- 27 10月, 2010 10 次提交
-
-
由 Eric Paris 提交于
Currently for every removed inode IMA must take a global lock and search the IMA rbtree looking for an associated integrity structure. Instead we explicitly mark an inode when we add an integrity structure so we only have to take the global lock and do the removal if it exists. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
Since finding a struct ima_iint_cache requires a valid struct inode, and the struct ima_iint_cache is supposed to have the same lifetime as a struct inode (technically they die together but don't need to be created at the same time) we don't have to worry about the ima_iint_cache outliving or dieing before the inode. So the refcnt isn't useful. Just get rid of it and free the structure when the inode is freed. Signed-off-by: NEric Paris <eapris@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
IMA always allocates an integrity structure to hold information about every inode, but only needed this structure to track the number of readers and writers currently accessing a given inode. Since that information was moved into struct inode instead of the integrity struct this patch stops allocating the integrity stucture until it is needed. Thus greatly reducing memory usage. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
IMA currently allocated an inode integrity structure for every inode in core. This stucture is about 120 bytes long. Most files however (especially on a system which doesn't make use of IMA) will never need any of this space. The problem is that if IMA is enabled we need to know information about the number of readers and the number of writers for every inode on the box. At the moment we collect that information in the per inode iint structure and waste the rest of the space. This patch moves those counters into the struct inode so we can eventually stop allocating an IMA integrity structure except when absolutely needed. This patch does the minimum needed to move the location of the data. Further cleanups, especially the location of counter updates, may still be possible. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
IMA tracks the number of struct files which are holding a given inode readonly and the number which are holding the inode write or r/w. It needs this information so when a new reader or writer comes in it can tell if this new file will be able to invalidate results it already made about existing files. aka if a task is holding a struct file open RO, IMA measured the file and recorded those measurements and then a task opens the file RW IMA needs to note in the logs that the old measurement may not be correct. It's called a "Time of Measure Time of Use" (ToMToU) issue. The same is true is a RO file is opened to an inode which has an open writer. We cannot, with any validity, measure the file in question since it could be changing. This patch attempts to use the i_writecount field to track writers. The i_writecount field actually embeds more information in it's value than IMA needs but it should work for our purposes and allow us to shrink the struct inode even more. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
Currently IMA used the iint->mutex to protect the i_readcount and i_writecount. This patch uses the inode->i_lock since we are going to start using in inode objects and that is the most appropriate lock. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
The IMA flags is an unsigned long but there is only 1 flag defined. Lets save a little space and make it a char. This packs nicely next to the array of u8's. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
Currently IMA uses 2 longs in struct inode. To save space (and as it seems impossible to overflow 32 bits) we switch these to unsigned int. The switch to unsigned does require slightly different checks for underflow, but it isn't complex. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
The opencount was used to help debugging to make sure that everything which created a struct file also correctly made the IMA calls. Since we moved all of that into the VFS this isn't as necessary. We should be able to get the same amount of debugging out of just the reader and write count. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Eric Paris 提交于
The IMA code needs to store the number of tasks which have an open fd granting permission to write a file even when IMA is not in use. It needs this information in order to be enabled at a later point in time without losing it's integrity garantees. At the moment that means we store a little bit of data about every inode in a cache. We use a radix tree key'd on the inode's memory address. Dave Chinner pointed out that a radix tree is a terrible data structure for such a sparse key space. This patch switches to using an rbtree which should be more efficient. Bug report from Dave: "I just noticed that slabtop was reporting an awfully high usage of radix tree nodes: OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME 4200331 2778082 66% 0.55K 144839 29 2317424K radix_tree_node 2321500 2060290 88% 1.00K 72581 32 2322592K xfs_inode 2235648 2069791 92% 0.12K 69864 32 279456K iint_cache That is, 2.7M radix tree nodes are allocated, and the cache itself is consuming 2.3GB of RAM. I know that the XFS inodei caches are indexed by radix tree node, but for 2 million cached inodes that would mean a density of 1 inode per radix tree node, which for a system with 16M inodes in the filsystems is an impossibly low density. The worst I've seen in a production system like kernel.org is about 20-25% density, which would mean about 150-200k radix tree nodes for that many inodes. So it's not the inode cache. So I looked up what the iint_cache was. It appears to used for storing per-inode IMA information, and uses a radix tree for indexing. It uses the *address* of the struct inode as the indexing key. That means the key space is extremely sparse - for XFS the struct inode addresses are approximately 1000 bytes apart, which means the closest the radix tree index keys get is ~1000. Which means that there is a single entry per radix tree leaf node, so the radix tree is using roughly 550 bytes for every 120byte structure being cached. For the above example, it's probably wasting close to 1GB of RAM...." Reported-by: NDave Chinner <david@fromorbit.com> Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 21 10月, 2010 5 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.linux-mips.org/pub/scm/upstream-linus由 Linus Torvalds 提交于
* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus: MIPS: O32 compat/N32: Fix to use compat syscall wrappers for AIO syscalls. MAINTAINERS: Change list for ioc_serial to linux-serial. SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure MIPS: jz4740: Fix Kbuild Platform file. MIPS: Repair Kbuild make clean breakage.
-
由 Amit Shah 提交于
If the host is slow in reading data or doesn't read data at all, blocking write calls not only blocked the program that called write() but the entire guest itself. To overcome this, let's not block till the host signals it has given back the virtio ring element we passed it. Instead, send the buffer to the host and return to userspace. This operation then becomes similar to how non-blocking writes work, so let's use the existing code for this path as well. This code change also ensures blocking write calls do get blocked if there's not enough room in the virtio ring as well as they don't return -EAGAIN to userspace. Signed-off-by: NAmit Shah <amit.shah@redhat.com> Acked-by: NHans de Goede <hdegoede@redhat.com> CC: stable@kernel.org Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] bsg: fix incorrect device_status value [SCSI] Fix VPD inquiry page wrapper
-
git://git.kernel.org/pub/scm/virt/kvm/kvm由 Linus Torvalds 提交于
* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Fix fs/gs reload oops with invalid ldt
-
- 20 10月, 2010 7 次提交
-
-
由 Michel Thebeau 提交于
[Ralf: Michel's original patch only fixed N32; I replicated the same fix for O32.] Signed-off-by: NMichel Thebeau <michel.thebeau@windriver.com> Cc: paul.gortmaker@windriver.com Cc: bruce.ashfield@windriver.com Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
IOC3 is also being used on SGI MIPS systems but this particular driver is only being used on IA64 systems so linux-mips made no sense as a list. Pat also thinks linux-serial@vger.kernel.org is the better list. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Julia Lawall 提交于
In this code, 0 is returned on memory allocation failure, even though other failures return -ENOMEM or other similar values. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression ret; expression x,e1,e2,e3; @@ ret = 0 ... when != ret = e1 *x = \(kmalloc\|kcalloc\|kzalloc\)(...) ... when != ret = e2 if (x == NULL) { ... when != ret = e3 return ret; } // </smpl> Signed-off-by: NJulia Lawall <julia@diku.dk> To: Pat Gefre <pfg@sgi.com> Cc: kernel-janitors@vger.kernel.org Cc: linux-ia64@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1704/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 David Daney 提交于
The platform specific files should be included via the platform-y variable. Signed-off-by: NDavid Daney <ddaney@caviumnetworks.com> Cc: Lars-Peter Clausen <lars@metafoo.de> Patchwork: https://patchwork.linux-mips.org/patch/1719/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 David Daney 提交于
When running make clean, Kbuild doesn't process the .config file, so nothing generates a platform-y variable. We can get it to descend into the platform directories by setting $(obj-). The dec Platform file was unconditionally setting platform-, obliterating its previous contents and preventing some directories from being cleaned. This is change to an append operation '+=' to allow cavium-octeon to be cleaned. Signed-off-by: NDavid Daney <ddaney@caviumnetworks.com> Cc: Sam Ravnborg <sam@ravnborg.org> Patchwork: https://patchwork.linux-mips.org/patch/1718/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6由 Linus Torvalds 提交于
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: avivo cursor workaround applies to evergreen as well
-
由 Avi Kivity 提交于
kvm reloads the host's fs and gs blindly, however the underlying segment descriptors may be invalid due to the user modifying the ldt after loading them. Fix by using the safe accessors (loadsegment() and load_gs_index()) instead of home grown unsafe versions. This is CVE-2010-3698. KVM-Stable-Tag. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
- 19 10月, 2010 6 次提交
-
-
git://git.linux-mips.org/pub/scm/upstream-linus由 Linus Torvalds 提交于
* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus: MIPS: Enable ISA_DMA_API config to fix build failure MIPS: 32-bit: Fix build failure in asm/fcntl.h MIPS: Remove all generated vmlinuz* files on "make clean" MIPS: do_sigaltstack() expects userland pointers MIPS: Fix error values in case of bad_stack MIPS: Sanitize restart logics MIPS: secure_computing, syscall audit: syscall number should in r2, not r0. MIPS: Don't block signals if we'd failed to setup a sigframe
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: evdev - fix EVIOCSABS regression Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS
-
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: ohci: fix TI TSB82AA2 regression since 2.6.35
-
由 Sascha Hauer 提交于
This patch reverts the driver to enabling/disabling the NFC interrupt mask rather than enabling/disabling the system interrupt. This cleans up the driver so that it doesn't rely on interrupts being disabled within the interrupt handler. For i.MX21 we keep the current behaviour, that is calling enable_irq/disable_irq_nosync to enable/disable interrupts. This patch is based on earlier work by John Ogness. Signed-off-by: NSascha Hauer <s.hauer@pengutronix.de> Acked-by: NJohn Ogness <john.ogness@linutronix.de> Tested-by: NJohn Ogness <john.ogness@linutronix.de> Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.fluff.org/bjdooks/linux由 Linus Torvalds 提交于
* 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux: i2c-imx: do not allow interruptions when waiting for I2C to complete i2c-davinci: Fix TX setup for more SoCs
-
由 Linus Torvalds 提交于
* fixes: v4l1: fix 32-bit compat microcode loading translation De-pessimize rds_page_copy_user
-
- 18 10月, 2010 12 次提交
-
-
由 Namhyung Kim 提交于
Add ISA_DMA_API config item and select it when GENERIC_ISA_DMA enabled. This fixes build failure on allmodconfig like following: CC sound/isa/es18xx.o sound/isa/es18xx.c: In function 'snd_es18xx_playback1_prepare': sound/isa/es18xx.c:501:9: error: implicit declaration of function 'snd_dma_program' sound/isa/es18xx.c: In function 'snd_es18xx_playback_pointer': sound/isa/es18xx.c:818:3: error: implicit declaration of function 'snd_dma_pointer' make[3]: *** [sound/isa/es18xx.o] Error 1 make[2]: *** [sound/isa/es18xx.o] Error 2 make[1]: *** [sub-make] Error 2 make: *** [all] Error 2 Signed-off-by: NNamhyung Kim <namhyung@gmail.com> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1717/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Namhyung Kim 提交于
CC security/integrity/ima/ima_fs.o In file included from linux/include/linux/fcntl.h:4:0, from linux/security/integrity/ima/ima_fs.c:18: linux/arch/mips/include/asm/fcntl.h:63:2: error: expected specifier-qualifier-list before 'off_t' make[3]: *** [security/integrity/ima/ima_fs.o] Error 1 make[2]: *** [security/integrity/ima/ima_fs.o] Error 2 make[1]: *** [sub-make] Error 2 make: *** [all] Error 2 Signed-off-by: NNamhyung Kim <namhyung@gmail.com> Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1715/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Wu Zhangjin 提交于
[Ralf: I changed the patch to explicitly list all files to be deleted out of paranoia.] Signed-off-by: NWu Zhangjin <wuzhangjin@gmail.com> Patchwork: http://patchwork.linux-mips.org/patch/1590/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Al Viro 提交于
o32 compat does the right thing, native and n32 compat do not... Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/1700/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Al Viro 提交于
We want EFAULT, not -<syscall number> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/1699/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Al Viro 提交于
Put the original syscall number into ->regs[0] when we leave syscall with error. Use it in restart logics. Everything else will have it 0 since we pass through SAVE_SOME on all the ways in. Note that in places like bad_stack and inllegal_syscall we leave it 0 - it's not restartable. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/1698/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Al Viro 提交于
As it is, audit_syscall_entry() and secure_computing() get the bogus value (0, in fact) Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/1697/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Cc: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/1696/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Daniel Mack 提交于
448cd166 ("Input: evdev - rearrange ioctl handling") broke EVIOCSABS by checking for the wrong direction bit. Signed-off-by: NDaniel Mack <zonque@gmail.com> Reported-by: NSven Neumann <s.neumann@raumfeld.com> Tested-by: NSven Neumann <s.neumann@raumfeld.com> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Daniel Mack 提交于
This fixes a regression introduced by the dynamic allocation of absinfo for input devices. We need to bail out early for input devices which don't have absolute axis. [ 929.664303] Pid: 2989, comm: input Not tainted 2.6.36-rc8+ #14 MS-7260/MS-7260 [ 929.664318] EIP: 0060:[<c12bdc01>] EFLAGS: 00010246 CPU: 0 [ 929.664331] EIP is at evdev_ioctl+0x4f8/0x59f [ 929.664341] EAX: 00000040 EBX: 00000000 ECX: 00000006 EDX: f45a1efc [ 929.664355] ESI: 00000000 EDI: f45a1efc EBP: f45a1f24 ESP: f45a1eb8 [ 929.664369] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 929.664402] f470da74 f6a30e78 f462c240 00000018 bfe4a260 00000000 f45b06fc 00000000 [ 929.664429] <0> 000000c4 b769d000 c3544620 f470da74 f45b06fc f45b06fc f45a1f38 c107dd1f [ 929.664458] <0> f4710b74 000000c4 00000000 00000000 00000000 0000029d 00000a74 f4710b74 [ 929.664500] [<c107dd1f>] ? handle_mm_fault+0x2be/0x59a [ 929.664513] [<c12bd709>] ? evdev_ioctl+0x0/0x59f [ 929.664524] [<c1099d30>] ? do_vfs_ioctl+0x494/0x4d9 [ 929.664538] [<c10432a1>] ? up_read+0x16/0x29 [ 929.664550] [<c101c818>] ? do_page_fault+0x2ff/0x32d [ 929.664564] [<c108d048>] ? do_sys_open+0xc5/0xcf [ 929.664575] [<c1099db6>] ? sys_ioctl+0x41/0x61 [ 929.664587] [<c1002710>] ? sysenter_do_call+0x12/0x36 [ 929.684570] ---[ end trace 11b83e923bd8f2bb ]--- Signed-off-by: NDaniel Mack <zonque@gmail.com> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Marc Kleine-Budde 提交于
The i2c_imx_trx_complete() function is using wait_event_interruptible_timeout() to wait for the I2C controller to signal that it has completed an I2C bus operation. If the process that causes the I2C operation receives a signal, the wait will be interrupted, returning an error. It is better to let the I2C operation finished before handling the signal (i.e. returning into userspace). It is safe to use wait_event_timeout() instead, because the timeout will allow the process to exit if the I2C bus hangs. It's also better to allow the I2C operation to finish, because unacknowledged I2C operations can cause the I2C bus to hang. Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de> Reviewed-by: NWolfram Sang <w.sang@pengutronix.de> Signed-off-by: NBen Dooks <ben-linux@fluff.org>
-
由 Jon Povey 提交于
This patch is an improvement to 4bba0fd8 which got to mainline a little early. Sudhakar Rajashekhara explains that at least OMAP-L138 requires MDR mode settings before DXR for correct behaviour, so load MDR first with STT cleared and later load again with STT set. Tested on DM355 connected to Techwell TW2836 and Wolfson WM8985 Signed-off-by: NJon Povey <jon.povey@racelogic.co.uk> Acked-by: NTroy Kisky <troy.kisky@boundarydevices.com> Tested-by: NSudhakar Rajashekhara <sudhakar.raj@ti.com> Acked-by: NKevin Hilman <khilman@deeprootsystems.com> Signed-off-by: NBen Dooks <ben-linux@fluff.org>
-