1. 17 12月, 2009 6 次提交
  2. 04 12月, 2009 1 次提交
  3. 25 11月, 2009 1 次提交
  4. 24 11月, 2009 2 次提交
    • S
      remove CONFIG_SECURITY_FILE_CAPABILITIES compile option · b3a222e5
      Serge E. Hallyn 提交于
      As far as I know, all distros currently ship kernels with default
      CONFIG_SECURITY_FILE_CAPABILITIES=y.  Since having the option on
      leaves a 'no_file_caps' option to boot without file capabilities,
      the main reason to keep the option is that turning it off saves
      you (on my s390x partition) 5k.  In particular, vmlinux sizes
      came to:
      
      without patch fscaps=n:		 	53598392
      without patch fscaps=y:		 	53603406
      with this patch applied:		53603342
      
      with the security-next tree.
      
      Against this we must weigh the fact that there is no simple way for
      userspace to figure out whether file capabilities are supported,
      while things like per-process securebits, capability bounding
      sets, and adding bits to pI if CAP_SETPCAP is in pE are not supported
      with SECURITY_FILE_CAPABILITIES=n, leaving a bit of a problem for
      applications wanting to know whether they can use them and/or why
      something failed.
      
      It also adds another subtly different set of semantics which we must
      maintain at the risk of severe security regressions.
      
      So this patch removes the SECURITY_FILE_CAPABILITIES compile
      option.  It drops the kernel size by about 50k over the stock
      SECURITY_FILE_CAPABILITIES=y kernel, by removing the
      cap_limit_ptraced_target() function.
      
      Changelog:
      	Nov 20: remove cap_limit_ptraced_target() as it's logic
      		was ifndef'ed.
      Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
      Acked-by: NAndrew G. Morgan" <morgan@kernel.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      b3a222e5
    • E
      SELinux: print denials for buggy kernel with unknown perms · 0bce9527
      Eric Paris 提交于
      Historically we've seen cases where permissions are requested for classes
      where they do not exist.  In particular we have seen CIFS forget to set
      i_mode to indicate it is a directory so when we later check something like
      remove_name we have problems since it wasn't defined in tclass file.  This
      used to result in a avc which included the permission 0x2000 or something.
      Currently the kernel will deny the operations (good thing) but will not
      print ANY information (bad thing).  First the auditdeny field is no
      extended to include unknown permissions.  After that is fixed the logic in
      avc_dump_query to output this information isn't right since it will remove
      the permission from the av and print the phrase "<NULL>".  This takes us
      back to the behavior before the classmap rewrite.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      0bce9527
  5. 21 11月, 2009 3 次提交
  6. 19 11月, 2009 2 次提交
    • M
      ima: replace GFP_KERNEL with GFP_NOFS · c09c59e6
      Mimi Zohar 提交于
      While running fsstress tests on the NFSv4 mounted ext3 and ext4
      filesystem, the following call trace was generated on the nfs
      server machine.
      
      Replace GFP_KERNEL with GFP_NOFS in ima_iint_insert() to avoid a
      potential deadlock.
      
           =================================
          [ INFO: inconsistent lock state ]
          2.6.31-31.el6.x86_64 #1
          ---------------------------------
          inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
          kswapd2/75 [HC0[0]:SC0[0]:HE1:SE1] takes:
           (jbd2_handle){+.+.?.}, at: [<ffffffff811edd5e>] jbd2_journal_start+0xfe/0x13f
          {RECLAIM_FS-ON-W} state was registered at:
            [<ffffffff81091e40>] mark_held_locks+0x65/0x99
            [<ffffffff81091f31>] lockdep_trace_alloc+0xbd/0xf5
            [<ffffffff81126fdd>] kmem_cache_alloc+0x40/0x185
            [<ffffffff812344d7>] ima_iint_insert+0x3d/0xf1
            [<ffffffff812345b0>] ima_inode_alloc+0x25/0x44
            [<ffffffff811484ac>] inode_init_always+0xec/0x271
            [<ffffffff81148682>] alloc_inode+0x51/0xa1
            [<ffffffff81148700>] new_inode+0x2e/0x94
            [<ffffffff811b2f08>] ext4_new_inode+0xb8/0xdc9
            [<ffffffff811be611>] ext4_create+0xcf/0x175
            [<ffffffff8113e2cd>] vfs_create+0x82/0xb8
            [<ffffffff8113f337>] do_filp_open+0x32c/0x9ee
            [<ffffffff811309b9>] do_sys_open+0x6c/0x12c
            [<ffffffff81130adc>] sys_open+0x2e/0x44
            [<ffffffff81011e42>] system_call_fastpath+0x16/0x1b
            [<ffffffffffffffff>] 0xffffffffffffffff
          irq event stamp: 90371
          hardirqs last  enabled at (90371): [<ffffffff8112708d>]
          kmem_cache_alloc+0xf0/0x185
          hardirqs last disabled at (90370): [<ffffffff81127026>]
          kmem_cache_alloc+0x89/0x185
          softirqs last  enabled at (89492): [<ffffffff81068ecf>]
          __do_softirq+0x1bf/0x1eb
          softirqs last disabled at (89477): [<ffffffff8101312c>] call_softirq+0x1c/0x30
      
          other info that might help us debug this:
          2 locks held by kswapd2/75:
           #0:  (shrinker_rwsem){++++..}, at: [<ffffffff810f98ba>] shrink_slab+0x44/0x177
           #1:  (&type->s_umount_key#25){++++..}, at: [<ffffffff811450ba>]
      Reported-by: NMuni P. Beerakam <mbeeraka@in.ibm.com>
      Reported-by: NAmit K. Arora <amitarora@in.ibm.com>
      Cc: stable@kernel.org
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c09c59e6
    • E
      sysctl: Drop & in front of every proc_handler. · 6d456111
      Eric W. Biederman 提交于
      For consistency drop & in front of every proc_handler.  Explicity
      taking the address is unnecessary and it prevents optimizations
      like stubbing the proc_handlers to NULL.
      
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Joe Perches <joe@perches.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      6d456111
  7. 12 11月, 2009 2 次提交
  8. 10 11月, 2009 1 次提交
    • E
      security: report the module name to security_module_request · dd8dbf2e
      Eric Paris 提交于
      For SELinux to do better filtering in userspace we send the name of the
      module along with the AVC denial when a program is denied module_request.
      
      Example output:
      
      type=SYSCALL msg=audit(11/03/2009 10:59:43.510:9) : arch=x86_64 syscall=write success=yes exit=2 a0=3 a1=7fc28c0d56c0 a2=2 a3=7fffca0d7440 items=0 ppid=1727 pid=1729 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpc.nfsd exe=/usr/sbin/rpc.nfsd subj=system_u:system_r:nfsd_t:s0 key=(null)
      type=AVC msg=audit(11/03/2009 10:59:43.510:9) : avc:  denied  { module_request } for  pid=1729 comm=rpc.nfsd kmod="net-pf-10" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      dd8dbf2e
  9. 09 11月, 2009 2 次提交
  10. 29 10月, 2009 1 次提交
  11. 25 10月, 2009 1 次提交
  12. 24 10月, 2009 1 次提交
  13. 20 10月, 2009 2 次提交
  14. 19 10月, 2009 1 次提交
    • E
      inet: rename some inet_sock fields · c720c7e8
      Eric Dumazet 提交于
      In order to have better cache layouts of struct sock (separate zones
      for rx/tx paths), we need this preliminary patch.
      
      Goal is to transfert fields used at lookup time in the first
      read-mostly cache line (inside struct sock_common) and move sk_refcnt
      to a separate cache line (only written by rx path)
      
      This patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr,
      sport and id fields. This allows a future patch to define these
      fields as macros, like sk_refcnt, without name clashes.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c720c7e8
  15. 16 10月, 2009 1 次提交
    • D
      KEYS: get_instantiation_keyring() should inc the keyring refcount in all cases · 21279cfa
      David Howells 提交于
      The destination keyring specified to request_key() and co. is made available to
      the process that instantiates the key (the slave process started by
      /sbin/request-key typically).  This is passed in the request_key_auth struct as
      the dest_keyring member.
      
      keyctl_instantiate_key and keyctl_negate_key() call get_instantiation_keyring()
      to get the keyring to attach the newly constructed key to at the end of
      instantiation.  This may be given a specific keyring into which a link will be
      made later, or it may be asked to find the keyring passed to request_key().  In
      the former case, it returns a keyring with the refcount incremented by
      lookup_user_key(); in the latter case, it returns the keyring from the
      request_key_auth struct - and does _not_ increment the refcount.
      
      The latter case will eventually result in an oops when the keyring prematurely
      runs out of references and gets destroyed.  The effect may take some time to
      show up as the key is destroyed lazily.
      
      To fix this, the keyring returned by get_instantiation_keyring() must always
      have its refcount incremented, no matter where it comes from.
      
      This can be tested by setting /etc/request-key.conf to:
      
      #OP	TYPE	DESCRIPTION	CALLOUT INFO	PROGRAM ARG1 ARG2 ARG3 ...
      #======	=======	===============	===============	===============================
      create  *	test:*		*		|/bin/false %u %g %d %{user:_display}
      negate	*	*		*		/bin/keyctl negate %k 10 @u
      
      and then doing:
      
      	keyctl add user _display aaaaaaaa @u
              while keyctl request2 user test:x test:x @u &&
              keyctl list @u;
              do
                      keyctl request2 user test:x test:x @u;
                      sleep 31;
                      keyctl list @u;
              done
      
      which will oops eventually.  Changing the negate line to have @u rather than
      %S at the end is important as that forces the latter case by passing a special
      keyring ID rather than an actual keyring ID.
      Reported-by: NAlexander Zangerl <az@bond.edu.au>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Tested-by: NAlexander Zangerl <az@bond.edu.au>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      21279cfa
  16. 12 10月, 2009 2 次提交
  17. 07 10月, 2009 3 次提交
    • S
      selinux: drop remapping of netlink classes · 941fc5b2
      Stephen Smalley 提交于
      Drop remapping of netlink classes and bypass of permission checking
      based on netlink message type for policy version < 18.  This removes
      compatibility code introduced when the original single netlink
      security class used for all netlink sockets was split into
      finer-grained netlink classes based on netlink protocol and when
      permission checking was added based on netlink message type in Linux
      2.6.8.  The only known distribution that shipped with SELinux and
      policy < 18 was Fedora Core 2, which was EOL'd on 2005-04-11.
      
      Given that the remapping code was never updated to address the
      addition of newer netlink classes, that the corresponding userland
      support was dropped in 2005, and that the assumptions made by the
      remapping code about the fixed ordering among netlink classes in the
      policy may be violated in the future due to the dynamic class/perm
      discovery support, we should drop this compatibility code now.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      941fc5b2
    • S
      selinux: generate flask headers during kernel build · 8753f6be
      Stephen Smalley 提交于
      Add a simple utility (scripts/selinux/genheaders) and invoke it to
      generate the kernel-private class and permission indices in flask.h
      and av_permissions.h automatically during the kernel build from the
      security class mapping definitions in classmap.h.  Adding new kernel
      classes and permissions can then be done just by adding them to classmap.h.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      8753f6be
    • S
      selinux: dynamic class/perm discovery · c6d3aaa4
      Stephen Smalley 提交于
      Modify SELinux to dynamically discover class and permission values
      upon policy load, based on the dynamic object class/perm discovery
      logic from libselinux.  A mapping is created between kernel-private
      class and permission indices used outside the security server and the
      policy values used within the security server.
      
      The mappings are only applied upon kernel-internal computations;
      similar mappings for the private indices of userspace object managers
      is handled on a per-object manager basis by the userspace AVC.  The
      interfaces for compute_av and transition_sid are split for kernel
      vs. userspace; the userspace functions are distinguished by a _user
      suffix.
      
      The kernel-private class indices are no longer tied to the policy
      values and thus do not need to skip indices for userspace classes;
      thus the kernel class index values are compressed.  The flask.h
      definitions were regenerated by deleting the userspace classes from
      refpolicy's definitions and then regenerating the headers.  Going
      forward, we can just maintain the flask.h, av_permissions.h, and
      classmap.h definitions separately from policy as they are no longer
      tied to the policy values.  The next patch introduces a utility to
      automate generation of flask.h and av_permissions.h from the
      classmap.h definitions.
      
      The older kernel class and permission string tables are removed and
      replaced by a single security class mapping table that is walked at
      policy load to generate the mapping.  The old kernel class validation
      logic is completely replaced by the mapping logic.
      
      The handle unknown logic is reworked.  reject_unknown=1 is handled
      when the mappings are computed at policy load time, similar to the old
      handling by the class validation logic.  allow_unknown=1 is handled
      when computing and mapping decisions - if the permission was not able
      to be mapped (i.e. undefined, mapped to zero), then it is
      automatically added to the allowed vector.  If the class was not able
      to be mapped (i.e. undefined, mapped to zero), then all permissions
      are allowed for it if allow_unknown=1.
      
      avc_audit leverages the new security class mapping table to lookup the
      class and permission names from the kernel-private indices.
      
      The mdp program is updated to use the new table when generating the
      class definitions and allow rules for a minimal boot policy for the
      kernel.  It should be noted that this policy will not include any
      userspace classes, nor will its policy index values for the kernel
      classes correspond with the ones in refpolicy (they will instead match
      the kernel-private indices).
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c6d3aaa4
  18. 02 10月, 2009 1 次提交
  19. 30 9月, 2009 1 次提交
    • E
      SELinux: reset the security_ops before flushing the avc cache · af8ff049
      Eric Paris 提交于
      This patch resets the security_ops to the secondary_ops before it flushes
      the avc.  It's still possible that a task on another processor could have
      already passed the security_ops dereference and be executing an selinux hook
      function which would add a new avc entry.  That entry would still not be
      freed.  This should however help to reduce the number of needless avcs the
      kernel has when selinux is disabled at run time.  There is no wasted
      memory if selinux is disabled on the command line or not compiled.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      af8ff049
  20. 24 9月, 2009 6 次提交
    • A
      sysctl: remove "struct file *" argument of ->proc_handler · 8d65af78
      Alexey Dobriyan 提交于
      It's unused.
      
      It isn't needed -- read or write flag is already passed and sysctl
      shouldn't care about the rest.
      
      It _was_ used in two places at arch/frv for some reason.
      Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8d65af78
    • O
      do_wait() wakeup optimization: change __wake_up_parent() to use filtered wakeup · 0b7570e7
      Oleg Nesterov 提交于
      Ratan Nalumasu reported that in a process with many threads doing
      unnecessary wakeups.  Every waiting thread in the process wakes up to loop
      through the children and see that the only ones it cares about are still
      not ready.
      
      Now that we have struct wait_opts we can change do_wait/__wake_up_parent
      to use filtered wakeups.
      
      We can make child_wait_callback() more clever later, right now it only
      checks eligible_child().
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Acked-by: NRoland McGrath <roland@redhat.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Ratan Nalumasu <rnalumasu@gmail.com>
      Cc: Vitaly Mayatskikh <vmayatsk@redhat.com>
      Acked-by: NJames Morris <jmorris@namei.org>
      Tested-by: NValdis Kletnieks <valdis.kletnieks@vt.edu>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0b7570e7
    • B
      cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time · be367d09
      Ben Blum 提交于
      Alter the ss->can_attach and ss->attach functions to be able to deal with
      a whole threadgroup at a time, for use in cgroup_attach_proc.  (This is a
      pre-patch to cgroup-procs-writable.patch.)
      
      Currently, new mode of the attach function can only tell the subsystem
      about the old cgroup of the threadgroup leader.  No subsystem currently
      needs that information for each thread that's being moved, but if one were
      to be added (for example, one that counts tasks within a group) this bit
      would need to be reworked a bit to tell the subsystem the right
      information.
      
      [hidave.darkstar@gmail.com: fix build]
      Signed-off-by: NBen Blum <bblum@google.com>
      Signed-off-by: NPaul Menage <menage@google.com>
      Acked-by: NLi Zefan <lizf@cn.fujitsu.com>
      Reviewed-by: NMatt Helsley <matthltc@us.ibm.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Dave Young <hidave.darkstar@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      be367d09
    • P
      lsm: Use a compressed IPv6 string format in audit events · d8116591
      Paul Moore 提交于
      Currently the audit subsystem prints uncompressed IPv6 addresses which not
      only differs from common usage but also results in ridiculously large audit
      strings which is not a good thing.  This patch fixes this by simply converting
      audit to always print compressed IPv6 addresses.
      
      Old message example:
      
       audit(1253576792.161:30): avc:  denied  { ingress } for
        saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000
        daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo
        scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
        tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif
      
      New message example:
      
       audit(1253576792.161:30): avc:  denied  { ingress } for
        saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo
        scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
        tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      d8116591
    • E
      SELinux: do not destroy the avc_cache_nodep · 5224ee08
      Eric Paris 提交于
      The security_ops reset done when SELinux is disabled at run time is done
      after the avc cache is freed and after the kmem_cache for the avc is also
      freed.  This means that between the time the selinux disable code destroys
      the avc_node_cachep another process could make a security request and could
      try to allocate from the cache.  We are just going to leave the cachep around,
      like we always have.
      
      SELinux:  Disabled at runtime.
      BUG: unable to handle kernel NULL pointer dereference at (null)
      IP: [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185
      PGD 0
      Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
      last sysfs file:
      CPU 1
      Modules linked in:
      Pid: 12, comm: khelper Not tainted 2.6.31-tip-05525-g0eeacc6-dirty #14819
      System Product Name
      RIP: 0010:[<ffffffff81122537>]  [<ffffffff81122537>]
      kmem_cache_alloc+0x9a/0x185
      RSP: 0018:ffff88003f9258b0  EFLAGS: 00010086
      RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000078c0129e
      RDX: 0000000000000000 RSI: ffffffff8130b626 RDI: ffffffff81122528
      RBP: ffff88003f925900 R08: 0000000078c0129e R09: 0000000000000001
      R10: 0000000000000000 R11: 0000000078c0129e R12: 0000000000000246
      R13: 0000000000008020 R14: ffff88003f8586d8 R15: 0000000000000001
      FS:  0000000000000000(0000) GS:ffff880002b00000(0000)
      knlGS:0000000000000000
      CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: ffffffff827bd420 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process khelper (pid: 12, threadinfo ffff88003f924000, task
      ffff88003f928000)
      Stack:
       0000000000000246 0000802000000246 ffffffff8130b626 0000000000000001
      <0> 0000000078c0129e 0000000000000000 ffff88003f925a70 0000000000000002
      <0> 0000000000000001 0000000000000001 ffff88003f925960 ffffffff8130b626
      Call Trace:
       [<ffffffff8130b626>] ? avc_alloc_node+0x36/0x273
       [<ffffffff8130b626>] avc_alloc_node+0x36/0x273
       [<ffffffff8130b545>] ? avc_latest_notif_update+0x7d/0x9e
       [<ffffffff8130b8b4>] avc_insert+0x51/0x18d
       [<ffffffff8130bcce>] avc_has_perm_noaudit+0x9d/0x128
       [<ffffffff8130bf20>] avc_has_perm+0x45/0x88
       [<ffffffff8130f99d>] current_has_perm+0x52/0x6d
       [<ffffffff8130fbb2>] selinux_task_create+0x2f/0x45
       [<ffffffff81303bf7>] security_task_create+0x29/0x3f
       [<ffffffff8105c6ba>] copy_process+0x82/0xdf0
       [<ffffffff81091578>] ? register_lock_class+0x2f/0x36c
       [<ffffffff81091a13>] ? mark_lock+0x2e/0x1e1
       [<ffffffff8105d596>] do_fork+0x16e/0x382
       [<ffffffff81091578>] ? register_lock_class+0x2f/0x36c
       [<ffffffff810d9166>] ? probe_workqueue_execution+0x57/0xf9
       [<ffffffff81091a13>] ? mark_lock+0x2e/0x1e1
       [<ffffffff810d9166>] ? probe_workqueue_execution+0x57/0xf9
       [<ffffffff8100cdb2>] kernel_thread+0x82/0xe0
       [<ffffffff81078b1f>] ? ____call_usermodehelper+0x0/0x139
       [<ffffffff8100ce10>] ? child_rip+0x0/0x20
       [<ffffffff81078aea>] ? __call_usermodehelper+0x65/0x9a
       [<ffffffff8107a5c7>] run_workqueue+0x171/0x27e
       [<ffffffff8107a573>] ? run_workqueue+0x11d/0x27e
       [<ffffffff81078a85>] ? __call_usermodehelper+0x0/0x9a
       [<ffffffff8107a7bc>] worker_thread+0xe8/0x10f
       [<ffffffff810808e2>] ? autoremove_wake_function+0x0/0x63
       [<ffffffff8107a6d4>] ? worker_thread+0x0/0x10f
       [<ffffffff8108042e>] kthread+0x91/0x99
       [<ffffffff8100ce1a>] child_rip+0xa/0x20
       [<ffffffff8100c754>] ? restore_args+0x0/0x30
       [<ffffffff8108039d>] ? kthread+0x0/0x99
       [<ffffffff8100ce10>] ? child_rip+0x0/0x20
      Code: 0f 85 99 00 00 00 9c 58 66 66 90 66 90 49 89 c4 fa 66 66 90 66 66 90
      e8 83 34 fb ff e8 d7 e9 26 00 48 98 49 8b 94 c6 10 01 00 00 <48> 8b 1a 44
      8b 7a 18 48 85 db 74 0f 8b 42 14 48 8b 04 c3 ff 42
      RIP  [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185
       RSP <ffff88003f9258b0>
      CR2: 0000000000000000
      ---[ end trace 42f41a982344e606 ]---
      Reported-by: NIngo Molnar <mingo@elte.hu>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      5224ee08
    • D
      KEYS: Have the garbage collector set its timer for live expired keys · 606531c3
      David Howells 提交于
      The key garbage collector sets a timer to start a new collection cycle at the
      point the earliest key to expire should be considered garbage.  However, it
      currently only does this if the key it is considering hasn't yet expired.
      
      If the key being considering has expired, but hasn't yet reached the collection
      time then it is ignored, and won't be collected until some other key provokes a
      round of collection.
      
      Make the garbage collector set the timer for the earliest key that hasn't yet
      passed its collection time, rather than the earliest key that hasn't yet
      expired.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      606531c3