14 Oct, 2009
1 commit
-
The capabilities syscall has a copy_from_user() call where gcc currently
cannot prove to itself that the copy is always within bounds.This patch adds a very explicity bound check to prove to gcc that this
copy_from_user cannot overflow its destination buffer.Signed-off-by: Arjan van de Ven
Acked-by: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: James Morris
12 Oct, 2009
3 commits
-
This patch allows LSM modules to determine based on original mount flags
passed to mount(). A LSM module can get masked mount flags (if needed) byflags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE |
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch allows pathname based LSM modules to check chroot() operations.
This hook is used by TOMOYO.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
This patch allows pathname based LSM modules to check chmod()/chown()
operations. Since notify_change() does not receive "struct vfsmount *",
we add security_path_chmod() and security_path_chown() to the caller of
notify_change().These hooks are used by TOMOYO.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
07 Oct, 2009
3 commits
-
Drop remapping of netlink classes and bypass of permission checking
based on netlink message type for policy version < 18. This removes
compatibility code introduced when the original single netlink
security class used for all netlink sockets was split into
finer-grained netlink classes based on netlink protocol and when
permission checking was added based on netlink message type in Linux
2.6.8. The only known distribution that shipped with SELinux and
policy < 18 was Fedora Core 2, which was EOL'd on 2005-04-11.Given that the remapping code was never updated to address the
addition of newer netlink classes, that the corresponding userland
support was dropped in 2005, and that the assumptions made by the
remapping code about the fixed ordering among netlink classes in the
policy may be violated in the future due to the dynamic class/perm
discovery support, we should drop this compatibility code now.Signed-off-by: Stephen Smalley
Signed-off-by: James Morris -
Add a simple utility (scripts/selinux/genheaders) and invoke it to
generate the kernel-private class and permission indices in flask.h
and av_permissions.h automatically during the kernel build from the
security class mapping definitions in classmap.h. Adding new kernel
classes and permissions can then be done just by adding them to classmap.h.Signed-off-by: Stephen Smalley
Signed-off-by: James Morris -
Modify SELinux to dynamically discover class and permission values
upon policy load, based on the dynamic object class/perm discovery
logic from libselinux. A mapping is created between kernel-private
class and permission indices used outside the security server and the
policy values used within the security server.The mappings are only applied upon kernel-internal computations;
similar mappings for the private indices of userspace object managers
is handled on a per-object manager basis by the userspace AVC. The
interfaces for compute_av and transition_sid are split for kernel
vs. userspace; the userspace functions are distinguished by a _user
suffix.The kernel-private class indices are no longer tied to the policy
values and thus do not need to skip indices for userspace classes;
thus the kernel class index values are compressed. The flask.h
definitions were regenerated by deleting the userspace classes from
refpolicy's definitions and then regenerating the headers. Going
forward, we can just maintain the flask.h, av_permissions.h, and
classmap.h definitions separately from policy as they are no longer
tied to the policy values. The next patch introduces a utility to
automate generation of flask.h and av_permissions.h from the
classmap.h definitions.The older kernel class and permission string tables are removed and
replaced by a single security class mapping table that is walked at
policy load to generate the mapping. The old kernel class validation
logic is completely replaced by the mapping logic.The handle unknown logic is reworked. reject_unknown=1 is handled
when the mappings are computed at policy load time, similar to the old
handling by the class validation logic. allow_unknown=1 is handled
when computing and mapping decisions - if the permission was not able
to be mapped (i.e. undefined, mapped to zero), then it is
automatically added to the allowed vector. If the class was not able
to be mapped (i.e. undefined, mapped to zero), then all permissions
are allowed for it if allow_unknown=1.avc_audit leverages the new security class mapping table to lookup the
class and permission names from the kernel-private indices.The mdp program is updated to use the new table when generating the
class definitions and allow rules for a minimal boot policy for the
kernel. It should be noted that this policy will not include any
userspace classes, nor will its policy index values for the kernel
classes correspond with the ones in refpolicy (they will instead match
the kernel-private indices).Signed-off-by: Stephen Smalley
Signed-off-by: James Morris
01 Oct, 2009
1 commit
-
The previously sent patch:
http://marc.info/?l=tpmdd-devel&m=125208945007834&w=2
Had its first hunk cropped when merged, submitting only this first hunk
again.Signed-off-by: Jason Gunthorpe
Cc: Debora Velarde
Cc: Marcel Selhorst
Cc: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Rajiv Andrade
Acked-by: Mimi Zohar
Tested-by: Mimi Zohar
Signed-off-by: James Morris
30 Sep, 2009
2 commits
-
This patch resets the security_ops to the secondary_ops before it flushes
the avc. It's still possible that a task on another processor could have
already passed the security_ops dereference and be executing an selinux hook
function which would add a new avc entry. That entry would still not be
freed. This should however help to reduce the number of needless avcs the
kernel has when selinux is disabled at run time. There is no wasted
memory if selinux is disabled on the command line or not compiled.Signed-off-by: Eric Paris
Signed-off-by: James Morris
28 Sep, 2009
8 commits
-
.. duplicated by merging the same fix twice, for details see commit
0d9df2515dbceb67d343c0f10fd3ff218380d524 ("Merge
git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes")Signed-off-by: Linus Torvalds
-
The following commit made console open fails while booting:
commit b50989dc444599c8b21edc23536fc305f4e9b7d5
Author: Alan Cox
Date: Sat Sep 19 13:13:22 2009 -0700tty: make the kref destructor occur asynchronously
Due to tty release routines run in a workqueue now, error like the
following will be reported while booting:INIT open /dev/console Input/output error
It also causes hibernation regression to appear as reported at
http://bugzilla.kernel.org/show_bug.cgi?id=14229The reason is that now there's latency issue with closing, but when
we open a "closing not finished" tty, -EIO will be returned.Fix it as per the following Alan's suggestion:
Fun but it's actually not a bug and the fix is wrong in itself as
the port may be closing but not yet being destructed, in which case
it seems to do the wrong thing. Opening a tty that is closing (and
could be closing for long periods) is supposed to return -EIO.I suspect a better way to deal with this and keep the old console
timing is to split tty->shutdown into two functions.tty->shutdown() - called synchronously just before we dump the tty
onto the waitqueue for destructiontty->cleanup() - called when the destructor runs.
We would then do the shutdown part which can occur in IRQ context
fine, before queueing the rest of the release (from tty->magic = 0
... the end) to occur asynchronouslyThe USB update in -next would then need a call like
if (tty->cleanup)
tty->cleanup(tty);at the top of the async function and the USB shutdown to be split
between shutdown and cleanup as the USB resource cleanup and final
tidy cannot occur synchronously as it needs to sleep.In other words the logic becomes
final kref put
make object unfindableasync
clean it upSigned-off-by: Dave Young
[ rjw: Rebased on top of 2.6.31-git, reworked the changelog. ]
Signed-off-by: "Rafael J. Wysocki"
[ Changed serial naming to match new rules, dropped tty_shutdown as per
comments from Alan Stern - Linus ]
Signed-off-by: Linus Torvalds -
Commit 3d5b6fb47a8e68fa311ca2c3447e7f8a7c3a9cf3 ("ACPI: Kill overly
verbose "power state" log messages") removed the actual use of this
variable, but didn't remove the variable itself, resulting in build
warnings likedrivers/acpi/processor_idle.c: In function ‘acpi_processor_power_init’:
drivers/acpi/processor_idle.c:1169: warning: unused variable ‘i’Just get rid of the now unused variable.
Signed-off-by: Linus Torvalds
-
* mark struct vm_area_struct::vm_ops as const
* mark vm_ops in AGP codeBut leave TTM code alone, something is fishy there with global vm_ops
being used.Signed-off-by: Alexey Dobriyan
Signed-off-by: Linus Torvalds -
* 'timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
hrtimer: Eliminate needless reprogramming of clock events device -
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: IA64=y ACPI=n build fix
ACPI: Kill overly verbose "power state" log messages
ACPI: fix Compaq Evo N800c (Pentium 4m) boot hang regression
ACPI: Clarify resource conflict message
thinkpad-acpi: fix CONFIG_THINKPAD_ACPI_HOTKEY_POLL build problem -
…git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: Fix hwpoison code related build failure on 32-bit NUMAQ
27 Sep, 2009
22 commits
-
ia64's sim_defconfig uses CONFIG_ACPI=n
which now #define's acpi_disabled inSo we shouldn't re-define it here in
Signed-off-by: Len Brown
-
I was recently lucky enough to get a 64-CPU system, so my kernel log
ends up with 64 lines like:ACPI: CPU0 (power states: C1[C1] C2[C3])
This is pretty useless clutter because this info is already available
after boot from both /sys/devices/system/cpu/cpu*/cpuidle/state?/ as
well as /proc/acpi/processor/CPU*/power.So just delete the code that prints the C-states in processor_idle.c.
Signed-off-by: Roland Dreier
Signed-off-by: Len Brown -
This build failure triggers:
In file included from include/linux/suspend.h:8,
from arch/x86/kernel/asm-offsets_32.c:11,
from arch/x86/kernel/asm-offsets.c:2:
include/linux/mm.h:503:2: error: #error SECTIONS_WIDTH+NODES_WIDTH+ZONES_WIDTH > BITS_PER_LONG - NR_PAGEFLAGSBecause due to the hwpoison page flag we ran out of page
flags on 32-bit.Dont turn on hwpoison on 32-bit NUMA (it's rare in any
case).Also clean up the Kconfig dependencies in the generic MM
code by introducing ARCH_SUPPORTS_MEMORY_FAILURE.Signed-off-by: Linus Torvalds
Signed-off-by: Ingo Molnar -
Don't disable ARB_DISABLE when the familary ID is 0x0F.
http://bugzilla.kernel.org/show_bug.cgi?id=14211
This was a 2.6.31 regression, and so this patch
needs to be applied to 2.6.31.stableSigned-off-by: Zhao Yakui
Signed-off-by: Len Brown -
The message "ACPI: Device needs an ACPI driver" is misleading. The
device _may_ need an ACPI driver, if the BIOS implemented a custom
API for the device in question (which, AFAIK, can't be checked.) If
not, then either a generic ACPI driver may be used (for example
"thermal"), or nothing can be done (other than a white list).I propose to reword the message to:
ACPI: If an ACPI driver is available for this device, you should use
it instead of the native driverwhich I think is more correct. Comments and suggestions welcome.
I also added a message warning about possible problems and system
instability when users pass acpi_enforce_resources=lax, as suggested
by Len.Signed-off-by: Jean Delvare
Cc: Thomas Renninger
Cc: Alan Jenkins
Signed-off-by: Len Brown -
Fix this problem when CONFIG_THINKPAD_ACPI_HOTKEY_POLL is undefined:
CHECK drivers/platform/x86/thinkpad_acpi.c
drivers/platform/x86/thinkpad_acpi.c:1968:21: error: not an lvalue
CC [M] drivers/platform/x86/thinkpad_acpi.o
drivers/platform/x86/thinkpad_acpi.c: In function 'tpacpi_hotkey_driver_mask_set':
drivers/platform/x86/thinkpad_acpi.c:1968: error: lvalue required as left operand of assignmentReported-by: Noah Dain
Reported-by: Audrius Kazukauskas
Signed-off-by: Henrique de Moraes Holschuh
Signed-off-by: Len Brown -
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] implement ticket locks for Itanium -
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
alpha: fix build after vmlinux.lds.S cleanup
mips: fix build of vmlinux.lds -
* 'for-linus' of git://git.o-hand.com/linux-rpurdie-leds:
leds: move leds-clevo-mail's probe function to .devinit.text
leds: Fix indentation in LEDS_LP3944 Kconfig entry
leds: Fix LED names
leds: Fix leds-pca9532 whitespace issues
leds: fix coding style in worker thread code for ledtrig-gpio.
leds: gpio-leds: fix typographics fault
leds: Add WM831x status LED driver -
* 'for-linus' of git://git.o-hand.com/linux-rpurdie-backlight:
backlight: new driver for ADP5520/ADP5501 MFD PMICs
backlight: extend event support to also support poll()
backlight/eeepc-laptop: Update the backlight state when we change brightness
backlight/acpi: Update the backlight state when we change brightness
backlight: Allow drivers to update the core, and generate events on changes
backlight: switch to da903x driver to dev_pm_ops
backlight: Add support for the Avionic Design Xanthos backlight device.
backlight: spi driver for LMS283GF05 LCD
backlight: move hp680-bl's probe function to .devinit.text
backlight: Add support for new Apple machines.
backlight: mbp_nvidia_bl: add support for MacBookAir 1,1
backlight: Add WM831x backlight driverTrivial conflicts due to '#ifdef CONFIG_PM' differences in
drivers/video/backlight/da903x_bl.c -
* remove asm/atomic.h inclusion from kref.h -- not needed, linux/types.h
is enough for atomic_t
* remove linux/kref.h inclusion from files which do not need it.Signed-off-by: Alexey Dobriyan
Signed-off-by: Linus Torvalds -
…/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: Add memory barrier commentary to futex_wait_queue_me()
futex: Fix wakeup race by setting TASK_INTERRUPTIBLE before queue_me()
futex: Correct futex_q woken state commentary
futex: Make function kernel-doc commentary consistent
futex: Correct queue_me and unqueue_me commentary
futex: Correct futex_wait_requeue_pi() commentary -
…/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf tools: Dont use openat()
perf tools: Fix buffer allocation
perf tools: .gitignore += perf*.html
perf tools: Handle relative paths while loading module symbols
perf tools: Fix module symbol loading bug
perf_event, x86: Fix 'perf sched record' crashing the machine
perf_event: Update PERF_EVENT_FORK header definition
perf stat: Fix zero total printouts -
…el/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
clocksource: Resume clocksource without taking the clocksource mutex -
…nel/git/tip/linux-2.6-tip
* 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
modules, tracing: Remove stale struct marker signature from module_layout()
tracing/workqueue: Use %pf in workqueue trace events
tracing: Fix a comment and a trivial format issue in tracepoint.h
tracing: Fix failure path in ftrace_regex_open()
tracing: Fix failure path in ftrace_graph_write()
tracing: Check the return value of trace_get_user()
tracing: Fix off-by-one in trace_get_user() -
…git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: Remove redundant non-NUMA topology functions
x86: early_printk: Protect against using the same device twice
x86: Reduce verbosity of "PAT enabled" kernel message
x86: Reduce verbosity of "TSC is reliable" message
x86: mce: Use safer ways to access MCE registers
x86: mce, inject: Use real inject-msg in raise_local
x86: mce: Fix thermal throttling message storm
x86: mce: Clean up thermal throttling state tracking code
x86: split NX setup into separate file to limit unstack-protected code
xen: check EFER for NX before setting up GDT mapping
x86: Cleanup linker script using new linker script macros.
x86: Use section .data.page_aligned for the idt_table.
x86: convert to use __HEAD and HEAD_TEXT macros.
x86: convert compressed loader to use __HEAD and HEAD_TEXT macros.
x86: fix fragile computation of vsyscall address -
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (32 commits)
ACPI: i2c-scmi: don't use acpi_device_uid()
ACPI: simplify building device HID/CID list
ACPI: remove acpi_device_uid() and related stuff
ACPI: remove acpi_device.flags.hardware_id
ACPI: remove acpi_device.flags.compatible_ids
ACPI: maintain a single list of _HID and _CID IDs
ACPI: make sure every acpi_device has an ID
ACPI: use acpi_device_hid() when possible
ACPI: fix synthetic HID for \_SB_
ACPI: handle re-enumeration, when acpi_devices might already exist
ACPI: factor out device type and status checking
ACPI: add acpi_bus_get_status_handle()
ACPI: use acpi_walk_namespace() to enumerate devices
ACPI: identify device tree root by null parent pointer, not ACPI_BUS_TYPE
ACPI: enumerate namespace before adding functional fixed hardware devices
ACPI: convert acpi_bus_scan() to operate on an acpi_handle
ACPI: add acpi_bus_get_parent() and remove "parent" arguments
ACPI: remove unnecessary argument checking
ACPI: remove redundant "type" arguments
ACPI: remove acpi_device_set_context() "type" argument
... -
* 'writeback' of git://git.kernel.dk/linux-2.6-block:
writeback: pass in super_block to bdi_start_writeback() -
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: fix locking and list handling code in cifs_open and its helper
[CIFS] Remove build warning
cifs: fix problems with last two commits
[CIFS] Fix build break when keys support turned off
cifs: eliminate cifs_init_private
cifs: convert oplock breaks to use slow_work facility (try #4)
cifs: have cifsFileInfo hold an extra inode reference
cifs: take read lock on GlobalSMBSes_lock in is_valid_oplock_break
cifs: remove cifsInodeInfo.oplockPending flag
cifs: fix oplock request handling in posix codepath
[CIFS] Re-enable Lanman security -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
at91_can: Forgotten git 'add' of at91_can.c
TI Davinci EMAC: Fix in vector definition for EMAC_VERSION_2
ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl
virtio_net: Check for room in the vq before adding buffer
virtio_net: avoid (most) NETDEV_TX_BUSY by stopping queue early.
virtio_net: formalize skb_vnet_hdr
virtio_net: don't free buffers in xmit ring
virtio_net: return NETDEV_TX_BUSY instead of queueing an extra skb.
virtio_net: skb_orphan() and nf_reset() in xmit path. -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: vio: Kill BUILD_BUG_ON() in vio_dring_avail().Trivial conflict in arch/sparc/include/asm/vio.h due to David removing
the whole messy BUG_ON that was confused. -
Commit 200b812d00 "Clear the exclusive monitor when returning from an
exception" broke the vast majority of ARM systems in the wild which are
still pre ARMv6. The kernel is crashing on the first occurrence of an
exception due to the removal of the actual return instruction for them.
Let's add it back.Signed-off-by: Nicolas Pitre
Acked-by: Uwe Kleine-König
Signed-off-by: Linus Torvalds
