- 18 Jun, 2004 9 commits
-
-
Russell King authored
This patch cleans up needless includes of asm/pgalloc.h from the fs/ kernel/ and mm/ subtrees. Compile tested on multiple ARM platforms, and x86, this patch appears safe. This patch is part of a larger patch aiming towards getting the include of asm/pgtable.h out of linux/mm.h, so that asm/pgtable.h can sanely get at things like mm_struct and friends. I suggest testing in -mm for a while to ensure there aren't any hidden arch issues. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Yoav Zach authored
This patch allows for misc binaries to run with credentials and security token that are calculated according to the binaries, and not according to the interpreter, which is the legacy behavior of binfmt_misc. The way it is done is by calling prepare_binprm, which is where these attributes are calculated, before switching the 'file' field in the bprm from the binary to the interpreter. This feature should be used with care, since the interpreter will have root permissions when running a setuid binary owned by root. Please note - - Only root can register an interpreter with binfmt_misc. The feature is documented and the administrator is advised to handle it with care - The new feature is enabled only with a special flag in the registration string. When this flag is not specified the current behavior of binfmt_misc is kept - This is the only 'right' way for an interpreter to know the correct AT_SECURE value for the interpreted binary From: Chris Wright <chrisw@osdl.org> This patchset looks OK, except for one problem. It installs the fd (which could've been unreadable) without unsharing the ->files. So someone can use this to read unreadable yet executable files. Here's a patch which fixes that up. I added one bit that's commented out because I'm not positive if a final steal_locks() is needed. I did a fair amount of rearranging to simplify the error conditions relative to the fd_install(), and unshare_files(). From: Chris Wright <chrisw@osdl.org> I found that the intel patchset (and mine as well) leaked i_writecount on the original executed file. In addition, I verified that the steal_locks() bit is indeed needed. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Yoav Zach authored
<background> I work in a group that works on enabling the IA-32 Execution Layer (http://www.intel.com/pressroom/archive/releases/20040113comp.htm) on Linux. In a few words - this is a dynamic translator for IA-32 binaries on IPF platform. Following David Mosberger's advice - we use the binfmt_misc mechanism for the invocation of the translator whenever the user tries to exec an IA-32 binary. The EL is meant to help in the migration path from IA-32 to IPF. From our beta customers we learnt that at first stage - they tend to keep their environment mostly intact, using the legacy IA-32 binaries. Such an environment has, naturally, setuid and non-readable binaries. It will be useless to ask the administrator to change the settings of such an environment - some of them are very complex, and the administrators are reluctant to make any changes in a system that already proved itself to be robust and secure. So, our target with these patches is not to enhance the support for scripts but rather to allow a translator to be integrated into a working environment that is not (and should not be) aware to the fact it's being emulated. As I said before - it is practically hopeless to expect an administrator of such a system to change it so that it will suit the current behavior of binfmt_misc. But, even if we could do that, I'm not sure it would be a good idea - these changes are likely to be less secure than the suggested patches - - In order to execute non-readable binaries the binary will have to be made readable, which is obviously less secure than allowing only a trusted translator to read it - There will be no way for the translator to calculate the accurate AT_SECURE value for the translated process. This might end up with the translated process running in a non-secured mode when it actually needs to be secured. </background> I prepared a patch that solves a couple of problems that interpreters have when invoked via binfmt_misc. currently - 1) such interpreters cannot open non-readable binaries 2) the processes will have their credentials and security attributes calculated according to interpreter permissions and not those of the original binary the proposed patch solves these problems by - 1) opening the binary on behalf of the interpreter and passing its fd instead of the path as argv[1] to the interpreter 2) calling prepare_binprm with the file struct of the binary and not the one of the interpreter The new functionality is enabled by adding a special flag to the registration string. If this flag is not added then old behavior is not changed. A preliminary version of this patch was sent to the list on 9/1/2003 with the title "[PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4". This new version fixes the concerns that were raised by the patch, except of calling unshare_files() before allocating a new fd. this is because this feature did not enter 2.6 yet. Arun Sharma <arun.sharma@intel.com> says: We were going through an internal review of this patch: http://marc.theaimsgroup.com/?l=linux-kernel&m=107424598901720&w=2 which is in your tree already. I'm not sure if this line of code got sufficient review. + /* call prepare_binprm before switching to interpreter's file + * so that all security calculation will be done according to + * binary and not interpreter */ + retval = prepare_binprm(bprm); The case that concerns me is: unprivileged interpreter and a privileged binary. One can use binfmt_misc to execute untrusted code (interpreter) with elevated privileges. One could argue that all binfmt_misc interpreters are trusted, because only root can register them. But that's a change from the traditional behavior of binfmt_misc (and binfmt_script). (Update): Arun pointed out that calculating the process credentials according to the binary that needs to be translated is a bit risky, since it requires the administrator to pay extra attention not to register an interpreter which is not intended to run with root credentials. After discussing this issue with him, I would like to propose a modified patch: The old patch did 2 things - 1) open the binary for reading and 2) calculate the credentials according to the binary. I removed the riskier part of changing the credentials calculation, so the revised patch only opens the binary for reading. It also includes few words of warning in the description of the 'open-binary' feature in binfmt_misc.txt, and makes the function entry_status print the flags in use. As for the 'credentials' part of the patch, I will prepare a separate patch for it and send it again to the LKML, describe the problem and ask for people comments. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Porter authored
Add myself as the PPC4xx maintainer. Merge CREDITS entry from 2.4 Signed-off-by: Matt Porter <mporter@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Olaf Hering authored
/proc/cmdline is filled via an OS400 call iSeries_init(). It scans the returned data from the end, instead of the beginning. This leads to multiple lines in /proc/cmdline Just scan from the beginning and stop at the first newline. This patch changes also the /proc/iSeries/mf/*/cmdline interface to do the same as the initial setup. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Mikael Pettersson authored
2.6.7-rc3-mm1 changed cpumask_t from ulong to a struct, causing compile-time errors in arch/ppc/kernel/irq.c. Proposed fix below. Tested on a G3. Signed-off-by: Mikael Pettersson <mikpe@csd.uu.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Kumar Gala authored
Here is both a GNU style and BK patch for adding support for the e500 core and 85xx platform to 2.6. This is pretty much a direct port from 2.4 with a bit of cleanup around the edges. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Hugh Dickins authored
Test for pte_young before going to the costlier atomic test_and_clear, as asm-generic does. Test for pte_dirty before going to the costlier atomic test_and_clear, as asm-generic does (I said before that I would not do so for pte_dirty, but was missing the point: there is nothing atomic about deciding to do nothing). But I've not touched the rather different ppc and ppc64. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Hugh Dickins authored
Traditionally we've not flushed TLB after clearing the young/referenced bit, it has seemed just a waste of time. Russell King points out that on some architectures, with the move from 2.4 mm sweeping to 2.6 rmap, this may be a serious omission: very frequently referenced pages never re-marked young, and the worst choices made for unmapping. So, replace ptep_test_and_clear_young by ptep_clear_flush_young throughout rmap.c. Originally I'd imagined making some kind of TLB gather optimization, but don't see what now: whether worth it rather depends on how common cross-cpu flushes are, and whether global or not. ppc and ppc64 have already found this issue, and worked around it by arranging TLB flush from their ptep_test_and_clear_young: with the aid of pgtable rmap pointers. I'm hoping ptep_clear_flush_young will allow ppc and ppc64 to remove that special code, but won't change them myself. It's worth noting that it is Andrea's anon_vma rmap which makes the vma available for ptep_clear_flush_young in page_referenced_one: anonmm and pte_chains would both need an additional find_vma for that. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
- 17 Jun, 2004 3 commits
-
-
Richard Henderson authored
From: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Compilation fails due to incorrect usage of NODE_DATA(). Reported by hpa.
-
Paul Mackerras authored
This rewrites the PPC64 exception entry/exit routines to make them smaller and faster. In particular we no longer save all of the registers for the common exceptions - system calls, hardware interrupts and decrementer (timer) interrupts - only the volatile registers. The other registers are saved and restored (if used) by the C functions we call. This involved changing the registers we use in early exception processing from r20-r23 to r9-r12, which ended up changing quite a lot of code in head.S. Overall this gives us about a 20% reduction in null syscall time. Some system calls need all the registers (e.g. fork/clone/vfork and [rt_]sigsuspend). For these the syscall dispatch code calls a stub that saves the nonvolatile registers before calling the real handler. This also implements the force_successful_syscall_return() thing for ppc64. Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Paul Mackerras authored
This implements CONFIG_PREEMPT for ppc64. Aside from the entry.S changes to check the _TIF_NEED_RESCHED bit when returning from an exception, there are various changes to make the ppc64-specific code preempt-safe, mostly adding preempt_enable/disable or get_cpu/put_cpu calls where needed. I have been using this on my desktop G5 for the last week without problems. Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
- 15 Jun, 2004 24 commits
-
-
Linus Torvalds authored
-
David S. Miller authored
into kernel.bkbits.net:/home/davem/sparc-2.6
-
John Rose authored
I noticed that insert_resource() incorrectly handles the case of an existing parent resource with the same ending address as a newly added child. This results in incorrect nesting, like the following: # cat /proc/ioports <snip> 002f0000-002fffff : PCI Bus #48 00200000-002fffff : /pci@800000020000003 </snip> Signed-off-by: John Rose <johnrose@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
Make sure that number of sectors != 0 for in/out command before sending it to drive. Remove no longer needed checks from flagged_* PIO handlers. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
PIO handlers under CONFIG_IDE_TASKFILE_IO=n are never used for bio based requests (rq->bio is always NULL) so we can use rq->buffer directly instead of calling ide_[un]map_buffer(). Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
- merge status checking code for rq->current_nr_sectors and !rq->current_nr_sectors cases - remove !rq->bio check as it is always true Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
These handlers are nowadays used only for REQ_DRIVE_TASKFILE requests (rq->bio is always NULL) which aren't retried et all so remove code 'rewinding' rq->current_nr_sectors and some FIXMEs. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
If REQ_DRIVE_* request fails ide_end_drive_cmd() should be called for it not ->end_request(). This was broken by 2.6.5, fix it. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
'cat /proc/ide/hdx/identify' generates REQ_DRIVE_TASKFILE request (for WIN_PIDENTIFY command) even for devices controlled by ide-cd. All other drivers don't try to retry such requests. Acked by Jens. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
First introduced in 2.4.19/2.5.3 as ALTSTAT_SCREW_UP, never used. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
- do not unregister ide-pnp driver while detaching random IDE device from random IDE device driver if IDE is modular (somebody added this in 2.3.51) - clear 'hw_regs_t hw' allocated from stack - mark idepnp_init() with __init - use ide_std_init_ports() instead of ide_setup_ports() Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
From: Geert Uytterhoeven <geert@linux-m68k.org> The IDE sparse fixups cause 2 warnings (unused variables `val' and `reg') on m68k and APUS. However, the reason why this code was commented out is gone. So just remove the special case. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
They are only included from these drivers. While at it: - remove redundant ide_pci_device_t tables - add DECLARE_CS_DEV() (cs5520) - remove duplicate DISPLAY_SC1200_TIMINGS define (sc1200) - remove unused SIIMAGE_BUFFERED_TASKFILE, SII_DEBUG and siiprintk() defines + add DECLARE_SII_DEV() (siimage) - remove unused SLC90E66_DEBUG_DRIVE_INFO define (slc90e66) Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Bartlomiej Zolnierkiewicz authored
Extracted from the Debian kernel package (original patch is from Herbert Xu). Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David S. Miller authored
-
http://linux-watchdog.bkbits.net/linux-2.6-watchdogLinus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
bk://bk.arm.linux.org.uk/linux-2.6-serialLinus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
Russell King authored
Thanks to Ivan Kokshaysky for spotting this.
-
bk://bk.arm.linux.org.uk/linux-2.6-pcmciaLinus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
Russell King authored
-
bk://cifs.bkbits.net/linux-2.5cifsLinus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
bk://cifs.bkbits.net/linux-2.5cifsSteve French authored
into stevef95.austin.ibm.com:/home/stevef/linux-2.5cifs
-
Steve French authored
Fix i_size corruption in case of overlapped readdir changing cached file size and local cached write extending file
-
Andi Kleen authored
From: "Siddha, Suresh B" <suresh.b.siddha@intel.com> From: "Kamble, Nitin A" <nitin.a.kamble@intel.com> Fix use of uninitialized memory in x86-64 ioremap This caused BUGs at bootup for some people.
-
- 14 Jun, 2004 4 commits
-
-
Steve French authored
Signed-off-by: Steve French (sfrench@us.ibm.com)
-
Chris Wright authored
Add proper __user annotation to selinux_shm_shmat. From: Mika Kukkonen <mika@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Chris Wright authored
Add proper __user annotation to dummy_shm_shmat. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Chris Wright authored
Add proper __user annotation for shm_shmat hook in security.h. From: Mika Kukkonen <mika@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-