)]}' { "log": [ { "commit": "7908b3ef6809e49c77d914342dfaa4b946476d7a", "tree": "44af103c5457b4c2286400158dcfc18846a7c4f0", "parents": [ "dcd6c92267155e70a94b3927bce681ce74b80d1f", "acbbb76a26648dfae6fed0989879e40d75692bfc" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "message": "Merge git://git.samba.org/sfrench/cifs-2.6\n\n* git://git.samba.org/sfrench/cifs-2.6:\n CIFS: Rename *UCS* functions to *UTF16*\n [CIFS] ACL and FSCACHE support no longer EXPERIMENTAL\n [CIFS] Fix build break with multiuser patch when LANMAN disabled\n cifs: warn about impending deprecation of legacy MultiuserMount code\n cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts\n cifs: sanitize username handling\n keys: add a \"logon\" key type\n cifs: lower default wsize when unix extensions are not used\n cifs: better instrumentation for coalesce_t2\n cifs: integer overflow in parse_dacl()\n cifs: Fix sparse warning when calling cifs_strtoUCS\n CIFS: Add descriptions to the brlock cache functions\n" }, { "commit": "f6b24579d099ebb67f39cd7924a72a7eec0ce6ae", "tree": "a97004bb108138294b77e98466a4b9e76a9a198c", "parents": [ "3db59dd93309710c40aaf1571c607cb0feef3ecb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 18 10:03:14 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 16:16:29 2012 +1100" }, "message": "keys: fix user_defined key sparse messages\n\nReplace the rcu_assign_pointer() calls with rcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3db59dd93309710c40aaf1571c607cb0feef3ecb", "tree": "6a224a855aad0e5207abae573456b2d2ec381f7c", "parents": [ "4bf1924c008dffdc154f82507b4052e49263a6f4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 22:11:28 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 15:59:11 2012 +1100" }, "message": "ima: fix cred sparse warning\n\nFix ima_policy.c sparse \"warning: dereference of noderef expression\"\nmessage, by accessing cred-\u003euid using current_cred().\n\nChangelog v1:\n- Change __cred to just cred (based on David Howell\u0027s comment)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f6ed2ca257fa8650b876377833e6f14e272848b", "tree": "8b664dced5415a6d463a56c2bc98756bd5ea5e44", "parents": [ "ce91acb3acae26f4163c5a6f1f695d1a1e8d9009" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Tue Jan 17 16:09:11 2012 -0500" }, "committer": { "name": "Steve French", "email": "smfrench@gmail.com", "time": "Tue Jan 17 22:39:40 2012 -0600" }, "message": "keys: add a \"logon\" key type\n\nFor CIFS, we want to be able to store NTLM credentials (aka username\nand password) in the keyring. We do not, however want to allow users\nto fetch those keys back out of the keyring since that would be a\nsecurity risk.\n\nUnfortunately, due to the nuances of key permission bits, it\u0027s not\npossible to do this. We need to grant search permissions so the kernel\ncan find these keys, but that also implies permissions to read the\npayload.\n\nResolve this by adding a new key_type. This key type is essentially\nthe same as key_type_user, but does not define a .read op. This\nprevents the payload from ever being visible from userspace. This\nkey type also vets the description to ensure that it\u0027s \"qualified\"\nby checking to ensure that it has a \u0027:\u0027 in it that is preceded by\nother characters.\n\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csmfrench@gmail.com\u003e\n" }, { "commit": "a25a2b84098eb5e001cb8086603d692aa95bf2ec", "tree": "02c01b36251f7b0afb1a98093e14efb17d015910", "parents": [ "f429ee3b808118591d1f3cdf3c0d0793911a5677", "f1be242c95257b199d8b679bc952ca33487c9af6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n integrity: digital signature config option name change\n lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts\n lib: MPILIB Kconfig description update\n lib: digital signature dependency fix\n lib: digital signature config option name change\n encrypted-keys: fix rcu and sparse messages\n keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n KEYS: Add missing smp_rmb() primitives to the keyring search code\n TOMOYO: Accept \\000 as a valid character.\n security: update MAINTAINERS file with new git repo\n" }, { "commit": "f429ee3b808118591d1f3cdf3c0d0793911a5677", "tree": "96d848f5f677d96758ecd2aee5eb6931b75bf218", "parents": [ "22b4eb5e3174efb49791c62823d0cccc35394c36", "c158a35c8a681cf68d36f22f058f9f5466386c71" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:06:51 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:41:31 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits)\n audit: no leading space in audit_log_d_path prefix\n audit: treat s_id as an untrusted string\n audit: fix signedness bug in audit_log_execve_info()\n audit: comparison on interprocess fields\n audit: implement all object interfield comparisons\n audit: allow interfield comparison between gid and ogid\n audit: complex interfield comparison helper\n audit: allow interfield comparison in audit rules\n Kernel: Audit Support For The ARM Platform\n audit: do not call audit_getname on error\n audit: only allow tasks to set their loginuid if it is -1\n audit: remove task argument to audit_set_loginuid\n audit: allow audit matching on inode gid\n audit: allow matching on obj_uid\n audit: remove audit_finish_fork as it can\u0027t be called\n audit: reject entry,always rules\n audit: inline audit_free to simplify the look of generic code\n audit: drop audit_set_macxattr as it doesn\u0027t do anything\n audit: inline checks for not needing to collect aux records\n audit: drop some potentially inadvisable likely notations\n ...\n\nUse evil merge to fix up grammar mistakes in Kconfig file.\n\nBad speling and horrible grammar (and copious swearing) is to be\nexpected, but let\u0027s keep it to commit messages and comments, rather than\nexpose it to users in config help texts or printouts.\n" }, { "commit": "f1be242c95257b199d8b679bc952ca33487c9af6", "tree": "fa3a1057bbd9caedca959c1fa3811413bf101d7d", "parents": [ "2e5f094b9dbf9463ab93f86351cd1a8dc88942cc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:07 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:27 2012 +1100" }, "message": "integrity: digital signature config option name change\n\nSimilar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5e8898e97a5db4125d944070922164d1d09a2689", "tree": "a5319fcc60499e63fecc7a08d923a1de8f9c7622", "parents": [ "6ac6172a935d1faf7ef259802267657bc0007a62" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:03 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:21 2012 +1100" }, "message": "lib: digital signature config option name change\n\nIt was reported that DIGSIG is confusing name for digital signature\nmodule. It was suggested to rename DIGSIG to SIGNATURE.\n\nRequested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSuggested-by: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6ac6172a935d1faf7ef259802267657bc0007a62", "tree": "034c1a79a3d401926f6b968eb270d34f561e50f1", "parents": [ "ee0b31a25a010116f44fca6c96f4516d417793dd" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 20:40:02 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:30 2012 +1100" }, "message": "encrypted-keys: fix rcu and sparse messages\n\nEnabling CONFIG_PROVE_RCU and CONFIG_SPARSE_RCU_POINTER resulted in\n\"suspicious rcu_dereference_check() usage!\" and \"incompatible types\nin comparison expression (different address spaces)\" messages.\n\nAccess the masterkey directly when holding the rwsem.\n\nChangelog v1:\n- Use either rcu_read_lock()/rcu_derefence_key()/rcu_read_unlock()\nor remove the unnecessary rcu_derefence() - David Howells\n\nReported-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ee0b31a25a010116f44fca6c96f4516d417793dd", "tree": "d7670d202d0f4888b5213ed73d88c9a80bd05b74", "parents": [ "efde8b6e16f11e7d1681c68d86c7fd51053cada7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 20:39:51 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:29 2012 +1100" }, "message": "keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n\nDefine rcu_assign_keypointer(), which uses the key payload.rcudata instead\nof payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message:\n\"incompatible types in comparison expression (different address spaces)\"\n\nReplace the rcu_assign_pointer() calls in encrypted/trusted keys with\nrcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "efde8b6e16f11e7d1681c68d86c7fd51053cada7", "tree": "4fb5e80428c4f36c5da35ff3319cd71c1771451c", "parents": [ "25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Jan 17 20:39:40 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:27 2012 +1100" }, "message": "KEYS: Add missing smp_rmb() primitives to the keyring search code\n\nAdd missing smp_rmb() primitives to the keyring search code.\n\nWhen keyring payloads are appended to without replacement (thus using up spare\nslots in the key pointer array), an smp_wmb() is issued between the pointer\nassignment and the increment of the key count (nkeys).\n\nThere should be corresponding read barriers between the read of nkeys and\ndereferences of keys[n] when n is dependent on the value of nkeys.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c", "tree": "1fb0c0fadcf7544fee117f27ac667e4c444d634b", "parents": [ "89879a7eb81f69e6f63bdb2a442fb765c46482c0" ], "author": { "name": "Tetsuo Handa", "email": "from-tomoyo-users-en@I-love.SAKURA.ne.jp", "time": "Sun Jan 15 11:05:59 2012 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:40:59 2012 +1100" }, "message": "TOMOYO: Accept \\000 as a valid character.\n\nTOMOYO 2.5 in Linux 3.2 and later handles Unix domain socket\u0027s address.\nThus, tomoyo_correct_word2() needs to accept \\000 as a valid character, or\nTOMOYO 2.5 cannot handle Unix domain\u0027s abstract socket address.\n\nReported-by: Steven Allen \u003csteven@stebalien.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCC: stable@vger.kernel.org [3.2+]\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c158a35c8a681cf68d36f22f058f9f5466386c71", "tree": "54a7fe4d21a30848539b2bf94c885f0a0b123717", "parents": [ "41fdc3054e23e3229edea27053522fe052d02ec2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 06 14:07:10 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:04 2012 -0500" }, "message": "audit: no leading space in audit_log_d_path prefix\n\naudit_log_d_path() injects an additional space before the prefix,\nwhich serves no purpose and doesn\u0027t mix well with other audit_log*()\nfunctions that do not sneak extra characters into the log.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "41fdc3054e23e3229edea27053522fe052d02ec2", "tree": "00bb62aef2288df07eae059f344d11d32b004f69", "parents": [ "5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Sat Jan 07 10:41:04 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:03 2012 -0500" }, "message": "audit: treat s_id as an untrusted string\n\nThe use of s_id should go through the untrusted string path, just to be\nextra careful.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "90ab5ee94171b3e28de6bb42ee30b527014e0be7", "tree": "fcf89889f6e881f2b231d3d20287c08174ce4b54", "parents": [ "476bc0015bf09dad39d36a8b19f76f0c181d1ec9" ], "author": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "message": "module_param: make bool parameters really bool (drivers \u0026 misc)\n\nmodule_param(bool) used to counter-intuitively take an int. In\nfddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy\ntrick.\n\nIt\u0027s time to remove the int/unsigned int option. For this version\nit\u0027ll simply give a warning, but it\u0027ll break next kernel version.\n\nAcked-by: Mauro Carvalho Chehab \u003cmchehab@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "3e25eb9c4bb649acdddb333d10774b640190f727", "tree": "d51009557e95437dd7b7ef6b0f3a51aacccec743", "parents": [ "e4e11180dfa545233e5145919b75b7fac88638df" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 10 10:20:35 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 10 10:20:35 2012 -0500" }, "message": "securityfs: fix object creation races\n\ninode needs to be fully set up before we feed it to d_instantiate().\nsecurityfs_create_file() does *not* do so; it sets -\u003ei_fop and\n-\u003ei_private only after we\u0027d exposed the inode. Unfortunately,\nthat\u0027s done fairly deep in call chain, so the amount of churn\nis considerable. Helper functions killed by substituting into\ntheir solitary call sites, dead code removed. We finally can\nbury default_file_ops, now that the final value of -\u003ei_fop is\navailable (and assigned) at the point where inode is allocated.\n\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "db0c2bf69aa095d4a6de7b1145f29fe9a7c0f6a3", "tree": "8f38957c01b18edddd44d49ecc3beeac08a20b4e", "parents": [ "ac69e0928054ff29a5049902fb477f9c7605c773", "0d19ea866562e46989412a0676412fa0983c9ce7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 09 12:59:24 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 09 12:59:24 2012 -0800" }, "message": "Merge branch \u0027for-3.3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\n* \u0027for-3.3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (21 commits)\n cgroup: fix to allow mounting a hierarchy by name\n cgroup: move assignement out of condition in cgroup_attach_proc()\n cgroup: Remove task_lock() from cgroup_post_fork()\n cgroup: add sparse annotation to cgroup_iter_start() and cgroup_iter_end()\n cgroup: mark cgroup_rmdir_waitq and cgroup_attach_proc() as static\n cgroup: only need to check oldcgrp\u003d\u003dnewgrp once\n cgroup: remove redundant get/put of task struct\n cgroup: remove redundant get/put of old css_set from migrate\n cgroup: Remove unnecessary task_lock before fetching css_set on migration\n cgroup: Drop task_lock(parent) on cgroup_fork()\n cgroups: remove redundant get/put of css_set from css_set_check_fetched()\n resource cgroups: remove bogus cast\n cgroup: kill subsys-\u003ecan_attach_task(), pre_attach() and attach_task()\n cgroup, cpuset: don\u0027t use ss-\u003epre_attach()\n cgroup: don\u0027t use subsys-\u003ecan_attach_task() or -\u003eattach_task()\n cgroup: introduce cgroup_taskset and use it in subsys-\u003ecan_attach(), cancel_attach() and attach()\n cgroup: improve old cgroup handling in cgroup_attach_proc()\n cgroup: always lock threadgroup during migration\n threadgroup: extend threadgroup_lock() to cover exit and exec\n threadgroup: rename signal-\u003ethreadgroup_fork_lock to -\u003egroup_rwsem\n ...\n\nFix up conflict in kernel/cgroup.c due to commit e0197aae59e5: \"cgroups:\nfix a css_set not found bug in cgroup_attach_proc\" that already\nmentioned that the bug is fixed (differently) in Tejun\u0027s cgroup\npatchset. This one, in other words.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "972b2c719990f91eb3b2310d44ef8a2d38955a14", "tree": "b25a250ec5bec4b7b6355d214642d8b57c5cab32", "parents": [ "02550d61f49266930e674286379d3601006b2893", "c3aa077648e147783a7a53b409578234647db853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "message": "Merge branch \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\n* \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (165 commits)\n reiserfs: Properly display mount options in /proc/mounts\n vfs: prevent remount read-only if pending removes\n vfs: count unlinked inodes\n vfs: protect remounting superblock read-only\n vfs: keep list of mounts for each superblock\n vfs: switch -\u003eshow_options() to struct dentry *\n vfs: switch -\u003eshow_path() to struct dentry *\n vfs: switch -\u003eshow_devname() to struct dentry *\n vfs: switch -\u003eshow_stats to struct dentry *\n switch security_path_chmod() to struct path *\n vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n vfs: trim includes a bit\n switch mnt_namespace -\u003eroot to struct mount\n vfs: take /proc/*/mounts and friends to fs/proc_namespace.c\n vfs: opencode mntget() mnt_set_mountpoint()\n vfs: spread struct mount - remaining argument of next_mnt()\n vfs: move fsnotify junk to struct mount\n vfs: move mnt_devname\n vfs: move mnt_list to struct mount\n vfs: switch pnode.h macros to struct mount *\n ...\n" }, { "commit": "cdcf116d44e78c7216ba9f8be9af1cdfca7af728", "tree": "2417cfd3e06ac5e2468585e8f00d580242cb5571", "parents": [ "d8c9584ea2a92879f471fd3a2be3af6c534fb035" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 08 10:51:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "switch security_path_chmod() to struct path *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8c9584ea2a92879f471fd3a2be3af6c534fb035", "tree": "3541b9c6228f820bdc65e4875156eb27b1c91cb1", "parents": [ "ece2ccb668046610189d88d6aaf05aeb09c988a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:16:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ece2ccb668046610189d88d6aaf05aeb09c988a1", "tree": "a0349945f7537de2aca420b47ced23b6294f8b65", "parents": [ "d10577a8d86a0c735488d66d32289a6d66bcfa20", "a218d0fdc5f9004164ff151d274487f6799907d0", "ff01bb4832651c6d25ac509a06a10fcbd75c461c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "message": "Merge branches \u0027vfsmount-guts\u0027, \u0027umode_t\u0027 and \u0027partitions\u0027 into Z\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "69f594a38967f4540ce7a29b3fd214e68a8330bd", "tree": "dff25b5f5ef0736fb63b08729bec4ff57062c13f", "parents": [ "f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:00 2012 -0500" }, "message": "ptrace: do not audit capability check when outputing /proc/pid/stat\n\nReading /proc/pid/stat of another process checks if one has ptrace permissions\non that process. If one does have permissions it outputs some data about the\nprocess which might have security and attack implications. If the current\ntask does not have ptrace permissions the read still works, but those fields\nare filled with inocuous (0) values. Since this check and a subsequent denial\nis not a violation of the security policy we should not audit such denials.\n\nThis can be quite useful to removing ptrace broadly across a system without\nflooding the logs when ps is run or something which harmlessly walks proc.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "2920a8409de5a51575d03deca07e5bb2be6fc98d", "tree": "1f16eba518068e7096b6ff200c09d3d31e285586", "parents": [ "c7eba4a97563fd8b431787f7ad623444f2da80c6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:55 2012 -0500" }, "message": "capabilities: remove all _real_ interfaces\n\nThe name security_real_capable and security_real_capable_noaudit just don\u0027t\nmake much sense to me. Convert them to use security_capable and\nsecurity_capable_noaudit.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "c7eba4a97563fd8b431787f7ad623444f2da80c6", "tree": "12041949c45c2f394d6a96041c39e07ad6df720b", "parents": [ "b7e724d303b684655e4ca3dabd5a6840ad19012d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:54 2012 -0500" }, "message": "capabilities: introduce security_capable_noaudit\n\nExactly like security_capable except don\u0027t audit any denials. This is for\nplaces where the kernel may make decisions about what to do if a task has a\ngiven capability, but which failing that capability is not a sign of a\nsecurity policy violation. An example is checking if a task has\nCAP_SYS_ADMIN to lower it\u0027s likelyhood of being killed by the oom killer.\nThis check is not a security violation if it is denied.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "b7e724d303b684655e4ca3dabd5a6840ad19012d", "tree": "5474d8d49d61ade4c5e306a0485a835587237bf4", "parents": [ "6a9de49115d5ff9871d953af1a5c8249e1585731" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: reverse arguments to security_capable\n\nsecurity_capable takes ns, cred, cap. But the LSM capable() hook takes\ncred, ns, cap. The capability helper functions also take cred, ns, cap.\nRather than flip argument order just to flip it back, leave them alone.\nHeck, this should be a little faster since argument will be in the right\nplace!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2653812e14f4e16688ec8247d7fd290bdbbc4747", "tree": "dabb2238a76e000b37374c69901afd6f99479631", "parents": [ "02f5daa563456c1ff3c3422aa3ec00e67460f762" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:19:02 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:52 2012 -0500" }, "message": "selinux: sparse fix: fix several warnings in the security server cod\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "02f5daa563456c1ff3c3422aa3ec00e67460f762", "tree": "b2394602c587815aae9f1b07ac272302800d9288", "parents": [ "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:18:06 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:51 2012 -0500" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0", "tree": "4f9b55cac61209b6b4f15a1e20396a15a4444b11", "parents": [ "6063c0461b947c26a77674f33a3409eb99e15d2f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:17:34 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6063c0461b947c26a77674f33a3409eb99e15d2f", "tree": "2ac98e4a0a5fa7f6da95e6c5978684da215b4277", "parents": [ "5c884c1d4ac955987e84acf2d36c0f160536aca4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:12:13 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5c884c1d4ac955987e84acf2d36c0f160536aca4", "tree": "a4d19da174e193a7844788846c53c25948ed2a54", "parents": [ "b46610caba4bd9263afd07c7ef7a79974550554a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:16:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:49 2012 -0500" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b46610caba4bd9263afd07c7ef7a79974550554a", "tree": "3f1edce9d24e9e7af2661ab4c2eeae744beb183c", "parents": [ "94d4ef0c2b3e6c799f78d223e233254a870c4559" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:11:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:48 2012 -0500" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "117ff42fd43e92d24c6aa6f3e4f0f1e1edada140", "tree": "c08e1c0357fde481a16489b77feb8f6073faf538", "parents": [ "1d5783030a14d1b6ee763f63c8136e581f48b365", "805a6af8dba5dfdd35ec35dc52ec0122400b2610" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 04 21:35:43 2012 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 04 21:35:43 2012 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n" }, { "commit": "d10577a8d86a0c735488d66d32289a6d66bcfa20", "tree": "a38b3606fb863064eb89166f6a3115f7c5eccfd7", "parents": [ "be08d6d260b6e7eb346162a1081cdf5f94fda569" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 13:06:11 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:57:13 2012 -0500" }, "message": "vfs: trim includes a bit\n\n[folded fix for missing magic.h from Tetsuo Handa]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04fc66e789a896e684bfdca30208e57eb832dd96", "tree": "37c26bff07e48c8c25d147850b7906d0d1c79a81", "parents": [ "4572befe248fd0d94aedc98775e3f0ddc8a26651" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:58:38 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:19 2012 -0500" }, "message": "switch -\u003epath_mknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4572befe248fd0d94aedc98775e3f0ddc8a26651", "tree": "2f4c4dabaebadb2790c8266a0434c7030c5f7cc0", "parents": [ "d179333f37d33533f4c77118f757b9e7835ccb7c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:56:21 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "switch -\u003epath_mkdir() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d179333f37d33533f4c77118f757b9e7835ccb7c", "tree": "479ae66773eab3fd6aa1c843e753a02063c65d40", "parents": [ "84dfa9897ef913771af44484fefbe0de29fdce51" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 26 23:03:17 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "tomoyo_mini_stat: switch to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "52ef0c042bf06f6aef382fade175075627beebc1", "tree": "a1256aebfd835da4cb29a80f391112fea82bf38e", "parents": [ "910f4ecef3f67714ebff69d0bc34313e48afaed2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch securityfs_create_file() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "910f4ecef3f67714ebff69d0bc34313e48afaed2", "tree": "348fe3b5d8789a4c019a700da5501a4756f988de", "parents": [ "49f0a0767211d3076974e59a26f36b567cbe8621" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:25:58 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch security_path_chmod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "dba19c6064766730dd64757a010ec3aec503ecdb", "tree": "2071835ccfcb169b6219be7d5a4692fcfdcbd2c5", "parents": [ "1b9d5ff7644ddf2723c9205f4726c95ec01bf033" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 25 20:49:29 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:12 2012 -0500" }, "message": "get rid of open-coded S_ISREG(), etc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a67aafb5f72a436ca044293309fa7e6351d6a35", "tree": "d9e58600148de9d41b478cf815773b746647d15b", "parents": [ "4acdaf27ebe2034c342f3be57ef49aed1ad885ef" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:52:52 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:54 2012 -0500" }, "message": "switch -\u003emknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4acdaf27ebe2034c342f3be57ef49aed1ad885ef", "tree": "d89a876ee19cd88609a587f8aa6c464a52ee6d98", "parents": [ "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:42:34 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch -\u003ecreate() to umode_t\n\nvfs_create() ignores everything outside of 16bit subset of its\nmode argument; switching it to umode_t is obviously equivalent\nand it\u0027s the only caller of the method\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c", "tree": "4ee4e584bc9a67f3ec14ce159d2d7d4a27e68d4a", "parents": [ "8208a22bb8bd3c52ef634b4ff194f14892ab1713" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:41:39 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch vfs_mkdir() and -\u003emkdir() to umode_t\n\nvfs_mkdir() gets int, but immediately drops everything that might not\nfit into umode_t and that\u0027s the only caller of -\u003emkdir()...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4c1d5a64f134b254552b6211f6f79a1da667eab7", "tree": "130b704f727054b93f2a784a8d08252a1ecda3a0", "parents": [ "32dc730860155b235f13e0cd3fe58b263279baf9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:21:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:41 2012 -0500" }, "message": "vfs: for usbfs, etc. internal vfsmounts -\u003emnt_sb-\u003es_root \u003d\u003d -\u003emnt_root\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e407699ef56ed948739dd57a5578ba8cb5bd81b2", "tree": "830069801b88d2b7957c6bb0baf012e9637ec4fd", "parents": [ "c5dc332eb93881fc8234d652f6e91a2825b06503" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:14:54 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "btrfs, nfs, apparmor: don\u0027t pull mnt_namespace.h for no reason...\n\nit\u0027s not needed anymore; we used to, back when we had to do\nmount_subtree() by hand, complete with put_mnt_ns() in it.\nNo more... Apparmor didn\u0027t need it since the __d_path() fix.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c5dc332eb93881fc8234d652f6e91a2825b06503", "tree": "40327f76166c51e9109a6a1997566336529f6938", "parents": [ "aa0a4cf0ab4b03db21133a0ba62f558ed1bfcd1d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:08:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "tomoyo: stop including hell knows what\n\ntomoyo/realpath.c needs exactly one include - that of common.h. It pulls\neverything the thing needs, without doing ridiculous garbage such as trying\nto include ../../fs/internal.h. If that alone doesn\u0027t scream \"layering\nviolation\", I don\u0027t know what does; and these days it\u0027s all for nothing,\nsince it fortunately does not use any symbols defined in there...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "30e053248da178cf6154bb7e950dc8713567e3fa", "tree": "3ef4cb7f85f581fe53361ea0eb2586a8b6e696c2", "parents": [ "4376eee92e5a8332b470040e672ea99cd44c826a" ], "author": { "name": "Jan Kara", "email": "jack@suse.cz", "time": "Tue Jan 03 13:14:29 2012 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 03 16:12:19 2012 -0800" }, "message": "security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set\n\nCommit 1e39f384bb01 (\"evm: fix build problems\") makes the stub version\nof security_old_inode_init_security() return 0 when CONFIG_SECURITY is\nnot set.\n\nBut that makes callers such as reiserfs_security_init() assume that\nsecurity_old_inode_init_security() has set name, value, and len\narguments properly - but security_old_inode_init_security() left them\nuninitialized which then results in interesting failures.\n\nRevert security_old_inode_init_security() to the old behavior of\nreturning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this\njust fine.\n\n[ Also fixed the S_PRIVATE(inode) case of the actual non-stub\n security_old_inode_init_security() function to return EOPNOTSUPP\n for the same reason, as pointed out by Mimi Zohar.\n\n It got incorrectly changed to match the new function in commit\n fb88c2b6cbb1: \"evm: fix security/security_old_init_security return\n code\". - Linus ]\n\nReported-by: Jorge Bastos \u003cmysql.jorge@decimal.pt\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "abb434cb0539fb355c1c921f8fd761efbbac3462", "tree": "24a7d99ec161f8fd4dc9ff03c9c4cc93be883ce6", "parents": [ "2494654d4890316e7340fb8b3458daad0474a1b9", "6350323ad8def2ac00d77cdee3b79c9b9fba75c4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tnet/bluetooth/l2cap_core.c\n\nJust two overlapping changes, one added an initialization of\na local variable, and another change added a new local variable.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "50345f1ea9cda4618d9c26e590a97ecd4bc7ac75", "tree": "57b03dc68f894df468a3ca3c3929e1aff48bd6c2", "parents": [ "428f32817505f67992e8efe62d6a9c7cbb3f2498" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 13 14:49:04 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 21 11:28:56 2011 +1100" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94d4ef0c2b3e6c799f78d223e233254a870c4559", "tree": "ffb88af7d64d99e6adfe8b78b2f3dc751447dc64", "parents": [ "c3b92c8787367a8bb53d57d9789b558f1295cc96" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Oct 05 12:19:19 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 20 14:38:53 2011 -0500" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "97426f985729573cea06e82e271cc3929f1f5f8e", "tree": "4aafe725018a95dc5c76ede5199d24aea524b060", "parents": [ "d21b59451886cb82448302f8d6f9ac87c3bd56cf" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:42 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:50:08 2011 +0200" }, "message": "evm: prevent racing during tfm allocation\n\nThere is a small chance of racing during tfm allocation.\nThis patch fixes it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d21b59451886cb82448302f8d6f9ac87c3bd56cf", "tree": "f2842dca9ee3c2c3febbe2f6984bb2c5e2a34c28", "parents": [ "511585a28e5b5fd1cac61e601e42efc4c5dd64b5" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:41 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:45:45 2011 +0200" }, "message": "evm: key must be set once during initialization\n\nOn multi-core systems, setting of the key before every caclculation,\ncauses invalid HMAC calculation for other tfm users, because internal\nstate (ipad, opad) can be invalid before set key call returns.\nIt needs to be set only once during initialization.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da", "tree": "af324024e68047b9fff7ddf49c3e8f8e6024792e", "parents": [ "45fae7493970d7c45626ccd96d4a74f5f1eea5a9" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:28 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:07:54 2011 -0500" }, "message": "ima: fix invalid memory reference\n\nDon\u0027t free a valid measurement entry on TPM PCR extend failure.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "45fae7493970d7c45626ccd96d4a74f5f1eea5a9", "tree": "0c7bdd82bfcb4bd921a64abb441ca5c20c82a3df", "parents": [ "114d6e9c103736487c967060d0a7aec9a7fce967" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Dec 19 15:57:27 2011 +0100" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 19 22:04:32 2011 -0500" }, "message": "ima: free duplicate measurement memory\n\nInfo about new measurements are cached in the iint for performance. When\nthe inode is flushed from cache, the associated iint is flushed as well.\nSubsequent access to the inode will cause the inode to be re-measured and\nwill attempt to add a duplicate entry to the measurement list.\n\nThis patch frees the duplicate measurement memory, fixing a memory leak.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "2ff6fa8fafd6fa94029fa0558a6b85956930f1f5", "tree": "b9e12bb9ef1a92c68bb459ae82fa4e76629bcfca", "parents": [ "b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb" ], "author": { "name": "Thomas Meyer", "email": "thomas@m3y3r.de", "time": "Thu Nov 17 23:43:40 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 19 11:23:56 2011 +1100" }, "message": "selinux: Casting (void *) value returned by kmalloc is useless\n\nThe semantic patch that makes this change is available\nin scripts/coccinelle/api/alloc/drop_kmalloc_cast.cocci.\n\nSigned-off-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb", "tree": "7a748b15df00f1338a0fba89455f202a58f53dbf", "parents": [ "735e93c70434614bffac4a914ca1da72e37d43c0" ], "author": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Thu Dec 15 13:41:32 2011 +1030" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Dec 16 12:45:24 2011 +1100" }, "message": "apparmor: fix module parameter handling\n\nThe \u0027aabool\u0027 wrappers actually pass off to the \u0027bool\u0027 parse functions,\nso you should use the same check function. Similarly for aauint and\nuint.\n\n(Note that \u0027bool\u0027 module parameters also allow \u0027int\u0027, which is why you\ngot away with this, but that\u0027s changing very soon.)\n\nCc: linux-security-module@vger.kernel.org\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2f7ee5691eecb67c8108b92001a85563ea336ac5", "tree": "18cf60ea8a463f4a6cd59c68926ba4357ae8ff4c", "parents": [ "134d33737f9015761c3832f6b268fae6274aac7f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Dec 12 18:12:21 2011 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Dec 12 18:12:21 2011 -0800" }, "message": "cgroup: introduce cgroup_taskset and use it in subsys-\u003ecan_attach(), cancel_attach() and attach()\n\nCurrently, there\u0027s no way to pass multiple tasks to cgroup_subsys\nmethods necessitating the need for separate per-process and per-task\nmethods. This patch introduces cgroup_taskset which can be used to\npass multiple tasks and their associated cgroups to cgroup_subsys\nmethods.\n\nThree methods - can_attach(), cancel_attach() and attach() - are\nconverted to use cgroup_taskset. This unifies passed parameters so\nthat all methods have access to all information. Conversions in this\npatchset are identical and don\u0027t introduce any behavior change.\n\n-v2: documentation updated as per Paul Menage\u0027s suggestion.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nReviewed-by: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nReviewed-by: Frederic Weisbecker \u003cfweisbec@gmail.com\u003e\nAcked-by: Paul Menage \u003cpaul@paulmenage.org\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Balbir Singh \u003cbsingharora@gmail.com\u003e\nCc: Daisuke Nishimura \u003cnishimura@mxp.nes.nec.co.jp\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "735e93c70434614bffac4a914ca1da72e37d43c0", "tree": "45f922c538fcfba5fd17c6889e573135250bed12", "parents": [ "bb80d880ad2b11cd4ea5f28f815016b1548224a4" ], "author": { "name": "Greg Kroah-Hartman", "email": "gregkh@suse.de", "time": "Fri Dec 09 11:23:46 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 12 17:23:18 2011 +1100" }, "message": "Security: tomoyo: add .gitignore file\n\nThis adds the .gitignore file for the autogenerated TOMOYO files to keep\ngit from complaining after building things.\n\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@suse.de\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bb80d880ad2b11cd4ea5f28f815016b1548224a4", "tree": "70ab38ab2d388f39efd9cd4f7f91859f0f3cf5e2", "parents": [ "2053c4727c5a891bf182397e425b6cb87b2ae613" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Dec 08 16:30:42 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 12 17:21:40 2011 +1100" }, "message": "tomoyo: add missing rcu_dereference()\n\nAdds a missed rcu_dereference() around real_parent.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2053c4727c5a891bf182397e425b6cb87b2ae613", "tree": "531090ac23e90b4aa64416a62c4625ffffec181f", "parents": [ "143b01d33221e4937d3930e6bb2b63d70b7c7a65" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Dec 08 16:25:48 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Dec 09 12:08:41 2011 +1100" }, "message": "apparmor: add missing rcu_dereference()\n\nAdds a missed rcu_dereference() around real_parent.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1418a3e5ad4d01b1d4abf2c479c50b0cedd59e3f", "tree": "daec3f125671eeb36a55ca0d00c3473af2c8872c", "parents": [ "34a9d2c39afe74a941b9e88efe2762afc4d82443" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Dec 08 21:24:06 2011 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 08 13:18:12 2011 -0800" }, "message": "TOMOYO: Fix pathname handling of disconnected paths.\n\nCurrent tomoyo_realpath_from_path() implementation returns strange pathname\nwhen calculating pathname of a file which belongs to lazy unmounted tree.\nUse local pathname rather than strange absolute pathname in that case.\n\nAlso, this patch fixes a regression by commit 02125a82 \"fix apparmor\ndereferencing potentially freed dentry, sanitize __d_path() API\".\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "143b01d33221e4937d3930e6bb2b63d70b7c7a65", "tree": "5cae452fecfd8b1fb6b0ae1f159929ada81d8b1f", "parents": [ "88d7ed35085184f15a2af3d9e88d775059b2f307" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:42 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 08 10:06:12 2011 +1100" }, "message": "evm: prevent racing during tfm allocation\n\nThere is a small chance of racing during tfm allocation.\nThis patch fixes it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "88d7ed35085184f15a2af3d9e88d775059b2f307", "tree": "f02d2530e0f665fea4c5b240404f7767d39f47bf", "parents": [ "fe0e94c5a7e5335ba0d200e7d3e26e9f80cda4b1" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:41 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 08 10:06:09 2011 +1100" }, "message": "evm: key must be set once during initialization\n\nOn multi-core systems, setting of the key before every caclculation,\ncauses invalid HMAC calculation for other tfm users, because internal\nstate (ipad, opad) can be invalid before set key call returns.\nIt needs to be set only once during initialization.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "02125a826459a6ad142f8d91c5b6357562f96615", "tree": "8c9d9860aef93917d9b8cc6d471fe68b58ce7a9d", "parents": [ "5611cc4572e889b62a7b4c72a413536bf6a9c416" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 05 08:43:34 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 06 23:57:18 2011 -0500" }, "message": "fix apparmor dereferencing potentially freed dentry, sanitize __d_path() API\n\n__d_path() API is asking for trouble and in case of apparmor d_namespace_path()\ngetting just that. The root cause is that when __d_path() misses the root\nit had been told to look for, it stores the location of the most remote ancestor\nin *root. Without grabbing references. Sure, at the moment of call it had\nbeen pinned down by what we have in *path. And if we raced with umount -l, we\ncould have very well stopped at vfsmount/dentry that got freed as soon as\nprepend_path() dropped vfsmount_lock.\n\nIt is safe to compare these pointers with pre-existing (and known to be still\nalive) vfsmount and dentry, as long as all we are asking is \"is it the same\naddress?\". Dereferencing is not safe and apparmor ended up stepping into\nthat. d_namespace_path() really wants to examine the place where we stopped,\neven if it\u0027s not connected to our namespace. As the result, it looked\nat -\u003ed_sb-\u003es_magic of a dentry that might\u0027ve been already freed by that point.\nAll other callers had been careful enough to avoid that, but it\u0027s really\na bad interface - it invites that kind of trouble.\n\nThe fix is fairly straightforward, even though it\u0027s bigger than I\u0027d like:\n\t* prepend_path() root argument becomes const.\n\t* __d_path() is never called with NULL/NULL root. It was a kludge\nto start with. Instead, we have an explicit function - d_absolute_root().\nSame as __d_path(), except that it doesn\u0027t get root passed and stops where\nit stops. apparmor and tomoyo are using it.\n\t* __d_path() returns NULL on path outside of root. The main\ncaller is show_mountinfo() and that\u0027s precisely what we pass root for - to\nskip those outside chroot jail. Those who don\u0027t want that can (and do)\nuse d_path().\n\t* __d_path() root argument becomes const. Everyone agrees, I hope.\n\t* apparmor does *NOT* try to use __d_path() or any of its variants\nwhen it sees that path-\u003emnt is an internal vfsmount. In that case it\u0027s\ndefinitely not mounted anywhere and dentry_path() is exactly what we want\nthere. Handling of sysctl()-triggered weirdness is moved to that place.\n\t* if apparmor is asked to do pathname relative to chroot jail\nand __d_path() tells it we it\u0027s not in that jail, the sucker just calls\nd_absolute_path() instead. That\u0027s the other remaining caller of __d_path(),\nBTW.\n * seq_path_root() does _NOT_ return -ENAMETOOLONG (it\u0027s stupid anyway -\nthe normal seq_file logics will take care of growing the buffer and redoing\nthe call of -\u003eshow() just fine). However, if it gets path not reachable\nfrom root, it returns SEQ_SKIP. The only caller adjusted (i.e. stopped\nignoring the return value as it used to do).\n\nReviewed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nACKed-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: stable@vger.kernel.org\n" }, { "commit": "7f1fb60c4fc9fb29fbb406ac8c4cfb4e59e168d6", "tree": "c099fd6899f382c439e29aed54c912ee95453324", "parents": [ "d5f43c1ea4260807a894150b680fa0a0dd386259" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Dec 06 07:56:43 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Dec 06 13:57:36 2011 -0500" }, "message": "inet_diag: Partly rename inet_ to sock_\n\nThe ultimate goal is to get the sock_diag module, that works in\nfamily+protocol terms. Currently this is suitable to do on the\ninet_diag basis, so rename parts of the code. It will be moved\nto sock_diag.c later.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "75f2811c6460ccc59d83c66059943ce9c9f81a18", "tree": "49373cf5f5b11358aeb587209ad270496f751609", "parents": [ "396cf9430505cfba529a2f2a037d782719fa5844" ], "author": { "name": "Jesse Gross", "email": "jesse@nicira.com", "time": "Wed Nov 30 17:05:51 2011 -0800" }, "committer": { "name": "Jesse Gross", "email": "jesse@nicira.com", "time": "Sat Dec 03 09:35:10 2011 -0800" }, "message": "ipv6: Add fragment reporting to ipv6_skip_exthdr().\n\nWhile parsing through IPv6 extension headers, fragment headers are\nskipped making them invisible to the caller. This reports the\nfragment offset of the last header in order to make it possible to\ndetermine whether the packet is fragmented and, if so whether it is\na first or last fragment.\n\nSigned-off-by: Jesse Gross \u003cjesse@nicira.com\u003e\n" }, { "commit": "4e3fd7a06dc20b2d8ec6892233ad2012968fe7b6", "tree": "da3fbec7672ac6b967dfa31cec6c88f468a57fa2", "parents": [ "40ba84993d66469d336099c5af74c3da5b73e28d" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Nov 21 03:39:03 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 22 16:43:32 2011 -0500" }, "message": "net: remove ipv6_addr_copy()\n\nC assignment can handle struct in6_addr copying.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "de353533753e048b5c4658f0a42365937527ac45", "tree": "376ea9cb73de3691d4f907ad98f13f838742395e", "parents": [ "4e2c5b28f8086cd2f678ade0ea21d8c3cc058c53" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Nov 21 17:31:15 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 22 10:02:32 2011 +1100" }, "message": "digsig: build dependency fix\n\nFix build errors by adding Kconfig dependency on KEYS.\nCRYPTO dependency removed.\n\n CC security/integrity/digsig.o\nsecurity/integrity/digsig.c: In function ?integrity_digsig_verify?:\nsecurity/integrity/digsig.c:38:4: error: implicit declaration of function ?request_key?\nsecurity/integrity/digsig.c:38:17: error: ?key_type_keyring? undeclared (first use in this function)\nsecurity/integrity/digsig.c:38:17: note: each undeclared identifier is reported only once for each function it appears in\nmake[2]: *** [security/integrity/digsig.o] Error 1\n\nReported-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4e2c5b28f8086cd2f678ade0ea21d8c3cc058c53", "tree": "789fbdac68279765ade21c576bb22b77a5c112bc", "parents": [ "8077e8b059232f23fe51fdc42868dcd8ba293549", "15647eb3985ef30dfd657038924dc85c03026733" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 18:21:31 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 18:21:31 2011 +1100" }, "message": "Merge branch \u0027next-evm-digsig\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/kasatkin/linux-digsig into next\n" }, { "commit": "b85c804d5ad48f239871b95afbddd84422e06f25", "tree": "b78af4d780dc7eec0c7b866194385150e6b29500", "parents": [ "fe8a0df46e5076429872887b467c538bc9c0c738", "9c69898783a0121399ec078d40d4ccc00e3cb0df" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 11:17:23 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 11:17:23 2011 +1100" }, "message": "Merge branch \u0027encrypted-key-fixes\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into for-linus\n" }, { "commit": "fe8a0df46e5076429872887b467c538bc9c0c738", "tree": "8118ba6e7d052527a14970b081934a2935283174", "parents": [ "6aaf05f472c97ebceff47d9eef464574f1a55727", "40809565ca57a8e94bae20b22da014c44ec233f6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 11:17:06 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 18 11:17:06 2011 +1100" }, "message": "Merge branch \u0027for-1111\u0027 of git://gitorious.org/smack-next/kernel into for-linus\n" }, { "commit": "7845bc3964756240863ae453ffe4f7ee27ddc954", "tree": "3a3b9bf568184a3ae82bc581b63e1576ce99d7c8", "parents": [ "24942c8e5cc8696064ee207ff29d4cf21f70dafc" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Nov 16 11:15:54 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Nov 17 09:35:32 2011 +1100" }, "message": "KEYS: Give key types their own lockdep class for key-\u003esem\n\nGive keys their own lockdep class to differentiate them from each other in case\na key of one type has to refer to a key of another type.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9c69898783a0121399ec078d40d4ccc00e3cb0df", "tree": "7163913d680c3160918a466f92cacb473c2c91ec", "parents": [ "f4a0d5abef14562c37dee5a1d49180f494106230" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Oct 16 19:17:48 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Nov 16 14:23:14 2011 -0500" }, "message": "encrypted-keys: module build fixes\n\nEncrypted keys are encrypted/decrypted using either a trusted or\nuser-defined key type, which is referred to as the \u0027master\u0027 key.\nThe master key may be of type trusted iff the trusted key is\nbuiltin or both the trusted key and encrypted keys are built as\nmodules. This patch resolves the build dependency problem.\n\n- Use \"masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS)\" construct\nto encapsulate the above logic. (Suggested by Dimtry Kasatkin.)\n- Fixing the encrypted-keys Makefile, results in a module name change\nfrom encrypted.ko to encrypted-keys.ko.\n- Add module dependency for request_trusted_key() definition\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f4a0d5abef14562c37dee5a1d49180f494106230", "tree": "be3b35ecaf9a2372fae08ac83d006b21e1c43021", "parents": [ "ff0ff78068dd8a962358dbbdafa9d6f24540d3e5" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Oct 24 08:17:42 2011 -0400" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Nov 16 14:23:13 2011 -0500" }, "message": "encrypted-keys: fix error return code\n\nFix request_master_key() error return code.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "24942c8e5cc8696064ee207ff29d4cf21f70dafc", "tree": "08a8221eb72ec3da7746d7d76f6f5915ce77cde7", "parents": [ "e163bc8e4a0cd1cdffadb58253f7651201722d56", "ff0ff78068dd8a962358dbbdafa9d6f24540d3e5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v3.2-rc2\u0027 into next\n" }, { "commit": "9f35a33b8d06263a165efe3541d9aa0cdbd70b3b", "tree": "2825d1bf9ea73d22e4cab45bb2cdc021c6e09380", "parents": [ "cfcfc9eca2bcbd26a8e206baeb005b055dbf8e37" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Nov 15 22:09:45 2011 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Nov 15 22:32:38 2011 -0200" }, "message": "KEYS: Fix a NULL pointer deref in the user-defined key type\n\nFix a NULL pointer deref in the user-defined key type whereby updating a\nnegative key into a fully instantiated key will cause an oops to occur\nwhen the code attempts to free the non-existent old payload.\n\nThis results in an oops that looks something like the following:\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000008\n IP: [\u003cffffffff81085fa1\u003e] __call_rcu+0x11/0x13e\n PGD 3391d067 PUD 3894a067 PMD 0\n Oops: 0002 [#1] SMP\n CPU 1\n Pid: 4354, comm: keyctl Not tainted 3.1.0-fsdevel+ #1140 /DG965RY\n RIP: 0010:[\u003cffffffff81085fa1\u003e] [\u003cffffffff81085fa1\u003e] __call_rcu+0x11/0x13e\n RSP: 0018:ffff88003d591df8 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000006e\n RDX: ffffffff8161d0c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff88003d591e18 R08: 0000000000000000 R09: ffffffff8152fa6c\n R10: 0000000000000000 R11: 0000000000000300 R12: ffff88003b8f9538\n R13: ffffffff8161d0c0 R14: ffff88003b8f9d50 R15: ffff88003c69f908\n FS: 00007f97eb18c720(0000) GS:ffff88003bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000003d47a000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Process keyctl (pid: 4354, threadinfo ffff88003d590000, task ffff88003c78a040)\n Stack:\n ffff88003e0ffde0 ffff88003b8f9538 0000000000000001 ffff88003b8f9d50\n ffff88003d591e28 ffffffff810860f0 ffff88003d591e68 ffffffff8117bfea\n ffff88003d591e68 ffffffff00000000 ffff88003e0ffde1 ffff88003e0ffde0\n Call Trace:\n [\u003cffffffff810860f0\u003e] call_rcu_sched+0x10/0x12\n [\u003cffffffff8117bfea\u003e] user_update+0x8d/0xa2\n [\u003cffffffff8117723a\u003e] key_create_or_update+0x236/0x270\n [\u003cffffffff811789b1\u003e] sys_add_key+0x123/0x17e\n [\u003cffffffff813b84bb\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nAcked-by: Neil Horman \u003cnhorman@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nCc: stable@kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "af7ff2c2c45e6c6d533dd968709732da3d1d48f8", "tree": "5c3809af634ee633d351c04d7201324d7da4ca82", "parents": [ "59df3166ef293288d164ab3362a717743e62d20c" ], "author": { "name": "Andy Shevchenko", "email": "andriy.shevchenko@linux.intel.com", "time": "Tue Nov 15 15:11:41 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 11:30:26 2011 +1100" }, "message": "selinuxfs: remove custom hex_to_bin()\n\nSigned-off-by: Andy Shevchenko \u003candriy.shevchenko@linux.intel.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "40809565ca57a8e94bae20b22da014c44ec233f6", "tree": "6cad3fa8f6345934cf6c67552235869973524d21", "parents": [ "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 10 15:02:22 2011 -0800" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Nov 11 11:07:21 2011 -0800" }, "message": "Smack: smackfs cipso seq read repair\n\nCommit 272cd7a8c67dd40a31ecff76a503bbb84707f757 introduced\na change to the way rule lists are handled and reported in\nthe smackfs filesystem. One of the issues addressed had to\ndo with the termination of read requests on /smack/load.\nThis change introduced a error in /smack/cipso, which shares\nsome of the same list processing code.\n\nThis patch updates all the file access list handling in\nsmackfs to use the code introduced for /smack/load.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "15647eb3985ef30dfd657038924dc85c03026733", "tree": "5d4629ef3b687ff56a446f42a8ee5aa35ec9322b", "parents": [ "8607c501478432b23654739c7321bc7456053cb6" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 01 14:41:40 2011 +0300" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Nov 09 16:51:14 2011 +0200" }, "message": "evm: digital signature verification support\n\nThis patch adds support for digital signature verification to EVM.\nWith this feature file metadata can be protected using digital\nsignature instead of an HMAC. When building an image,\nwhich has to be flashed to different devices, an HMAC cannot\nbe used to sign file metadata, because the HMAC key should be\ndifferent on every device.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "8607c501478432b23654739c7321bc7456053cb6", "tree": "598ef1649a261954cb1cafc05189ddedb3bd3ff8", "parents": [ "051dbb918c7fb7da8e64a2cd0d804ba73399709f" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Oct 05 11:54:46 2011 +0300" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Nov 09 16:51:09 2011 +0200" }, "message": "integrity: digital signature verification using multiple keyrings\n\nDefine separate keyrings for each of the different use cases - evm, ima,\nand modules. Using different keyrings improves search performance, and also\nallows \"locking\" specific keyring to prevent adding new keys.\nThis is useful for evm and module keyrings, when keys are usually only\nadded from initramfs.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "32aaeffbd4a7457bf2f7448b33b5946ff2a960eb", "tree": "faf7ad871d87176423ff9ed1d1ba4d9c688fc23f", "parents": [ "208bca0860406d16398145ddd950036a737c3c9d", "67b84999b1a8b1af5625b1eabe92146c5eb42932" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Nov 06 19:44:47 2011 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Nov 06 19:44:47 2011 -0800" }, "message": "Merge branch \u0027modsplit-Oct31_2011\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux\n\n* \u0027modsplit-Oct31_2011\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: (230 commits)\n Revert \"tracing: Include module.h in define_trace.h\"\n irq: don\u0027t put module.h into irq.h for tracking irqgen modules.\n bluetooth: macroize two small inlines to avoid module.h\n ip_vs.h: fix implicit use of module_get/module_put from module.h\n nf_conntrack.h: fix up fallout from implicit moduleparam.h presence\n include: replace linux/module.h with \"struct module\" wherever possible\n include: convert various register fcns to macros to avoid include chaining\n crypto.h: remove unused crypto_tfm_alg_modname() inline\n uwb.h: fix implicit use of asm/page.h for PAGE_SIZE\n pm_runtime.h: explicitly requires notifier.h\n linux/dmaengine.h: fix implicit use of bitmap.h and asm/page.h\n miscdevice.h: fix up implicit use of lists and types\n stop_machine.h: fix implicit use of smp.h for smp_processor_id\n of: fix implicit use of errno.h in include/linux/of.h\n of_platform.h: delete needless include \u003clinux/module.h\u003e\n acpi: remove module.h include from platform/aclinux.h\n miscdevice.h: delete unnecessary inclusion of module.h\n device_cgroup.h: delete needless include \u003clinux/module.h\u003e\n net: sch_generic remove redundant use of \u003clinux/module.h\u003e\n net: inet_timewait_sock doesnt need \u003clinux/module.h\u003e\n ...\n\nFix up trivial conflicts (other header files, and removal of the ab3550 mfd driver) in\n - drivers/media/dvb/frontends/dibx000_common.c\n - drivers/media/video/{mt9m111.c,ov6650.c}\n - drivers/mfd/ab3550-core.c\n - include/linux/dmaengine.h\n" }, { "commit": "2380078cdb7e6d520e33dcf834e0be979d542e48", "tree": "105a729f483b77453ea7a570f39e9efe76e38aa0", "parents": [ "6681ba7ec480bc839584fd0817991d248b4b9e44", "59df3166ef293288d164ab3362a717743e62d20c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 17:01:01 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.selinuxproject.org/~jmorris/linux-security:\n TOMOYO: Fix interactive judgment functionality.\n" }, { "commit": "de0a5345a55b8dd5a4695181275df0e691176830", "tree": "17530e824f7f46ce0b1757657179fb5957a6add5", "parents": [ "994c0e992522c123298b4a91b72f5e67ba2d1123", "8535639810e578960233ad39def3ac2157b0c3ec" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 02 09:45:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://github.com/richardweinberger/linux\n\n* \u0027for-linus\u0027 of git://github.com/richardweinberger/linux: (90 commits)\n um: fix ubd cow size\n um: Fix kmalloc argument order in um/vdso/vma.c\n um: switch to use of drivers/Kconfig\n UserModeLinux-HOWTO.txt: fix a typo\n UserModeLinux-HOWTO.txt: remove ^H characters\n um: we need sys/user.h only on i386\n um: merge delay_{32,64}.c\n um: distribute exports to where exported stuff is defined\n um: kill system-um.h\n um: generic ftrace.h will do...\n um: segment.h is x86-only and needed only there\n um: asm/pda.h is not needed anymore\n um: hw_irq.h can go generic as well\n um: switch to generic-y\n um: clean Kconfig up a bit\n um: a couple of missing dependencies...\n um: kill useless argument of free_chan() and free_one_chan()\n um: unify ptrace_user.h\n um: unify KSTK_...\n um: fix gcov build breakage\n ...\n" }, { "commit": "3369465ed1a6a9aa9b885a6d7d8e074ecbd782da", "tree": "ac60be76e1d363caab63156c1390f1ab0c4ee96c", "parents": [ "c039aff672a540f8976770e74599d350de1805cb" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Thu Aug 18 20:11:59 2011 +0100" }, "committer": { "name": "Richard Weinberger", "email": "richard@nod.at", "time": "Wed Nov 02 14:15:41 2011 +0100" }, "message": "um: switch to use of drivers/Kconfig\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Richard Weinberger \u003crichard@nod.at\u003e\n" }, { "commit": "02473119bc54b0b239c2501064c7a37314347f87", "tree": "e3f0cdfbe4ee67d089ab731f213b2e0f91a3daa1", "parents": [ "50e1499f468fd74c6db95deb2e1e6bfee578ae70" ], "author": { "name": "Andy Shevchenko", "email": "andriy.shevchenko@linux.intel.com", "time": "Mon Oct 31 17:12:55 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:56 2011 -0700" }, "message": "security: follow rename pack_hex_byte() to hex_byte_pack()\n\nThere is no functional change.\n\nSigned-off-by: Andy Shevchenko \u003candriy.shevchenko@linux.intel.com\u003e\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fcf634098c00dd9cd247447368495f0b79be12d1", "tree": "77fc98cd461bd52ba3b14e833d54a115ffbbd7bc", "parents": [ "32ea845d5bafc37b7406bea1aee3005407cb0900" ], "author": { "name": "Christopher Yeoh", "email": "cyeoh@au1.ibm.com", "time": "Mon Oct 31 17:06:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:44 2011 -0700" }, "message": "Cross Memory Attach\n\nThe basic idea behind cross memory attach is to allow MPI programs doing\nintra-node communication to do a single copy of the message rather than a\ndouble copy of the message via shared memory.\n\nThe following patch attempts to achieve this by allowing a destination\nprocess, given an address and size from a source process, to copy memory\ndirectly from the source process into its own address space via a system\ncall. There is also a symmetrical ability to copy from the current\nprocess\u0027s address space into a destination process\u0027s address space.\n\n- Use of /proc/pid/mem has been considered, but there are issues with\n using it:\n - Does not allow for specifying iovecs for both src and dest, assuming\n preadv or pwritev was implemented either the area read from or\n written to would need to be contiguous.\n - Currently mem_read allows only processes who are currently\n ptrace\u0027ing the target and are still able to ptrace the target to read\n from the target. This check could possibly be moved to the open call,\n but its not clear exactly what race this restriction is stopping\n (reason appears to have been lost)\n - Having to send the fd of /proc/self/mem via SCM_RIGHTS on unix\n domain socket is a bit ugly from a userspace point of view,\n especially when you may have hundreds if not (eventually) thousands\n of processes that all need to do this with each other\n - Doesn\u0027t allow for some future use of the interface we would like to\n consider adding in the future (see below)\n - Interestingly reading from /proc/pid/mem currently actually\n involves two copies! (But this could be fixed pretty easily)\n\nAs mentioned previously use of vmsplice instead was considered, but has\nproblems. Since you need the reader and writer working co-operatively if\nthe pipe is not drained then you block. Which requires some wrapping to\ndo non blocking on the send side or polling on the receive. In all to all\ncommunication it requires ordering otherwise you can deadlock. And in the\nexample of many MPI tasks writing to one MPI task vmsplice serialises the\ncopying.\n\nThere are some cases of MPI collectives where even a single copy interface\ndoes not get us the performance gain we could. For example in an\nMPI_Reduce rather than copy the data from the source we would like to\ninstead use it directly in a mathops (say the reduce is doing a sum) as\nthis would save us doing a copy. We don\u0027t need to keep a copy of the data\nfrom the source. I haven\u0027t implemented this, but I think this interface\ncould in the future do all this through the use of the flags - eg could\nspecify the math operation and type and the kernel rather than just\ncopying the data would apply the specified operation between the source\nand destination and store it in the destination.\n\nAlthough we don\u0027t have a \"second user\" of the interface (though I\u0027ve had\nsome nibbles from people who may be interested in using it for intra\nprocess messaging which is not MPI). This interface is something which\nhardware vendors are already doing for their custom drivers to implement\nfast local communication. And so in addition to this being useful for\nOpenMPI it would mean the driver maintainers don\u0027t have to fix things up\nwhen the mm changes.\n\nThere was some discussion about how much faster a true zero copy would\ngo. Here\u0027s a link back to the email with some testing I did on that:\n\nhttp://marc.info/?l\u003dlinux-mm\u0026m\u003d130105930902915\u0026w\u003d2\n\nThere is a basic man page for the proposed interface here:\n\nhttp://ozlabs.org/~cyeoh/cma/process_vm_readv.txt\n\nThis has been implemented for x86 and powerpc, other architecture should\nmainly (I think) just need to add syscall numbers for the process_vm_readv\nand process_vm_writev. There are 32 bit compatibility versions for\n64-bit kernels.\n\nFor arch maintainers there are some simple tests to be able to quickly\nverify that the syscalls are working correctly here:\n\nhttp://ozlabs.org/~cyeoh/cma/cma-test-20110718.tgz\n\nSigned-off-by: Chris Yeoh \u003cyeohc@au1.ibm.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: \"H. Peter Anvin\" \u003chpa@zytor.com\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Benjamin Herrenschmidt \u003cbenh@kernel.crashing.org\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \u003clinux-man@vger.kernel.org\u003e\nCc: \u003clinux-arch@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44fc7ea0bfe9143551649a42eb35f1460566c3c5", "tree": "7cfceedba653c69db90912427d140da996ab4f09", "parents": [ "a6ee87790b708dc4cdd3643104417793f0d985ec" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Thu May 26 20:52:10 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 19:31:32 2011 -0400" }, "message": "selinux: Add export.h to files using EXPORT_SYMBOL/THIS_MODULE\n\nThe pervasive, but implicit presence of \u003clinux/module.h\u003e meant\nthat things like this file would happily compile as-is. But\nwith the desire to phase out the module.h being included everywhere,\npoint this file at export.h which will give it THIS_MODULE and\nthe EXPORT_SYMBOL variants.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "59df3166ef293288d164ab3362a717743e62d20c", "tree": "ee10bb9ae940bf59beaf05dd5925d03044eb6559", "parents": [ "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Oct 20 06:48:57 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 29 08:34:41 2011 +1100" }, "message": "TOMOYO: Fix interactive judgment functionality.\n\nCommit 17fcfbd9 \"TOMOYO: Add interactive enforcing mode.\" introduced ability\nto query access decision using userspace programs. It was using global PID for\nreaching policy configuration of the process. However, use of PID returns stale\npolicy configuration when the process\u0027s subjective credentials and objective\ncredentials differ. Fix this problem by allowing reaching policy configuration\nvia query id.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36b8d186e6cc8e32cb5227f5645a58e1bc0af190", "tree": "1000ad26e189e6ff2c53fb7eeff605f59c7ad94e", "parents": [ "cd85b557414fe4cd44ea6608825e96612a5fe2b2", "c45ed235abf1b0b6666417e3c394f18717976acd" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 25 09:45:31 2011 +0200" }, "message": "Merge branch \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027next\u0027 of git://selinuxproject.org/~jmorris/linux-security: (95 commits)\n TOMOYO: Fix incomplete read after seek.\n Smack: allow to access /smack/access as normal user\n TOMOYO: Fix unused kernel config option.\n Smack: fix: invalid length set for the result of /smack/access\n Smack: compilation fix\n Smack: fix for /smack/access output, use string instead of byte\n Smack: domain transition protections (v3)\n Smack: Provide information for UDS getsockopt(SO_PEERCRED)\n Smack: Clean up comments\n Smack: Repair processing of fcntl\n Smack: Rule list lookup performance\n Smack: check permissions from user space (v2)\n TOMOYO: Fix quota and garbage collector.\n TOMOYO: Remove redundant tasklist_lock.\n TOMOYO: Fix domain transition failure warning.\n TOMOYO: Remove tomoyo_policy_memory_lock spinlock.\n TOMOYO: Simplify garbage collector.\n TOMOYO: Fix make namespacecheck warnings.\n target: check hex2bin result\n encrypted-keys: check hex2bin result\n ...\n" }, { "commit": "c45ed235abf1b0b6666417e3c394f18717976acd", "tree": "e41dd99f2c217a8ce160b24d81a4aec1cccbfe02", "parents": [ "e0b057b406a33501a656dc8d67ea945d7bcdad61", "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 22:23:58 2011 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 22:23:58 2011 +0200" }, "message": "Merge branch \u0027master\u0027 of git://gitorious.org/smack-next/kernel into next\n" }, { "commit": "e0b057b406a33501a656dc8d67ea945d7bcdad61", "tree": "16132a7c59322cb1d406a07b875518a3bbd3db39", "parents": [ "6afcb3b7393f5aa388a0d077c490ed411ab3cd27" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Fri Oct 21 12:37:13 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 22 21:55:26 2011 +0200" }, "message": "TOMOYO: Fix incomplete read after seek.\n\nCommit f23571e8 \"TOMOYO: Copy directly to userspace buffer.\" introduced\ntomoyo_flush() that flushes data to be read as soon as possible.\ntomoyo_select_domain() (which is called by write()) enqueues data which meant\nto be read by next read(), but previous read()\u0027s read buffer\u0027s size was not\ncleared. As a result, since 2.6.36, sequence like\n\n char *cp \u003d \"select global-pid\u003d1\\n\";\n read(fd, buf1, sizeof(buf1));\n write(fd, cp, strlen(cp));\n read(fd, buf2, sizeof(buf2));\n\ncauses enqueued data to be flushed to buf1 rather than buf2.\nFix this bug by clearing read buffer\u0027s size upon write() request.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d", "tree": "eac36ba696cf33bbbe3fcd490589ef453d9c8ef1", "parents": [ "d86b2b61d4dea614d6f319772a90a8f98b55ed67" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 21:21:36 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Thu Oct 20 16:07:31 2011 -0700" }, "message": "Smack: allow to access /smack/access as normal user\n\nAllow query access as a normal user removing the need\nfor CAP_MAC_ADMIN. Give RW access to /smack/access\nfor UGO. Do not import smack labels in access check.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "6afcb3b7393f5aa388a0d077c490ed411ab3cd27", "tree": "f2d0bca0df7ee7322dee3cfa914e8bb4febf434b", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun Oct 16 09:43:46 2011 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 19 16:58:59 2011 +0200" }, "message": "TOMOYO: Fix unused kernel config option.\n\nCONFIG_SECURITY_TOMOYO_MAX_{ACCEPT_ENTRY,AUDIT_LOG} introduced by commit\n0e4ae0e0 \"TOMOYO: Make several options configurable.\" were by error not used.\n\nReported-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6230c9b4f8957c8938ee4cf2d03166d3c2dc89de", "tree": "acb6aa03e5b34ab83c4945fdacefee66c5285af2", "parents": [ "835acf5da239b91edb9f7ebe36516999e156e6ee" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Fri Oct 07 09:40:59 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 18 23:36:43 2011 -0400" }, "message": "bluetooth: Properly clone LSM attributes to newly created child connections\n\nThe Bluetooth stack has internal connection handlers for all of the various\nBluetooth protocols, and unfortunately, they are currently lacking the LSM\nhooks found in the core network stack\u0027s connection handlers. I say\nunfortunately, because this can cause problems for users who have have an\nLSM enabled and are using certain Bluetooth devices. See one problem\nreport below:\n\n * http://bugzilla.redhat.com/show_bug.cgi?id\u003d741703\n\nIn order to keep things simple at this point in time, this patch fixes the\nproblem by cloning the parent socket\u0027s LSM attributes to the newly created\nchild socket. If we decide we need a more elaborate LSM marking mechanism\nfor Bluetooth (I somewhat doubt this) we can always revisit this decision\nin the future.\n\nReported-by: James M. Cape \u003cjcape@ignore-your.tv\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d86b2b61d4dea614d6f319772a90a8f98b55ed67", "tree": "8d7647ea8d46630e3a09cd74210b9d4c94b86833", "parents": [ "16014d87509e26d6ed6935adbbf437a571fb5870" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Tue Oct 18 14:34:28 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Tue Oct 18 09:02:57 2011 -0700" }, "message": "Smack: fix: invalid length set for the result of /smack/access\n\nForgot to update simple_transaction_set() to take terminator\ncharacter into account.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "16014d87509e26d6ed6935adbbf437a571fb5870", "tree": "bdf8641b1412d5e8cd1abe39eca5bc62caf99ad0", "parents": [ "f8859d98c1d1e73393285fb9dd57007839956247" ], "author": { "name": "Jarkko Sakkinen", "email": "jarkko.j.sakkinen@gmail.com", "time": "Fri Oct 14 13:16:24 2011 +0300" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@cschaufler-intel.(none)", "time": "Fri Oct 14 08:56:49 2011 -0700" }, "message": "Smack: compilation fix\n\nOn some build configurations PER_CLEAR_ON_SETID symbol was not\nfound when compiling smack_lsm.c. This patch fixes the issue by\nexplicitly doing #include \u003clinux/personality.h\u003e.\n\nSigned-off-by: Jarkko Sakkinen \u003cjarkko.j.sakkinen@gmail.com\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" } ], "next": "f8859d98c1d1e73393285fb9dd57007839956247" }