)]}' { "log": [ { "commit": "fda73056f62d84376a3d29926708b4a08155da31", "tree": "0080c4eec02c23179f59a50d269f48f7662b61ce", "parents": [ "cf8f2e58d0893f9785b8056b29d9bbcb4758765f", "94f578e6aba14bb2aeb00db2e7f6e5f704fee937" ], "author": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Tue Jan 14 21:50:44 2014 -0800" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Tue Jan 14 21:50:44 2014 -0800" }, "message": "Merge tag \u0027v3.4.76\u0027 into cm-11.0\n\nThis is the 3.4.76 stable release\n\nConflicts:\n\tdrivers/gpio/gpio-msm-v2.c\n\nChange-Id: Ic80b29098bdf656b5e5c9b95d98d2ec64bba1f28\n" }, { "commit": "420cc6d77fd83ab28ebed7ab1dc9018ab351ec12", "tree": "5b28c87f0e82876d6a895895a249b2824a5042af", "parents": [ "73ec955cd6954d69540c7a761182ee84d2bad189" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Tue Dec 10 14:58:01 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Jan 08 09:42:12 2014 -0800" }, "message": "selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()\n\ncommit c0828e50485932b7e019df377a6b0a8d1ebd3080 upstream.\n\nDue to difficulty in arriving at the proper security label for\nTCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets\nwhile/before they are undergoing XFRM transforms instead of waiting\nuntil afterwards so that we can determine the correct security label.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "73ec955cd6954d69540c7a761182ee84d2bad189", "tree": "d2e9e8a5966067058d959d9bcae6ea77cf6aaf02", "parents": [ "7a12bcd95b59dcf1a715827846baa7c81d1946f9" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Tue Dec 10 14:57:54 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Jan 08 09:42:12 2014 -0800" }, "message": "selinux: look for IPsec labels on both inbound and outbound packets\n\ncommit 817eff718dca4e54d5721211ddde0914428fbb7c upstream.\n\nPreviously selinux_skb_peerlbl_sid() would only check for labeled\nIPsec security labels on inbound packets, this patch enables it to\ncheck both inbound and outbound traffic for labeled IPsec security\nlabels.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "58c2314ac41e8f24a2a594bd866915e38de9648e", "tree": "25b4928360576d7d6501a1e0d01fcab7e6003226", "parents": [ "351381d8cea3036cfe021eb29994584d0e5c0e73" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Mon Dec 23 17:45:01 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Jan 08 09:42:10 2014 -0800" }, "message": "selinux: selinux_setprocattr()-\u003eptrace_parent() needs rcu_read_lock()\n\ncommit c0c1439541f5305b57a83d599af32b74182933fe upstream.\n\nselinux_setprocattr() does ptrace_parent(p) under task_lock(p),\nbut task_struct-\u003ealloc_lock doesn\u0027t pin -\u003eparent or -\u003eptrace,\nthis looks confusing and triggers the \"suspicious RCU usage\"\nwarning because ptrace_parent() does rcu_dereference_check().\n\nAnd in theory this is wrong, spin_lock()-\u003epreempt_disable()\ndoesn\u0027t necessarily imply rcu_read_lock() we need to access\nthe -\u003eparent.\n\nReported-by: Evan McNabb \u003cemcnabb@redhat.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "351381d8cea3036cfe021eb29994584d0e5c0e73", "tree": "575afc68d8b8f5522817066d64aae1dc6843a69a", "parents": [ "bc8a3912facbd66e2b88d10922aae74548b86606" ], "author": { "name": "Chad Hanson", "email": "chanson@trustedcs.com", "time": "Mon Dec 23 17:45:01 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Jan 08 09:42:10 2014 -0800" }, "message": "selinux: fix broken peer recv check\n\ncommit 46d01d63221c3508421dd72ff9c879f61053cffc upstream.\n\nFix a broken networking check. Return an error if peer recv fails. If\nsecmark is active and the packet recv succeeds the peer recv error is\nignored.\n\nSigned-off-by: Chad Hanson \u003cchanson@trustedcs.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "de0f9a5a9d7932086e623560d66655cc8507cfec", "tree": "d9e4678d68da38d7670b79c8b5e8782445c5ad7e", "parents": [ "e1a3c5a3706d580390c02c69cb14dcd679d31d91", "84dfcb758ba7cce52ef475ac96861a558e1a20ca" ], "author": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Sat Dec 21 14:22:41 2013 -0800" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Sat Dec 21 14:22:41 2013 -0800" }, "message": "Merge tag \u0027v3.4.75\u0027 into cm-11.0\n\nThis is the 3.4.75 stable release\n\nConflicts:\n\tdrivers/md/dm-crypt.c\n\tdrivers/mmc/card/block.c\n\tdrivers/net/ethernet/smsc/smc91x.h\n\nChange-Id: I39f38ef5530c5fef07583beb9d76b983e71b9ff3\n" }, { "commit": "2ea04e5a3d579032632c72584ea67b623321064c", "tree": "ea2d1ac04a2559bc55aa2dde512e99d9e8f16862", "parents": [ "1c5d9d1527ceb57e66001fba3d84c766d89baf2e" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Wed Dec 04 16:10:51 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Fri Dec 20 07:34:20 2013 -0800" }, "message": "selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()\n\ncommit 446b802437f285de68ffb8d6fac3c44c3cab5b04 upstream.\n\nIn selinux_ip_postroute() we perform access checks based on the\npacket\u0027s security label. For locally generated traffic we get the\npacket\u0027s security label from the associated socket; this works in all\ncases except for TCP SYN-ACK packets. In the case of SYN-ACK packet\u0027s\nthe correct security label is stored in the connection\u0027s request_sock,\nnot the server\u0027s socket. Unfortunately, at the point in time when\nselinux_ip_postroute() is called we can\u0027t query the request_sock\ndirectly, we need to recreate the label using the same logic that\noriginally labeled the associated request_sock.\n\nSee the inline comments for more explanation.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nTested-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "1c5d9d1527ceb57e66001fba3d84c766d89baf2e", "tree": "2fd2bda381a616fca0a9ed6326bd0ba732621a7c", "parents": [ "898341afe54f827138e9b3516ae5a456f2d5fa48" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Wed Dec 04 16:10:45 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Fri Dec 20 07:34:20 2013 -0800" }, "message": "selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()\n\ncommit 47180068276a04ed31d24fe04c673138208b07a9 upstream.\n\nIn selinux_ip_output() we always label packets based on the parent\nsocket. While this approach works in almost all cases, it doesn\u0027t\nwork in the case of TCP SYN-ACK packets when the correct label is not\nthe label of the parent socket, but rather the label of the larval\nsocket represented by the request_sock struct.\n\nUnfortunately, since the request_sock isn\u0027t queued on the parent\nsocket until *after* the SYN-ACK packet is sent, we can\u0027t lookup the\nrequest_sock to determine the correct label for the packet; at this\npoint in time the best we can do is simply pass/NF_ACCEPT the packet.\nIt must be said that simply passing the packet without any explicit\nlabeling action, while far from ideal, is not terrible as the SYN-ACK\npacket will inherit any IP option based labeling from the initial\nconnection request so the label *should* be correct and all our\naccess controls remain in place so we shouldn\u0027t have to worry about\ninformation leaks.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nTested-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "2a38ada0f1ab9f894eea4428731ebc811b51c3f3", "tree": "759c765808a23a3a35e4ba10d8306c847c0205b7", "parents": [ "19218e895cefdd389c96af12c93c89e7276bbaad", "44d19f5a04ae4e433548ba2f25e4d2ccfcac765e" ], "author": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Sun Dec 08 12:50:38 2013 -0800" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Sun Dec 08 12:50:38 2013 -0800" }, "message": "Merge tag \u0027v3.4.72\u0027 into tmp\n\nThis is the 3.4.72 stable release\n\nConflicts:\n\tarch/arm/Kconfig\n\tarch/arm/include/asm/mutex.h\n\tarch/arm/kernel/perf_event.c\n\tarch/arm/kernel/traps.c\n\tarch/arm/mm/dma-mapping.c\n\tdrivers/base/power/main.c\n\tdrivers/bluetooth/ath3k.c\n\tdrivers/bluetooth/btusb.c\n\tdrivers/gpu/drm/radeon/radeon_mode.h\n\tdrivers/mmc/card/block.c\n\tdrivers/mmc/host/sdhci.c\n\tdrivers/usb/core/message.c\n\tdrivers/usb/host/xhci-plat.c\n\tdrivers/usb/host/xhci.h\n\tdrivers/virtio/virtio_ring.c\n\tfs/ubifs/dir.c\n\tinclude/linux/freezer.h\n\tinclude/linux/virtio.h\n\tinclude/media/v4l2-ctrls.h\n\tinclude/net/bluetooth/hci_core.h\n\tinclude/net/bluetooth/mgmt.h\n\tkernel/cgroup.c\n\tkernel/futex.c\n\tkernel/signal.c\n\tnet/bluetooth/hci_conn.c\n\tnet/bluetooth/hci_core.c\n\tnet/bluetooth/hci_event.c\n\tnet/bluetooth/l2cap_core.c\n\tnet/bluetooth/mgmt.c\n\tnet/bluetooth/rfcomm/sock.c\n\tnet/bluetooth/smp.c\n\nChange-Id: I4fb0d5de74ca76f933d95d98e1a9c2c859402f34\n" }, { "commit": "17af9d91523a6e44a3721cea48cd3ade66a8b416", "tree": "2baf8e6c824c313203cc7ec6000fa243257ee52c", "parents": [ "5d6d6a7a101136aec882cc168c2d6bd4376b3760" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Thu Sep 26 17:00:46 2013 -0400" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Dec 04 10:50:32 2013 -0800" }, "message": "selinux: correct locking in selinux_netlbl_socket_connect)\n\ncommit 42d64e1add3a1ce8a787116036163b8724362145 upstream.\n\nThe SELinux/NetLabel glue code has a locking bug that affects systems\nwith NetLabel enabled, see the kernel error message below. This patch\ncorrects this problem by converting the bottom half socket lock to a\nmore conventional, and correct for this call-path, lock_sock() call.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.11.0-rc3+ #19 Not tainted\n -------------------------------\n net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by ping/731:\n #0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect\n #1: (rcu_read_lock){.+.+..}, at: [\u003c...\u003e] netlbl_conn_setattr\n\n stack backtrace:\n CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n 0000000000000001 ffff88006f659d28 ffffffff81726b6a ffff88003732c500\n ffff88006f659d58 ffffffff810e4457 ffff88006b845a00 0000000000000000\n 000000000000000c ffff880075aa2f50 ffff88006f659d90 ffffffff8169bec7\n Call Trace:\n [\u003cffffffff81726b6a\u003e] dump_stack+0x54/0x74\n [\u003cffffffff810e4457\u003e] lockdep_rcu_suspicious+0xe7/0x120\n [\u003cffffffff8169bec7\u003e] cipso_v4_sock_setattr+0x187/0x1a0\n [\u003cffffffff8170f317\u003e] netlbl_conn_setattr+0x187/0x190\n [\u003cffffffff8170f195\u003e] ? netlbl_conn_setattr+0x5/0x190\n [\u003cffffffff8131ac9e\u003e] selinux_netlbl_socket_connect+0xae/0xc0\n [\u003cffffffff81303025\u003e] selinux_socket_connect+0x135/0x170\n [\u003cffffffff8119d127\u003e] ? might_fault+0x57/0xb0\n [\u003cffffffff812fb146\u003e] security_socket_connect+0x16/0x20\n [\u003cffffffff815d3ad3\u003e] SYSC_connect+0x73/0x130\n [\u003cffffffff81739a85\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810e5e2d\u003e] ? trace_hardirqs_on_caller+0xfd/0x1c0\n [\u003cffffffff81373d4e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff815d52be\u003e] SyS_connect+0xe/0x10\n [\u003cffffffff81739a59\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "7288f91dd5b55d82e1dee9f0d24e9f4730d57392", "tree": "ddacb42865accbcdfa64f3562b68e4df3ff5f11a", "parents": [ "7eebf56b11ac00f164583a217b65fa264f62cb07" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Oct 17 07:34:02 2013 -0400" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Fri Nov 29 10:50:34 2013 -0800" }, "message": "Revert \"ima: policy for RAMFS\"\n\ncommit 08de59eb144d7c41351a467442f898d720f0f15f upstream.\n\nThis reverts commit 4c2c392763a682354fac65b6a569adec4e4b5387.\n\nEverything in the initramfs should be measured and appraised,\nbut until the initramfs has extended attribute support, at\nleast measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "90078116a6286c5eb860c90eef2ef9d3291a2de1", "tree": "eaa8a0a93737947e96cd065c9f64e4093d59adf6", "parents": [ "8bc0447c9b77d06ae5692eeaddfb90f5e177a4ec" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri May 10 10:16:19 2013 -0400" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Mon Jul 22 10:57:48 2013 -0700" }, "message": "Enable setting security contexts on rootfs inodes.\n\nrootfs (ramfs) can support setting of security contexts\nby userspace due to the vfs fallback behavior of calling\nthe security module to set the in-core inode state\nfor security.* attributes when the filesystem does not\nprovide an xattr handler. No xattr handler required\nas the inodes are pinned in memory and have no backing\nstore.\n\nThis is useful in allowing early userspace to label individual\nfiles within a rootfs while still providing a policy-defined\ndefault via genfs.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nChange-Id: I3436cf9ae27ade445e37376d7b9125746b1e506f\n" }, { "commit": "84ab2cd3fe27042f449880cb114878b24e70a941", "tree": "da71a9d5cae272f79e7a40d3650b8fc103a69f4a", "parents": [ "d9795bafda02819105f8e91a0fce6c657ae55779" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Nov 05 08:15:34 2012 -0500" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Mon Jul 22 10:56:51 2013 -0700" }, "message": "Add security hooks to binder and implement the hooks for SELinux.\n\nAdd security hooks to the binder and implement the hooks for SELinux.\nThe security hooks enable security modules such as SELinux to implement\ncontrols over binder IPC. The security hooks include support for\ncontrolling what process can become the binder context manager\n(binder_set_context_mgr), controlling the ability of a process\nto invoke a binder transaction/IPC to another process (binder_transaction),\ncontrolling the ability a process to transfer a binder reference to\nanother process (binder_transfer_binder), and controlling the ability\nof a process to transfer an open file to another process (binder_transfer_file).\n\nThis support is used by SE Android, http://selinuxproject.org/page/SEAndroid.\n\nChange-Id: I9a64a87825df2e60b9c51400377af4a9cd1c4049\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "dde448d95d8698ee4c8373bb48fe08a22f41052f", "tree": "7fe87fa93bfa5b81e6f87b147e32512d2e8198e3", "parents": [ "ac4f6190fae02a3dc30133f90488b996f726bf7a", "f95b978981a7d154ba40d14c18e8ed5c694e6124" ], "author": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Thu Jun 20 11:32:42 2013 -0700" }, "committer": { "name": "Ethan Chen", "email": "intervigil@gmail.com", "time": "Thu Jun 20 11:32:42 2013 -0700" }, "message": "Merge tag \u0027v3.4.10\u0027 into cm-10.1\n\nThis is the 3.4.10 stable release\n\nConflicts:\n\tarch/arm/mm/tlb-v7.S\n\tarch/arm/vfp/entry.S\n\tdrivers/base/power/main.c\n\tdrivers/mmc/host/sdhci.c\n\tdrivers/net/tun.c\n\tdrivers/usb/core/hub.c\n\tdrivers/usb/host/xhci.h\n\tinclude/linux/sched.h\n\tkernel/power/suspend.c\n\nChange-Id: Ia2477ec93ceb64b13dd1a2d8aa646cb233387d14\n" }, { "commit": "b647ebe6e7c171efd2003b1a8d07dcc26e6fa748", "tree": "d4fd13848f1ae194d3e450a5d26fd7f3d2191e50", "parents": [ "8b55bf58c5f89681d37b19789bdae389fa54b0cd" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Fri Sep 28 12:20:02 2012 +0100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Thu Mar 28 12:12:27 2013 -0700" }, "message": "key: Fix resource leak\n\ncommit a84a921978b7d56e0e4b87ffaca6367429b4d8ff upstream.\n\nOn an error iov may still have been reallocated and need freeing\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "8c97feb5edd118fe633ed29773c599536d562d43", "tree": "95bae3db178398cd3d451efed85c9ee2b69dd1f0", "parents": [ "e55005034b11c0dd52ac08b7f769ec410b6bfa1f" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Sat Mar 16 12:48:11 2013 +0300" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Wed Mar 20 13:05:00 2013 -0700" }, "message": "selinux: use GFP_ATOMIC under spin_lock\n\ncommit 4502403dcf8f5c76abd4dbab8726c8e4ecb5cd34 upstream.\n\nThe call tree here is:\n\nsk_clone_lock() \u003c- takes bh_lock_sock(newsk);\nxfrm_sk_clone_policy()\n__xfrm_sk_clone_policy()\nclone_policy() \u003c- uses GFP_ATOMIC for allocations\nsecurity_xfrm_policy_clone()\nsecurity_ops-\u003exfrm_policy_clone_security()\nselinux_xfrm_policy_clone()\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "3126603e01babcec7cfe2f284099e2adff095bff", "tree": "edd0b3fd6d738ef785f4338825b703f1e7fa7db7", "parents": [ "96ace773358d2989ea522a1cdccf65d75c1335f3" ], "author": { "name": "Mathieu Desnoyers", "email": "mathieu.desnoyers@efficios.com", "time": "Mon Feb 25 10:20:36 2013 -0500" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Thu Mar 14 11:29:51 2013 -0700" }, "message": "Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys\n\ncommit 8aec0f5d4137532de14e6554fd5dd201ff3a3c49 upstream.\n\nLooking at mm/process_vm_access.c:process_vm_rw() and comparing it to\ncompat_process_vm_rw() shows that the compatibility code requires an\nexplicit \"access_ok()\" check before calling\ncompat_rw_copy_check_uvector(). The same difference seems to appear when\nwe compare fs/read_write.c:do_readv_writev() to\nfs/compat.c:compat_do_readv_writev().\n\nThis subtle difference between the compat and non-compat requirements\nshould probably be debated, as it seems to be error-prone. In fact,\nthere are two others sites that use this function in the Linux kernel,\nand they both seem to get it wrong:\n\nNow shifting our attention to fs/aio.c, we see that aio_setup_iocb()\nalso ends up calling compat_rw_copy_check_uvector() through\naio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to\nbe missing. Same situation for\nsecurity/keys/compat.c:compat_keyctl_instantiate_key_iov().\n\nI propose that we add the access_ok() check directly into\ncompat_rw_copy_check_uvector(), so callers don\u0027t have to worry about it,\nand it therefore makes the compat call code similar to its non-compat\ncounterpart. Place the access_ok() check in the same location where\ncopy_from_user() can trigger a -EFAULT error in the non-compat code, so\nthe ABI behaviors are alike on both compat and non-compat.\n\nWhile we are here, fix compat_do_readv_writev() so it checks for\ncompat_rw_copy_check_uvector() negative return values.\n\nAnd also, fix a memory leak in compat_keyctl_instantiate_key_iov() error\nhandling.\n\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "96ace773358d2989ea522a1cdccf65d75c1335f3", "tree": "c9b078ec66184fb1d8f59930b3cf48f7b0cdcbe3", "parents": [ "30e39b7c57422b29533a1bf43f2fd921e088a71d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Mar 12 16:44:31 2013 +1100" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Thu Mar 14 11:29:51 2013 -0700" }, "message": "keys: fix race with concurrent install_user_keyrings()\n\ncommit 0da9dfdd2cd9889201bc6f6f43580c99165cd087 upstream.\n\nThis fixes CVE-2013-1792.\n\nThere is a race in install_user_keyrings() that can cause a NULL pointer\ndereference when called concurrently for the same user if the uid and\nuid-session keyrings are not yet created. It might be possible for an\nunprivileged user to trigger this by calling keyctl() from userspace in\nparallel immediately after logging in.\n\nAssume that we have two threads both executing lookup_user_key(), both\nlooking for KEY_SPEC_USER_SESSION_KEYRING.\n\n\tTHREAD A\t\t\tTHREAD B\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\t\t\t\t\t\u003d\u003d\u003ecall install_user_keyrings();\n\tif (!cred-\u003euser-\u003esession_keyring)\n\t\u003d\u003d\u003ecall install_user_keyrings()\n\t\t\t\t\t...\n\t\t\t\t\tuser-\u003euid_keyring \u003d uid_keyring;\n\tif (user-\u003euid_keyring)\n\t\treturn 0;\n\t\u003c\u003d\u003d\n\tkey \u003d cred-\u003euser-\u003esession_keyring [\u003d\u003d NULL]\n\t\t\t\t\tuser-\u003esession_keyring \u003d session_keyring;\n\tatomic_inc(\u0026key-\u003eusage); [oops]\n\nAt the point thread A dereferences cred-\u003euser-\u003esession_keyring, thread B\nhasn\u0027t updated user-\u003esession_keyring yet, but thread A assumes it is\npopulated because install_user_keyrings() returned ok.\n\nThe race window is really small but can be exploited if, for example,\nthread B is interrupted or preempted after initializing uid_keyring, but\nbefore doing setting session_keyring.\n\nThis couldn\u0027t be reproduced on a stock kernel. However, after placing\nsystemtap probe on \u0027user-\u003esession_keyring \u003d session_keyring;\u0027 that\nintroduced some delay, the kernel could be crashed reliably.\n\nFix this by checking both pointers before deciding whether to return.\nAlternatively, the test could be done away with entirely as it is checked\ninside the mutex - but since the mutex is global, that may not be the best\nway.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReported-by: Mateusz Guzik \u003cmguzik@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "9c5f1b49341154b579851425dabb32cb3aa9b5db", "tree": "11801701b164fb0cf4d8d2782303eb254f150eb5", "parents": [ "f2a010040e2c368a76f7ea0ed6533f5779cb6b4b" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jan 18 23:56:39 2013 +0200" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Sun Jan 27 20:47:43 2013 -0800" }, "message": "evm: checking if removexattr is not a NULL\n\ncommit a67adb997419fb53540d4a4f79c6471c60bc69b6 upstream.\n\nThe following lines of code produce a kernel oops.\n\nfd \u003d socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);\nfchmod(fd, 0666);\n\n[ 139.922364] BUG: unable to handle kernel NULL pointer dereference at (null)\n[ 139.924982] IP: [\u003c (null)\u003e] (null)\n[ 139.924982] *pde \u003d 00000000\n[ 139.924982] Oops: 0000 [#5] SMP\n[ 139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button\n[ 139.924982] Pid: 3070, comm: acpid Tainted: G D 3.8.0-rc2-kds+ #465 Bochs Bochs\n[ 139.924982] EIP: 0060:[\u003c00000000\u003e] EFLAGS: 00010246 CPU: 0\n[ 139.924982] EIP is at 0x0\n[ 139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2\n[ 139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4\n[ 139.924982] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068\n[ 139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0\n[ 139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000\n[ 139.924982] DR6: ffff0ff0 DR7: 00000400\n[ 139.924982] Process acpid (pid: 3070, ti\u003dcc02c000 task\u003dd7705340 task.ti\u003dcc02c000)\n[ 139.924982] Stack:\n[ 139.924982] c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940\n[ 139.924982] e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3\n[ 139.924982] 00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08\n[ 139.924982] Call Trace:\n[ 139.924982] [\u003cc1203c88\u003e] ? evm_update_evmxattr+0x5b/0x62\n[ 139.924982] [\u003cc1203964\u003e] evm_inode_post_setattr+0x22/0x26\n[ 139.924982] [\u003cc10e20c3\u003e] notify_change+0x25f/0x281\n[ 139.924982] [\u003cc10cbf56\u003e] chmod_common+0x59/0x76\n[ 139.924982] [\u003cc10e27a1\u003e] ? put_unused_fd+0x33/0x33\n[ 139.924982] [\u003cc10cca09\u003e] sys_fchmod+0x39/0x5c\n[ 139.924982] [\u003cc13f4f30\u003e] syscall_call+0x7/0xb\n[ 139.924982] Code: Bad EIP value.\n\nThis happens because sockets do not define the removexattr operation.\nBefore removing the xattr, verify the removexattr function pointer is\nnot NULL.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "55649211861616c26aa25c9e710c5691837975e4", "tree": "b7923d6a18037d57130c54ade50b19c0ff36f3f8", "parents": [ "a23d6310a6fbe4a2a1d3a40251a6d5b8ae39ec22" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Thu Nov 08 16:09:27 2012 -0800" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Mon Nov 26 11:38:02 2012 -0800" }, "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\ncommit 88a693b5c1287be4da937699cb82068ce9db0135 upstream.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0: (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "7d0fcfec4c491eb3c815929be5512ae8d1886553", "tree": "0312f1815213f82535b26c5141f5f7b00f87a8f5", "parents": [ "56a631f3bf36641133afeb3db7c1ec5721c8dd04" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Aug 27 11:38:13 2012 -0700" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Sun Oct 07 08:32:28 2012 -0700" }, "message": "Yama: handle 32-bit userspace prctl\n\ncommit 2e4930eb7c8fb20a39dfb5f8a8f80402710dcea8 upstream.\n\nWhen running a 64-bit kernel and receiving prctls from a 32-bit\nuserspace, the \"-1\" used as an unsigned long will end up being\nmisdetected. The kernel is looking for 0xffffffffffffffff instead of\n0xffffffff. Since prctl lacks a distinct compat interface, Yama needs\nto handle this translation itself. As such, support either value as\nmeaning PR_SET_PTRACER_ANY, to avoid breaking the ABI for 64-bit.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "27cd8f51344dcf4799c7a092c1797402b833126a", "tree": "4af5fa7d852c6f73795dd0ea9508b86283fb009e", "parents": [ "b6e9ffcdb09fbf28665e025aa31fda702689786c" ], "author": { "name": "Josh Boyer", "email": "jwboyer@redhat.com", "time": "Wed Jul 25 10:40:34 2012 -0400" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Thu Aug 09 08:31:39 2012 -0700" }, "message": "posix_types.h: Cleanup stale __NFDBITS and related definitions\n\ncommit 8ded2bbc1845e19c771eb55209aab166ef011243 upstream.\n\nRecently, glibc made a change to suppress sign-conversion warnings in\nFD_SET (glibc commit ceb9e56b3d1). This uncovered an issue with the\nkernel\u0027s definition of __NFDBITS if applications #include\n\u003clinux/types.h\u003e after including \u003csys/select.h\u003e. A build failure would\nbe seen when passing the -Werror\u003dsign-compare and -D_FORTIFY_SOURCE\u003d2\nflags to gcc.\n\nIt was suggested that the kernel should either match the glibc\ndefinition of __NFDBITS or remove that entirely. The current in-kernel\nuses of __NFDBITS can be replaced with BITS_PER_LONG, and there are no\nuses of the related __FDELT and __FDMASK defines. Given that, we\u0027ll\ncontinue the cleanup that was started with commit 8b3d1cda4f5f\n(\"posix_types: Remove fd_set macros\") and drop the remaining unused\nmacros.\n\nAdditionally, linux/time.h has similar macros defined that expand to\nnothing so we\u0027ll remove those at the same time.\n\nReported-by: Jeff Law \u003claw@redhat.com\u003e\nSuggested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Josh Boyer \u003cjwboyer@redhat.com\u003e\n[ .. and fix up whitespace as per akpm ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "c3083d9d9e5860c365e93b1e96aa65613fa829fb", "tree": "00f75dd01c3f4ac248abec379ca246a38a3fb8a0", "parents": [ "305d212b5e9d473230de491b2b722424af1dfc9b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:47:11 2012 -0400" }, "committer": { "name": "Greg Kroah-Hartman", "email": "gregkh@linuxfoundation.org", "time": "Fri Jun 01 15:18:16 2012 +0800" }, "message": "SELinux: if sel_make_bools errors don\u0027t leave inconsistent state\n\ncommit 154c50ca4eb9ae472f50b6a481213e21ead4457d upstream.\n\nWe reset the bool names and values array to NULL, but do not reset the\nnumber of entries in these arrays to 0. If we error out and then get back\ninto this function we will walk these NULL pointers based on the belief\nthat they are non-zero length.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n" }, { "commit": "e9a85c71afa38ee304e71c86ca7d74ed4658318c", "tree": "7b02114f23f72fcab725a1e5d00993b732b065f9", "parents": [ "92967117531f1ffe4516a32d9d6c97ec6f1814eb" ], "author": { "name": "Tushar Behera", "email": "tushar.behera@linaro.org", "time": "Mon Mar 26 16:54:15 2012 +0530" }, "committer": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Mon May 07 18:04:12 2012 -0700" }, "message": "security: Add proper checks for Android specific capability checks\n\nCommit b641072 (\"security: Add AID_NET_RAW and AID_NET_ADMIN capability\ncheck in cap_capable().\") introduces additional checks for AID_NET_xxx\nmacros. Since the header file including those macros are conditionally\nincluded, the checks should also be conditionally executed.\n\nChange-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b\nSigned-off-by: Tushar Behera \u003ctushar.behera@linaro.org\u003e\nSigned-off-by: Andrey Konovalov \u003candrey.konovalov@linaro.org\u003e\n" }, { "commit": "957265bd4fe182af757886f117416d66f68854aa", "tree": "177cee182ea61611f0b80db704203bf72ee4f3cb", "parents": [ "60c98d9abbd1ff3274b904027690f3c33d656250", "66f75a5d028beaf67c931435fdc3e7823125730c" ], "author": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Fri Apr 27 14:03:45 2012 -0700" }, "committer": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Fri Apr 27 14:03:45 2012 -0700" }, "message": "Merge commit \u0027v3.4-rc4\u0027 into android-3.4\n" }, { "commit": "ab2965eefef95a2eecfd54c12b0eb243162862e9", "tree": "c947fdc158e144c2d060486b65d10ee67d254039", "parents": [ "a0ec4361e4539e30cf1c5de7ddfd2dadcd8e1595", "e816b57a337ea3b755de72bec38c10c864f23015" ], "author": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Thu Apr 19 14:42:22 2012 -0700" }, "committer": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Thu Apr 19 14:42:22 2012 -0700" }, "message": "Merge commit \u0027v3.4-rc3\u0027 into android-3.4\n\nConflicts:\n\tdrivers/staging/android/lowmemorykiller.c\n\nChange-Id: Ia3ffcfc702e28c4fce0e91b363f4afd5f1c40306\n" }, { "commit": "51b79bee627d526199b2f6a6bef8ee0c0739b6d1", "tree": "f75bc36f3915284e335f3f69eb039ae88e91f513", "parents": [ "b6a89584c36f307f2c2bbb136ea50985ca4bc7b4" ], "author": { "name": "Jonghwan Choi", "email": "jhbird.choi@samsung.com", "time": "Wed Apr 18 17:23:04 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Apr 19 12:56:39 2012 +1000" }, "message": "security: fix compile error in commoncap.c\n\nAdd missing \"personality.h\"\nsecurity/commoncap.c: In function \u0027cap_bprm_set_creds\u0027:\nsecurity/commoncap.c:510: error: \u0027PER_CLEAR_ON_SETID\u0027 undeclared (first use in this function)\nsecurity/commoncap.c:510: error: (Each undeclared identifier is reported only once\nsecurity/commoncap.c:510: error: for each function it appears in.)\n\nSigned-off-by: Jonghwan Choi \u003cjhbird.choi@samsung.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "d52fc5dde171f030170a6cb78034d166b13c9445", "tree": "f982d0bdab54d5ab31cdd3e69cb88a1376797d1f", "parents": [ "09c79b60960bdd4b00916219402eabfa5e479c5a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 17 16:26:54 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:37:56 2012 +1000" }, "message": "fcaps: clear the same personality flags as suid when fcaps are used\n\nIf a process increases permissions using fcaps all of the dangerous\npersonality flags which are cleared for suid apps should also be cleared.\nThus programs given priviledge with fcaps will continue to have address space\nrandomization enabled even if the parent tried to disable it to make it\neasier to attack.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "86812bb0de1a3758dc6c7aa01a763158a7c0638a", "tree": "41cb41cd7fe52730a3fe8c88ca298c2494f9040a", "parents": [ "592fe8980688e7cba46897685d014c7fb3018a67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Apr 17 18:55:46 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:02:28 2012 +1000" }, "message": "Smack: move label list initialization\n\nA kernel with Smack enabled will fail if tmpfs has xattr support.\n\nMove the initialization of predefined Smack label\nlist entries to the LSM initialization from the\nsmackfs setup. This became an issue when tmpfs\nacquired xattr support, but was never correct.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "923e9a1399b620d063cd88537c64561bc3d5f905", "tree": "5d7aec3e06664c7f96726b9439a42a565bcc86ab", "parents": [ "94fb175c0414902ad9dbd956addf3a5feafbc85b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Apr 10 13:26:44 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 10 16:14:40 2012 -0700" }, "message": "Smack: build when CONFIG_AUDIT not defined\n\nThis fixes builds where CONFIG_AUDIT is not defined and\nCONFIG_SECURITY_SMACK\u003dy.\n\nThis got introduced by the stack-usage reducation commit 48c62af68a40\n(\"LSM: shrink the common_audit_data data union\").\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0432013eb1fbddf51f43d3dfb7553db011c81707", "tree": "b6600e6562949114ccb4ca32f5fec339738a9340", "parents": [ "c54f674c656d66a27f555bdc85e122808f65d119" ], "author": { "name": "Chia-chi Yeh", "email": "chiachi@android.com", "time": "Fri Jun 19 07:15:05 2009 +0800" }, "committer": { "name": "Colin Cross", "email": "ccross@android.com", "time": "Mon Apr 09 13:57:47 2012 -0700" }, "message": "security: Add AID_NET_RAW and AID_NET_ADMIN capability check in cap_capable().\n\nSigned-off-by: Chia-chi Yeh \u003cchiachi@android.com\u003e\n" }, { "commit": "b61c37f57988567c84359645f8202a7c84bc798a", "tree": "a808c891711d060060a751f4119198dc06e2c847", "parents": [ "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 02 15:48:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:59 2012 -0700" }, "message": "lsm_audit: don\u0027t specify the audit pre/post callbacks in \u0027struct common_audit_data\u0027\n\nIt just bloats the audit data structure for no good reason, since the\nonly time those fields are filled are just before calling the\ncommon_lsm_audit() function, which is also the only user of those\nfields.\n\nSo just make them be the arguments to common_lsm_audit(), rather than\nbloating that structure that is passed around everywhere, and is\ninitialized in hot paths.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09", "tree": "20a7485417c8528d975ef4ff6e90467f63f67ab2", "parents": [ "f8294f1144ad0630075918df4bf94075f5384604" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:38:00 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:41 2012 -0700" }, "message": "SELinux: do not allocate stack space for AVC data unless needed\n\nInstead of declaring the entire selinux_audit_data on the stack when we\nstart an operation on declare it on the stack if we are going to use it.\nWe know it\u0027s usefulness at the end of the security decision and can declare\nit there.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f8294f1144ad0630075918df4bf94075f5384604", "tree": "9c794bc9a5cbc688d3b6819d211df16b979a56c9", "parents": [ "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:55 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from slow_avc_audit()\n\nWe don\u0027t use the argument, so remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02", "tree": "55d2bfda38776aeed69b82cf0bd5b409744b4afd", "parents": [ "48c62af68a403ef1655546bd3e021070c8508573" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:50 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from selinux_audit_data\n\nWe do not use it. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "48c62af68a403ef1655546bd3e021070c8508573", "tree": "ba938e4fb45d5bdaad2dad44071d0625f8e36945", "parents": [ "3b3b0e4fc15efa507b902d90cea39e496a523c3b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:44 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "LSM: shrink the common_audit_data data union\n\nAfter shrinking the common_audit_data stack usage for private LSM data I\u0027m\nnot going to shrink the data union. To do this I\u0027m going to move anything\nlarger than 2 void * ptrs to it\u0027s own structure and require it to be declared\nseparately on the calling stack. Thus hot paths which don\u0027t need more than\na couple pointer don\u0027t have to declare space to hold large unneeded\nstructures. I could get this down to one void * by dealing with the key\nstruct and the struct path. We\u0027ll see if that is helpful after taking care of\nnetworking.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b3b0e4fc15efa507b902d90cea39e496a523c3b", "tree": "d7b91c21ad6c6f4ac21dd51297b74eec47c61684", "parents": [ "95694129b43165911dc4e8a972f0d39ad98d86be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:37:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:48:40 2012 -0700" }, "message": "LSM: shrink sizeof LSM specific portion of common_audit_data\n\nLinus found that the gigantic size of the common audit data caused a big\nperf hit on something as simple as running stat() in a loop. This patch\nrequires LSMs to declare the LSM specific portion separately rather than\ndoing it in a union. Thus each LSM can be responsible for shrinking their\nportion and don\u0027t have to pay a penalty just because other LSMs have a\nbigger space requirement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8bb1f229527dee95644e0f8496980bb767c6f620", "tree": "511551e9772f11f855bd5b759b6d449da47e8820", "parents": [ "f22e08a79f3765fecf060b225a46931c94fb0a92", "c0d0259481cc6ec2a38cad810055e455de35c733" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second try at vfs part d#2 from Al Viro:\n \"Miklos\u0027 first series (with do_lookup() rewrite split into edible\n chunks) + assorted bits and pieces.\n\n The \u0027untangling of do_lookup()\u0027 series is is a splitup of what used to\n be a monolithic patch from Miklos, so this series is basically \"how do\n I convince myself that his patch is correct (or find a hole in it)\".\n No holes found and I like the resulting cleanup, so in it went...\"\n\nChanges from try 1: Fix a boot problem with selinux, and commit messages\nprettied up a bit.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)\n vfs: fix out-of-date dentry_unhash() comment\n vfs: split __lookup_hash\n untangling do_lookup() - take __lookup_hash()-calling case out of line.\n untangling do_lookup() - switch to calling __lookup_hash()\n untangling do_lookup() - merge d_alloc_and_lookup() callers\n untangling do_lookup() - merge failure exits in !dentry case\n untangling do_lookup() - massage !dentry case towards __lookup_hash()\n untangling do_lookup() - get rid of need_reval in !dentry case\n untangling do_lookup() - eliminate a loop.\n untangling do_lookup() - expand the area under -\u003ei_mutex\n untangling do_lookup() - isolate !dentry stuff from the rest of it.\n vfs: move MAY_EXEC check from __lookup_hash()\n vfs: don\u0027t revalidate just looked up dentry\n vfs: fix d_need_lookup/d_revalidate order in do_lookup\n ext3: move headers to fs/ext3/\n migrate ext2_fs.h guts to fs/ext2/ext2.h\n new helper: ext2_image_size()\n get rid of pointless includes of ext2_fs.h\n ext2: No longer export ext2_fs.h to user space\n mtdchar: kill persistently held vfsmount\n ...\n" }, { "commit": "2f99c36986ff27a86f06f27212c5f5fa8c7164a3", "tree": "a90fd7fe865bb1c5a00b0946754b505bcf070b60", "parents": [ "4a165d25f63a989d0aabe9d8eed5b3a5d5da1862" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Mar 23 16:04:05 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "get rid of pointless includes of ext2_fs.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a1c2aa1e86a25e7cace2ded47ec52754206a5733", "tree": "6d435240e757e9f83b4f9c42f98c69888f3b3928", "parents": [ "e152c38abaa92352679c9b53c4cce533c03997c6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 18 20:36:59 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "selinuxfs: merge dentry allocation into sel_make_dir()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cdb0f9a1ad2ee3c11e21bc99f0c2021a02844666", "tree": "e4c2ea0b8c432645d1a28bdb694939b1e2891b30", "parents": [ "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:12:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: inline avc_audit() and avc_has_perm_noaudit() into caller\n\nNow that all the slow-path code is gone from these functions, we can\ninline them into the main caller - avc_has_perm_flags().\n\nNow the compiler can see that \u0027avc\u0027 is allocated on the stack for this\ncase, which helps register pressure a bit. It also actually shrinks the\ntotal stack frame, because the stack frame that avc_has_perm_flags()\nalways needed (for that \u0027avc\u0027 allocation) is now sufficient for the\ninlined functions too.\n\nInlining isn\u0027t bad - but mindless inlining of cold code (see the\nprevious commit) is.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad", "tree": "f84e38fa7a54c1a678a14d7a65e583efac1cafa3", "parents": [ "fa2a4519cb6ad94224eb56a1341fff570fd44ea1" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 10:58:08 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: don\u0027t inline slow-path code into avc_has_perm_noaudit()\n\nThe selinux AVC paths remain some of the hottest (and deepest) codepaths\nat filename lookup time, and we make it worse by having the slow path\ncases take up I$ and stack space even when they don\u0027t trigger. Gcc\ntends to always want to inline functions that are just called once -\nnever mind that this might make for slower and worse code in the caller.\n\nSo this tries to improve on it a bit by making the slow-path cases\nexplicitly separate functions that are marked noinline, causing gcc to\nat least no longer allocate stack space for them unless they are\nactually called. It also seems to help register allocation a tiny bit,\nsince gcc now doesn\u0027t take the slow case code into account.\n\nUninlining the slow path may also allow us to inline the remaining hot\npath into the one caller that actually matters: avc_has_perm_flags().\nI\u0027ll have to look at that separately, but both avc_audit() and\navc_has_perm_noaudit() are now small and lean enough that inlining them\nmay make sense.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a591afc01d9e48affbacb365558a31e53c85af45", "tree": "9bb91f4eb94ec69fc4706c4944788ec5f3586063", "parents": [ "820d41cf0cd0e94a5661e093821e2e5c6b36a9d8", "31796ac4e8f0e88f5c10f1ad6dab8f19bebe44a4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "message": "Merge branch \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull x32 support for x86-64 from Ingo Molnar:\n \"This tree introduces the X32 binary format and execution mode for x86:\n 32-bit data space binaries using 64-bit instructions and 64-bit kernel\n syscalls.\n\n This allows applications whose working set fits into a 32 bits address\n space to make use of 64-bit instructions while using a 32-bit address\n space with shorter pointers, more compressed data structures, etc.\"\n\nFix up trivial context conflicts in arch/x86/{Kconfig,vdso/vma.c}\n\n* \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (71 commits)\n x32: Fix alignment fail in struct compat_siginfo\n x32: Fix stupid ia32/x32 inversion in the siginfo format\n x32: Add ptrace for x32\n x32: Switch to a 64-bit clock_t\n x32: Provide separate is_ia32_task() and is_x32_task() predicates\n x86, mtrr: Use explicit sizing and padding for the 64-bit ioctls\n x86/x32: Fix the binutils auto-detect\n x32: Warn and disable rather than error if binutils too old\n x32: Only clear TIF_X32 flag once\n x32: Make sure TS_COMPAT is cleared for x32 tasks\n fs: Remove missed -\u003efds_bits from cessation use of fd_set structs internally\n fs: Fix close_on_exec pointer in alloc_fdtable\n x32: Drop non-__vdso weak symbols from the x32 VDSO\n x32: Fix coding style violations in the x32 VDSO code\n x32: Add x32 VDSO support\n x32: Allow x32 to be configured\n x32: If configured, add x32 system calls to system call tables\n x32: Handle process creation\n x32: Signal-related system calls\n x86: Add #ifdef CONFIG_COMPAT to \u003casm/sys_ia32.h\u003e\n ...\n" }, { "commit": "0195c00244dc2e9f522475868fa278c473ba7339", "tree": "f97ca98ae64ede2c33ad3de05ed7bbfa4f4495ed", "parents": [ "f21ce8f8447c8be8847dadcfdbcc76b0d7365fa5", "141124c02059eee9dbc5c86ea797b1ca888e77f7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 28 15:58:21 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 28 15:58:21 2012 -0700" }, "message": "Merge tag \u0027split-asm_system_h-for-linus-20120328\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system\n\nPull \"Disintegrate and delete asm/system.h\" from David Howells:\n \"Here are a bunch of patches to disintegrate asm/system.h into a set of\n separate bits to relieve the problem of circular inclusion\n dependencies.\n\n I\u0027ve built all the working defconfigs from all the arches that I can\n and made sure that they don\u0027t break.\n\n The reason for these patches is that I recently encountered a circular\n dependency problem that came about when I produced some patches to\n optimise get_order() by rewriting it to use ilog2().\n\n This uses bitops - and on the SH arch asm/bitops.h drags in\n asm-generic/get_order.h by a circuituous route involving asm/system.h.\n\n The main difficulty seems to be asm/system.h. It holds a number of\n low level bits with no/few dependencies that are commonly used (eg.\n memory barriers) and a number of bits with more dependencies that\n aren\u0027t used in many places (eg. switch_to()).\n\n These patches break asm/system.h up into the following core pieces:\n\n (1) asm/barrier.h\n\n Move memory barriers here. This already done for MIPS and Alpha.\n\n (2) asm/switch_to.h\n\n Move switch_to() and related stuff here.\n\n (3) asm/exec.h\n\n Move arch_align_stack() here. Other process execution related bits\n could perhaps go here from asm/processor.h.\n\n (4) asm/cmpxchg.h\n\n Move xchg() and cmpxchg() here as they\u0027re full word atomic ops and\n frequently used by atomic_xchg() and atomic_cmpxchg().\n\n (5) asm/bug.h\n\n Move die() and related bits.\n\n (6) asm/auxvec.h\n\n Move AT_VECTOR_SIZE_ARCH here.\n\n Other arch headers are created as needed on a per-arch basis.\"\n\nFixed up some conflicts from other header file cleanups and moving code\naround that has happened in the meantime, so David\u0027s testing is somewhat\nweakened by that. We\u0027ll find out anything that got broken and fix it..\n\n* tag \u0027split-asm_system_h-for-linus-20120328\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system: (38 commits)\n Delete all instances of asm/system.h\n Remove all #inclusions of asm/system.h\n Add #includes needed to permit the removal of asm/system.h\n Move all declarations of free_initmem() to linux/mm.h\n Disintegrate asm/system.h for OpenRISC\n Split arch_align_stack() out from asm-generic/system.h\n Split the switch_to() wrapper out of asm-generic/system.h\n Move the asm-generic/system.h xchg() implementation to asm-generic/cmpxchg.h\n Create asm-generic/barrier.h\n Make asm-generic/cmpxchg.h #include asm-generic/cmpxchg-local.h\n Disintegrate asm/system.h for Xtensa\n Disintegrate asm/system.h for Unicore32 [based on ver #3, changed by gxt]\n Disintegrate asm/system.h for Tile\n Disintegrate asm/system.h for Sparc\n Disintegrate asm/system.h for SH\n Disintegrate asm/system.h for Score\n Disintegrate asm/system.h for S390\n Disintegrate asm/system.h for PowerPC\n Disintegrate asm/system.h for PA-RISC\n Disintegrate asm/system.h for MN10300\n ...\n" }, { "commit": "9ffc93f203c18a70623f21950f1dd473c9ec48cd", "tree": "1eb3536ae183b0bfbf7f5152a6fe4f430ae881c2", "parents": [ "96f951edb1f1bdbbc99b0cd458f9808bb83d58ae" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "message": "Remove all #inclusions of asm/system.h\n\nRemove all #inclusions of asm/system.h preparatory to splitting and killing\nit. Performed with the following command:\n\nperl -p -i -e \u0027s!^#\\s*include\\s*\u003casm/system[.]h\u003e.*\\n!!\u0027 `grep -Irl \u0027^#\\s*include\\s*\u003casm/system[.]h\u003e\u0027 *`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "0421ea91ddc7895a5a68d3bc670ed4b8e6448a42", "tree": "409b065611770dc4b69df1bb80100e001d52c36c", "parents": [ "e22057c8599373e5caef0bc42bdb95d2a361ab0d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 27 04:14:33 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Mar 28 01:00:05 2012 +1100" }, "message": "apparmor: Fix change_onexec when called from a confined task\n\nFix failure in aa_change_onexec api when the request is made from a confined\ntask. This failure was caused by two problems\n\n The AA_MAY_ONEXEC perm was not being mapped correctly for this case.\n\n The executable name was being checked as second time instead of using the\n requested onexec profile name, which may not be the same as the exec\n profile name. This mistake can not be exploited to grant extra permission\n because of the above flaw where the ONEXEC permission was not being mapped\n so it will not be granted.\n\nBugLink: http://bugs.launchpad.net/bugs/963756\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "778aae84ef694325662447eceba1a5f7d3eebdbb", "tree": "7bf3f7e682e220ce30afe3572332fb424a3761f2", "parents": [ "15e9b9b9ed268fa91e52c44d621f3d0296162d15" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "message": "SELinux: selinux/xfrm.h needs net/flow.h\n\nselinux/xfrm.h needs to #include net/flow.h or else suffer:\n\nIn file included from security/selinux/ss/services.c:69:0:\nsecurity/selinux/include/xfrm.h: In function \u0027selinux_xfrm_notify_policyload\u0027:\nsecurity/selinux/include/xfrm.h:53:14: error: \u0027flow_cache_genid\u0027 undeclared (first use in this function)\nsecurity/selinux/include/xfrm.h:53:14: note: each undeclared identifier is reported only once for each function it appears in\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "9d944ef32e83405a07376f112e9f02161d3e9731", "tree": "24170ff64fb83221da133e2afb53f58e840a6eee", "parents": [ "d0bd587a80960d7ba7e0c8396e154028c9045c54" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "usermodehelper: kill umh_wait, renumber UMH_* constants\n\nNo functional changes. It is not sane to use UMH_KILLABLE with enum\numh_wait, but obviously we do not want another argument in\ncall_usermodehelper_* helpers. Kill this enum, use the plain int.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "70834d3070c3f3015ab5c05176d54bd4a0100546", "tree": "4dbcea84c4584de05f83aa911164902b3f00265f", "parents": [ "a02d6fd643cbd4c559113b35b31d3b04e4ec60c7" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:46 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "usermodehelper: use UMH_WAIT_PROC consistently\n\nA few call_usermodehelper() callers use the hardcoded constant instead of\nthe proper UMH_WAIT_PROC, fix them.\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Lars Ellenberg \u003cdrbd-dev@lists.linbit.com\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nCc: Michal Januszewski \u003cspock@gentoo.org\u003e\nCc: Florian Tobias Schandinat \u003cFlorianSchandinat@gmx.de\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f63d395d47f37a4fe771e6d4b1db9d2cdae5ffc5", "tree": "3448a14ae965802adb963762cadeb9989ce4caa2", "parents": [ "643ac9fc5429e85b8b7f534544b80bcc4f34c367", "5a7c9eec9fde1da0e3adf0a4ddb64ff2a324a492" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 08:53:47 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 08:53:47 2012 -0700" }, "message": "Merge tag \u0027nfs-for-3.4-1\u0027 of git://git.linux-nfs.org/projects/trondmy/linux-nfs\n\nPull NFS client updates for Linux 3.4 from Trond Myklebust:\n \"New features include:\n - Add NFS client support for containers.\n\n This should enable most of the necessary functionality, including\n lockd support, and support for rpc.statd, NFSv4 idmapper and\n RPCSEC_GSS upcalls into the correct network namespace from which\n the mount system call was issued.\n\n - NFSv4 idmapper scalability improvements\n\n Base the idmapper cache on the keyring interface to allow\n concurrent access to idmapper entries. Start the process of\n migrating users from the single-threaded daemon-based approach to\n the multi-threaded request-key based approach.\n\n - NFSv4.1 implementation id.\n\n Allows the NFSv4.1 client and server to mutually identify each\n other for logging and debugging purposes.\n\n - Support the \u0027vers\u003d4.1\u0027 mount option for mounting NFSv4.1 instead of\n having to use the more counterintuitive \u0027vers\u003d4,minorversion\u003d1\u0027.\n\n - SUNRPC tracepoints.\n\n Start the process of adding tracepoints in order to improve\n debugging of the RPC layer.\n\n - pNFS object layout support for autologin.\n\n Important bugfixes include:\n\n - Fix a bug in rpc_wake_up/rpc_wake_up_status that caused them to\n fail to wake up all tasks when applied to priority waitqueues.\n\n - Ensure that we handle read delegations correctly, when we try to\n truncate a file.\n\n - A number of fixes for NFSv4 state manager loops (mostly to do with\n delegation recovery).\"\n\n* tag \u0027nfs-for-3.4-1\u0027 of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (224 commits)\n NFS: fix sb-\u003es_id in nfs debug prints\n xprtrdma: Remove assumption that each segment is \u003c\u003d PAGE_SIZE\n xprtrdma: The transport should not bug-check when a dup reply is received\n pnfs-obj: autologin: Add support for protocol autologin\n NFS: Remove nfs4_setup_sequence from generic rename code\n NFS: Remove nfs4_setup_sequence from generic unlink code\n NFS: Remove nfs4_setup_sequence from generic read code\n NFS: Remove nfs4_setup_sequence from generic write code\n NFS: Fix more NFS debug related build warnings\n SUNRPC/LOCKD: Fix build warnings when CONFIG_SUNRPC_DEBUG is undefined\n nfs: non void functions must return a value\n SUNRPC: Kill compiler warning when RPC_DEBUG is unset\n SUNRPC/NFS: Add Kbuild dependencies for NFS_DEBUG/RPC_DEBUG\n NFS: Use cond_resched_lock() to reduce latencies in the commit scans\n NFSv4: It is not safe to dereference lsp-\u003els_state in release_lockowner\n NFS: ncommit count is being double decremented\n SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up()\n Try using machine credentials for RENEW calls\n NFSv4.1: Fix a few issues in filelayout_commit_pagelist\n NFSv4.1: Clean ups and bugfixes for the pNFS read/writeback/commit code\n ...\n" }, { "commit": "48aab2f79dfc1357c48ce22ff5c989b52a590069", "tree": "7f690fe147bccc24b7a017845dbe9a99d7978b5f", "parents": [ "f7493e5d9cc10ac97cf1f1579fdc14117460b40b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "message": "security: optimize avc_audit() common path\n\navc_audit() did a lot of jumping around and had a big stack frame, all\nfor the uncommon case.\n\nSplit up the uncommon case (which we really can\u0027t make go fast anyway)\ninto its own slow function, and mark the conditional branches\nappropriately for the common likely case.\n\nThis causes avc_audit() to no longer show up as one of the hottest\nfunctions on the branch profiles (the new \"perf -b\" thing), and makes\nthe cycle profiles look really nice and dense too.\n\nThe whole audit path is still annoyingly very much one of the biggest\ncosts of name lookup, so these things are worth optimizing for. I wish\nwe could just tell people to turn it off, but realistically we do need\nit: we just need to make sure that the overhead of the necessary evil is\nas low as possible.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e2a0883e4071237d09b604a342c28b96b44a04b3", "tree": "aa56f4d376b5eb1c32358c19c2669c2a94e0e1fd", "parents": [ "3a990a52f9f25f45469e272017a31e7a3fda60ed", "07c0c5d8b8c122b2f2df9ee574ac3083daefc981" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile 1 from Al Viro:\n \"This is _not_ all; in particular, Miklos\u0027 and Jan\u0027s stuff is not there\n yet.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (64 commits)\n ext4: initialization of ext4_li_mtx needs to be done earlier\n debugfs-related mode_t whack-a-mole\n hfsplus: add an ioctl to bless files\n hfsplus: change finder_info to u32\n hfsplus: initialise userflags\n qnx4: new helper - try_extent()\n qnx4: get rid of qnx4_bread/qnx4_getblk\n take removal of PF_FORKNOEXEC to flush_old_exec()\n trim includes in inode.c\n um: uml_dup_mmap() relies on -\u003emmap_sem being held, but activate_mm() doesn\u0027t hold it\n um: embed -\u003estub_pages[] into mmu_context\n gadgetfs: list_for_each_safe() misuse\n ocfs2: fix leaks on failure exits in module_init\n ecryptfs: make register_filesystem() the last potential failure exit\n ntfs: forgets to unregister sysctls on register_filesystem() failure\n logfs: missing cleanup on register_filesystem() failure\n jfs: mising cleanup on register_filesystem() failure\n make configfs_pin_fs() return root dentry on success\n configfs: configfs_create_dir() has parent dentry in dentry-\u003ed_parent\n configfs: sanitize configfs_create()\n ...\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "9f3938346a5c1fa504647670edb5fea5756cfb00", "tree": "7cf6d24d6b076c8db8571494984924cac03703a2", "parents": [ "69a7aebcf019ab3ff5764525ad6858fbe23bb86d", "317b6e128247f75976b0fc2b9fd8d2c20ef13b3a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "message": "Merge branch \u0027kmap_atomic\u0027 of git://github.com/congwang/linux\n\nPull kmap_atomic cleanup from Cong Wang.\n\nIt\u0027s been in -next for a long time, and it gets rid of the (no longer\nused) second argument to k[un]map_atomic().\n\nFix up a few trivial conflicts in various drivers, and do an \"evil\nmerge\" to catch some new uses that have come in since Cong\u0027s tree.\n\n* \u0027kmap_atomic\u0027 of git://github.com/congwang/linux: (59 commits)\n feature-removal-schedule.txt: schedule the deprecated form of kmap_atomic() for removal\n highmem: kill all __kmap_atomic() [swarren@nvidia.com: highmem: Fix ARM build break due to __kmap_atomic rename]\n drbd: remove the second argument of k[un]map_atomic()\n zcache: remove the second argument of k[un]map_atomic()\n gma500: remove the second argument of k[un]map_atomic()\n dm: remove the second argument of k[un]map_atomic()\n tomoyo: remove the second argument of k[un]map_atomic()\n sunrpc: remove the second argument of k[un]map_atomic()\n rds: remove the second argument of k[un]map_atomic()\n net: remove the second argument of k[un]map_atomic()\n mm: remove the second argument of k[un]map_atomic()\n lib: remove the second argument of k[un]map_atomic()\n power: remove the second argument of k[un]map_atomic()\n kdb: remove the second argument of k[un]map_atomic()\n udf: remove the second argument of k[un]map_atomic()\n ubifs: remove the second argument of k[un]map_atomic()\n squashfs: remove the second argument of k[un]map_atomic()\n reiserfs: remove the second argument of k[un]map_atomic()\n ocfs2: remove the second argument of k[un]map_atomic()\n ntfs: remove the second argument of k[un]map_atomic()\n ...\n" }, { "commit": "40ffe67d2e89c7a475421d007becc11a2f88ea3d", "tree": "5373e71b18895b9ffd8370a88aec6c54438240a0", "parents": [ "38eff2892628fa5c4fc8962a17b7296f42833ebe" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:54:32 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:41 2012 -0400" }, "message": "switch unix_sock to struct path\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0d9cabdccedb79ee5f27b77ff51f29a9e7d23275", "tree": "8bfb64c3672d058eb90aec3c3a9c4f61cef9097c", "parents": [ "701085b219016d38f105b031381b9cee6200253a", "3ce3230a0cff484e5130153f244d4fb8a56b3a8b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "message": "Merge branch \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"Out of the 8 commits, one fixes a long-standing locking issue around\n tasklist walking and others are cleanups.\"\n\n* \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:\n cgroup: Walk task list under tasklist_lock in cgroup_enable_task_cg_list\n cgroup: Remove wrong comment on cgroup_enable_task_cg_list()\n cgroup: remove cgroup_subsys argument from callbacks\n cgroup: remove extra calls to find_existing_css_set\n cgroup: replace tasklist_lock with rcu_read_lock\n cgroup: simplify double-check locking in cgroup_attach_proc\n cgroup: move struct cgroup_pidlist out from the header file\n cgroup: remove cgroup_attach_task_current_cg()\n" }, { "commit": "c58e0377d61e209600def7d4d9ae535ea94bc210", "tree": "142d1ca23d06458c8b798174e01281ad67b2ab76", "parents": [ "b85417860172ff693dc115d7999805fc240cec1c" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Nov 25 23:26:35 2011 +0800" }, "committer": { "name": "Cong Wang", "email": "xiyou.wangcong@gmail.com", "time": "Tue Mar 20 21:48:28 2012 +0800" }, "message": "tomoyo: remove the second argument of k[un]map_atomic()\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\n" }, { "commit": "09f61cdbb32a9d812c618d3922db533542736bb0", "tree": "90d8e9163e269d0ed9e01f0dac500316014b88c5", "parents": [ "7d7473dbdb9121dd1b5939566660d51130ecda3a", "7e570145cb022beeb58e3f691e0418477b670223" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:52:17 2012 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:52:17 2012 +1100" }, "message": "Merge branch \u0027for-security\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into next\n" }, { "commit": "7e570145cb022beeb58e3f691e0418477b670223", "tree": "a33eae9dc5f854fd9a5f6cf1880370903a80365c", "parents": [ "b01d3fb921df9baef1ecd13704f4b1e269b58b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Mar 14 23:41:17 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Mar 19 18:22:46 2012 -0700" }, "message": "AppArmor: Fix location of const qualifier on generated string tables\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "7d7473dbdb9121dd1b5939566660d51130ecda3a", "tree": "057bf591dd896c01a2b35b31dc41996d3d9e51b8", "parents": [ "b01d3fb921df9baef1ecd13704f4b1e269b58b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Mar 17 20:33:38 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:06:50 2012 +1100" }, "message": "TOMOYO: Return error if fails to delete a domain\n\nCall sequence:\ntomoyo_write_domain() --\u003e tomoyo_delete_domain()\n\nIn \u0027tomoyo_delete_domain\u0027, return -EINTR if locking attempt is\ninterrupted by signal.\n\nAt present it returns success to its caller \u0027tomoyo_write_domain()\u0027\neven though domain is not deleted. \u0027tomoyo_write_domain()\u0027 assumes\ndomain is deleted and returns success to its caller. This is wrong behaviour.\n\n\u0027tomoyo_write_domain\u0027 should return error from tomoyo_delete_domain() to its\ncaller.\n\nSigned-off-by: Santosh Nayak \u003csantoshprasadnayak@gmail.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "b01d3fb921df9baef1ecd13704f4b1e269b58b6b", "tree": "1ca714b40774cd56c0194abee5c6577b2ba6aad2", "parents": [ "6041e8346f2165679c2184cab60db768d6a26a1d", "2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 14:43:02 2012 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 14:43:02 2012 +1100" }, "message": "Merge branch \u0027for-security\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into next\n" }, { "commit": "2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce", "tree": "5ec9bd7d6e135ace242941d51ab1f80478e1293f", "parents": [ "ad5ff3db53c68c2f12936bc74ea5dfe0af943592" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Wed Mar 14 13:30:36 2012 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 19:09:13 2012 -0700" }, "message": "AppArmor: add const qualifiers to string arrays\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@medozas.de\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "ad5ff3db53c68c2f12936bc74ea5dfe0af943592", "tree": "72d9ac19fdca90d283a05f444870847ce5fb9f0c", "parents": [ "57fa1e18091e66b7e1002816523cb218196a882e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 07:07:53 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 19:09:03 2012 -0700" }, "message": "AppArmor: Add ability to load extended policy\n\nAdd the base support for the new policy extensions. This does not bring\nany additional functionality, or change current semantics.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "6041e8346f2165679c2184cab60db768d6a26a1d", "tree": "2c4eb032eb851f240c1b70d1afb214a2c661b886", "parents": [ "f67dabbdde1fe112dfff05d02890f1e0d54117a8" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Mar 14 18:27:49 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 12:29:18 2012 +1100" }, "message": "TOMOYO: Return appropriate value to poll().\n\n\"struct file_operations\"-\u003epoll() expects \"unsigned int\" return value.\nAll files in /sys/kernel/security/tomoyo/ directory other than\n/sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should\nreturn POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.\nAlso, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit\nshould return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "57fa1e18091e66b7e1002816523cb218196a882e", "tree": "29b4b3484fb17d60d7c6e24d107a74180ec815be", "parents": [ "0fe1212d0539eb6c1e27d388711172d786e299cc" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:20:33 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:25 2012 -0700" }, "message": "AppArmor: Move path failure information into aa_get_name and rename\n\nMove the path name lookup failure messages into the main path name lookup\nroutine, as the information is useful in more than just aa_path_perm.\n\nAlso rename aa_get_name to aa_path_name as it is not getting a reference\ncounted object with a corresponding put fn.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "0fe1212d0539eb6c1e27d388711172d786e299cc", "tree": "b6e653222f271f52b8d4606102ef1e6bd72b7bc2", "parents": [ "3372b68a3c982611dcc30b3c872f8bbdee019e5e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:20:26 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:24 2012 -0700" }, "message": "AppArmor: Update dfa matching routines.\n\nUpdate aa_dfa_match so that it doesn\u0027t result in an input string being\nwalked twice (once to get its length and another time to match)\n\nAdd a single step functions\n aa_dfa_next\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "3372b68a3c982611dcc30b3c872f8bbdee019e5e", "tree": "6266a00311e1fce559326447e6b65952ca2db4c9", "parents": [ "fbba8d89acea5d628d1d076b1d8962db438ff832" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:32:47 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:23 2012 -0700" }, "message": "AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "fbba8d89acea5d628d1d076b1d8962db438ff832", "tree": "1e3a27cb78369676de62f8587d84d281224df1ff", "parents": [ "33e521acff709d275950ec5bf8dd577d873cd61e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:28:50 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:22 2012 -0700" }, "message": "AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n\nWhen __d_path and d_absolute_path fail due to the name being outside of\nthe current namespace no name is reported. Use dentry_path to provide\nsome hint as to which file was being accessed.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "33e521acff709d275950ec5bf8dd577d873cd61e", "tree": "51ed534075632cdd41ca3df3ef8d5accb618480a", "parents": [ "b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 05:53:40 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:12 2012 -0700" }, "message": "AppArmor: Add const qualifiers to generated string tables\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f", "tree": "d586d6edc39a957d66df9dd2908759a6c5c622e5", "parents": [ "ef9a762279c9ce98c592fb144b31898411feb94d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 10 11:25:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:02 2012 -0700" }, "message": "AppArmor: Fix oops in policy unpack auditing\n\nPost unpacking of policy a verification pass is made on x transition\nindexes. When this fails a call to audit_iface is made resulting in an\noops, because audit_iface is expecting a valid buffer position but\nsince the failure comes from post unpack verification there is none.\n\nMake the position argument optional so that audit_iface can be called\nfrom post unpack verification.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "ef9a762279c9ce98c592fb144b31898411feb94d", "tree": "4cb159b99e792781af212324aee7c8be4b549c38", "parents": [ "f67dabbdde1fe112dfff05d02890f1e0d54117a8" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 10 11:19:51 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:14:52 2012 -0700" }, "message": "AppArmor: Fix error returned when a path lookup is disconnected\n\nThe returning of -ESATLE when a path lookup fails as disconnected is wrong.\nSince AppArmor is rejecting the access return -EACCES instead.\n\nThis also fixes a bug in complain (learning) mode where disconnected paths\nare denied because -ESTALE errors are not ignored causing failures that\ncan change application behavior.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "f67dabbdde1fe112dfff05d02890f1e0d54117a8", "tree": "5cf73d686d39df4e9986194ff64e98fdcdd4e444", "parents": [ "df91e49477a9be15921cb2854e1d12a3bdb5e425" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Tue Mar 06 13:32:16 2012 +0000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Mar 07 11:12:06 2012 +1100" }, "message": "KEYS: testing wrong bit for KEY_FLAG_REVOKED\n\nThe test for \"if (cred-\u003erequest_key_auth-\u003eflags \u0026 KEY_FLAG_REVOKED) {\"\nshould actually testing that the (1 \u003c\u003c KEY_FLAG_REVOKED) bit is set.\nThe current code actually checks for KEY_FLAG_DEAD.\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "59e6b9c11341e3b8ac5925427c903d4eae435bd8", "tree": "68b39f847badedfca1476fbbf7ef6049a444f493", "parents": [ "0cb3284b535bd5eacc287632b55150c8e5d9edc7" ], "author": { "name": "Bryan Schumaker", "email": "bjschuma@netapp.com", "time": "Fri Feb 24 14:14:50 2012 -0500" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Thu Mar 01 16:50:31 2012 -0500" }, "message": "Created a function for setting timeouts on keys\n\nThe keyctl_set_timeout function isn\u0027t exported to other parts of the\nkernel, but I want to use it for the NFS idmapper. I already have the\nkey, but I wanted a generic way to set the timeout.\n\nSigned-off-by: Bryan Schumaker \u003cbjschuma@netapp.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "df91e49477a9be15921cb2854e1d12a3bdb5e425", "tree": "8408a7d2a432a206070ac01b2939fefcdce9ca13", "parents": [ "a69f15890292b5449f9056b4bb322b044e6ce0c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Feb 29 21:53:22 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 01 10:23:19 2012 +1100" }, "message": "TOMOYO: Fix mount flags checking order.\n\nUserspace can pass in arbitrary combinations of MS_* flags to mount().\n\nIf both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are\npassed, device name which should be checked for MS_BIND was not checked because\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.\n\nIf both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which\nshould not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had\nhigher priority than MS_REMOUNT.\n\nFix these bugs by changing priority to MS_REMOUNT -\u003e MS_BIND -\u003e\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -\u003e MS_MOVE as with do_mount() does.\n\nAlso, unconditionally return -EINVAL if more than one of\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not\ngenerate inaccurate audit logs, for commit 7a2e8a8f \"VFS: Sanity check mount\nflags passed to change_mnt_propagation()\" clarified that these flags must be\nexclusively passed.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a69f15890292b5449f9056b4bb322b044e6ce0c6", "tree": "7a37f3826e958787ca7d78603c9031d29558f43f", "parents": [ "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Fri Feb 24 11:28:05 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 28 11:01:15 2012 +1100" }, "message": "security: fix ima kconfig warning\n\nFix IMA kconfig warning on non-X86 architectures:\n\nwarning: (IMA) selects TCG_TIS which has unmet direct dependencies\n(TCG_TPM \u0026\u0026 X86)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nAcked-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3", "tree": "f881ccfdb821608683bebf4013a572464e798657", "parents": [ "38305a4bab4be5d278443b057f7f5e97afb07f26" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:21:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:23 2012 -0800" }, "message": "AppArmor: Fix the error case for chroot relative path name lookup\n\nWhen a chroot relative pathname lookup fails it is falling through to\ndo a d_absolute_path lookup. This is incorrect as d_absolute_path should\nonly be used to lookup names for namespace absolute paths.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "38305a4bab4be5d278443b057f7f5e97afb07f26", "tree": "06122a0380bc06de07c2b462bfa2f306ab12af87", "parents": [ "8b964eae204d791421677ec56b94a7b18cf8740d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:42:08 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:22 2012 -0800" }, "message": "AppArmor: fix mapping of META_READ to audit and quiet flags\n\nThe mapping of AA_MAY_META_READ for the allow mask was also being mapped\nto the audit and quiet masks. This would result in some operations being\naudited when the should not.\n\nThis flaw was hidden by the previous audit bug which would drop some\nmessages that where supposed to be audited.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "8b964eae204d791421677ec56b94a7b18cf8740d", "tree": "7c1a7b5b6be9f2d9b60d8cba1094635d3f74466c", "parents": [ "ade3ddc01e2e426cc24c744be85dcaad4e8f8aba" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:32:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:21 2012 -0800" }, "message": "AppArmor: Fix underflow in xindex calculation\n\nIf the xindex value stored in the accept tables is 0, the extraction of\nthat value will result in an underflow (0 - 4).\n\nIn properly compiled policy this should not happen for file rules but\nit may be possible for other rule types in the future.\n\nTo exploit this underflow a user would have to be able to load a corrupt\npolicy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel\nmemory or know of a compiler error resulting in the flaw being present\nfor loaded policy (no such flaw is known at this time).\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "ade3ddc01e2e426cc24c744be85dcaad4e8f8aba", "tree": "1e395ce7487cf31c9dccf4d0e3ded0c055980ab2", "parents": [ "cdbd2884df8ad026143bb482a96d38e616947b17" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:20:26 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:21 2012 -0800" }, "message": "AppArmor: Fix dropping of allowed operations that are force audited\n\nThe audit permission flag, that specifies an audit message should be\nprovided when an operation is allowed, was being ignored in some cases.\n\nThis is because the auto audit mode (which determines the audit mode from\nsystem flags) was incorrectly assigned the same value as audit mode. The\nshared value would result in messages that should be audited going through\na second evaluation as to whether they should be audited based on the\nauto audit, resulting in some messages being dropped.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "cdbd2884df8ad026143bb482a96d38e616947b17", "tree": "5a6490419450ee4fe7ae08c1fb57526f8e7c3cc3", "parents": [ "d384b0a1a35f87f0ad70c29518f98f922b1c15cb" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 07:06:41 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:20 2012 -0800" }, "message": "AppArmor: Add mising end of structure test to caps unpacking\n\nThe unpacking of struct capsx is missing a check for the end of the\ncaps structure. This can lead to unpack failures depending on what else\nis packed into the policy file being unpacked.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "d384b0a1a35f87f0ad70c29518f98f922b1c15cb", "tree": "42560d316dffc636a424e7fa8173400723dcc4e7", "parents": [ "a9bf8e9fd561ba9ff1f0f2a1d96e439fcedaaaa4" ], "author": { "name": "Kees Cook", "email": "kees@ubuntu.com", "time": "Thu Jan 26 16:29:23 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:19 2012 -0800" }, "message": "AppArmor: export known rlimit names/value mappings in securityfs\n\nSince the parser needs to know which rlimits are known to the kernel,\nexport the list via a mask file in the \"rlimit\" subdirectory in the\nsecurityfs \"features\" directory.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "a9bf8e9fd561ba9ff1f0f2a1d96e439fcedaaaa4", "tree": "fb477507408c30384d6725a3418eef92b09148e9", "parents": [ "e74abcf3359d0130e99a6511ac484a3ea9e6e988" ], "author": { "name": "Kees Cook", "email": "kees@ubuntu.com", "time": "Thu Jan 26 16:29:22 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:18 2012 -0800" }, "message": "AppArmor: add \"file\" details to securityfs\n\nCreate the \"file\" directory in the securityfs for tracking features\nrelated to files.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "e74abcf3359d0130e99a6511ac484a3ea9e6e988", "tree": "53b512c463f58546f810f7db876b81bebf4c786a", "parents": [ "9acd494be9387b0608612cd139967201dd7a4e12" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Thu Jan 26 16:29:21 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:17 2012 -0800" }, "message": "AppArmor: add initial \"features\" directory to securityfs\n\nThis adds the \"features\" subdirectory to the AppArmor securityfs\nto display boolean features flags and the known capability mask.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "9acd494be9387b0608612cd139967201dd7a4e12", "tree": "5fb5f8dff3b1ac26c07c73e8785978b98122f2da", "parents": [ "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Thu Jan 26 16:29:20 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:09 2012 -0800" }, "message": "AppArmor: refactor securityfs to use structures\n\nUse a file tree structure to represent the AppArmor securityfs.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "1fd36adcd98c14d2fd97f545293c488775cb2823", "tree": "c13ab1934a15aebe0d81601d910ce5a3c6fa2c6f", "parents": [ "1dce27c5aa6770e9d195f2bb7db1db3d4dde5591" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 16 17:49:54 2012 +0000" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Sun Feb 19 10:30:57 2012 -0800" }, "message": "Replace the fd_sets in struct fdtable with an array of unsigned longs\n\nReplace the fd_sets in struct fdtable with an array of unsigned longs and then\nuse the standard non-atomic bit operations rather than the FD_* macros.\n\nThis:\n\n (1) Removes the abuses of struct fd_set:\n\n (a) Since we don\u0027t want to allocate a full fd_set the vast majority of the\n \t time, we actually, in effect, just allocate a just-big-enough array of\n \t unsigned longs and cast it to an fd_set type - so why bother with the\n \t fd_set at all?\n\n (b) Some places outside of the core fdtable handling code (such as\n \t SELinux) want to look inside the array of unsigned longs hidden inside\n \t the fd_set struct for more efficient iteration over the entire set.\n\n (2) Eliminates the use of FD_*() macros in the kernel completely.\n\n (3) Permits the __FD_*() macros to be deleted entirely where not exposed to\n userspace.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nLink: http://lkml.kernel.org/r/20120216174954.23314.48147.stgit@warthog.procyon.org.uk\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1", "tree": "08213154dd13ab28eac64e9a87b3a8b7e5660381", "parents": [ "bf06189e4d14641c0148bea16e9dd24943862215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 14 17:11:07 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 12:01:42 2012 +1100" }, "message": "IMA: fix audit res field to indicate 1 for success and 0 for failure\n\nThe audit res field ususally indicates success with a 1 and 0 for a\nfailure. So make IMA do it the same way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bf06189e4d14641c0148bea16e9dd24943862215", "tree": "5c62eb24339041baf65b8e42daac42c7a01efc0e", "parents": [ "3ab1aff89477dafb1aaeafe8c8669114a02b7226" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Feb 14 16:48:09 2012 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 10:25:18 2012 +1100" }, "message": "Yama: add PR_SET_PTRACER_ANY\n\nFor a process to entirely disable Yama ptrace restrictions, it can use\nthe special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed\nprocess may ptrace it. This is stronger than calling PR_SET_PTRACER with\npid \"1\" because it includes processes in external pid namespaces. This is\ncurrently needed by the Chrome renderer, since its crash handler (Breakpad)\nruns external to the renderer\u0027s pid namespace.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "191c542442fdf53cc3c496c00be13367fd9cd42d", "tree": "4aef9e33a1d99e6530b704243efbe373bb314d61", "parents": [ "bbd36568594d091e682a1975ef4ee41d808de0bc" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:39 2012 +1100" }, "message": "mm: collapse security_vm_enough_memory() variants into a single function\n\nCollapse security_vm_enough_memory() variants into a single function.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2d514487faf188938a4ee4fb3464eeecfbdcf8eb", "tree": "42147f0459ab062375f63891943242e3b95797bb", "parents": [ "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:04 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:18:52 2012 +1100" }, "message": "security: Yama LSM\n\nThis adds the Yama Linux Security Module to collect DAC security\nimprovements (specifically just ptrace restrictions for now) that have\nexisted in various forms over the years and have been carried outside the\nmainline kernel by other Linux distributions like Openwall and grsecurity.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8", "tree": "7167d158749a7acf2ce8bbe1ecd25234b654e813", "parents": [ "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:03 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:14:51 2012 +1100" }, "message": "security: create task_free security callback\n\nThe current LSM interface to cred_free is not sufficient for allowing\nan LSM to track the life and death of a task. This patch adds the\ntask_free hook so that an LSM can clean up resources on task death.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c", "tree": "2750d9fc94b8fb78d9982ea4a62d586e7f0a7862", "parents": [ "2eb6038c51034bf7f9335b15ce9238a028fdd2d6", "4c2c392763a682354fac65b6a569adec4e4b5387" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "761b3ef50e1c2649cffbfa67a4dcb2dcdb7982ed", "tree": "67ab6a9a2520811c9c0b4d70d1c19b4bfca16237", "parents": [ "61d1d219c4c0761059236a46867bc49943c4d29d" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Tue Jan 31 13:47:36 2012 +0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Feb 02 09:20:22 2012 -0800" }, "message": "cgroup: remove cgroup_subsys argument from callbacks\n\nThe argument is not used at all, and it\u0027s not necessary, because\na specific callback handler of course knows which subsys it\nbelongs to.\n\nNow only -\u003epupulate() takes this argument, because the handlers of\nthis callback always call cgroup_add_file()/cgroup_add_files().\n\nSo we reduce a few lines of code, though the shrinking of object size\nis minimal.\n\n 16 files changed, 113 insertions(+), 162 deletions(-)\n\n text data bss dec hex filename\n5486240 656987 7039960 13183187 c928d3 vmlinux.o.orig\n5486170 656987 7039960 13183117 c9288d vmlinux.o\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "7908b3ef6809e49c77d914342dfaa4b946476d7a", "tree": "44af103c5457b4c2286400158dcfc18846a7c4f0", "parents": [ "dcd6c92267155e70a94b3927bce681ce74b80d1f", "acbbb76a26648dfae6fed0989879e40d75692bfc" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "message": "Merge git://git.samba.org/sfrench/cifs-2.6\n\n* git://git.samba.org/sfrench/cifs-2.6:\n CIFS: Rename *UCS* functions to *UTF16*\n [CIFS] ACL and FSCACHE support no longer EXPERIMENTAL\n [CIFS] Fix build break with multiuser patch when LANMAN disabled\n cifs: warn about impending deprecation of legacy MultiuserMount code\n cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts\n cifs: sanitize username handling\n keys: add a \"logon\" key type\n cifs: lower default wsize when unix extensions are not used\n cifs: better instrumentation for coalesce_t2\n cifs: integer overflow in parse_dacl()\n cifs: Fix sparse warning when calling cifs_strtoUCS\n CIFS: Add descriptions to the brlock cache functions\n" }, { "commit": "4c2c392763a682354fac65b6a569adec4e4b5387", "tree": "490b840399ed1e010561f4b97018f3c0a3caf8b6", "parents": [ "f4a0391dfa91155bd961673b31eb42d9d45c799d" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Oct 18 14:16:28 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:21 2012 -0500" }, "message": "ima: policy for RAMFS\n\nDon\u0027t measure ramfs files.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f4a0391dfa91155bd961673b31eb42d9d45c799d", "tree": "21186b7a48986afa47115cefaf9d385fb9f8dcf7", "parents": [ "700920eb5ba4de5417b446c9a8bb008df2b973e0" ], "author": { "name": "Fabio Estevam", "email": "festevam@gmail.com", "time": "Thu Jan 05 12:49:54 2012 -0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:09 2012 -0500" }, "message": "ima: fix Kconfig dependencies\n\nFix the following build warning:\nwarning: (IMA) selects TCG_TPM which has unmet direct dependencies\n(HAS_IOMEM \u0026\u0026 EXPERIMENTAL)\n\nSuggested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: Fabio Estevam \u003cfabio.estevam@freescale.com\u003e\nSigned-off-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f6b24579d099ebb67f39cd7924a72a7eec0ce6ae", "tree": "a97004bb108138294b77e98466a4b9e76a9a198c", "parents": [ "3db59dd93309710c40aaf1571c607cb0feef3ecb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 18 10:03:14 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 16:16:29 2012 +1100" }, "message": "keys: fix user_defined key sparse messages\n\nReplace the rcu_assign_pointer() calls with rcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3db59dd93309710c40aaf1571c607cb0feef3ecb", "tree": "6a224a855aad0e5207abae573456b2d2ec381f7c", "parents": [ "4bf1924c008dffdc154f82507b4052e49263a6f4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 22:11:28 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 15:59:11 2012 +1100" }, "message": "ima: fix cred sparse warning\n\nFix ima_policy.c sparse \"warning: dereference of noderef expression\"\nmessage, by accessing cred-\u003euid using current_cred().\n\nChangelog v1:\n- Change __cred to just cred (based on David Howell\u0027s comment)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "700920eb5ba4de5417b446c9a8bb008df2b973e0", "tree": "8e2caa32a5cdcd47347ff84bc3e95915d000f537", "parents": [ "53999bf34d55981328f8ba9def558d3e104d6e36" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Jan 18 15:31:45 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 14:38:51 2012 +1100" }, "message": "KEYS: Allow special keyrings to be cleared\n\nThe kernel contains some special internal keyrings, for instance the DNS\nresolver keyring :\n\n2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty\n\nIt would occasionally be useful to allow the contents of such keyrings to be\nflushed by root (cache invalidation).\n\nAllow a flag to be set on a keyring to mark that someone possessing the\nsysadmin capability can clear the keyring, even without normal write access to\nthe keyring.\n\nSet this flag on the special keyrings created by the DNS resolver, the NFS\nidentity mapper and the CIFS identity mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f6ed2ca257fa8650b876377833e6f14e272848b", "tree": "8b664dced5415a6d463a56c2bc98756bd5ea5e44", "parents": [ "ce91acb3acae26f4163c5a6f1f695d1a1e8d9009" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Tue Jan 17 16:09:11 2012 -0500" }, "committer": { "name": "Steve French", "email": "smfrench@gmail.com", "time": "Tue Jan 17 22:39:40 2012 -0600" }, "message": "keys: add a \"logon\" key type\n\nFor CIFS, we want to be able to store NTLM credentials (aka username\nand password) in the keyring. We do not, however want to allow users\nto fetch those keys back out of the keyring since that would be a\nsecurity risk.\n\nUnfortunately, due to the nuances of key permission bits, it\u0027s not\npossible to do this. We need to grant search permissions so the kernel\ncan find these keys, but that also implies permissions to read the\npayload.\n\nResolve this by adding a new key_type. This key type is essentially\nthe same as key_type_user, but does not define a .read op. This\nprevents the payload from ever being visible from userspace. This\nkey type also vets the description to ensure that it\u0027s \"qualified\"\nby checking to ensure that it has a \u0027:\u0027 in it that is preceded by\nother characters.\n\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csmfrench@gmail.com\u003e\n" } ], "next": "a25a2b84098eb5e001cb8086603d692aa95bf2ec" }