Select Git revision
capability.c
-
Andrew G. Morgan authored
Source code out there hard-codes a notion of what the _LINUX_CAPABILITY_VERSION #define means in terms of the semantics of the raw capability system calls capget() and capset(). Its unfortunate, but true. Since the confusing header file has been in a released kernel, there is software that is erroneously using 64-bit capabilities with the semantics of 32-bit compatibilities. These recently compiled programs may suffer corruption of their memory when sys_getcap() overwrites more memory than they are coded to expect, and the raising of added capabilities when using sys_capset(). As such, this patch does a number of things to clean up the situation for all. It 1. forces the _LINUX_CAPABILITY_VERSION define to always retain its legacy value. 2. adopts a new #define strategy for the kernel's internal implementation of the preferred magic. 3. deprecates v2 capability magic in favor of a new (v3) magic number. The functionality of v3 is entirely equivalent to v2, the only difference being that the v2 magic causes the kernel to log a "deprecated" warning so the admin can find applications that may be using v2 inappropriately. [User space code continues to be encouraged to use the libcap API which protects the application from details like this. libcap-2.10 is the first to support v3 capabilities.] Fixes issue reported in https://bugzilla.redhat.com/show_bug.cgi?id=447518 . Thanks to Bojan Smojver for the report. [akpm@linux-foundation.org: s/depreciate/deprecate/g] [akpm@linux-foundation.org: be robust about put_user size] [akpm@linux-foundation.org: coding-style fixes] Signed-off-by:
Andrew G. Morgan <morgan@kernel.org> Cc: Serge E. Hallyn <serue@us.ibm.com> Cc: Bojan Smojver <bojan@rexursive.com> Cc: stable@kernel.org Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
Andrew G. Morgan authoredSource code out there hard-codes a notion of what the _LINUX_CAPABILITY_VERSION #define means in terms of the semantics of the raw capability system calls capget() and capset(). Its unfortunate, but true. Since the confusing header file has been in a released kernel, there is software that is erroneously using 64-bit capabilities with the semantics of 32-bit compatibilities. These recently compiled programs may suffer corruption of their memory when sys_getcap() overwrites more memory than they are coded to expect, and the raising of added capabilities when using sys_capset(). As such, this patch does a number of things to clean up the situation for all. It 1. forces the _LINUX_CAPABILITY_VERSION define to always retain its legacy value. 2. adopts a new #define strategy for the kernel's internal implementation of the preferred magic. 3. deprecates v2 capability magic in favor of a new (v3) magic number. The functionality of v3 is entirely equivalent to v2, the only difference being that the v2 magic causes the kernel to log a "deprecated" warning so the admin can find applications that may be using v2 inappropriately. [User space code continues to be encouraged to use the libcap API which protects the application from details like this. libcap-2.10 is the first to support v3 capabilities.] Fixes issue reported in https://bugzilla.redhat.com/show_bug.cgi?id=447518 . Thanks to Bojan Smojver for the report. [akpm@linux-foundation.org: s/depreciate/deprecate/g] [akpm@linux-foundation.org: be robust about put_user size] [akpm@linux-foundation.org: coding-style fixes] Signed-off-by:
Andrew G. Morgan <morgan@kernel.org> Cc: Serge E. Hallyn <serue@us.ibm.com> Cc: Bojan Smojver <bojan@rexursive.com> Cc: stable@kernel.org Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
pvr_params.h 2.51 KiB
/* SPDX-License-Identifier: GPL-2.0-only OR MIT */
/* Copyright (c) 2023 Imagination Technologies Ltd. */
#ifndef PVR_PARAMS_H
#define PVR_PARAMS_H
#include "pvr_rogue_fwif.h"
#include <linux/cache.h>
#include <linux/compiler_attributes.h>
/*
* This is the definitive list of types allowed in the definition of
* %PVR_DEVICE_PARAMS.
*/
#define PVR_PARAM_TYPE_X32_C u32
/*
* This macro defines all device-specific parameters; that is parameters which
* are set independently per device.
*
* The X-macro accepts the following arguments. Arguments marked with [debugfs]
* are ignored when debugfs is disabled; values used for these arguments may
* safely be gated behind CONFIG_DEBUG_FS.
*
* @type_: The definitive list of allowed values is PVR_PARAM_TYPE_*_C.
* @name_: Name of the parameter. This is used both as the field name in C and
* stringified as the parameter name.
* @value_: Initial/default value.
* @desc_: String literal used as help text to describe the usage of this
* parameter.
* @mode_: [debugfs] One of {RO,RW}. The access mode of the debugfs entry for
* this parameter.
* @update_: [debugfs] When debugfs support is enabled, parameters may be
* updated at runtime. When this happens, this function will be
* called to allow changes to propagate. The signature of this
* function is:
*
* void (*)(struct pvr_device *pvr_dev, T old_val, T new_val)
*
* Where T is the C type associated with @type_.
*
* If @mode_ does not allow write access, this function will never be
* called. In this case, or if no update callback is required, you
* should specify NULL for this argument.
*/
#define PVR_DEVICE_PARAMS \
X(X32, fw_trace_mask, ROGUE_FWIF_LOG_TYPE_NONE, \
"Enable FW trace for the specified groups. Specifying 0 disables " \
"all FW tracing.", \
RW, pvr_fw_trace_mask_update)
struct pvr_device_params {
#define X(type_, name_, value_, desc_, ...) \
PVR_PARAM_TYPE_##type_##_C name_;
PVR_DEVICE_PARAMS
#undef X
};
int pvr_device_params_init(struct pvr_device_params *params);
#if defined(CONFIG_DEBUG_FS)
/* Forward declaration from "pvr_device.h". */
struct pvr_device;
/* Forward declaration from <linux/dcache.h>. */
struct dentry;
void pvr_params_debugfs_init(struct pvr_device *pvr_dev, struct dentry *dir);
#endif /* defined(CONFIG_DEBUG_FS) */
#endif /* PVR_PARAMS_H */