/* * Copyright (C) 2010 IBM Corporation * * Authors: * Mimi Zohar <zohar@us.ibm.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2 of the License. * * File: evm_secfs.c * - Used to signal when key is on keyring * - Get the key and enable EVM */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/uaccess.h> #include <linux/module.h> #include "evm.h" static struct dentry *evm_init_tpm; /** * evm_read_key - read() for <securityfs>/evm * * @filp: file pointer, not actually used * @buf: where to put the result * @count: maximum to send along * @ppos: where to start * * Returns number of bytes read or error code, as appropriate */ static ssize_t evm_read_key(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { char temp[80]; ssize_t rc; if (*ppos != 0) return 0; sprintf(temp, "%d", evm_initialized); rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); return rc; } /** * evm_write_key - write() for <securityfs>/evm * @file: file pointer, not actually used * @buf: where to get the data from * @count: bytes sent * @ppos: where to start * * Used to signal that key is on the kernel key ring. * - get the integrity hmac key from the kernel key ring * - create list of hmac protected extended attributes * Returns number of bytes written or error code, as appropriate */ static ssize_t evm_write_key(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { char temp[80]; int i; if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_INIT_HMAC)) return -EPERM; if (count >= sizeof(temp) || count == 0) return -EINVAL; if (copy_from_user(temp, buf, count) != 0) return -EFAULT; temp[count] = '\0'; if ((sscanf(temp, "%d", &i) != 1) || (i != 1)) return -EINVAL; evm_init_key(); return count; } static const struct file_operations evm_key_ops = { .read = evm_read_key, .write = evm_write_key, }; int __init evm_init_secfs(void) { int error = 0; evm_init_tpm = securityfs_create_file("evm", S_IRUSR | S_IRGRP, NULL, NULL, &evm_key_ops); if (!evm_init_tpm || IS_ERR(evm_init_tpm)) error = -EFAULT; return error; } lue='range'>range</option> </select> <input class='txt' type='search' size='10' name='q' value=''/> <input type='submit' value='search'/> </form> </td></tr></table> <div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='2de2f7f40ef92313d76c3df7f545be5d0899b1aa'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'> <tr><th>author</th><td>John Fastabend <john.fastabend@gmail.com></td><td class='right'>2017-02-02 19:16:29 -0800</td></tr> <tr><th>committer</th><td>David S. Miller <davem@davemloft.net></td><td class='right'>2017-02-07 10:05:12 -0500</td></tr> <tr><th>commit</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/?id=2de2f7f40ef92313d76c3df7f545be5d0899b1aa'>2de2f7f40ef92313d76c3df7f545be5d0899b1aa</a> (<a href='/cgit.cgi/linux/net-next.git/patch/?id=2de2f7f40ef92313d76c3df7f545be5d0899b1aa'>patch</a>)</td></tr> <tr><th>tree</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/tree/?id=2de2f7f40ef92313d76c3df7f545be5d0899b1aa'>73e9b6dacb26981643c86a6eb9327bf546eb3bd9</a></td></tr> <tr><th>parent</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/?id=9fe7bfce8b3e112e8e08c40deb72ee7e24c6f072'>9fe7bfce8b3e112e8e08c40deb72ee7e24c6f072</a> (<a href='/cgit.cgi/linux/net-next.git/diff/?id=2de2f7f40ef92313d76c3df7f545be5d0899b1aa&id2=9fe7bfce8b3e112e8e08c40deb72ee7e24c6f072'>diff</a>)</td></tr></table> <div class='commit-subject'>virtio_net: XDP support for adjust_head</div><div class='commit-msg'>Add support for XDP adjust head by allocating a 256B header region that XDP programs can grow into. This is only enabled when a XDP program is loaded. In order to ensure that we do not have to unwind queue headroom push queue setup below bpf_prog_add. It reads better to do a prog ref unwind vs another queue setup call. At the moment this code must do a full reset to ensure old buffers without headroom on program add or with headroom on program removal are not used incorrectly in the datapath. Ideally we would only have to disable/enable the RX queues being updated but there is no API to do this at the moment in virtio so use the big hammer. In practice it is likely not that big of a problem as this will only happen when XDP is enabled/disabled changing programs does not require the reset. There is some risk that the driver may either have an allocation failure or for some reason fail to correctly negotiate with the underlying backend in this case the driver will be left uninitialized. I have not seen this ever happen on my test systems and for what its worth this same failure case can occur from probe and other contexts in virtio framework. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> </div><div class='diffstat-header'><a href='/cgit.cgi/linux/net-next.git/diff/?id=2de2f7f40ef92313d76c3df7f545be5d0899b1aa'>Diffstat</a></div><table summary='diffstat' class='diffstat'>