- 02 9月, 2009 7 次提交
-
-
由 David Howells 提交于
Do some whitespace cleanups in the key management code. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Serge E. Hallyn 提交于
Make the file position maintained by /proc/keys represent the ID of the key just read rather than the number of keys read. This should make it faster to perform a lookup as we don't have to scan the key ID tree from the beginning to find the current position. Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Add garbage collection for dead, revoked and expired keys. This involved erasing all links to such keys from keyrings that point to them. At that point, the key will be deleted in the normal manner. Keyrings from which garbage collection occurs are shrunk and their quota consumption reduced as appropriate. Dead keys (for which the key type has been removed) will be garbage collected immediately. Revoked and expired keys will hang around for a number of seconds, as set in /proc/sys/kernel/keys/gc_delay before being automatically removed. The default is 5 minutes. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Set the KEY_FLAG_DEAD flag on keys for which the type has been removed. This causes the key_permission() function to return EKEYREVOKED in response to various commands. It does not, however, prevent unlinking or clearing of keyrings from detaching the key. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Allow keyctl_revoke() to operate on keys that have SETATTR but not WRITE permission, rather than only on keys that have WRITE permission. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Allow keys for which the key type has been removed to be unlinked. Currently dead-type keys can only be disposed of by completely clearing the keyrings that point to them. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Add a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking for credential management. The additional code keeps track of the number of pointers from task_structs to any given cred struct, and checks to see that this number never exceeds the usage count of the cred struct (which includes all references, not just those from task_structs). Furthermore, if SELinux is enabled, the code also checks that the security pointer in the cred struct is never seen to be invalid. This attempts to catch the bug whereby inode_has_perm() faults in an nfsd kernel thread on seeing cred->security be a NULL pointer (it appears that the credential struct has been previously released): http://www.kerneloops.org/oops.php?number=252883Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 01 9月, 2009 2 次提交
-
-
由 Paul Moore 提交于
Add support for the new TUN LSM hooks: security_tun_dev_create(), security_tun_dev_post_create() and security_tun_dev_attach(). This includes the addition of a new object class, tun_socket, which represents the socks associated with TUN devices. The _tun_dev_create() and _tun_dev_post_create() hooks are fairly similar to the standard socket functions but _tun_dev_attach() is a bit special. The _tun_dev_attach() is unique because it involves a domain attaching to an existing TUN device and its associated tun_socket object, an operation which does not exist with standard sockets and most closely resembles a relabel operation. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@parisplace.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
The TUN driver lacks any LSM hooks which makes it difficult for LSM modules, such as SELinux, to enforce access controls on network traffic generated by TUN users; this is particularly problematic for virtualization apps such as QEMU and KVM. This patch adds three new LSM hooks designed to control the creation and attachment of TUN devices, the hooks are: * security_tun_dev_create() Provides access control for the creation of new TUN devices * security_tun_dev_post_create() Provides the ability to create the necessary socket LSM state for newly created TUN devices * security_tun_dev_attach() Provides access control for attaching to existing, persistent TUN devices and the ability to update the TUN device's socket LSM state as necessary Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@parisplace.org> Acked-by: NSerge Hallyn <serue@us.ibm.com> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 24 8月, 2009 1 次提交
-
-
由 Michal Schmidt 提交于
When process accounting is enabled, every exiting process writes a log to the account file. In addition, every once in a while one of the exiting processes checks whether there's enough free space for the log. SELinux policy may or may not allow the exiting process to stat the fs. So unsuspecting processes start generating AVC denials just because someone enabled process accounting. For these filesystem operations, the exiting process's credentials should be temporarily switched to that of the process which enabled accounting, because it's really that process which wanted to have the accounting information logged. Signed-off-by: NMichal Schmidt <mschmidt@redhat.com> Acked-by: NDavid Howells <dhowells@redhat.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 21 8月, 2009 2 次提交
-
-
由 Amerigo Wang 提交于
When suid is set and the non-owner user has write permission, any writing into this file should be allowed and suid should be removed after that. However, current kernel only allows writing without truncations, when we do truncations on that file, we get EPERM. This is a bug. Steps to reproduce this bug: % ls -l rootdir/file1 -rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1 % echo h > rootdir/file1 zsh: operation not permitted: rootdir/file1 % ls -l rootdir/file1 -rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1 % echo h >> rootdir/file1 % ls -l rootdir/file1 -rwxrwxrwx 1 root root 5 Jun 25 16:34 rootdir/file1 Signed-off-by: NWANG Cong <amwang@redhat.com> Cc: Eric Sandeen <esandeen@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Cc: Eugene Teo <eteo@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: Christoph Hellwig <hch@lst.de> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Amerigo Wang 提交于
As suggested by OGAWA Hirofumi in thread: http://lkml.org/lkml/2009/8/7/132, we should let selinux_inode_setattr() to match our ATTR_* rules. ATTR_FORCE should not force things like ATTR_SIZE. [hirofumi@mail.parknet.co.jp: tweaks] Signed-off-by: NWANG Cong <amwang@redhat.com> Signed-off-by: NOGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NEric Paris <eparis@redhat.com> Cc: Eugene Teo <eteo@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Acked-by: NJames Morris <jmorris@namei.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 20 8月, 2009 6 次提交
-
-
由 James Morris 提交于
Conflicts: security/Kconfig Manual fix. Signed-off-by: NJames Morris <jmorris@namei.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2: nilfs2: fix oopses with doubly mounted snapshots nilfs2: missing a read lock for segment writer in nilfs_attach_checkpoint()
-
由 Anton Blanchard 提交于
Fix some issues with the AFS documentation, found when testing AFS on ppc64: - Update AFS features: reading/writing, local caching - Typo in kafs sysfs debug file - Use modprobe instead of insmod in example - Update IPs for grand.central.org Signed-off-by: NAnton Blanchard <anton@samba.org> Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6由 Linus Torvalds 提交于
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/kms: teardown crtc correctly when fb is destroyed. drm/kms/radeon: cleanup combios TV table like DDX. drm/radeon/kms: memset the allocated framebuffer before using it. drm/radeon/kms: although LVDS might be possible on crtc 1 don't do it. drm/radeon/kms: implement bo busy check + current domain drm/radeon/kms: cut down indirects in register accesses. drm/radeon/kms: Fix up vertical blank interrupt support. drm/radeon/kms: add rv530 R300_SU_REG_DEST + reloc for ZPASS_ADDR drm/edid: fixup detailed timings like the X server. drm/radeon/kms: Add specific rs690 authorized register table
-
git://git.monstr.eu/linux-2.6-microblaze由 Linus Torvalds 提交于
* 'next' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Update Microblaze defconfigs microblaze: Use klimit instead of _end for memory init microblaze: Enable ppoll syscall microblaze: Sane handling of missing timer/intc in device tree microblaze: use the generic ack_bad_irq implementation
-
由 Linus Torvalds 提交于
Merge branch 'perfcounters-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'perfcounters-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: perf tools: Make 'make html' work perf annotate: Fix segmentation fault perf_counter: Fix the PARISC build perf_counter: Check task on counter read IPI perf: Rename perf-examples.txt to examples.txt perf record: Fix typo in pid_synthesize_comm_event
-
- 19 8月, 2009 22 次提交
-
-
由 Dave Airlie 提交于
If userspace destroys a framebuffer that is in use on a crtc, don't just null it out, tear down the crtc properly so the hw gets turned off. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
The fallback case wasn't getting executed properly if there was no TV table, which my T42 M7 hasn't got. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
This gets rid of some ugliness, we shuold probably find a way for the GPU to zero this. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
LVDS always requests RMX_FULL, we need to fix it so that doesn't happen before we can enable LVDS on crtc 1. Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Linus Torvalds 提交于
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: Fix prompt for LSM_MMAP_MIN_ADDR security: Make LSM_MMAP_MIN_ADDR default match its help text.
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu: use the right flag for get_vm_area() percpu, sparc64: fix sparse possible cpu map handling init: set nr_cpu_ids before setup_per_cpu_areas()
-
由 Linus Torvalds 提交于
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86, mce: Don't initialize MCEs on unknown CPUs x86, mce: don't log boot MCEs on Pentium M (model == 13) CPUs x86: Annotate section mismatch warnings in kernel/apic/x2apic_uv_x.c x86, mce: therm_throt: Don't log redundant normality x86: Fix UV BAU destination subnode id
-
由 Bo Liu 提交于
If node_load[] is cleared everytime build_zonelists() is called,node_load[] will have no help to find the next node that should appear in the given node's fallback list. Because of the bug, zonelist's node_order is not calculated as expected. This bug affects on big machine, which has asynmetric node distance. [synmetric NUMA's node distance] 0 1 2 0 10 12 12 1 12 10 12 2 12 12 10 [asynmetric NUMA's node distance] 0 1 2 0 10 12 20 1 12 10 14 2 20 14 10 This (my bug) is very old but no one has reported this for a long time. Maybe because the number of asynmetric NUMA is very small and they use cpuset for customizing node memory allocation fallback. [akpm@linux-foundation.org: fix CONFIG_NUMA=n build] Signed-off-by: NBo Liu <bo-liu@hotmail.com> Reviewed-by: NKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: <stable@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Joe Perches 提交于
Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Graff Yang 提交于
According to the POSIX (1003.1-2008), the file descriptor shall have been opened with read permission, regardless of the protection options specified to mmap(). The ltp test cases mmap06/07 need this. Signed-off-by: NGraff Yang <graff.yang@gmail.com> Acked-by: NPaul Mundt <lethal@linux-sh.org> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NGreg Ungerer <gerg@snapgear.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Ben Dooks 提交于
Since the changes to the bitbang driver, there is the possibility we will be called with either the speed_hz or bpw values zero. We take these to mean that the default values (8 bits per word, or maximum bus speed). Signed-off-by: NBen Dooks <ben@simtec.co.uk> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Ben Dooks 提交于
Currently the clock rate calculation may round as pleased, which means that it is possible that we will round down and end up with a faster clock rate than intended. Change the calculation to use DIV_ROUND_UP() to ensure that we end up with a clock rate either the same as or lower than the user requested one. Signed-off-by: NBen Dooks <ben@simtec.co.uk> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andrew Morton 提交于
There are a number of individual MMC drivers listed in MAINTAINERS. I didn't modify those records. Perhaps I should have. Cc: <linux-mmc@vger.kernel.org> Cc: Manuel Lauss <manuel.lauss@gmail.com> Cc: Nicolas Pitre <nico@cam.org> Cc: Pierre Ossman <drzeus@drzeus.cx> Cc: Pavel Pisa <ppisa@pikron.com> Cc: Jarkko Lavinen <jarkko.lavinen@nokia.com> Cc: Ben Dooks <ben-linux@fluff.org> Cc: Sascha Sommer <saschasommer@freenet.de> Cc: Ian Molton <ian@mnementh.co.uk> Cc: Joseph Chan <JosephChan@via.com.tw> Cc: Harald Welte <HaraldWelte@viatech.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 KOSAKI Motohiro 提交于
The commit 2ff05b2b (oom: move oom_adj value) moveed the oom_adj value to the mm_struct. It was a very good first step for sanitize OOM. However Paul Menage reported the commit makes regression to his job scheduler. Current OOM logic can kill OOM_DISABLED process. Why? His program has the code of similar to the following. ... set_oom_adj(OOM_DISABLE); /* The job scheduler never killed by oom */ ... if (vfork() == 0) { set_oom_adj(0); /* Invoked child can be killed */ execve("foo-bar-cmd"); } .... vfork() parent and child are shared the same mm_struct. then above set_oom_adj(0) doesn't only change oom_adj for vfork() child, it's also change oom_adj for vfork() parent. Then, vfork() parent (job scheduler) lost OOM immune and it was killed. Actually, fork-setting-exec idiom is very frequently used in userland program. We must not break this assumption. Then, this patch revert commit 2ff05b2b and related commit. Reverted commit list --------------------- - commit 2ff05b2b (oom: move oom_adj value from task_struct to mm_struct) - commit 4d8b9135 (oom: avoid unnecessary mm locking and scanning for OOM_DISABLE) - commit 81236810 (oom: only oom kill exiting tasks with attached memory) - commit 933b787b (mm: copy over oom_adj value at fork time) Signed-off-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Paul Menage <menage@google.com> Cc: David Rientjes <rientjes@google.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Rik van Riel <riel@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Nick Piggin <npiggin@suse.de> Cc: Mel Gorman <mel@csn.ul.ie> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Jeff Layton 提交于
get_sb_pseudo sets s_maxbytes to ~0ULL which becomes negative when cast to a signed value. Fix it to use MAX_LFS_FILESIZE which casts properly to a positive signed value. Signed-off-by: NJeff Layton <jlayton@redhat.com> Reviewed-by: NJohannes Weiner <hannes@cmpxchg.org> Acked-by: NSteve French <smfrench@gmail.com> Reviewed-by: NChristoph Hellwig <hch@lst.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Robert Love <rlove@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Joe Perches 提交于
Signed-off-by: NJoe Perches <joe@perches.com> Acked-by: NBenny Halevy <bhalevy@panasas.com> Cc: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andreas Schwab 提交于
Fix prompt for LSM_MMAP_MIN_ADDR. (Verbs are cool!) Signed-off-by: NAndreas Schwab <schwab@linux-m68k.org> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dave Jones 提交于
Commit 788084ab added the LSM_MMAP_MIN_ADDR option, whose help text states "For most ia64, ppc64 and x86 users with lots of address space a value of 65536 is reasonable and should cause no problems." Which implies that it's default setting was typoed. Signed-off-by: NDave Jones <davej@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Huang Weiyi 提交于
Remove duplicated #include('s) in kernel/sysctl.c Signed-off-by: NHuang Weiyi <weiyi.huang@gmail.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Linus Torvalds 提交于
Merge branch 'irq-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'irq-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: genirq: Wake up irq thread after action has been installed
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (60 commits) net: restore gnet_stats_basic to previous definition NETROM: Fix use of static buffer e1000e: fix use of pci_enable_pcie_error_reporting e1000e: WoL does not work on 82577/82578 with manageability enabled cnic: Fix locking in init/exit calls. cnic: Fix locking in start/stop calls. bnx2: Use mutex on slow path cnic calls. cnic: Refine registration with bnx2. cnic: Fix symbol_put_addr() panic on ia64. gre: Fix MTU calculation for bound GRE tunnels pegasus: Add new device ID. drivers/net: fixed drivers that support netpoll use ndo_start_xmit() via-velocity: Fix test of mii_status bit VELOCITY_DUPLEX_FULL rt2x00: fix memory corruption in rf cache, add a sanity check ixgbe: Fix receive on real device when VLANs are configured ixgbe: Do not return 0 in ixgbe_fcoe_ddp() upon FCP_RSP in DDP completion netxen: free napi resources during detach netxen: remove netxen workqueue ixgbe: fix issues setting rx-usecs with legacy interrupts can: fix oops caused by wrong rtnl newlink usage ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6由 Linus Torvalds 提交于
* 'sh/for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: sh7724 ddr self-refresh changes sh: use in-soc KEYSC on se7724 sh: CMT suspend/resume sh: skip disabled LCDC channels
-