Eric Paris [Thu, 28 Apr 2011 20:04:24 +0000 (16:04 -0400)]
SELinux: introduce path_has_perm
We currently have inode_has_perm and dentry_has_perm. dentry_has_perm just
calls inode_has_perm with additional audit data. But dentry_has_perm can
take either a dentry or a path. Split those to make the code obvious and
to fix the previous problem where I thought dentry_has_perm always had a
valid dentry and mnt.
Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris [Thu, 28 Apr 2011 19:55:52 +0000 (15:55 -0400)]
flex_array: allow 0 length elements
flex_arrays are supposed to be a replacement for:
kmalloc(num_elements * sizeof(element))
If kmalloc is given 0 num_elements or a 0 size element it will happily return
ZERO_SIZE_PTR. Which looks like a valid allocation, but which will explode if
something actually try to use it. The current flex_array code will return an
equivalent result if num_elements is 0, but will fail to work if
sizeof(element) is 0. This patch allows allocation to work even for 0 size
elements. It will cause flex_arrays to explode though if they are used.
Imitating the kmalloc behavior.
Based-on-patch-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dave Hansen <dave@linux.vnet.ibm.com>
Eric Paris [Thu, 28 Apr 2011 19:55:52 +0000 (15:55 -0400)]
flex_arrays: allow zero length flex arrays
Just like kmalloc will allow one to allocate a 0 length segment of memory
flex arrays should do the same thing. It should bomb if you try to use
something, but it should at least allow the allocation.
This is needed because when SELinux switched to using flex_arrays in 2.6.38
the inability to allocate a 0 length array resulted in SELinux policy load
returning -ENOSPC when previously it worked.
Based-on-patch-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Tested-by: Chris Richards <gizmo@giz-works.com>
Cc: stable@kernel.org [2.6.38+]
Eric Paris [Thu, 28 Apr 2011 19:55:52 +0000 (15:55 -0400)]
flex_array: flex_array_prealloc takes a number of elements, not an end
Change flex_array_prealloc to take the number of elements for which space
should be allocated instead of the last (inclusive) element. Users
and documentation are updated accordingly. flex_arrays got introduced before
they had users. When folks started using it, they ended up needing a
different API than was coded up originally. This swaps over to the API that
folks apparently need.
Based-on-patch-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Tested-by: Chris Richards <gizmo@giz-works.com>
Acked-by: Dave Hansen <dave@linux.vnet.ibm.com>
Cc: stable@kernel.org [2.6.38+]
Eric Paris [Thu, 28 Apr 2011 19:11:21 +0000 (15:11 -0400)]
SELinux: pass last path component in may_create
New inodes are created in a two stage process. We first will compute the
label on a new inode in security_inode_create() and check if the
operation is allowed. We will then actually re-compute that same label and
apply it in security_inode_init_security(). The change to do new label
calculations based in part on the last component of the path name only
passed the path component information all the way down the
security_inode_init_security hook. Down the security_inode_create hook the
path information did not make it past may_create. Thus the two calculations
came up differently and the permissions check might not actually be against
the label that is created. Pass and use the same information in both places
to harmonize the calculations and checks.
Reported-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris [Thu, 28 Apr 2011 19:11:21 +0000 (15:11 -0400)]
SELinux: put name based create rules in a hashtable
To shorten the list we need to run if filename trans rules exist for the type
of the given parent directory I put them in a hashtable. Given the policy we
are expecting to use in Fedora this takes the worst case list run from about
5,000 entries to 17.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 28 Apr 2011 19:11:21 +0000 (15:11 -0400)]
SELinux: generic hashtab entry counter
Instead of a hashtab entry counter function only useful for range
transition rules make a function generic for any hashtable to use.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 28 Apr 2011 19:11:21 +0000 (15:11 -0400)]
SELinux: calculate and print hashtab stats with a generic function
We have custom debug functions like rangetr_hash_eval and symtab_hash_eval
which do the same thing. Just create a generic function that takes the name
of the hash table as an argument instead of having custom functions.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 28 Apr 2011 19:11:21 +0000 (15:11 -0400)]
SELinux: skip filename trans rules if ttype does not match parent dir
Right now we walk to filename trans rule list for every inode that is
created. First passes at policy using this facility creates around 5000
filename trans rules. Running a list of 5000 entries every time is a bad
idea. This patch adds a new ebitmap to policy which has a bit set for each
ttype that has at least 1 filename trans rule. Thus when an inode is
created we can quickly determine if any rules exist for this parent
directory type and can skip the list if we know there is definitely no
relevant entry.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 28 Apr 2011 19:11:20 +0000 (15:11 -0400)]
SELinux: rename filename_compute_type argument to *type instead of *con
filename_compute_type() takes as arguments the numeric value of the type of
the subject and target. It does not take a context. Thus the names are
misleading. Fix the argument names.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 28 Apr 2011 19:11:20 +0000 (15:11 -0400)]
SELinux: fix comment to state filename_compute_type takes an objname not a qstr
filename_compute_type used to take a qstr, but it now takes just a name.
Fix the comments to indicate it is an objname, not a qstr.
Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris [Mon, 25 Apr 2011 17:15:55 +0000 (13:15 -0400)]
SMACK: smack_file_lock can use the struct path
smack_file_lock has a struct path, so use that instead of only the
dentry.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Eric Paris [Mon, 25 Apr 2011 17:10:27 +0000 (13:10 -0400)]
LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH
This patch separates and audit message that only contains a dentry from
one that contains a full path. This allows us to make it harder to
misuse the interfaces or for the interfaces to be implemented wrong.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Eric Paris [Mon, 25 Apr 2011 16:54:27 +0000 (12:54 -0400)]
LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE
The lsm common audit code has wacky contortions making sure which pieces
of information are set based on if it was given a path, dentry, or
inode. Split this into path and inode to get rid of some of the code
complexity.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Eric Paris [Fri, 22 Apr 2011 00:23:20 +0000 (17:23 -0700)]
SELINUX: Make selinux cache VFS RCU walks safe
Now that the security modules can decide whether they support the
dcache RCU walk or not it's possible to make selinux a bit more
RCU friendly. The SELinux AVC and security server access decision
code is RCU safe. A specific piece of the LSM audit code may not
be RCU safe.
This patch makes the VFS RCU walk retry if it would hit the non RCU
safe chunk of code. It will normally just work under RCU. This is
done simply by passing the VFS RCU state as a flag down into the
avc_audit() code and returning ECHILD there if it would have an issue.
Based-on-patch-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Andi Kleen [Fri, 22 Apr 2011 00:23:19 +0000 (17:23 -0700)]
SECURITY: Move exec_permission RCU checks into security modules
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
is enabled, even though just the standard capability module is active.
This is because security_inode_exec_permission unconditionally fails
RCU walks.
Move this decision to the low level security module. This requires
passing the RCU flags down the security hook. This way at least
the capability module and a few easy cases in selinux/smack work
with RCU walks with CONFIG_SECURITY=y
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris [Wed, 20 Apr 2011 14:21:28 +0000 (10:21 -0400)]
SELinux: security_read_policy should take a size_t not ssize_t
The len should be an size_t but is a ssize_t. Easy enough fix to silence
build warnings. We have no need for signed-ness.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Wed, 20 Apr 2011 14:21:28 +0000 (10:21 -0400)]
SELinux: silence build warning when !CONFIG_BUG
If one builds a kernel without CONFIG_BUG there are a number of 'may be
used uninitialized' warnings. Silence these by returning after the BUG().
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 7 Apr 2011 18:46:59 +0000 (14:46 -0400)]
SELinux: delete debugging printks from filename_trans rule processing
The filename_trans rule processing has some printk(KERN_ERR ) messages
which were intended as debug aids in creating the code but weren't removed
before it was submitted. Remove them.
Signed-off-by: Eric Paris <eparis@redhat.com>
Harry Ciao [Thu, 7 Apr 2011 06:12:57 +0000 (14:12 +0800)]
Initialize policydb.process_class eariler.
Initialize policydb.process_class once all symtabs read from policy image,
so that it could be used to setup the role_trans.tclass field when a lower
version policy.X is loaded.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Stephen Smalley [Fri, 25 Mar 2011 14:13:43 +0000 (10:13 -0400)]
selinux: Fix regression for Xorg
Commit
6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the
handling of userspace object classes that is causing breakage for Xorg
when XSELinux is enabled. Fix the bug by changing map_class() to return
SECCLASS_NULL when the class cannot be mapped to a kernel object class.
Reported-by: "Justin P. Mattock" <justinmattock@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Kohei Kaigai [Fri, 1 Apr 2011 14:39:26 +0000 (15:39 +0100)]
selinux: add type_transition with name extension support for selinuxfs
The attached patch allows /selinux/create takes optional 4th argument
to support TYPE_TRANSITION with name extension for userspace object
managers.
If 4th argument is not supplied, it shall perform as existing kernel.
In fact, the regression test of SE-PostgreSQL works well on the patched
kernel.
Thanks,
Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
[manually verify fuzz was not an issue, and it wasn't: eparis]
Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris [Fri, 1 Apr 2011 21:09:41 +0000 (17:09 -0400)]
SELinux: update git tree in MAINTAINERS
update the git tree in MAINTAINERS
Signed-off-by: Eric Paris <eparis@redhat.com>
Harry Ciao [Fri, 25 Mar 2011 05:52:00 +0000 (13:52 +0800)]
SELinux: Write class field in role_trans_write.
If kernel policy version is >= 26, then write the class field of the
role_trans structure into the binary reprensentation.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Harry Ciao [Fri, 25 Mar 2011 05:51:58 +0000 (13:51 +0800)]
SELinux: Compute role in newcontext for all classes
Apply role_transition rules for all kinds of classes.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Harry Ciao [Fri, 25 Mar 2011 05:51:56 +0000 (13:51 +0800)]
SELinux: Add class support to the role_trans structure
If kernel policy version is >= 26, then the binary representation of
the role_trans structure supports specifying the class for the current
subject or the newly created object.
If kernel policy version is < 26, then the class field would be default
to the process class.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
James Morris [Tue, 8 Mar 2011 00:38:10 +0000 (11:38 +1100)]
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next
David Howells [Mon, 7 Mar 2011 15:06:20 +0000 (15:06 +0000)]
KEYS: Add an iovec version of KEYCTL_INSTANTIATE
Add a keyctl op (KEYCTL_INSTANTIATE_IOV) that is like KEYCTL_INSTANTIATE, but
takes an iovec array and concatenates the data in-kernel into one buffer.
Since the KEYCTL_INSTANTIATE copies the data anyway, this isn't too much of a
problem.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 7 Mar 2011 15:06:09 +0000 (15:06 +0000)]
KEYS: Add a new keyctl op to reject a key with a specified error code
Add a new keyctl op to reject a key with a specified error code. This works
much the same as negating a key, and so keyctl_negate_key() is made a special
case of keyctl_reject_key(). The difference is that keyctl_negate_key()
selects ENOKEY as the error to be reported.
Typically the key would be rejected with EKEYEXPIRED, EKEYREVOKED or
EKEYREJECTED, but this is not mandatory.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 7 Mar 2011 15:05:59 +0000 (15:05 +0000)]
KEYS: Add a key type op to permit the key description to be vetted
Add a key type operation to permit the key type to vet the description of a new
key that key_alloc() is about to allocate. The operation may reject the
description if it wishes with an error of its choosing. If it does this, the
key will not be allocated.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 7 Mar 2011 15:05:51 +0000 (15:05 +0000)]
KEYS: Add an RCU payload dereference macro
Add an RCU payload dereference macro as this seems to be a common piece of code
amongst key types that use RCU referenced payloads.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
James Morris [Mon, 7 Mar 2011 23:55:06 +0000 (10:55 +1100)]
Merge branch 'master'; commit 'v2.6.38-rc7' into next
Linus Torvalds [Mon, 7 Mar 2011 21:15:02 +0000 (13:15 -0800)]
Merge branch 'omap-fixes-for-linus' of git://git./linux/kernel/git/tmlind/linux-omap-2.6
* 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6:
omap: mailbox: resolve hang issue
OMAP2+: PM: SmartReflex: fix memory leaks in Smartreflex driver
arm: mach-omap2: smartreflex: fix another memory leak
Linus Torvalds [Mon, 7 Mar 2011 21:14:19 +0000 (13:14 -0800)]
Merge branch 'for-linus' of git://git390.marist.edu/linux-2.6
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] tape: deadlock on system work queue
[S390] keyboard: integer underflow bug
[S390] xpram: remove __initdata attribute from module parameters
Linus Torvalds [Sun, 6 Mar 2011 18:44:49 +0000 (10:44 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - Don't set to D3 in Cirrus errata init verbs
ALSA: hda - add new Fermi 5xx codec IDs to snd-hda
ASoC: WM8994: Ensure late enable events are processed for the ADCs
ASoC: WM8994: Don't disable the AIF[1|2]CLK_ENA unconditionaly
ASoC: Fix WM9081 platform data initialisation
ALSA: hda - Fix unable to record issue on ASUS N82JV
ALSA: HDA: Realtek: Fixup jack detection to input subsystem
Amit Shah [Fri, 4 Mar 2011 03:34:33 +0000 (14:04 +1030)]
virtio: console: Don't access vqs if device was unplugged
If a virtio-console device gets unplugged while a port is open, a
subsequent close() call on the port accesses vqs to free up buffers.
This can lead to a crash.
The buffers are already freed up as a result of the call to
unplug_ports() from virtcons_remove(). The fix is to simply not access
vq information if port->portdev is NULL.
Reported-by: juzhang <juzhang@redhat.com>
CC: stable@kernel.org
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Takashi Iwai [Sun, 6 Mar 2011 11:37:42 +0000 (12:37 +0100)]
Merge branch 'fix/asoc' into for-linus
Linus Torvalds [Sat, 5 Mar 2011 18:43:22 +0000 (10:43 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: no .snap inside of snapped namespace
libceph: fix msgr standby handling
libceph: fix msgr keepalive flag
libceph: fix msgr backoff
libceph: retry after authorization failure
libceph: fix handling of short returns from get_user_pages
ceph: do not clear I_COMPLETE from d_release
ceph: do not set I_COMPLETE
Revert "ceph: keep reference to parent inode on ceph_dentry"
Andi Kleen [Sat, 5 Mar 2011 01:36:32 +0000 (17:36 -0800)]
mm: use correct numa policy node for transparent hugepages
Pass down the correct node for a transparent hugepage allocation. Most
callers continue to use the current node, however the hugepaged daemon
now uses the previous node of the first to be collapsed page instead.
This ensures that khugepaged does not mess up local memory for an
existing process which uses local policy.
The choice of node is somewhat primitive currently: it just uses the
node of the first page in the pmd range. An alternative would be to
look at multiple pages and use the most popular node. I used the
simplest variant for now which should work well enough for the case of
all pages being on the same node.
[akpm@linux-foundation.org: coding-style fixes]
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andi Kleen [Sat, 5 Mar 2011 01:36:31 +0000 (17:36 -0800)]
mm: preserve original node for transparent huge page copies
This makes a difference for LOCAL policy, where the node cannot be
determined from the policy itself, but has to be gotten from the original
page.
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andi Kleen [Sat, 5 Mar 2011 01:36:30 +0000 (17:36 -0800)]
mm: add alloc_page_vma_node()
Add a alloc_page_vma_node that allows passing the "local" node in. Used
in a followon patch.
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andi Kleen [Sat, 5 Mar 2011 01:36:29 +0000 (17:36 -0800)]
mm: change alloc_pages_vma to pass down the policy node for local policy
Currently alloc_pages_vma() always uses the local node as policy node for
the LOCAL policy. Pass this node down as an argument instead.
No behaviour change from this patch, but will be needed for followons.
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexandre Bounine [Sat, 5 Mar 2011 01:36:28 +0000 (17:36 -0800)]
RapidIO: Update MAINTAINERS
Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Sat, 5 Mar 2011 01:36:27 +0000 (17:36 -0800)]
drivers/video/backlight/ltv350qv.c: fix a memory leak
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kyungmin Park [Sat, 5 Mar 2011 01:36:26 +0000 (17:36 -0800)]
MAINTAINERS: add maintainer of Samsung Mobile Machine support
Add maintainer of Samsung Mobile machine support. Currently, Aquila,
Goni, Universal (C210), and Nuri board are supported.
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Joe Perches <joe@perches.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Sat, 5 Mar 2011 01:36:23 +0000 (17:36 -0800)]
pps: make pps_gen_parport depend on BROKEN
This driver causes hard lockups, when the active clock soure is jiffies.
The reason is that it loops with interrupts disabled waiting for a
timestamp to be reached by polling getnstimeofday(). Though with a
jiffies clocksource, when that code runs on the same CPU which is
responsible for updating jiffies, then we loop in circles for ever
simply because the timer interrupt cannot update jiffies. So both UP
and SMP can be affected.
There is no easy fix for that problem so make it depend on BROKEN for
now.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexander Gordeev <lasaine@lvk.cs.msu.su>
Cc: Rodolfo Giometti <giometti@linux.it>
Cc: john stultz <johnstul@us.ibm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Sat, 5 Mar 2011 01:36:22 +0000 (17:36 -0800)]
drivers/misc/bmp085.c: add MODULE_DEVICE_TABLE
The device table is required to load modules based on modaliases.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Cc: Shubhrajyoti D <shubhrajyoti@ti.com>
Cc: Christoph Mair <christoph.mair@gmail.com>
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Li Zefan [Sat, 5 Mar 2011 01:36:21 +0000 (17:36 -0800)]
cpuset: add a missing unlock in cpuset_write_resmask()
Don't forget to release cgroup_mutex if alloc_trial_cpuset() fails.
[akpm@linux-foundation.org: avoid multiple return points]
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Cc: Paul Menage <menage@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Sat, 5 Mar 2011 01:36:19 +0000 (17:36 -0800)]
drivers/rtc/rtc-s3c.c: fix prototype for s3c_rtc_setaie()
Fix s3c_rtc_setaie() prototype to eliminate the following compile
warning:
drivers/rtc/rtc-s3c.c:383: warning: initialization from incompatible pointer type
(akpm: the rtc_class_ops.alarm_irq_enable() handler is being passed two
arguments where it expects just one, presumably with undesired effects)
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 5 Mar 2011 01:31:43 +0000 (17:31 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/vapier/blackfin
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin:
Blackfin: iflush: update anomaly
05000491 workaround
Blackfin: outs[lwb]: make sure count is greater than 0
Linus Torvalds [Sat, 5 Mar 2011 01:31:19 +0000 (17:31 -0800)]
Merge branch 'rmobile-fixes-for-linus' of git://git./linux/kernel/git/lethal/sh-2.6
* 'rmobile-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
ARM: mach-shmobile: mackerel: modify LCDC clock divider value
ARM: mach-shmobile: ap4evb: modify LCDC clock divider value
ARM: mach-shmobile: mackerel: fixup memory initialize for zboot
ARM: mach-shmobile: ap4evb: fixup memory initialize for zboot
ARM: mach-shmobile: Add sh73a0 MIPI-CSI and CEU clocks
ARM: mach-shmobile: AG5EVM MIPI-DSI LCD reset delay fix
Linus Torvalds [Sat, 5 Mar 2011 01:31:01 +0000 (17:31 -0800)]
Merge branch 'sh-fixes-for-linus' of git://git./linux/kernel/git/lethal/sh-2.6
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: Change __nosave_XXX symbols to long
sh: Flush executable pages in copy_user_highpage
sh: Ensure ST40-300 BogoMIPS value is consistent
sh: sh7750: Fix incompatible pointer type
sh: sh7750: move machtypes.h to include/generated
Linus Torvalds [Sat, 5 Mar 2011 01:30:32 +0000 (17:30 -0800)]
Merge branch 'drm-fixes' of git://git./linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/nouveau: allocate kernel's notifier object at end of block
Neil Horman [Sat, 5 Mar 2011 00:26:03 +0000 (19:26 -0500)]
nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3)
The "bad_page()" page allocator sanity check was reported recently (call
chain as follows):
bad_page+0x69/0x91
free_hot_cold_page+0x81/0x144
skb_release_data+0x5f/0x98
__kfree_skb+0x11/0x1a
tcp_ack+0x6a3/0x1868
tcp_rcv_established+0x7a6/0x8b9
tcp_v4_do_rcv+0x2a/0x2fa
tcp_v4_rcv+0x9a2/0x9f6
do_timer+0x2df/0x52c
ip_local_deliver+0x19d/0x263
ip_rcv+0x539/0x57c
netif_receive_skb+0x470/0x49f
:virtio_net:virtnet_poll+0x46b/0x5c5
net_rx_action+0xac/0x1b3
__do_softirq+0x89/0x133
call_softirq+0x1c/0x28
do_softirq+0x2c/0x7d
do_IRQ+0xec/0xf5
default_idle+0x0/0x50
ret_from_intr+0x0/0xa
default_idle+0x29/0x50
cpu_idle+0x95/0xb8
start_kernel+0x220/0x225
_sinittext+0x22f/0x236
It occurs because an skb with a fraglist was freed from the tcp
retransmit queue when it was acked, but a page on that fraglist had
PG_Slab set (indicating it was allocated from the Slab allocator (which
means the free path above can't safely free it via put_page.
We tracked this back to an nfsv4 setacl operation, in which the nfs code
attempted to fill convert the passed in buffer to an array of pages in
__nfs4_proc_set_acl, which gets used by the skb->frags list in
xs_sendpages. __nfs4_proc_set_acl just converts each page in the buffer
to a page struct via virt_to_page, but the vfs allocates the buffer via
kmalloc, meaning the PG_slab bit is set. We can't create a buffer with
kmalloc and free it later in the tcp ack path with put_page, so we need
to either:
1) ensure that when we create the list of pages, no page struct has
PG_Slab set
or
2) not use a page list to send this data
Given that these buffers can be multiple pages and arbitrarily sized, I
think (1) is the right way to go. I've written the below patch to
allocate a page from the buddy allocator directly and copy the data over
to it. This ensures that we have a put_page free-able page for every
entry that winds up on an skb frag list, so it can be safely freed when
the frame is acked. We do a put page on each entry after the
rpc_call_sync call so as to drop our own reference count to the page,
leaving only the ref count taken by tcp_sendpages. This way the data
will be properly freed when the ack comes in
Successfully tested by myself to solve the above oops.
Note, as this is the result of a setacl operation that exceeded a page
of data, I think this amounts to a local DOS triggerable by an
uprivlidged user, so I'm CCing security on this as well.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Trond Myklebust <Trond.Myklebust@netapp.com>
CC: security@kernel.org
CC: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sage Weil [Thu, 3 Mar 2011 21:44:35 +0000 (13:44 -0800)]
ceph: no .snap inside of snapped namespace
Otherwise you can do things like
# mkdir .snap/foo
# cd .snap/foo/.snap
# ls
<badness>
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Fri, 4 Mar 2011 20:25:05 +0000 (12:25 -0800)]
libceph: fix msgr standby handling
The standby logic used to be pretty dependent on the work requeueing
behavior that changed when we switched to WQ_NON_REENTRANT. It was also
very fragile.
Restructure things so that:
- We clear WRITE_PENDING when we set STANDBY. This ensures we will
requeue work when we wake up later.
- con_work backs off if STANDBY is set. There is nothing to do if we are
in standby.
- clear_standby() helper is called by both con_send() and con_keepalive(),
the two actions that can wake us up again. Move the connect_seq++
logic here.
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Thu, 3 Mar 2011 18:10:15 +0000 (10:10 -0800)]
libceph: fix msgr keepalive flag
There was some broken keepalive code using a dead variable. Shift to using
the proper bit flag.
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Fri, 4 Mar 2011 20:24:28 +0000 (12:24 -0800)]
libceph: fix msgr backoff
With commit
f363e45f we replaced a bunch of hacky workqueue mutual
exclusion logic with the WQ_NON_REENTRANT flag. One pieces of fallout is
that the exponential backoff breaks in certain cases:
* con_work attempts to connect.
* we get an immediate failure, and the socket state change handler queues
immediate work.
* con_work calls con_fault, we decide to back off, but can't queue delayed
work.
In this case, we add a BACKOFF bit to make con_work reschedule delayed work
next time it runs (which should be immediately).
Signed-off-by: Sage Weil <sage@newdream.net>
Dave Kleikamp [Fri, 4 Mar 2011 16:13:47 +0000 (10:13 -0600)]
MAINTAINERS: Update shaggy's email address
Signed-off-by: Dave Kleikamp <shaggy@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 4 Mar 2011 17:23:30 +0000 (09:23 -0800)]
Mark ptrace_{traceme,attach,detach} static
They are only used inside kernel/ptrace.c, and have been for a long
time. We don't want to go back to the bad-old-days when architectures
did things on their own, so make them static and private.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mike Frysinger [Wed, 2 Feb 2011 01:55:22 +0000 (01:55 +0000)]
Blackfin: iflush: update anomaly
05000491 workaround
Recent feedback from design says we need three NOPs in the hardware loop.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Mike Frysinger [Wed, 26 Jan 2011 18:10:44 +0000 (18:10 +0000)]
Blackfin: outs[lwb]: make sure count is greater than 0
Some devices will use the outs* funcs with a length of zero, so make sure
we do not write any data in that case.
Reported-by: Gilbert Inho <gneny@edevice.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Kuninori Morimoto [Wed, 2 Mar 2011 09:05:21 +0000 (09:05 +0000)]
ARM: mach-shmobile: mackerel: modify LCDC clock divider value
mackerel WVGA LCDC panel expect 33.3MHz for dot-clock,
but current dot-clock was 50.0MHz.
This patch modify clock divider value.
Signed-off-by: Makoto Ueda <makoto.ueda.ub@renesas.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Kuninori Morimoto [Wed, 2 Mar 2011 09:05:44 +0000 (09:05 +0000)]
ARM: mach-shmobile: ap4evb: modify LCDC clock divider value
ap4evb WVGA LCDC panel expect 33.3MHz for dot-clock,
but current dot-clock was 50.0MHz.
This patch modify clock divider value.
Signed-off-by: Makoto Ueda <makoto.ueda.ub@renesas.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Ben Skeggs [Thu, 3 Mar 2011 23:58:36 +0000 (09:58 +1000)]
drm/nouveau: allocate kernel's notifier object at end of block
The nv30/nv40 3d driver is about to start using DMA_FENCE from the 3D
object which, it turns out, doesn't like its DMA object to not be
aligned to a 4KiB boundary.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Linus Torvalds [Thu, 3 Mar 2011 23:48:01 +0000 (15:48 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076]
Linus Torvalds [Thu, 3 Mar 2011 23:43:15 +0000 (15:43 -0800)]
Merge git://git./linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits)
MAINTAINERS: Add Andy Gospodarek as co-maintainer.
r8169: disable ASPM
RxRPC: Fix v1 keys
AF_RXRPC: Handle receiving ACKALL packets
cnic: Fix lost interrupt on bnx2x
cnic: Prevent status block race conditions with hardware
net: dcbnl: check correct ops in dcbnl_ieee_set()
e1000e: disable broken PHY wakeup for ICH10 LOMs, use MAC wakeup instead
igb: fix sparse warning
e1000: fix sparse warning
netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values
dccp: fix oops on Reset after close
ipvs: fix dst_lock locking on dest update
davinci_emac: Add Carrier Link OK check in Davinci RX Handler
bnx2x: update driver version to 1.62.00-6
bnx2x: properly calculate lro_mss
bnx2x: perform statistics "action" before state transition.
bnx2x: properly configure coefficients for MinBW algorithm (NPAR mode).
bnx2x: Fix ethtool -t link test for MF (non-pmf) devices.
bnx2x: Fix nvram test for single port devices.
...
Linus Torvalds [Thu, 3 Mar 2011 23:42:35 +0000 (15:42 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
block: kill loop_mutex
blktrace: Remove blk_fill_rwbs_rq.
block: blk-flush shouldn't call directly into q->request_fn() __blk_run_queue()
block: add @force_kblockd to __blk_run_queue()
block: fix kernel-doc format for blkdev_issue_zeroout
blk-throttle: Do not use kblockd workqueue for throtl work
Linus Torvalds [Thu, 3 Mar 2011 23:37:59 +0000 (15:37 -0800)]
Merge branch 'i_nlink' of git://git./linux/kernel/git/viro/vfs-2.6
* 'i_nlink' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
hfs: fix rename() over non-empty directory
udf: fix i_nlink limit
fix reiserfs mkdir() breakage
exofs: i_nlink races in rename()
nilfs2: i_nlink races in rename()
minix: i_nlink races in rename()
ufs: i_nlink races in rename()
sysv: i_nlink races in rename()
David Howells [Thu, 3 Mar 2011 11:28:58 +0000 (11:28 +0000)]
DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076]
When a DNS resolver key is instantiated with an error indication, attempts to
read that key will result in an oops because user_read() is expecting there to
be a payload - and there isn't one [CVE-2011-1076].
Give the DNS resolver key its own read handler that returns the error cached in
key->type_data.x[0] as an error rather than crashing.
Also make the kenter() at the beginning of dns_resolver_instantiate() limit the
amount of data it prints, since the data is not necessarily NUL-terminated.
The buggy code was added in:
commit
4a2d789267e00b5a1175ecd2ddefcc78b83fbf09
Author: Wang Lei <wang840925@gmail.com>
Date: Wed Aug 11 09:37:58 2010 +0100
Subject: DNS: If the DNS server returns an error, allow that to be cached [ver #2]
This can trivially be reproduced by any user with the following program
compiled with -lkeyutils:
#include <stdlib.h>
#include <keyutils.h>
#include <err.h>
static char payload[] = "#dnserror=6";
int main()
{
key_serial_t key;
key = add_key("dns_resolver", "a", payload, sizeof(payload),
KEY_SPEC_SESSION_KEYRING);
if (key == -1)
err(1, "add_key");
if (keyctl_read(key, NULL, 0) == -1)
err(1, "read_key");
return 0;
}
What should happen is that keyctl_read() reports error 6 (ENXIO) to the user:
dns-break: read_key: No such device or address
but instead the kernel oopses.
This cannot be reproduced with the 'keyutils add' or 'keyutils padd' commands
as both of those cut the data down below the NUL termination that must be
included in the data. Without this dns_resolver_instantiate() will return
-EINVAL and the key will not be instantiated such that it can be read.
The oops looks like:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000010
IP: [<
ffffffff811b99f7>] user_read+0x4f/0x8f
PGD
3bdf8067 PUD
385b9067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/irq
CPU 0
Modules linked in:
Pid: 2150, comm: dns-break Not tainted 2.6.38-rc7-cachefs+ #468 /DG965RY
RIP: 0010:[<
ffffffff811b99f7>] [<
ffffffff811b99f7>] user_read+0x4f/0x8f
RSP: 0018:
ffff88003bf47f08 EFLAGS:
00010246
RAX:
0000000000000001 RBX:
ffff88003b5ea378 RCX:
ffffffff81972368
RDX:
0000000000000000 RSI:
0000000000000000 RDI:
ffff88003b5ea378
RBP:
ffff88003bf47f28 R08:
ffff88003be56620 R09:
0000000000000000
R10:
0000000000000395 R11:
0000000000000002 R12:
0000000000000000
R13:
0000000000000000 R14:
0000000000000000 R15:
ffffffffffffffa1
FS:
00007feab5751700(0000) GS:
ffff88003e000000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000010 CR3:
000000003de40000 CR4:
00000000000006f0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process dns-break (pid: 2150, threadinfo
ffff88003bf46000, task
ffff88003be56090)
Stack:
ffff88003b5ea378 ffff88003b5ea3a0 0000000000000000 0000000000000000
ffff88003bf47f68 ffffffff811b708e ffff88003c442bc8 0000000000000000
00000000004005a0 00007fffba368060 0000000000000000 0000000000000000
Call Trace:
[<
ffffffff811b708e>] keyctl_read_key+0xac/0xcf
[<
ffffffff811b7c07>] sys_keyctl+0x75/0xb6
[<
ffffffff81001f7b>] system_call_fastpath+0x16/0x1b
Code: 75 1f 48 83 7b 28 00 75 18 c6 05 58 2b fb 00 01 be bb 00 00 00 48 c7 c7 76 1c 75 81 e8 13 c2 e9 ff 4c 8b b3 e0 00 00 00 4d 85 ed <41> 0f b7 5e 10 74 2d 4d 85 e4 74 28 e8 98 79 ee ff 49 39 dd 48
RIP [<
ffffffff811b99f7>] user_read+0x4f/0x8f
RSP <
ffff88003bf47f08>
CR2:
0000000000000010
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
cc: Wang Lei <wang840925@gmail.com>
Signed-off-by: James Morris <jmorris@namei.org>
Sage Weil [Thu, 3 Mar 2011 20:14:53 +0000 (12:14 -0800)]
libceph: retry after authorization failure
If we mark the connection CLOSED we will give up trying to reconnect to
this server instance. That is appropriate for things like a protocol
version mismatch that won't change until the server is restarted, at which
point we'll get a new addr and reconnect. An authorization failure like
this is probably due to the server not properly rotating it's secret keys,
however, and should be treated as transient so that the normal backoff and
retry behavior kicks in.
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Thu, 3 Mar 2011 00:55:21 +0000 (16:55 -0800)]
libceph: fix handling of short returns from get_user_pages
get_user_pages() can return fewer pages than we ask for. We were returning
a bogus pointer/error code in that case. Instead, loop until we get all
the pages we want or get an error we can return to the caller.
Signed-off-by: Sage Weil <sage@newdream.net>
Jay Vosburgh [Thu, 3 Mar 2011 10:43:10 +0000 (10:43 +0000)]
MAINTAINERS: Add Andy Gospodarek as co-maintainer.
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Paris [Thu, 3 Mar 2011 21:09:14 +0000 (16:09 -0500)]
SELinux: implement the new sb_remount LSM hook
For SELinux we do not allow security information to change during a remount
operation. Thus this hook simply strips the security module options from
the data and verifies that those are the same options as exist on the
current superblock.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Eric Paris [Thu, 3 Mar 2011 21:09:14 +0000 (16:09 -0500)]
LSM: Pass -o remount options to the LSM
The VFS mount code passes the mount options to the LSM. The LSM will remove
options it understands from the data and the VFS will then pass the remaining
options onto the underlying filesystem. This is how options like the
SELinux context= work. The problem comes in that -o remount never calls
into LSM code. So if you include an LSM specific option it will get passed
to the filesystem and will cause the remount to fail. An example of where
this is a problem is the 'seclabel' option. The SELinux LSM hook will
print this word in /proc/mounts if the filesystem is being labeled using
xattrs. If you pass this word on mount it will be silently stripped and
ignored. But if you pass this word on remount the LSM never gets called
and it will be passed to the FS. The FS doesn't know what seclabel means
and thus should fail the mount. For example an ext3 fs mounted over loop
# mount -o loop /tmp/fs /mnt/tmp
# cat /proc/mounts | grep /mnt/tmp
/dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0
# mount -o remount /mnt/tmp
mount: /mnt/tmp not mounted already, or bad option
# dmesg
EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value
This patch passes the remount mount options to an new LSM hook.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Linus Torvalds [Thu, 3 Mar 2011 20:44:22 +0000 (12:44 -0800)]
Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: zero proper structure size for geometry calls
Linus Torvalds [Thu, 3 Mar 2011 20:42:48 +0000 (12:42 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/ryusuke/nilfs2
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
nilfs2: fix regression that i-flag is not set on changeless checkpoints
Harry Ciao [Wed, 2 Mar 2011 05:32:34 +0000 (13:32 +0800)]
SELinux: Compute SID for the newly created socket
The security context for the newly created socket shares the same
user, role and MLS attribute as its creator but may have a different
type, which could be specified by a type_transition rule in the relevant
policy package.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
[fix call to security_transition_sid to include qstr, Eric Paris]
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Harry Ciao [Wed, 2 Mar 2011 05:32:33 +0000 (13:32 +0800)]
SELinux: Socket retains creator role and MLS attribute
The socket SID would be computed on creation and no longer inherit
its creator's SID by default. Socket may have a different type but
needs to retain the creator's role and MLS attribute in order not
to break labeled networking and network access control.
The kernel value for a class would be used to determine if the class
if one of socket classes. If security_compute_sid is called from
userspace the policy value for a class would be mapped to the relevant
kernel value first.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Harry Ciao [Wed, 2 Mar 2011 05:46:08 +0000 (13:46 +0800)]
SELinux: Auto-generate security_is_socket_class
The security_is_socket_class() is auto-generated by genheaders based
on classmap.h to reduce maintenance effort when a new class is defined
in SELinux kernel. The name for any socket class should be suffixed by
"socket" and doesn't contain more than one substr of "socket".
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Stanislaw Gruszka [Tue, 22 Feb 2011 02:00:11 +0000 (02:00 +0000)]
r8169: disable ASPM
For some time is known that ASPM is causing troubles on r8169, i.e. make
device randomly stop working without any errors in dmesg.
Currently Tomi Leppikangas reports that system with r8169 device hangs
with MCE errors when ASPM is enabled:
https://bugzilla.redhat.com/show_bug.cgi?id=642861#c4
Lets disable ASPM for r8169 devices at all, to avoid problems with
r8169 PCIe devices at least for some users.
Reported-by: Tomi Leppikangas <tomi.leppikangas@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Tony Lindgren [Thu, 3 Mar 2011 18:25:18 +0000 (10:25 -0800)]
Merge branch 'for_2.6.38/pm-fixes' of ssh:///linux/kernel/git/khilman/linux-omap-pm into devel-fixes
Hari Kanigeri [Wed, 2 Mar 2011 22:14:18 +0000 (22:14 +0000)]
omap: mailbox: resolve hang issue
omap4 interrupt disable bits is different. On rx kfifo full, the mbox rx
interrupts wasn't getting disabled, and this is causing the rcm stress tests
to hang.
Signed-off-by: Hari Kanigeri <h-kanigeri2@ti.com>
Signed-off-by: Armando Uribe <x0095078@ti.com>
Signed-off-by: Fernando Guzman Lugo <fernando.lugo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Sage Weil [Mon, 28 Feb 2011 20:49:15 +0000 (12:49 -0800)]
ceph: do not clear I_COMPLETE from d_release
First, this was racy anyway: d_release isn't called until well after the
dentry is unhashed. Second, this runs afoul of the recent dcache change
that clears d_parent prior to calling d_release (
949854d0), causing a NULL
pointer dereference.
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Mon, 28 Feb 2011 20:46:46 +0000 (12:46 -0800)]
ceph: do not set I_COMPLETE
Do not set the I_COMPLETE flag on directories until we resolve races with
dcache pruning.
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Mon, 28 Feb 2011 17:47:37 +0000 (09:47 -0800)]
Revert "ceph: keep reference to parent inode on ceph_dentry"
This reverts commit
97d79b403ef03f729883246208ef5d8a2ebc4d68.
This fails to account for d_parent changes due to rename or disconnected
dentries due to submounts or NFS reexports.
Signed-off-by: Sage Weil <sage@newdream.net>
Martin Schwidefsky [Thu, 3 Mar 2011 16:56:07 +0000 (17:56 +0100)]
[S390] tape: deadlock on system work queue
The 34xx and 3590 tape driver uses the system work queue to defer work
from the interrupt function to process context, e.g. a medium sense
after an unsolicited interrupt. The tape commands started by the work
handler need to be asynchronous, otherwise a deadlock on the system
work queue can occur.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Dan Carpenter [Thu, 3 Mar 2011 16:56:06 +0000 (17:56 +0100)]
[S390] keyboard: integer underflow bug
The "ct" variable should be an unsigned int. Both struct kbdiacrs
->kb_cnt and struct kbd_data ->accent_table_size are unsigned ints.
Making it signed causes a problem in KBDIACRUC because the user could
set the signed bit and cause a buffer overflow.
Cc: <stable@kernel.org>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Martin Schwidefsky [Thu, 3 Mar 2011 16:56:05 +0000 (17:56 +0100)]
[S390] xpram: remove __initdata attribute from module parameters
The module parameter 'devs' and 'sizes' are marked as __initdata. The
memory for the parameters are freed after module_init completed. This
can lead to kernel crashes in param_free_charp. Remove the __initdata
attribute to fix the problem.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Petr Uzel [Thu, 3 Mar 2011 16:48:50 +0000 (11:48 -0500)]
block: kill loop_mutex
Following steps lead to deadlock in kernel:
dd if=/dev/zero of=img bs=512 count=1000
losetup -f img
mkfs.ext2 /dev/loop0
mount -t ext2 -o loop /dev/loop0 mnt
umount mnt/
Stacktrace:
[<
c102ec04>] irq_exit+0x36/0x59
[<
c101502c>] smp_apic_timer_interrupt+0x6b/0x75
[<
c127f639>] apic_timer_interrupt+0x31/0x38
[<
c101df88>] mutex_spin_on_owner+0x54/0x5b
[<
fe2250e9>] lo_release+0x12/0x67 [loop]
[<
c10c4eae>] __blkdev_put+0x7c/0x10c
[<
c10a4da5>] fput+0xd5/0x1aa
[<
fe2250cf>] loop_clr_fd+0x1a9/0x1b1 [loop]
[<
fe225110>] lo_release+0x39/0x67 [loop]
[<
c10c4eae>] __blkdev_put+0x7c/0x10c
[<
c10a59d9>] deactivate_locked_super+0x17/0x36
[<
c10b6f37>] sys_umount+0x27e/0x2a5
[<
c10b6f69>] sys_oldumount+0xb/0xe
[<
c1002897>] sysenter_do_call+0x12/0x26
[<
ffffffff>] 0xffffffff
Regression since
2a48fc0ab24241755dc9, which introduced the private
loop_mutex as part of the BKL removal process.
As per [1], the mutex can be safely removed.
[1] http://www.gossamer-threads.com/lists/linux/kernel/
1341930
Addresses: https://bugzilla.novell.com/show_bug.cgi?id=669394
Addresses: https://bugzilla.kernel.org/show_bug.cgi?id=29172
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
Cc: stable@kernel.org
Reviewed-by: Nikanth Karthikesan <knikanth@suse.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Tao Ma [Thu, 3 Mar 2011 15:53:20 +0000 (10:53 -0500)]
blktrace: Remove blk_fill_rwbs_rq.
If we enable trace events to trace block actions, We use
blk_fill_rwbs_rq to analyze the corresponding actions
in request's cmd_flags, but we only choose the minor 2 bits
from it, so most of other flags(e.g, REQ_SYNC) are missing.
For example, with a sync write we get:
write_test-2409 [001] 160.013869: block_rq_insert: 3,64 W 0 () 258135 + =
8 [write_test]
Since now we have integrated the flags of both bio and request,
it is safe to pass rq->cmd_flags directly to blk_fill_rwbs and
blk_fill_rwbs_rq isn't needed any more.
With this patch, after a sync write we get:
write_test-2417 [000] 226.603878: block_rq_insert: 3,64 WS 0 () 258135 +=
8 [write_test]
Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Acked-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Takashi Iwai [Thu, 3 Mar 2011 13:54:19 +0000 (14:54 +0100)]
ALSA: hda - Don't set to D3 in Cirrus errata init verbs
The errata init verbs for CS42xx codecs contain the verbs to set
the power-state of SPDIF nodes to D3, which seem to break the SPDIF
output on some MacBooks. Since this is executed during the power-up
initialization, we shouldn't turn them down there.
Reported-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Richard Samson [Thu, 3 Mar 2011 11:46:13 +0000 (12:46 +0100)]
ALSA: hda - add new Fermi 5xx codec IDs to snd-hda
Added the missing HDMI codec IDs for new Nvidia stuff.
Note that ID 0x17 isn't assigned to anything so far, as suggested by
Stephen.
[Modified to get rid of 0x17 by tiwai]
Signed-off-by: Richard Samson <samson.richard@gmail.com>
Acked-by: Acked-By: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Al Viro [Thu, 3 Mar 2011 04:46:51 +0000 (23:46 -0500)]
hfs: fix rename() over non-empty directory
merge hfs_unlink() and hfs_rmdir(), while we are at it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 15:15:26 +0000 (10:15 -0500)]
udf: fix i_nlink limit
(256 << sizeof(x)) - 1 is not the maximal possible value of x...
In reality, the maximal allowed value for UDF FileLinkCount is
65535.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 14:35:13 +0000 (09:35 -0500)]
fix reiserfs mkdir() breakage
if directory has so many subdirectories that its link count is set
to 1 (i.e. "can't tell accurately") and reiserfs_new_inode() fails,
we shouldn't decrement the parent's link count in cleanup path;
that's what DEC_DIR_INODE_NLINK() is for. As it is, we end up
with parent suddenly getting zero i_nlink, with very unpleasant
effects.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 21:42:38 +0000 (16:42 -0500)]
exofs: i_nlink races in rename()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 17:01:13 +0000 (12:01 -0500)]
nilfs2: i_nlink races in rename()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 14:41:38 +0000 (09:41 -0500)]
minix: i_nlink races in rename()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 2 Mar 2011 14:40:21 +0000 (09:40 -0500)]
ufs: i_nlink races in rename()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>