/* CacheFiles security management * * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public Licence * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. */ #include #include #include "internal.h" /* * determine the security context within which we access the cache from within * the kernel */ int cachefiles_get_security_ID(struct cachefiles_cache *cache) { struct cred *new; int ret; _enter("{%s}", cache->secctx); new = prepare_kernel_cred(current); if (!new) { ret = -ENOMEM; goto error; } if (cache->secctx) { ret = set_security_override_from_ctx(new, cache->secctx); if (ret < 0) { put_cred(new); pr_err("Security denies permission to nominate security context: error %d\n", ret); goto error; } } cache->cache_cred = new; ret = 0; error: _leave(" = %d", ret); return ret; } /* * see if mkdir and create can be performed in the root directory */ static int cachefiles_check_cache_dir(struct cachefiles_cache *cache, struct dentry *root) { int ret; ret = security_inode_mkdir(d_backing_inode(root), root, 0); if (ret < 0) { pr_err("Security denies permission to make dirs: error %d", ret); return ret; } ret = security_inode_create(d_backing_inode(root), root, 0); if (ret < 0) pr_err("Security denies permission to create files: error %d", ret); return ret; } /* * check the security details of the on-disk cache * - must be called with security override in force * - must return with a security override in force - even in the case of an * error */ int cachefiles_determine_cache_security(struct cachefiles_cache *cache, struct dentry *root, const struct cred **_saved_cred) { struct cred *new; int ret; _enter(""); /* duplicate the cache creds for COW (the override is currently in * force, so we can use prepare_creds() to do this) */ new = prepare_creds(); if (!new) return -ENOMEM; cachefiles_end_secure(cache, *_saved_cred); /* use the cache root dir's security context as the basis with * which create files */ ret = set_create_files_as(new, d_backing_inode(root)); if (ret < 0) { abort_creds(new); cachefiles_begin_secure(cache, _saved_cred); _leave(" = %d [cfa]", ret); return ret; } put_cred(cache->cache_cred); cache->cache_cred = new; cachefiles_begin_secure(cache, _saved_cred); ret = cachefiles_check_cache_dir(cache, root); if (ret == -EOPNOTSUPP) ret = 0; _leave(" = %d", ret); return ret; } 0e4171659fa3482a422d'>net/dcb/Kconfig
el'>diff options
AgeCommit message (Expand)AuthorFilesLines
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-01 17:45:02 +0000
committerIngo Molnar <mingo@kernel.org>2017-02-01 21:17:49 +0100
commitc8f325a59cfc718d13a50fbc746ed9b415c25e92 (patch)
treed53fbdac9d0781e39a13b2ac6b2bd258cf3b4140 /include/net/bluetooth/hci.h
parentbf29bddf0417a4783da3b24e8c9e017ac649326f (diff)
efi/fdt: Avoid FDT manipulation after ExitBootServices()
Some AArch64 UEFI implementations disable the MMU in ExitBootServices(), after which unaligned accesses to RAM are no longer supported. Commit: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") fixed an issue in the memory map handling of the stub FDT code, but inadvertently created an issue with such firmware, by moving some of the FDT manipulation to after the invocation of ExitBootServices(). Given that the stub's libfdt implementation uses the ordinary, accelerated string functions, which rely on hardware handling of unaligned accesses, manipulating the FDT with the MMU off may result in alignment faults. So fix the situation by moving the update_fdt_memmap() call into the callback function invoked by efi_exit_boot_services() right before it calls the ExitBootServices() UEFI service (which is arguably a better place for it anyway) Note that disabling the MMU in ExitBootServices() is not compliant with the UEFI spec, and carries great risk due to the fact that switching from cached to uncached memory accesses halfway through compiler generated code (i.e., involving a stack) can never be done in a way that is architecturally safe. Fixes: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Riku Voipio <riku.voipio@linaro.org> Cc: <stable@vger.kernel.org> Cc: mark.rutland@arm.com Cc: linux-efi@vger.kernel.org Cc: matt@codeblueprint.co.uk Cc: leif.lindholm@linaro.org Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1485971102-23330-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'include/net/bluetooth/hci.h')