)]}' { "log": [ { "commit": "cb4361c1dc29cd870f664c004b1817106fbce0fa", "tree": "c31533210d738c9074b21b8f31fe0399b39545f0", "parents": [ "309361e09ca9e9670dc8664e5d14125bf82078af", "fb9e2d887243499b8d28efcf80821c4f6a092395" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 06 08:34:06 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 06 08:34:06 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (37 commits)\n smc91c92_cs: fix the problem of \"Unable to find hardware address\"\n r8169: clean up my printk uglyness\n net: Hook up cxgb4 to Kconfig and Makefile\n cxgb4: Add main driver file and driver Makefile\n cxgb4: Add remaining driver headers and L2T management\n cxgb4: Add packet queues and packet DMA code\n cxgb4: Add HW and FW support code\n cxgb4: Add register, message, and FW definitions\n netlabel: Fix several rcu_dereference() calls used without RCU read locks\n bonding: fix potential deadlock in bond_uninit()\n net: check the length of the socket address passed to connect(2)\n stmmac: add documentation for the driver.\n stmmac: fix kconfig for crc32 build error\n be2net: fix bug in vlan rx path for big endian architecture\n be2net: fix flashing on big endian architectures\n be2net: fix a bug in flashing the redboot section\n bonding: bond_xmit_roundrobin() fix\n drivers/net: Add missing unlock\n net: gianfar - align BD ring size console messages\n net: gianfar - initialize per-queue statistics\n ...\n" }, { "commit": "b914f3a2a35812545f773645f340d7c075e5b64d", "tree": "813a4aeedd6594700a35f2fbf18754dae96edd55", "parents": [ "9e2e61fbf8ad016d24e4af0afff13505f3dd2a2a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Apr 01 10:43:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 01 18:32:08 2010 -0700" }, "message": "netlabel: Fix several rcu_dereference() calls used without RCU read locks\n\nThe recent changes to add RCU lock verification to rcu_dereference() calls\ncaught out a problem with netlbl_unlhsh_hash(), see below.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious rcu_dereference_check() usage. ]\n ---------------------------------------------------\n net/netlabel/netlabel_unlabeled.c:246 invoked rcu_dereference_check()\n without protection!\n\nThis patch fixes this problem as well as others like it in the NetLabel\ncode. Also included in this patch is the identification of future work\nto eliminate the RCU read lock in netlbl_domhsh_add(), but in the interest\nof getting this patch out quickly that work will happen in another patch\nto be finished later.\n\nThanks to Eric Dumazet and Paul McKenney for their help in understanding\nthe recent RCU changes.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReported-by: David Howells \u003cdhowells@redhat.com\u003e\nCC: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCC: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "dc4c2c31053ba5bf685d273cd62ecca406dddb2d", "tree": "c74ac486ee668eec2a24d9a4191a855fb0eed8af", "parents": [ "f6ca057f1bfe251d944505fc5ba4df3762802539" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Fri Feb 12 11:41:39 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 17 00:03:27 2010 -0800" }, "message": "net: remove INIT_RCU_HEAD() usage\n\ncall_rcu() will unconditionally reinitialize RCU head anyway.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4ef58d4e2ad1fa2a3e5bbf41af2284671fca8cf8", "tree": "856ba96302a36014736747e8464f80eeb827bbdd", "parents": [ "f6c4c8195b5e7878823caa1181be404d9e86d369", "d014d043869cdc591f3a33243d3481fa4479c2d0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 09 19:43:33 2009 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (42 commits)\n tree-wide: fix misspelling of \"definition\" in comments\n reiserfs: fix misspelling of \"journaled\"\n doc: Fix a typo in slub.txt.\n inotify: remove superfluous return code check\n hdlc: spelling fix in find_pvc() comment\n doc: fix regulator docs cut-and-pasteism\n mtd: Fix comment in Kconfig\n doc: Fix IRQ chip docs\n tree-wide: fix assorted typos all over the place\n drivers/ata/libata-sff.c: comment spelling fixes\n fix typos/grammos in Documentation/edac.txt\n sysctl: add missing comments\n fs/debugfs/inode.c: fix comment typos\n sgivwfb: Make use of ARRAY_SIZE.\n sky2: fix sky2_link_down copy/paste comment error\n tree-wide: fix typos \"couter\" -\u003e \"counter\"\n tree-wide: fix typos \"offest\" -\u003e \"offset\"\n fix kerneldoc for set_irq_msi()\n spidev: fix double \"of of\" in comment\n comment typo fix: sybsystem -\u003e subsystem\n ...\n" }, { "commit": "af901ca181d92aac3a7dc265144a9081a86d8f39", "tree": "380054af22521144fbe1364c3bcd55ad24c9bde4", "parents": [ "972b94ffb90ea6d20c589d9a47215df103388ddd" ], "author": { "name": "André Goddard Rosa", "email": "andre.goddard@gmail.com", "time": "Sat Nov 14 13:09:05 2009 -0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Dec 04 15:39:55 2009 +0100" }, "message": "tree-wide: fix assorted typos all over the place\n\nThat is \"success\", \"unknown\", \"through\", \"performance\", \"[re|un]mapping\"\n, \"access\", \"default\", \"reasonable\", \"[con]currently\", \"temperature\"\n, \"channel\", \"[un]used\", \"application\", \"example\",\"hierarchy\", \"therefore\"\n, \"[over|under]flow\", \"contiguous\", \"threshold\", \"enough\" and others.\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "8964be4a9a5ca8cab1219bb046db2f6d1936227c", "tree": "8838c73a03cc69c010b55928fce3725d17bc26a9", "parents": [ "fa9a6fed87df1b50804405e700f8d30251d3aaf1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 20 15:35:04 2009 -0800" }, "message": "net: rename skb-\u003eiif to skb-\u003eskb_iif\n\nTo help grep games, rename iif to skb_iif\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "122ec6ffca3967ffaa96a4c7a5dc9cd71866e0bc", "tree": "5e04166eaa0494a786fa5bb2c9c3628df03289ff", "parents": [ "31ef30c760f7ddb133fa538df1dfbec1f42294d7" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Nov 05 20:53:47 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 05 22:34:18 2009 -0800" }, "message": "netlabel: remove dev_put() calls\n\nUse dev_get_by_name_rcu() to avoid dev_put() calls,\nin sections already inside a rcu_read_lock()\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "df597efb5737063497f1a4f7c996cc9aec294230", "tree": "17bb60f68ee299d9717038197a932501625f1621", "parents": [ "a33bc5c15154c835aae26f16e6a3a7d9ad4acb45", "0a924578bc4a2823a95c151f56975c71f5c156bb" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 30 19:22:43 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 30 19:22:43 2009 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\tdrivers/net/wireless/iwlwifi/iwl-3945.h\n\tdrivers/net/wireless/iwlwifi/iwl-tx.c\n\tdrivers/net/wireless/iwlwifi/iwl3945-base.c\n" }, { "commit": "ca7daea612b480ecf0fc5bd1630b88447fe73fc5", "tree": "4fa3d875d3fdc7a3e33cac4a5e20d78d77948685", "parents": [ "a1b97440eec0ea3e53183cde8fe82ff8c1ffb091" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Thu Jul 30 04:38:19 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 30 10:58:28 2009 -0700" }, "message": "net/netlabel: Add kmalloc NULL tests\n\nThe test on map4 should be a test on map6.\n\nThe semantic match that finds this problem is as follows:\n(http://www.emn.fr/x-info/coccinelle/)\n\n// \u003csmpl\u003e\n@@\nexpression *x;\nidentifier f;\nconstant char *C;\n@@\n\nx \u003d \\(kmalloc\\|kcalloc\\|kzalloc\\)(...);\n... when !\u003d x \u003d\u003d NULL\n when !\u003d x !\u003d NULL\n when !\u003d (x || ...)\n(\nkfree(x)\n|\nf(...,C,...,x,...)\n|\n*f(...,x,...)\n|\n*x-\u003ef\n)\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "479432344420bc9a868088e346fecb6765e2b674", "tree": "08d57c28a83ba2c633c91df8490e37f6d4adc03f", "parents": [ "463889e27e6f4f097374a6c9de5611f520766dad" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Mon Jul 27 06:15:43 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jul 27 11:35:29 2009 -0700" }, "message": "net/netlabel: Correct redundant test\n\nentry was tested for NULL near the beginning of the function, followed by a\nreturn, and there is no intervening modification of its value.\n\nA simplified version of the semantic match that finds this problem is as\nfollows: (http://www.emn.fr/x-info/coccinelle/)\n\n// \u003csmpl\u003e\n@r exists@\nlocal idexpression x;\nexpression E;\nposition p1,p2;\n@@\n\nif (x \u003d\u003d NULL || ...) { ... when forall\n return ...; }\n... when !\u003d \\(x\u003dE\\|x--\\|x++\\|--x\\|++x\\|x-\u003dE\\|x+\u003dE\\|x|\u003dE\\|x\u0026\u003dE\\|\u0026x\\)\n(\n*x \u003d\u003d NULL\n|\n*x !\u003d NULL\n)\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7ae740df3a9c68622156476dca29991de664fae4", "tree": "c2c63d862b9dba337c1eeafc848189e849850346", "parents": [ "8f698d54532172de3591af1e9394dc669f29e6ca" ], "author": { "name": "Michał Mirosław", "email": "mirq-linux@rere.qmqm.pl", "time": "Thu May 21 10:34:05 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu May 21 16:50:24 2009 -0700" }, "message": "netlabel: Use genl_register_family_with_ops()\n\nUse genl_register_family_with_ops() instead of a copy. This fixes genetlink\nfamily leak on error path.\n\nSigned-off-by: Michał Mirosław \u003cmirq-linux@rere.qmqm.pl\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "50b2ff1bc47baacb8e9882b2b2a74b240ddbeecf", "tree": "8ee63f5f2e28a501d5a91ac13ffea112d2018afc", "parents": [ "cef309cf6112f9a44b1ebcefc1641d01d35c83dc" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Apr 21 10:04:22 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Apr 22 00:46:09 2009 -0700" }, "message": "netlabel: Always remove the correct address selector\n\nThe NetLabel address selector mechanism has a problem where it can get\nmistakenly remove the wrong selector when similar addresses are used. The\nproblem is caused when multiple addresses are configured that have different\nnetmasks but the same address, e.g. 127.0.0.0/8 and 127.0.0.0/24. This patch\nfixes the problem.\n\nReported-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nTested-by: Etienne Basset \u003cetienne.basset@numericable.fr\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "07feee8f812f7327a46186f7604df312c8c81962", "tree": "73eac643b60532aa82d7680a7de193ba2b62eddd", "parents": [ "8651d5c0b1f874c5b8307ae2b858bc40f9f02482" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:54 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:37 2009 +1100" }, "message": "netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections\n\nThis patch cleans up a lot of the Smack network access control code. The\nlargest changes are to fix the labeling of incoming TCP connections in a\nmanner similar to the recent SELinux changes which use the\nsecurity_inet_conn_request() hook to label the request_sock and let the label\nmove to the child socket via the normal network stack mechanisms. In addition\nto the incoming TCP connection fixes this patch also removes the smk_labled\nfield from the socket_smack struct as the minor optimization advantage was\noutweighed by the difficulty in maintaining it\u0027s proper state.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "389fb800ac8be2832efedd19978a2b8ced37eb61", "tree": "fa0bc16050dfb491aa05f76b54fa4c167de96376", "parents": [ "284904aa79466a4736f4c775fdbe5c7407fa136c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Mar 27 17:10:34 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Mar 28 15:01:36 2009 +1100" }, "message": "netlabel: Label incoming TCP connections correctly in SELinux\n\nThe current NetLabel/SELinux behavior for incoming TCP connections works but\nonly through a series of happy coincidences that rely on the limited nature of\nstandard CIPSO (only able to convey MLS attributes) and the write equality\nimposed by the SELinux MLS constraints. The problem is that network sockets\ncreated as the result of an incoming TCP connection were not on-the-wire\nlabeled based on the security attributes of the parent socket but rather based\non the wire label of the remote peer. The issue had to do with how IP options\nwere managed as part of the network stack and where the LSM hooks were in\nrelation to the code which set the IP options on these newly created child\nsockets. While NetLabel/SELinux did correctly set the socket\u0027s on-the-wire\nlabel it was promptly cleared by the network stack and reset based on the IP\noptions of the remote peer.\n\nThis patch, in conjunction with a prior patch that adjusted the LSM hook\nlocations, works to set the correct on-the-wire label format for new incoming\nconnections through the security_inet_conn_request() hook. Besides the\ncorrect behavior there are many advantages to this change, the most significant\nis that all of the NetLabel socket labeling code in SELinux now lives in hooks\nwhich can return error codes to the core stack which allows us to finally get\nride of the selinux_netlbl_inode_permission() logic which greatly simplfies\nthe NetLabel/SELinux glue code. In the process of developing this patch I\nalso ran into a small handful of AF_INET6 cleanliness issues that have been\nfixed which should make the code safer and easier to extend in the future.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07", "tree": "c52e242ec5e5c2d131af2d9dbb038f78f724a74c", "parents": [ "6a94cb73064c952255336cc57731904174b2c58f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Dec 31 12:54:11 2008 -0500" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Dec 31 12:54:11 2008 -0500" }, "message": "netlabel: Update kernel configuration API\n\nUpdate the NetLabel kernel API to expose the new features added in kernel\nreleases 2.6.25 and 2.6.28: the static/fallback label functionality and network\naddress based selectors.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "eb14f019597cd86c21a6c601d7e900f40030c2e7", "tree": "36fb2f36a1747f98988f87215db1eef3a71d45eb", "parents": [ "9a4a84294b0d60b8c287131478f743ba2bc68949", "a3dd15444baa9c7522c8457ab564c41219dfb44c" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 15 20:03:50 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 15 20:03:50 2008 -0800" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\n\tdrivers/net/e1000e/ich8lan.c\n" }, { "commit": "ec8f2375d7584969501918651241f91eca2a6ad3", "tree": "d535c77113d1bce29c6e10c8c2dde1f653994f3f", "parents": [ "30bb0e0dce78427f3e5cb728d6b5ea73acbefffa" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Dec 11 21:31:50 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Dec 11 21:31:50 2008 -0800" }, "message": "netlabel: Compiler warning and NULL pointer dereference fix\n\nFix the two compiler warnings show below. Thanks to Geert Uytterhoeven for\nfinding and reporting the problem.\n\n net/netlabel/netlabel_unlabeled.c:567: warning: \u0027entry\u0027 may be used\n uninitialized in this function\n net/netlabel/netlabel_unlabeled.c:629: warning: \u0027entry\u0027 may be used\n uninitialized in this function\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "730c30ec646bd252a9448a66ecd51d794853513f", "tree": "c0d413860f9d8bf37374f17cfabb4911143465d7", "parents": [ "726e07a8a38168266ac95d87736f9501a2d9e7b2", "0a0755c9fe47dc9f8271935909c66096e43efbfe" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 05 22:54:40 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 05 22:54:40 2008 -0800" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\n\tdrivers/net/wireless/iwlwifi/iwl-core.c\n\tdrivers/net/wireless/iwlwifi/iwl-sta.c\n" }, { "commit": "d25830e5507f6bc815f5dd7e2eb65f172e878a2b", "tree": "8d85a75f93afaf044a8f52783df70cb2ee8118cf", "parents": [ "efba01803c8570bab11d0d6188a630231d0ddccf" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Dec 03 00:37:04 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Dec 03 00:37:04 2008 -0800" }, "message": "netlabel: Fix a potential NULL pointer dereference\n\nFix a potential NULL pointer dereference seen when trying to remove a\nstatic label configuration with an invalid address/mask combination.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cf005b1d0e34d8c964347331c43de089c674a5a1", "tree": "c766e3fec0fa742ec38c2419bce4035e03424425", "parents": [ "6c0bce37ffc8f000a516fadf6dee84579c4c8f9b" ], "author": { "name": "Qinghuang Feng", "email": "qhfeng.kernel@gmail.com", "time": "Fri Nov 21 17:15:03 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 21 17:15:03 2008 -0800" }, "message": "net: remove redundant argument comments\n\nRemove redundant argument comments in files of net/*\n\nSigned-off-by: Qinghuang Feng \u003cqhfeng.kernel@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "21454aaad30651ba0dcc16fe5271bc12ee21f132", "tree": "eb525494d6f80a0e855840bc588ae1f422348b04", "parents": [ "14d5e834f6b36667c7da56374645f99b6cf30814" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Fri Oct 31 00:54:56 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 31 00:54:56 2008 -0700" }, "message": "net: replace NIPQUAD() in net/*/\n\nUsing NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u\ncan be replaced with %pI4\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a1744d3bee19d3b9cbfb825ab316a101b9c9f109", "tree": "c0e2324c09beca0eb5782eb5abf241ea2b7a4a11", "parents": [ "275f165fa970174f8a98205529750e8abb6c0a33", "a432226614c5616e3cfd211e0acffa0acfb4770c" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 31 00:17:34 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 31 00:17:34 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\n\tdrivers/net/wireless/p54/p54common.c\n" }, { "commit": "47b676c0e03dcfd88de91f6f24a06653cfdf32af", "tree": "30c7400d784109845af731891ff22fc10461c9bb", "parents": [ "f8a024796b2bbec3d1a4ad5aae6173cfb18226b4" ], "author": { "name": "Manish Katiyar", "email": "mkatiyar@gmail.com", "time": "Thu Oct 30 10:44:48 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Oct 30 10:44:48 2008 -0400" }, "message": "netlabel: Fix compilation warnings in net/netlabel/netlabel_addrlist.c\n\nEnable netlabel auditing functions only when CONFIG_AUDIT is set\n\nSigned-off-by: Manish Katiyar \u003cmkatiyar@gmail.com\u003e\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "f8a024796b2bbec3d1a4ad5aae6173cfb18226b4", "tree": "f4695adfeeef323569f2e9a47186594bc02336be", "parents": [ "00af5c69598212cf6cd4ecb4ca89785118aeecad" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Oct 29 16:09:12 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Oct 29 16:09:12 2008 -0400" }, "message": "netlabel: Fix compiler warnings in netlabel_mgmt.c\n\nFix the compiler warnings below, thanks to Andrew Morton for finding them.\n\n net/netlabel/netlabel_mgmt.c: In function `netlbl_mgmt_listentry\u0027:\n net/netlabel/netlabel_mgmt.c:268: warning: \u0027ret_val\u0027 might be used\n uninitialized in this function\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "5b095d98928fdb9e3b75be20a54b7a6cbf6ca9ad", "tree": "b6caa0cdbaac016447a790881ad4a6c5dfce6900", "parents": [ "4b7a4274ca63dadd9c4f17fc953f3a5d19855c4c" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Wed Oct 29 12:52:50 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 29 12:52:50 2008 -0700" }, "message": "net: replace %p6 with %pI6\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fdb46ee752ed05c94bac71fe3decdb5175ec6e1f", "tree": "903aa4ba2c7afc996e9ddd3304e64770db830f7d", "parents": [ "0c6ce78abf6e228d44c3840edb8a4ae0c1299825" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Tue Oct 28 16:10:17 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 28 23:02:32 2008 -0700" }, "message": "net, misc: replace uses of NIP6_FMT with %p6\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d91d40799165b0c84c97e7c71fb8039494ff07dc", "tree": "5394e5d167ec1074f5f52da02e5406f5e183c080", "parents": [ "15c45f7b2e81655f6eb500ec949c8bd70a04325a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:34 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:34 2008 -0400" }, "message": "netlabel: Add configuration support for local labeling\n\nAdd the necessary NetLabel support for the new CIPSO mapping,\nCIPSO_V4_MAP_LOCAL, which allows full LSM label/context support.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "15c45f7b2e81655f6eb500ec949c8bd70a04325a", "tree": "46037ccd3f3c83cb140abdf5d10af73888bdd362", "parents": [ "8d75899d033617316e06296b7c0729612f56aba0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:34 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:34 2008 -0400" }, "message": "cipso: Add support for native local labeling and fixup mapping names\n\nThis patch accomplishes three minor tasks: add a new tag type for local\nlabeling, rename the CIPSO_V4_MAP_STD define to CIPSO_V4_MAP_TRANS and\nreplace some of the CIPSO \"magic numbers\" with constants from the header\nfile. The first change allows CIPSO to support full LSM labels/contexts,\nnot just MLS attributes. The second change brings the mapping names inline\nwith what userspace is using, compatibility is preserved since we don\u0027t\nactually change the value. The last change is to aid readability and help\nprevent mistakes.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "014ab19a69c325f52d7bae54ceeda73d6307ae0c", "tree": "8a69c490accb7d5454bdfeb8c078d846729aeb60", "parents": [ "948bf85c1bc9a84754786a9d5dd99b7ecc46451e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:33 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:33 2008 -0400" }, "message": "selinux: Set socket NetLabel based on connection endpoint\n\nPrevious work enabled the use of address based NetLabel selectors, which while\nhighly useful, brought the potential for additional per-packet overhead when\nused. This patch attempts to solve that by applying NetLabel socket labels\nwhen sockets are connect()\u0027d. This should alleviate the per-packet NetLabel\nlabeling for all connected sockets (yes, it even works for connected DGRAM\nsockets).\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "948bf85c1bc9a84754786a9d5dd99b7ecc46451e", "tree": "a4706be1f4a5a37408774ef3c4cab8cf2e7775b5", "parents": [ "63c41688743760631188cf0f4ae986a6793ccb0a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "message": "netlabel: Add functionality to set the security attributes of a packet\n\nThis patch builds upon the new NetLabel address selector functionality by\nproviding the NetLabel KAPI and CIPSO engine support needed to enable the\nnew packet-based labeling. The only new addition to the NetLabel KAPI at\nthis point is shown below:\n\n * int netlbl_skbuff_setattr(skb, family, secattr)\n\n... and is designed to be called from a Netfilter hook after the packet\u0027s\nIP header has been populated such as in the FORWARD or LOCAL_OUT hooks.\n\nThis patch also provides the necessary SELinux hooks to support this new\nfunctionality. Smack support is not currently included due to uncertainty\nregarding the permissions needed to expand the Smack network access controls.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "63c41688743760631188cf0f4ae986a6793ccb0a", "tree": "b270091d7b763e8b6c5073d4ca618f0d36065188", "parents": [ "61e1068219950c672ce979719ad2be3aadb00d7d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "message": "netlabel: Add network address selectors to the NetLabel/LSM domain mapping\n\nThis patch extends the NetLabel traffic labeling capabilities to individual\npackets based not only on the LSM domain but the by the destination address\nas well. The changes here only affect the core NetLabel infrastructre,\nchanges to the NetLabel KAPI and individial protocol engines are also\nrequired but are split out into a different patch to ease review.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "61e1068219950c672ce979719ad2be3aadb00d7d", "tree": "da987ee4b5be90f95ca8e0b20bd872ff75d82934", "parents": [ "b1edeb102397546438ab4624489c6ccd7b410d97" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:32 2008 -0400" }, "message": "netlabel: Add a generic way to create ordered linked lists of network addrs\n\nCreate an ordered IP address linked list mechanism similar to the core\nkernel\u0027s linked list construct. The idea behind this list functionality\nis to create an extensibile linked list ordered by IP address mask to\nease the matching of network addresses. The linked list is ordered with\nlarger address masks at the front of the list and shorter address masks\nat the end to facilitate overriding network entries with individual host\nor subnet entries.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b1edeb102397546438ab4624489c6ccd7b410d97", "tree": "ce7033f678ffe46ec3f517bb2771b9cbb04d62bb", "parents": [ "a8134296ba9940b5b271d908666e532d34430a3c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "message": "netlabel: Replace protocol/NetLabel linking with refrerence counts\n\nNetLabel has always had a list of backpointers in the CIPSO DOI definition\nstructure which pointed to the NetLabel LSM domain mapping structures which\nreferenced the CIPSO DOI struct. The rationale for this was that when an\nadministrator removed a CIPSO DOI from the system all of the associated\nNetLabel LSM domain mappings should be removed as well; a list of\nbackpointers made this a simple operation.\n\nUnfortunately, while the backpointers did make the removal easier they were\na bit of a mess from an implementation point of view which was making\nfurther development difficult. Since the removal of a CIPSO DOI is a\nrealtively rare event it seems to make sense to remove this backpointer\nlist as the optimization was hurting us more then it was helping. However,\nwe still need to be able to track when a CIPSO DOI definition is being used\nso replace the backpointer list with a reference count. In order to\npreserve the current functionality of removing the associated LSM domain\nmappings when a CIPSO DOI is removed we walk the LSM domain mapping table,\nremoving the relevant entries.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dfaebe9825ff34983778f287101bc5f3bce00640", "tree": "4dccdcdcecd57fc8bfc083ff30d9e0ecb2e7ecba", "parents": [ "99d854d231ce141850b988bdc7e2e7c78f49b03a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:31 2008 -0400" }, "message": "selinux: Fix missing calls to netlbl_skbuff_err()\n\nAt some point I think I messed up and dropped the calls to netlbl_skbuff_err()\nwhich are necessary for CIPSO to send error notifications to remote systems.\nThis patch re-introduces the error handling calls into the SELinux code.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "948a72438d4178d0728c4b0a38836d280b846939", "tree": "d43d738c1609328ec5e3697116a1c630cf90875b", "parents": [ "aa86290089a1e57b4bdbbb4720072233f66bd5b2" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:30 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:30 2008 -0400" }, "message": "netlabel: Remove unneeded in-kernel API functions\n\nAfter some discussions with the Smack folks, well just Casey, I now have a\nbetter idea of what Smack wants out of NetLabel in the future so I think it\nis now safe to do some API \"pruning\". If another LSM comes along that\nneeds this functionality we can always add it back in, but I don\u0027t see any\nLSMs on the horizon which might make use of these functions.\n\nThanks to Rami Rosen who suggested removing netlbl_cfg_cipsov4_del() back\nin February 2008.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "561967010edef40f539dacf2aa125e20773ab40b", "tree": "90532a13377f81e213bc6904a29762866d34b68e", "parents": [ "3fa8749e584b55f1180411ab1b51117190bac1e5" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:29 2008 -0400" }, "committer": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 10 10:16:29 2008 -0400" }, "message": "netlabel: Fix some sparse warnings\n\nFix a few sparse warnings. One dealt with a RCU lock being held on error,\nanother dealt with an improper type caused by a signed/unsigned mixup while\nthe rest appeared to be caused by using rcu_dereference() in a\nlist_for_each_entry_rcu() call. The latter probably isn\u0027t a big deal, but\nI derive a certain pleasure from knowing that the net/netlabel is nice and\nclean.\n\nThanks to James Morris for pointing out the issues and demonstrating how\nto run sparse.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "721499e8931c5732202481ae24f2dfbf9910f129", "tree": "c94d8d681966109bb41f712f21f3a9825ae2172d", "parents": [ "407d819cf0fd54c6fc1138a509225696aecafd15" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Sat Jul 19 22:34:43 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jul 19 22:34:43 2008 -0700" }, "message": "netns: Use net_eq() to compare net-namespaces for optimization.\n\nWithout CONFIG_NET_NS, namespace is always \u0026init_net.\nCompiler will be able to omit namespace comparisons with this patch.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "49997d75152b3d23c53b0fa730599f2f74c92c65", "tree": "46e93126170d02cfec9505172e545732c1b69656", "parents": [ "a0c80b80e0fb48129e4e9d6a9ede914f9ff1850d", "5b664cb235e97afbf34db9c4d77f08ebd725335e" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jul 18 02:39:39 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jul 18 02:39:39 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nConflicts:\n\n\tDocumentation/powerpc/booting-without-of.txt\n\tdrivers/atm/Makefile\n\tdrivers/net/fs_enet/fs_enet-main.c\n\tdrivers/pci/pci-acpi.c\n\tnet/8021q/vlan.c\n\tnet/iucv/iucv.c\n" }, { "commit": "6c9fcaf2eec1b9f85226a694230dd957dd7926b3", "tree": "f8c824c6c64dc411752c844f116e693760768bcc", "parents": [ "b9d2252c1e44fa83a4e65fdc9eb93db6297c55af", "199a952876adbfc2b6c13b8b07adabebf4ff54b2" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Jul 15 21:10:12 2008 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Jul 15 21:10:12 2008 +0200" }, "message": "Merge branch \u0027core/rcu\u0027 into core/rcu-for-linus\n" }, { "commit": "83aa2e964b9b04effa304aaf3c1090b46812a04b", "tree": "2e0b368ddbc2c9727e8648cb7e9282b0cbc5ff17", "parents": [ "7197914c35b31a75cb6e85c7fc2ae93d0027c28e" ], "author": { "name": "Denis V. Lunev", "email": "den@openvz.org", "time": "Mon Jul 14 22:28:25 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jul 14 22:28:25 2008 -0700" }, "message": "netlabel: return msg overflow error from netlbl_cipsov4_list faster\n\nCurrently, we are trying to place the information from the kernel to\n1, 2, 3 and 4 pages sequentially. These pages are allocated via slab.\nThough, from the slab point of view steps 3 and 4 are equivalent on\nmost architectures. So, lets skip 3 pages attempt.\n\nBy the way, should we switch from .doit to .dumpit interface here?\nThe amount of data seems quite big for me.\n\nSigned-off-by: Denis V. Lunev \u003cden@openvz.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0c81b2a1448bc6a2a9b2d6469fb0669fb4b25e5b", "tree": "6f82579cae6d6e39fa9f837a3c349ded51e19d14", "parents": [ "0729fbf3bc70870370b4f43d652f05a468dc68b8", "70ff05554f91a1edda1f11684da1dbde09e2feea" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Fri Jul 11 10:46:50 2008 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Fri Jul 11 10:46:50 2008 +0200" }, "message": "Merge branch \u0027linus\u0027 into core/rcu\n\nConflicts:\n\n\tinclude/linux/rculist.h\n\tkernel/rcupreempt.c\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "fe785bee05f08d37b34b7399d003b74199274ce4", "tree": "d87c30deefc4c35d5794879b3430470d554ae2a6", "parents": [ "2e655571c618434c24ac2ca989374fdd84470d6d" ], "author": { "name": "Denis V. Lunev", "email": "den@openvz.org", "time": "Thu Jul 10 16:53:39 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 10 16:53:39 2008 -0700" }, "message": "netlabel: netlink_unicast calls kfree_skb on error path by itself\n\nSo, no need to kfree_skb here on the error path. In this case we can\nsimply return.\n\nSigned-off-by: Denis V. Lunev \u003cden@openvz.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "59d88c00cafe5192b058abf4f3ce17c2e27d1c09", "tree": "da7fb7007e05fb4b22c94408ab4b9dc279a81d4c", "parents": [ "251a4b320f2352598f84e4452ab538aa8064af52" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jun 27 20:12:32 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 27 20:12:32 2008 -0700" }, "message": "netlabel: Fix a problem when dumping the default IPv6 static labels\n\nThere is a missing \"!\" in a conditional statement which is causing entries to\nbe skipped when dumping the default IPv6 static label entries. This can be\ndemonstrated by running the following:\n\n # netlabelctl unlbl add default address:::1 \\\n label:system_u:object_r:unlabeled_t:s0\n # netlabelctl -p unlbl list\n\n... you will notice that the entry for the IPv6 localhost address is not\ndisplayed but does exist (works correctly, causes collisions when attempting\nto add duplicate entries, etc.).\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "82524746c27fa418c250a56dd7606b9d3fc79826", "tree": "1801230b8fc2e436e722ac6f54fc53f1c112c310", "parents": [ "32300751b4079cb5688453baa94711579d4285d5" ], "author": { "name": "Franck Bui-Huu", "email": "fbuihuu@gmail.com", "time": "Mon May 12 21:21:05 2008 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Mon May 19 10:01:37 2008 +0200" }, "message": "rcu: split list.h and move rcu-protected lists into rculist.h\n\nMove rcu-protected lists from list.h into a new header file rculist.h.\n\nThis is done because list are a very used primitive structure all over the\nkernel and it\u0027s currently impossible to include other header files in this\nlist.h without creating some circular dependencies.\n\nFor example, list.h implements rcu-protected list and uses rcu_dereference()\nwithout including rcupdate.h. It actually compiles because users of\nrcu_dereference() are macros. Others RCU functions could be used too but\naren\u0027t probably because of this.\n\nTherefore this patch creates rculist.h which includes rcupdates without to\nmany changes/troubles.\n\nSigned-off-by: Franck Bui-Huu \u003cfbuihuu@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Josh Triplett \u003cjosh@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "794eb6bf20ebf992c040ea831cd3a9c64b0c1f7a", "tree": "41d710fe62265b95b2e3e0cd9fa49d5ffe65fb81", "parents": [ "f5ba2d32170679eb9b7c251ac3d9687916a41c18" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Thu Apr 17 23:22:54 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 17 23:22:54 2008 -0700" }, "message": "[NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found\n\ndev_get_by_index() may return NULL if nothing is found. In \nnet/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the \nfunction is called, but the return value is never checked. If it returns \nNULL then we\u0027ll deref a NULL pointer on the very next line.\nI checked the callers, and I don\u0027t think this can actually happen today, \nbut code changes over time and in the future it might happen and it does \nno harm to be defensive and check for the failure, so that if/when it \nhappens we\u0027ll fail gracefully instead of crashing.\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c346dca10840a874240c78efe3f39acf4312a1f2", "tree": "c04cff20124eba5cc337cc5ec260ad2513eeb065", "parents": [ "7cbca67c073263c179f605bdbbdc565ab29d801d" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Tue Mar 25 21:47:49 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Wed Mar 26 04:39:53 2008 +0900" }, "message": "[NET] NETNS: Omit net_device-\u003end_net without CONFIG_NET_NS.\n\nIntroduce per-net_device inlines: dev_net(), dev_net_set().\nWithout CONFIG_NET_NS, no namespace other than \u0026init_net exists.\nLet\u0027s explicitly define them to help compiler optimizations.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "05705e4e1158ad2c1a22817f27d91ff0758fd0a9", "tree": "5c1607c615c9c1582305751340456a022a97df63", "parents": [ "227c43c3bca76df704231324405980851dc7f528" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Sun Feb 17 22:33:57 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Feb 17 22:33:57 2008 -0800" }, "message": "[NETLABEL]: Move some initialization code into __init section.\n\nEverything that is called from netlbl_init() can be marked with\n__init. This moves 620 bytes from .text section to .text.init one.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "227c43c3bca76df704231324405980851dc7f528", "tree": "6b6f32246a974382cc6b7d6474a18c225603a856", "parents": [ "f47b7257c7368698eabff6fd7b340071932af640" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Sun Feb 17 22:33:16 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Feb 17 22:33:16 2008 -0800" }, "message": "[NETLABEL]: Shrink the genl-ops registration code.\n\nTurning them to array and registration in a loop saves\n80 lines of code and ~300 bytes from text section.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "370125f0a48a2584a2506fd567d690df6d87cf2c", "tree": "44f3d3e64d1be9f340475409aefa266ce8ff4f86", "parents": [ "56628b1d8964eb7ac924154d60b5d874bfb2b1e8" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Feb 12 22:38:06 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 12 22:38:06 2008 -0800" }, "message": "[NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6.\n\nThis one is called from under this config only, so move\nit in the same place.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "56628b1d8964eb7ac924154d60b5d874bfb2b1e8", "tree": "aa613aac941bdffe6b328d23aac3d3d97a46ec1e", "parents": [ "94de7feb2dee6d0039ecbe98ae8b63bbb63808b6" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Feb 12 22:37:19 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 12 22:37:19 2008 -0800" }, "message": "[NETLABEL]: Don\u0027t produce unused variables when IPv6 is off.\n\nSome code declares variables on the stack, but uses them\nunder #ifdef CONFIG_IPV6, so thay become unused when ipv6\nis off. Fortunately, they are used in a switch\u0027s case\nbranches, so the fix is rather simple.\n\nIs it OK from coding style POV to add braces inside \"cases\",\nor should I better avoid such style and rework the patch?\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "94de7feb2dee6d0039ecbe98ae8b63bbb63808b6", "tree": "c0cac64c593efc2e2dc32a7c666bb4e9c4f69bf6", "parents": [ "910d6c320cac65c81d66e8fd30dca167092722eb" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Feb 12 22:35:37 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 12 22:35:37 2008 -0800" }, "message": "[NETLABEL]: Compilation for CONFIG_AUDIT\u003dn case.\n\nThe audit_log_start() will expand into an empty do { } while (0)\nconstruction and the audit_ctx becomes unused.\n\nThe solution: push current-\u003eaudit_context into audit_log_start()\ndirectly, since it is not required in any other place in the \ncalling function.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c3a0a254e5d706d3fe01bf42261534858d05586", "tree": "f689952b5544f23bf9cf83d1d69b02fb4abfc131", "parents": [ "0f8f27c39553dd3aedcaf5c39adefe3efef28b6b" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Feb 12 22:15:14 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 12 22:15:14 2008 -0800" }, "message": "[NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def.\n\nCurrently, if the call to netlbl_domhsh_search succeeds the\nreturn result will still be NULL.\n\nFix that, by returning the found entry (if any).\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "eda61d32e8ad1d9102872f9a0abf3344bf9c5e67", "tree": "d1c11a47c97b3f29d54021cd4aa9c0b8963ed0c8", "parents": [ "97829955ad291acec1d8b94e9911b3ceb1118bb1" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Feb 04 22:29:47 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "NetLabel: introduce a new kernel configuration API for NetLabel\n\nAdd a new set of configuration functions to the NetLabel/LSM API so that\nLSMs can perform their own configuration of the NetLabel subsystem without\nrelying on assistance from userspace.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "13541b3adad2dc2f56761c5193c2b88db3597f0e", "tree": "ef5dfff5135ecb91ccb379d351c9bc5f491e080a", "parents": [ "8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:29 2008 +1100" }, "message": "NetLabel: Add auditing to the static labeling mechanism\n\nThis patch adds auditing support to the NetLabel static labeling mechanism.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd", "tree": "802d46ff2b1b1700a3baa726d2aa4aba320376c9", "parents": [ "5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:21 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:28 2008 +1100" }, "message": "NetLabel: Introduce static network labels for unlabeled connections\n\nMost trusted OSs, with the exception of Linux, have the ability to specify\nstatic security labels for unlabeled networks. This patch adds this ability to\nthe NetLabel packet labeling framework.\n\nIf the NetLabel subsystem is called to determine the security attributes of an\nincoming packet it first checks to see if any recognized NetLabel packet\nlabeling protocols are in-use on the packet. If none can be found then the\nunlabled connection table is queried and based on the packets incoming\ninterface and address it is matched with a security label as configured by the\nadministrator using the netlabel_tools package. The matching security label is\nreturned to the caller just as if the packet was explicitly labeled using a\nlabeling protocol.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "75e22910cf0c26802b09dac2e34c13e648d3ed02", "tree": "bf5f5c62f6db8a3057a0265dc7748bf310d26d4a", "parents": [ "16efd45435fa695b501b7f73c3259bd7c77cc12c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:38:04 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:20 2008 +1100" }, "message": "NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function\n\nIn order to do any sort of IP header inspection of incoming packets we need to\nknow which address family, AF_INET/AF_INET6/etc., it belongs to and since the\nsk_buff structure does not store this information we need to pass along the\naddress family separate from the packet itself.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "16efd45435fa695b501b7f73c3259bd7c77cc12c", "tree": "f26eb84f65192eb0a17aca399fd405100e4be974", "parents": [ "1c3fad936acaf87b75055b95be781437e97d787f" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:59 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:19 2008 +1100" }, "message": "NetLabel: Add secid token support to the NetLabel secattr struct\n\nThis patch adds support to the NetLabel LSM secattr struct for a secid token\nand a type field, paving the way for full LSM/SELinux context support and\n\"static\" or \"fallback\" labels. In addition, this patch adds a fair amount\nof documentation to the core NetLabel structures used as part of the\nNetLabel kernel API.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1c3fad936acaf87b75055b95be781437e97d787f", "tree": "43fe24b08a605db020c0a93fb5ceec1e7744822d", "parents": [ "b64397e0b40e75b619aeef9a1fa21f79f801a3e8" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:57 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:18 2008 +1100" }, "message": "NetLabel: Consolidate the LSM domain mapping/hashing locks\n\nCurrently we use two separate spinlocks to protect both the hash/mapping table\nand the default entry. This could be considered a bit foolish because it adds\ncomplexity without offering any real performance advantage. This patch\nremoves the dedicated default spinlock and protects the default entry with the\nhash/mapping table spinlock.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b64397e0b40e75b619aeef9a1fa21f79f801a3e8", "tree": "cea93c3a06953ceb0e8876f699ff41be6c54207d", "parents": [ "c783f1ce5712530ba404807c55d77ac782eb8a7d" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:54 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:17 2008 +1100" }, "message": "NetLabel: Cleanup the LSM domain hash functions\n\nThe NetLabel/LSM domain hash table search function used an argument to specify\nif the default entry should be returned if an exact match couldn\u0027t be found in\nthe hash table. This is a bit against the kernel\u0027s style so make two separate\nfunctions to represent the separate behaviors.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c783f1ce5712530ba404807c55d77ac782eb8a7d", "tree": "3153ec98b5c6d57eb5a0aad43389d4faa6d63586", "parents": [ "0ba6c33bcddc64a54b5f1c25a696c4767dc76292" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:37:52 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:16 2008 +1100" }, "message": "NetLabel: Remove unneeded RCU read locks\n\nThis patch removes some unneeded RCU read locks as we can treat the reads as\n\"safe\" even without RCU. It also converts the NetLabel configuration refcount\nfrom a spinlock protected u32 into atomic_t to be more consistent with the rest\nof the kernel.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e185446ce83f327428624fc4a0392794249311a2", "tree": "76c2b54382370d2586569b7d62319c933a55c5d5", "parents": [ "9a94b35184bf095b885ca80099381f8547d5be3a" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Thu Dec 20 14:03:11 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Dec 20 14:03:11 2007 -0800" }, "message": "[NETLABEL]: Spelling fixes\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4be2700fb7b95f2a7cef9324879cafccab8774fc", "tree": "8e3839c4e1c23c7d2b105f9ea45fb0891e3f0312", "parents": [ "94d3b1e586f6d4c7150501bde284c544ce99073c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Oct 26 04:29:08 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 26 04:29:08 2007 -0700" }, "message": "[NetLabel]: correct usage of RCU locking\n\nThis fixes some awkward, and perhaps even problematic, RCU lock usage in the\nNetLabel code as well as some other related trivial cleanups found when\nlooking through the RCU locking. Most of the changes involve removing the\nredundant RCU read locks wrapping spinlocks in the case of a RCU writer.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8f4c1f9b049df3be11090f1c2c4738700302acae", "tree": "51271d32096e4419173072d120176b4428e52a11", "parents": [ "9d5010db7ecfd6ec00119d3b185c4c0cd3265167" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Wed Sep 12 14:44:36 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:16 2007 -0700" }, "message": "[NETLINK]: Introduce nested and byteorder flag to netlink attribute\n\nThis change allows the generic attribute interface to be used within\nthe netfilter subsystem where this flag was initially introduced.\n\nThe byte-order flag is yet unused, it\u0027s intended use is to\nallow automatic byte order convertions for all atomic types.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3482fd9099e8aab8b8096eb6da93571ea5a0b4c2", "tree": "6ea34d94e11d42738fbac12c0934ed973a990908", "parents": [ "4a2a4df7b6db25df8f3d5cc6dd0b096119359d92" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 07 17:53:10 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Aug 07 17:53:10 2007 -0700" }, "message": "[NetLabel]: add missing rcu_dereference() calls in the LSM domain mapping hash table\nThe LSM domain mapping head table pointer was not being referenced via the RCU\nsafe dereferencing function, rcu_dereference(). This patch adds those missing\ncalls to the NetLabel code.\n\nThis has been tested using recent linux-2.6 git kernels with no visible\nregressions.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e6e0871cce2ae04f5790543ad2f4ec36b23260ba", "tree": "0af9d48482dbdb8b949fb673eb5bf48fd5611cc5", "parents": [ "088999e98b8caecd31adc3b62223a228555c5ab7" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Aug 01 11:12:59 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 02 11:52:26 2007 -0400" }, "message": "Net/Security: fix memory leaks from security_secid_to_secctx()\n\nThe security_secid_to_secctx() function returns memory that must be freed\nby a call to security_release_secctx() which was not always happening. This\npatch fixes two of these problems (all that I could find in the kernel source\nat present).\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "23bcdc1adebd3cb47d5666f2e9ecada95c0134e4", "tree": "71caf0ac9fa86e4a9cf423d968a2486656c2e196", "parents": [ "589f1e81bde732dd0b1bc5d01b6bddd4bcb4527b" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Jul 18 12:28:45 2007 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jul 19 10:21:11 2007 -0400" }, "message": "SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement\n\nCreate a new NetLabel KAPI interface, netlbl_enabled(), which reports on the\ncurrent runtime status of NetLabel based on the existing configuration. LSMs\nthat make use of NetLabel, i.e. SELinux, can use this new function to determine\nif they should perform NetLabel access checks. This patch changes the\nNetLabel/SELinux glue code such that SELinux only enforces NetLabel related\naccess checks when netlbl_enabled() returns true.\n\nAt present NetLabel is considered to be enabled when there is at least one\nlabeled protocol configuration present. The result is that by default NetLabel\nis considered to be disabled, however, as soon as an administrator configured\na CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing\nNetLabel related access controls - including unlabeled packet controls.\n\nThis patch also tries to consolidate the multiple \"#ifdef CONFIG_NETLABEL\"\nblocks into a single block to ease future review as recommended by Linus.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ba6ff9f2b5c6018b293bd21083ffaa5ad710e671", "tree": "7a868d3a1948ab9e1aaf7b6e64e114e0f790370d", "parents": [ "6363097cc4d182f93788131b5d8f72aa91d950a0" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Jun 07 18:37:15 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Jun 08 13:33:09 2007 -0700" }, "message": "[NetLabel]: consolidate the struct socket/sock handling to just struct sock\n\nThe current NetLabel code has some redundant APIs which allow both\n\"struct socket\" and \"struct sock\" types to be used; this may have made\nsense at some point but it is wasteful now. Remove the functions that\noperate on sockets and convert the callers. Not only does this make\nthe code smaller and more consistent but it pushes the locking burden\nup to the caller which can be more intelligent about the locks. Also,\nperform the same conversion (socket to sock) on the SELinux/NetLabel\nglue code where it make sense.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ef7c79ed645f52bcbdd88f8d54a9702c4d3fd15d", "tree": "4c27ec3362d958b99672366437d5eb6038dd561d", "parents": [ "14a49e1fd2bb91ba2bf0e1f06711b6dbc21de02d" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Tue Jun 05 12:38:30 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 07 13:40:10 2007 -0700" }, "message": "[NETLINK]: Mark netlink policies const\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5778eabd9cdbf16ea3e40248c452b4fd25554d11", "tree": "a488fd5fc07c01b93fe38621888cc50c64cfc0a1", "parents": [ "128c6b6cbffc8203e13ea5712a8aa65d2ed82e4e" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 28 15:14:22 2007 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 26 01:35:48 2007 -0400" }, "message": "SELinux: extract the NetLabel SELinux support from the security server\n\nUp until this patch the functions which have provided NetLabel support to\nSELinux have been integrated into the SELinux security server, which for\nvarious reasons is not really ideal. This patch makes an effort to extract as\nmuch of the NetLabel support from the security server as possibile and move it\ninto it\u0027s own file within the SELinux directory structure.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b08d5840d2c5a6ac0bce172f4c861974d718e34b", "tree": "8f9423bc255d312269065623fcb136fc661b8bc1", "parents": [ "4498121ca3acbf928681b71261227d28dc29b6f6" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Tue Feb 27 09:57:37 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Feb 28 09:42:14 2007 -0800" }, "message": "[NET]: Fix kfree(skb)\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e1a95265b44ca31456adaacebebcde12714f0c03", "tree": "d8f0df48d9884ca941aaf419d756b8fa917ad2a3", "parents": [ "d57b1869b231c56de441db35c647879d51c5d29e" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Fri Feb 09 23:25:05 2007 +0900" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Feb 10 23:19:56 2007 -0800" }, "message": "[NET] NETLABEL: Fix whitespace errors.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2a2f11c227bdf292b3a2900ad04139d301b56ac4", "tree": "e94ced56b21fa9258dc6d8c9d8b1e1a3f6e190a1", "parents": [ "797951200679f1d5ea12a2e58cc7bdbc2848764c" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Jan 05 15:08:22 2007 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 09 00:30:01 2007 -0800" }, "message": "NetLabel: correct CIPSO tag handling when adding new DOI definitions\n\nThe current netlbl_cipsov4_add_common() function has two problems which are\nfixed with this patch. The first is an off-by-one bug where it is possibile to\noverflow the doi_def-\u003etags[] array. The second is a bug where the same\ndoi_def-\u003etags[] array was not always fully initialized, which caused sporadic\nfailures.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "caff5b6a6bfd0c55b359b2b4acd8c14f828b689e", "tree": "cbff31b7189e179429b5d0ef7c51e9e4d9e59930", "parents": [ "1fd2a25b77bb6755d38aca50b826ff8dca81d762" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Dec 15 16:49:28 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Dec 22 11:11:58 2006 -0800" }, "message": "NetLabel: correctly fill in unused CIPSOv4 level and category mappings\n\nBack when the original NetLabel patches were being changed to use Netlink\nattributes correctly some code was accidentially dropped which set all of the\nundefined CIPSOv4 level and category mappings to a sentinel value. The result\nis the mappings data in the kernel contains bogus mappings which always map to\nzero. This patch restores the old/correct behavior by initializing the mapping\ndata to the correct sentinel value.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1fd2a25b77bb6755d38aca50b826ff8dca81d762", "tree": "9f5f8bd5cb99cefa8db812f7182b22da6ecf993c", "parents": [ "c2fda5fed81eea077363b285b66eafce20dfd45a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Dec 15 16:49:27 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Dec 22 11:11:56 2006 -0800" }, "message": "NetLabel: perform input validation earlier on CIPSOv4 DOI add ops\n\nThere are a couple of cases where the user input for a CIPSOv4 DOI add\noperation was not being done soon enough; the result was unexpected behavior\nwhich was resulting in oops/panics/lockups on some platforms. This patch moves\nthe existing input validation code earlier in the code path to protect against\nbogus user input.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02752760359db6b00a3ffb1acfc13ef8d9eb1e3f", "tree": "796cd65fd4cd732b295e61dac194efbf36b78842", "parents": [ "ef91fd522ba3c88d9c68261c243567bc4c5a8f55" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Nov 29 13:18:18 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:36 2006 -0800" }, "message": "NetLabel: convert to an extensibile/sparse category bitmap\n\nThe original NetLabel category bitmap was a straight char bitmap which worked\nfine for the initial release as it only supported 240 bits due to limitations\nin the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that\nstraight char bitmap into an extensibile/sparse bitmap in order to lay the\nfoundation for other CIPSO tag types and protocols.\n\nThis patch also has a nice side effect in that all of the security attributes\npassed by NetLabel into the LSM are now in a format which is in the host\u0027s\nnative byte/bit ordering which makes the LSM specific code much simpler; look\nat the changes in security/selinux/ss/ebitmap.c as an example.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "de64688ffb952a65ddbc5295ccd235d35f292593", "tree": "f15714858c974bb4b86023d38639a39a539901e2", "parents": [ "3de4bab5b9f8848a0c16a4b1ffe0452f0d670237" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:55 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:15 2006 -0800" }, "message": "NetLabel: honor the audit_enabled flag\n\nThe audit_enabled flag is used to signal when syscall auditing is to be\nperformed. While NetLabel uses a Netlink interface instead of syscalls, it is\nreasonable to consider the NetLabel Netlink interface as a form of syscall so\npay attention to the audit_enabled flag when generating audit messages in\nNetLabel.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "05e00cbf5036929355020dab4837b637203a0742", "tree": "642cd1852808fbd89a2c666e39f23b7f48f2c4c0", "parents": [ "701a90bad99b8081a824cca52c178c8fc8f46bb2" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:47 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:08 2006 -0800" }, "message": "NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer\n\nRight now the NetLabel code always jumps into the CIPSOv4 layer to determine if\na CIPSO IP option is present. However, we can do this check directly in the\nNetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save\nus a function call in the common case of not having a CIPSOv4 option present.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "701a90bad99b8081a824cca52c178c8fc8f46bb2", "tree": "5fed88e6707e9122d7f16e4c5d8fea7c69e090ac", "parents": [ "c6fa82a9dd6160e0bc980cb0401c16bf62f2fe66" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:46 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:07 2006 -0800" }, "message": "NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand\n\nThe existing netlbl_lsm_secattr struct required the LSM to check all of the\nfields to determine if any security attributes were present resulting in a lot\nof work in the common case of no attributes. This patch adds a \u0027flags\u0027 field\nwhich is used to indicate which attributes are present in the structure; this\nshould allow the LSM to do a quick comparison to determine if the structure\nholds any security attributes.\n\nExample:\n\n if (netlbl_lsm_secattr-\u003eflags)\n\t/* security attributes present */\n else\n\t/* NO security attributes present */\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cd28786d6d4209ec32a375d92188ec7b4d98779f", "tree": "61c0d2db9b99dd05b695202cdce7e9ec9c26ff03", "parents": [ "1f758d93548fb3c6297c05a351a4ba532de6a497" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Nov 17 17:38:44 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:24:05 2006 -0800" }, "message": "NetLabel: convert the unlabeled accept flag to use RCU\n\nCurrently the NetLabel unlabeled packet accept flag is an atomic type and it\nis checked for every non-NetLabel packet which comes into the system but rarely\never changed. This patch changes this flag to a normal integer and protects it\nwith RCU locking.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "17c157c889f4b07258af6bfec9e4e9dcf3c00178", "tree": "f17be049a40b5742ca7e67094d6a7063146568d5", "parents": [ "81878d27fdd297a33f3cfcf29483fe1abaf26dec" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Tue Nov 14 19:46:02 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:42 2006 -0800" }, "message": "[GENL]: Add genlmsg_put_reply() to simplify building reply headers\n\nBy modyfing genlmsg_put() to take a genl_family and by adding\ngenlmsg_put_reply() the process of constructing the netlink\nand generic netlink headers is simplified.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "81878d27fdd297a33f3cfcf29483fe1abaf26dec", "tree": "4ce8183643abce3ec5fe5fdab0c9104204e88e6e", "parents": [ "3dabc7157859e706770c825aa229f8943db4e0e1" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Tue Nov 14 19:45:27 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:41 2006 -0800" }, "message": "[GENL]: Add genlmsg_reply() to simply unicast replies to requests\n\nA generic netlink user has no interest in knowing how to\naddress the source of the original request.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "339bf98ffc6a8d8eb16fc532ac57ffbced2f8a68", "tree": "499ad948863d2753ca10283dcf006ad28954538e", "parents": [ "a94f723d595ee085f81b1788d18e031af7eeba91" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Fri Nov 10 14:10:15 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:11 2006 -0800" }, "message": "[NETLINK]: Do precise netlink message allocations where possible\n\nAccount for the netlink message header size directly in nlmsg_new()\ninstead of relying on the caller calculate it correctly.\n\nReplaces error handling of message construction functions when\nconstructing notifications with bug traps since a failure implies\na bug in calculating the size of the skb.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "38c94377a36f70e86665231c9f477e445c806618", "tree": "92beb31d6790a434b1965ca99e4fd2903a4da4f2", "parents": [ "daccff024ffeb21caa2cc479ccc33b2ec50705b1" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sun Nov 05 16:44:06 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 05 16:44:06 2006 -0800" }, "message": "[NETLABEL]: Fix build failure.\n\n\u003e the build with the attached .config failed, make ends with:\n\u003e ...\n\u003e : undefined reference to `cipso_v4_sock_getattr\u0027\n\u003e net/built-in.o: In function `netlbl_socket_getattr\u0027:\n\n ...\n\nIt looks like I was stupid and made NetLabel depend on CONFIG_NET and not\nCONFIG_INET, the patch below should fix this by making NetLabel depend on\nCONFIG_INET and CONFIG_SECURITY. Please review and apply for 2.6.19.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ffb733c65000ee701294f7b80c4eca2a5f335637", "tree": "edda8e25792fe4a7bf0c619787949291276b9ed7", "parents": [ "c25d5180441e344a3368d100c57f0a481c6944f7" ], "author": { "name": "paul.moore@hp.com", "email": "paul.moore@hp.com", "time": "Wed Oct 04 11:46:31 2006 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:29 2006 -0700" }, "message": "NetLabel: fix a cache race condition\n\nTesting revealed a problem with the NetLabel cache where a cached entry could\nbe freed while in use by the LSM layer causing an oops and other problems.\nThis patch fixes that problem by introducing a reference counter to the cache\nentry so that it is only freed when it is no longer in use.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "95d4e6be25a68cd9fbe8c0d356b585504d8db1c7", "tree": "2133c970e6786bdf82004ace225b6bca19b9ddba", "parents": [ "d6c641026dec68acfb4b0baa98aad960e963ed97" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Sep 29 17:05:05 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 29 17:05:05 2006 -0700" }, "message": "[NetLabel]: audit fixups due to delayed feedback\n\nFix some issues Steve Grubb had with the way NetLabel was using the audit\nsubsystem. This should make NetLabel more consistent with other kernel\ngenerated audit messages specifying configuration changes.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "32f50cdee666333168b5203c7864bede159f789e", "tree": "c4989cc2521551714f656d60f6b895232ffdeda6", "parents": [ "8ea333eb5da3e3219f570220c56bca09f6f4d25a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Sep 28 14:51:47 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Sep 28 18:03:09 2006 -0700" }, "message": "[NetLabel]: add audit support for configuration changes\n\nThis patch adds audit support to NetLabel, including six new audit message\ntypes shown below.\n\n #define AUDIT_MAC_UNLBL_ACCEPT 1406\n #define AUDIT_MAC_UNLBL_DENY 1407\n #define AUDIT_MAC_CIPSOV4_ADD 1408\n #define AUDIT_MAC_CIPSOV4_DEL 1409\n #define AUDIT_MAC_MAP_ADD 1410\n #define AUDIT_MAC_MAP_DEL 1411\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4cc6773508299377099aa30cf30e6a2196c5872d", "tree": "c96fe28eb992700065a1c98777894f5f20efe6c7", "parents": [ "fd3858554b62c3af6b7664b5c58ad864c87116c9" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:57:13 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:57:13 2006 -0700" }, "message": "[NetLabel]: update docs with website information\n\nNow that all of the supporting pieces of NetLabel have a home at SourceForge\nupdate the Kconfig help text and add an entry to the MAINTAINERS file.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fd3858554b62c3af6b7664b5c58ad864c87116c9", "tree": "9b01a61ed88a19331565649f04373a08ca3d3aa6", "parents": [ "fcd48280643e92ec6cb29a04e9079dd7b6b5bfef" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:56:37 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:56:37 2006 -0700" }, "message": "[NetLabel]: rework the Netlink attribute handling (part 2)\n\nAt the suggestion of Thomas Graf, rewrite NetLabel\u0027s use of Netlink attributes\nto better follow the common Netlink attribute usage.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fcd48280643e92ec6cb29a04e9079dd7b6b5bfef", "tree": "c594e16a021262e97f8b41493529c95bd616529e", "parents": [ "4fe5d5c07ab615a52fd1b0ceba5aeed7c612821a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:56:09 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:56:09 2006 -0700" }, "message": "[NetLabel]: rework the Netlink attribute handling (part 1)\n\nAt the suggestion of Thomas Graf, rewrite NetLabel\u0027s use of Netlink attributes\nto better follow the common Netlink attribute usage.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "14a72f53fb1bb5d5c2bdd8cf172219519664729a", "tree": "95a077fb9289a95c352af77f18f12e5aba3313c6", "parents": [ "597811ec167fa01c926a0957a91d9e39baa30e64" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Sep 25 15:52:01 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 25 15:52:01 2006 -0700" }, "message": "[NetLabel]: correct improper handling of non-NetLabel peer contexts\n\nFix a problem where NetLabel would always set the value of \nsk_security_struct-\u003epeer_sid in selinux_netlbl_sock_graft() to the context of\nthe socket, causing problems when users would query the context of the\nconnection. This patch fixes this so that the value in\nsk_security_struct-\u003epeer_sid is only set when the connection is NetLabel based,\notherwise the value is untouched.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7a0e1d602288370801c353221c6a938eab925053", "tree": "f11ef396a27549513a91fcaf7d06dafb2b84509a", "parents": [ "e448e931309e703f51d71a557973c620ff12fbda" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Aug 29 17:56:04 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:18:39 2006 -0700" }, "message": "[NetLabel]: add some missing #includes to various header files\n\nAdd some missing include files to the NetLabel related header files.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d387f6ad10764fc2174373b4a1cca443adee36e3", "tree": "ed22c34f55de9c668eed1727d46239f3b48599b7", "parents": [ "2942e90050569525628a9f34e0daaa9b661b49cc" ], "author": { "name": "Thomas Graf", "email": "tgraf@suug.ch", "time": "Tue Aug 15 00:31:06 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:54:49 2006 -0700" }, "message": "[NETLINK]: Add notification message sending interface\n\nAdds nlmsg_notify() implementing proper notification logic. The\nmessage is multicasted to all listeners in the group. The\napplications the requests orignates from can request a unicast\nback report in which case said socket will be excluded from the\nmulticast to avoid duplicated notifications.\n\nnlmsg_multicast() is extended to take allocation flags to\nallow notification in atomic contexts.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8ce11e6a9faf1f1c849b77104adc1642c46aee95", "tree": "58b169b6856d5eafb8cbc1fa547ff967be9ad30c", "parents": [ "e6242e928ef1e4ed853f909a7479e4934f4bcb70" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Mon Aug 07 21:50:48 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:54:07 2006 -0700" }, "message": "[NET]: Make code static.\n\nThis patch makes needlessly global code static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "96cb8e3313c7a12e026c1ed510522ae6f6023875", "tree": "35d796afb2365041bc98fdba8f1734419be6b6c8", "parents": [ "d15c345fe3b8dfda0fa5a1d2143a35fffa746a43" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Aug 03 16:48:59 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:35 2006 -0700" }, "message": "[NetLabel]: CIPSOv4 and Unlabeled packet integration\n\nAdd CIPSO/IPv4 and unlabeled packet management to the NetLabel\nsubsystem. The CIPSO/IPv4 changes allow the configuration of\nCIPSO/IPv4 within the overall NetLabel framework. The unlabeled\npacket changes allows NetLabel to pass unlabeled packets without\nerror.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d15c345fe3b8dfda0fa5a1d2143a35fffa746a43", "tree": "7de6afd5f4de2fca01eaca879e342ab493dc0bba", "parents": [ "446fda4f26822b2d42ab3396aafcedf38a9ff2b6" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Aug 03 16:48:37 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:34 2006 -0700" }, "message": "[NetLabel]: core NetLabel subsystem\n\nAdd a new kernel subsystem, NetLabel, to provide explicit packet\nlabeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is\ndesigned to work in conjunction with a LSM to intercept and decode\nsecurity labels on incoming network packets as well as ensure that\noutgoing network packets are labeled according to the security\nmechanism employed by the LSM. The NetLabel subsystem is configured\nthrough a Generic NETLINK interface described in the header files\nincluded in this patch.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" } ] }