- 12 Apr, 2004 40 commits
-
-
Andrew Morton authored
From: Arjan van de Ven <arjanv@redhat.com> isdn: dynamically allocate big structures
-
Andrew Morton authored
From: Arjan van de Ven <arjanv@redhat.com> ide.c: constant array of strings can be static
-
Andrew Morton authored
From: Arjan van de Ven <arjanv@redhat.com> ide-cd: a few 512 byte scratch buffers can be static; they are just for putting "padding" sectors in that aren't used. (acked by Jens)
-
Andrew Morton authored
From: Julie DeWandel <jdewand@redhat.com> A problem exists where a 32-bit application can have a huge bss, one that is so large that an overflow of the TASK_SIZE happens. But in this case, the overflow is not detected in load_elf_binary(). Instead, because arithmetic is being done using 32-bit containers, a truncation occurs and the program gets loaded when it shouldn't have been. Subsequent execution yields unpredictable results. The attached patch fixes this problem by checking for the overflow condition and sending a SIGKILL to the application if the overflow is detected. This problem can in theory exist when loading the elf interpreter as well, so a similar check was added there.
-
Andrew Morton authored
From: Fabian Frederick <Fabian.Frederick@skynet.be> Here's a trivial patch to avoid definition redundancy in es1688.
-
Andrew Morton authored
- Don't leak a pathname ref on error - Don't do putname() on a nameidata.
-
Andrew Morton authored
From: Brian Gerst <bgerst@didntduck.org> - Move empty_zero_page and swapper_pg_dir to BSS. This requires that BSS is cleared earlier, but reclaims over 3k that was lost due to page alignment. - Move stack_start, ready, and int_msg, boot_gdt_descr, idt_descr, and cpu_gdt_descr to .data. They were interfering with disassembly while in .text.
-
Andrew Morton authored
unmap_vmas() will cause scheduling latency when tearing down really big vmas on !CONFIG_PREEMPT. That's a bit unkind to the non-preempt case, so let's do a cond_resched() after zapping 1024 pages.
-
Andrew Morton authored
From: Bernhard Rosenkraenzer <bero@arklinux.org> mixart.h uses tasklet_struct without including linux/interrupt.h -- fix attached.
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch drops the ratelimit code from the SELinux avc, as this can now be handled by the audit framework. Enabling and setting the ratelimit is then left to userspace.
-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes an error message printk'd by security_compute_sid to use the audit framework instead. These errors reflect situations where a security transition would normally occur due to policy, but the resulting security context is not valid. The patch also changes the code to always call the audit framework rather than only doing so when permissive as this was causing problems with testing policy, and does some code cleanup.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> This patch makes the IPv6 code work with the audit framework, following the merge of both.
-
Andrew Morton authored
From: Rik Faith <faith@redhat.com> This patch provides a low-overhead system-call auditing framework for Linux that is usable by LSM components (e.g., SELinux). This is an update of the patch discussed in this thread: http://marc.theaimsgroup.com/?t=107815888100001&r=1&w=2 In brief, it provides for netlink-based logging of audit records that have been generated in other parts of the kernel (e.g., SELinux) as well as the ability to audit system calls, either independently (using simple filtering) or as a compliment to the audit record that another part of the kernel generated. The main goals were to provide system call auditing with 1) as low overhead as possible, and 2) without duplicating functionality that is already provided by SELinux (and/or other security infrastructures). This framework will work "stand-alone", but is not designed to provide, e.g., CAPP functionality without another security component in place. This updated patch includes changes from feedback I have received, including the ability to compile without CONFIG_NET (and better use of tabs, so use -w if you diff against the older patch). Please see http://people.redhat.com/faith/audit/ for an early example user-space client (auditd-0.4.tar.gz) and instructions on how to try it. My future intentions at the kernel level include improving filtering (e.g., syscall personality/exit codes) and syscall support for more architectures. First, though, I'm going to work on documentation, a (real) audit daemon, and patches for other user-space tools so that people can play with the framework and understand how it can be used with and without SELinux. Update: Light-weight Auditing Framework receive filter fixes From: Rik Faith <faith@redhat.com> Since audit_receive_filter() is only called with audit_netlink_sem held, it cannot race with either audit_del_rule() or audit_add_rule(), so the list_for_each_entry_rcu()s may be replaced by list_for_each_entry()s, and the rcu_read_{un,}lock()s removed. A fix for this is part of the attached patch. Other features of the attached patch are: 1) generalized the ability to test for inequality 2) added syscall exit status reporting and testing 3) added ability to report and test first 4 syscall arguments (this adds a large amount of flexibility for little cost; not implemented or tested on ppc64) 4) added ability to report and test personality User-space demo program enhanced for new fields and inequality testing: http://people.redhat.com/faith/audit/auditd-0.5.tar.gz
-
Andrew Morton authored
This patch removes a harmless duplicate assignment from the IPv6 code.
-
Andrew Morton authored
From: James Morris <jmorris@redhat.com> The patch below adds explicit IPv6 support to SELinux. Brief description of changes: o IPv6 networking is now subject to the same controls as IPv4 (in addition to the generic socket permissions which cover all protocols), namely: bind to local node address; bind to local port; send & receive TCP/UDP and raw IP packets based on local network interface and remote node address. o Packet parsing has been extended to IPv6 packets for logging and control, and simplified for IPv4. o Support for logging of IPv6 addresses has also been added. o The kernel policy database code has been modified to support IPv6, and reworked to provide generic security policy version handling so that older policy versions will still work, making upgrading simpler. Corresponding userspace patches are available at <http://people.redhat.com/jmorris/selinux/ipv6/>, although current userspace tools will continue to function normally (but without explicit IPv6 support). For more details at the security management level, see <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2> This code has been under testing and review for several weeks.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs-writepage-ordered-race needs a minor update to include your latest __block_write_full_page fixes for the direct_read_under bug Daniel was hitting.
-
Andrew Morton authored
fs/reiserfs/journal.c: In function `reiserfs_end_persistent_transaction': fs/reiserfs/journal.c:2616: warning: unused variable `s' Make the functions static inline so that typechecking is enabled if !CONFIG_REISERFS_CHECK.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> block_write_full_page() might see and lock clean metadata buffers, which leads to journal-1777 messages. Change the message to ignore bh locked.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Some latency improvements for the reiserfs data=ordered code from Takashi.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs_unmap_buffer should clean and wait on all buffers. This fixes a leak under fsx workloads.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Add reiserfs support for laptop mode.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs_file_write makes a hole one block too large if it is the first thing in the file.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Fix reiserfs_writepage so it doesn't race with data=ordered writes. This still has a pending fix to redirty the page when it finds a locked buffer. Waiting for Andrew to finish sorting that out on ext3 first.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Repacking a tail might leave a journal handle attached to an unmapped buffer. If that buffer gets dirtied again (via mmap for example), the reiserfs data=ordered code might try to write the dirty unmapped buffer to disk. The fix is to make sure we remove the journal handle when we unmap buffers.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Enable preallocation for reiserfs_file_write when the write size is smaller than the default preallocation size.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> Make sure to hold the BKL while ending a transaction in the error path or reiserfs_prepare_write.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs data=ordered support.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs logging rework, making things much faster for small transactions. metadata buffers are dirtied when they are safe to write, so normal kernel mechanisms can contribute to log cleaning.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs cleanup, get rid of old debugging code.
-
Andrew Morton authored
From: Chris Mason <mason@suse.com> reiserfs support for nested transactions. This originally came from Peter Braam for 2.4.x and was ported forward by Jeff Mahoney.
-
Andrew Morton authored
ext3 transaction batching has been ineffective since the scheduler changes forced us to replace the yield() with a schedule(). Using schedule_timeout(1) fixes it up again. Benchmarking is positive with wither a 1 or 10 millisecond delay in there, so there appears to be no need to play around with HZ.
-
Andrew Morton authored
From: Kurt Garloff <garloff@suse.de> A patch to parse the elf binaries for a PT_GNU_STACK section to set the stack non-executable if possible. Most parts have been shamelessly stolen from Ingo Molnar's more ambitious stackshield http://people.redhat.com/mingo/exec-shield/exec-shield-2.6.4-C9 The toolchain has meanwhile support for marking the binaries with a PT_GNU_STACK section wwithout x bit as needed. If no such section is found, we leave the stack to whatever the arch defaults to. If there is one, we explicitly disabled the VM_EXEC bit if no x bit is found, otherwise explicitly enable.
-
Andrew Morton authored
- s/__inline__/inline/ - Remove lots of extraneous andi-was-here trailing whitespace
-
Andrew Morton authored
From: "Paul E. McKenney" <paulmck@us.ibm.com> The attached patch improves the documentation of the _rcu list primitives.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> IBM LAN Adapter/A driver depends on mca-legacy.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> drivers/net/wan/cycx_drv.c: In function `load_cyc2x': drivers/net/wan/cycx_drv.c:430: warning: unsigned int format, long unsigned int arg (arg 3)
-
Andrew Morton authored
From: Pavel Machek <pavel@ucw.cz> This function will break with -mregparm, so mark it asmlinkage.
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> drivers/media/dvb/frontends/tda1004x.c:191: warning: `errno' defined but not used
-
Andrew Morton authored
From: "Luiz Fernando N. Capitulino" <lcapitulino@prefeitura.sp.gov.br> sound/isa/wavefront/wavefront_synth.c:1923: warning: `errno' defined but not used
-
Andrew Morton authored
With CONFIG_LBD=n: fs/open.c: In function `vfs_statfs_native': fs/open.c:67: warning: comparison is always true due to limited range of data type fs/open.c:70: warning: comparison is always true due to limited range of data type
-