- 20 Oct, 2010 23 commits
-
-
Eric Paris authored
The current secmark code exports a secmark= field which just indicates if there is special labeling on a packet or not. We drop this field as it isn't particularly useful and instead export a new field secctx= which is the actual human readable text label. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
-
Eric Paris authored
The conntrack code can export the internal secid to userspace. These are dynamic, can change on lsm changes, and have no meaning in userspace. We should instead be sending lsm contexts to userspace instead. This patch sends the secctx (rather than secid) to userspace over the netlink socket. We use a new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did not send particularly useful information. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
-
Eric Paris authored
With the (long ago) interface change to have the secid_to_secctx functions do the string allocation instead of having the caller do the allocation we lost the ability to query the security server for the length of the upcoming string. The SECMARK code would like to allocate a netlink skb with enough length to hold the string but it is just too unclean to do the string allocation twice or to do the allocation the first time and hold onto the string and slen. This patch adds the ability to call security_secid_to_secctx() with a NULL data pointer and it will just set the slen pointer. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Eric Paris authored
Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
-
Eric Paris authored
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for netfilter errors. In xt_SECMARK.c however the patch screwed up and returned on 0 (aka no error) early and didn't finish setting up secmark. This results in a kernel BUG if you use SECMARK. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
-
John Johansen authored
Actually I think in this case the appropriate thing to do is to BUG as there is currently a case (remove) where the alloc_size needs to be larger than the copy_size, and if copy_size is ever greater than alloc_size there is a mistake in the caller code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
Configuration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2. But current panic() message is too unfriendly and is confusing users. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
-
KOSAKI Motohiro authored
All security modules shouldn't change sched_param parameter of security_task_setscheduler(). This is not only meaningless, but also make a harmful result if caller pass a static variable. This patch remove policy and sched_param parameter from security_task_setscheduler() becuase none of security module is using it. Cc: James Morris <jmorris@namei.org> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Dmitry Torokhov authored
Fix the following warning: drivers/char/tpm/tpm.c:1085: warning: `tpm_suspend_setup' defined but not used and make the workaround operable in case when TPM is compiled as a module. As a side-effect the option will be called tpm.suspend_pcr. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: David Safford <safford@watson.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: Debora Velarde <debora@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
-
KaiGai Kohei authored
This patch fixes up coding-style problem at this commit: 4f27a7d49789b04404eca26ccde5f527231d01d5 selinux: fast status update interface (/selinux/status) Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: James Morris <jmorris@namei.org>
-
matt mooney authored
Replace EXTRA_CFLAGS with ccflags-y. Signed-off-by: matt mooney <mfm@muteddisk.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Paul Gortmaker authored
While the previous change to the selinux Makefile reduced the window significantly for this failure, it is still possible to see a compile failure where cpp starts processing selinux files before the auto generated flask.h file is completed. This is easily reproduced by adding the following temporary change to expose the issue everytime: - cmd_flask = scripts/selinux/genheaders/genheaders ... + cmd_flask = sleep 30 ; scripts/selinux/genheaders/genheaders ... This failure happens because the creation of the object files in the ss subdir also depends on flask.h. So simply incorporate them into the parent Makefile, as the ss/Makefile really doesn't do anything unique. With this change, compiling of all selinux files is dependent on completion of the header file generation, and this test case with the "sleep 30" now confirms it is functioning as expected. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Paul Gortmaker authored
Selinux has an autogenerated file, "flask.h" which is included by two other selinux files. The current makefile has a single dependency on the first object file in the selinux-y list, assuming that will get flask.h generated before anyone looks for it, but that assumption breaks down in a "make -jN" situation and you get: selinux/selinuxfs.c:35: fatal error: flask.h: No such file or directory compilation terminated. remake[9]: *** [security/selinux/selinuxfs.o] Error 1 Since flask.h is included by security.h which in turn is included nearly everywhere, make the dependency apply to all of the selinux-y list of objs. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>
-
KaiGai Kohei authored
This patch provides a new /selinux/status entry which allows applications read-only mmap(2). This region reflects selinux_kernel_status structure in kernel space. struct selinux_kernel_status { u32 length; /* length of this structure */ u32 sequence; /* sequence number of seqlock logic */ u32 enforcing; /* current setting of enforcing mode */ u32 policyload; /* times of policy reloaded */ u32 deny_unknown; /* current setting of deny_unknown */ }; When userspace object manager caches access control decisions provided by SELinux, it needs to invalidate the cache on policy reload and setenforce to keep consistency. However, the applications need to check the kernel state for each accesses on userspace avc, or launch a background worker process. In heuristic, frequency of invalidation is much less than frequency of making access control decision, so it is annoying to invoke a system call to check we don't need to invalidate the userspace cache. If we can use a background worker thread, it allows to receive invalidation messages from the kernel. But it requires us an invasive coding toward the base application in some cases; E.g, when we provide a feature performing with SELinux as a plugin module, it is unwelcome manner to launch its own worker thread from the module. If we could map /selinux/status to process memory space, application can know updates of selinux status; policy reload or setenforce. A typical application checks selinux_kernel_status::sequence when it tries to reference userspace avc. If it was changed from the last time when it checked userspace avc, it means something was updated in the kernel space. Then, the application can reset userspace avc or update current enforcing mode, without any system call invocations. This sequence number is updated according to the seqlock logic, so we need to wait for a while if it is odd number. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eric Paris <eparis@redhat.com> -- security/selinux/include/security.h | 21 ++++++ security/selinux/selinuxfs.c | 56 +++++++++++++++ security/selinux/ss/Makefile | 2 +- security/selinux/ss/services.c | 3 + security/selinux/ss/status.c | 129 +++++++++++++++++++++++++++++++++++ 5 files changed, 210 insertions(+), 1 deletions(-) Signed-off-by: James Morris <jmorris@namei.org>
-
Yong Zhang authored
Signed-off-by: Yong Zhang <yong.zhang0@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Tetsuo Handa authored
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Eric Paris authored
type is not used at all, stop declaring and assigning it. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-
Dan Carpenter authored
If domain is NULL then &domain->list is a bogus address. Let's leave head->r.domain NULL instead of saving an unusable pointer. This is just a cleanup. The current code always checks head->r.eof before dereferencing head->r.domain. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-
Linus Torvalds authored
-
git://git.linux-mips.org/pub/scm/upstream-linusLinus Torvalds authored
* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus: MIPS: O32 compat/N32: Fix to use compat syscall wrappers for AIO syscalls. MAINTAINERS: Change list for ioc_serial to linux-serial. SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure MIPS: jz4740: Fix Kbuild Platform file. MIPS: Repair Kbuild make clean breakage.
-
Amit Shah authored
If the host is slow in reading data or doesn't read data at all, blocking write calls not only blocked the program that called write() but the entire guest itself. To overcome this, let's not block till the host signals it has given back the virtio ring element we passed it. Instead, send the buffer to the host and return to userspace. This operation then becomes similar to how non-blocking writes work, so let's use the existing code for this path as well. This code change also ensures blocking write calls do get blocked if there's not enough room in the virtio ring as well as they don't return -EAGAIN to userspace. Signed-off-by: Amit Shah <amit.shah@redhat.com> Acked-by: Hans de Goede <hdegoede@redhat.com> CC: stable@kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] bsg: fix incorrect device_status value [SCSI] Fix VPD inquiry page wrapper
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Fix fs/gs reload oops with invalid ldt
-
- 19 Oct, 2010 7 commits
-
-
Michel Thebeau authored
[Ralf: Michel's original patch only fixed N32; I replicated the same fix for O32.] Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com> Cc: paul.gortmaker@windriver.com Cc: bruce.ashfield@windriver.com Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Ralf Baechle authored
IOC3 is also being used on SGI MIPS systems but this particular driver is only being used on IA64 systems so linux-mips made no sense as a list. Pat also thinks linux-serial@vger.kernel.org is the better list. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Julia Lawall authored
In this code, 0 is returned on memory allocation failure, even though other failures return -ENOMEM or other similar values. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression ret; expression x,e1,e2,e3; @@ ret = 0 ... when != ret = e1 *x = \(kmalloc\|kcalloc\|kzalloc\)(...) ... when != ret = e2 if (x == NULL) { ... when != ret = e3 return ret; } // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> To: Pat Gefre <pfg@sgi.com> Cc: kernel-janitors@vger.kernel.org Cc: linux-ia64@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1704/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
David Daney authored
The platform specific files should be included via the platform-y variable. Signed-off-by: David Daney <ddaney@caviumnetworks.com> Cc: Lars-Peter Clausen <lars@metafoo.de> Patchwork: https://patchwork.linux-mips.org/patch/1719/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
David Daney authored
When running make clean, Kbuild doesn't process the .config file, so nothing generates a platform-y variable. We can get it to descend into the platform directories by setting $(obj-). The dec Platform file was unconditionally setting platform-, obliterating its previous contents and preventing some directories from being cleaned. This is change to an append operation '+=' to allow cavium-octeon to be cleaned. Signed-off-by: David Daney <ddaney@caviumnetworks.com> Cc: Sam Ravnborg <sam@ravnborg.org> Patchwork: https://patchwork.linux-mips.org/patch/1718/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: avivo cursor workaround applies to evergreen as well
-
Avi Kivity authored
kvm reloads the host's fs and gs blindly, however the underlying segment descriptors may be invalid due to the user modifying the ldt after loading them. Fix by using the safe accessors (loadsegment() and load_gs_index()) instead of home grown unsafe versions. This is CVE-2010-3698. KVM-Stable-Tag. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
- 18 Oct, 2010 10 commits
-
-
git://git.linux-mips.org/pub/scm/upstream-linusLinus Torvalds authored
* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus: MIPS: Enable ISA_DMA_API config to fix build failure MIPS: 32-bit: Fix build failure in asm/fcntl.h MIPS: Remove all generated vmlinuz* files on "make clean" MIPS: do_sigaltstack() expects userland pointers MIPS: Fix error values in case of bad_stack MIPS: Sanitize restart logics MIPS: secure_computing, syscall audit: syscall number should in r2, not r0. MIPS: Don't block signals if we'd failed to setup a sigframe
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: evdev - fix EVIOCSABS regression Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS
-
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: ohci: fix TI TSB82AA2 regression since 2.6.35
-
Sascha Hauer authored
This patch reverts the driver to enabling/disabling the NFC interrupt mask rather than enabling/disabling the system interrupt. This cleans up the driver so that it doesn't rely on interrupts being disabled within the interrupt handler. For i.MX21 we keep the current behaviour, that is calling enable_irq/disable_irq_nosync to enable/disable interrupts. This patch is based on earlier work by John Ogness. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Acked-by: John Ogness <john.ogness@linutronix.de> Tested-by: John Ogness <john.ogness@linutronix.de> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.fluff.org/bjdooks/linuxLinus Torvalds authored
* 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux: i2c-imx: do not allow interruptions when waiting for I2C to complete i2c-davinci: Fix TX setup for more SoCs
-
Linus Torvalds authored
* fixes: v4l1: fix 32-bit compat microcode loading translation De-pessimize rds_page_copy_user
-
Namhyung Kim authored
Add ISA_DMA_API config item and select it when GENERIC_ISA_DMA enabled. This fixes build failure on allmodconfig like following: CC sound/isa/es18xx.o sound/isa/es18xx.c: In function 'snd_es18xx_playback1_prepare': sound/isa/es18xx.c:501:9: error: implicit declaration of function 'snd_dma_program' sound/isa/es18xx.c: In function 'snd_es18xx_playback_pointer': sound/isa/es18xx.c:818:3: error: implicit declaration of function 'snd_dma_pointer' make[3]: *** [sound/isa/es18xx.o] Error 1 make[2]: *** [sound/isa/es18xx.o] Error 2 make[1]: *** [sub-make] Error 2 make: *** [all] Error 2 Signed-off-by: Namhyung Kim <namhyung@gmail.com> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1717/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Namhyung Kim authored
CC security/integrity/ima/ima_fs.o In file included from linux/include/linux/fcntl.h:4:0, from linux/security/integrity/ima/ima_fs.c:18: linux/arch/mips/include/asm/fcntl.h:63:2: error: expected specifier-qualifier-list before 'off_t' make[3]: *** [security/integrity/ima/ima_fs.o] Error 1 make[2]: *** [security/integrity/ima/ima_fs.o] Error 2 make[1]: *** [sub-make] Error 2 make: *** [all] Error 2 Signed-off-by: Namhyung Kim <namhyung@gmail.com> Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1715/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Wu Zhangjin authored
[Ralf: I changed the patch to explicitly list all files to be deleted out of paranoia.] Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com> Patchwork: http://patchwork.linux-mips.org/patch/1590/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Al Viro authored
o32 compat does the right thing, native and n32 compat do not... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/1700/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-