)]}' { "log": [ { "commit": "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d", "tree": "eac36ba696cf33bbbe3fcd490589ef453d9c8ef1", "parents": [ "d86b2b61d4dea614d6f319772a90a8f98b55ed67" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 21:21:36 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Thu Oct 20 16:07:31 2011 -0700" }, "message": "Smack: allow to access /smack/access as normal user\n\nAllow query access as a normal user removing the need\nfor CAP_MAC_ADMIN. Give RW access to /smack/access\nfor UGO. Do not import smack labels in access check.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "d86b2b61d4dea614d6f319772a90a8f98b55ed67", "tree": "8d7647ea8d46630e3a09cd74210b9d4c94b86833", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 14:34:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Tue Oct 18 09:02:57 2011 -0700" }, "message": "Smack: fix: invalid length set for the result of /smack/access\n\nForgot to update simple_transaction_set() to take terminator\ncharacter into account.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "16014d87509e26d6ed6935adbbf437a571fb5870", "tree": "bdf8641b1412d5e8cd1abe39eca5bc62caf99ad0", "parents": [ "f8859d98c1d1e73393285fb9dd57007839956247" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Fri Oct 14 13:16:24 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Oct 14 08:56:49 2011 -0700" }, "message": "Smack: compilation fix\n\nOn some build configurations PER_CLEAR_ON_SETID symbol was not\nfound when compiling smack_lsm.c. This patch fixes the issue by\nexplicitly doing #include \u003clinux/personality.h\u003e.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "f8859d98c1d1e73393285fb9dd57007839956247", "tree": "a6937380935074702febe48239bb891b4242752d", "parents": [ "84088ba239293abb24260c6c36d86e8775b6707f" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Mon Oct 10 14:29:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:30:07 2011 -0700" }, "message": "Smack: fix for /smack/access output, use string instead of byte\n\nSmall fix for the output of access SmackFS file. Use string\nis instead of byte. Makes it easier to extend API if it is\nneeded.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "84088ba239293abb24260c6c36d86e8775b6707f", "tree": "7a8936d22156d108241725fae705979316fc6350", "parents": [ "975d5e55c2e78b755bd0b92b71db1c241c5a2665" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Fri Oct 07 09:27:53 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:28:15 2011 -0700" }, "message": "Smack: domain transition protections (v3)\n\nProtections for domain transition:\n\n- BPRM unsafe flags\n- Secureexec\n- Clear unsafe personality bits.\n- Clear parent death signal\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n" }, { "commit": "975d5e55c2e78b755bd0b92b71db1c241c5a2665", "tree": "7f39bc6c89720a5abdf617cd1e83c0904d04ec08", "parents": [ "ce8a432197d9892689eb4896f690b9fe6b3de598" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 26 14:43:39 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:27:05 2011 -0700" }, "message": "Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n\nThis patch is targeted for the smack-next tree.\n\nThis patch takes advantage of the recent changes for performance\nand points the packet labels on UDS connect at the output label of\nthe far side. This makes getsockopt(...SO_PEERCRED...) function\nproperly. Without this change the getsockopt does not provide any\ninformation.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "ce8a432197d9892689eb4896f690b9fe6b3de598", "tree": "09dff875df15be3a36f3e0dcb760d0064d4da935", "parents": [ "531f1d453ed8a8acee4015bd64e7bcc2eab939e4" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Sep 29 18:21:01 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:26:07 2011 -0700" }, "message": "Smack: Clean up comments\n\nThere are a number of comments in the Smack code that\nare either malformed or include code. This patch cleans\nthem up.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "531f1d453ed8a8acee4015bd64e7bcc2eab939e4", "tree": "0dd06c1ecc894444c42350c76c5712899d2ddb78", "parents": [ "272cd7a8c67dd40a31ecff76a503bbb84707f757" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Mon Sep 19 12:41:42 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:24:28 2011 -0700" }, "message": "Smack: Repair processing of fcntl\n\nAl Viro pointed out that the processing of fcntl done\nby Smack appeared poorly designed. He was right. There\nare three things that required change. Most obviously,\nthe list of commands that really imply writing is limited\nto those involving file locking and signal handling.\nThe initialization if the file security blob was\nincomplete, requiring use of a heretofore unused LSM hook.\nFinally, the audit information coming from a helper\nmasked the identity of the LSM hook. This patch corrects\nall three of these defects.\n\nThis is targeted for the smack-next tree pending comments.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "272cd7a8c67dd40a31ecff76a503bbb84707f757", "tree": "467f83c94eb14f8f34508efe891c0dcc62a7ac24", "parents": [ "828716c28fe4aa232ea280ea8ed6fb103eefb6ac" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 20 12:24:36 2011 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:23:13 2011 -0700" }, "message": "Smack: Rule list lookup performance\n\nThis patch is targeted for the smack-next tree.\n\nSmack access checks suffer from two significant performance\nissues. In cases where there are large numbers of rules the\nsearch of the single list of rules is wasteful. Comparing the\nstring values of the smack labels is less efficient than a\nnumeric comparison would.\n\nThese changes take advantage of the Smack label list, which\nmaintains the mapping of Smack labels to secids and optional\nCIPSO labels. Because the labels are kept perpetually, an\naccess check can be done strictly based on the address of the\nlabel in the list without ever looking at the label itself.\nRather than keeping one global list of rules the rules with\na particular subject label can be based off of that label\nlist entry. The access check need never look at entries that\ndo not use the current subject label.\n\nThis requires that packets coming off the network with\nCIPSO direct Smack labels that have never been seen before\nbe treated carefully. The only case where they could be\ndelivered is where the receiving socket has an IPIN star\nlabel, so that case is explicitly addressed.\n\nOn a system with 39,800 rules (200 labels in all permutations)\na system with this patch runs an access speed test in 5% of\nthe time of the old version. That should be a best case\nimprovement. If all of the rules are associated with the\nsame subject label and all of the accesses are for processes\nwith that label (unlikely) the improvement is about 30%.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "828716c28fe4aa232ea280ea8ed6fb103eefb6ac", "tree": "f75377cf3e770a9a67feb64fb8bef867735a975b", "parents": [ "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.sakkinen@intel.com", "time": "Thu Sep 08 10:12:01 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Wed Oct 12 14:21:32 2011 -0700" }, "message": "Smack: check permissions from user space (v2)\n\nAdds a new file into SmackFS called \u0027access\u0027. Wanted\nSmack permission is written into /smack/access.\nAfter that result can be read from the opened file.\nIf access applies result contains 1 and otherwise\n0. File access is protected from race conditions\nby using simple_transaction_get()/set() API.\n\nFixes from the previous version:\n- Removed smack.h changes, refactoring left-over\nfrom previous version.\n- Removed #include \u003clinux/smack.h\u003e, refactoring\nleft-over from previous version.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "545a7260343bbaf11c7f1a4b8c3d9660bb9266e5", "tree": "47f07960ef637b6475061575e7ae2fa7a4732a78", "parents": [ "e2b8b25a6795488eba7bb757706b3ac725c31fac" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:06:41 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:20 2011 +1100" }, "message": "TOMOYO: Fix quota and garbage collector.\n\nCommit 059d84db \"TOMOYO: Add socket operation restriction support\" and\ncommit 731d37aa \"TOMOYO: Allow domain transition without execve().\" forgot to\nupdate tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in\nincorrect quota counting and memory leak.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e2b8b25a6795488eba7bb757706b3ac725c31fac", "tree": "f77e43a01891938e8c83b56d2c249a725923b9ec", "parents": [ "e00fb3f7af111d1b3252f7d622213d2e22be65f5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Oct 11 14:05:08 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 12 12:15:18 2011 +1100" }, "message": "TOMOYO: Remove redundant tasklist_lock.\n\nrcu_read_lock() is sufficient for calling find_task_by_pid_ns()/find_task_by_vpid().\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e00fb3f7af111d1b3252f7d622213d2e22be65f5", "tree": "387b90728d0a1657e94d530c81e69c9b197f1c1c", "parents": [ "c6cb56fc94f4efaec2d4ad74bed2be7883179ccd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Tue Sep 27 11:48:53 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 28 11:53:15 2011 +1000" }, "message": "TOMOYO: Fix domain transition failure warning.\n\nCommit bd03a3e4 \"TOMOYO: Add policy namespace support.\" introduced policy\nnamespace. But as of /sbin/modprobe is executed from initramfs/initrd, profiles\nfor target domain\u0027s namespace is not defined because /sbin/tomoyo-init is not\nyet called.\n\nReported-by: Jamie Nguyen \u003cjamie@tomoyolinux.co.uk\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6cb56fc94f4efaec2d4ad74bed2be7883179ccd", "tree": "cc4ebf2231093ab57c2e868fbdf176791de600db", "parents": [ "a427fd14d3edf6396c4b9638dbc8e2972afaa05b", "8c35ad20270de91d0f3bfe521daa3b7983ee8db7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 27 09:20:46 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Sep 27 09:20:46 2011 +1000" }, "message": "Merge branch \u0027next-hex2bin\u0027 of git://github.com/mzohar/linux-evm into next\n" }, { "commit": "a427fd14d3edf6396c4b9638dbc8e2972afaa05b", "tree": "2f8fdffa989f6e18f57bfb61f5ecfc4fdcf8d729", "parents": [ "f9732ea145886786a6f8b0493bc2239e70cbacdb" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:51:06 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:22 2011 +1000" }, "message": "TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n\ntomoyo_policy_lock mutex already protects it.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f9732ea145886786a6f8b0493bc2239e70cbacdb", "tree": "e29b2441cc916a174d7cd0b03cd18986ae545250", "parents": [ "778c4a4d60d932c1df6d270dcbc88365823c3963" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:50:23 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:20 2011 +1000" }, "message": "TOMOYO: Simplify garbage collector.\n\nWhen TOMOYO started using garbage collector at commit 847b173e \"TOMOYO: Add\ngarbage collector.\", we waited for close() before kfree(). Thus, elements to be\nkfree()d were queued up using tomoyo_gc_list list.\n\nBut it turned out that tomoyo_element_linked_by_gc() tends to choke garbage\ncollector when certain pattern of entries are queued.\n\nSince garbage collector is no longer waiting for close() since commit 2e503bbb\n\"TOMOYO: Fix lockdep warning.\", we can remove tomoyo_gc_list list and\ntomoyo_element_linked_by_gc() by doing sequential processing.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "778c4a4d60d932c1df6d270dcbc88365823c3963", "tree": "1c042bff1f11cf4e5d7267329091d878aba3d4d7", "parents": [ "6bce98edc3365a8f780ff3944ac7992544c194fe" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Sep 25 17:49:09 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 26 10:46:19 2011 +1000" }, "message": "TOMOYO: Fix make namespacecheck warnings.\n\nCommit efe836ab \"TOMOYO: Add built-in policy support.\" introduced\ntomoyo_load_builtin_policy() but was by error called from nowhere.\n\nCommit b22b8b9f \"TOMOYO: Rename meminfo to stat and show more statistics.\"\nintroduced tomoyo_update_stat() but was by error not called from\ntomoyo_assign_domain().\n\nAlso, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,\nas reported by \"make namespacecheck\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8c35ad20270de91d0f3bfe521daa3b7983ee8db7", "tree": "49422eea35b4d856bd11aa4ae11387728b678fff", "parents": [ "2b3ff6319e2312656fbefe0209bef02d58b6836a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 16 08:50:30 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 21 08:27:43 2011 -0400" }, "message": "target: check hex2bin result\n\nNow that hex2bin does error checking, on error add debugging error msg.\n\nChangelog v1 (update):\n- fixed definition of \u0027ret\u0027\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "2b3ff6319e2312656fbefe0209bef02d58b6836a", "tree": "43041b8a5e6fe31dadf2ad682d73fa873476b952", "parents": [ "2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:55 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:26:44 2011 -0400" }, "message": "encrypted-keys: check hex2bin result\n\nFor each hex2bin call in encrypted keys, check that the ascii hex string\nis valid. On failure, return -EINVAL.\n\nChangelog v1:\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022", "tree": "bbdc0709c643e58a22443ab086c6e4aa80329e17", "parents": [ "b78049831ffed65f0b4e61f69df14f3ab17922cb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:52 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:26:05 2011 -0400" }, "message": "trusted-keys: check hex2bin result\n\nFor each hex2bin call in trusted keys, check that the ascii hex string is\nvalid. On failure, return -EINVAL.\n\nChangelog v1:\n- hex2bin now returns an int\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "b78049831ffed65f0b4e61f69df14f3ab17922cb", "tree": "196c37c7eeab26e5e71d4735cb4dd7a0fa9951df", "parents": [ "6bce98edc3365a8f780ff3944ac7992544c194fe" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 11:23:49 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Sep 20 23:24:44 2011 -0400" }, "message": "lib: add error checking to hex2bin\n\nhex2bin converts a hexadecimal string to its binary representation.\nThe original version of hex2bin did not do any error checking. This\npatch adds error checking and returns the result.\n\nChangelog v1:\n- removed unpack_hex_byte()\n- changed return code from boolean to int\n\nChangelog:\n- use the new unpack_hex_byte()\n- add __must_check compiler option (Andy Shevchenko\u0027s suggestion)\n- change function API to return error checking result\n (based on Tetsuo Handa\u0027s initial patch)\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: Andy Shevchenko \u003candy.shevchenko@gmail.com\u003e\n" }, { "commit": "6bce98edc3365a8f780ff3944ac7992544c194fe", "tree": "ee10abf2345f651d65d7f10fd385c01e0dc891b3", "parents": [ "cc100551b4d92f47abebfa7c7918b2be71263b4a" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Sep 16 22:54:25 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Sep 19 10:09:59 2011 +1000" }, "message": "TOMOYO: Allow specifying domain transition preference.\n\nI got an opinion that it is difficult to use exception policy\u0027s domain\ntransition control directives because they need to match the pathname specified\nto \"file execute\" directives. For example, if \"file execute /bin/\\*\\-ls\\-cat\"\nis given, corresponding domain transition control directive needs to be like\n\"no_keep_domain /bin/\\*\\-ls\\-cat from any\".\n\nIf we can specify like below, it will become more convenient.\n\n file execute /bin/ls keep exec.realpath\u003d\"/bin/ls\" exec.argv[0]\u003d\"ls\"\n file execute /bin/cat keep exec.realpath\u003d\"/bin/cat\" exec.argv[0]\u003d\"cat\"\n file execute /bin/\\*\\-ls\\-cat child\n file execute /usr/sbin/httpd \u003capache\u003e exec.realpath\u003d\"/usr/sbin/httpd\" exec.argv[0]\u003d\"/usr/sbin/httpd\"\n\nIn above examples, \"keep\" works as if keep_domain is specified, \"child\" works\nas if \"no_reset_domain\" and \"no_initialize_domain\" and \"no_keep_domain\" are\nspecified, \"\u003capache\u003e\" causes domain transition to \u003capache\u003e domain upon\nsuccessful execve() operation.\n\nMoreover, we can also allow transition to different domains based on conditions\nlike below example.\n\n \u003ckernel\u003e /usr/sbin/sshd\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //batch-session exec.argc\u003d2 exec.argv[1]\u003d\"-c\"\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //root-session task.uid\u003d0\n file execute /bin/bash \u003ckernel\u003e /usr/sbin/sshd //nonroot-session task.uid!\u003d0\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc100551b4d92f47abebfa7c7918b2be71263b4a", "tree": "d603f15ff5ef28efd5f818817aca036045ac8a8b", "parents": [ "8de6ac7f58a22fdab399fbe97763e465ea49c735" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Thu Sep 15 17:07:15 2011 +1000" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 15 17:37:24 2011 -0400" }, "message": "encrypted-keys: IS_ERR need include/err.h\n\nFixes this build error:\n\nsecurity/keys/encrypted-keys/masterkey_trusted.c: In function \u0027request_trusted_key\u0027:\nsecurity/keys/encrypted-keys/masterkey_trusted.c:35:2: error: implicit declaration of function \u0027IS_ERR\u0027\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "8de6ac7f58a22fdab399fbe97763e465ea49c735", "tree": "46104451c69f5270fcc11137aecff012a2ecf612", "parents": [ "843d183cdd816549b73e6bd3ae07f64adddf714b", "fb788d8b981fa55603873416882f8dcf835e7924" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 09:53:38 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 09:53:38 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://github.com/mzohar/linux-evm into next\n" }, { "commit": "843d183cdd816549b73e6bd3ae07f64adddf714b", "tree": "3421638e9c9d44be37e539a4ffed6216bc1f7f3c", "parents": [ "a8f7640963ada66c412314c3559c11ff6946c1a5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Sep 14 17:03:19 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Sep 15 08:14:21 2011 +1000" }, "message": "TOMOYO: Bump version.\n\nTell userland tools that this is TOMOYO 2.5.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fb788d8b981fa55603873416882f8dcf835e7924", "tree": "023d8410571f27e8d10bf6fc0a4a088cb9368df6", "parents": [ "566be59ab86c0e030b980645a580d683a015a483" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Aug 15 15:30:11 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: clean verification status\n\nWhen allocating from slab, initialization is done the first time in\ninit_once() and subsequently on free. Because evm_status was not\nre-initialized on free, evm_verify_hmac() skipped verifications.\n\nThis patch re-initializes evm_status.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "566be59ab86c0e030b980645a580d683a015a483", "tree": "c5d29c7db2f8ef93e970cb405621f59c57d01b94", "parents": [ "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 22 09:14:18 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:52 2011 -0400" }, "message": "evm: permit mode bits to be updated\n\nBefore permitting \u0027security.evm\u0027 to be updated, \u0027security.evm\u0027 must\nexist and be valid. In the case that there are no existing EVM protected\nxattrs, it is safe for posix acls to update the mode bits.\n\nTo differentiate between no \u0027security.evm\u0027 xattr and no xattrs used to\ncalculate \u0027security.evm\u0027, this patch defines INTEGRITY_NOXATTR.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa", "tree": "c6c5f39d43fe0d27bc1d3aedbd2f9b3ba2f8f537", "parents": [ "a924ce0b35875ef9512135b46a32f4150fd700b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 18 18:07:44 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: posix acls modify i_mode\n\nThe posix xattr acls are \u0027system\u0027 prefixed, which normally would not\naffect security.evm. An interesting side affect of writing posix xattr\nacls is their modifying of the i_mode, which is included in security.evm.\n\nThis patch updates security.evm when posix xattr acls are written.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "a924ce0b35875ef9512135b46a32f4150fd700b2", "tree": "0e01ac679790fe96c03b341b2670a2ed9c56a122", "parents": [ "fb88c2b6cbb1265a8bef60694699b37f5cd4ba76" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 01:22:30 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:51 2011 -0400" }, "message": "evm: limit verifying current security.evm integrity\n\nevm_protect_xattr unnecessarily validates the current security.evm\nintegrity, before updating non-evm protected extended attributes\nand other file metadata. This patch limits validating the current\nsecurity.evm integrity to evm protected metadata.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "fb88c2b6cbb1265a8bef60694699b37f5cd4ba76", "tree": "f747bf1f156c5537da77528a92a4e36eb342cb58", "parents": [ "1d714057ef8f6348eba7b28ace6d307513e57cef" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 15 10:13:18 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:50 2011 -0400" }, "message": "evm: fix security/security_old_init_security return code\n\nsecurity_inode_init_security previously returned -EOPNOTSUPP, for S_PRIVATE\ninodes, and relied on the callers to change it to 0. As the callers do not\nchange the return code anymore, return 0, intead of -EOPNOTSUPP.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "1d714057ef8f6348eba7b28ace6d307513e57cef", "tree": "a848b86df6257b347b6929f9ad09666105996003", "parents": [ "982e617a313b57abee3bcfa53381c356d00fd64a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Aug 28 08:57:11 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:24:49 2011 -0400" }, "message": "evm: remove TCG_TPM dependency\n\nAll tristates selected by EVM(boolean) are forced to be builtin, except\nin the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the\nKconfig bug as, \"So it would seem direct dependency state influence the\nstate of reverse dependencies..\" For a detailed explanation, refer to\nArnaud Lacombe\u0027s posting http://lkml.org/lkml/2011/8/23/498.\n\nWith the \"encrypted-keys: remove trusted-keys dependency\" patch, EVM\ncan now be built without a dependency on TCG_TPM. The trusted-keys\ndependency requires trusted-keys to either be builtin or not selected.\nThis dependency will prevent the boolean/tristate mismatch from\noccuring.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "982e617a313b57abee3bcfa53381c356d00fd64a", "tree": "ba23ab206aaff2331bca116cebd11ad4ef580c32", "parents": [ "61cf45d0199041df1a8ba334b6bf4a3a13b7f904" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sat Aug 27 22:21:26 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:23:49 2011 -0400" }, "message": "encrypted-keys: remove trusted-keys dependency\n\nEncrypted keys are decrypted/encrypted using either a trusted-key or,\nfor those systems without a TPM, a user-defined key. This patch\nremoves the trusted-keys and TCG_TPM dependencies.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "61cf45d0199041df1a8ba334b6bf4a3a13b7f904", "tree": "b287399eb3704b766d2ba3d9a36de0bb57f70139", "parents": [ "a8f7640963ada66c412314c3559c11ff6946c1a5" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:06:00 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 14 15:22:26 2011 -0400" }, "message": "encrypted-keys: create encrypted-keys directory\n\nMove all files associated with encrypted keys to keys/encrypted-keys.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "a8f7640963ada66c412314c3559c11ff6946c1a5", "tree": "23d9fb5fe64bb431b610deb6c1b696356106f94d", "parents": [ "731d37aa70c7b9de3be6bf2c8287366223bf5ce5" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:27:12 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:07 2011 +1000" }, "message": "TOMOYO: Avoid race when retrying \"file execute\" permission check.\n\nThere was a race window that the pathname which is subjected to \"file execute\"\npermission check when retrying via supervisor\u0027s decision because the pathname\nwas recalculated upon retry. Though, there is an inevitable race window even\nwithout supervisor, for we have to calculate the symbolic link\u0027s pathname from\n\"struct linux_binprm\"-\u003efilename rather than from \"struct linux_binprm\"-\u003efile\nbecause we cannot back calculate the symbolic link\u0027s pathname from the\ndereferenced pathname.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "731d37aa70c7b9de3be6bf2c8287366223bf5ce5", "tree": "8ac6028511485862572695eb91e2d461e0636182", "parents": [ "1f067a682a9bd252107ac6f6946b7332fde42344" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:25:58 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow domain transition without execve().\n\nTo be able to split permissions for Apache\u0027s CGI programs which are executed\nwithout execve(), add special domain transition which is performed by writing\na TOMOYO\u0027s domainname to /sys/kernel/security/tomoyo/self_domain interface.\n\nThis is an API for TOMOYO-aware userland applications. However, since I expect\nTOMOYO and other LSM modules to run in parallel, this patch does not use\n/proc/self/attr/ interface in order to avoid conflicts with other LSM modules\nwhen it became possible to run multiple LSM modules in parallel.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1f067a682a9bd252107ac6f6946b7332fde42344", "tree": "379bbbf02f0a802453e585a2a482192409308fbb", "parents": [ "059d84dbb3897d4ee494a9c842c5dda54316cb47" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:24:56 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:06 2011 +1000" }, "message": "TOMOYO: Allow controlling generation of access granted logs for per an entry basis.\n\nAdd per-entry flag which controls generation of grant logs because Xen and KVM\nissues ioctl requests so frequently. For example,\n\n file ioctl /dev/null 0x5401 grant_log\u003dno\n\nwill suppress /sys/kernel/security/tomoyo/audit even if preference says\ngrant_log\u003dyes .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "059d84dbb3897d4ee494a9c842c5dda54316cb47", "tree": "483ca0cb613b1304184b92f075b3f5283d36c723", "parents": [ "d58e0da854376841ac99defeb117a83f086715c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:23:54 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add socket operation restriction support.\n\nThis patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX\nsocket\u0027s bind()/listen()/connect()/send() operations.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d58e0da854376841ac99defeb117a83f086715c6", "tree": "b6e37d1030180680a7801ecb295d8d3990930375", "parents": [ "5dbe3040c74eef18e66951347eda05b153e69328" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Sep 10 15:22:48 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Sep 14 08:27:05 2011 +1000" }, "message": "TOMOYO: Add environment variable name restriction support.\n\nThis patch adds support for checking environment variable\u0027s names.\nAlthough TOMOYO already provides ability to check argv[]/envp[] passed to\nexecve() requests,\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"bar\"\n\nwill reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not\ndefined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,\nadministrators have to specify like\n\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n file execute /bin/sh exec.envp[\"LD_LIBRARY_PATH\"]\u003dNULL\n\n. Since there are many environment variables whereas conditional checks are\napplied as \"\u0026\u0026\", it is difficult to cover all combinations. Therefore, this\npatch supports conditional checks that are applied as \"||\", by specifying like\n\n file execute /bin/sh\n misc env LD_LIBRARY_PATH exec.envp[\"LD_LIBRARY_PATH\"]\u003d\"/system/lib\"\n\nwhich means \"grant execution of /bin/sh if environment variable is not defined\nor is defined and its value is /system/lib\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5dbe3040c74eef18e66951347eda05b153e69328", "tree": "72c9e5f77deae00f1234e488254d4898cab32027", "parents": [ "7b98a5857c3fa86cb0a7e5f893643491a8b5b425" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 13:48:53 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:33 2011 -0700" }, "message": "security: sparse fix: Move security_fixup_op to security.h\n\nFix sparse warning by moving declaraion to global header.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b98a5857c3fa86cb0a7e5f893643491a8b5b425", "tree": "9e8b83d35a9c70f2c02853de808184871df3aba9", "parents": [ "0ff53f5ddbaebeac1c2735125901275acc1fecc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:52:32 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: fix several warnings in the security server code\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ff53f5ddbaebeac1c2735125901275acc1fecc6", "tree": "7ceff5b004c1ae4e873002dc59be1ae6c4e7de14", "parents": [ "6a3fbe81179c85eb53054a0f4c8423ffec0276a7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:36:39 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: include selinux.h in exports.c\n\nFix warning:\nsecurity/selinux/exports.c:18:6: warning: symbol \u0027selinux_is_enabled\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a3fbe81179c85eb53054a0f4c8423ffec0276a7", "tree": "b281fee66a005236bbdedf5f22eeacc37669ba4a", "parents": [ "ad3fa08c4ff84ed87649d72e8497735c85561a3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:09:15 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:31 2011 -0700" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ad3fa08c4ff84ed87649d72e8497735c85561a3d", "tree": "e6f22e6d42cf52c689e983be42b9292180564446", "parents": [ "d5813a571876c72766f125b1c6e63414f6822c28" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:50:12 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d5813a571876c72766f125b1c6e63414f6822c28", "tree": "fe688a7aa64fa890741e5a87800a3f95ddcaaee6", "parents": [ "b97e14520207dccb5cdf93f322e571bf907df104" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:19:50 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "ima: sparse fix: include linux/ima.h in ima_main.c\n\nFixes sparse warnings:\nsecurity/integrity/ima/ima_main.c:105:6: warning: symbol \u0027ima_file_free\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:167:5: warning: symbol \u0027ima_file_mmap\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:192:5: warning: symbol \u0027ima_bprm_check\u0027 was not declared. Should it be static?\nsecurity/integrity/ima/ima_main.c:211:5: warning: symbol \u0027ima_file_check\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b97e14520207dccb5cdf93f322e571bf907df104", "tree": "1757e5541378136752d608ecde87e1c7251afbb0", "parents": [ "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:18:30 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "ima: sparse fix: make ima_open_policy static\n\nFixes sparse warning:\nsecurity/integrity/ima/ima_fs.c:290:5: warning: symbol \u0027ima_open_policy\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc7db09952faefc86187c67c4adf5cbdb6fe2c1b", "tree": "1a3f81bb166b480fc505fe9af3a9b92cf613df04", "parents": [ "7ee95850bab6468f8213f36a84e872418d2faa00" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:45:44 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:29 2011 -0700" }, "message": "apparmor: sparse fix: include procattr.h in procattr.c\n\nFix sparse warnings:\nsecurity/apparmor/procattr.c:35:5: warning: symbol \u0027aa_getprocattr\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:113:5: warning: symbol \u0027aa_setprocattr_changehat\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:158:5: warning: symbol \u0027aa_setprocattr_changeprofile\u0027 was not declared. Should it be static?\nsecurity/apparmor/procattr.c:166:5: warning: symbol \u0027aa_setprocattr_permipc\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "7ee95850bab6468f8213f36a84e872418d2faa00", "tree": "d8502d9362912b1da4afa68156a9ad29c7787323", "parents": [ "32c3df631bc018109136a8f4f941ad591e76a0aa" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:43:02 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: rename shadowed variables in policy_unpack.c\n\nFix the following warnings:\n\nsecurity/apparmor/policy_unpack.c:384:35: warning: symbol \u0027size\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:370:24: originally declared here\nsecurity/apparmor/policy_unpack.c:443:29: warning: symbol \u0027tmp\u0027 shadows an earlier one\nsecurity/apparmor/policy_unpack.c:434:21: originally declared here\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "32c3df631bc018109136a8f4f941ad591e76a0aa", "tree": "60768d4a7ba8278f01873f36b1787b35fcf188f1", "parents": [ "33f8bf588070e84bb29c3a726758dbb5791fc95e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 11:15:25 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:28 2011 -0700" }, "message": "apparmor: sparse fix: add apparmor.h to lib.c\n\nFix the following sparse warnings:\nsecurity/apparmor/lib.c:37:6: warning: symbol \u0027aa_split_fqname\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:63:6: warning: symbol \u0027aa_info_message\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:83:6: warning: symbol \u0027kvmalloc\u0027 was not declared. Should it be static?\nsecurity/apparmor/lib.c:123:6: warning: symbol \u0027kvfree\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "33f8bf588070e84bb29c3a726758dbb5791fc95e", "tree": "569f68e7c8928a9845df47777017db6bf7534f34", "parents": [ "58982b74832917405a483a22beede729e3175376" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 29 10:40:54 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:27 2011 -0700" }, "message": "apparmor: sparse fix: include ipc.h\n\nInclude ipc.h to eliminate sparse warnings.\n\nsecurity/apparmor/ipc.c:61:5: warning: symbol \u0027aa_may_ptrace\u0027 was not declared. Should it be static?\nsecurity/apparmor/ipc.c:83:5: warning: symbol \u0027aa_ptrace\u0027 was not declared. Should it be static\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "58982b74832917405a483a22beede729e3175376", "tree": "fc6fa24b9cf15490de54501125ac08049abb5ea0", "parents": [ "cc59a582d6081b296e481b8bc9676b5c2faad818" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:17:14 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc59a582d6081b296e481b8bc9676b5c2faad818", "tree": "5ed00269cea7ffef573c78e854a6369a32842437", "parents": [ "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:13:31 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8", "tree": "ff238902759365d93b9ca8739f370fd3ba0f8659", "parents": [ "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:08:43 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1", "tree": "21a68483935288933c61e6d9271dc695ec967371", "parents": [ "4892722e06694fda1928bac4aa5af5505bd26a4c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:05:21 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "apparmor: sparse fix: make aa_create_aafs static\n\nSparse fix: make aa_create_aafs static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4892722e06694fda1928bac4aa5af5505bd26a4c", "tree": "eaeeb90d98ad1ad35bf32c75a579d28a70b722e2", "parents": [ "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 10:34:33 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:24 2011 -0700" }, "message": "integrity: sparse fix: move iint_initialized to integrity.h\n\nSparse fix: move iint_initialized to integrity.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc9ff9b7e3eaff3f49bc0fbbddfc1416212e888a", "tree": "bf2f9905f32040e7ad164dd9f2bff957af38b7b7", "parents": [ "852584157c55c1689bcf3809ea44b79870c3e409" ], "author": { "name": "rongqing.li@windriver.com", "email": "rongqing.li@windriver.com", "time": "Tue Sep 06 11:35:36 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:40:31 2011 -0700" }, "message": "security: Fix a typo\n\nFix a typo.\n\nSigned-off-by: Roy.Li \u003crongqing.li@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "852584157c55c1689bcf3809ea44b79870c3e409", "tree": "9965e2ceb8fbb7ffaec131eb7c1963f9a32e1c0c", "parents": [ "403d1d0319ad73b5ccf251745af4c7000331a76b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Aug 25 21:15:00 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:08:48 2011 -0700" }, "message": "TOMOYO: Fix incorrect enforce mode.\n\nIn tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in\nplace of CONFIG::file if CONFIG::file::execute was set to other than default.\nAs a result, enforcing mode was not applied in a way documentation says.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "403d1d0319ad73b5ccf251745af4c7000331a76b", "tree": "8f04137c79a0ab9c6e5104ba3bf439c6e9e6bb6a", "parents": [ "8ad346c62ae91e6376fb9d199ef8557b0c814209" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.vnet.ibm.com", "time": "Tue Aug 23 08:52:10 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 24 09:30:08 2011 +1000" }, "message": "tpm: suppress durations sysfs output if not read\n\nSuppress the output in the \u0027durations\u0027 sysfs entry if they were not read\nduring driver initialization. This is similar to other sysfs entries\nthat return nothing if for some reason sending the commands to the TPM\nfails.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8ad346c62ae91e6376fb9d199ef8557b0c814209", "tree": "c82ec8caf44c76b43728836c2d53704268c4b8d0", "parents": [ "0c061b5707ab84ebfe8f18f1c9c3110ae5cd6073" ], "author": { "name": "Axel Lin", "email": "axel.lin@gmail.com", "time": "Tue Aug 23 15:23:51 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 18:22:28 2011 +1000" }, "message": "CRED: fix build error due to \u0027tgcred\u0027 undeclared\n\nThis patch adds CONFIG_KEYS guard for tgcred to fix below build error\nif CONFIG_KEYS is not configured.\n\n CC kernel/cred.o\nkernel/cred.c: In function \u0027prepare_kernel_cred\u0027:\nkernel/cred.c:657: error: \u0027tgcred\u0027 undeclared (first use in this function)\nkernel/cred.c:657: error: (Each undeclared identifier is reported only once\nkernel/cred.c:657: error: for each function it appears in.)\nmake[1]: *** [kernel/cred.o] Error 1\nmake: *** [kernel] Error 2\n\nSigned-off-by: Axel Lin \u003caxel.lin@gmail.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0c061b5707ab84ebfe8f18f1c9c3110ae5cd6073", "tree": "cb6e83458126f3cc9ef9f5504937c8445f790b0f", "parents": [ "d199798bdf969873f78d48140600ff0a98a87e69" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:36 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:37 2011 +1000" }, "message": "KEYS: Correctly destroy key payloads when their keytype is removed\n\nunregister_key_type() has code to mark a key as dead and make it unavailable in\none loop and then destroy all those unavailable key payloads in the next loop.\nHowever, the loop to mark keys dead renders the key undetectable to the second\nloop by changing the key type pointer also.\n\nFix this by the following means:\n\n (1) The key code has two garbage collectors: one deletes unreferenced keys and\n the other alters keyrings to delete links to old dead, revoked and expired\n keys. They can end up holding each other up as both want to scan the key\n serial tree under spinlock. Combine these into a single routine.\n\n (2) Move the dead key marking, dead link removal and dead key removal into the\n garbage collector as a three phase process running over the three cycles\n of the normal garbage collection procedure. This is tracked by the\n KEY_GC_REAPING_DEAD_1, _2 and _3 state flags.\n\n unregister_key_type() then just unlinks the key type from the list, wakes\n up the garbage collector and waits for the third phase to complete.\n\n (3) Downgrade the key types sem in unregister_key_type() once it has deleted\n the key type from the list so that it doesn\u0027t block the keyctl() syscall.\n\n (4) Dead keys that cannot be simply removed in the third phase have their\n payloads destroyed with the key\u0027s semaphore write-locked to prevent\n interference by the keyctl() syscall. There should be no in-kernel users\n of dead keys of that type by the point of unregistration, though keyctl()\n may be holding a reference.\n\n (5) Only perform timer recalculation in the GC if the timer actually expired.\n If it didn\u0027t, we\u0027ll get another cycle when it goes off - and if the key\n that actually triggered it has been removed, it\u0027s not a problem.\n\n (6) Only garbage collect link if the timer expired or if we\u0027re doing dead key\n clean up phase 2.\n\n (7) As only key_garbage_collector() is permitted to use rb_erase() on the key\n serial tree, it doesn\u0027t need to revalidate its cursor after dropping the\n spinlock as the node the cursor points to must still exist in the tree.\n\n (8) Drop the spinlock in the GC if there is contention on it or if we need to\n reschedule. After dealing with that, get the spinlock again and resume\n scanning.\n\nThis has been tested in the following ways:\n\n (1) Run the keyutils testsuite against it.\n\n (2) Using the AF_RXRPC and RxKAD modules to test keytype removal:\n\n Load the rxrpc_s key type:\n\n\t# insmod /tmp/af-rxrpc.ko\n\t# insmod /tmp/rxkad.ko\n\n Create a key (http://people.redhat.com/~dhowells/rxrpc/listen.c):\n\n\t# /tmp/listen \u0026\n\t[1] 8173\n\n Find the key:\n\n\t# grep rxrpc_s /proc/keys\n\t091086e1 I--Q-- 1 perm 39390000 0 0 rxrpc_s 52:2\n\n Link it to a session keyring, preferably one with a higher serial number:\n\n\t# keyctl link 0x20e36251 @s\n\n Kill the process (the key should remain as it\u0027s linked to another place):\n\n\t# fg\n\t/tmp/listen\n\t^C\n\n Remove the key type:\n\n\trmmod rxkad\n\trmmod af-rxrpc\n\n This can be made a more effective test by altering the following part of\n the patch:\n\n\tif (unlikely(gc_state \u0026 KEY_GC_REAPING_DEAD_2)) {\n\t\t/* Make sure everyone revalidates their keys if we marked a\n\t\t * bunch as being dead and make sure all keyring ex-payloads\n\t\t * are destroyed.\n\t\t */\n\t\tkdebug(\"dead sync\");\n\t\tsynchronize_rcu();\n\n To call synchronize_rcu() in GC phase 1 instead. That causes that the\n keyring\u0027s old payload content to hang around longer until it\u0027s RCU\n destroyed - which usually happens after GC phase 3 is complete. This\n allows the destroy_dead_key branch to be tested.\n\nReported-by: Benjamin Coddington \u003cbcodding@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d199798bdf969873f78d48140600ff0a98a87e69", "tree": "fb0fbfe0eda27054eae9c9efe0240ace297c3661", "parents": [ "b072e9bc2fe9aeff4e104e80e479160349f474a9" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:28 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: The dead key link reaper should be non-reentrant\n\nThe dead key link reaper should be non-reentrant as it relies on global state\nto keep track of where it\u0027s got to when it returns to the work queue manager to\ngive it some air.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b072e9bc2fe9aeff4e104e80e479160349f474a9", "tree": "4f243698284aace64f4b5c9e5b9bee107c10e13b", "parents": [ "8bc16deabce7649e480e94b648c88d4e90c34352" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:20 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: Make the key reaper non-reentrant\n\nMake the key reaper non-reentrant by sticking it on the appropriate system work\nqueue when we queue it. This will allow it to have global state and drop\nlocks. It should probably be non-reentrant already as it may spend a long time\nholding the key serial spinlock, and so multiple entrants can spend long\nperiods of time just sitting there spinning, waiting to get the lock.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8bc16deabce7649e480e94b648c88d4e90c34352", "tree": "d9e28a921375e7448801b0b89ff43a7e0d2e61ff", "parents": [ "012146d0728f85f7a5c7c36fb84bba33e2760507" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:11 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:36 2011 +1000" }, "message": "KEYS: Move the unreferenced key reaper to the keys garbage collector file\n\nMove the unreferenced key reaper function to the keys garbage collector file\nas that\u0027s a more appropriate place with the dead key link reaper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "012146d0728f85f7a5c7c36fb84bba33e2760507", "tree": "215ad5926013e6a71d1ea750a81596fa20028dcc", "parents": [ "6d528b082294f0ddabd6368297546a2c0b67d4fe" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:09:00 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:35 2011 +1000" }, "message": "CRED: Fix prepare_kernel_cred() to provide a new thread_group_cred struct\n\nFix prepare_kernel_cred() to provide a new, separate thread_group_cred struct\notherwise when using request_key() ____call_usermodehelper() calls\numh_keys_init() with the new creds pointing to init_tgcred, which\numh_keys_init() then blithely alters.\n\nThe problem can be demonstrated by:\n\n\t# keyctl request2 user a debug:a @s\n\t249681132\n\t# grep req /proc/keys\n\t079906a5 I--Q-- 1 perm 1f3f0000 0 0 keyring _req.249681132: 1/4\n\t38ef1626 IR---- 1 expd 0b010000 0 0 .request_ key:ee1d4ec pid:4371 ci:1\n\nThe keyring _req.XXXX should have gone away, but something (init_tgcred) is\npinning it.\n\nThat key actually requested can then be removed and a new one created:\n\n\t# keyctl unlink 249681132\n\t1 links removed\n\t[root@andromeda ~]# grep req /proc/keys\n\t116cecac IR---- 1 expd 0b010000 0 0 .request_ key:eeb4911 pid:4379 ci:1\n\t36d1cbf8 I--Q-- 1 perm 1f3f0000 0 0 keyring _req.250300689: 1/4\n\nwhich causes the old _req keyring to go away and a new one to take its place.\n\nThis is a consequence of the changes in:\n\n\tcommit 879669961b11e7f40b518784863a259f735a72bf\n\tAuthor: David Howells \u003cdhowells@redhat.com\u003e\n\tDate: Fri Jun 17 11:25:59 2011 +0100\n\tKEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring\n\nand:\n\n\tcommit 17f60a7da150fdd0cfb9756f86a262daa72c835f\n\tAuthor: Eric Paris \u003ceparis@redhat.com\u003e\n\tDate: Fri Apr 1 17:07:50 2011 -0400\n\tcapabilites: allow the application of capability limits to usermode helpers\n\nAfter this patch is applied, the _req keyring and the .request_key key are\ncleaned up.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\ncc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6d528b082294f0ddabd6368297546a2c0b67d4fe", "tree": "268bf5dbd454c689947c51867bf5b77e21c97eae", "parents": [ "3ecf1b4f347210e39b156177e5b8a26ff8d00279" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:51 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:34 2011 +1000" }, "message": "KEYS: __key_link() should use the RCU deref wrapper for keyring payloads\n\n__key_link() should use the RCU deref wrapper rcu_dereference_locked_keyring()\nfor accessing keyring payloads rather than calling rcu_dereference_protected()\ndirectly.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3ecf1b4f347210e39b156177e5b8a26ff8d00279", "tree": "ba3cf0155e5dd29c4963e6a8895d7262e0ef13d5", "parents": [ "995995378f996a8aa1cf4e4ddc0f79fbfd45496f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:43 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:34 2011 +1000" }, "message": "KEYS: keyctl_get_keyring_ID() should create a session keyring if create flag set\n\nThe keyctl call:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1)\n\nshould create a session keyring if the process doesn\u0027t have one of its own\nbecause the create flag argument is set - rather than subscribing to and\nreturning the user-session keyring as:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0)\n\nwill do.\n\nThis can be tested by commenting out pam_keyinit in the /etc/pam.d files and\nrunning the following program a couple of times in a row:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\tint main(int argc, char *argv[])\n\t{\n\t\tkey_serial_t uk, usk, sk, nsk;\n\t\tuk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0);\n\t\tusk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);\n\t\tsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);\n\t\tnsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1);\n\t\tprintf(\"keys: %08x %08x %08x %08x\\n\", uk, usk, sk, nsk);\n\t\treturn 0;\n\t}\n\nWithout this patch, I see:\n\n\tkeys: 3975ddc7 119c0c66 119c0c66 119c0c66\n\tkeys: 3975ddc7 119c0c66 119c0c66 119c0c66\n\nWith this patch, I see:\n\n\tkeys: 2cb4997b 34112878 34112878 17db2ce3\n\tkeys: 2cb4997b 34112878 34112878 39f3c73e\n\nAs can be seen, the session keyring starts off the same as the user-session\nkeyring each time, but with the patch a new session keyring is created when\nthe create flag is set.\n\nReported-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "995995378f996a8aa1cf4e4ddc0f79fbfd45496f", "tree": "ddc0c1305767e683535120361a5f5848b7ae3803", "parents": [ "c5532b09bf40c398f2acfdd8f100c796d1d3f881" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Aug 22 14:08:33 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 23 09:57:33 2011 +1000" }, "message": "KEYS: If install_session_keyring() is given a keyring, it should install it\n\nIf install_session_keyring() is given a keyring, it should install it rather\nthan just creating a new one anyway. This was accidentally broken in:\n\n\tcommit d84f4f992cbd76e8f39c488cf0c5d123843923b1\n\tAuthor: David Howells \u003cdhowells@redhat.com\u003e\n\tDate: Fri Nov 14 10:39:23 2008 +1100\n\tSubject: CRED: Inaugurate COW credentials\n\nThe impact of that commit is that pam_keyinit no longer works correctly if\n\u0027force\u0027 isn\u0027t specified against a login process. This is because:\n\n\tkeyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0)\n\nnow always creates a new session keyring and thus the check whether the session\nkeyring and the user-session keyring are the same is always false. This leads\npam_keyinit to conclude that a session keyring is installed and it shouldn\u0027t be\nrevoked by pam_keyinit here if \u0027revoke\u0027 is specified.\n\nAny system that specifies \u0027force\u0027 against pam_keyinit in the PAM configuration\nfiles for login methods (login, ssh, su -l, kdm, etc.) is not affected since\nthat bypasses the broken check and forces the creation of a new session keyring\nanyway (for which the revoke flag is not cleared) - and any subsequent call to\npam_keyinit really does have a session keyring already installed, and so the\ncheck works correctly there.\n\nReverting to the previous behaviour will cause the kernel to subscribe the\nprocess to the user-session keyring as its session keyring if it doesn\u0027t have a\nsession keyring of its own. pam_keyinit will detect this and install a new\nsession keyring anyway (and won\u0027t clear the revert flag).\n\nThis can be tested by commenting out pam_keyinit in the /etc/pam.d files and\nrunning the following program a couple of times in a row:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\tint main(int argc, char *argv[])\n\t{\n\t\tkey_serial_t uk, usk, sk;\n\t\tuk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0);\n\t\tusk \u003d keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);\n\t\tsk \u003d keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);\n\t\tprintf(\"keys: %08x %08x %08x\\n\", uk, usk, sk);\n\t\treturn 0;\n\t}\n\nWithout the patch, I see:\n\n\tkeys: 3884e281 24c4dfcf 22825f8e\n\tkeys: 3884e281 24c4dfcf 068772be\n\nWith the patch, I see:\n\n\tkeys: 26be9c83 0e755ce0 0e755ce0\n\tkeys: 26be9c83 0e755ce0 0e755ce0\n\nAs can be seen, with the patch, the session keyring is the same as the\nuser-session keyring each time; without the patch a new session keyring is\ngenerated each time.\n\nReported-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Greg Wettstein \u003cgreg@enjellic.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c5532b09bf40c398f2acfdd8f100c796d1d3f881", "tree": "ac1fd4c0b24f427e307495d392a0a98464fff91d", "parents": [ "dbe5ad17ec62fbd3be7789f9a5ab71d23da8acf0" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Aug 17 18:52:24 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 18 12:58:14 2011 +1000" }, "message": "evm: add MAINTAINERS entry\n\nUpdate the MAINTAINERS file with an entry for EVM.\n\nReported-by: Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbe5ad17ec62fbd3be7789f9a5ab71d23da8acf0", "tree": "60e4ae2f8b5d66faac484f5774d22290a51c21e4", "parents": [ "09f464bf0961aba3cd917d4939597bafb269fb95" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Aug 17 18:51:36 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 18 12:58:12 2011 +1000" }, "message": "evm: add Kconfig TCG_TPM dependency\n\nAlthough the EVM encrypted-key should be encrypted/decrypted using a\ntrusted-key, a user-defined key could be used instead. When using a user-\ndefined key, a TCG_TPM dependency should not be required. Unfortunately,\nthe encrypted-key code needs to be refactored a bit in order to remove\nthis dependency.\n\nThis patch adds the TCG_TPM dependency.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e,\n\t Randy Dunlap \u003crdunlap@xenotimenet\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "09f464bf0961aba3cd917d4939597bafb269fb95", "tree": "ffdbb860514012bc2c8fef75cff3aa77c94fb9fc", "parents": [ "1e39f384bb01b0395b69cb70c2cacae65012f203" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Tue Aug 16 20:34:05 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 09:48:41 2011 +1000" }, "message": "tomoyo: remove tomoyo_gc_thread()-\u003edaemonize()\n\ndaemonize() is only needed when a user-space task does kernel_thread().\n\ntomoyo_gc_thread() is kthread_create()\u0027ed and thus it doesn\u0027t need\nthe soon-to-be-deprecated daemonize().\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Matt Fleming \u003cmatt.fleming@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1e39f384bb01b0395b69cb70c2cacae65012f203", "tree": "d80fa4881dd94a198a6a8c34212e04187dc136ab", "parents": [ "7d8db1808a2001077a9f966180c5e4f7cc20d4c7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Aug 15 09:09:16 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 16 09:23:44 2011 +1000" }, "message": "evm: fix build problems\n\n- Make the previously missing security_old_inode_init_security() stub\n function definition static inline.\n\n- The stub security_inode_init_security() function previously returned\n -EOPNOTSUPP and relied on the callers to change it to 0. The stub\n security/security_old_inode_init_security() functions now return 0.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7d8db1808a2001077a9f966180c5e4f7cc20d4c7", "tree": "db2e93f805316300e4ec3d0f6ab15b01f641a4f5", "parents": [ "4d49f6710bfbd2271feab074f8c1053387e5d9fe" ], "author": { "name": "Serge Hallyn", "email": "serge.hallyn@canonical.com", "time": "Mon Aug 15 08:29:50 2011 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 16 09:20:45 2011 +1000" }, "message": "capabilities: initialize has_cap\n\nInitialize has_cap in cap_bprm_set_creds()\n\nReported-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4d49f6710bfbd2271feab074f8c1053387e5d9fe", "tree": "87a508aa2a51d2d855c3b67961a711bd636d842c", "parents": [ "f995e74087402c482c55c29bf11da8bcf631245a" ], "author": { "name": "Zhi Li", "email": "lizhi1215@gmail.com", "time": "Thu Aug 11 13:27:50 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 12 15:06:57 2011 +1000" }, "message": "capabilities: do not grant full privs for setuid w/ file caps + no effective caps\n\nA task (when !SECURE_NOROOT) which executes a setuid-root binary will\nobtain root privileges while executing that binary. If the binary also\nhas effective capabilities set, then only those capabilities will be\ngranted. The rationale is that the same binary can carry both setuid-root\nand the minimal file capability set, so that on a filesystem not\nsupporting file caps the binary can still be executed with privilege,\nwhile on a filesystem supporting file caps it will run with minimal\nprivilege.\n\nThis special case currently does NOT happen if there are file capabilities\nbut no effective capabilities. Since capability-aware programs can very\nwell start with empty pE but populated pP and move those caps to pE when\nneeded. In other words, if the file has file capabilities but NOT\neffective capabilities, then we should do the same thing as if there\nwere file capabilities, and not grant full root privileges.\n\nThis patchset does that.\n\n(Changelog by Serge Hallyn).\n\nSigned-off-by: Zhi Li \u003clizhi1215@gmail.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f995e74087402c482c55c29bf11da8bcf631245a", "tree": "3972c0974ed4b8782794b62bbc73e97dc5174a4b", "parents": [ "5a4730ba9517cf2793175991243436a24b1db18f" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 16:00:47 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Aug 12 12:49:58 2011 +1000" }, "message": "CIFS: remove local xattr definitions\n\nLocal XATTR_TRUSTED_PREFIX_LEN and XATTR_SECURITY_PREFIX_LEN definitions\nredefined ones in \u0027linux/xattr.h\u0027. This was caused by commit 9d8f13ba3f48\n(\"security: new security_inode_init_security API adds function callback\")\nincluding \u0027linux/xattr.h\u0027 in \u0027linux/security.h\u0027.\n\nIn file included from include/linux/security.h:39,\n from include/net/sock.h:54,\n from fs/cifs/cifspdu.h:25,\n from fs/cifs/xattr.c:26:\n\nThis patch removes the local definitions.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a4730ba9517cf2793175991243436a24b1db18f", "tree": "2c9c26d4662a31c851aed525d4d032d08e54e297", "parents": [ "e1c9b23adbe86c725738402857397d7a29f9d6ef" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 00:22:52 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 11 17:42:41 2011 +1000" }, "message": "evm: fix evm_inode_init_security return code\n\nevm_inode_init_security() should return 0, when EVM is not enabled.\n(Returning an error is a remnant of evm_inode_post_init_security.)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e1c9b23adbe86c725738402857397d7a29f9d6ef", "tree": "746d85cd4518480507c7d01b4c25d39d4ef21805", "parents": [ "0b024d2446474c6a7c47573af5a35db83f557ce3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Aug 11 00:22:51 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Aug 11 17:42:07 2011 +1000" }, "message": "evm: building without EVM enabled fixes\n\n- Missing \u0027inline\u0027 on evm_inode_setattr() definition.\nIntroduced by commit 817b54aa45db (\"evm: add evm_inode_setattr to prevent\nupdating an invalid security.evm\").\n\n- Missing security_old_inode_init_security() stub function definition.\nCaused by commit 9d8f13ba3f48 (\"security: new security_inode_init_security\nAPI adds function callback\").\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0b024d2446474c6a7c47573af5a35db83f557ce3", "tree": "56d1d380cd4f87581a0e276ee80cc52e438738b8", "parents": [ "5a2f3a02aea164f4f59c0c3497772090a411b462" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 11:33:36 2011 +1000" }, "message": "EVM: ensure trusted and encypted key symbols are available to EVM\n\nSelect trusted and encrypted keys if EVM is selected, to ensure\nthe requisite symbols are available. Otherwise, these can be\nselected as modules while EVM is static, leading to a kernel\nbuild failure.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5a2f3a02aea164f4f59c0c3497772090a411b462", "tree": "d3ebe03d4f97575290087843960baa01de3acd0a", "parents": [ "1d568ab068c021672d6cd7f50f92a3695a921ffb", "817b54aa45db03437c6d09a7693fc6926eb8e822" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 09 10:31:03 2011 +1000" }, "message": "Merge branch \u0027next-evm\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next\n\nConflicts:\n\tfs/attr.c\n\nResolve conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1d568ab068c021672d6cd7f50f92a3695a921ffb", "tree": "1c4ab86d4fbc8c699f8351f782dfbace586c5d36", "parents": [ "94b12d4481b3f32004f13b52fb64d5cf75f551aa", "8959deef0fafeb6e5ede7efd237f74a5a6c9b472" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 14:04:10 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 14:04:10 2011 +1000" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "94b12d4481b3f32004f13b52fb64d5cf75f551aa", "tree": "1c4ab86d4fbc8c699f8351f782dfbace586c5d36", "parents": [ "322a8b034003c0d46d39af85bf24fee27b902f48" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 13:39:40 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 08 13:39:40 2011 +1000" }, "message": "Merge branch \u0027linus\u0027; commit \u0027v3.1-rc1\u0027 into next\n" }, { "commit": "322a8b034003c0d46d39af85bf24fee27b902f48", "tree": "1c4ab86d4fbc8c699f8351f782dfbace586c5d36", "parents": [ "9e23311345135083f6074b280de1e6dc5eee1f68" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 18:23:30 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 18:23:30 2011 -0700" }, "message": "Linux 3.1-rc1\n" }, { "commit": "9e23311345135083f6074b280de1e6dc5eee1f68", "tree": "2eb39b47188efc9311faa10b2efaa84a0ae944b5", "parents": [ "fc97114b8d67819fadcc5af855da9a3e6a6a329b", "0785a8e87be0202744d8681363aecbd4ffbb5f5a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 15:52:19 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 15:52:19 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:\n sparc: Fix build with DEBUG_PAGEALLOC enabled.\n" }, { "commit": "fc97114b8d67819fadcc5af855da9a3e6a6a329b", "tree": "f790c70af791b6ad25cffcb10218ace9dee52896", "parents": [ "f23c126bfabef88c201c8cc56bd3ccd9d59c51e0" ], "author": { "name": "Rafael J. Wysocki", "email": "rjw@sisk.pl", "time": "Mon Aug 08 00:26:50 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 15:51:45 2011 -0700" }, "message": "sh: Fix boot crash related to SCI\n\nCommit d006199e72a9 (\"serial: sh-sci: Regtype probing doesn\u0027t need to be\nfatal.\") made sci_init_single() return when sci_probe_regmap() succeeds,\nalthough it should return when sci_probe_regmap() fails. This causes\nsystems using the serial sh-sci driver to crash during boot.\n\nFix the problem by using the right return condition.\n\nSigned-off-by: Rafael J. Wysocki \u003crjw@sisk.pl\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f23c126bfabef88c201c8cc56bd3ccd9d59c51e0", "tree": "cd841039395732b305c2ea0e56c19a3ca17d834d", "parents": [ "4d4487140d34c1b9b321889d2d209321b0da6643" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 15:49:11 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 15:49:11 2011 -0700" }, "message": "arm: remove stale export of \u0027sha_transform\u0027\n\nThe generic library code already exports the generic function, this was\nleft-over from the ARM-specific version that just got removed.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4d4487140d34c1b9b321889d2d209321b0da6643", "tree": "1f1fa8d67a9f36980e457b77234d89f6761098c9", "parents": [ "3295514841c2112d94451ba5deaf54f5afb78ea9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 14:07:03 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 14:07:03 2011 -0700" }, "message": "arm: remove \"optimized\" SHA1 routines\n\nSince commit 1eb19a12bd22 (\"lib/sha1: use the git implementation of\nSHA-1\"), the ARM SHA1 routines no longer work. The reason? They\ndepended on the larger 320-byte workspace, and now the sha1 workspace is\njust 16 words (64 bytes). So the assembly version would overwrite the\nstack randomly.\n\nThe optimized asm version is also probably slower than the new improved\nC version, so there\u0027s no reason to keep it around. At least that was\nthe case in git, where what appears to be the same assembly language\nversion was removed two years ago because the optimized C BLK_SHA1 code\nwas faster.\n\nReported-and-tested-by: Joachim Eastwood \u003cmanabian@gmail.com\u003e\nCc: Andreas Schwab \u003cschwab@linux-m68k.org\u003e\nCc: Nicolas Pitre \u003cnico@fluxnic.net\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3295514841c2112d94451ba5deaf54f5afb78ea9", "tree": "6df351cb1febbcd011d24fcf99d1b08167c68d5e", "parents": [ "7813b94a54987571082ff19e9d87eabbfec23b4e" ], "author": { "name": "Al Viro", "email": "viro@ZenIV.linux.org.uk", "time": "Sun Aug 07 18:55:11 2011 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 13:42:35 2011 -0700" }, "message": "fix rcu annotations noise in cred.h\n\ntask-\u003ecred is declared as __rcu, and access to other tasks\u0027 -\u003ecred is,\nindeed, protected. Access to current-\u003ecred does not need rcu_dereference()\nat all, since only the task itself can change its -\u003ecred. sparse, of\ncourse, has no way of knowing that...\n\nAdd force-cast in current_cred(), make current_fsuid() et.al. use it.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7813b94a54987571082ff19e9d87eabbfec23b4e", "tree": "f0c6b3325adba97b2af15d7bae55b4babb812f76", "parents": [ "206b1d09a56dcd2db1052245c4131879c410eaf8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 09:53:20 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Aug 07 13:42:25 2011 -0700" }, "message": "vfs: rename \u0027do_follow_link\u0027 to \u0027should_follow_link\u0027\n\nAl points out that the do_follow_link() helper function really is\nmisnamed - it\u0027s about whether we should try to follow a symlink or not,\nnot about actually doing the following.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "206b1d09a56dcd2db1052245c4131879c410eaf8", "tree": "86a5d67b10c8736b47323cde7717068e98a023e1", "parents": [ "c2f340a69cabe0fb7b9f02d1a2495927db225a06" ], "author": { "name": "Ari Savolainen", "email": "ari.m.savolainen@gmail.com", "time": "Sat Aug 06 19:43:07 2011 +0300" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Aug 07 04:52:23 2011 -0400" }, "message": "Fix POSIX ACL permission check\n\nAfter commit 3567866bf261: \"RCUify freeing acls, let check_acl() go ahead in\nRCU mode if acl is cached\" posix_acl_permission is being called with an\nunsupported flag and the permission check fails. This patch fixes the issue.\n\nSigned-off-by: Ari Savolainen \u003cari.m.savolainen@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c2f340a69cabe0fb7b9f02d1a2495927db225a06", "tree": "dd9bc3125f833adf163c47542917ebc18b1acc56", "parents": [ "3ddcd0569cd68f00f3beae9a7959b72918bb91f4", "cf283ade08c454e884394a4720f22421dd33a715" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:56:03 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:56:03 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.open-osd.org/linux-open-osd\n\n* \u0027for-linus\u0027 of git://git.open-osd.org/linux-open-osd:\n ore: Make ore its own module\n exofs: Rename raid engine from exofs/ios.c \u003d\u003e ore\n exofs: ios: Move to a per inode components \u0026 device-table\n exofs: Move exofs specific osd operations out of ios.c\n exofs: Add offset/length to exofs_get_io_state\n exofs: Fix truncate for the raid-groups case\n exofs: Small cleanup of exofs_fill_super\n exofs: BUG: Avoid sbi realloc\n exofs: Remove pnfs-osd private definitions\n nfs_xdr: Move nfs4_string definition out of #ifdef CONFIG_NFS_V4\n" }, { "commit": "3ddcd0569cd68f00f3beae9a7959b72918bb91f4", "tree": "3f7c591316560b1c22e2cc0700fbcd29aa3fbd7f", "parents": [ "830c0f0edca67403d361fe976a25b17356c11f19" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:45:50 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:53:23 2011 -0700" }, "message": "vfs: optimize inode cache access patterns\n\nThe inode structure layout is largely random, and some of the vfs paths\nreally do care. The path lookup in particular is already quite D$\nintensive, and profiles show that accessing the \u0027inode-\u003ei_op-\u003exyz\u0027\nfields is quite costly.\n\nWe already optimized the dcache to not unnecessarily load the d_op\nstructure for members that are often NULL using the DCACHE_OP_xyz bits\nin dentry-\u003ed_flags, and this does something very similar for the inode\nops that are used during pathname lookup.\n\nIt also re-orders the fields so that the fields accessed by \u0027stat\u0027 are\ntogether at the beginning of the inode structure, and roughly in the\norder accessed.\n\nThe effect of this seems to be in the 1-2% range for an empty kernel\n\"make -j\" run (which is fairly kernel-intensive, mostly in filename\nlookup), so it\u0027s visible. The numbers are fairly noisy, though, and\nlikely depend a lot on exact microarchitecture. So there\u0027s more tuning\nto be done.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "830c0f0edca67403d361fe976a25b17356c11f19", "tree": "b4bfc71ab9aaff0e8b65403c319dde519dd6f9ef", "parents": [ "7cd4767e696123cdb7447fbd7c281eb8c610c8e4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:41:50 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:52:40 2011 -0700" }, "message": "vfs: renumber DCACHE_xyz flags, remove some stale ones\n\nGcc tends to generate better code with small integers, including the\nDCACHE_xyz flag tests - so move the common ones to be first in the list.\nAlso just remove the unused DCACHE_INOTIFY_PARENT_WATCHED and\nDCACHE_AUTOFS_PENDING values, their users no longer exists in the source\ntree.\n\nAnd add a \"unlikely()\" to the DCACHE_OP_COMPARE test, since we want the\ncommon case to be a nice straight-line fall-through.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7cd4767e696123cdb7447fbd7c281eb8c610c8e4", "tree": "8a44dfbe0a131f6036eab36f887a058e9750fe69", "parents": [ "1957e7fdefce4494cb8d8f09ee2317b7ede24994", "6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:12:37 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 22:12:37 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:\n net: Compute protocol sequence numbers and fragment IDs using MD5.\n crypto: Move md5_transform to lib/md5.c\n" }, { "commit": "cf283ade08c454e884394a4720f22421dd33a715", "tree": "749bf95c36083fe35bdf020d71ab667283b486c4", "parents": [ "8ff660ab85f524bdc7652eb5d38aaef1d66aa9c7" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:22:06 2011 -0700" }, "committer": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:36:19 2011 -0700" }, "message": "ore: Make ore its own module\n\nExport everything from ore need exporting. Change Kbuild and Kconfig\nto build ore.ko as an independent module. Import ore from exofs\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\n" }, { "commit": "8ff660ab85f524bdc7652eb5d38aaef1d66aa9c7", "tree": "c4a29cde4fc8654ae00e65cb520e13f9fe7f4e08", "parents": [ "9e9db45649eb5d3ee5622fdad741914ecf1016a0" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:26:31 2011 -0700" }, "committer": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:36:18 2011 -0700" }, "message": "exofs: Rename raid engine from exofs/ios.c \u003d\u003e ore\n\nORE stands for \"Objects Raid Engine\"\n\nThis patch is a mechanical rename of everything that was in ios.c\nand its API declaration to an ore.c and an osd_ore.h header. The ore\nengine will later be used by the pnfs objects layout driver.\n\n* File ios.c \u003d\u003e ore.c\n\n* Declaration of types and API are moved from exofs.h to a new\n osd_ore.h\n\n* All used types are prefixed by ore_ from their exofs_ name.\n\n* Shift includes from exofs.h to osd_ore.h so osd_ore.h is\n independent, include it from exofs.h.\n\nOther than a pure rename there are no other changes. Next patch\nwill move the ore into it\u0027s own module and will export the API\nto be used by exofs and later the layout driver\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\n" }, { "commit": "9e9db45649eb5d3ee5622fdad741914ecf1016a0", "tree": "19ab9e1431e3d6535cef3f2cba6fcff12bb6ba6c", "parents": [ "85e44df4748670a1a7d8441b2d75843cdebc478a" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Fri Aug 05 15:06:04 2011 -0700" }, "committer": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:35:32 2011 -0700" }, "message": "exofs: ios: Move to a per inode components \u0026 device-table\n\nExofs raid engine was saving on memory space by having a single layout-info,\nsingle pid, and a single device-table, global to the filesystem. Then passing\na credential and object_id info at the io_state level, private for each\ninode. It would also devise this contraption of rotating the device table\nview for each inode-\u003eino to spread out the device usage.\n\nThis is not compatible with the pnfs-objects standard, demanding that\neach inode can have it\u0027s own layout-info, device-table, and each object\ncomponent it\u0027s own pid, oid and creds.\n\nSo: Bring exofs raid engine to be usable for generic pnfs-objects use by:\n\n* Define an exofs_comp structure that holds obj_id and credential info.\n\n* Break up exofs_layout struct to an exofs_components structure that holds a\n possible array of exofs_comp and the array of devices + the size of the\n arrays.\n\n* Add a \"comps\" parameter to get_io_state() that specifies the ids creds\n and device array to use for each IO.\n\n This enables to keep the layout global, but the device-table view, creds\n and IDs at the inode level. It only adds two 64bit to each inode, since\n some of these members already existed in another form.\n\n* ios raid engine now access layout-info and comps-info through the passed\n pointers. Everything is pre-prepared by caller for generic access of\n these structures and arrays.\n\nAt the exofs Level:\n\n* Super block holds an exofs_components struct that holds the device\n array, previously in layout. The devices there are in device-table\n order. The device-array is twice bigger and repeats the device-table\n twice so now each inode\u0027s device array can point to a random device\n and have a round-robin view of the table, making it compatible to\n previous exofs versions.\n\n* Each inode has an exofs_components struct that is initialized at\n load time, with it\u0027s own view of the device table IDs and creds.\n When doing IO this gets passed to the io_state together with the\n layout.\n\nWhile preforming this change. Bugs where found where credentials with the\nwrong IDs where used to access the different SB objects (super.c). As well\nas some dead code. It was never noticed because the target we use does not\ncheck the credentials.\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\n" }, { "commit": "85e44df4748670a1a7d8441b2d75843cdebc478a", "tree": "c5bc0cdf7dad56cc6f3a38f99c88f62325a1e029", "parents": [ "e1042ba0991aab80ced34f7dade6ec25f22b4304" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Mon May 16 15:26:47 2011 +0300" }, "committer": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:35:31 2011 -0700" }, "message": "exofs: Move exofs specific osd operations out of ios.c\n\nios.c will be moving to an external library, for use by the\nobjects-layout-driver. Remove from it some exofs specific functions.\n\nAlso g_attr_logical_length is used both by inode.c and ios.c\nmove definition to the later, to keep it independent\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\n" }, { "commit": "e1042ba0991aab80ced34f7dade6ec25f22b4304", "tree": "5953383f9235df91acfc2315a5c6fbdfb359ecf1", "parents": [ "16f75bb35d54b44356f496272c013f7ace5fa698" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Tue Nov 16 20:09:58 2010 +0200" }, "committer": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Sat Aug 06 19:35:31 2011 -0700" }, "message": "exofs: Add offset/length to exofs_get_io_state\n\nIn future raid code we will need to know the IO offset/length\nand if it\u0027s a read or write to determine some of the array\nsizes we\u0027ll need.\n\nSo add a new exofs_get_rw_state() API for use when\nwriteing/reading. All other simple cases are left using the\nold way.\n\nThe major change to this is that now we need to call\nexofs_get_io_state later at inode.c::read_exec and\ninode.c::write_exec when we actually know these things. So this\npatch is kept separate so I can test things apart from other\nchanges.\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\n" }, { "commit": "6e5714eaf77d79ae1c8b47e3e040ff5411b717ec", "tree": "30bd0d7a6a0a6ff0ace6da1835ae7b7167cce5e4", "parents": [ "bc0b96b54a21246e377122d54569eef71cec535f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Aug 03 20:50:44 2011 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Aug 06 18:33:19 2011 -0700" }, "message": "net: Compute protocol sequence numbers and fragment IDs using MD5.\n\nComputers have become a lot faster since we compromised on the\npartial MD4 hash which we use currently for performance reasons.\n\nMD5 is a much safer choice, and is inline with both RFC1948 and\nother ISS generators (OpenBSD, Solaris, etc.)\n\nFurthermore, only having 24-bits of the sequence number be truly\nunpredictable is a very serious limitation. So the periodic\nregeneration and 8-bit counter have been removed. We compute and\nuse a full 32-bit sequence number.\n\nFor ipv6, DCCP was found to use a 32-bit truncated initial sequence\nnumber (it needs 43-bits) and that is fixed here as well.\n\nReported-by: Dan Kaminsky \u003cdan@doxpara.com\u003e\nTested-by: Willy Tarreau \u003cw@1wt.eu\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bc0b96b54a21246e377122d54569eef71cec535f", "tree": "b9cb6230c79da4b3a146af7d08c6c26f8d72024c", "parents": [ "de96355c111679dd6e2c5c73e25e814c72510c58" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Aug 03 19:45:10 2011 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Aug 06 18:32:45 2011 -0700" }, "message": "crypto: Move md5_transform to lib/md5.c\n\nWe are going to use this for TCP/IP sequence number and fragment ID\ngeneration.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1957e7fdefce4494cb8d8f09ee2317b7ede24994", "tree": "3a7dc640b6720c857186e59a4a820eae92acbb01", "parents": [ "ce195d328485459b77672ef20485a8e4f21477b5", "80975d21aae2136ccae1ce914a1602dc1d8b0795" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 13:54:36 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 13:54:36 2011 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:\n cifs: cope with negative dentries in cifs_get_root\n cifs: convert prefixpath delimiters in cifs_build_path_to_root\n CIFS: Fix missing a decrement of inFlight value\n cifs: demote DFS referral lookup errors to cFYI\n Revert \"cifs: advertise the right receive buffer size to the server\"\n" }, { "commit": "ce195d328485459b77672ef20485a8e4f21477b5", "tree": "60dacf394d6f002e41ee6b89561a2eea4dbee0ef", "parents": [ "2560540b78b48c8050f56e8ff5903c11a4f7a16e", "02b26774afebb2d62695ba3230319d70d8c6cc2d" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 13:26:37 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 06 13:26:37 2011 -0700" }, "message": "Merge branch \u0027pm-fixes\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6\n\n* \u0027pm-fixes\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:\n PM / Runtime: Allow _put_sync() from interrupts-disabled context\n PM / Domains: Fix pm_genpd_poweron()\n" } ], "next": "2560540b78b48c8050f56e8ff5903c11a4f7a16e" }