Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.18.17 2018-06-06T23:34:00+00:00 2018-06-06T23:34:00+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-06-06T23:34:00+00:00 urn:sha1:8b5c6a3a49d9ebc7dc288870b9c56c4f946035d8 Pull audit updates from Paul Moore: "Another reasonable chunk of audit changes for v4.18, thirteen patches in total. The thirteen patches can mostly be broken down into one of four categories: general bug fixes, accessor functions for audit state stored in the task_struct, negative filter matches on executable names, and extending the (relatively) new seccomp logging knobs to the audit subsystem. The main driver for the accessor functions from Richard are the changes we're working on to associate audit events with containers, but I think they have some standalone value too so I figured it would be good to get them in now. The seccomp/audit patches from Tyler apply the seccomp logging improvements from a few releases ago to audit's seccomp logging; starting with this patchset the changes in /proc/sys/kernel/seccomp/actions_logged should apply to both the standard kernel logging and audit. As usual, everything passes the audit-testsuite and it happens to merge cleanly with your tree" [ Heh, except it had trivial merge conflicts with the SELinux tree that also came in from Paul - Linus ] * tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: Fix wrong task in comparison of session ID audit: use existing session info function audit: normalize loginuid read access audit: use new audit_context access funciton for seccomp_actions_logged audit: use inline function to set audit context audit: use inline function to get audit context audit: convert sessionid unset to a macro seccomp: Don't special case audited processes when logging seccomp: Audit attempts to modify the actions_logged sysctl seccomp: Configurable separator for the actions_logged string seccomp: Separate read and write code for actions_logged sysctl audit: allow not equal op for audit by executable audit: add syscall information to FEATURE_CHANGE records 2018-05-14T21:24:18+00:00 Richard Guy Briggs rgb@redhat.com 2018-05-13T01:58:20+00:00 urn:sha1:cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5 Recognizing that the audit context is an internal audit value, use an access function to retrieve the audit context pointer for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: merge fuzz in auditsc.c and selinuxfs.c, checkpatch.pl fixes] Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-05-14T19:56:35+00:00 Richard Guy Briggs rgb@redhat.com 2018-05-13T01:58:19+00:00 urn:sha1:f0b752168d7091f38e7d61a80de2542e8b71d266 Use a macro, "AUDIT_SID_UNSET", to replace each instance of initialization and comparison to an audit session ID. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-04-16T05:50:09+00:00 Steffen Klassert steffen.klassert@secunet.com 2018-04-16T05:50:09+00:00 urn:sha1:b48c05ab5d32af2af4bc63851c153782d1c6ba42 We need to make sure that all states are really deleted before we check that the state lists are empty. Otherwise we trigger a warning. Fixes: baeb0dbbb5659 ("xfrm6_tunnel: exit_net cleanup check added") Reported-and-tested-by:syzbot+777bf170a89e7b326405@syzkaller.appspotmail.com Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2018-03-30T14:59:23+00:00 Kirill Tkhai ktkhai@virtuozzo.com 2018-03-29T14:03:25+00:00 urn:sha1:e9a441b6e729e16092fcc18e3962b952a01d1e3c Currently, driver registers it from pernet_operations::init method, and this breaks modularity, because initialization of net namespace and netdevice notifiers are orthogonal actions. We don't have per-namespace netdevice notifiers; all of them are global for all devices in all namespaces. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2018-02-28T16:43:28+00:00 Stephen Hemminger stephen@networkplumber.org 2018-02-27T23:48:21+00:00 urn:sha1:82695b30ffeeab665f41416c6f5015dea3147bd5 Ran simple script to find/remove trailing whitespace and blank lines at EOF because that kind of stuff git whines about and editors leave behind. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2018-01-18T09:42:59+00:00 Yossef Efraim yossefe@mellanox.com 2018-01-14T09:39:10+00:00 urn:sha1:50bd870a9e5cca9fcf5fb4c130c373643d7d9906 This patch adds ESN support to IPsec device offload. Adding new xfrm device operation to synchronize device ESN. Signed-off-by: Yossef Efraim <yossefe@mellanox.com> Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-12-29T20:42:26+00:00 David S. Miller davem@davemloft.net 2017-12-29T20:14:27+00:00 urn:sha1:6bb8824732f69de0f233ae6b1a8158e149627b38 net/ipv6/ip6_gre.c is a case of parallel adds. include/trace/events/tcp.h is a little bit more tricky. The removal of in-trace-macro ifdefs in 'net' paralleled with moving show_tcp_state_name and friends over to include/trace/events/sock.h in 'net-next'. Signed-off-by: David S. Miller <davem@davemloft.net> 2017-12-21T07:17:48+00:00 Shannon Nelson shannon.nelson@oracle.com 2017-12-19T23:35:47+00:00 urn:sha1:7f05b467a735aba1476d9ae8e0ae9d9d8e60066c The current XFRM code assumes that we've implemented the xdo_dev_state_free() callback, even if it is meaningless to the driver. This patch adds a check for it before calling, as done in other APIs, to prevent a NULL function pointer kernel crash. Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-12-20T09:41:48+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-12-20T09:41:48+00:00 urn:sha1:2271d5190ec60b06921c2e4e184fd1f4fad4e634 With support of async crypto operations in the GSO codepath we have everything in place to allow GSO for local sockets. This patch enables the GSO codepath. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>