1. 17 Jan, 2012 12 commits
    • Eric Paris's avatar
      audit: drop audit_set_macxattr as it doesn't do anything · 38cdce53
      Eric Paris authored
      unused.  deleted.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      38cdce53
    • Eric Paris's avatar
      audit: inline checks for not needing to collect aux records · 07c49417
      Eric Paris authored
      A number of audit hooks make function calls before they determine that
      auxilary records do not need to be collected.  Do those checks as static
      inlines since the most common case is going to be that records are not
      needed and we can skip the function call overhead.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      07c49417
    • Eric Paris's avatar
      audit: drop some potentially inadvisable likely notations · 56179a6e
      Eric Paris authored
      The audit code makes heavy use of likely() and unlikely() macros, but they
      don't always make sense.  Drop any that seem questionable and let the
      computer do it's thing.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      56179a6e
    • Eric Paris's avatar
      audit: remove AUDIT_SETUP_CONTEXT as it isn't used · 997f5b64
      Eric Paris authored
      Audit contexts have 3 states.  Disabled, which doesn't collect anything,
      build, which collects info but might not emit it, and record, which
      collects and emits.  There is a 4th state, setup, which isn't used.  Get
      rid of it.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      997f5b64
    • Eric Paris's avatar
      audit: inline audit_syscall_entry to reduce burden on archs · b05d8447
      Eric Paris authored
      Every arch calls:
      
      if (unlikely(current->audit_context))
      	audit_syscall_entry()
      
      which requires knowledge about audit (the existance of audit_context) in
      the arch code.  Just do it all in static inline in audit.h so that arch's
      can remain blissfully ignorant.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      b05d8447
    • Eric Paris's avatar
      audit: ia32entry.S sign extend error codes when calling 64 bit code · f031cd25
      Eric Paris authored
      In the ia32entry syscall exit audit fastpath we have assembly code which calls
      __audit_syscall_exit directly.  This code was, however, zeroes the upper 32
      bits of the return code.  It then proceeded to call code which expects longs
      to be 64bits long.  In order to handle code which expects longs to be 64bit we
      sign extend the return code if that code is an error.  Thus the
      __audit_syscall_exit function can correctly handle using the values in
      snprintf("%ld").  This fixes the regression introduced in 5cbf1565.
      
      Old record:
      type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no exit=4294967283
      New record:
      type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no exit=-13
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Acked-by: default avatarH. Peter Anvin <hpa@zytor.com>
      f031cd25
    • Eric Paris's avatar
      Audit: push audit success and retcode into arch ptrace.h · d7e7528b
      Eric Paris authored
      The audit system previously expected arches calling to audit_syscall_exit to
      supply as arguments if the syscall was a success and what the return code was.
      Audit also provides a helper AUDITSC_RESULT which was supposed to simplify things
      by converting from negative retcodes to an audit internal magic value stating
      success or failure.  This helper was wrong and could indicate that a valid
      pointer returned to userspace was a failed syscall.  The fix is to fix the
      layering foolishness.  We now pass audit_syscall_exit a struct pt_reg and it
      in turns calls back into arch code to collect the return value and to
      determine if the syscall was a success or failure.  We also define a generic
      is_syscall_success() macro which determines success/failure based on if the
      value is < -MAX_ERRNO.  This works for arches like x86 which do not use a
      separate mechanism to indicate syscall failure.
      
      We make both the is_syscall_success() and regs_return_value() static inlines
      instead of macros.  The reason is because the audit function must take a void*
      for the regs.  (uml calls theirs struct uml_pt_regs instead of just struct
      pt_regs so audit_syscall_exit can't take a struct pt_regs).  Since the audit
      function takes a void* we need to use static inlines to cast it back to the
      arch correct structure to dereference it.
      
      The other major change is that on some arches, like ia64, MIPS and ppc, we
      change regs_return_value() to give us the negative value on syscall failure.
      THE only other user of this macro, kretprobe_example.c, won't notice and it
      makes the value signed consistently for the audit functions across all archs.
      
      In arch/sh/kernel/ptrace_64.c I see that we were using regs[9] in the old
      audit code as the return value.  But the ptrace_64.h code defined the macro
      regs_return_value() as regs[3].  I have no idea which one is correct, but this
      patch now uses the regs_return_value() function, so it now uses regs[3].
      
      For powerpc we previously used regs->result but now use the
      regs_return_value() function which uses regs->gprs[3].  regs->gprs[3] is
      always positive so the regs_return_value(), much like ia64 makes it negative
      before calling the audit code when appropriate.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Acked-by: H. Peter Anvin <hpa@zytor.com> [for x86 portion]
      Acked-by: Tony Luck <tony.luck@intel.com> [for ia64]
      Acked-by: Richard Weinberger <richard@nod.at> [for uml]
      Acked-by: David S. Miller <davem@davemloft.net> [for sparc]
      Acked-by: Ralf Baechle <ralf@linux-mips.org> [for mips]
      Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [for ppc]
      d7e7528b
    • Eric Paris's avatar
      seccomp: audit abnormal end to a process due to seccomp · 85e7bac3
      Eric Paris authored
      The audit system likes to collect information about processes that end
      abnormally (SIGSEGV) as this may me useful intrusion detection information.
      This patch adds audit support to collect information when seccomp forces a
      task to exit because of misbehavior in a similar way.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      85e7bac3
    • Eric Paris's avatar
      audit: check current inode and containing object when filtering on major and minor · 16c174bd
      Eric Paris authored
      The audit system has the ability to filter on the major and minor number of
      the device containing the inode being operated upon.  Lets say that
      /dev/sda1 has major,minor 8,1 and that we mount /dev/sda1 on /boot.  Now lets
      say we add a watch with a filter on 8,1.  If we proceed to open an inode
      inside /boot, such as /vboot/vmlinuz, we will match the major,minor filter.
      
      Lets instead assume that one were to use a tool like debugfs and were to
      open /dev/sda1 directly and to modify it's contents.  We might hope that
      this would also be logged, but it isn't.  The rules will check the
      major,minor of the device containing /dev/sda1.  In other words the rule
      would match on the major/minor of the tmpfs mounted at /dev.
      
      I believe these rules should trigger on either device.  The man page is
      devoid of useful information about the intended semantics.  It only seems
      logical that if you want to know everything that happened on a major,minor
      that would include things that happened to the device itself...
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      16c174bd
    • Eric Paris's avatar
      audit: drop the meaningless and format breaking word 'user' · 3035c51e
      Eric Paris authored
      userspace audit messages look like so:
      
      type=USER msg=audit(1271170549.415:24710): user pid=14722 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 msg=''
      
      That third field just says 'user'.  That's useless and doesn't follow the
      key=value pair we are trying to enforce.  We already know it came from the
      user based on the record type.  Kill that word.  Die.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      3035c51e
    • Eric Paris's avatar
      audit: dynamically allocate audit_names when not enough space is in the names array · 5195d8e2
      Eric Paris authored
      This patch does 2 things.  First it reduces the number of audit_names
      allocated in every audit context from 20 to 5.  5 should be enough for all
      'normal' syscalls (rename being the worst).  Some syscalls can still touch
      more the 5 inodes such as mount.  When rpc filesystem is mounted it will
      create inodes and those can exceed 5.  To handle that problem this patch will
      dynamically allocate audit_names if it needs more than 5.  This should
      decrease the typicall memory usage while still supporting all the possible
      kernel operations.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      5195d8e2
    • Eric Paris's avatar
      audit: make filetype matching consistent with other filters · 5ef30ee5
      Eric Paris authored
      Every other filter that matches part of the inodes list collected by audit
      will match against any of the inodes on that list.  The filetype matching
      however had a strange way of doing things.  It allowed userspace to
      indicated if it should match on the first of the second name collected by
      the kernel.  Name collection ordering seems like a kernel internal and
      making userspace rules get that right just seems like a bad idea.  As it
      turns out the userspace audit writers had no idea it was doing this and
      thus never overloaded the value field.  The kernel always checked the first
      name collected which for the tested rules was always correct.
      
      This patch just makes the filetype matching like the major, minor, inode,
      and LSM rules in that it will match against any of the names collected.  It
      also changes the rule validation to reject the old unused rule types.
      
      Noone knew it was there.  Noone used it.  Why keep around the extra code?
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      5ef30ee5
  2. 12 Jan, 2012 9 commits
    • Linus Torvalds's avatar
      Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9fc5c3e3
      Linus Torvalds authored
      * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/intel config: Fix the APB_TIMER selection
        x86/mrst: Add additional debug prints for pb_keys
        x86/intel config: Revamp configuration to allow for Moorestown and Medfield
        x86/intel/scu/ipc: Match the changes in the x86 configuration
        x86/apb: Fix configuration constraints
        x86: Fix INTEL_MID silly
        x86/Kconfig: Cyclone-timer depends on x86-summit
        x86: Reduce clock calibration time during slave cpu startup
        x86/config: Revamp configuration for MID devices
        x86/sfi: Kill the IRQ as id hack
      9fc5c3e3
    • Linus Torvalds's avatar
      Merge branch 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 541048a1
      Linus Torvalds authored
      * 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, reboot: Fix typo in nmi reboot path
        x86, NMI: Add to_cpumask() to silence compile warning
        x86, NMI: NMI selftest depends on the local apic
        x86: Add stack top margin for stack overflow checking
        x86, NMI: NMI-selftest should handle the UP case properly
        x86: Fix the 32-bit stackoverflow-debug build
        x86, NMI: Add knob to disable using NMI IPIs to stop cpus
        x86, NMI: Add NMI IPI selftest
        x86, reboot: Use NMI instead of REBOOT_VECTOR to stop cpus
        x86: Clean up the range of stack overflow checking
        x86: Panic on detection of stack overflow
        x86: Check stack overflow in detail
      541048a1
    • Linus Torvalds's avatar
      Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · bcede2f6
      Linus Torvalds authored
      * 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, efi: Break up large initrd reads
        x86, efi: EFI boot stub support
        efi: Add EFI file I/O data types
        efi.h: Add boottime->locate_handle search types
        efi.h: Add graphics protocol guids
        efi.h: Add allocation types for boottime->allocate_pages()
        efi.h: Add efi_image_loaded_t
        efi.h: Add struct definition for boot time services
        x86: Don't use magic strings for EFI loader signature
        x86: Add missing bzImage fields to struct setup_header
      bcede2f6
    • Linus Torvalds's avatar
      Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d0b9706c
      Linus Torvalds authored
      * 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/numa: Add constraints check for nid parameters
        mm, x86: Remove debug_pagealloc_enabled
        x86/mm: Initialize high mem before free_all_bootmem()
        arch/x86/kernel/e820.c: quiet sparse noise about plain integer as NULL pointer
        arch/x86/kernel/e820.c: Eliminate bubble sort from sanitize_e820_map()
        x86: Fix mmap random address range
        x86, mm: Unify zone_sizes_init()
        x86, mm: Prepare zone_sizes_init() for unification
        x86, mm: Use max_low_pfn for ZONE_NORMAL on 64-bit
        x86, mm: Wrap ZONE_DMA32 with CONFIG_ZONE_DMA32
        x86, mm: Use max_pfn instead of highend_pfn
        x86, mm: Move zone init from paging_init() on 64-bit
        x86, mm: Use MAX_DMA_PFN for ZONE_DMA on 32-bit
      d0b9706c
    • Linus Torvalds's avatar
      Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq · 02d92950
      Linus Torvalds authored
      * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq: (23 commits)
        [CPUFREQ] EXYNOS: Removed useless headers and codes
        [CPUFREQ] EXYNOS: Make EXYNOS common cpufreq driver
        [CPUFREQ] powernow-k8: Update copyright, maintainer and documentation information
        [CPUFREQ] powernow-k8: Fix indexing issue
        [CPUFREQ] powernow-k8: Avoid Pstate MSR accesses on systems supporting CPB
        [CPUFREQ] update lpj only if frequency has changed
        [CPUFREQ] cpufreq:userspace: fix cpu_cur_freq updation
        [CPUFREQ] Remove wall variable from cpufreq_gov_dbs_init()
        [CPUFREQ] EXYNOS4210: cpufreq code is changed for stable working
        [CPUFREQ] EXYNOS4210: Update frequency table for cpu divider
        [CPUFREQ] EXYNOS4210: Remove code about bus on cpufreq
        [CPUFREQ] s3c64xx: Use pr_fmt() for consistent log messages
        cpufreq: OMAP: fixup for omap_device changes, include <linux/module.h>
        cpufreq: OMAP: fix freq_table leak
        cpufreq: OMAP: put clk if cpu_init failed
        cpufreq: OMAP: only supports OPP library
        cpufreq: OMAP: dont support !freq_table
        cpufreq: OMAP: deny initialization if no mpudev
        cpufreq: OMAP: move clk name decision to init
        cpufreq: OMAP: notify even with bad boot frequency
        ...
      02d92950
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/battery-2.6 · b24ca57e
      Linus Torvalds authored
      * git://git.infradead.org/battery-2.6: (68 commits)
        power_supply: Mark da9052 driver as broken
        power_supply: Drop usage of nowarn variant of sysfs_create_link()
        s3c_adc_battery: Average over more than one adc sample
        power_supply: Add DA9052 battery driver
        isp1704_charger: Fix missing check
        jz4740-battery: Fix signedness bug
        power_supply: Assume mains power by default
        sbs-battery: Fix devicetree match table
        ARM: rx51: Add bq27200 i2c board info
        sbs-battery: Change power supply name
        devicetree-bindings: Propagate bq20z75->sbs rename to dt bindings
        devicetree-bindings: Add vendor entry for Smart Battery Systems
        sbs-battery: Rename internals to new name
        bq20z75: Rename to sbs-battery
        wm97xx_battery: Use DEFINE_MUTEX() for work_lock
        max8997_charger: Remove duplicate module.h
        lp8727_charger: Some minor fixes for the header
        lp8727_charger: Add header file
        power_supply: Convert drivers/power/* to use module_platform_driver()
        power_supply: Add "unknown" in power supply type
        ...
      b24ca57e
    • Linus Torvalds's avatar
      Merge branch 'slab/for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux · 6296e5d3
      Linus Torvalds authored
      * 'slab/for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux:
        slub: disallow changing cpu_partial from userspace for debug caches
        slub: add missed accounting
        slub: Extract get_freelist from __slab_alloc
        slub: Switch per cpu partial page support off for debugging
        slub: fix a possible memleak in __slab_alloc()
        slub: fix slub_max_order Documentation
        slub: add missed accounting
        slab: add taint flag outputting to debug paths.
        slub: add taint flag outputting to debug paths
        slab: introduce slab_max_order kernel parameter
        slab: rename slab_break_gfp_order to slab_max_order
      6296e5d3
    • Linus Torvalds's avatar
      Merge tag 'md-3.3-fixes' of git://neil.brown.name/md · c086ae4e
      Linus Torvalds authored
      Two bugfixes for md.
      
      One is a recently introduced regression that affects an unusual
      configuration with a guaranteed BUG_ON.  Has been tagged for -stable.
      The other is minor missing functionality.
      
      * tag 'md-3.3-fixes' of git://neil.brown.name/md:
        md/raid1: perform bad-block tests for WriteMostly devices too.
        md: notify the 'degraded' sysfs attribute on failure.
      c086ae4e
    • Linus Torvalds's avatar
      Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci · 7b67e751
      Linus Torvalds authored
      * 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci: (80 commits)
        x86/PCI: Expand the x86_msi_ops to have a restore MSIs.
        PCI: Increase resource array mask bit size in pcim_iomap_regions()
        PCI: DEVICE_COUNT_RESOURCE should be equal to PCI_NUM_RESOURCES
        PCI: pci_ids: add device ids for STA2X11 device (aka ConneXT)
        PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB
        x86/PCI: amd: factor out MMCONFIG discovery
        PCI: Enable ATS at the device state restore
        PCI: msi: fix imbalanced refcount of msi irq sysfs objects
        PCI: kconfig: English typo in pci/pcie/Kconfig
        PCI/PM/Runtime: make PCI traces quieter
        PCI: remove pci_create_bus()
        xtensa/PCI: convert to pci_scan_root_bus() for correct root bus resources
        x86/PCI: convert to pci_create_root_bus() and pci_scan_root_bus()
        x86/PCI: use pci_scan_bus() instead of pci_scan_bus_parented()
        x86/PCI: read Broadcom CNB20LE host bridge info before PCI scan
        sparc32, leon/PCI: convert to pci_scan_root_bus() for correct root bus resources
        sparc/PCI: convert to pci_create_root_bus()
        sh/PCI: convert to pci_scan_root_bus() for correct root bus resources
        powerpc/PCI: convert to pci_create_root_bus()
        powerpc/PCI: split PHB part out of pcibios_map_io_space()
        ...
      
      Fix up conflicts in drivers/pci/msi.c and include/linux/pci_regs.h due
      to the same patches being applied in other branches.
      7b67e751
  3. 11 Jan, 2012 19 commits
    • Ben Hutchings's avatar
      cpu: Register a generic CPU device on architectures that currently do not · 9f13a1fd
      Ben Hutchings authored
      frv, h8300, m68k, microblaze, openrisc, score, um and xtensa currently
      do not register a CPU device.  Add the config option GENERIC_CPU_DEVICES
      which causes a generic CPU device to be registered for each present CPU,
      and make all these architectures select it.
      
      Richard Weinberger <richard@nod.at> covered UML and suggested using
      per_cpu.
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9f13a1fd
    • Ben Hutchings's avatar
      cpu: Do not return errors from cpu_dev_init() which will be ignored · 024f7846
      Ben Hutchings authored
      cpu_dev_init() is only called from driver_init(), which does not check
      its return value.  Therefore make cpu_dev_init() return void.
      
      We must register the CPU subsystem, so panic if this fails.
      
      If sched_create_sysfs_power_savings_entries() fails, the damage is
      contained, so ignore this (as before).
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      024f7846
    • Pekka Enberg's avatar
      5878cf43
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 4f58cb90
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (54 commits)
        crypto: gf128mul - remove leftover "(EXPERIMENTAL)" in Kconfig
        crypto: serpent-sse2 - remove unneeded LRW/XTS #ifdefs
        crypto: serpent-sse2 - select LRW and XTS
        crypto: twofish-x86_64-3way - remove unneeded LRW/XTS #ifdefs
        crypto: twofish-x86_64-3way - select LRW and XTS
        crypto: xts - remove dependency on EXPERIMENTAL
        crypto: lrw - remove dependency on EXPERIMENTAL
        crypto: picoxcell - fix boolean and / or confusion
        crypto: caam - remove DECO access initialization code
        crypto: caam - fix polarity of "propagate error" logic
        crypto: caam - more desc.h cleanups
        crypto: caam - desc.h - convert spaces to tabs
        crypto: talitos - convert talitos_error to struct device
        crypto: talitos - remove NO_IRQ references
        crypto: talitos - fix bad kfree
        crypto: convert drivers/crypto/* to use module_platform_driver()
        char: hw_random: convert drivers/char/hw_random/* to use module_platform_driver()
        crypto: serpent-sse2 - should select CRYPTO_CRYPTD
        crypto: serpent - rename serpent.c to serpent_generic.c
        crypto: serpent - cleanup checkpatch errors and warnings
        ...
      4f58cb90
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security · e7691a1c
      Linus Torvalds authored
      * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: (32 commits)
        ima: fix invalid memory reference
        ima: free duplicate measurement memory
        security: update security_file_mmap() docs
        selinux: Casting (void *) value returned by kmalloc is useless
        apparmor: fix module parameter handling
        Security: tomoyo: add .gitignore file
        tomoyo: add missing rcu_dereference()
        apparmor: add missing rcu_dereference()
        evm: prevent racing during tfm allocation
        evm: key must be set once during initialization
        mpi/mpi-mpow: NULL dereference on allocation failure
        digsig: build dependency fix
        KEYS: Give key types their own lockdep class for key->sem
        TPM: fix transmit_cmd error logic
        TPM: NSC and TIS drivers X86 dependency fix
        TPM: Export wait_for_stat for other vendor specific drivers
        TPM: Use vendor specific function for status probe
        tpm_tis: add delay after aborting command
        tpm_tis: Check return code from getting timeouts/durations
        tpm: Introduce function to poll for result of self test
        ...
      
      Fix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI
      and SIGSIG next to CONFIG_DQL addition.
      e7691a1c
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 5cd9599b
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        autofs4: deal with autofs4_write/autofs4_write races
        autofs4: catatonic_mode vs. notify_daemon race
        autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race
        hfsplus: creation of hidden dir on mount can fail
        block_dev: Suppress bdev_cache_init() kmemleak warninig
        fix shrink_dcache_parent() livelock
        coda: switch coda_cnode_make() to sane API as well, clean coda_lookup()
        coda: deal correctly with allocation failure from coda_cnode_makectl()
        securityfs: fix object creation races
      5cd9599b
    • Al Viro's avatar
      autofs4: deal with autofs4_write/autofs4_write races · d668dc56
      Al Viro authored
      Just serialize the actual writing of packets into pipe on
      a new mutex, independent from everything else in the locking
      hierarchy.  As soon as something has started feeding a piece
      of packet into the pipe to daemon, we *want* everything else
      about to try the same to wait until we are done.
      Acked-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      d668dc56
    • Al Viro's avatar
      autofs4: catatonic_mode vs. notify_daemon race · 87533332
      Al Viro authored
      we need to hold ->wq_mutex while we are forming the packet to send,
      lest we have autofs4_catatonic_mode() setting wq->name.name to NULL
      just as autofs4_notify_daemon() decides to memcpy() from it...
      
      We do have check for catatonic mode immediately after that (under
      ->wq_mutex, as it ought to be) and packet won't be actually sent,
      but it'll be too late for us if we oops on that memcpy() from NULL...
      
      Fix is obvious - just extend the area covered by ->wq_mutex over
      that switch and check whether it's catatonic *before* doing anything
      else.
      Acked-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      87533332
    • Al Viro's avatar
      autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race · 4041bcdc
      Al Viro authored
      We need to recheck ->catatonic after autofs4_wait() got ->wq_mutex
      for good, or we might end up with wq inserted into queue after
      autofs4_catatonic_mode() had done its thing.  It will stick there
      forever, since there won't be anything to clear its ->name.name.
      
      A bit of a complication: validate_request() drops and regains ->wq_mutex.
      It actually ends up the most convenient place to stick the check into...
      Acked-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      4041bcdc
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · e343a895
      Linus Torvalds authored
      lib: use generic pci_iomap on all architectures
      
      Many architectures don't want to pull in iomap.c,
      so they ended up duplicating pci_iomap from that file.
      That function isn't trivial, and we are going to modify it
      https://lkml.org/lkml/2011/11/14/183
      so the duplication hurts.
      
      This reduces the scope of the problem significantly,
      by moving pci_iomap to a separate file and
      referencing that from all architectures.
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        alpha: drop pci_iomap/pci_iounmap from pci-noop.c
        mn10300: switch to GENERIC_PCI_IOMAP
        mn10300: add missing __iomap markers
        frv: switch to GENERIC_PCI_IOMAP
        tile: switch to GENERIC_PCI_IOMAP
        tile: don't panic on iomap
        sparc: switch to GENERIC_PCI_IOMAP
        sh: switch to GENERIC_PCI_IOMAP
        powerpc: switch to GENERIC_PCI_IOMAP
        parisc: switch to GENERIC_PCI_IOMAP
        mips: switch to GENERIC_PCI_IOMAP
        microblaze: switch to GENERIC_PCI_IOMAP
        arm: switch to GENERIC_PCI_IOMAP
        alpha: switch to GENERIC_PCI_IOMAP
        lib: add GENERIC_PCI_IOMAP
        lib: move GENERIC_IOMAP to lib/Kconfig
      
      Fix up trivial conflicts due to changes nearby in arch/{m68k,score}/Kconfig
      e343a895
    • Linus Torvalds's avatar
      Merge tag 'for-linux-3.3-merge-window' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming · 06792c4d
      Linus Torvalds authored
      * tag 'for-linux-3.3-merge-window' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming: (29 commits)
        C6X: replace tick_nohz_stop/restart_sched_tick calls
        C6X: add register_cpu call
        C6X: deal with memblock API changes
        C6X: fix timer64 initialization
        C6X: fix layout of EMIFA registers
        C6X: MAINTAINERS
        C6X: DSCR - Device State Configuration Registers
        C6X: EMIF - External Memory Interface
        C6X: general SoC support
        C6X: library code
        C6X: headers
        C6X: ptrace support
        C6X: loadable module support
        C6X: cache control
        C6X: clocks
        C6X: build infrastructure
        C6X: syscalls
        C6X: interrupt handling
        C6X: time management
        C6X: signal management
        ...
      06792c4d
    • Linus Torvalds's avatar
      Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze · 4690dfa8
      Linus Torvalds authored
      * 'next' of git://git.monstr.eu/linux-2.6-microblaze:
        microblaze: Wire-up new system calls
        microblaze: Remove NO_IRQ from architecture
        input: xilinx_ps2: Don't use NO_IRQ
        block: xsysace: Don't use NO_IRQ
        microblaze: Trivial asm fix
        microblaze: Fix debug message in module
        microblaze: Remove eprintk macro
        microblaze: Send CR before LF for early console
        microblaze: Change NO_IRQ to 0
        microblaze: Use irq_of_parse_and_map for timer
        microblaze: intc: Change variable name
        microblaze: Use of_find_compatible_node for timer and intc
        microblaze: Add __cmpdi2
        microblaze: Synchronize __pa __va macros
      4690dfa8
    • Linus Torvalds's avatar
      Merge branch 'unicore32' of git://github.com/gxt/linux · c2e08e7c
      Linus Torvalds authored
      * 'unicore32' of git://github.com/gxt/linux:
        rtc-puv3: solve section mismatch in rtc-puv3.c
        rtc-puv3: using module_platform_driver()
        i2c-puv3: using module_platform_driver()
        rtc-puv3: irq: remove IRQF_DISABLED
        unicore32: Remove IRQF_DISABLED
        unicore32: Use set_current_blocked()
        unicore32: add ioremap_nocache definition
        unicore32: delete specified xlate_dev_mem_ptr
        of: add include asm/setup.h in drivers/of/fdt.c
        unicore32: standardize /proc/iomem "Kernel code" name
      c2e08e7c
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin · 28190145
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin:
        blackfin: bf561: add adv7183 capture support
        blackfin: bf537: add capture support
        blackfin: bf548: add capture support
        blackfin: time-ts: rm unused func broadcast_timer_setup()
        blackfin: i2c-lcd: change default clock rate
        blackfin: mac: dsa: add vlan mask in board file
        blackfin: bf537: change num_chipselect for spi-sport
        blackfin: serial: bfin-uart: remove unused field
        bf54x: get mem size: missing break in switch
        blackfin: smp: fix msg queue overflow issue
        blackfin: config: update macro SPI_BFIN in board file
        blackfin: config: update def config for all boards
        blackfin: smp: cleanup smp code
        blackfin: smp: add suspend and wakeup irq flags
        blackfin: bf533-stamp: add missed patches for new asoc driver
        blackfin: bf533-stamp: fix ad1836 name
      28190145
    • Linus Torvalds's avatar
      Merge branch 'writeback-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/linux · 001a541e
      Linus Torvalds authored
      * 'writeback-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/linux:
        writeback: move MIN_WRITEBACK_PAGES to fs-writeback.c
        writeback: balanced_rate cannot exceed write bandwidth
        writeback: do strict bdi dirty_exceeded
        writeback: avoid tiny dirty poll intervals
        writeback: max, min and target dirty pause time
        writeback: dirty ratelimit - think time compensation
        btrfs: fix dirtied pages accounting on sub-page writes
        writeback: fix dirtied pages accounting on redirty
        writeback: fix dirtied pages accounting on sub-page writes
        writeback: charge leaked page dirties to active tasks
        writeback: Include all dirty inodes in background writeback
      001a541e
    • Linus Torvalds's avatar
      Merge branch 'akpm' (aka "Andrew's patch-bomb") · 40ba5879
      Linus Torvalds authored
      Andrew elucidates:
       - First installmeant of MM.  We have a HUGE number of MM patches this
         time.  It's crazy.
       - MAINTAINERS updates
       - backlight updates
       - leds
       - checkpatch updates
       - misc ELF stuff
       - rtc updates
       - reiserfs
       - procfs
       - some misc other bits
      
      * akpm: (124 commits)
        user namespace: make signal.c respect user namespaces
        workqueue: make alloc_workqueue() take printf fmt and args for name
        procfs: add hidepid= and gid= mount options
        procfs: parse mount options
        procfs: introduce the /proc/<pid>/map_files/ directory
        procfs: make proc_get_link to use dentry instead of inode
        signal: add block_sigmask() for adding sigmask to current->blocked
        sparc: make SA_NOMASK a synonym of SA_NODEFER
        reiserfs: don't lock root inode searching
        reiserfs: don't lock journal_init()
        reiserfs: delay reiserfs lock until journal initialization
        reiserfs: delete comments referring to the BKL
        drivers/rtc/interface.c: fix alarm rollover when day or month is out-of-range
        drivers/rtc/rtc-twl.c: add DT support for RTC inside twl4030/twl6030
        drivers/rtc/: remove redundant spi driver bus initialization
        drivers/rtc/rtc-jz4740.c: make jz4740_rtc_driver static
        drivers/rtc/rtc-mc13xxx.c: make mc13xxx_rtc_idtable static
        rtc: convert drivers/rtc/* to use module_platform_driver()
        drivers/rtc/rtc-wm831x.c: convert to devm_kzalloc()
        drivers/rtc/rtc-wm831x.c: remove unused period IRQ handler
        ...
      40ba5879
    • Serge E. Hallyn's avatar
      user namespace: make signal.c respect user namespaces · 6b550f94
      Serge E. Hallyn authored
      ipc/mqueue.c: for __SI_MESQ, convert the uid being sent to recipient's
      user namespace. (new, thanks Oleg)
      
      __send_signal: convert current's uid to the recipient's user namespace
      for any siginfo which is not SI_FROMKERNEL (patch from Oleg, thanks
      again :)
      
      do_notify_parent and do_notify_parent_cldstop: map task's uid to parent's
      user namespace
      
      ptrace_signal maps parent's uid into current's user namespace before
      including in signal to current.  IIUC Oleg has argued that this shouldn't
      matter as the debugger will play with it, but it seems like not converting
      the value currently being set is misleading.
      
      Changelog:
      Sep 20: Inspired by Oleg's suggestion, define map_cred_ns() helper to
      	simplify callers and help make clear what we are translating
              (which uid into which namespace).  Passing the target task would
      	make callers even easier to read, but we pass in user_ns because
      	current_user_ns() != task_cred_xxx(current, user_ns).
      Sep 20: As recommended by Oleg, also put task_pid_vnr() under rcu_read_lock
      	in ptrace_signal().
      Sep 23: In send_signal(), detect when (user) signal is coming from an
      	ancestor or unrelated user namespace.  Pass that on to __send_signal,
      	which sets si_uid to 0 or overflowuid if needed.
      Oct 12: Base on Oleg's fixup_uid() patch.  On top of that, handle all
      	SI_FROMKERNEL cases at callers, because we can't assume sender is
      	current in those cases.
      Nov 10: (mhelsley) rename fixup_uid to more meaningful usern_fixup_signal_uid
      Nov 10: (akpm) make the !CONFIG_USER_NS case clearer
      Signed-off-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Matt Helsley <matthltc@us.ibm.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      From: Serge Hallyn <serge.hallyn@canonical.com>
      Subject: __send_signal: pass q->info, not info, to userns_fixup_signal_uid (v2)
      
      Eric Biederman pointed out that passing info is a bug and could lead to a
      NULL pointer deref to boot.
      
      A collection of signal, securebits, filecaps, cap_bounds, and a few other
      ltp tests passed with this kernel.
      
      Changelog:
          Nov 18: previous patch missed a leading '&'
      Signed-off-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      From: Dan Carpenter <dan.carpenter@oracle.com>
      Subject: ipc/mqueue: lock() => unlock() typo
      
      There was a double lock typo introduced in b085f4bd6b21 "user namespace:
      make signal.c respect user namespaces"
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Matt Helsley <matthltc@us.ibm.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6b550f94
    • Tejun Heo's avatar
      workqueue: make alloc_workqueue() take printf fmt and args for name · b196be89
      Tejun Heo authored
      alloc_workqueue() currently expects the passed in @name pointer to remain
      accessible.  This is inconvenient and a bit silly given that the whole wq
      is being dynamically allocated.  This patch updates alloc_workqueue() and
      friends to take printf format string instead of opaque string and matching
      varargs at the end.  The name is allocated together with the wq and
      formatted.
      
      alloc_ordered_workqueue() is converted to a macro to unify varargs
      handling with alloc_workqueue(), and, while at it, add comment to
      alloc_workqueue().
      
      None of the current in-kernel users pass in string with '%' as constant
      name and this change shouldn't cause any problem.
      
      [akpm@linux-foundation.org: use __printf]
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Suggested-by: default avatarChristoph Hellwig <hch@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b196be89
    • Vasiliy Kulikov's avatar
      procfs: add hidepid= and gid= mount options · 0499680a
      Vasiliy Kulikov authored
      Add support for mount options to restrict access to /proc/PID/
      directories.  The default backward-compatible "relaxed" behaviour is left
      untouched.
      
      The first mount option is called "hidepid" and its value defines how much
      info about processes we want to be available for non-owners:
      
      hidepid=0 (default) means the old behavior - anybody may read all
      world-readable /proc/PID/* files.
      
      hidepid=1 means users may not access any /proc/<pid>/ directories, but
      their own.  Sensitive files like cmdline, sched*, status are now protected
      against other users.  As permission checking done in proc_pid_permission()
      and files' permissions are left untouched, programs expecting specific
      files' modes are not confused.
      
      hidepid=2 means hidepid=1 plus all /proc/PID/ will be invisible to other
      users.  It doesn't mean that it hides whether a process exists (it can be
      learned by other means, e.g.  by kill -0 $PID), but it hides process' euid
      and egid.  It compicates intruder's task of gathering info about running
      processes, whether some daemon runs with elevated privileges, whether
      another user runs some sensitive program, whether other users run any
      program at all, etc.
      
      gid=XXX defines a group that will be able to gather all processes' info
      (as in hidepid=0 mode).  This group should be used instead of putting
      nonroot user in sudoers file or something.  However, untrusted users (like
      daemons, etc.) which are not supposed to monitor the tasks in the whole
      system should not be added to the group.
      
      hidepid=1 or higher is designed to restrict access to procfs files, which
      might reveal some sensitive private information like precise keystrokes
      timings:
      
      http://www.openwall.com/lists/oss-security/2011/11/05/3
      
      hidepid=1/2 doesn't break monitoring userspace tools.  ps, top, pgrep, and
      conky gracefully handle EPERM/ENOENT and behave as if the current user is
      the only user running processes.  pstree shows the process subtree which
      contains "pstree" process.
      
      Note: the patch doesn't deal with setuid/setgid issues of keeping
      preopened descriptors of procfs files (like
      https://lkml.org/lkml/2011/2/7/368).  We rely on that the leaked
      information like the scheduling counters of setuid apps doesn't threaten
      anybody's privacy - only the user started the setuid program may read the
      counters.
      Signed-off-by: default avatarVasiliy Kulikov <segoon@openwall.com>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Randy Dunlap <rdunlap@xenotime.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Greg KH <greg@kroah.com>
      Cc: Theodore Tso <tytso@MIT.EDU>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: James Morris <jmorris@namei.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Hugh Dickins <hughd@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0499680a