Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
切换分支/标签
  1. 06 1月, 2012 5 次提交
  3. 21 12月, 2011 1 次提交
    • D
      SELinux: Fix RCU deref check warning in sel_netport_insert() · 94d4ef0c
      David Howells 提交于 
      Fix the following bug in sel_netport_insert() where rcu_dereference() should
be rcu_dereference_protected() as sel_netport_lock is held.

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/selinux/netport.c:127 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by ossec-rootcheck/3323:
 #0:  (sel_netport_lock){+.....}, at: [<ffffffff8117d775>] sel_netport_sid+0xbb/0x226

stack backtrace:
Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
Call Trace:
 [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
 [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
 [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
 [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
 [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
 [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
 [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
 [<ffffffff812ba967>] sys_bind+0x56/0x95
 [<ffffffff81380dac>] ? sysret_check+0x27/0x62
 [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
 [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
 [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Acked-by: NEric Dumazet <eric.dumazet@gmail.com>
Acked-by: NPaul Moore <paul@paul-moore.com>
Signed-off-by: NEric Paris <eparis@redhat.com>
      94d4ef0c
  5. 19 10月, 2011 1 次提交
  7. 08 8月, 2011 1 次提交
  9. 02 8月, 2011 1 次提交
  11. 27 7月, 2011 2 次提交
  13. 24 7月, 2011 1 次提交
    • T
      VFS : mount lock scalability for internal mounts · 423e0ab0
      Tim Chen 提交于 
      For a number of file systems that don't have a mount point (e.g. sockfs
and pipefs), they are not marked as long term. Therefore in
mntput_no_expire, all locks in vfs_mount lock are taken instead of just
local cpu's lock to aggregate reference counts when we release
reference to file objects.  In fact, only local lock need to have been
taken to update ref counts as these file systems are in no danger of
going away until we are ready to unregister them.

The attached patch marks file systems using kern_mount without
mount point as long term.  The contentions of vfs_mount lock
is now eliminated.  Before un-registering such file system,
kern_unmount should be called to remove the long term flag and
make the mount point ready to be freed.
Signed-off-by: NTim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      423e0ab0
  15. 21 7月, 2011 3 次提交
  17. 20 7月, 2011 4 次提交
  19. 14 7月, 2011 1 次提交
  21. 11 7月, 2011 5 次提交
  23. 09 7月, 2011 1 次提交
  25. 08 7月, 2011 1 次提交
  27. 01 7月, 2011 1 次提交
  29. 30 6月, 2011 2 次提交
  31. 29 6月, 2011 10 次提交
    • J
      AppArmor: Fix masking of capabilities in complain mode · 25e75dff
      John Johansen 提交于 
      AppArmor is masking the capabilities returned by capget against the
capabilities mask in the profile.  This is wrong, in complain mode the
profile has effectively all capabilities, as the profile restrictions are
not being enforced, merely tested against to determine if an access is
known by the profile.

This can result in the wrong behavior of security conscience applications
like sshd which examine their capability set, and change their behavior
accordingly.  In this case because of the masked capability set being
returned sshd fails due to DAC checks, even when the profile is in complain
mode.

Kernels affected: 2.6.36 - 3.0.
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      25e75dff
    • J
      AppArmor: Fix reference to rcu protected pointer outside of rcu_read_lock · 04fdc099
      John Johansen 提交于 
      The pointer returned from tracehook_tracer_task() is only valid inside
the rcu_read_lock.  However the tracer pointer obtained is being passed
to aa_may_ptrace outside of the rcu_read_lock critical section.

Mover the aa_may_ptrace test into the rcu_read_lock critical section, to
fix this.

Kernels affected: 2.6.36 - 3.0
Reported-by: NOleg Nesterov <oleg@redhat.com>
Cc: stable@kernel.org
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      04fdc099
    • T
      TOMOYO: Make several options configurable. · 0e4ae0e0
      Tetsuo Handa 提交于 
      To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for activating access control without calling external
policy loader program. This will be useful for systems where operations which
can lead to the hijacking of the boot sequence are needed before loading the
policy. For example, you can activate immediately after loading the fixed part
of policy which will allow only operations needed for mounting a partition
which contains the variant part of policy and verifying (e.g. running GPG
check) and loading the variant part of policy. Since you can start using
enforcing mode from the beginning, you can reduce the possibility of hijacking
the boot sequence.

This patch makes several variables configurable on build time. This patch also
adds TOMOYO_loader= and TOMOYO_trigger= kernel command line option to boot the
same kernel in two different init systems (BSD-style init and systemd).
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      0e4ae0e0
    • T
      TOMOYO: Add built-in policy support. · efe836ab
      Tetsuo Handa 提交于 
      To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for built-in policy configuration (and next patch adds
support for activating access control without calling external policy loader
program).
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      efe836ab
    • T
      TOMOYO: Rename meminfo to stat and show more statistics. · b22b8b9f
      Tetsuo Handa 提交于 
      Show statistics such as last policy update time and last policy violation time
in addition to memory usage.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      b22b8b9f
    • T
      TOMOYO: Cleanup part 4. · 2c47ab93
      Tetsuo Handa 提交于 
      Gather string constants to one file in order to make the object size smaller.
Use unsigned type where appropriate.
read()/write() returns ssize_t.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      2c47ab93
    • T
      TOMOYO: Fix lockdep warning. · 2e503bbb
      Tetsuo Handa 提交于 
      Currently TOMOYO holds SRCU lock upon open() and releases it upon close()
because list elements stored in the "struct tomoyo_io_buffer" instances are
accessed until close() is called. However, such SRCU usage causes lockdep to
complain about leaving the kernel with SRCU lock held.

This patch solves the warning by holding/releasing SRCU upon each
read()/write(). This patch is doing something similar to calling kfree()
without calling synchronize_srcu(), by selectively deferring kfree() by keeping
track of the "struct tomoyo_io_buffer" instances.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      2e503bbb
    • T
      TOMOYO: Change pathname for non-rename()able filesystems. · 5625f2e3
      Tetsuo Handa 提交于 
      TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current
thread's process ID in order to prevent current thread from accessing other
process's information unless needed.

But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/
/tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the
string returned by __d_path() represents process ID or not.

Therefore, to be able to convert from $PID to self no matter where procfs is
mounted, this patch changes pathname representations for filesystems which do
not support rename() operation (e.g. proc, sysfs, securityfs).

Examples:
  /proc/self/mounts => proc:/self/mounts
  /sys/kernel/security/ => sys:/kernel/security/
  /dev/pts/0 => devpts:/0
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      5625f2e3
    • T
      TOMOYO: Add policy namespace support. · bd03a3e4
      Tetsuo Handa 提交于 
      Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.

Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      bd03a3e4
    • T
      TOMOYO: Add ACL group support. · 32997144
      Tetsuo Handa 提交于 
      ACL group allows administrator to globally grant not only "file read"
permission but also other permissions.
Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: NJames Morris <jmorris@namei.org>
      32997144