1. 11 Sep, 2009 4 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · 2490138c
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: (48 commits)
        RDMA/iwcm: Reject the connection when the cm_id is destroyed
        RDMA/cxgb3: Clean up properly on FW mismatch failures
        RDMA/cxgb3: Don't ignore insert_handle() failures
        MAINTAINERS: InfiniBand/RDMA mailing list transition to vger
        IB/mad: Allow tuning of QP0 and QP1 sizes
        IB/mad: Fix possible lock-lock-timer deadlock
        RDMA/nes: Map MTU to IB_MTU_* and correctly report link state
        RDMA/nes: Rework the disconn routine for terminate and flushing
        RDMA/nes: Use the flush code to fill in cqe error
        RDMA/nes: Make poll_cq return correct number of wqes during flush
        RDMA/nes: Use flush mechanism to set status for wqe in error
        RDMA/nes: Implement Terminate Packet
        RDMA/nes: Add CQ error handling
        RDMA/nes: Clean out CQ completions when QP is destroyed
        RDMA/nes: Change memory allocation for cqp request to GFP_ATOMIC
        RDMA/nes: Allocate work item for disconnect event handling
        RDMA/nes: Update refcnt during disconnect
        IB/mthca: Don't allow userspace open while recovering from catastrophic error
        IB/mthca: Distinguish multiple devices in /proc/interrupts
        IB/mthca: Annotate CQ locking
        ...
      2490138c
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of... · f6f79190
      Linus Torvalds authored
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (57 commits)
        binfmt_elf: fix PT_INTERP bss handling
        TPM: Fixup boot probe timeout for tpm_tis driver
        sysfs: Add labeling support for sysfs
        LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.
        VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.
        KEYS: Add missing linux/tracehook.h #inclusions
        KEYS: Fix default security_session_to_parent()
        Security/SELinux: includecheck fix kernel/sysctl.c
        KEYS: security_cred_alloc_blank() should return int under all circumstances
        IMA: open new file for read
        KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]
        KEYS: Extend TIF_NOTIFY_RESUME to (almost) all architectures [try #6]
        KEYS: Do some whitespace cleanups [try #6]
        KEYS: Make /proc/keys use keyid not numread as file position [try #6]
        KEYS: Add garbage collection for dead, revoked and expired keys. [try #6]
        KEYS: Flag dead keys to induce EKEYREVOKED [try #6]
        KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
        KEYS: Deal with dead-type keys appropriately [try #6]
        CRED: Add some configurable debugging [try #6]
        selinux: Support for the new TUN LSM hooks
        ...
      f6f79190
    • Roland Dreier's avatar
      Merge branch 'mad' into for-linus · 73f526da
      Roland Dreier authored
      Conflicts:
      	drivers/infiniband/core/mad.c
      73f526da
    • Roland Dreier's avatar
  2. 10 Sep, 2009 9 commits
    • James Morris's avatar
      Merge branch 'next' into for-linus · a3c8b973
      James Morris authored
      a3c8b973
    • Geert Uytterhoeven's avatar
      md: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined! · 0d03d59d
      Geert Uytterhoeven authored
      Commit b8313b6d ("dm log: remove incorrect
      field from userspace table output") added a call to strstr() with a
      single-character "needle" string parameter.
      
      Unfortunately some versions of gcc replace such calls to strstr() by calls
      to strchr() behind our back.  This causes linking errors if strchr() is
      defined as an inline function in <asm/string.h> (e.g. on m68k):
      
      | WARNING: "strchr" [drivers/md/dm-log-userspace.ko] undefined!
      
      Avoid this by explicitly calling strchr() instead.
      Signed-off-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0d03d59d
    • Roland McGrath's avatar
      binfmt_elf: fix PT_INTERP bss handling · 9f0ab4a3
      Roland McGrath authored
      In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if
      the PT_LOAD has no PROT_WRITE and no .bss.  This generates EFAULT.
      
      Here is a small test case.  (Yes, there are other, useful PT_INTERP
      which have only .text and no .data/.bss.)
      
      	----- ptinterp.S
      	_start: .globl _start
      		 nop
      		 int3
      	-----
      	$ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S
      	$ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c
      	$ ./hello
      	Segmentation fault  # during execve() itself
      
      	After applying the patch:
      	$ ./hello
      	Trace trap  # user-mode execution after execve() finishes
      
      If the ELF headers are actually self-inconsistent, then dying is fine.
      But having no PROT_WRITE segment is perfectly normal and correct if
      there is no segment with p_memsz > p_filesz (i.e. bss).  John Reiser
      suggested checking for PROT_WRITE in the bss logic.  I think it makes
      most sense to simply apply the bss logic only when there is bss.
      
      This patch looks less trivial than it is due to some reindentation.
      It just moves the "if (last_bss > elf_bss) {" test up to include the
      partial-page bss logic as well as the more-pages bss logic.
      Reported-by: default avatarJohn Reiser <jreiser@bitwagon.com>
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      9f0ab4a3
    • Jason Gunthorpe's avatar
      TPM: Fixup boot probe timeout for tpm_tis driver · ec579358
      Jason Gunthorpe authored
      When probing the device in tpm_tis_init the call request_locality
      uses timeout_a, which wasn't being initalized until after
      request_locality. This results in request_locality falsely timing
      out if the chip is still starting. Move the initialization to before
      request_locality.
      
      This probably only matters for embedded cases (ie mine), a BIOS likely
      gets the TPM into a state where this code path isn't necessary.
      Signed-off-by: default avatarJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Acked-by: default avatarRajiv Andrade <srajiv@linux.vnet.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      ec579358
    • Linus Torvalds's avatar
      Merge branch 'lookup-permissions-cleanup' · 526b6780
      Linus Torvalds authored
      * lookup-permissions-cleanup:
        jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()'
        ext[234]: move over to 'check_acl' permission model
        shmfs: use 'check_acl' instead of 'permission'
        Make 'check_acl()' a first-class filesystem op
        Simplify exec_permission_lite(), part 3
        Simplify exec_permission_lite() further
        Simplify exec_permission_lite() logic
        Do not call 'ima_path_check()' for each path component
      526b6780
    • Roland McGrath's avatar
      binfmt_elf: fix PT_INTERP bss handling · 752015d1
      Roland McGrath authored
      In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if
      the PT_LOAD has no PROT_WRITE and no .bss.  This generates EFAULT.
      
      Here is a small test case.  (Yes, there are other, useful PT_INTERP
      which have only .text and no .data/.bss.)
      
      	----- ptinterp.S
      	_start: .globl _start
      		 nop
      		 int3
      	-----
      	$ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S
      	$ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c
      	$ ./hello
      	Segmentation fault  # during execve() itself
      
      	After applying the patch:
      	$ ./hello
      	Trace trap  # user-mode execution after execve() finishes
      
      If the ELF headers are actually self-inconsistent, then dying is fine.
      But having no PROT_WRITE segment is perfectly normal and correct if
      there is no segment with p_memsz > p_filesz (i.e. bss).  John Reiser
      suggested checking for PROT_WRITE in the bss logic.  I think it makes
      most sense to simply apply the bss logic only when there is bss.
      
      This patch looks less trivial than it is due to some reindentation.
      It just moves the "if (last_bss > elf_bss) {" test up to include the
      partial-page bss logic as well as the more-pages bss logic.
      Reported-by: default avatarJohn Reiser <jreiser@bitwagon.com>
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      752015d1
    • David P. Quigley's avatar
      sysfs: Add labeling support for sysfs · ddd29ec6
      David P. Quigley authored
      This patch adds a setxattr handler to the file, directory, and symlink
      inode_operations structures for sysfs. The patch uses hooks introduced in the
      previous patch to handle the getting and setting of security information for
      the sysfs inodes. As was suggested by Eric Biederman the struct iattr in the
      sysfs_dirent structure has been replaced by a structure which contains the
      iattr, secdata and secdata length to allow the changes to persist in the event
      that the inode representing the sysfs_dirent is evicted. Because sysfs only
      stores this information when a change is made all the optional data is moved
      into one dynamically allocated field.
      
      This patch addresses an issue where SELinux was denying virtd access to the PCI
      configuration entries in sysfs. The lack of setxattr handlers for sysfs
      required that a single label be assigned to all entries in sysfs. Granting virtd
      access to every entry in sysfs is not an acceptable solution so fine grained
      labeling of sysfs is required such that individual entries can be labeled
      appropriately.
      
      [sds:  Fixed compile-time warnings, coding style, and setting of inode security init flags.]
      Signed-off-by: default avatarDavid P. Quigley <dpquigl@tycho.nsa.gov>
      Signed-off-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      ddd29ec6
    • David P. Quigley's avatar
      LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information. · 1ee65e37
      David P. Quigley authored
      This patch introduces three new hooks. The inode_getsecctx hook is used to get
      all relevant information from an LSM about an inode. The inode_setsecctx is
      used to set both the in-core and on-disk state for the inode based on a context
      derived from inode_getsecctx.The final hook inode_notifysecctx will notify the
      LSM of a change for the in-core state of the inode in question. These hooks are
      for use in the labeled NFS code and addresses concerns of how to set security
      on an inode in a multi-xattr LSM. For historical reasons Stephen Smalley's
      explanation of the reason for these hooks is pasted below.
      
      Quote Stephen Smalley
      
      inode_setsecctx:  Change the security context of an inode.  Updates the
      in core security context managed by the security module and invokes the
      fs code as needed (via __vfs_setxattr_noperm) to update any backing
      xattrs that represent the context.  Example usage:  NFS server invokes
      this hook to change the security context in its incore inode and on the
      backing file system to a value provided by the client on a SETATTR
      operation.
      
      inode_notifysecctx:  Notify the security module of what the security
      context of an inode should be.  Initializes the incore security context
      managed by the security module for this inode.  Example usage:  NFS
      client invokes this hook to initialize the security context in its
      incore inode to the value provided by the server for the file when the
      server returned the file's attributes to the client.
      Signed-off-by: default avatarDavid P. Quigley <dpquigl@tycho.nsa.gov>
      Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      1ee65e37
    • David P. Quigley's avatar
      VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx. · b1ab7e4b
      David P. Quigley authored
      This factors out the part of the vfs_setxattr function that performs the
      setting of the xattr and its notification. This is needed so the SELinux
      implementation of inode_setsecctx can handle the setting of the xattr while
      maintaining the proper separation of layers.
      Signed-off-by: default avatarDavid P. Quigley <dpquigl@tycho.nsa.gov>
      Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      b1ab7e4b
  3. 09 Sep, 2009 7 commits
  4. 08 Sep, 2009 10 commits
  5. 07 Sep, 2009 10 commits