- 05 Sep, 2008 1 commit
-
-
James Morris authored
Add gitignore file for scripts/selinux/mdp/mdp. Signed-off-by:James Morris <jmorris@namei.org>
-
- 28 Aug, 2008 3 commits
-
-
KaiGai Kohei authored
The purpose of this patch is to assign per-thread security context under a constraint. It enables multi-threaded server application to kick a request handler with its fair security context, and helps some of userspace object managers to handle user's request. When we assign a per-thread security context, it must not have wider permissions than the original one. Because a multi-threaded process shares a single local memory, an arbitary per-thread security context also means another thread can easily refer violated information. The constraint on a per-thread security context requires a new domain has to be equal or weaker than its original one, when it tries to assign a per-thread security context. Bounds relationship between two types is a way to ensure a domain can never have wider permission than its bounds. We can define it in two explicit or implicit ways. The first way is using new TYPEBOUNDS statement. It enables to define a boundary of types explicitly. The other one expand the concept of existing named based hierarchy. If we defines a type with "." separated name like "httpd_t.php", toolchain implicitly set its bounds on "httpd_t". This feature requires a new policy version. The 24th version (POLICYDB_VERSION_BOUNDARY) enables to ship them into kernel space, and the following patch enables to handle it. Signed-off-by:
KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by:
-
Eric Paris authored
Add a new Kconfig option SECURITYFS which will build securityfs support but does not require CONFIG_SECURITY. The only current user of securityfs does not depend on CONFIG_SECURITY and there is no reason the full LSM needs to be built to build this fs. Signed-off-by:
Eric Paris <eparis@redhat.com> Signed-off-by:
-
James Morris authored
-
- 27 Aug, 2008 25 commits
-
-
Vladimir Sokolovsky authored
Initialize the L_Key and R_Key for memory regions returned from mlx4_ib_alloc_fast_reg_mr(). Otherwise callers just get garbage for the memory keys and can't do anything useful with these MRs. Signed-off-by:
Vladimir Sokolovsky <vlad@mellanox.co.il> Signed-off-by:
Roland Dreier <rolandd@cisco.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdogLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog: [WATCHDOG] removed unused #include <version.h> [WATCHDOG] at91rm9200_wdt.c: fix misleading indentation [WATCHDOG] mpc8xxx_wdt: fix modular build [WATCHDOG] hpwdt.c kdebug support [WATCHDOG] Add support for the IDT RC32434 watchdog [WATCHDOG] Add support for the built-int RDC R-321x SoC watchdog [WATHDOG] delete unused driver mpc8xx_wdt.c [WATCHDOG] Fix s3c2410_wdt driver coding style issues [WATCHDOG] Clean out header of s3c2410_wdt driver. [WATCHDOG] Fix NULL usage in s3c2410_wdt driver.
-
Alan Cox authored
Kanru Chen posted a patch versus the old code which deals with the case where you resize the pty side of a pty/tty pair. In that situation the termios data is updated for both pty and tty but the locks are not held for the right side. This implements the fix differently against the updated tty code. Patch by self but the hard bit (noticing and fixing the bug) is thanks to Kanru Chen. Signed-off-by:
Alan Cox <alan@redhat.com> Signed-off-by:
-
Alan Cox authored
The termios settings ioctls on a pty should affect the bound tty side not the pty. The SOFTCAR ioctls use the wrong device file. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: [CIFS] Add destroy routine for dns_resolver [CIFS] Reorder cifs config item for better clarity [CIFS] Correct keys dependency for cifs kerberos support
-
git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6: slub: Disable NUMA remote node defragmentation by default
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: [PATCH] deal with the first call of ->show() generating no output [PATCH] fix ->llseek() for a bunch of directories [PATCH] fix regular readdir() and friends [PATCH] fix hpux_getdents() [PATCH] fix osf_getdirents() [PATCH] ntfs: use d_add_ci [PATCH] change d_add_ci argument ordering [PATCH] fix efs_lookup() [PATCH] proc: inode number fixlet
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc: Add target for a stripped kernel sparc64: Make NUMA depend upon SMP.
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm: don't set the signal blocker on the master process. drm: don't call the vblank tasklet with irqs disabled. r300: Fix cliprect emit drm/radeon: r300_cmdbuf: Always emit INDX_BUFFER immediately after DRAW_INDEX radeon: fix some hard lockups on r3/4/500s
-
Jeff Layton authored
Otherwise, we're leaking the payload memory. CC: Stable Kernel <stable@vger.kernel.org> Acked-by:
David Howells <dhowells@redhat.com> Signed-off-by:
Jeff Layton <jlayton@redhat.com> Signed-off-by:
Steve French <sfrench@us.ibm.com>
-
Linus Torvalds authored
Here's the patch. It shrinks the stack from 1152 bytes to 192 bytes (the first version, that only did the e1000_option part, got it down to 600 bytes). About half comes from not using multiple "e1000_option" structures, the other half comes from turning the "e1000_opt_list[]" arrays into "static const" instead, so that gcc doesn't copy them onto the stack. Signed-off-by:
Auke Kok <auke-jan.h.kok@intel.com> Tested-by:
Emil Tantilov <emil.s.tantilov@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by:
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: block: remove blk_queue_tag_depth() and blk_queue_tag_queue() block: remove unused ->busy part of the block queue tag map bio: fix __bio_copy_iov() handling of bio->bv_len bio: fix bio_copy_kern() handling of bio->bv_len block: submit_bh() inadvertently discards barrier flag on a sync write block: clean up cmdfilter sysfs interface block: rename blk_scsi_cmd_filter to blk_cmd_filter sg: restore command permission for TYPE_SCANNER block: move cmdfilter from gendisk to request_queue
-
git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2Linus Torvalds authored
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2: ocfs2: Increment the reference count of an already-active stack. [PATCH] configfs: Consolidate locking around configfs_detach_prep() in configfs_rmdir() ocfs2: correctly set i_blocks after inline dir gets expanded ocfs2: Jump to correct label in ocfs2_expand_inline_dir() ocfs2: Fix sleep-with-spinlock recovery regression [PATCH] ocfs2/cluster/netdebug.c: fix warning [PATCH] ocfs2/cluster/tcp.c: make some functions static
-
git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds authored
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] dcss: fix build bug. [S390] Fix linker script.
-
Steven Rostedt authored
I've been painstakingly debugging the issue with suspend to ram and ftraced. The 2.6.28 code does not have this issue, but since the mcount recording is not going to be in 27, this must be solved for the ftrace daemon version. The resume from suspend to ram would reboot because it was triple faulting. Debugging further, I found that calling the mcount function itself was not an issue, but it would fault when it incremented preempt_count. preempt_count is on the tasks info structure that is on the low memory address of the task's stack. For some reason, it could not write to it. Resuming out of suspend to ram does quite a lot of funny tricks to get to work, so it is not surprising at all that simply doing a preempt_disable() would cause a fault. Thanks to Rafael for suggesting to add a "while (1);" to find the place in resuming that is causing the fault. I would place the loop somewhere in the code, compile and reboot and see if it would either reboot (hit the fault) or simply hang (hit the loop). Doing this over and over again, I narrowed it down that it was happening in enable_nonboot_cpus. At this point, I found that it is easier to simply disable tracing around the suspend code, instead of searching for the particular function that can not handle doing a preempt_disable. This patch disables the tracer as it suspends and reenables it on resume. I tested this patch on my Laptop, and it can resume fine with the patch. Signed-off-by:
Steven Rostedt <srostedt@redhat.com> Acked-by:
Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by:
-
Linus Torvalds authored
This reverts commit 5b6155ee, because the block device ioctl's really aren't ready for it. In particular, the "struct file *" and the "struct inode *" arguments do not necessarily match, which means that the unlocked version of the ioctl (that only gets a "struct file *") isn't actually able to handle the cases it needs to handle. This fixes bugzilla http://bugzilla.kernel.org/show_bug.cgi?id=11401Reported-and-bisected-by:
Laurent Riffard <laurent.riffard@free.fr> Acked-by:
Peter Osterlund <petero2@telia.com> Cc: Alan Cox <alan@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by:
-
Jens Axboe authored
They are unused and ->busy doesn't exist anymore. Signed-off-by:Jens Axboe <jens.axboe@oracle.com>
-
Matthew Wilcox authored
It's not used for anything. On top of that, it's racy and can thus trigger a faulty BUG_ON() in __blk_free_tags() on queue exit. Signed-off-by: -
FUJITA Tomonori authored
The commit c5dec1c3 introduced __bio_copy_iov() to add bounce support to blk_rq_map_user_iov. __bio_copy_iov() uses bio->bv_len to copy data for READ commands after the completion but it doesn't work with a request that partially completed. SCSI always completes a PC request as a whole but seems some don't. Signed-off-by:
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Cc: stable@kernel.org Signed-off-by:
-
FUJITA Tomonori authored
The commit 68154e90 introduced bio_copy_kern() to add bounce support to blk_rq_map_kern. bio_copy_kern() uses bio->bv_len to copy data for READ commands after the completion but it doesn't work with a request that partially completed. SCSI always completes a PC request as a whole but seems some don't. This patch fixes bio_copy_kern to handle the above case. As bio_copy_user does, bio_copy_kern uses struct bio_map_data to store struct bio_vec. Signed-off-by:
Nix <nix@esperi.org.uk> Tested-by:
-
Jens Axboe authored
Reported by Milan Broz <mbroz@redhat.com>, commit 18ce3751 inadvertently made submit_bh() discard the barrier bit for a WRITE_SYNC request. Fix that up. Signed-off-by:
-
Adel Gadllah authored
This patch changes the interface of the cmd filter to use a +/- notation like: echo -- +0x02 +0x03 -0x08 If neither + or - is given it defaults to + (allow command). Note: The interface was added in 2.6.17-rc1 and is unused and undocumented so far so it's safe to change it. Reviewed-by:
Matthew Wilcox <willy@linux.intel.com> Reviewed-by:
Adel Gadllah <adel.gadllah@gmail.com> Signed-off-by:
-
FUJITA Tomonori authored
Technically, the cmd_filter would be applied to other protocols though it's unlikely to happen. Putting SCSI stuff to request_queue is kinda layer violation. So let's rename it. Signed-off-by:
-
FUJITA Tomonori authored
sg allowed any command for TYPE_SCANNER. The cmd_filter patchset doesn't. We can't change sg's permission since it might break the existing software. Signed-off-by:
-
FUJITA Tomonori authored
cmd_filter works only for the block layer SG_IO with SCSI block devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI character devices (such as st). We hit a kernel crash with them. The problem is that cmd_filter code accesses to gendisk (having struct blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only SCSI block device files. With character device files, inode->i_bdev leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter isn't safe. SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be independent on any protocols. We shouldn't change ULDs to expose their gendisk. This patch moves struct blk_scsi_cmd_filter from gendisk to request_queue, a common object, which eveyone can access to. The user interface doesn't change; users can change the filters via /sys/block/. gendisk has a pointer to request_queue so the cmd_filter code accesses to struct blk_scsi_cmd_filter. Signed-off-by:
-
- 26 Aug, 2008 11 commits
-
-
Serge E. Hallyn authored
In August 2006 I posted a patch generating a minimal SELinux policy. This week, David P. Quigley posted an updated version of that as a patch against the kernel. It also had nice logic for auto-installing the policy. Following is David's original patch intro (preserved especially bc it has stats on the generated policies): se interested in the changes there were only two significant changes. The first is that the iteration through the list of classes used NULL as a sentinel value. The problem with this is that the class_to_string array actually has NULL entries in its table as place holders for the user space object classes. The second change was that it would seem at some point the initial sids table was NULL terminated. This is no longer the case so that iteration has to be done on array length instead of looking for NULL. Some statistics on the policy that it generates: The policy consists of 523 lines which contain no blank lines. Of those 523 lines 453 of them are class, permission, and initial sid definitions. These lines are usually little to no concern to the policy developer since they will not be adding object classes or permissions. Of the remaining 70 lines there is one type, one role, and one user statement. The remaining lines are broken into three portions. The first group are TE allow rules which make up 29 of the remaining lines, the second is assignment of labels to the initial sids which consist of 27 lines, and file system labeling statements which are the remaining 11. In addition to the policy.conf generated there is a single file_contexts file containing two lines which labels the entire system with base_t. This policy generates a policy.23 binary that is 7920 bytes. (then a few versions later...): The new policy is 587 lines (stripped of blank lines) with 476 of those lines being the boilerplate that I mentioned last time. The remaining 111 lines have the 3 lines for type, user, and role, 70 lines for the allow rules (one for each object class including user space object classes), 27 lines to assign types to the initial sids, and 11 lines for file system labeling. The policy binary is 9194 bytes. Changelog: Aug 26: Added Documentation/SELinux.txt Aug 26: Incorporated a set of comments by Stephen Smalley: 1. auto-setup SELINUXTYPE=dummy 2. don't auto-install if selinux is enabled with non-dummy policy 3. don't re-compute policy version 4. /sbin/setfiles not /usr/sbin/setfiles Aug 22: As per JMorris comments, made sure make distclean cleans up the mdp directory. Removed a check for file_contexts which is now created in the same file as the check, making it superfluous. Signed-off-by:
Serge Hallyn <serue@us.ibm.com> Signed-off-by:
David Quigley <dpquigl@tycho.nsa.gov> Signed-off-by:
-
Huang Weiyi authored
The drivers below do not use LINUX_VERSION_CODE nor KERNEL_VERSION. drivers/watchdog/pc87413_wdt.c This patch removes the said #include <version.h>. Signed-off-by:
Huang Weiyi <weiyi.huang@gmail.com> Signed-off-by:
Wim Van Sebroeck <wim@iguana.be>
-
Ilpo Jarvinen authored
Signed-off-by:
Ilpo Jarvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
Anton Vorontsov authored
Fix the following build error when mpc8xxx_wdt is selected to build as a module: drivers/watchdog/mpc8xxx_wdt.c:304: error: redefinition of '__inittest' drivers/watchdog/mpc8xxx_wdt.c:298: error: previous definition of '__inittest' was here drivers/watchdog/mpc8xxx_wdt.c:304: error: redefinition of 'init_module' drivers/watchdog/mpc8xxx_wdt.c:298: error: previous definition of 'init_module' was here Reported-by:
Dave Jones <davej@redhat.com> Signed-off-by:
Anton Vorontsov <avorontsov@ru.mvista.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org>
-
Thomas Mingarelli authored
add kdebug support for the hpwdt.c driver. Signed-off-by:
Thomas Mingarelli <Thomas.Mingarelli@hp.com> Signed-off-by:
-
Florian Fainelli authored
Add driver for the IDT RC32434 SoC built-in watchdog. Signed-off-by:
Florian Fainelli <florian.fainelli@telecomint.eu> Signed-off-by:
-
Florian Fainelli authored
This patch adds support for the built-in RDC R-321x SoC watchdog. Signed-off-by:
-
Jochen Friedrich authored
The watchdog driver mpc8xx_wdt.c was a device interface to arch/ppc/syslib/m8xx_wdt.c for MPC8xx hardware. Now that ARCH=ppc is gone, this driver is of no more use. For ARCH=powerpc, MPC8xx hardware is supported by mpc8xxx_wdt.c. Signed-off-by:
Jochen Friedrich <jochen@scram.de> Signed-off-by:
Vitaly Bordug <vitb@kernel.crashing.org> Signed-off-by:
-
Ben Dooks authored
Fixup coding style issues in the s3c2410_wdt driver. Signed-off-by:
Ben Dooks <ben-linux@fluff.org> Signed-off-by:
-
Ben Dooks authored
Remove the changelog from the top of the driver, which is redundant as this information is more accurately represented from the revision control holding the file. Signed-off-by:
-
Ben Dooks authored
Fix comparison of a pointer to 0, instead of using NULL for a invalid pointer. Signed-off-by:
-
