Derived from net/ipv/fib_rules.c
Signed-off-by: NThomas Graf <tgraf@suug.ch>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Adds the framework to support multiple IPv6 routing tables.
Currently all automatically generated routes are put into the
same table. This could be changed at a later point after
considering the produced locking overhead.
Signed-off-by: NThomas Graf <tgraf@suug.ch>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

(Ab)using rt6_lock wouldn't work anymore if rt6_lock is
converted into a per table lock.
Signed-off-by: NThomas Graf <tgraf@suug.ch>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Modify the net/Kconfig file to enable selecting the NetLabel Kconfig
options.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add NetLabel support to the SELinux LSM and modify the
socket_post_create() LSM hook to return an error code.  The most
significant part of this patch is the addition of NetLabel hooks into
the following SELinux LSM hooks:

 * selinux_file_permission()
 * selinux_socket_sendmsg()
 * selinux_socket_post_create()
 * selinux_socket_sock_rcv_skb()
 * selinux_socket_getpeersec_stream()
 * selinux_socket_getpeersec_dgram()
 * selinux_sock_graft()
 * selinux_inet_conn_request()

The basic reasoning behind this patch is that outgoing packets are
"NetLabel'd" by labeling their socket and the NetLabel security
attributes are checked via the additional hook in
selinux_socket_sock_rcv_skb().  NetLabel itself is only a labeling
mechanism, similar to filesystem extended attributes, it is up to the
SELinux enforcement mechanism to perform the actual access checks.

In addition to the changes outlined above this patch also includes
some changes to the extended bitmap (ebitmap) and multi-level security
(mls) code to import and export SELinux TE/MLS attributes into and out
of NetLabel.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add CIPSO/IPv4 and unlabeled packet management to the NetLabel
subsystem.  The CIPSO/IPv4 changes allow the configuration of
CIPSO/IPv4 within the overall NetLabel framework.  The unlabeled
packet changes allows NetLabel to pass unlabeled packets without
error.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add a new kernel subsystem, NetLabel, to provide explicit packet
labeling services (CIPSO, RIPSO, etc.) to LSM developers.  NetLabel is
designed to work in conjunction with a LSM to intercept and decode
security labels on incoming network packets as well as ensure that
outgoing network packets are labeled according to the security
mechanism employed by the LSM.  The NetLabel subsystem is configured
through a Generic NETLINK interface described in the header files
included in this patch.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add support for the Commercial IP Security Option (CIPSO) to the IPv4
network stack.  CIPSO has become a de-facto standard for
trusted/labeled networking amongst existing Trusted Operating Systems
such as Trusted Solaris, HP-UX CMW, etc.  This implementation is
designed to be used with the NetLabel subsystem to provide explicit
packet labeling to LSM developers.

The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API
function which attaches a CIPSO label (IPv4 option) to a given socket;
this in turn attaches the CIPSO label to every packet leaving the
socket without any extra processing on the outbound side.  On the
inbound side the individual packet's sk_buff is examined through a
call to a NetLabel API function to determine if a CIPSO/IPv4 label is
present and if so the security attributes of the CIPSO label are
returned to the caller of the NetLabel API function.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Changes to the core network stack to support the NetLabel subsystem.  This
includes changes to the IPv4 option handling to support CIPSO labels.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Documentation for the NetLabel system, this includes a basic overview
of how NetLabel works, how LSM developers can integrate it into their
favorite LSM, as well as documentation on the CIPSO related sysctl
variables.  Also, due to the difficulty of finding expired IETF
drafts, I am including the IETF CIPSO draft that is the basis of the
NetLabel CIPSO implementation.
Signed-off-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The following patch will fix the build problem (encountered by Andrew
Morton) when SECURITY_NETWORK_XFRM is not enabled.

As compared to git-net-selinux_xfrm_decode_session-build-fix.patch in
-mm, this patch sets the return parameter sid to SECSID_NULL in
selinux_xfrm_decode_session() and handles this value in the caller
selinux_inet_conn_request() appropriately.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This defaults the label of socket-specific IPSec policies to be the
same as the socket they are set on.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This labels the flows that could utilize IPSec xfrms at the points the
flows are defined so that IPSec policy and SAs at the right label can
be used.

The following protos are currently not handled, but they should
continue to be able to use single-labeled IPSec like they currently
do.

ipmr
ip_gre
ipip
igmp
sit
sctp
ip6_tunnel (IPv6 over IPv6 tunnel device)
decnet
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This includes the security context of a security association created
for use by IKE in the acquire messages sent to IKE daemons using
PF_KEY. This would allow the daemons to include the security context
in the negotiation, so that the resultant association is unique to
that security context.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This includes the security context of a security association created
for use by IKE in the acquire messages sent to IKE daemons using
netlink/xfrm_user. This would allow the daemons to include the
security context in the negotiation, so that the resultant association
is unique to that security context.
Signed-off-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This implements a seemless mechanism for xfrm policy selection and
state matching based on the flow sid. This also includes the necessary
SELinux enforcement pieces.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This adds security to flow key for labeling of flows as also to allow
for making flow cache lookups based on the security label seemless.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This adds security for IP sockets at the sock level. Security at the
sock level is needed to enforce the SELinux security policy for
security associations even when a sock is orphaned (such as in the TCP
LAST_ACK state).

This will also be used to enforce SELinux controls over data arriving
at or leaving a child socket while it's still waiting to be accepted.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This defines a routine that combines the Type Enforcement portion of
one sid with the MLS portion from the other sid to arrive at a new
sid. This would be used to define a sid for a security association
that is to be negotiated by IKE as well as for determing the sid for
open requests and connection-oriented child sockets.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The current approach to labeling Security Associations for SELinux
purposes uses a one-to-one mapping between xfrm policy rules and
security associations.

This doesn't address the needs of real world MLS (Multi-level System,
traditional Bell-LaPadula) environments where a single xfrm policy
rule (pertaining to a range, classified to secret for example) might
need to map to multiple Security Associations (one each for
classified, secret, top secret and all the compartments applicable to
these security levels).

This patch set addresses the above problem by allowing for the mapping
of a single xfrm policy rule to multiple security associations, with
each association used in the security context it is defined for. It
also includes the security context to be used in IKE negotiation in
the acquire messages sent to the IKE daemon so that a unique SA can be
negotiated for each unique security context. A couple of bug fixes are
also included; checks to make sure the SAs used by a packet match
policy (security context-wise) on the inbound and also that the bundle
used for the outbound matches the security context of the flow. This
patch set also makes the use of the SELinux sid in flow cache lookups
seemless by including the sid in the flow key itself. Also, open
requests as well as connection-oriented child sockets are labeled
automatically to be at the same level as the peer to allow for use of
appropriately labeled IPSec associations.

Description of changes:

A "sid" member has been added to the flow cache key resulting in the
sid being available at all needed locations and the flow cache lookups
automatically using the sid. The flow sid is derived from the socket
on the outbound and the SAs (unlabeled where an SA was not used) on
the inbound.

Outbound case:
1. Find policy for the socket.

2. OLD: Find an SA that matches the policy.
 NEW: Find an SA that matches BOTH the policy and the flow/socket.
   This is necessary since not every SA that matches the policy
   can be used for the flow/socket. Consider policy range Secret-TS,
   and SAs each for Secret and TS. We don't want a TS socket to
   use the Secret SA. Hence the additional check for the SA Vs. flow/socket.

3. NEW: When looking thru bundles for a policy, make sure the
        flow/socket can use the bundle. If a bundle is not found,
        create one, calling for IKE if necessary. If using IKE,
        include the security context in the acquire message to the IKE
        daemon.

Inbound case:
1. OLD: Find policy for the socket.
 NEW: Find policy for the incoming packet based on the sid of the
      SA(s) it used or the unlabeled sid if no SAs were
      used. (Consider a case where a socket is "authorized" for two
      policies (unclassified-confidential, secret-top_secret). If the
      packet has come in using a secret SA, we really ought to be
      using the latter policy (secret-top_secret).)

2. OLD: BUG: No check to see if the SAs used by the packet agree with
             the policy sec_ctx-wise.

             (It was indicated in selinux_xfrm_sock_rcv_skb() that
              this was being accomplished by
              (x->id.spi == tmpl->id.spi || !tmpl->id.spi) in xfrm_state_ok,
	      but it turns out tmpl->id.spi
              would normally be zero (unless xfrm policy rules specify one
              at the template level, which they usually don't).
 NEW: The socket is checked for access to the SAs used (based on the
      sid of the SAs) in selinux_xfrm_sock_rcv_skb().

Forward case:
 This would be Step 1 from the Inbound case, followed by Steps 2 and 3
from the Outbound case.

Outstanding items/issues:

- Timewait acknowledgements and such are generated in the
  current/upstream implementation using a NULL socket resulting in the
  any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed
  by this patch set.

This patch: Add new flask definitions to SELinux

Adds a new avperm "polmatch" to arbitrate flow/state access to a xfrm
policy rule.
Signed-off-by: NVenkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

* git://git.infradead.org/~dwmw2/hdroneline:
  [HEADERS] One line per header in Kbuild files to reduce conflicts

Manual (trivial) conflict resolution in include/asm-s390/Kbuild

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
  ocfs2: Remove overzealous BUG_ON()
  ocfs2: Don't print on unknown remote blocking call
  ocfs2: Remove EXPERIMENTAL dependency
  ocfs2: implement directory read-ahead
  ocfs2: properly update i_mtime on buffered write
  ocfs2: Fix directory link count checks in ocfs2_link()
  ocfs2: move nlink check in ocfs2_mknod()
  ocfs2: Fix heartbeat sector calculation
  [PATCH] fs/ocfs2/ioctl.c should #include "ioctl.h"
  ocfs2: add ext2 attributes
  configfs: Prevent duplicate subsystem names.

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (64 commits)
  [BLOCK] dm-crypt: trivial comment improvements
  [CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available
  [CRYPTO] padlock: Convert padlock-sha to use crypto_hash
  [CRYPTO] users: Use crypto_comp and crypto_has_*
  [CRYPTO] api: Add crypto_comp and crypto_has_*
  [CRYPTO] users: Use crypto_hash interface instead of crypto_digest
  [SCSI] iscsi: Use crypto_hash interface instead of crypto_digest
  [CRYPTO] digest: Remove old HMAC implementation
  [CRYPTO] doc: Update documentation for hash and me
  [SCTP]: Use HMAC template and hash interface
  [IPSEC]: Use HMAC template and hash interface
  [CRYPTO] tcrypt: Use HMAC template and hash interface
  [CRYPTO] hmac: Add crypto template implementation
  [CRYPTO] digest: Added user API for new hash type
  [CRYPTO] api: Mark parts of cipher interface as deprecated
  [PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument
  [CRYPTO] drivers: Remove obsolete block cipher operations
  [CRYPTO] users: Use block ciphers where applicable
  [SUNRPC] GSS: Use block ciphers where applicable
  [IPSEC] ESP: Use block ciphers where applicable
  ...

* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits)
  [S390] hypfs crashes with invalid mount option.
  [S390] cio: subchannel evaluation function operates without lock
  [S390] cio: always query all paths on path verification.
  [S390] cio: update path groups on logical CHPID changes.
  [S390] cio: subchannels in no-path state.
  [S390] Replace nopav-message on VM.
  [S390] set modalias for ccw bus uevents.
  [S390] Get rid of DBG macro.
  [S390] Use alternative user-copy operations for new hardware.
  [S390] Make user-copy operations run-time configurable.
  [S390] Cleanup in signal handling code.
  [S390] Cleanup in page table related code.
  [S390] Linux API for writing z/VM APPLDATA Monitor records.
  [S390] xpram off by one error.
  [S390] Remove kexec experimental flag.
  [S390] cleanup appldata.
  [S390] fix typo in vmcp.
  [S390] Kernel stack overflow handling.
  [S390] qdio slsb processing state.
  [S390] Missing initialization in common i/o layer.
  ...

* git://git.infradead.org/mtd-2.6:
  Remove accidentally-added include/linux/utsrelease.h
  Revert "[MTD] blkdev helper code: fix printk format warning"
  [MTD] Add SSFDC (SmartMedia) read-only translation layer
  [MTD] pmc551 pci cleanup
  [MTD] pmc551 use kzalloc
  [MTD] pmc551 whitespace cleanup
  [MTD] Remove iq80310 map driver
  [MTD NAND] Fix in typo ndfc.c causing wrong ECC layout
  [MTD] physmap: add power management support
  ioremap balanced with iounmap for drivers/mtd subsystem
  [MTD] Switch to pci_get_device and do ref counting
  [MTD] blkdev helper code: fix printk format warning
  [MTD] Fix ixp4xx partition parsing.
  [JFFS2] Remove unneeded ifdefs from jffs2_fs_i.h
  [MTD NAND] Remove old code in au1550nd.c
  [MTD] Unlock NOR flash automatically where necessary

* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (114 commits)
  [POWERPC] Fix ohare IDE irq workaround on old powermacs
  [POWERPC] EEH: Power4 systems sometimes need multiple resets.
  [POWERPC] Include <asm/mmu.h> in arch/powerpc/sysdev/fsl_soc.h for phys_addr_t.
  [POWERPC] Demacrofy arch/powerpc/platforms/maple/pci.c
  [POWERPC] Maple U3 HT - reject inappropriate config space access
  [POWERPC] Fix IPIC pending register assignments
  [POWERPC] powerpc: fix building gdb against asm/ptrace.h
  [POWERPC] Remove DISCONTIGMEM cruft from page.h
  [POWERPC] Merge iSeries i/o operations with the rest
  [POWERPC] 40x: Fix debug status register defines
  [POWERPC] Fix compile error in sbc8560
  [POWERPC] EEH: support MMIO enable recovery step
  [POWERPC] EEH: enable MMIO/DMA on frozen slot
  [POWERPC] EEH: code comment cleanup
  [POWERPC] EEH: balance pcidev_get/put calls
  [POWERPC] PPC: Fix xmon stack frame address in backtrace
  [POWERPC] Add AT_PLATFORM value for Xilinx Virtex-4 FX
  [POWERPC] Start arch/powerpc/boot code reorganization
  [POWERPC] Define of_read_ulong helper
  [POWERPC] iseries: eliminate a couple of warnings
  ...

Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

This reverts commit 668040fc.

The 'flags' field of the struct request is 'unsigned long'. Quite
how Randy came to see 'long int format, different type arg' I don't
know, but it doesn't seem to be the case any more.
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Signed-off-by: NClaudio Lanconelli <lanconelli.claudio@eptar.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Use pci_resource_start for getting start of regions and pci_iomap to not
doing this directly by using dev->resource... (Thanks to Rolf Eike Beer)
Signed-off-by: NJiri Slaby <jirislaby@gmail.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Use kzalloc instad of kmalloc+memset(0).
Signed-off-by: NJiri Slaby <jirislaby@gmail.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Spaces were used for indent, there was more than 80 columns per line. Get
rid of that stuff.
Signed-off-by: NJiri Slaby <jirislaby@gmail.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

The iq80310 mtd map driver depends on ARCH_IQ80310, which isn't
defined anywhere in the tree (as we don't have 80310 support), and
furthermore, everything the driver does can be done with physmap
instead.
Signed-off-by: NLennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Due to this typo, a wrong ECC layout table is chosen.
Signed-off-by: NFrank Haverkamp <haver@vnet.ibm.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Implement PM handling for physmap.  Idea from Steven Scholz, patch
by David Anders.
Signed-off-by: NLennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

ioremap must be balanced by an iounmap and failing to do so can result
in a memory leak.

Tested (compilation only) with:
- allmodconfig
- Modifying drivers/mtd/maps/Kconfig and drivers/mtd/nand/Kconfig to
make sure that the changed file is compiling without warning
Signed-off-by: NAmol Lad <amol@verismonetworks.com>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Signed-off-by: NAlan Cox <alan@redhat.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

Fix printk format warning(s):
drivers/mtd/mtd_blkdevs.c:72: warning: long int format, different type arg (arg 2)
Signed-off-by: NRandy Dunlap <rdunlap@xenotime.net>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>

If the amount of flash is not divisible by 2 then the mask in
parse_mtd_partitions would fail to work as designed.  Passing in the base
address corrects this problem.
Signed-off-by: NBrian Walsh <brian@walsh.ws>
Cc: Deepak Sanexa <dsanexa@mvista.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>