> tooling, not the core kernel. In fact, about two thirds of the patch
> is just for the tools/ subdirectory, most of it due to some late perf
> tool updates. The people involved promise they're done.

Hmph. I'm still looking for the patch that restores the various
CONFIG_DEFAULT_<security> kconfig options to be merged.

https://lore.kernel.org/linux-security-module/[email protected]/

since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow.


--
~Randy

2019-03-25 19:09:29

by James Morris

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On Sun, 24 Mar 2019, Randy Dunlap wrote:

> On 3/24/19 2:26 PM, Linus Torvalds wrote:
> > Well, we're a week away from the merge window close, and here's rc2.
> > Things look fairly normal, but honestly, rc2 is usually too early to
> > tell. People haven't necessarily had time to notice problems yet.
> > Which is just another way of saying "please test harder".
> >
> > Nothing particularly stands out. Yes, we had some fixes for the new
> > io_ring code for issues that were discussed when merging it. Other
> > than that, worth noting is that the bulk of the patches are for
> > tooling, not the core kernel. In fact, about two thirds of the patch
> > is just for the tools/ subdirectory, most of it due to some late perf
> > tool updates. The people involved promise they're done.
>
> Hmph. I'm still looking for the patch that restores the various
> CONFIG_DEFAULT_<security> kconfig options to be merged.
>
> https://lore.kernel.org/linux-security-module/[email protected]/
>
> since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow.

AFAICT we don't have a finalized version of the patch yet.

Kees?


--
James Morris
<[email protected]>


2019-03-25 21:08:36

by Tetsuo Handa

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 2019/03/26 4:08, James Morris wrote:
> On Sun, 24 Mar 2019, Randy Dunlap wrote:
>
>> On 3/24/19 2:26 PM, Linus Torvalds wrote:
>>> Well, we're a week away from the merge window close, and here's rc2.
>>> Things look fairly normal, but honestly, rc2 is usually too early to
>>> tell. People haven't necessarily had time to notice problems yet.
>>> Which is just another way of saying "please test harder".
>>>
>>> Nothing particularly stands out. Yes, we had some fixes for the new
>>> io_ring code for issues that were discussed when merging it. Other
>>> than that, worth noting is that the bulk of the patches are for
>>> tooling, not the core kernel. In fact, about two thirds of the patch
>>> is just for the tools/ subdirectory, most of it due to some late perf
>>> tool updates. The people involved promise they're done.
>>
>> Hmph. I'm still looking for the patch that restores the various
>> CONFIG_DEFAULT_<security> kconfig options to be merged.
>>
>> https://lore.kernel.org/linux-security-module/[email protected]/
>>
>> since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow.
>
> AFAICT we don't have a finalized version of the patch yet.
>
> Kees?
>

As far as I can tell, Kees's comment

It breaks the backward-compat for the "security=" line. If a system is
booted with CONFIG_LSM="minors...,apparmor" and "security=selinux",
neither apparmor nor selinux will be initialized. The logic on
"security=..." depends on the other LSMs being present in the list.

was just a confusion, and I think that this version can become
the finalized version.

From 72f5f21b800c87f9ec3600f6e3acfb654690d8f0 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <[email protected]>
Date: Tue, 26 Mar 2019 05:56:30 +0900
Subject: [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"

Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed
CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from
security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a
default value. That commit expected that existing users (upgrading from
Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with
their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But
since users might forget to edit CONFIG_LSM value, this patch revives
the choice (only for providing the default value for CONFIG_LSM) in order
to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their
old kernel configs.

Reported-by: Jakub Kicinski <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>
Acked-by: Casey Schaufler <[email protected]>
---
security/Kconfig | 37 ++++++++++++++++++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/security/Kconfig b/security/Kconfig
index 1d6463f..2f29805 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -239,9 +239,44 @@ source "security/safesetid/Kconfig"

source "security/integrity/Kconfig"

+choice
+ prompt "Default security module [superseded by 'Ordered list of enabled LSMs' below]"
+ default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
+ default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
+ default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
+ default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
+ default DEFAULT_SECURITY_DAC
+
+ help
+ This choice is there only for converting CONFIG_DEFAULT_SECURITY in old
+ kernel config to CONFIG_LSM in new kernel config. Don't change this choice
+ unless you are creating a fresh kernel config, for this choice will be
+ ignored after CONFIG_LSM is once defined.
+
+ config DEFAULT_SECURITY_SELINUX
+ bool "SELinux" if SECURITY_SELINUX=y
+
+ config DEFAULT_SECURITY_SMACK
+ bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
+
+ config DEFAULT_SECURITY_TOMOYO
+ bool "TOMOYO" if SECURITY_TOMOYO=y
+
+ config DEFAULT_SECURITY_APPARMOR
+ bool "AppArmor" if SECURITY_APPARMOR=y
+
+ config DEFAULT_SECURITY_DAC
+ bool "Unix Discretionary Access Controls"
+
+endchoice
+
config LSM
string "Ordered list of enabled LSMs"
- default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+ default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX
+ default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK
+ default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO
+ default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR
+ default "yama,loadpin,safesetid,integrity"
help
A comma-separated list of LSMs, in initialization order.
Any LSMs left off this list will be ignored. This can be
--
1.8.3.1

2019-03-27 19:17:18

by Kees Cook

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On Mon, Mar 25, 2019 at 2:06 PM Tetsuo Handa
<[email protected]> wrote:
>
> On 2019/03/26 4:08, James Morris wrote:
> > On Sun, 24 Mar 2019, Randy Dunlap wrote:
> >
> >> On 3/24/19 2:26 PM, Linus Torvalds wrote:
> >>> Well, we're a week away from the merge window close, and here's rc2.
> >>> Things look fairly normal, but honestly, rc2 is usually too early to
> >>> tell. People haven't necessarily had time to notice problems yet.
> >>> Which is just another way of saying "please test harder".
> >>>
> >>> Nothing particularly stands out. Yes, we had some fixes for the new
> >>> io_ring code for issues that were discussed when merging it. Other
> >>> than that, worth noting is that the bulk of the patches are for
> >>> tooling, not the core kernel. In fact, about two thirds of the patch
> >>> is just for the tools/ subdirectory, most of it due to some late perf
> >>> tool updates. The people involved promise they're done.
> >>
> >> Hmph. I'm still looking for the patch that restores the various
> >> CONFIG_DEFAULT_<security> kconfig options to be merged.
> >>
> >> https://lore.kernel.org/linux-security-module/[email protected]/
> >>
> >> since commit 70b62c25665f636c9f6c700b26af7df296b0887e dropped them somehow.
> >
> > AFAICT we don't have a finalized version of the patch yet.
> >
> > Kees?

Sorry for the delay -- back from travel now.

> As far as I can tell, Kees's comment
>
> It breaks the backward-compat for the "security=" line. If a system is
> booted with CONFIG_LSM="minors...,apparmor" and "security=selinux",
> neither apparmor nor selinux will be initialized. The logic on
> "security=..." depends on the other LSMs being present in the list.
>
> was just a confusion

Yes, you are correct here. This is what I get for drive-by comments
while travelling. :) However, I don't like that it creates an
incomplete LSM list for no reason. I'd like CONFIG_LSM to be built in
a way that future stack-enabling will Just Work. Leaving off LSMs
means it won't. My original patch doesn't change the behavior relative
to the old configs (i.e. the CONFIG_DEFAULT_SECURITY_* will still be
selected and turn off the others) but does allow the other LSMs to be
initialized in the future once earlier ones in the list become
stackable.

The part I don't understand is what you've said about TOMOYO being
primary and not wanting the others stackable? That kind of goes
against the point, but I'm happy to do that if you want it that way.
If so, my current proposal would be:

config LSM
string "Ordered list of enabled LSMs"
+ default
"yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if
DEFAULT_SECURITY_SMACK
+ default
"yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if
DEFAULT_SECURITY_APPARMOR
+ default "yama,loadpin,safesetid,integrity,tomoyo" if
DEFAULT_SECURITY_TOMOYO
+ default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC
default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"

Note that the last default line holds for both "new build" and
"selinux chosen". The other change from my earlier patch is that _DAC
must turn off all the legacy major LSMs to get the behavior Randy was
expecting. Shall I send a patch that does the above, or is there
another wrinkle?

Thanks!

-Kees

> the finalized version.
>
> From 72f5f21b800c87f9ec3600f6e3acfb654690d8f0 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <[email protected]>
> Date: Tue, 26 Mar 2019 05:56:30 +0900
> Subject: [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
>
> Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed
> CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from
> security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a
> default value. That commit expected that existing users (upgrading from
> Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with
> their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But
> since users might forget to edit CONFIG_LSM value, this patch revives
> the choice (only for providing the default value for CONFIG_LSM) in order
> to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their
> old kernel configs.
>
> Reported-by: Jakub Kicinski <[email protected]>
> Signed-off-by: Kees Cook <[email protected]>
> Signed-off-by: Tetsuo Handa <[email protected]>
> Acked-by: Casey Schaufler <[email protected]>
> ---
> security/Kconfig | 37 ++++++++++++++++++++++++++++++++++++-
> 1 file changed, 36 insertions(+), 1 deletion(-)
>
> diff --git a/security/Kconfig b/security/Kconfig
> index 1d6463f..2f29805 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -239,9 +239,44 @@ source "security/safesetid/Kconfig"
>
> source "security/integrity/Kconfig"
>
> +choice
> + prompt "Default security module [superseded by 'Ordered list of enabled LSMs' below]"
> + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
> + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
> + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
> + default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
> + default DEFAULT_SECURITY_DAC
> +
> + help
> + This choice is there only for converting CONFIG_DEFAULT_SECURITY in old
> + kernel config to CONFIG_LSM in new kernel config. Don't change this choice
> + unless you are creating a fresh kernel config, for this choice will be
> + ignored after CONFIG_LSM is once defined.
> +
> + config DEFAULT_SECURITY_SELINUX
> + bool "SELinux" if SECURITY_SELINUX=y
> +
> + config DEFAULT_SECURITY_SMACK
> + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
> +
> + config DEFAULT_SECURITY_TOMOYO
> + bool "TOMOYO" if SECURITY_TOMOYO=y
> +
> + config DEFAULT_SECURITY_APPARMOR
> + bool "AppArmor" if SECURITY_APPARMOR=y
> +
> + config DEFAULT_SECURITY_DAC
> + bool "Unix Discretionary Access Controls"
> +
> +endchoice
> +
> config LSM
> string "Ordered list of enabled LSMs"
> - default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
> + default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX
> + default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK
> + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO
> + default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR
> + default "yama,loadpin,safesetid,integrity"
> help
> A comma-separated list of LSMs, in initialization order.
> Any LSMs left off this list will be ignored. This can be
> --
> 1.8.3.1



--
Kees Cook

2019-03-27 20:31:29

by Tetsuo Handa

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 2019/03/28 4:16, Kees Cook wrote:
> The part I don't understand is what you've said about TOMOYO being
> primary and not wanting the others stackable? That kind of goes
> against the point, but I'm happy to do that if you want it that way.

Automatically enabling multiple legacy major LSMs might result in a confusion like
Jakub encountered. For a few releases from 5.1 (about one year or so?), since
CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in
their kernel configs, I guess that it is better not to enable TOMOYO automatically
until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM
and get used to use lsm= kernel command line option rather than security= kernel
command line option.


2019-03-27 20:46:46

by Kees Cook

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa
<[email protected]> wrote:
>
> On 2019/03/28 4:16, Kees Cook wrote:
> > The part I don't understand is what you've said about TOMOYO being
> > primary and not wanting the others stackable? That kind of goes
> > against the point, but I'm happy to do that if you want it that way.
>
> Automatically enabling multiple legacy major LSMs might result in a confusion like
> Jakub encountered.

The confusion wasn't multiple enabled: it was a change of what was
enabled (due to ignoring the old config). (My very first suggested
patch fixed this...)

> For a few releases from 5.1 (about one year or so?), since
> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in
> their kernel configs, I guess that it is better not to enable TOMOYO automatically
> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM
> and get used to use lsm= kernel command line option rather than security= kernel
> command line option.

It sounds like you want TOMOYO to stay an exclusive LSM? Should we
revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be
exclusive") instead? (I'm against this idea, but defer to you. I think
it should stay stackable since the goal is to entirely remove the
concept of exclusive LSMs.)

I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
also initializing TOMOYO, though. It should be a no-op. Is there some
situation where this is not true?

The situation you helped me see was that a TOMOYO user with
CONFIG_DEFAULT_SECURITY_TOMOYO would not want to see any exclusive LSM
also initialized, since that may NOT be a no-op.

So, AFAICT, my proposal fixes both Jakub's issue
(CONFIG_DEFAULT_SECURITY_* oldconfig entirely ignored) and Randy's
issue (subset of Jakub's: choosing DAC should mean no legacy major
initializes), and the "TOMOYO user surprised to see an exclusive LSM
also initialized". If you're happy with the proposed change in my
prior email, I'll send it properly to James. If not, what do you see
that needs changing?

Thanks!

-Kees


--
Kees Cook

2019-03-27 21:06:48

by Tetsuo Handa

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 2019/03/28 5:45, Kees Cook wrote:
> On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa
> <[email protected]> wrote:
>>
>> On 2019/03/28 4:16, Kees Cook wrote:
>>> The part I don't understand is what you've said about TOMOYO being
>>> primary and not wanting the others stackable? That kind of goes
>>> against the point, but I'm happy to do that if you want it that way.
>>
>> Automatically enabling multiple legacy major LSMs might result in a confusion like
>> Jakub encountered.
>
> The confusion wasn't multiple enabled: it was a change of what was
> enabled (due to ignoring the old config). (My very first suggested
> patch fixed this...)

Someone else might get confused when TOMOYO is automatically enabled
despite they did not specify TOMOYO in lsm= or security= or CONFIG_LSM.

>
>> For a few releases from 5.1 (about one year or so?), since
>> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in
>> their kernel configs, I guess that it is better not to enable TOMOYO automatically
>> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM
>> and get used to use lsm= kernel command line option rather than security= kernel
>> command line option.
>
> It sounds like you want TOMOYO to stay an exclusive LSM? Should we
> revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be
> exclusive") instead? (I'm against this idea, but defer to you. I think
> it should stay stackable since the goal is to entirely remove the
> concept of exclusive LSMs.)

I never want to revert a5e2fe7ede12. For transition period, I just don't
want to automatically enable TOMOYO when people did not specify TOMOYO.

>
> I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
> also initializing TOMOYO, though. It should be a no-op. Is there some
> situation where this is not true?

There should be no problem except some TOMOYO messages are printed.


2019-03-27 21:45:12

by Kees Cook

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On Wed, Mar 27, 2019 at 2:05 PM Tetsuo Handa
<[email protected]> wrote:
>
> On 2019/03/28 5:45, Kees Cook wrote:
> > On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa
> > <[email protected]> wrote:
> >>
> >> On 2019/03/28 4:16, Kees Cook wrote:
> >>> The part I don't understand is what you've said about TOMOYO being
> >>> primary and not wanting the others stackable? That kind of goes
> >>> against the point, but I'm happy to do that if you want it that way.
> >>
> >> Automatically enabling multiple legacy major LSMs might result in a confusion like
> >> Jakub encountered.
> >
> > The confusion wasn't multiple enabled: it was a change of what was
> > enabled (due to ignoring the old config). (My very first suggested
> > patch fixed this...)
>
> Someone else might get confused when TOMOYO is automatically enabled
> despite they did not specify TOMOYO in lsm= or security= or CONFIG_LSM.
>
> >
> >> For a few releases from 5.1 (about one year or so?), since
> >> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in
> >> their kernel configs, I guess that it is better not to enable TOMOYO automatically
> >> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM
> >> and get used to use lsm= kernel command line option rather than security= kernel
> >> command line option.
> >
> > It sounds like you want TOMOYO to stay an exclusive LSM? Should we
> > revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be
> > exclusive") instead? (I'm against this idea, but defer to you. I think
> > it should stay stackable since the goal is to entirely remove the
> > concept of exclusive LSMs.)
>
> I never want to revert a5e2fe7ede12. For transition period, I just don't
> want to automatically enable TOMOYO when people did not specify TOMOYO.
>
> >
> > I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
> > also initializing TOMOYO, though. It should be a no-op. Is there some
> > situation where this is not true?
>
> There should be no problem except some TOMOYO messages are printed.

Okay, so I should send my latest version of the patch to James? Or do
you explicitly want TOMOYO removed from all the CONFIG_LSM default
lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
the latter will lead to less testing of the stacking.)

--
Kees Cook

2019-03-27 22:06:49

by Tetsuo Handa

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 2019/03/28 6:43, Kees Cook wrote:
>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
>>> also initializing TOMOYO, though. It should be a no-op. Is there some
>>> situation where this is not true?
>>
>> There should be no problem except some TOMOYO messages are printed.
>
> Okay, so I should send my latest version of the patch to James? Or do
> you explicitly want TOMOYO removed from all the CONFIG_LSM default
> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
> the latter will lead to less testing of the stacking.)
>

My approach is "opt-in" while your approach is "opt-out". And the problem
here is that people might fail to change CONFIG_LSM from the default value
to what they need. (And Jakub did not change CONFIG_LSM to reflect
CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest
"opt-in" approach; which includes up to only one legacy major LSM and allows
people to change the default value to include multiple legacy major LSMs.

You can propose your latest version. If SELinux/Smack/AppArmor people
prefer "opt-out" approach, I'm fine with "opt-out" approach.


2019-03-27 22:24:11

by Casey Schaufler

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 3/27/2019 3:05 PM, Tetsuo Handa wrote:
> On 2019/03/28 6:43, Kees Cook wrote:
>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
>>>> also initializing TOMOYO, though. It should be a no-op. Is there some
>>>> situation where this is not true?
>>> There should be no problem except some TOMOYO messages are printed.
>> Okay, so I should send my latest version of the patch to James? Or do
>> you explicitly want TOMOYO removed from all the CONFIG_LSM default
>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
>> the latter will lead to less testing of the stacking.)
>>
> My approach is "opt-in" while your approach is "opt-out". And the problem
> here is that people might fail to change CONFIG_LSM from the default value
> to what they need. (And Jakub did not change CONFIG_LSM to reflect
> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest
> "opt-in" approach; which includes up to only one legacy major LSM and allows
> people to change the default value to include multiple legacy major LSMs.
>
> You can propose your latest version. If SELinux/Smack/AppArmor people
> prefer "opt-out" approach, I'm fine with "opt-out" approach.

In the long haul we want people to use CONFIG_LSM to set their
list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH
makes some sense, but it's important that we encourage a mindset change.
Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the
value from CONFIG_LSM, and make it the default?


2019-03-27 22:56:29

by Randy Dunlap

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 3/27/19 3:23 PM, Casey Schaufler wrote:
> On 3/27/2019 3:05 PM, Tetsuo Handa wrote:
>> On 2019/03/28 6:43, Kees Cook wrote:
>>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
>>>>> also initializing TOMOYO, though. It should be a no-op. Is there some
>>>>> situation where this is not true?
>>>> There should be no problem except some TOMOYO messages are printed.
>>> Okay, so I should send my latest version of the patch to James? Or do
>>> you explicitly want TOMOYO removed from all the CONFIG_LSM default
>>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
>>> the latter will lead to less testing of the stacking.)
>>>
>> My approach is "opt-in" while your approach is "opt-out". And the problem
>> here is that people might fail to change CONFIG_LSM from the default value
>> to what they need. (And Jakub did not change CONFIG_LSM to reflect
>> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest
>> "opt-in" approach; which includes up to only one legacy major LSM and allows
>> people to change the default value to include multiple legacy major LSMs.
>>
>> You can propose your latest version. If SELinux/Smack/AppArmor people
>> prefer "opt-out" approach, I'm fine with "opt-out" approach.
>
> In the long haul we want people to use CONFIG_LSM to set their
> list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH
> makes some sense, but it's important that we encourage a mindset change.
> Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the
> value from CONFIG_LSM, and make it the default?
>

Hi,

I'm still confused. Does this mindset change include removing support of
SECURITY_DAC? If so, where was this discussed and decided?
And if so (again), that feels like enforcing some kind of policy in the kernel.

thanks.
--
~Randy

2019-03-27 23:23:20

by Casey Schaufler

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On 3/27/2019 3:55 PM, Randy Dunlap wrote:
> On 3/27/19 3:23 PM, Casey Schaufler wrote:
>> On 3/27/2019 3:05 PM, Tetsuo Handa wrote:
>>> On 2019/03/28 6:43, Kees Cook wrote:
>>>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack)
>>>>>> also initializing TOMOYO, though. It should be a no-op. Is there some
>>>>>> situation where this is not true?
>>>>> There should be no problem except some TOMOYO messages are printed.
>>>> Okay, so I should send my latest version of the patch to James? Or do
>>>> you explicitly want TOMOYO removed from all the CONFIG_LSM default
>>>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
>>>> the latter will lead to less testing of the stacking.)
>>>>
>>> My approach is "opt-in" while your approach is "opt-out". And the problem
>>> here is that people might fail to change CONFIG_LSM from the default value
>>> to what they need. (And Jakub did not change CONFIG_LSM to reflect
>>> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest
>>> "opt-in" approach; which includes up to only one legacy major LSM and allows
>>> people to change the default value to include multiple legacy major LSMs.
>>>
>>> You can propose your latest version. If SELinux/Smack/AppArmor people
>>> prefer "opt-out" approach, I'm fine with "opt-out" approach.
>> In the long haul we want people to use CONFIG_LSM to set their
>> list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH
>> makes some sense, but it's important that we encourage a mindset change.
>> Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the
>> value from CONFIG_LSM, and make it the default?
>>
> Hi,
>
> I'm still confused. Does this mindset change include removing support of
> SECURITY_DAC?

No.

> If so, where was this discussed and decided?

[email protected] on threads related to security
module stacking. It's easy to get the same result with a CONFIG_LSM
that includes none of the SELinux, Smack, TOMOYO or AppArmor.

> And if so (again), that feels like enforcing some kind of policy in the kernel.

Again, not so. It's a change from "The not-more-the One Major Module" to
"Whatever set of policies works for you". The NULL set is completely
supported. The current flap is that it's more difficult to express doing
things the old way. Kees and Tetsuo are hashing out how best to support
old .confg files in support of automated tools.


> thanks.

2019-03-29 18:08:56

by James Morris

[permalink] [raw]
Subject: Re: Linux 5.1-rc2

On Wed, 27 Mar 2019, Kees Cook wrote:

> > There should be no problem except some TOMOYO messages are printed.
>
> Okay, so I should send my latest version of the patch to James? Or do
> you explicitly want TOMOYO removed from all the CONFIG_LSM default
> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry
> the latter will lead to less testing of the stacking.)

Kees, send me your final patch as soon as it's ready.


--
James Morris
<[email protected]>