Pull security subsystem updates from James Morris:
"New notable features:
- The seccomp work from Will Drewry
- PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski
- Longer security labels for Smack from Casey Schaufler
- Additional ptrace restriction modes for Yama by Kees Cook"
Fix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)
apparmor: fix long path failure due to disconnected path
apparmor: fix profile lookup for unconfined
ima: fix filename hint to reflect script interpreter name
KEYS: Don't check for NULL key pointer in key_validate()
Smack: allow for significantly longer Smack labels v4
gfp flags for security_inode_alloc()?
Smack: recursive tramsmute
Yama: replace capable() with ns_capable()
TOMOYO: Accept manager programs which do not start with / .
KEYS: Add invalidation support
KEYS: Do LRU discard in full keyrings
KEYS: Permit in-place link replacement in keyring list
KEYS: Perform RCU synchronisation on keys prior to key destruction
KEYS: Announce key type (un)registration
KEYS: Reorganise keys Makefile
KEYS: Move the key config into security/keys/Kconfig
KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat
Yama: remove an unused variable
samples/seccomp: fix dependencies on arch macros
Yama: add additional ptrace scopes
...
Everything is using sparseirq these days, so we have no need to
arbitrarily size nr_irqs ahead of time. The legacy IRQ pre-allocation
likewise has no meaning for us, so that's killed off too. We now depend
on nr_irqs expansion by the generic hardirq layer instead.
It's also worth noting that the majority of boards had completely bogus
values for their nr_irqs relative to their CPU and configurations, so
this ends up correcting behaviour for quite a few platforms.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This migrates SH7786 to evt2irq() backed hwirq lookup rather than
using an open-coded calculation. This will make it possible to reposition
the vector base at a later point in time.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This brings the sh64 version in line with the sh32 one with regards to
how errors are handled. Base work for further unification of the
implementations.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This provides a simple interface modelled after sparc64/m32r to encode
the error code in the upper byte of thread_info for finer-grained
handling in the page fault path.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This is an sh2a device (max 266MHz) with FPU, video display
controller (VDC), 8 serial ports, 4 I2C channels, 3 CAN ports,
SD and on-chip USB.
Signed-off-by: Phil Edworthy <phil.edworthy@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This is an sh2a device with FPU, video display controller (VDC),
8 serial ports, 3 I2C channels, 2 CAN ports, SD and on-chip USB.
Signed-off-by: Phil Edworthy <phil.edworthy@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
While the trap number and error code are passed around for debugging
purposes, this occurs wholly independently of the thread struct values.
These values were never part of the sigcontext ABI and are thus never
passed anywhere, so we can just kill them off across the board.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This implements basic -fstack-protector support, based on the early ARM
version in c743f38013. The SMP case is
limited to the initial canary value, while the UP case handles per-task
granularity (limited to 32-bit sh until a new enough sh64 compiler
manifests itself).
Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com>
Signed-off-by: Stuart Menefy <stuart.menefy@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This change is inspired by
https://lkml.org/lkml/2012/4/16/14
which fixes the build warnings for arches that don't support
CONFIG_HAVE_ARCH_SECCOMP_FILTER.
In particular, there is no requirement for the return value of
secure_computing() to be checked unless the architecture supports
seccomp filter. Instead of silencing the warnings with (void)
a new static inline is added to encode the expected behavior
in a compiler and human friendly way.
v2: - cleans things up with a static inline
- removes sfr's signed-off-by since it is a different approach
v1: - matches sfr's original change
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Some SCIF devices specify the same IRQ. We can use SCIx_IRQ_MUXED for this.
This is correction to the SH2/SH2A series.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Some SCIF devices specify the same IRQ. We can use SCIx_IRQ_MUXED for this.
And change use to evt2irq(), without specifying the value of IRQ directly.
This is correction to the SH3 series.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Some SCIF devices specify the same IRQ. We can use SCIx_IRQ_MUXED for this.
And change use to evt2irq(), without specifying the value of IRQ directly.
This is correction to the SH4 series.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Some SCIF devices specify the same IRQ. We can use SCIx_IRQ_MUXED for this.
And change use to evt2irq(), without specifying the value of IRQ directly.
This is correction to the SH4A series.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
