user/sven/linux.git/include/linux, branch v3.18.2

audit: restore AUDIT_LOGINUID unset ABI

2015-01-08T18:30:27Z

commit 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 upstream. A regression was caused by commit 780a7654cee8: audit: Make testing for a valid loginuid explicit. (which in turn attempted to fix a regression caused by e1760bd) When audit_krule_to_data() fills in the rules to get a listing, there was a missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. This broke userspace by not returning the same information that was sent and expected. The rule: auditctl -a exit,never -F auid=-1 gives: auditctl -l LIST_RULES: exit,never f24=0 syscall=all when it should give: LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all Tag it so that it is reported the same way it was set. Create a new private flags audit_krule field (pflags) to store it that won't interact with the public one from the API. Signed-off-by: Richard Guy Briggs Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman

userns: Add a knob to disable setgroups on a per user namespace basis

2015-01-08T18:30:26Z

commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 upstream. - Expose the knob to user space through a proc file /proc//setgroups A value of "deny" means the setgroups system call is disabled in the current processes user namespace and can not be enabled in the future in this user namespace. A value of "allow" means the segtoups system call is enabled. - Descendant user namespaces inherit the value of setgroups from their parents. - A proc file is used (instead of a sysctl) as sysctls currently do not allow checking the permissions at open time. - Writing to the proc file is restricted to before the gid_map for the user namespace is set. This ensures that disabling setgroups at a user namespace level will never remove the ability to call setgroups from a process that already has that ability. A process may opt in to the setgroups disable for itself by creating, entering and configuring a user namespace or by calling setns on an existing user namespace with setgroups disabled. Processes without privileges already can not call setgroups so this is a noop. Prodcess with privilege become processes without privilege when entering a user namespace and as with any other path to dropping privilege they would not have the ability to call setgroups. So this remains within the bounds of what is possible without a knob to disable setgroups permanently in a user namespace. Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman

userns: Don't allow setgroups until a gid mapping has been setablished

2015-01-08T18:30:25Z

commit 273d2c67c3e179adb1e74f403d1e9a06e3f841b5 upstream. setgroups is unique in not needing a valid mapping before it can be called, in the case of setgroups(0, NULL) which drops all supplemental groups. The design of the user namespace assumes that CAP_SETGID can not actually be used until a gid mapping is established. Therefore add a helper function to see if the user namespace gid mapping has been established and call that function in the setgroups permission check. This is part of the fix for CVE-2014-8989, being able to drop groups without privilege using user namespaces. Reviewed-by: Andy Lutomirski Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman

groups: Consolidate the setgroups permission checks

2015-01-08T18:30:25Z

commit 7ff4d90b4c24a03666f296c3d4878cd39001e81e upstream. Today there are 3 instances of setgroups and due to an oversight their permission checking has diverged. Add a common function so that they may all share the same permission checking code. This corrects the current oversight in the current permission checks and adds a helper to avoid this in the future. A user namespace security fix will update this new helper, shortly. Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman

move d_rcu from overlapping d_child to overlapping d_alias

2014-12-16T17:39:06Z

commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman

Merge tag 'staging-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

2014-11-29T00:08:09Z

Pull staging/IIO driver fixes from Greg KH: "Here are some staging and IIO driver fixes for 3.18-rc7 that resolve a number of reported issues, and a new device id for a staging wireless driver. All of these have been in linux-next" * tag 'staging-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: r8188eu: Add new device ID for DLink GO-USB-N150 staging: r8188eu: Fix scheduling while atomic error introduced in commit fadbe0cd iio: accel: bmc150: set low default thresholds iio: accel: bmc150: Fix iio_event_spec direction iio: accel: bmc150: Send x, y and z motion separately iio: accel: bmc150: Error handling when mode set fails iio: gyro: bmg160: Fix iio_event_spec direction iio: gyro: bmg160: Send x, y and z motion separately iio: gyro: bmg160: Don't let interrupt mode to be open drain iio: gyro: bmg160: Error handling when mode set fails iio: adc: men_z188_adc: Add terminating entry for men_z188_ids iio: accel: kxcjk-1013: Fix kxcjk10013_set_range iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask

Merge tag 'iio-fixes-for-3.18c' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus

2014-11-26T19:06:36Z

Jonathan writes: Third set of IIO fixes for the 3.18 cycle. Most of these are fairly standard little fixes, a bmc150 and bmg160 patch is to make an ABI change to indicated a specific axis in an event rather than the generic option in the original drivers. As both of these drivers are new in this cycle it would be ideal to push this minor change through even though it isn't strictly a fix. A couple of other 'fixes' change defaults for some settings on these new drivers to more intuitive calues. Looks like some useful feedback has been coming in for this driver since it was applied. * IIO_EVENT_CODE_EXTRACT_DIR bit mask was wrong and has been for a while 0xCF clearly doesn't give a contiguous bitmask. * kxcjk-1013 range setting was failing to mask out the previous value in the register and hence was 'enable only'. * men_z188 device id table wasn't null terminated. * bmg160 and bmc150 both failed to correctly handling an error in mode setting. * bmg160 and bmc150 both had a bug in setting the event direction in the event spec (leads to an attribute name being incorrect) * bmg160 defaulted to an open drain output for the interrupt - as a default this obviously only works with some interrupt chips - hence change the default to push-pull (note this is a new driver so we aren't going to cause any regressions with this change). * bmc150 had an unintuitive default for the rate of change (motion detector) so change it to 0 (new driver so change of default won't cause any regressions).

kvm: fix kvm_is_mmio_pfn() and rename to kvm_is_reserved_pfn()

2014-11-26T13:40:45Z

This reverts commit 85c8555ff0 ("KVM: check for !is_zero_pfn() in kvm_is_mmio_pfn()") and renames the function to kvm_is_reserved_pfn. The problem being addressed by the patch above was that some ARM code based the memory mapping attributes of a pfn on the return value of kvm_is_mmio_pfn(), whose name indeed suggests that such pfns should be mapped as device memory. However, kvm_is_mmio_pfn() doesn't do quite what it says on the tin, and the existing non-ARM users were already using it in a way which suggests that its name should probably have been 'kvm_is_reserved_pfn' from the beginning, e.g., whether or not to call get_page/put_page on it etc. This means that returning false for the zero page is a mistake and the patch above should be reverted. Signed-off-by: Ard Biesheuvel Signed-off-by: Paolo Bonzini

Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc

2014-11-26T02:43:21Z

Pull powerpc fixes from Ben Herrenschmidt: "This series fix a nasty issue with radeon adapters on powerpc servers, it's all CC'ed stable and has the relevant maintainers ack's/reviews. Basically, some (radeon) adapters have issues with MSI addresses above 1T (only support 40-bits). We had powerpc specific quirk but it only listed a specific revision of an adapter that we shipped with our machines and didn't properly handle the audio function which some distros enable nowadays. So we made the quirk generic and fixed both the graphic and audio drivers properly to use it. Without that, ppc64 server machines will crash at boot with a radeon adapter. Note: This has been brewing for a while, it just needed a last respin which got delayed due to us moving ozlabs to a new location in town and other such things taking priority" * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc/pci: Remove unused force_32bit_msi quirk powerpc/pseries: Honor the generic "no_64bit_msi" flag powerpc/powernv: Honor the generic "no_64bit_msi" flag sound/radeon: Move 64-bit MSI quirk from arch to driver gpu/radeon: Set flag to indicate broken 64-bit MSI PCI/MSI: Add device flag indicating that 64-bit MSIs don't work ALSA: hda - Limit 40bit DMA for AMD HDMI controllers

Merge tag 'clk-fixes-for-linus' of https://git.linaro.org/people/mike.turquette/linux

2014-11-26T01:52:56Z

Pull clock fixes from Mike Turquette: "The fixes for the clock framework are all regressions in drivers, plus a single fix in one of the basic clock templates. No fixes to the core this time around. As with most clock driver fixes these run the gamut from fixing a build warning to fixing wrecked memory timings, with a little USB tossed in for fun" * tag 'clk-fixes-for-linus' of https://git.linaro.org/people/mike.turquette/linux: clk: pxa: fix pxa27x CCCR bit usage clk-divider: Fix READ_ONLY when divider > 1 clk: qcom: Fix duplicate rbcpr clock name clk: at91: usb: fix at91sam9x5 recalc, round and set rate clk: at91: usb: fix at91rm9200 round and set rate