1. 02 11月, 2011 1 次提交
  2. 01 11月, 2011 3 次提交
    • A
      security: follow rename pack_hex_byte() to hex_byte_pack() · 02473119
      Andy Shevchenko 提交于
      There is no functional change.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Mimi Zohar <zohar@us.ibm.com>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      02473119
    • C
      Cross Memory Attach · fcf63409
      Christopher Yeoh 提交于
      The basic idea behind cross memory attach is to allow MPI programs doing
      intra-node communication to do a single copy of the message rather than a
      double copy of the message via shared memory.
      
      The following patch attempts to achieve this by allowing a destination
      process, given an address and size from a source process, to copy memory
      directly from the source process into its own address space via a system
      call.  There is also a symmetrical ability to copy from the current
      process's address space into a destination process's address space.
      
      - Use of /proc/pid/mem has been considered, but there are issues with
        using it:
        - Does not allow for specifying iovecs for both src and dest, assuming
          preadv or pwritev was implemented either the area read from or
        written to would need to be contiguous.
        - Currently mem_read allows only processes who are currently
        ptrace'ing the target and are still able to ptrace the target to read
        from the target. This check could possibly be moved to the open call,
        but its not clear exactly what race this restriction is stopping
        (reason  appears to have been lost)
        - Having to send the fd of /proc/self/mem via SCM_RIGHTS on unix
        domain socket is a bit ugly from a userspace point of view,
        especially when you may have hundreds if not (eventually) thousands
        of processes  that all need to do this with each other
        - Doesn't allow for some future use of the interface we would like to
        consider adding in the future (see below)
        - Interestingly reading from /proc/pid/mem currently actually
        involves two copies! (But this could be fixed pretty easily)
      
      As mentioned previously use of vmsplice instead was considered, but has
      problems.  Since you need the reader and writer working co-operatively if
      the pipe is not drained then you block.  Which requires some wrapping to
      do non blocking on the send side or polling on the receive.  In all to all
      communication it requires ordering otherwise you can deadlock.  And in the
      example of many MPI tasks writing to one MPI task vmsplice serialises the
      copying.
      
      There are some cases of MPI collectives where even a single copy interface
      does not get us the performance gain we could.  For example in an
      MPI_Reduce rather than copy the data from the source we would like to
      instead use it directly in a mathops (say the reduce is doing a sum) as
      this would save us doing a copy.  We don't need to keep a copy of the data
      from the source.  I haven't implemented this, but I think this interface
      could in the future do all this through the use of the flags - eg could
      specify the math operation and type and the kernel rather than just
      copying the data would apply the specified operation between the source
      and destination and store it in the destination.
      
      Although we don't have a "second user" of the interface (though I've had
      some nibbles from people who may be interested in using it for intra
      process messaging which is not MPI).  This interface is something which
      hardware vendors are already doing for their custom drivers to implement
      fast local communication.  And so in addition to this being useful for
      OpenMPI it would mean the driver maintainers don't have to fix things up
      when the mm changes.
      
      There was some discussion about how much faster a true zero copy would
      go. Here's a link back to the email with some testing I did on that:
      
      http://marc.info/?l=linux-mm&m=130105930902915&w=2
      
      There is a basic man page for the proposed interface here:
      
      http://ozlabs.org/~cyeoh/cma/process_vm_readv.txt
      
      This has been implemented for x86 and powerpc, other architecture should
      mainly (I think) just need to add syscall numbers for the process_vm_readv
      and process_vm_writev. There are 32 bit compatibility versions for
      64-bit kernels.
      
      For arch maintainers there are some simple tests to be able to quickly
      verify that the syscalls are working correctly here:
      
      http://ozlabs.org/~cyeoh/cma/cma-test-20110718.tgzSigned-off-by: NChris Yeoh <yeohc@au1.ibm.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: David Howells <dhowells@redhat.com>
      Cc: James Morris <jmorris@namei.org>
      Cc: <linux-man@vger.kernel.org>
      Cc: <linux-arch@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fcf63409
    • P
      selinux: Add export.h to files using EXPORT_SYMBOL/THIS_MODULE · 44fc7ea0
      Paul Gortmaker 提交于
      The pervasive, but implicit presence of <linux/module.h> meant
      that things like this file would happily compile as-is.  But
      with the desire to phase out the module.h being included everywhere,
      point this file at export.h which will give it THIS_MODULE and
      the EXPORT_SYMBOL variants.
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      44fc7ea0
  3. 29 10月, 2011 1 次提交
  4. 23 10月, 2011 1 次提交
    • T
      TOMOYO: Fix incomplete read after seek. · e0b057b4
      Tetsuo Handa 提交于
      Commit f23571e8 "TOMOYO: Copy directly to userspace buffer." introduced
      tomoyo_flush() that flushes data to be read as soon as possible.
      tomoyo_select_domain() (which is called by write()) enqueues data which meant
      to be read by next read(), but previous read()'s read buffer's size was not
      cleared. As a result, since 2.6.36, sequence like
      
         char *cp = "select global-pid=1\n";
         read(fd, buf1, sizeof(buf1));
         write(fd, cp, strlen(cp));
         read(fd, buf2, sizeof(buf2));
      
      causes enqueued data to be flushed to buf1 rather than buf2.
      Fix this bug by clearing read buffer's size upon write() request.
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      e0b057b4
  5. 21 10月, 2011 1 次提交
  6. 19 10月, 2011 3 次提交
  7. 14 10月, 2011 1 次提交
  8. 13 10月, 2011 7 次提交
    • J
      Smack: fix for /smack/access output, use string instead of byte · f8859d98
      Jarkko Sakkinen 提交于
      Small fix for the output of access SmackFS file. Use string
      is instead of byte. Makes it easier to extend API if it is
      needed.
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      f8859d98
    • J
      Smack: domain transition protections (v3) · 84088ba2
      Jarkko Sakkinen 提交于
      Protections for domain transition:
      
      - BPRM unsafe flags
      - Secureexec
      - Clear unsafe personality bits.
      - Clear parent death signal
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      84088ba2
    • C
      Smack: Provide information for UDS getsockopt(SO_PEERCRED) · 975d5e55
      Casey Schaufler 提交于
      This patch is targeted for the smack-next tree.
      
      This patch takes advantage of the recent changes for performance
      and points the packet labels on UDS connect at the output label of
      the far side. This makes getsockopt(...SO_PEERCRED...) function
      properly. Without this change the getsockopt does not provide any
      information.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      975d5e55
    • C
      Smack: Clean up comments · ce8a4321
      Casey Schaufler 提交于
      There are a number of comments in the Smack code that
      are either malformed or include code. This patch cleans
      them up.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      ce8a4321
    • C
      Smack: Repair processing of fcntl · 531f1d45
      Casey Schaufler 提交于
      Al Viro pointed out that the processing of fcntl done
      by Smack appeared poorly designed. He was right. There
      are three things that required change. Most obviously,
      the list of commands that really imply writing is limited
      to those involving file locking and signal handling.
      The initialization if the file security blob was
      incomplete, requiring use of a heretofore unused LSM hook.
      Finally, the audit information coming from a helper
      masked the identity of the LSM hook. This patch corrects
      all three of these defects.
      
      This is targeted for the smack-next tree pending comments.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      531f1d45
    • C
      Smack: Rule list lookup performance · 272cd7a8
      Casey Schaufler 提交于
      This patch is targeted for the smack-next tree.
      
      Smack access checks suffer from two significant performance
      issues. In cases where there are large numbers of rules the
      search of the single list of rules is wasteful. Comparing the
      string values of the smack labels is less efficient than a
      numeric comparison would.
      
      These changes take advantage of the Smack label list, which
      maintains the mapping of Smack labels to secids and optional
      CIPSO labels. Because the labels are kept perpetually, an
      access check can be done strictly based on the address of the
      label in the list without ever looking at the label itself.
      Rather than keeping one global list of rules the rules with
      a particular subject label can be based off of that label
      list entry. The access check need never look at entries that
      do not use the current subject label.
      
      This requires that packets coming off the network with
      CIPSO direct Smack labels that have never been seen before
      be treated carefully. The only case where they could be
      delivered is where the receiving socket has an IPIN star
      label, so that case is explicitly addressed.
      
      On a system with 39,800 rules (200 labels in all permutations)
      a system with this patch runs an access speed test in 5% of
      the time of the old version. That should be a best case
      improvement. If all of the rules are associated with the
      same subject label and all of the accesses are for processes
      with that label (unlikely) the improvement is about 30%.
      Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
      272cd7a8
    • J
      Smack: check permissions from user space (v2) · 828716c2
      Jarkko Sakkinen 提交于
      Adds a new file into SmackFS called 'access'. Wanted
      Smack permission is written into /smack/access.
      After that result can be read from the opened file.
      If access applies result contains 1 and otherwise
      0. File access is protected from race conditions
      by using simple_transaction_get()/set() API.
      
      Fixes from the previous version:
      - Removed smack.h changes, refactoring left-over
      from previous version.
      - Removed #include <linux/smack.h>, refactoring
      left-over from previous version.
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
      Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
      828716c2
  9. 12 10月, 2011 2 次提交
  10. 28 9月, 2011 1 次提交
  11. 26 9月, 2011 3 次提交
  12. 21 9月, 2011 2 次提交
  13. 19 9月, 2011 1 次提交
    • T
      TOMOYO: Allow specifying domain transition preference. · 6bce98ed
      Tetsuo Handa 提交于
      I got an opinion that it is difficult to use exception policy's domain
      transition control directives because they need to match the pathname specified
      to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
      is given, corresponding domain transition control directive needs to be like
      "no_keep_domain /bin/\*\-ls\-cat from any".
      
      If we can specify like below, it will become more convenient.
      
        file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
        file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
        file execute /bin/\*\-ls\-cat child
        file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"
      
      In above examples, "keep" works as if keep_domain is specified, "child" works
      as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
      specified, "<apache>" causes domain transition to <apache> domain upon
      successful execve() operation.
      
      Moreover, we can also allow transition to different domains based on conditions
      like below example.
      
        <kernel> /usr/sbin/sshd
        file execute /bin/bash <kernel> /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
        file execute /bin/bash <kernel> /usr/sbin/sshd //root-session task.uid=0
        file execute /bin/bash <kernel> /usr/sbin/sshd //nonroot-session task.uid!=0
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      6bce98ed
  14. 16 9月, 2011 1 次提交
  15. 15 9月, 2011 9 次提交
  16. 14 9月, 2011 3 次提交
反馈
建议
客服 返回
顶部