02 Sep, 2009
6 commits
-
Make the file position maintained by /proc/keys represent the ID of the key
just read rather than the number of keys read. This should make it faster to
perform a lookup as we don't have to scan the key ID tree from the beginning to
find the current position.Signed-off-by: Serge E. Hallyn
Signed-off-by: David Howells
Signed-off-by: James Morris -
Add garbage collection for dead, revoked and expired keys. This involved
erasing all links to such keys from keyrings that point to them. At that
point, the key will be deleted in the normal manner.Keyrings from which garbage collection occurs are shrunk and their quota
consumption reduced as appropriate.Dead keys (for which the key type has been removed) will be garbage collected
immediately.Revoked and expired keys will hang around for a number of seconds, as set in
/proc/sys/kernel/keys/gc_delay before being automatically removed. The default
is 5 minutes.Signed-off-by: David Howells
Signed-off-by: James Morris -
Set the KEY_FLAG_DEAD flag on keys for which the type has been removed. This
causes the key_permission() function to return EKEYREVOKED in response to
various commands. It does not, however, prevent unlinking or clearing of
keyrings from detaching the key.Signed-off-by: David Howells
Acked-by: Serge Hallyn
Signed-off-by: James Morris -
Allow keyctl_revoke() to operate on keys that have SETATTR but not WRITE
permission, rather than only on keys that have WRITE permission.Signed-off-by: David Howells
Acked-by: Serge Hallyn
Signed-off-by: James Morris -
Allow keys for which the key type has been removed to be unlinked. Currently
dead-type keys can only be disposed of by completely clearing the keyrings
that point to them.Signed-off-by: David Howells
Acked-by: Serge Hallyn
Signed-off-by: James Morris -
Add a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking
for credential management. The additional code keeps track of the number of
pointers from task_structs to any given cred struct, and checks to see that
this number never exceeds the usage count of the cred struct (which includes
all references, not just those from task_structs).Furthermore, if SELinux is enabled, the code also checks that the security
pointer in the cred struct is never seen to be invalid.This attempts to catch the bug whereby inode_has_perm() faults in an nfsd
kernel thread on seeing cred->security be a NULL pointer (it appears that the
credential struct has been previously released):http://www.kerneloops.org/oops.php?number=252883
Signed-off-by: David Howells
Signed-off-by: James Morris
01 Sep, 2009
2 commits
-
Add support for the new TUN LSM hooks: security_tun_dev_create(),
security_tun_dev_post_create() and security_tun_dev_attach(). This includes
the addition of a new object class, tun_socket, which represents the socks
associated with TUN devices. The _tun_dev_create() and _tun_dev_post_create()
hooks are fairly similar to the standard socket functions but _tun_dev_attach()
is a bit special. The _tun_dev_attach() is unique because it involves a
domain attaching to an existing TUN device and its associated tun_socket
object, an operation which does not exist with standard sockets and most
closely resembles a relabel operation.Signed-off-by: Paul Moore
Acked-by: Eric Paris
Signed-off-by: James Morris -
The TUN driver lacks any LSM hooks which makes it difficult for LSM modules,
such as SELinux, to enforce access controls on network traffic generated by
TUN users; this is particularly problematic for virtualization apps such as
QEMU and KVM. This patch adds three new LSM hooks designed to control the
creation and attachment of TUN devices, the hooks are:* security_tun_dev_create()
Provides access control for the creation of new TUN devices* security_tun_dev_post_create()
Provides the ability to create the necessary socket LSM state for newly
created TUN devices* security_tun_dev_attach()
Provides access control for attaching to existing, persistent TUN devices
and the ability to update the TUN device's socket LSM state as necessarySigned-off-by: Paul Moore
Acked-by: Eric Paris
Acked-by: Serge Hallyn
Acked-by: David S. Miller
Signed-off-by: James Morris
24 Aug, 2009
1 commit
-
When process accounting is enabled, every exiting process writes a log to
the account file. In addition, every once in a while one of the exiting
processes checks whether there's enough free space for the log.SELinux policy may or may not allow the exiting process to stat the fs.
So unsuspecting processes start generating AVC denials just because
someone enabled process accounting.For these filesystem operations, the exiting process's credentials should
be temporarily switched to that of the process which enabled accounting,
because it's really that process which wanted to have the accounting
information logged.Signed-off-by: Michal Schmidt
Acked-by: David Howells
Acked-by: Serge Hallyn
Signed-off-by: Andrew Morton
Signed-off-by: James Morris
21 Aug, 2009
2 commits
-
When suid is set and the non-owner user has write permission, any writing
into this file should be allowed and suid should be removed after that.However, current kernel only allows writing without truncations, when we
do truncations on that file, we get EPERM. This is a bug.Steps to reproduce this bug:
% ls -l rootdir/file1
-rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1
% echo h > rootdir/file1
zsh: operation not permitted: rootdir/file1
% ls -l rootdir/file1
-rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1
% echo h >> rootdir/file1
% ls -l rootdir/file1
-rwxrwxrwx 1 root root 5 Jun 25 16:34 rootdir/file1Signed-off-by: WANG Cong
Cc: Eric Sandeen
Acked-by: Eric Paris
Cc: Eugene Teo
Cc: Al Viro
Cc: OGAWA Hirofumi
Cc: Christoph Hellwig
Cc: Stephen Smalley
Signed-off-by: Andrew Morton
Signed-off-by: James Morris -
As suggested by OGAWA Hirofumi in thread:
http://lkml.org/lkml/2009/8/7/132, we should let selinux_inode_setattr()
to match our ATTR_* rules. ATTR_FORCE should not force things like
ATTR_SIZE.[hirofumi@mail.parknet.co.jp: tweaks]
Signed-off-by: WANG Cong
Signed-off-by: OGAWA Hirofumi
Acked-by: Stephen Smalley
Acked-by: Eric Paris
Cc: Eugene Teo
Cc: Al Viro
Cc: Christoph Hellwig
Acked-by: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: James Morris
20 Aug, 2009
6 commits
-
Conflicts:
security/KconfigManual fix.
Signed-off-by: James Morris
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
nilfs2: fix oopses with doubly mounted snapshots
nilfs2: missing a read lock for segment writer in nilfs_attach_checkpoint() -
Fix some issues with the AFS documentation, found when testing AFS on ppc64:
- Update AFS features: reading/writing, local caching
- Typo in kafs sysfs debug file
- Use modprobe instead of insmod in example
- Update IPs for grand.central.orgSigned-off-by: Anton Blanchard
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds -
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/kms: teardown crtc correctly when fb is destroyed.
drm/kms/radeon: cleanup combios TV table like DDX.
drm/radeon/kms: memset the allocated framebuffer before using it.
drm/radeon/kms: although LVDS might be possible on crtc 1 don't do it.
drm/radeon/kms: implement bo busy check + current domain
drm/radeon/kms: cut down indirects in register accesses.
drm/radeon/kms: Fix up vertical blank interrupt support.
drm/radeon/kms: add rv530 R300_SU_REG_DEST + reloc for ZPASS_ADDR
drm/edid: fixup detailed timings like the X server.
drm/radeon/kms: Add specific rs690 authorized register table -
* 'next' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Update Microblaze defconfigs
microblaze: Use klimit instead of _end for memory init
microblaze: Enable ppoll syscall
microblaze: Sane handling of missing timer/intc in device tree
microblaze: use the generic ack_bad_irq implementation -
…nux/kernel/git/tip/linux-2.6-tip
* 'perfcounters-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf tools: Make 'make html' work
perf annotate: Fix segmentation fault
perf_counter: Fix the PARISC build
perf_counter: Check task on counter read IPI
perf: Rename perf-examples.txt to examples.txt
perf record: Fix typo in pid_synthesize_comm_event
19 Aug, 2009
23 commits
-
If userspace destroys a framebuffer that is in use on a crtc,
don't just null it out, tear down the crtc properly so the
hw gets turned off.Signed-off-by: Dave Airlie
-
The fallback case wasn't getting executed properly if there
was no TV table, which my T42 M7 hasn't got.Signed-off-by: Dave Airlie
-
This gets rid of some ugliness, we shuold probably find a way
for the GPU to zero this.Signed-off-by: Dave Airlie
-
LVDS always requests RMX_FULL, we need to fix it so that doesn't happen
before we can enable LVDS on crtc 1.Signed-off-by: Dave Airlie
-
…s/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: Fix prompt for LSM_MMAP_MIN_ADDR
security: Make LSM_MMAP_MIN_ADDR default match its help text. -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
percpu: use the right flag for get_vm_area()
percpu, sparc64: fix sparse possible cpu map handling
init: set nr_cpu_ids before setup_per_cpu_areas() -
…git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86, mce: Don't initialize MCEs on unknown CPUs
x86, mce: don't log boot MCEs on Pentium M (model == 13) CPUs
x86: Annotate section mismatch warnings in kernel/apic/x2apic_uv_x.c
x86, mce: therm_throt: Don't log redundant normality
x86: Fix UV BAU destination subnode id -
If node_load[] is cleared everytime build_zonelists() is
called,node_load[] will have no help to find the next node that should
appear in the given node's fallback list.Because of the bug, zonelist's node_order is not calculated as expected.
This bug affects on big machine, which has asynmetric node distance.[synmetric NUMA's node distance]
0 1 2
0 10 12 12
1 12 10 12
2 12 12 10[asynmetric NUMA's node distance]
0 1 2
0 10 12 20
1 12 10 14
2 20 14 10This (my bug) is very old but no one has reported this for a long time.
Maybe because the number of asynmetric NUMA is very small and they use
cpuset for customizing node memory allocation fallback.[akpm@linux-foundation.org: fix CONFIG_NUMA=n build]
Signed-off-by: Bo Liu
Reviewed-by: KAMEZAWA Hiroyuki
Cc: Mel Gorman
Cc: Christoph Lameter
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Signed-off-by: Joe Perches
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
According to the POSIX (1003.1-2008), the file descriptor shall have been
opened with read permission, regardless of the protection options specified to
mmap(). The ltp test cases mmap06/07 need this.Signed-off-by: Graff Yang
Acked-by: Paul Mundt
Signed-off-by: David Howells
Acked-by: Greg Ungerer
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Since the changes to the bitbang driver, there is the possibility we will
be called with either the speed_hz or bpw values zero. We take these to
mean that the default values (8 bits per word, or maximum bus speed).Signed-off-by: Ben Dooks
Cc: David Brownell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently the clock rate calculation may round as pleased, which means
that it is possible that we will round down and end up with a faster clock
rate than intended.Change the calculation to use DIV_ROUND_UP() to ensure that we end up with
a clock rate either the same as or lower than the user requested one.Signed-off-by: Ben Dooks
Cc: David Brownell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There are a number of individual MMC drivers listed in MAINTAINERS. I
didn't modify those records. Perhaps I should have.Cc:
Cc: Manuel Lauss
Cc: Nicolas Pitre
Cc: Pierre Ossman
Cc: Pavel Pisa
Cc: Jarkko Lavinen
Cc: Ben Dooks
Cc: Sascha Sommer
Cc: Ian Molton
Cc: Joseph Chan
Cc: Harald Welte
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The commit 2ff05b2b (oom: move oom_adj value) moveed the oom_adj value to
the mm_struct. It was a very good first step for sanitize OOM.However Paul Menage reported the commit makes regression to his job
scheduler. Current OOM logic can kill OOM_DISABLED process.Why? His program has the code of similar to the following.
...
set_oom_adj(OOM_DISABLE); /* The job scheduler never killed by oom */
...
if (vfork() == 0) {
set_oom_adj(0); /* Invoked child can be killed */
execve("foo-bar-cmd");
}
....vfork() parent and child are shared the same mm_struct. then above
set_oom_adj(0) doesn't only change oom_adj for vfork() child, it's also
change oom_adj for vfork() parent. Then, vfork() parent (job scheduler)
lost OOM immune and it was killed.Actually, fork-setting-exec idiom is very frequently used in userland program.
We must not break this assumption.Then, this patch revert commit 2ff05b2b and related commit.
Reverted commit list
---------------------
- commit 2ff05b2b4e (oom: move oom_adj value from task_struct to mm_struct)
- commit 4d8b9135c3 (oom: avoid unnecessary mm locking and scanning for OOM_DISABLE)
- commit 8123681022 (oom: only oom kill exiting tasks with attached memory)
- commit 933b787b57 (mm: copy over oom_adj value at fork time)Signed-off-by: KOSAKI Motohiro
Cc: Paul Menage
Cc: David Rientjes
Cc: KAMEZAWA Hiroyuki
Cc: Rik van Riel
Cc: Linus Torvalds
Cc: Oleg Nesterov
Cc: Nick Piggin
Cc: Mel Gorman
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
get_sb_pseudo sets s_maxbytes to ~0ULL which becomes negative when cast
to a signed value. Fix it to use MAX_LFS_FILESIZE which casts properly
to a positive signed value.Signed-off-by: Jeff Layton
Reviewed-by: Johannes Weiner
Acked-by: Steve French
Reviewed-by: Christoph Hellwig
Cc: Al Viro
Cc: Robert Love
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Signed-off-by: Joe Perches
Acked-by: Benny Halevy
Cc: Boaz Harrosh
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix prompt for LSM_MMAP_MIN_ADDR.
(Verbs are cool!)
Signed-off-by: Andreas Schwab
Acked-by: Eric Paris
Signed-off-by: James Morris -
Commit 788084aba2ab7348257597496befcbccabdc98a3 added the LSM_MMAP_MIN_ADDR
option, whose help text states "For most ia64, ppc64 and x86 users with lots
of address space a value of 65536 is reasonable and should cause no problems."
Which implies that it's default setting was typoed.Signed-off-by: Dave Jones
Acked-by: Eric Paris
Signed-off-by: James Morris -
Remove duplicated #include('s) in
kernel/sysctl.cSigned-off-by: Huang Weiyi
Acked-by: Eric Paris
Signed-off-by: James Morris -
…git/tip/linux-2.6-tip
* 'irq-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
genirq: Wake up irq thread after action has been installed -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (60 commits)
net: restore gnet_stats_basic to previous definition
NETROM: Fix use of static buffer
e1000e: fix use of pci_enable_pcie_error_reporting
e1000e: WoL does not work on 82577/82578 with manageability enabled
cnic: Fix locking in init/exit calls.
cnic: Fix locking in start/stop calls.
bnx2: Use mutex on slow path cnic calls.
cnic: Refine registration with bnx2.
cnic: Fix symbol_put_addr() panic on ia64.
gre: Fix MTU calculation for bound GRE tunnels
pegasus: Add new device ID.
drivers/net: fixed drivers that support netpoll use ndo_start_xmit()
via-velocity: Fix test of mii_status bit VELOCITY_DUPLEX_FULL
rt2x00: fix memory corruption in rf cache, add a sanity check
ixgbe: Fix receive on real device when VLANs are configured
ixgbe: Do not return 0 in ixgbe_fcoe_ddp() upon FCP_RSP in DDP completion
netxen: free napi resources during detach
netxen: remove netxen workqueue
ixgbe: fix issues setting rx-usecs with legacy interrupts
can: fix oops caused by wrong rtnl newlink usage
... -
* 'sh/for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: sh7724 ddr self-refresh changes
sh: use in-soc KEYSC on se7724
sh: CMT suspend/resume
sh: skip disabled LCDC channels -
* 'for-linus' of git://neil.brown.name/md:
Fix new incorrect error return from do_md_stop.
