- 27 5月, 2009 2 次提交
-
-
由 Pablo Neira Ayuso 提交于
This problem was introduced in 72961ecf since no space was reserved for the new attributes NFULA_HWTYPE, NFULA_HWLEN and NFULA_HWHEADER. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jesper Dangaard Brouer 提交于
The function dl_seq_show() returns 1 (equal to SEQ_SKIP) in case a seq_printf() call return -1. It should return -1. This SEQ_SKIP behavior brakes processing the proc file e.g. via a pipe or just through less. Signed-off-by: NJesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 25 5月, 2009 2 次提交
-
-
由 Pablo Neira Ayuso 提交于
This patch adds the missing protocol state-change event reporting for DCCP. $ sudo conntrack -E [NEW] dccp 33 240 src=192.168.0.2 dst=192.168.1.2 sport=57040 dport=5001 [UNREPLIED] src=192.168.1.2 dst=192.168.1.100 sport=5001 dport=57040 With this patch: $ sudo conntrack -E [NEW] dccp 33 240 REQUEST src=192.168.0.2 dst=192.168.1.2 sport=57040 dport=5001 [UNREPLIED] src=192.168.1.2 dst=192.168.1.100 sport=5001 dport=57040 Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jozsef Kadlecsik 提交于
Robert L Mathews discovered that some clients send evil TCP RST segments, which are accepted by netfilter conntrack but discarded by the destination. Thus the conntrack entry is destroyed but the destination retransmits data until timeout. The same technique, i.e. sending properly crafted RST segments, can easily be used to bypass connlimit/connbytes based restrictions (the sample script written by Robert can be found in the netfilter mailing list archives). The patch below adds a new flag and new field to struct ip_ct_tcp_state so that checking RST segments can be made more strict and thus TCP conntrack can catch the invalid ones: the RST segment is accepted only if its sequence number higher than or equal to the highest ack we seen from the other direction. (The last_ack field cannot be reused because it is used to catch resent packets.) Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 05 5月, 2009 4 次提交
-
-
由 Pablo Neira Ayuso 提交于
This patch fixes the wrong message type that are triggered by user updates, the following commands: (term1)# conntrack -I -p tcp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20 --state LISTEN (term1)# conntrack -U -p tcp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20 --state SYN_SENT (term1)# conntrack -U -p tcp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20 --state SYN_RECV only trigger event message of type NEW, when only the first is NEW while others should be UPDATE. (term2)# conntrack -E [NEW] tcp 6 10 LISTEN src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0 [NEW] tcp 6 10 SYN_SENT src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0 [NEW] tcp 6 10 SYN_RECV src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0 This patch also removes IPCT_REFRESH from the bitmask since it is not of any use. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Pablo Neira Ayuso 提交于
This patch fixes a problem when you use 32 nodes in the cluster match: % iptables -I PREROUTING -t mangle -i eth0 -m cluster \ --cluster-total-nodes 32 --cluster-local-node 32 \ --cluster-hash-seed 0xdeadbeef -j MARK --set-mark 0xffff iptables: Invalid argument. Run `dmesg' for more information. % dmesg | tail -1 xt_cluster: this node mask cannot be higher than the total number of nodes The problem is related to this checking: if (info->node_mask >= (1 << info->total_nodes)) { printk(KERN_ERR "xt_cluster: this node mask cannot be " "higher than the total number of nodes\n"); return false; } (1 << 32) is 1. Thus, the checking fails. BTW, I said this before but I insist: I have only tested the cluster match with 2 nodes getting ~45% extra performance in an active-active setup. The maximum limit of 32 nodes is still completely arbitrary. I'd really appreciate if people that have more nodes in their setups let me know. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Christoph Paasch 提交于
As packets ending with NEXTHDR_NONE don't have a last extension header, the check for the length needs to be after the check for NEXTHDR_NONE. Signed-off-by: NChristoph Paasch <christoph.paasch@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Pointed out by Dave Miller: CHECK include/linux/netfilter (57 files) /home/davem/src/GIT/net-2.6/usr/include/linux/netfilter/xt_LED.h:6: found __[us]{8,16,32,64} type without #include <linux/types.h> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 24 4月, 2009 4 次提交
-
-
由 Jan Engelhardt 提交于
Related-to: commit 325fb5b4 The compat path suffers from a similar problem. It only uses a __be32 when all of the recent code uses, and expects, an nf_inet_addr everywhere. As a result, addresses stored by xt_recents were filled with whatever other stuff was on the stack following the be32. Signed-off-by: NJan Engelhardt <jengelh@medozas.de> With a minor compile fix from Roman. Reported-and-tested-by: NRoman Hoog Antink <rha@open.ch> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Pablo Neira Ayuso 提交于
This patch adds missing role attribute to the DCCP type, otherwise the creation of entries is not of any use. The attribute added is CTA_PROTOINFO_DCCP_ROLE which contains the role of the conntrack original tuple. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Laszlo Attila Toth 提交于
Signed-off-by: NLaszlo Attila Toth <panther@balabit.hu> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Commit d0dba725 (netfilter: ctnetlink: add callbacks to the per-proto nlattrs) changed the protocol registration function to abort if the to-be registered protocol doesn't provide a new callback function. The DCCP and UDP-Lite IPv6 protocols were missed in this conversion, add the required callback pointer. Reported-and-tested-by: NSteven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 20 4月, 2009 1 次提交
-
-
由 hummerbliss@gmail.com 提交于
br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not VLAN packets. This results in dropping of large VLAN packets. This can be observed when connection tracking is enabled. Connection tracking re-assembles fragmented packets, and these have to re-fragmented when transmitting out. Also, make sure only refragmented packets are defragmented as per suggestion from Patrick McHardy. Signed-off-by: NSaikiran Madugula <hummerbliss@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 17 4月, 2009 3 次提交
-
-
由 Pablo Neira Ayuso 提交于
With this patch, nfnetlink returns -ENOMEM instead of -EPERM if we fail to create the nfnetlink netlink socket during the module loading. This is exactly what rtnetlink does in this case. Ideally, it would be better if we propagate the error that has happened in netlink_kernel_create(), however, this function still does not implement this yet. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Pablo Neira Ayuso 提交于
This patch fixes an inconsistency that results in no error reports to user-space listeners if we fail to allocate the event message. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
The removal of the SAME target accidentally removed one feature that is not available from the normal NAT targets so far, having multi-range mappings that use the same mapping for each connection from a single client. The current behaviour is to choose the address from the range based on source and destination IP, which breaks when communicating with sites having multiple addresses that require all connections to originate from the same IP address. Introduce a IP_NAT_RANGE_PERSISTENT option that controls whether the destination address is taken into account for selecting addresses. http://bugzilla.kernel.org/show_bug.cgi?id=12954Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 15 4月, 2009 2 次提交
-
-
由 Patrick McHardy 提交于
Commit ea781f19 (netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and) get rid of call_rcu() was missing one conversion to the hlist_nulls functions, causing a crash when unloading conntrack helper modules. Reported-and-tested-by: NMariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Dumazet 提交于
commit ca735b3a 'netfilter: use a linked list of loggers' introduced an array of list_head in "struct nf_logger", but forgot to initialize it in nf_log_register(). This resulted in oops when calling nf_log_unregister() at module unload time. Reported-and-tested-by: NMariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Acked-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 06 4月, 2009 22 次提交
-
-
由 Pablo Neira Ayuso 提交于
This patch fixes a regression (introduced by myself in commit 19abb7b0: netfilter: ctnetlink: deliver events for conntracks changed from userspace) that results in an expectation re-insertion since __nf_ct_expect_check() may return 0 for expectation timer refreshing. This patch also removes a unnecessary refcount bump that pretended to avoid a possible race condition with event delivery and expectation timers (as said, not needed since we hold a reference to the object since until we finish the expectation setup). This also merges nf_ct_expect_related_report() and nf_ct_expect_related() which look basically the same. Reported-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Alex Riesen 提交于
It's plural, not LED_TRIGGERS. Signed-off-by: NAlex Riesen <fork0@users.sourceforge.net> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Dumazet 提交于
Commit 78454473 (netfilter: iptables: lock free counters) broke ip6_tables by unconditionally returning ENOMEM in alloc_counters(), Reported-by: NGraham Murray <graham@gmurray.org.uk> Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current由 Linus Torvalds 提交于
* 'audit.b62' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: Audit: remove spaces from audit_log_d_path audit: audit_set_auditable defined but not used audit: incorrect ref counting in audit tree tag_chunk audit: Fix possible return value truncation in audit_get_context() audit: ignore terminating NUL in AUDIT_USER_TTY messages Audit: fix handling of 'strings' with NULL characters make the e->rule.xxx shorter in kernel auditfilter.c auditsc: fix kernel-doc notation audit: EXECVE record - removed bogus newline
-
git://git.o-hand.com/linux-mfd由 Linus Torvalds 提交于
* 'for-next' of git://git.o-hand.com/linux-mfd: mfd: fix da903x warning mfd: fix MAINTAINERS entry mfd: Use the value of the final spin when reading the AUXADC mfd: Storage class should be before const qualifier mfd: PASIC3: supply clock_rate to DS1WM via driver_data mfd: remove DS1WM clock handling mfd: remove unused PASIC3 bus_shift field pxa/magician: remove deprecated .bus_shift from PASIC3 platform_data mfd: convert PASIC3 to use MFD core mfd: convert DS1WM to use MFD core mfd: Support active high IRQs on WM835x mfd: Use bulk read to fill WM8350 register cache mfd: remove duplicated #include from pcf50633
-
git://repo.or.cz/cris-mirror由 Linus Torvalds 提交于
* 'for-linus' of git://repo.or.cz/cris-mirror: CRISv32: Remove extraneous space between -I and the path. cris: convert obsolete hw_interrupt_type to struct irq_chip BUG to BUG_ON changes cpumask: use mm_cpumask() wrapper: cris cpumask: Use accessors code.: cris cpumask: prepare for iterators to only go to nr_cpu_ids/nr_cpumask_bits.: cris
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6由 Linus Torvalds 提交于
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (140 commits) ACPI: processor: use .notify method instead of installing handler directly ACPI: button: use .notify method instead of installing handler directly ACPI: support acpi_device_ops .notify methods toshiba-acpi: remove MAINTAINERS entry ACPI: battery: asynchronous init acer-wmi: Update copyright notice & documentation acer-wmi: Cleanup the failure cleanup handling acer-wmi: Blacklist Acer Aspire One video: build fix thinkpad-acpi: rework brightness support thinkpad-acpi: enhanced debugging messages for the fan subdriver thinkpad-acpi: enhanced debugging messages for the hotkey subdriver thinkpad-acpi: enhanced debugging messages for rfkill subdrivers thinkpad-acpi: restrict access to some firmware LEDs thinkpad-acpi: remove HKEY disable functionality thinkpad-acpi: add new debug helpers and warn of deprecated atts thinkpad-acpi: add missing log levels thinkpad-acpi: cleanup debug helpers thinkpad-acpi: documentation cleanup thinkpad-acpi: drop ibm-acpi alias ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: (23 commits) sh: sh7785lcr: Map whole PCI address space. sh: Fix up DSP context save/restore. sh: Fix up number of on-chip DMA channels on SH7091. sh: update defconfigs. sh: Kill off broken direct-mapped cache mode. sh: Wire up ARCH_HAS_DEFAULT_IDLE for cpuidle. sh: Add a command line option for disabling I/O trapping. sh: Select ARCH_HIBERNATION_POSSIBLE. sh: migor: Fix up CEU use flags. input: migor_ts: add wakeup support rtc: rtc-sh: use set_irq_wake() input: sh_keysc: use enable/disable_irq_wake() sh: intc: set_irq_wake() support sh: intc: install enable, disable and shutdown callbacks clocksource: sh_cmt: use remove_irq() and remove clockevent workaround sh: ap325 and Migo-R use new sh_mobile_ceu_info flags sh: Fix up -Wformat-security whining. sh: ap325rxa: Add ov772x support, again. sh: Sanitize asm/mmu.h for assembly use. sh: Tidy up sh7786 pinmux table. ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6由 Linus Torvalds 提交于
* 'avr32-arch' of git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6: avr32: add hardware handshake support to atmel_serial avr32: add RTS/CTS/CLK pin selection for the USARTs Add RTC support for Merisc boards avr32: at32ap700x: setup DMA for AC97C in the machine code avr32: at32ap700x: setup DMA for ABDAC in the machine code Add Merisc board support avr32: use gpio_is_valid() to check USBA vbus_pin I/O line atmel-usba-udc: use gpio_is_valid() to check vbus_pin I/O line avr32: fix timing LCD parameters for EVKLCD10X boards avr32: use GPIO line PB15 on EVKLCD10x boards for backlight avr32: configure MCI detect and write protect pins for EVKLCD10x boards avr32: set pin mask to alternative 18 bpp for EVKLCD10x boards avr32: add pin mask for 18-bit color on the LCD controller avr32: fix 15-bit LCDC pin mask to use MSB lines
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: (714 commits) Staging: sxg: slicoss: Specify the license for Sahara SXG and Slicoss drivers Staging: serqt_usb: fix build due to proc tty changes Staging: serqt_usb: fix checkpatch errors Staging: serqt_usb: add TODO file Staging: serqt_usb: Lindent the code Staging: add USB serial Quatech driver staging: document that the wifi staging drivers a bit better Staging: echo cleanup Staging: BUG to BUG_ON changes Staging: remove some pointless conditionals before kfree_skb() Staging: line6: fix build error, select SND_RAWMIDI Staging: line6: fix checkpatch errors in variax.c Staging: line6: fix checkpatch errors in toneport.c Staging: line6: fix checkpatch errors in pcm.c Staging: line6: fix checkpatch errors in midibuf.c Staging: line6: fix checkpatch errors in midi.c Staging: line6: fix checkpatch errors in dumprequest.c Staging: line6: fix checkpatch errors in driver.c Staging: line6: fix checkpatch errors in audio.c Staging: line6: fix checkpatch errors in pod.c ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip由 Linus Torvalds 提交于
* 'tracing-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (413 commits) tracing, net: fix net tree and tracing tree merge interaction tracing, powerpc: fix powerpc tree and tracing tree interaction ring-buffer: do not remove reader page from list on ring buffer free function-graph: allow unregistering twice trace: make argument 'mem' of trace_seq_putmem() const tracing: add missing 'extern' keywords to trace_output.h tracing: provide trace_seq_reserve() blktrace: print out BLK_TN_MESSAGE properly blktrace: extract duplidate code blktrace: fix memory leak when freeing struct blk_io_trace blktrace: fix blk_probes_ref chaos blktrace: make classic output more classic blktrace: fix off-by-one bug blktrace: fix the original blktrace blktrace: fix a race when creating blk_tree_root in debugfs blktrace: fix timestamp in binary output tracing, Text Edit Lock: cleanup tracing: filter fix for TRACE_EVENT_FORMAT events ftrace: Using FTRACE_WARN_ON() to check "freed record" in ftrace_release() x86: kretprobe-booster interrupt emulation code fix ... Fix up trivial conflicts in arch/parisc/include/asm/ftrace.h include/linux/memory.h kernel/extable.c kernel/module.c
-
由 Eric Paris 提交于
audit_log_d_path had spaces in the strings which would be emitted on the error paths. This patch simply replaces those spaces with an _ or removes the needless spaces entirely. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
after 0590b933 audit_set_auditable() is now only used by the audit tree code. If CONFIG_AUDIT_TREE is unset it will be defined but unused. This patch simply moves the function inside a CONFIG_AUDIT_TREE block. cc1: warnings being treated as errors /home/acme_unencrypted/git/linux-2.6-tip/kernel/auditsc.c:745: error: ‘audit_set_auditable’ defined but not used make[2]: *** [kernel/auditsc.o] Error 1 make[1]: *** [kernel] Error 2 make[1]: *** Waiting for unfinished jobs.... Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Eric Paris 提交于
tag_chunk has bad exit paths in which the inotify ref counting is wrong. At the top of the function we found &old_watch using inotify_find_watch(). inotify_find_watch takes a reference to the watch. This is never dropped on an error path. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Paul Moore 提交于
The audit subsystem treats syscall return codes as type long, unfortunately the audit_get_context() function mistakenly converts the return code to an int type in the parameters which could cause problems on systems where the sizeof(int) != sizeof(long). Signed-off-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Miloslav Trmac 提交于
AUDIT_USER_TTY, like all other messages sent from user-space, is sent NUL-terminated. Unlike other user-space audit messages, which come only from trusted sources, AUDIT_USER_TTY messages are processed using audit_log_n_untrustedstring(). This patch modifies AUDIT_USER_TTY handling to ignore the trailing NUL and use the "quoted_string" representation of the message if possible. Signed-off-by: NMiloslav Trmac <mitr@redhat.com> Cc: Eric Paris <eparis@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Steve Grubb <sgrubb@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Miloslav Trmac 提交于
currently audit_log_n_untrustedstring() uses audit_string_contains_control() to check if the 'string' has any control characters. If the 'string' has an embedded NULL audit_string_contains_control() will return that the data has no control characters and will then pass the string to audit_log_n_string with the total length, not the length up to the first NULL. audit_log_n_string() does a memcpy of the entire length and so the actual audit record emitted may then contain a NULL and then whatever random memory is after the NULL. Since we want to log the entire octet stream (if we can't trust the data to be a string we can't trust that a NULL isn't actually a part of it) we should just consider NULL as a control character. If the caller is certain they want to stop at the first NULL they should be using audit_log_untrustedstring. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Zhenwen Xu 提交于
make the e->rule.xxx shorter in kernel/auditfilter.c -- --------------------------------- Zhenwen Xu - Open and Free Home Page: http://zhwen.org My Studio: http://dim4.cn >From 99692dc640b278f1cb1a15646ce42f22e89c0f77 Mon Sep 17 00:00:00 2001 From: Zhenwen Xu <Helight.Xu@gmail.com> Date: Thu, 12 Mar 2009 22:04:59 +0800 Subject: [PATCH] make the e->rule.xxx shorter in kernel/auditfilter.c Signed-off-by: NZhenwen Xu <Helight.Xu@gmail.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Randy Dunlap 提交于
Fix auditsc kernel-doc notation: Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): No description found for parameter 'attr' Warning(linux-2.6.28-git7//kernel/auditsc.c:2156): Excess function parameter 'u_attr' description in '__audit_mq_open' Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): No description found for parameter 'notification' Warning(linux-2.6.28-git7//kernel/auditsc.c:2204): Excess function parameter 'u_notification' description in '__audit_mq_notify' Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com> cc: Al Viro <viro@zeniv.linux.org.uk> cc: Eric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Jiri Pirko 提交于
(updated) Added hunk that changes the comment, the rest is the same. EXECVE records contain a newline after every argument. auditd converts "\n" to " " so you cannot see newlines even in raw logs, but they're there nevertheless. If you're not using auditd, you need to work round them. These '\n' chars are can be easily replaced by spaces when creating record in kernel. Note there is no need for trailing '\n' in an audit record. record before this patch: "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\"\na1=\"a\"\na2=\"b\"\na3=\"c\"\n" record after this patch: "type=EXECVE msg=audit(1231421801.566:31): argc=4 a0=\"./test\" a1=\"a\" a2=\"b\" a3=\"c\"" Signed-off-by: NJiri Pirko <jpirko@redhat.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Linus Torvalds 提交于
Merge branch 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip * 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip: bzip2/lzma: quiet Kconfig warning for INITRAMFS_COMPRESSION_NONE
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask: (36 commits) cpumask: remove cpumask allocation from idle_balance, fix numa, cpumask: move numa_node_id default implementation to topology.h, fix cpumask: remove cpumask allocation from idle_balance x86: cpumask: x86 mmio-mod.c use cpumask_var_t for downed_cpus x86: cpumask: update 32-bit APM not to mug current->cpus_allowed x86: microcode: cleanup x86: cpumask: use work_on_cpu in arch/x86/kernel/microcode_core.c cpumask: fix CONFIG_CPUMASK_OFFSTACK=y cpu hotunplug crash numa, cpumask: move numa_node_id default implementation to topology.h cpumask: convert node_to_cpumask_map[] to cpumask_var_t cpumask: remove x86 cpumask_t uses. cpumask: use cpumask_var_t in uv_flush_tlb_others. cpumask: remove cpumask_t assignment from vector_allocation_domain() cpumask: make Xen use the new operators. cpumask: clean up summit's send_IPI functions cpumask: use new cpumask functions throughout x86 x86: unify cpu_callin_mask/cpu_callout_mask/cpu_initialized_mask/cpu_sibling_setup_mask cpumask: convert struct cpuinfo_x86's llc_shared_map to cpumask_var_t cpumask: convert node_to_cpumask_map[] to cpumask_var_t x86: unify 32 and 64-bit node_to_cpumask_map ...
-