- 17 12月, 2013 2 次提交
-
-
由 Oleg Nesterov 提交于
selinux_setprocattr() does ptrace_parent(p) under task_lock(p), but task_struct->alloc_lock doesn't pin ->parent or ->ptrace, this looks confusing and triggers the "suspicious RCU usage" warning because ptrace_parent() does rcu_dereference_check(). And in theory this is wrong, spin_lock()->preempt_disable() doesn't necessarily imply rcu_read_lock() we need to access the ->parent. Reported-by: NEvan McNabb <emcnabb@redhat.com> Signed-off-by: NOleg Nesterov <oleg@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Wei Yongjun 提交于
Remove duplicated include. Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 14 12月, 2013 1 次提交
-
-
由 Paul Moore 提交于
Revert "selinux: consider filesystem subtype in policies" This reverts commit 102aefdd. Explanation from Eric Paris: SELinux policy can specify if it should use a filesystem's xattrs or not. In current policy we have a specification that fuse should not use xattrs but fuse.glusterfs should use xattrs. This patch has a bug in which non-glusterfs filesystems would match the rule saying fuse.glusterfs should use xattrs. If both fuse and the particular filesystem in question are not written to handle xattr calls during the mount command, they will deadlock. I have fixed the bug to do proper matching, however I believe a revert is still the correct solution. The reason I believe that is because the code still does not work. The s_subtype is not set until after the SELinux hook which attempts to match on the ".gluster" portion of the rule. So we cannot match on the rule in question. The code is useless. Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 12 12月, 2013 1 次提交
-
-
由 Chad Hanson 提交于
Fix a broken networking check. Return an error if peer recv fails. If secmark is active and the packet recv succeeds the peer recv error is ignored. Signed-off-by: NChad Hanson <chanson@trustedcs.com> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 11 12月, 2013 1 次提交
-
-
由 Paul Moore 提交于
Due to difficulty in arriving at the proper security label for TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets while/before they are undergoing XFRM transforms instead of waiting until afterwards so that we can determine the correct security label. Reported-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 10 12月, 2013 1 次提交
-
-
由 Paul Moore 提交于
Previously selinux_skb_peerlbl_sid() would only check for labeled IPsec security labels on inbound packets, this patch enables it to check both inbound and outbound traffic for labeled IPsec security labels. Reported-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 05 12月, 2013 4 次提交
-
-
由 Paul Moore 提交于
We don't need to inspect the packet to determine if the packet is an IPv4 packet arriving on an IPv6 socket when we can query the request_sock directly. Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Paul Moore 提交于
In selinux_netlbl_skbuff_setsid() we leverage a cached NetLabel secattr whenever possible. However, we never check to ensure that the desired SID matches the cached NetLabel secattr. This patch checks the SID against the secattr before use and only uses the cached secattr when the SID values match. Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Paul Moore 提交于
In selinux_ip_postroute() we perform access checks based on the packet's security label. For locally generated traffic we get the packet's security label from the associated socket; this works in all cases except for TCP SYN-ACK packets. In the case of SYN-ACK packet's the correct security label is stored in the connection's request_sock, not the server's socket. Unfortunately, at the point in time when selinux_ip_postroute() is called we can't query the request_sock directly, we need to recreate the label using the same logic that originally labeled the associated request_sock. See the inline comments for more explanation. Reported-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Tested-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Paul Moore 提交于
In selinux_ip_output() we always label packets based on the parent socket. While this approach works in almost all cases, it doesn't work in the case of TCP SYN-ACK packets when the correct label is not the label of the parent socket, but rather the label of the larval socket represented by the request_sock struct. Unfortunately, since the request_sock isn't queued on the parent socket until *after* the SYN-ACK packet is sent, we can't lookup the request_sock to determine the correct label for the packet; at this point in time the best we can do is simply pass/NF_ACCEPT the packet. It must be said that simply passing the packet without any explicit labeling action, while far from ideal, is not terrible as the SYN-ACK packet will inherit any IP option based labeling from the initial connection request so the label *should* be correct and all our access controls remain in place so we shouldn't have to worry about information leaks. Reported-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Tested-by: NJanak Desai <Janak.Desai@gtri.gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 26 11月, 2013 1 次提交
-
-
由 Geyslan G. Bem 提交于
Free 'ctx_str' when necessary. Signed-off-by: NGeyslan G. Bem <geyslan@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 20 11月, 2013 2 次提交
-
-
由 Tim Gardner 提交于
Dynamically allocate a couple of the larger stack variables in order to reduce the stack footprint below 1024. gcc-4.8 security/selinux/ss/services.c: In function 'security_load_policy': security/selinux/ss/services.c:1964:1: warning: the frame size of 1104 bytes is larger than 1024 bytes [-Wframe-larger-than=] } Also silence a couple of checkpatch warnings at the same time. WARNING: sizeof policydb should be sizeof(policydb) + memcpy(oldpolicydb, &policydb, sizeof policydb); WARNING: sizeof policydb should be sizeof(policydb) + memcpy(&policydb, newpolicydb, sizeof policydb); Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <james.l.morris@oracle.com> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: NTim Gardner <tim.gardner@canonical.com> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Richard Haines 提交于
Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow holding of policy source info for constraints. Signed-off-by: NRichard Haines <richard_c_haines@btinternet.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 09 11月, 2013 1 次提交
-
-
由 Paul Moore 提交于
Linux 3.12
-
- 04 11月, 2013 3 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linus由 Linus Torvalds 提交于
Pull MIPS fixes from Ralf Baechle: "Three fixes across arch/mips with the most complex one being the GIC interrupt fix - at nine lines still not monster. I'm confident this are the final MIPS patches even if there should go for an rc8" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: ralink: fix return value check in rt_timer_probe() MIPS: malta: Fix GIC interrupt offsets MIPS: Perf: Fix 74K cache map
-
由 Mathias Krause 提交于
Negative message lengths make no sense -- so don't do negative queue lenghts or identifier counts. Prevent them from getting negative. Also change the underlying data types to be unsigned to avoid hairy surprises with sign extensions in cases where those variables get evaluated in unsigned expressions with bigger data types, e.g size_t. In case a user still wants to have "unlimited" sizes she could just use INT_MAX instead. Signed-off-by: NMathias Krause <minipli@googlemail.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 03 11月, 2013 2 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux由 Linus Torvalds 提交于
Pull ARM kallsyms fix from Rusty Russell: "Last minute perf unbreakage for ARM modules; spent a day in linux-next" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: scripts/kallsyms: filter symbols not in kernel address space
-
由 Vineet Gupta 提交于
A vmalloc fault needs to sync up PGD/PTE entry from init_mm to current task's "active_mm". ARC vmalloc fault handler however was using mm. A vmalloc fault for non user task context (actually pre-userland, from init thread's open for /dev/console) caused the handler to deref NULL mm (for mm->pgd) The reasons it worked so far is amazing: 1. By default (!SMP), vmalloc fault handler uses a cached value of PGD. In SMP that MMU register is repurposed hence need for mm pointer deref. 2. In pre-3.12 SMP kernel, the problem triggering vmalloc didn't exist in pre-userland code path - it was introduced with commit 20bafb3d "n_tty: Move buffers into n_tty_data" Signed-off-by: NVineet Gupta <vgupta@synopsys.com> Cc: Gilad Ben-Yossef <gilad@benyossef.com> Cc: Noam Camus <noamc@ezchip.com> Cc: stable@vger.kernel.org #3.10 and 3.11 Cc: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 02 11月, 2013 20 次提交
-
-
由 Ming Lei 提交于
This patch uses CONFIG_PAGE_OFFSET to filter symbols which are not in kernel address space because these symbols are generally for generating code purpose and can't be run at kernel mode, so we needn't keep them in /proc/kallsyms. For example, on ARM there are some symbols which may be linked in relocatable code section, then perf can't parse symbols any more from /proc/kallsyms, this patch fixes the problem (introduced b9b32bf7) Cc: Russell King <linux@arm.linux.org.uk> Cc: linux-arm-kernel@lists.infradead.org Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: NMing Lei <tom.leiming@gmail.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Cc: stable@vger.kernel.org
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Ingo Molnar: "Two fixes: - Fix 'NMI handler took too long to run' false positives [ Genuine NMI overhead speedups will come for v3.13, this commit only fixes a measurement bug ] - Fix perf ring-buffer missed barrier causing (rare) ring-buffer data corruption on ppc64" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix NMI measurements perf: Fix perf ring buffer memory ordering
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb由 Linus Torvalds 提交于
Pull USB fixes from Greg KH: "Here is a set of patches that revert all of the changes done to the pl2303 USB serial driver in the 3.12-rc timeframe, as it turns out they break some devices that work just fine on 3.11. As it's not a good idea to break working systems, drop them all and they will be reworked for future kernel versions such that there is no breakage. I've also included a MAINTAINERS update for the USB serial subsystem and a new device id for the ftdi_sio driver as well" * tag 'usb-3.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: serial: ftdi_sio: add id for Z3X Box device USB: Maintainers change for usb serial drivers Revert "USB: pl2303: restrict the divisor based baud rate encoding method to the "HX" chip type" Revert "usb: pl2303: fix+improve the divsor based baud rate encoding method" Revert "usb: pl2303: do not round to the next nearest standard baud rate for the divisor based baud rate encoding method" Revert "usb: pl2303: remove 500000 baud from the list of standard baud rates" Revert "usb: pl2303: move the two baud rate encoding methods to separate functions" Revert "usb: pl2303: increase the allowed baud rate range for the divisor based encoding method" Revert "usb: pl2303: also use the divisor based baud rate encoding method for baud rates < 115200 with HX chips" Revert "usb: pl2303: add two comments concerning the supported baud rates with HX chips" Revert "pl2303: simplify the else-if contruct for type_1 chips in pl2303_startup()" Revert "pl2303: improve the chip type information output on startup" Revert "pl2303: improve the chip type detection/distinction" Revert "USB: pl2303: distinguish between original and cloned HX chips"
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull more sound fixes from Takashi Iwai: "The fixes for random bugs that have been reported lately in the game: a few fixes in ASoC dpam and wm_hubs bugs spotted by Coverity, a one-liner HD-audio fixup, and a fix for Oops with DPCM. They are not so critically urgent bugs, but all small and safe" * tag 'sound-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM ASoC: wm_hubs: Add missing break in hp_supply_event() ALSA: hda - Add a fixup for ASUS N76VZ ASoC: dapm: Return -ENOMEM in snd_soc_dapm_new_dai_widgets() ASoC: dapm: Fix source list debugfs outputs
-
git://git.linaro.org/people/mturquette/linux由 Linus Torvalds 提交于
Pull clock subsystem fixes from Mike Turquette. * tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux: clk: fixup argument order when setting VCO parameters clk: socfpga: Fix incorrect sdmmc clock name clk: armada-370: fix tclk frequencies clk: nomadik: set all timers to use 2.4 MHz TIMCLK
-
由 Greg Thelen 提交于
When a memcg is deleted mem_cgroup_reparent_charges() moves charged memory to the parent memcg. As of v3.11-9444-g3ea67d06 "memcg: add per cgroup writeback pages accounting" there's bad pointer read. The goal was to check for counter underflow. The counter is a per cpu counter and there are two problems with the code: (1) per cpu access function isn't used, instead a naked pointer is used which easily causes oops. (2) the check doesn't sum all cpus Test: $ cd /sys/fs/cgroup/memory $ mkdir x $ echo 3 > /proc/sys/vm/drop_caches $ (echo $BASHPID >> x/tasks && exec cat) & [1] 7154 $ grep ^mapped x/memory.stat mapped_file 53248 $ echo 7154 > tasks $ rmdir x <OOPS> The fix is to remove the check. It's currently dangerous and isn't worth fixing it to use something expensive, such as percpu_counter_sum(), for each reparented page. __this_cpu_read() isn't enough to fix this because there's no guarantees of the current cpus count. The only guarantees is that the sum of all per-cpu counter is >= nr_pages. Fixes: 3ea67d06 ("memcg: add per cgroup writeback pages accounting") Reported-and-tested-by: NFlavio Leitner <fbl@redhat.com> Signed-off-by: NGreg Thelen <gthelen@google.com> Reviewed-by: NSha Zhengju <handai.szj@taobao.com> Acked-by: NJohannes Weiner <hannes@cmpxchg.org> Signed-off-by: NHugh Dickins <hughd@google.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Алексей Крамаренко 提交于
Custom VID/PID for Z3X Box device, popular tool for cellphone flashing. Signed-off-by: NAlexey E. Kramarenko <alexeyk13@yandex.ru> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg KH 提交于
Johan has been conned^Wgracious in accepting the maintainership of the USB serial drivers, especially as he's been doing all of the real work for the past few years. At the same time, remove a bunch of old entries for USB serial drivers that don't make sense anymore, given that the developers are no longer around, and individual driver maintainerships for tiny things like this is pretty pointless. Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit b8bdad60. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit 57ce61aa. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
Revert "usb: pl2303: do not round to the next nearest standard baud rate for the divisor based baud rate encoding method" This reverts commit 75417d9f. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit b9208c72. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit e917ba01. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit b5c16c6a. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
Revert "usb: pl2303: also use the divisor based baud rate encoding method for baud rates < 115200 with HX chips" This reverts commit 61fa8d69. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit c23bda36. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit 73b583af. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit a77a8c23. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit 034d1527. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Greg Kroah-Hartman 提交于
This reverts commit 7d26a78f. Revert all of the pl2303 changes that went into 3.12-rc1 and -rc2 as they cause regressions on some versions of the chip. This will all be revisited for later kernel versions when we can figure out how to handle this in a way that does not break working devices. Reported-by: NMika Westerberg <mika.westerberg@linux.intel.com> Cc: Frank Schäfer <fschaefer.oss@googlemail.com> Acked-by: NJohan Hovold <jhovold@gmail.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 01 11月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
Merge four more fixes from Andrew Morton. * emailed patches from Andrew Morton <akpm@linux-foundation.org>: lib/scatterlist.c: don't flush_kernel_dcache_page on slab page mm: memcg: fix test for child groups mm: memcg: lockdep annotation for memcg OOM lock mm: memcg: use proper memcg in limit bypass
-