Eric Lee / smarc-fsl-linux-kernel

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

15 Mar, 2010

1 commit

05 Mar, 2010

1 commit

  • 0f2cc4ecd   Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 ... Browse Code »

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (52 commits)
    init: Open /dev/console from rootfs
    mqueue: fix typo "failues" -> "failures"
    mqueue: only set error codes if they are really necessary
    mqueue: simplify do_open() error handling
    mqueue: apply mathematics distributivity on mq_bytes calculation
    mqueue: remove unneeded info->messages initialization
    mqueue: fix mq_open() file descriptor leak on user-space processes
    fix race in d_splice_alias()
    set S_DEAD on unlink() and non-directory rename() victims
    vfs: add NOFOLLOW flag to umount(2)
    get rid of ->mnt_parent in tomoyo/realpath
    hppfs can use existing proc_mnt, no need for do_kern_mount() in there
    Mirror MS_KERNMOUNT in ->mnt_flags
    get rid of useless vfsmount_lock use in put_mnt_ns()
    Take vfsmount_lock to fs/internal.h
    get rid of insanity with namespace roots in tomoyo
    take check for new events in namespace (guts of mounts_poll()) to namespace.c
    Don't mess with generic_permission() under ->d_lock in hpfs
    sanitize const/signedness for udf
    nilfs: sanitize const/signedness in dealing with ->d_name.name
    ...

    Fix up fairly trivial (famous last words...) conflicts in
    drivers/infiniband/core/uverbs_main.c and security/tomoyo/realpath.c

    Linus Torvalds
     

04 Mar, 2010

2 commits

01 Mar, 2010

1 commit

26 Feb, 2010

1 commit

17 Feb, 2010

1 commit

16 Feb, 2010

3 commits

15 Feb, 2010

4 commits

  • 847b173ea   TOMOYO: Add garbage collector. ... Browse Code »

    This patch adds garbage collector support to TOMOYO.
    Elements are protected by "struct srcu_struct tomoyo_ss".

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • ec8e6a4e0   TOMOYO: Add refcounter on domain structure. ... Browse Code »

    Add refcounter to "struct tomoyo_domain_info" since garbage collector needs to
    determine whether this struct is referred by "struct cred"->security or not.

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 76bb0895d   TOMOYO: Merge headers. ... Browse Code »

    Gather structures and constants scattered around security/tomoyo/ directory.
    This is for preparation for adding garbage collector since garbage collector
    needs to know structures and constants which TOMOYO uses.

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • bf24fb016   TOMOYO: Add refcounter on string data. ... Browse Code »

    Add refcounter to "struct tomoyo_name_entry" and replace tomoyo_save_name()
    with tomoyo_get_name()/tomoyo_put_name() pair so that we can kfree() when
    garbage collector is added.

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     

11 Feb, 2010

1 commit

08 Feb, 2010

1 commit

  • ea13ddbad   TOMOYO: Extract bitfield ... Browse Code »

    Since list elements are rounded up to kmalloc() size rather than sizeof(int),
    saving one byte by using bitfields is no longer helpful.

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     

27 Jan, 2010

1 commit

  • 8e2d39a16   TOMOYO: Remove usage counter for temporary memory. ... Browse Code »

    TOMOYO was using own memory usage counter for detecting memory leak.
    But as kernel 2.6.31 introduced memory leak detection mechanism
    ( CONFIG_DEBUG_KMEMLEAK ), we no longer need to have own counter.

    We remove usage counter for memory used for permission checks, but we keep
    usage counter for memory used for policy so that we can apply quota.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

18 Jan, 2010

1 commit

14 Jan, 2010

1 commit

  • 6d125529c   Fix ACC_MODE() for real ... Browse Code »

    commit 5300990c0370e804e49d9a59d928c5d53fb73487 had stepped on a rather
    nasty mess: definitions of ACC_MODE used to be different. Fixed the
    resulting breakage, converting them to variant that takes O_... value;
    all callers have that and it actually simplifies life (see tomoyo part
    of changes).

    Signed-off-by: Al Viro

    Al Viro
     

11 Jan, 2010

3 commits

  • cd7bec6ad   TOMOYO: Remove memory pool for list elements. ... Browse Code »

    Currently, TOMOYO allocates memory for list elements from memory pool allocated
    by kmalloc(PAGE_SIZE). But that makes it difficult to kfree() when garbage
    collector is added. Thus, remove memory pool and use kmalloc(sizeof()).

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • e41035a99   TOMOYO: Remove memory pool for string data. ... Browse Code »

    Currently, TOMOYO allocates memory for string data from memory pool allocated
    by kmalloc(PAGE_SIZE). But that makes it difficult to kfree() when garbage
    collector is added. Thus, remove memory pool and use kmalloc(strlen()).

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • f737d95dd   TOMOYO: Replace rw_semaphore by mutex. ... Browse Code »

    Since readers no longer use down_read(), writers no longer
    need to use rw_semaphore. Replace individual rw_semaphore by
    single mutex.

    Signed-off-by: Tetsuo Handa
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    Tetsuo Handa
     

23 Dec, 2009

1 commit

  • 5300990c0   Sanitize f_flags helpers ... Browse Code »

    * pull ACC_MODE to fs.h; we have several copies all over the place
    * nightmarish expression calculating f_mode by f_flags deserves a helper
    too (OPEN_FMODE(flags))

    Signed-off-by: Al Viro

    Al Viro
     

15 Dec, 2009

1 commit

09 Dec, 2009

2 commits

08 Dec, 2009

2 commits

  • 1557d3300   Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6 ... Browse Code »

    * git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)
    security/tomoyo: Remove now unnecessary handling of security_sysctl.
    security/tomoyo: Add a special case to handle accesses through the internal proc mount.
    sysctl: Drop & in front of every proc_handler.
    sysctl: Remove CTL_NONE and CTL_UNNUMBERED
    sysctl: kill dead ctl_handler definitions.
    sysctl: Remove the last of the generic binary sysctl support
    sysctl net: Remove unused binary sysctl code
    sysctl security/tomoyo: Don't look at ctl_name
    sysctl arm: Remove binary sysctl support
    sysctl x86: Remove dead binary sysctl support
    sysctl sh: Remove dead binary sysctl support
    sysctl powerpc: Remove dead binary sysctl support
    sysctl ia64: Remove dead binary sysctl support
    sysctl s390: Remove dead sysctl binary support
    sysctl frv: Remove dead binary sysctl support
    sysctl mips/lasat: Remove dead binary sysctl support
    sysctl drivers: Remove dead binary sysctl support
    sysctl crypto: Remove dead binary sysctl support
    sysctl security/keys: Remove dead binary sysctl support
    sysctl kernel: Remove binary sysctl logic
    ...

    Linus Torvalds
     
  • 937bf6133   TOMOYO: Add rest of file operation restrictions. ... Browse Code »

    LSM hooks for chmod()/chown()/chroot() are now ready.
    This patch utilizes these hooks.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

25 Nov, 2009

1 commit

  • 7539cf4b9   TOMOYO: Add recursive directory matching operator support. ... Browse Code »

    TOMOYO 1.7.1 has recursive directory matching operator support.
    I want to add it to TOMOYO for Linux 2.6.33 .
    ----------
    [PATCH] TOMOYO: Add recursive directory matching operator support.

    This patch introduces new operator /\{dir\}/ which matches
    '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/ /dir/dir/dir/ ).

    Signed-off-by: Tetsuo Handa
    Acked-by: John Johansen
    Signed-off-by: James Morris

    Tetsuo Handa
     

21 Nov, 2009

2 commits

  • c656ae95d   security/tomoyo: Remove now unnecessary handling of security_sysctl. ... Browse Code »

    Now that sys_sysctl is an emulation on top of proc sys all sysctl
    operations look like normal filesystem operations and we don't need
    to use the special sysctl hook to authenticate them.

    Acked-by: Tetsuo Handa
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     
  • a4054b6b2   security/tomoyo: Add a special case to handle accesses through the internal proc mount. ... Browse Code »

    With the change of sys_sysctl going through the internal proc mount we no
    longer need to handle security_sysctl in tomoyo as we have valid pathnames
    for all sysctl accesses. There is one slight caveat to that in that
    all of the paths from the internal mount look like
    "/sys/net/ipv4/ip_local_port_range" instead of
    "/proc/sys/net/ipv4/ip_local_port_range" so tomoyo needs to add the
    "/proc" portion manually when resolving to full path names to get what it expects.

    This change teaches tomoyo perform that modification.

    Acked-by: Tetsuo Handa
    Acked-by: John Johansen
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     

12 Nov, 2009

1 commit

29 Oct, 2009

1 commit

  • 024e1a494   tomoyo: improve hash bucket dispersion ... Browse Code »

    When examining the network device name hash, it was discovered that
    the low order bits of full_name_hash() are not very well dispersed
    across the possible values. When used by filesystem code, this is handled
    by folding with the function hash_long().

    The only other non-filesystem usage of full_name_hash() at this time
    appears to be in TOMOYO. This patch should fix that.

    I do not use TOMOYO at this time, so this patch is build tested only.

    Signed-off-by: Stephen Hemminger
    Acked-by: Tetsuo Handa
    Signed-off-by: James Morris

    Stephen Hemminger
     

02 Sep, 2009

1 commit

  • ee18d64c1   KEYS: Add a keyctl to install a process's session keyring on its parent [try #6] ... Browse Code »

    Add a keyctl to install a process's session keyring onto its parent. This
    replaces the parent's session keyring. Because the COW credential code does
    not permit one process to change another process's credentials directly, the
    change is deferred until userspace next starts executing again. Normally this
    will be after a wait*() syscall.

    To support this, three new security hooks have been provided:
    cred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in
    the blank security creds and key_session_to_parent() - which asks the LSM if
    the process may replace its parent's session keyring.

    The replacement may only happen if the process has the same ownership details
    as its parent, and the process has LINK permission on the session keyring, and
    the session keyring is owned by the process, and the LSM permits it.

    Note that this requires alteration to each architecture's notify_resume path.
    This has been done for all arches barring blackfin, m68k* and xtensa, all of
    which need assembly alteration to support TIF_NOTIFY_RESUME. This allows the
    replacement to be performed at the point the parent process resumes userspace
    execution.

    This allows the userspace AFS pioctl emulation to fully emulate newpag() and
    the VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to
    alter the parent process's PAG membership. However, since kAFS doesn't use
    PAGs per se, but rather dumps the keys into the session keyring, the session
    keyring of the parent must be replaced if, for example, VIOCSETTOK is passed
    the newpag flag.

    This can be tested with the following program:

    #include
    #include
    #include

    #define KEYCTL_SESSION_TO_PARENT 18

    #define OSERROR(X, S) do { if ((long)(X) == -1) { perror(S); exit(1); } } while(0)

    int main(int argc, char **argv)
    {
    key_serial_t keyring, key;
    long ret;

    keyring = keyctl_join_session_keyring(argv[1]);
    OSERROR(keyring, "keyctl_join_session_keyring");

    key = add_key("user", "a", "b", 1, keyring);
    OSERROR(key, "add_key");

    ret = keyctl(KEYCTL_SESSION_TO_PARENT);
    OSERROR(ret, "KEYCTL_SESSION_TO_PARENT");

    return 0;
    }

    Compiled and linked with -lkeyutils, you should see something like:

    [dhowells@andromeda ~]$ keyctl show
    Session Keyring
    -3 --alswrv 4043 4043 keyring: _ses
    355907932 --alswrv 4043 -1 \_ keyring: _uid.4043
    [dhowells@andromeda ~]$ /tmp/newpag
    [dhowells@andromeda ~]$ keyctl show
    Session Keyring
    -3 --alswrv 4043 4043 keyring: _ses
    1055658746 --alswrv 4043 4043 \_ user: a
    [dhowells@andromeda ~]$ /tmp/newpag hello
    [dhowells@andromeda ~]$ keyctl show
    Session Keyring
    -3 --alswrv 4043 4043 keyring: hello
    340417692 --alswrv 4043 4043 \_ user: a

    Where the test program creates a new session keyring, sticks a user key named
    'a' into it and then installs it on its parent.

    Signed-off-by: David Howells
    Signed-off-by: James Morris

    David Howells
     

19 Jun, 2009

2 commits

09 Jun, 2009

3 commits