)]}' { "log": [ { "commit": "48aab2f79dfc1357c48ce22ff5c989b52a590069", "tree": "7f690fe147bccc24b7a017845dbe9a99d7978b5f", "parents": [ "f7493e5d9cc10ac97cf1f1579fdc14117460b40b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "message": "security: optimize avc_audit() common path\n\navc_audit() did a lot of jumping around and had a big stack frame, all\nfor the uncommon case.\n\nSplit up the uncommon case (which we really can\u0027t make go fast anyway)\ninto its own slow function, and mark the conditional branches\nappropriately for the common likely case.\n\nThis causes avc_audit() to no longer show up as one of the hottest\nfunctions on the branch profiles (the new \"perf -b\" thing), and makes\nthe cycle profiles look really nice and dense too.\n\nThe whole audit path is still annoyingly very much one of the biggest\ncosts of name lookup, so these things are worth optimizing for. I wish\nwe could just tell people to turn it off, but realistically we do need\nit: we just need to make sure that the overhead of the necessary evil is\nas low as possible.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e2a0883e4071237d09b604a342c28b96b44a04b3", "tree": "aa56f4d376b5eb1c32358c19c2669c2a94e0e1fd", "parents": [ "3a990a52f9f25f45469e272017a31e7a3fda60ed", "07c0c5d8b8c122b2f2df9ee574ac3083daefc981" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile 1 from Al Viro:\n \"This is _not_ all; in particular, Miklos\u0027 and Jan\u0027s stuff is not there\n yet.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (64 commits)\n ext4: initialization of ext4_li_mtx needs to be done earlier\n debugfs-related mode_t whack-a-mole\n hfsplus: add an ioctl to bless files\n hfsplus: change finder_info to u32\n hfsplus: initialise userflags\n qnx4: new helper - try_extent()\n qnx4: get rid of qnx4_bread/qnx4_getblk\n take removal of PF_FORKNOEXEC to flush_old_exec()\n trim includes in inode.c\n um: uml_dup_mmap() relies on -\u003emmap_sem being held, but activate_mm() doesn\u0027t hold it\n um: embed -\u003estub_pages[] into mmu_context\n gadgetfs: list_for_each_safe() misuse\n ocfs2: fix leaks on failure exits in module_init\n ecryptfs: make register_filesystem() the last potential failure exit\n ntfs: forgets to unregister sysctls on register_filesystem() failure\n logfs: missing cleanup on register_filesystem() failure\n jfs: mising cleanup on register_filesystem() failure\n make configfs_pin_fs() return root dentry on success\n configfs: configfs_create_dir() has parent dentry in dentry-\u003ed_parent\n configfs: sanitize configfs_create()\n ...\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "9f3938346a5c1fa504647670edb5fea5756cfb00", "tree": "7cf6d24d6b076c8db8571494984924cac03703a2", "parents": [ "69a7aebcf019ab3ff5764525ad6858fbe23bb86d", "317b6e128247f75976b0fc2b9fd8d2c20ef13b3a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "message": "Merge branch \u0027kmap_atomic\u0027 of git://github.com/congwang/linux\n\nPull kmap_atomic cleanup from Cong Wang.\n\nIt\u0027s been in -next for a long time, and it gets rid of the (no longer\nused) second argument to k[un]map_atomic().\n\nFix up a few trivial conflicts in various drivers, and do an \"evil\nmerge\" to catch some new uses that have come in since Cong\u0027s tree.\n\n* \u0027kmap_atomic\u0027 of git://github.com/congwang/linux: (59 commits)\n feature-removal-schedule.txt: schedule the deprecated form of kmap_atomic() for removal\n highmem: kill all __kmap_atomic() [swarren@nvidia.com: highmem: Fix ARM build break due to __kmap_atomic rename]\n drbd: remove the second argument of k[un]map_atomic()\n zcache: remove the second argument of k[un]map_atomic()\n gma500: remove the second argument of k[un]map_atomic()\n dm: remove the second argument of k[un]map_atomic()\n tomoyo: remove the second argument of k[un]map_atomic()\n sunrpc: remove the second argument of k[un]map_atomic()\n rds: remove the second argument of k[un]map_atomic()\n net: remove the second argument of k[un]map_atomic()\n mm: remove the second argument of k[un]map_atomic()\n lib: remove the second argument of k[un]map_atomic()\n power: remove the second argument of k[un]map_atomic()\n kdb: remove the second argument of k[un]map_atomic()\n udf: remove the second argument of k[un]map_atomic()\n ubifs: remove the second argument of k[un]map_atomic()\n squashfs: remove the second argument of k[un]map_atomic()\n reiserfs: remove the second argument of k[un]map_atomic()\n ocfs2: remove the second argument of k[un]map_atomic()\n ntfs: remove the second argument of k[un]map_atomic()\n ...\n" }, { "commit": "40ffe67d2e89c7a475421d007becc11a2f88ea3d", "tree": "5373e71b18895b9ffd8370a88aec6c54438240a0", "parents": [ "38eff2892628fa5c4fc8962a17b7296f42833ebe" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:54:32 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:41 2012 -0400" }, "message": "switch unix_sock to struct path\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0d9cabdccedb79ee5f27b77ff51f29a9e7d23275", "tree": "8bfb64c3672d058eb90aec3c3a9c4f61cef9097c", "parents": [ "701085b219016d38f105b031381b9cee6200253a", "3ce3230a0cff484e5130153f244d4fb8a56b3a8b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "message": "Merge branch \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"Out of the 8 commits, one fixes a long-standing locking issue around\n tasklist walking and others are cleanups.\"\n\n* \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:\n cgroup: Walk task list under tasklist_lock in cgroup_enable_task_cg_list\n cgroup: Remove wrong comment on cgroup_enable_task_cg_list()\n cgroup: remove cgroup_subsys argument from callbacks\n cgroup: remove extra calls to find_existing_css_set\n cgroup: replace tasklist_lock with rcu_read_lock\n cgroup: simplify double-check locking in cgroup_attach_proc\n cgroup: move struct cgroup_pidlist out from the header file\n cgroup: remove cgroup_attach_task_current_cg()\n" }, { "commit": "c58e0377d61e209600def7d4d9ae535ea94bc210", "tree": "142d1ca23d06458c8b798174e01281ad67b2ab76", "parents": [ "b85417860172ff693dc115d7999805fc240cec1c" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Nov 25 23:26:35 2011 +0800" }, "committer": { "name": "Cong Wang", "email": "xiyou.wangcong@gmail.com", "time": "Tue Mar 20 21:48:28 2012 +0800" }, "message": "tomoyo: remove the second argument of k[un]map_atomic()\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\n" }, { "commit": "09f61cdbb32a9d812c618d3922db533542736bb0", "tree": "90d8e9163e269d0ed9e01f0dac500316014b88c5", "parents": [ "7d7473dbdb9121dd1b5939566660d51130ecda3a", "7e570145cb022beeb58e3f691e0418477b670223" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:52:17 2012 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:52:17 2012 +1100" }, "message": "Merge branch \u0027for-security\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into next\n" }, { "commit": "7e570145cb022beeb58e3f691e0418477b670223", "tree": "a33eae9dc5f854fd9a5f6cf1880370903a80365c", "parents": [ "b01d3fb921df9baef1ecd13704f4b1e269b58b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Mar 14 23:41:17 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Mar 19 18:22:46 2012 -0700" }, "message": "AppArmor: Fix location of const qualifier on generated string tables\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "7d7473dbdb9121dd1b5939566660d51130ecda3a", "tree": "057bf591dd896c01a2b35b31dc41996d3d9e51b8", "parents": [ "b01d3fb921df9baef1ecd13704f4b1e269b58b6b" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sat Mar 17 20:33:38 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 20 12:06:50 2012 +1100" }, "message": "TOMOYO: Return error if fails to delete a domain\n\nCall sequence:\ntomoyo_write_domain() --\u003e tomoyo_delete_domain()\n\nIn \u0027tomoyo_delete_domain\u0027, return -EINTR if locking attempt is\ninterrupted by signal.\n\nAt present it returns success to its caller \u0027tomoyo_write_domain()\u0027\neven though domain is not deleted. \u0027tomoyo_write_domain()\u0027 assumes\ndomain is deleted and returns success to its caller. This is wrong behaviour.\n\n\u0027tomoyo_write_domain\u0027 should return error from tomoyo_delete_domain() to its\ncaller.\n\nSigned-off-by: Santosh Nayak \u003csantoshprasadnayak@gmail.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "b01d3fb921df9baef1ecd13704f4b1e269b58b6b", "tree": "1ca714b40774cd56c0194abee5c6577b2ba6aad2", "parents": [ "6041e8346f2165679c2184cab60db768d6a26a1d", "2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 14:43:02 2012 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 14:43:02 2012 +1100" }, "message": "Merge branch \u0027for-security\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into next\n" }, { "commit": "2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce", "tree": "5ec9bd7d6e135ace242941d51ab1f80478e1293f", "parents": [ "ad5ff3db53c68c2f12936bc74ea5dfe0af943592" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Wed Mar 14 13:30:36 2012 +0100" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 19:09:13 2012 -0700" }, "message": "AppArmor: add const qualifiers to string arrays\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@medozas.de\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "ad5ff3db53c68c2f12936bc74ea5dfe0af943592", "tree": "72d9ac19fdca90d283a05f444870847ce5fb9f0c", "parents": [ "57fa1e18091e66b7e1002816523cb218196a882e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 07:07:53 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 19:09:03 2012 -0700" }, "message": "AppArmor: Add ability to load extended policy\n\nAdd the base support for the new policy extensions. This does not bring\nany additional functionality, or change current semantics.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "6041e8346f2165679c2184cab60db768d6a26a1d", "tree": "2c4eb032eb851f240c1b70d1afb214a2c661b886", "parents": [ "f67dabbdde1fe112dfff05d02890f1e0d54117a8" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Wed Mar 14 18:27:49 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 15 12:29:18 2012 +1100" }, "message": "TOMOYO: Return appropriate value to poll().\n\n\"struct file_operations\"-\u003epoll() expects \"unsigned int\" return value.\nAll files in /sys/kernel/security/tomoyo/ directory other than\n/sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should\nreturn POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.\nAlso, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit\nshould return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "57fa1e18091e66b7e1002816523cb218196a882e", "tree": "29b4b3484fb17d60d7c6e24d107a74180ec815be", "parents": [ "0fe1212d0539eb6c1e27d388711172d786e299cc" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:20:33 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:25 2012 -0700" }, "message": "AppArmor: Move path failure information into aa_get_name and rename\n\nMove the path name lookup failure messages into the main path name lookup\nroutine, as the information is useful in more than just aa_path_perm.\n\nAlso rename aa_get_name to aa_path_name as it is not getting a reference\ncounted object with a corresponding put fn.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "0fe1212d0539eb6c1e27d388711172d786e299cc", "tree": "b6e653222f271f52b8d4606102ef1e6bd72b7bc2", "parents": [ "3372b68a3c982611dcc30b3c872f8bbdee019e5e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:20:26 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:24 2012 -0700" }, "message": "AppArmor: Update dfa matching routines.\n\nUpdate aa_dfa_match so that it doesn\u0027t result in an input string being\nwalked twice (once to get its length and another time to match)\n\nAdd a single step functions\n aa_dfa_next\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "3372b68a3c982611dcc30b3c872f8bbdee019e5e", "tree": "6266a00311e1fce559326447e6b65952ca2db4c9", "parents": [ "fbba8d89acea5d628d1d076b1d8962db438ff832" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:32:47 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:23 2012 -0700" }, "message": "AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "fbba8d89acea5d628d1d076b1d8962db438ff832", "tree": "1e3a27cb78369676de62f8587d84d281224df1ff", "parents": [ "33e521acff709d275950ec5bf8dd577d873cd61e" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:28:50 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:22 2012 -0700" }, "message": "AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n\nWhen __d_path and d_absolute_path fail due to the name being outside of\nthe current namespace no name is reported. Use dentry_path to provide\nsome hint as to which file was being accessed.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "33e521acff709d275950ec5bf8dd577d873cd61e", "tree": "51ed534075632cdd41ca3df3ef8d5accb618480a", "parents": [ "b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 05:53:40 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:12 2012 -0700" }, "message": "AppArmor: Add const qualifiers to generated string tables\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f", "tree": "d586d6edc39a957d66df9dd2908759a6c5c622e5", "parents": [ "ef9a762279c9ce98c592fb144b31898411feb94d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 10 11:25:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:15:02 2012 -0700" }, "message": "AppArmor: Fix oops in policy unpack auditing\n\nPost unpacking of policy a verification pass is made on x transition\nindexes. When this fails a call to audit_iface is made resulting in an\noops, because audit_iface is expecting a valid buffer position but\nsince the failure comes from post unpack verification there is none.\n\nMake the position argument optional so that audit_iface can be called\nfrom post unpack verification.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "ef9a762279c9ce98c592fb144b31898411feb94d", "tree": "4cb159b99e792781af212324aee7c8be4b549c38", "parents": [ "f67dabbdde1fe112dfff05d02890f1e0d54117a8" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Sat Mar 10 11:19:51 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Mar 14 06:14:52 2012 -0700" }, "message": "AppArmor: Fix error returned when a path lookup is disconnected\n\nThe returning of -ESATLE when a path lookup fails as disconnected is wrong.\nSince AppArmor is rejecting the access return -EACCES instead.\n\nThis also fixes a bug in complain (learning) mode where disconnected paths\nare denied because -ESTALE errors are not ignored causing failures that\ncan change application behavior.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "f67dabbdde1fe112dfff05d02890f1e0d54117a8", "tree": "5cf73d686d39df4e9986194ff64e98fdcdd4e444", "parents": [ "df91e49477a9be15921cb2854e1d12a3bdb5e425" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Tue Mar 06 13:32:16 2012 +0000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Mar 07 11:12:06 2012 +1100" }, "message": "KEYS: testing wrong bit for KEY_FLAG_REVOKED\n\nThe test for \"if (cred-\u003erequest_key_auth-\u003eflags \u0026 KEY_FLAG_REVOKED) {\"\nshould actually testing that the (1 \u003c\u003c KEY_FLAG_REVOKED) bit is set.\nThe current code actually checks for KEY_FLAG_DEAD.\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "df91e49477a9be15921cb2854e1d12a3bdb5e425", "tree": "8408a7d2a432a206070ac01b2939fefcdce9ca13", "parents": [ "a69f15890292b5449f9056b4bb322b044e6ce0c6" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Wed Feb 29 21:53:22 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Mar 01 10:23:19 2012 +1100" }, "message": "TOMOYO: Fix mount flags checking order.\n\nUserspace can pass in arbitrary combinations of MS_* flags to mount().\n\nIf both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are\npassed, device name which should be checked for MS_BIND was not checked because\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.\n\nIf both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which\nshould not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had\nhigher priority than MS_REMOUNT.\n\nFix these bugs by changing priority to MS_REMOUNT -\u003e MS_BIND -\u003e\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -\u003e MS_MOVE as with do_mount() does.\n\nAlso, unconditionally return -EINVAL if more than one of\nMS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not\ngenerate inaccurate audit logs, for commit 7a2e8a8f \"VFS: Sanity check mount\nflags passed to change_mnt_propagation()\" clarified that these flags must be\nexclusively passed.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a69f15890292b5449f9056b4bb322b044e6ce0c6", "tree": "7a37f3826e958787ca7d78603c9031d29558f43f", "parents": [ "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Fri Feb 24 11:28:05 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 28 11:01:15 2012 +1100" }, "message": "security: fix ima kconfig warning\n\nFix IMA kconfig warning on non-X86 architectures:\n\nwarning: (IMA) selects TCG_TIS which has unmet direct dependencies\n(TCG_TPM \u0026\u0026 X86)\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nAcked-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "28042fabf43b9a8ccfaa38f8c8187cc525e53fd3", "tree": "f881ccfdb821608683bebf4013a572464e798657", "parents": [ "38305a4bab4be5d278443b057f7f5e97afb07f26" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 06:21:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:23 2012 -0800" }, "message": "AppArmor: Fix the error case for chroot relative path name lookup\n\nWhen a chroot relative pathname lookup fails it is falling through to\ndo a d_absolute_path lookup. This is incorrect as d_absolute_path should\nonly be used to lookup names for namespace absolute paths.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "38305a4bab4be5d278443b057f7f5e97afb07f26", "tree": "06122a0380bc06de07c2b462bfa2f306ab12af87", "parents": [ "8b964eae204d791421677ec56b94a7b18cf8740d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:42:08 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:22 2012 -0800" }, "message": "AppArmor: fix mapping of META_READ to audit and quiet flags\n\nThe mapping of AA_MAY_META_READ for the allow mask was also being mapped\nto the audit and quiet masks. This would result in some operations being\naudited when the should not.\n\nThis flaw was hidden by the previous audit bug which would drop some\nmessages that where supposed to be audited.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "8b964eae204d791421677ec56b94a7b18cf8740d", "tree": "7c1a7b5b6be9f2d9b60d8cba1094635d3f74466c", "parents": [ "ade3ddc01e2e426cc24c744be85dcaad4e8f8aba" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:32:30 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:21 2012 -0800" }, "message": "AppArmor: Fix underflow in xindex calculation\n\nIf the xindex value stored in the accept tables is 0, the extraction of\nthat value will result in an underflow (0 - 4).\n\nIn properly compiled policy this should not happen for file rules but\nit may be possible for other rule types in the future.\n\nTo exploit this underflow a user would have to be able to load a corrupt\npolicy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel\nmemory or know of a compiler error resulting in the flaw being present\nfor loaded policy (no such flaw is known at this time).\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "ade3ddc01e2e426cc24c744be85dcaad4e8f8aba", "tree": "1e395ce7487cf31c9dccf4d0e3ded0c055980ab2", "parents": [ "cdbd2884df8ad026143bb482a96d38e616947b17" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Feb 22 00:20:26 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:21 2012 -0800" }, "message": "AppArmor: Fix dropping of allowed operations that are force audited\n\nThe audit permission flag, that specifies an audit message should be\nprovided when an operation is allowed, was being ignored in some cases.\n\nThis is because the auto audit mode (which determines the audit mode from\nsystem flags) was incorrectly assigned the same value as audit mode. The\nshared value would result in messages that should be audited going through\na second evaluation as to whether they should be audited based on the\nauto audit, resulting in some messages being dropped.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "cdbd2884df8ad026143bb482a96d38e616947b17", "tree": "5a6490419450ee4fe7ae08c1fb57526f8e7c3cc3", "parents": [ "d384b0a1a35f87f0ad70c29518f98f922b1c15cb" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Feb 16 07:06:41 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:20 2012 -0800" }, "message": "AppArmor: Add mising end of structure test to caps unpacking\n\nThe unpacking of struct capsx is missing a check for the end of the\ncaps structure. This can lead to unpack failures depending on what else\nis packed into the policy file being unpacked.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Kees Cook \u003ckees@ubuntu.com\u003e\n" }, { "commit": "d384b0a1a35f87f0ad70c29518f98f922b1c15cb", "tree": "42560d316dffc636a424e7fa8173400723dcc4e7", "parents": [ "a9bf8e9fd561ba9ff1f0f2a1d96e439fcedaaaa4" ], "author": { "name": "Kees Cook", "email": "kees@ubuntu.com", "time": "Thu Jan 26 16:29:23 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:19 2012 -0800" }, "message": "AppArmor: export known rlimit names/value mappings in securityfs\n\nSince the parser needs to know which rlimits are known to the kernel,\nexport the list via a mask file in the \"rlimit\" subdirectory in the\nsecurityfs \"features\" directory.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "a9bf8e9fd561ba9ff1f0f2a1d96e439fcedaaaa4", "tree": "fb477507408c30384d6725a3418eef92b09148e9", "parents": [ "e74abcf3359d0130e99a6511ac484a3ea9e6e988" ], "author": { "name": "Kees Cook", "email": "kees@ubuntu.com", "time": "Thu Jan 26 16:29:22 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:18 2012 -0800" }, "message": "AppArmor: add \"file\" details to securityfs\n\nCreate the \"file\" directory in the securityfs for tracking features\nrelated to files.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "e74abcf3359d0130e99a6511ac484a3ea9e6e988", "tree": "53b512c463f58546f810f7db876b81bebf4c786a", "parents": [ "9acd494be9387b0608612cd139967201dd7a4e12" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Thu Jan 26 16:29:21 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:17 2012 -0800" }, "message": "AppArmor: add initial \"features\" directory to securityfs\n\nThis adds the \"features\" subdirectory to the AppArmor securityfs\nto display boolean features flags and the known capability mask.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "9acd494be9387b0608612cd139967201dd7a4e12", "tree": "5fb5f8dff3b1ac26c07c73e8785978b98122f2da", "parents": [ "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1" ], "author": { "name": "Kees Cook", "email": "kees@outflux.net", "time": "Thu Jan 26 16:29:20 2012 -0800" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Mon Feb 27 11:38:09 2012 -0800" }, "message": "AppArmor: refactor securityfs to use structures\n\nUse a file tree structure to represent the AppArmor securityfs.\n\nSigned-off-by: Kees Cook \u003ckees@ubuntu.com\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "b0d5de4d58803bbcce2b8175a8dd21c559a3abc1", "tree": "08213154dd13ab28eac64e9a87b3a8b7e5660381", "parents": [ "bf06189e4d14641c0148bea16e9dd24943862215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 14 17:11:07 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 12:01:42 2012 +1100" }, "message": "IMA: fix audit res field to indicate 1 for success and 0 for failure\n\nThe audit res field ususally indicates success with a 1 and 0 for a\nfailure. So make IMA do it the same way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bf06189e4d14641c0148bea16e9dd24943862215", "tree": "5c62eb24339041baf65b8e42daac42c7a01efc0e", "parents": [ "3ab1aff89477dafb1aaeafe8c8669114a02b7226" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Feb 14 16:48:09 2012 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 16 10:25:18 2012 +1100" }, "message": "Yama: add PR_SET_PTRACER_ANY\n\nFor a process to entirely disable Yama ptrace restrictions, it can use\nthe special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed\nprocess may ptrace it. This is stronger than calling PR_SET_PTRACER with\npid \"1\" because it includes processes in external pid namespaces. This is\ncurrently needed by the Chrome renderer, since its crash handler (Breakpad)\nruns external to the renderer\u0027s pid namespace.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "191c542442fdf53cc3c496c00be13367fd9cd42d", "tree": "4aef9e33a1d99e6530b704243efbe373bb314d61", "parents": [ "bbd36568594d091e682a1975ef4ee41d808de0bc" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:39 2012 +1100" }, "message": "mm: collapse security_vm_enough_memory() variants into a single function\n\nCollapse security_vm_enough_memory() variants into a single function.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2d514487faf188938a4ee4fb3464eeecfbdcf8eb", "tree": "42147f0459ab062375f63891943242e3b95797bb", "parents": [ "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:04 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:18:52 2012 +1100" }, "message": "security: Yama LSM\n\nThis adds the Yama Linux Security Module to collect DAC security\nimprovements (specifically just ptrace restrictions for now) that have\nexisted in various forms over the years and have been carried outside the\nmainline kernel by other Linux distributions like Openwall and grsecurity.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8", "tree": "7167d158749a7acf2ce8bbe1ecd25234b654e813", "parents": [ "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Dec 21 12:17:03 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 10 09:14:51 2012 +1100" }, "message": "security: create task_free security callback\n\nThe current LSM interface to cred_free is not sufficient for allowing\nan LSM to track the life and death of a task. This patch adds the\ntask_free hook so that an LSM can clean up resources on task death.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c", "tree": "2750d9fc94b8fb78d9982ea4a62d586e7f0a7862", "parents": [ "2eb6038c51034bf7f9335b15ce9238a028fdd2d6", "4c2c392763a682354fac65b6a569adec4e4b5387" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 09 17:02:34 2012 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "761b3ef50e1c2649cffbfa67a4dcb2dcdb7982ed", "tree": "67ab6a9a2520811c9c0b4d70d1c19b4bfca16237", "parents": [ "61d1d219c4c0761059236a46867bc49943c4d29d" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Tue Jan 31 13:47:36 2012 +0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Feb 02 09:20:22 2012 -0800" }, "message": "cgroup: remove cgroup_subsys argument from callbacks\n\nThe argument is not used at all, and it\u0027s not necessary, because\na specific callback handler of course knows which subsys it\nbelongs to.\n\nNow only -\u003epupulate() takes this argument, because the handlers of\nthis callback always call cgroup_add_file()/cgroup_add_files().\n\nSo we reduce a few lines of code, though the shrinking of object size\nis minimal.\n\n 16 files changed, 113 insertions(+), 162 deletions(-)\n\n text data bss dec hex filename\n5486240 656987 7039960 13183187 c928d3 vmlinux.o.orig\n5486170 656987 7039960 13183117 c9288d vmlinux.o\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "7908b3ef6809e49c77d914342dfaa4b946476d7a", "tree": "44af103c5457b4c2286400158dcfc18846a7c4f0", "parents": [ "dcd6c92267155e70a94b3927bce681ce74b80d1f", "acbbb76a26648dfae6fed0989879e40d75692bfc" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 23 08:59:49 2012 -0800" }, "message": "Merge git://git.samba.org/sfrench/cifs-2.6\n\n* git://git.samba.org/sfrench/cifs-2.6:\n CIFS: Rename *UCS* functions to *UTF16*\n [CIFS] ACL and FSCACHE support no longer EXPERIMENTAL\n [CIFS] Fix build break with multiuser patch when LANMAN disabled\n cifs: warn about impending deprecation of legacy MultiuserMount code\n cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts\n cifs: sanitize username handling\n keys: add a \"logon\" key type\n cifs: lower default wsize when unix extensions are not used\n cifs: better instrumentation for coalesce_t2\n cifs: integer overflow in parse_dacl()\n cifs: Fix sparse warning when calling cifs_strtoUCS\n CIFS: Add descriptions to the brlock cache functions\n" }, { "commit": "4c2c392763a682354fac65b6a569adec4e4b5387", "tree": "490b840399ed1e010561f4b97018f3c0a3caf8b6", "parents": [ "f4a0391dfa91155bd961673b31eb42d9d45c799d" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Oct 18 14:16:28 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:21 2012 -0500" }, "message": "ima: policy for RAMFS\n\nDon\u0027t measure ramfs files.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f4a0391dfa91155bd961673b31eb42d9d45c799d", "tree": "21186b7a48986afa47115cefaf9d385fb9f8dcf7", "parents": [ "700920eb5ba4de5417b446c9a8bb008df2b973e0" ], "author": { "name": "Fabio Estevam", "email": "festevam@gmail.com", "time": "Thu Jan 05 12:49:54 2012 -0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 19 21:30:09 2012 -0500" }, "message": "ima: fix Kconfig dependencies\n\nFix the following build warning:\nwarning: (IMA) selects TCG_TPM which has unmet direct dependencies\n(HAS_IOMEM \u0026\u0026 EXPERIMENTAL)\n\nSuggested-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nSigned-off-by: Fabio Estevam \u003cfabio.estevam@freescale.com\u003e\nSigned-off-by: Rajiv Andrade \u003csrajiv@linux.vnet.ibm.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f6b24579d099ebb67f39cd7924a72a7eec0ce6ae", "tree": "a97004bb108138294b77e98466a4b9e76a9a198c", "parents": [ "3db59dd93309710c40aaf1571c607cb0feef3ecb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 18 10:03:14 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 16:16:29 2012 +1100" }, "message": "keys: fix user_defined key sparse messages\n\nReplace the rcu_assign_pointer() calls with rcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3db59dd93309710c40aaf1571c607cb0feef3ecb", "tree": "6a224a855aad0e5207abae573456b2d2ec381f7c", "parents": [ "4bf1924c008dffdc154f82507b4052e49263a6f4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 22:11:28 2012 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 15:59:11 2012 +1100" }, "message": "ima: fix cred sparse warning\n\nFix ima_policy.c sparse \"warning: dereference of noderef expression\"\nmessage, by accessing cred-\u003euid using current_cred().\n\nChangelog v1:\n- Change __cred to just cred (based on David Howell\u0027s comment)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "700920eb5ba4de5417b446c9a8bb008df2b973e0", "tree": "8e2caa32a5cdcd47347ff84bc3e95915d000f537", "parents": [ "53999bf34d55981328f8ba9def558d3e104d6e36" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Jan 18 15:31:45 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jan 19 14:38:51 2012 +1100" }, "message": "KEYS: Allow special keyrings to be cleared\n\nThe kernel contains some special internal keyrings, for instance the DNS\nresolver keyring :\n\n2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty\n\nIt would occasionally be useful to allow the contents of such keyrings to be\nflushed by root (cache invalidation).\n\nAllow a flag to be set on a keyring to mark that someone possessing the\nsysadmin capability can clear the keyring, even without normal write access to\nthe keyring.\n\nSet this flag on the special keyrings created by the DNS resolver, the NFS\nidentity mapper and the CIFS identity mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f6ed2ca257fa8650b876377833e6f14e272848b", "tree": "8b664dced5415a6d463a56c2bc98756bd5ea5e44", "parents": [ "ce91acb3acae26f4163c5a6f1f695d1a1e8d9009" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Tue Jan 17 16:09:11 2012 -0500" }, "committer": { "name": "Steve French", "email": "smfrench@gmail.com", "time": "Tue Jan 17 22:39:40 2012 -0600" }, "message": "keys: add a \"logon\" key type\n\nFor CIFS, we want to be able to store NTLM credentials (aka username\nand password) in the keyring. We do not, however want to allow users\nto fetch those keys back out of the keyring since that would be a\nsecurity risk.\n\nUnfortunately, due to the nuances of key permission bits, it\u0027s not\npossible to do this. We need to grant search permissions so the kernel\ncan find these keys, but that also implies permissions to read the\npayload.\n\nResolve this by adding a new key_type. This key type is essentially\nthe same as key_type_user, but does not define a .read op. This\nprevents the payload from ever being visible from userspace. This\nkey type also vets the description to ensure that it\u0027s \"qualified\"\nby checking to ensure that it has a \u0027:\u0027 in it that is preceded by\nother characters.\n\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csmfrench@gmail.com\u003e\n" }, { "commit": "a25a2b84098eb5e001cb8086603d692aa95bf2ec", "tree": "02c01b36251f7b0afb1a98093e14efb17d015910", "parents": [ "f429ee3b808118591d1f3cdf3c0d0793911a5677", "f1be242c95257b199d8b679bc952ca33487c9af6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:43:39 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n integrity: digital signature config option name change\n lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts\n lib: MPILIB Kconfig description update\n lib: digital signature dependency fix\n lib: digital signature config option name change\n encrypted-keys: fix rcu and sparse messages\n keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n KEYS: Add missing smp_rmb() primitives to the keyring search code\n TOMOYO: Accept \\000 as a valid character.\n security: update MAINTAINERS file with new git repo\n" }, { "commit": "f429ee3b808118591d1f3cdf3c0d0793911a5677", "tree": "96d848f5f677d96758ecd2aee5eb6931b75bf218", "parents": [ "22b4eb5e3174efb49791c62823d0cccc35394c36", "c158a35c8a681cf68d36f22f058f9f5466386c71" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:06:51 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:41:31 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits)\n audit: no leading space in audit_log_d_path prefix\n audit: treat s_id as an untrusted string\n audit: fix signedness bug in audit_log_execve_info()\n audit: comparison on interprocess fields\n audit: implement all object interfield comparisons\n audit: allow interfield comparison between gid and ogid\n audit: complex interfield comparison helper\n audit: allow interfield comparison in audit rules\n Kernel: Audit Support For The ARM Platform\n audit: do not call audit_getname on error\n audit: only allow tasks to set their loginuid if it is -1\n audit: remove task argument to audit_set_loginuid\n audit: allow audit matching on inode gid\n audit: allow matching on obj_uid\n audit: remove audit_finish_fork as it can\u0027t be called\n audit: reject entry,always rules\n audit: inline audit_free to simplify the look of generic code\n audit: drop audit_set_macxattr as it doesn\u0027t do anything\n audit: inline checks for not needing to collect aux records\n audit: drop some potentially inadvisable likely notations\n ...\n\nUse evil merge to fix up grammar mistakes in Kconfig file.\n\nBad speling and horrible grammar (and copious swearing) is to be\nexpected, but let\u0027s keep it to commit messages and comments, rather than\nexpose it to users in config help texts or printouts.\n" }, { "commit": "f1be242c95257b199d8b679bc952ca33487c9af6", "tree": "fa3a1057bbd9caedca959c1fa3811413bf101d7d", "parents": [ "2e5f094b9dbf9463ab93f86351cd1a8dc88942cc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:07 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:27 2012 +1100" }, "message": "integrity: digital signature config option name change\n\nSimilar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5e8898e97a5db4125d944070922164d1d09a2689", "tree": "a5319fcc60499e63fecc7a08d923a1de8f9c7622", "parents": [ "6ac6172a935d1faf7ef259802267657bc0007a62" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Jan 17 17:12:03 2012 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:46:21 2012 +1100" }, "message": "lib: digital signature config option name change\n\nIt was reported that DIGSIG is confusing name for digital signature\nmodule. It was suggested to rename DIGSIG to SIGNATURE.\n\nRequested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSuggested-by: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6ac6172a935d1faf7ef259802267657bc0007a62", "tree": "034c1a79a3d401926f6b968eb270d34f561e50f1", "parents": [ "ee0b31a25a010116f44fca6c96f4516d417793dd" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 20:40:02 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:30 2012 +1100" }, "message": "encrypted-keys: fix rcu and sparse messages\n\nEnabling CONFIG_PROVE_RCU and CONFIG_SPARSE_RCU_POINTER resulted in\n\"suspicious rcu_dereference_check() usage!\" and \"incompatible types\nin comparison expression (different address spaces)\" messages.\n\nAccess the masterkey directly when holding the rwsem.\n\nChangelog v1:\n- Use either rcu_read_lock()/rcu_derefence_key()/rcu_read_unlock()\nor remove the unnecessary rcu_derefence() - David Howells\n\nReported-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ee0b31a25a010116f44fca6c96f4516d417793dd", "tree": "d7670d202d0f4888b5213ed73d88c9a80bd05b74", "parents": [ "efde8b6e16f11e7d1681c68d86c7fd51053cada7" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 17 20:39:51 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:29 2012 +1100" }, "message": "keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages\n\nDefine rcu_assign_keypointer(), which uses the key payload.rcudata instead\nof payload.data, to resolve the CONFIG_SPARSE_RCU_POINTER message:\n\"incompatible types in comparison expression (different address spaces)\"\n\nReplace the rcu_assign_pointer() calls in encrypted/trusted keys with\nrcu_assign_keypointer().\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "efde8b6e16f11e7d1681c68d86c7fd51053cada7", "tree": "4fb5e80428c4f36c5da35ff3319cd71c1771451c", "parents": [ "25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Jan 17 20:39:40 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:41:27 2012 +1100" }, "message": "KEYS: Add missing smp_rmb() primitives to the keyring search code\n\nAdd missing smp_rmb() primitives to the keyring search code.\n\nWhen keyring payloads are appended to without replacement (thus using up spare\nslots in the key pointer array), an smp_wmb() is issued between the pointer\nassignment and the increment of the key count (nkeys).\n\nThere should be corresponding read barriers between the read of nkeys and\ndereferences of keys[n] when n is dependent on the value of nkeys.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c", "tree": "1fb0c0fadcf7544fee117f27ac667e4c444d634b", "parents": [ "89879a7eb81f69e6f63bdb2a442fb765c46482c0" ], "author": { "name": "Tetsuo Handa", "email": "from-tomoyo-users-en@I-love.SAKURA.ne.jp", "time": "Sun Jan 15 11:05:59 2012 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 18 10:40:59 2012 +1100" }, "message": "TOMOYO: Accept \\000 as a valid character.\n\nTOMOYO 2.5 in Linux 3.2 and later handles Unix domain socket\u0027s address.\nThus, tomoyo_correct_word2() needs to accept \\000 as a valid character, or\nTOMOYO 2.5 cannot handle Unix domain\u0027s abstract socket address.\n\nReported-by: Steven Allen \u003csteven@stebalien.com\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCC: stable@vger.kernel.org [3.2+]\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c158a35c8a681cf68d36f22f058f9f5466386c71", "tree": "54a7fe4d21a30848539b2bf94c885f0a0b123717", "parents": [ "41fdc3054e23e3229edea27053522fe052d02ec2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 06 14:07:10 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:04 2012 -0500" }, "message": "audit: no leading space in audit_log_d_path prefix\n\naudit_log_d_path() injects an additional space before the prefix,\nwhich serves no purpose and doesn\u0027t mix well with other audit_log*()\nfunctions that do not sneak extra characters into the log.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "41fdc3054e23e3229edea27053522fe052d02ec2", "tree": "00bb62aef2288df07eae059f344d11d32b004f69", "parents": [ "5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Sat Jan 07 10:41:04 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:03 2012 -0500" }, "message": "audit: treat s_id as an untrusted string\n\nThe use of s_id should go through the untrusted string path, just to be\nextra careful.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "90ab5ee94171b3e28de6bb42ee30b527014e0be7", "tree": "fcf89889f6e881f2b231d3d20287c08174ce4b54", "parents": [ "476bc0015bf09dad39d36a8b19f76f0c181d1ec9" ], "author": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Jan 13 09:32:20 2012 +1030" }, "message": "module_param: make bool parameters really bool (drivers \u0026 misc)\n\nmodule_param(bool) used to counter-intuitively take an int. In\nfddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy\ntrick.\n\nIt\u0027s time to remove the int/unsigned int option. For this version\nit\u0027ll simply give a warning, but it\u0027ll break next kernel version.\n\nAcked-by: Mauro Carvalho Chehab \u003cmchehab@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "3e25eb9c4bb649acdddb333d10774b640190f727", "tree": "d51009557e95437dd7b7ef6b0f3a51aacccec743", "parents": [ "e4e11180dfa545233e5145919b75b7fac88638df" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 10 10:20:35 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 10 10:20:35 2012 -0500" }, "message": "securityfs: fix object creation races\n\ninode needs to be fully set up before we feed it to d_instantiate().\nsecurityfs_create_file() does *not* do so; it sets -\u003ei_fop and\n-\u003ei_private only after we\u0027d exposed the inode. Unfortunately,\nthat\u0027s done fairly deep in call chain, so the amount of churn\nis considerable. Helper functions killed by substituting into\ntheir solitary call sites, dead code removed. We finally can\nbury default_file_ops, now that the final value of -\u003ei_fop is\navailable (and assigned) at the point where inode is allocated.\n\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "db0c2bf69aa095d4a6de7b1145f29fe9a7c0f6a3", "tree": "8f38957c01b18edddd44d49ecc3beeac08a20b4e", "parents": [ "ac69e0928054ff29a5049902fb477f9c7605c773", "0d19ea866562e46989412a0676412fa0983c9ce7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 09 12:59:24 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 09 12:59:24 2012 -0800" }, "message": "Merge branch \u0027for-3.3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\n* \u0027for-3.3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (21 commits)\n cgroup: fix to allow mounting a hierarchy by name\n cgroup: move assignement out of condition in cgroup_attach_proc()\n cgroup: Remove task_lock() from cgroup_post_fork()\n cgroup: add sparse annotation to cgroup_iter_start() and cgroup_iter_end()\n cgroup: mark cgroup_rmdir_waitq and cgroup_attach_proc() as static\n cgroup: only need to check oldcgrp\u003d\u003dnewgrp once\n cgroup: remove redundant get/put of task struct\n cgroup: remove redundant get/put of old css_set from migrate\n cgroup: Remove unnecessary task_lock before fetching css_set on migration\n cgroup: Drop task_lock(parent) on cgroup_fork()\n cgroups: remove redundant get/put of css_set from css_set_check_fetched()\n resource cgroups: remove bogus cast\n cgroup: kill subsys-\u003ecan_attach_task(), pre_attach() and attach_task()\n cgroup, cpuset: don\u0027t use ss-\u003epre_attach()\n cgroup: don\u0027t use subsys-\u003ecan_attach_task() or -\u003eattach_task()\n cgroup: introduce cgroup_taskset and use it in subsys-\u003ecan_attach(), cancel_attach() and attach()\n cgroup: improve old cgroup handling in cgroup_attach_proc()\n cgroup: always lock threadgroup during migration\n threadgroup: extend threadgroup_lock() to cover exit and exec\n threadgroup: rename signal-\u003ethreadgroup_fork_lock to -\u003egroup_rwsem\n ...\n\nFix up conflict in kernel/cgroup.c due to commit e0197aae59e5: \"cgroups:\nfix a css_set not found bug in cgroup_attach_proc\" that already\nmentioned that the bug is fixed (differently) in Tejun\u0027s cgroup\npatchset. This one, in other words.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "972b2c719990f91eb3b2310d44ef8a2d38955a14", "tree": "b25a250ec5bec4b7b6355d214642d8b57c5cab32", "parents": [ "02550d61f49266930e674286379d3601006b2893", "c3aa077648e147783a7a53b409578234647db853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "message": "Merge branch \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\n* \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (165 commits)\n reiserfs: Properly display mount options in /proc/mounts\n vfs: prevent remount read-only if pending removes\n vfs: count unlinked inodes\n vfs: protect remounting superblock read-only\n vfs: keep list of mounts for each superblock\n vfs: switch -\u003eshow_options() to struct dentry *\n vfs: switch -\u003eshow_path() to struct dentry *\n vfs: switch -\u003eshow_devname() to struct dentry *\n vfs: switch -\u003eshow_stats to struct dentry *\n switch security_path_chmod() to struct path *\n vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n vfs: trim includes a bit\n switch mnt_namespace -\u003eroot to struct mount\n vfs: take /proc/*/mounts and friends to fs/proc_namespace.c\n vfs: opencode mntget() mnt_set_mountpoint()\n vfs: spread struct mount - remaining argument of next_mnt()\n vfs: move fsnotify junk to struct mount\n vfs: move mnt_devname\n vfs: move mnt_list to struct mount\n vfs: switch pnode.h macros to struct mount *\n ...\n" }, { "commit": "cdcf116d44e78c7216ba9f8be9af1cdfca7af728", "tree": "2417cfd3e06ac5e2468585e8f00d580242cb5571", "parents": [ "d8c9584ea2a92879f471fd3a2be3af6c534fb035" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 08 10:51:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "switch security_path_chmod() to struct path *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8c9584ea2a92879f471fd3a2be3af6c534fb035", "tree": "3541b9c6228f820bdc65e4875156eb27b1c91cb1", "parents": [ "ece2ccb668046610189d88d6aaf05aeb09c988a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:16:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ece2ccb668046610189d88d6aaf05aeb09c988a1", "tree": "a0349945f7537de2aca420b47ced23b6294f8b65", "parents": [ "d10577a8d86a0c735488d66d32289a6d66bcfa20", "a218d0fdc5f9004164ff151d274487f6799907d0", "ff01bb4832651c6d25ac509a06a10fcbd75c461c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:15:54 2012 -0500" }, "message": "Merge branches \u0027vfsmount-guts\u0027, \u0027umode_t\u0027 and \u0027partitions\u0027 into Z\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "69f594a38967f4540ce7a29b3fd214e68a8330bd", "tree": "dff25b5f5ef0736fb63b08729bec4ff57062c13f", "parents": [ "f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:00 2012 -0500" }, "message": "ptrace: do not audit capability check when outputing /proc/pid/stat\n\nReading /proc/pid/stat of another process checks if one has ptrace permissions\non that process. If one does have permissions it outputs some data about the\nprocess which might have security and attack implications. If the current\ntask does not have ptrace permissions the read still works, but those fields\nare filled with inocuous (0) values. Since this check and a subsequent denial\nis not a violation of the security policy we should not audit such denials.\n\nThis can be quite useful to removing ptrace broadly across a system without\nflooding the logs when ps is run or something which harmlessly walks proc.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "2920a8409de5a51575d03deca07e5bb2be6fc98d", "tree": "1f16eba518068e7096b6ff200c09d3d31e285586", "parents": [ "c7eba4a97563fd8b431787f7ad623444f2da80c6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:55 2012 -0500" }, "message": "capabilities: remove all _real_ interfaces\n\nThe name security_real_capable and security_real_capable_noaudit just don\u0027t\nmake much sense to me. Convert them to use security_capable and\nsecurity_capable_noaudit.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "c7eba4a97563fd8b431787f7ad623444f2da80c6", "tree": "12041949c45c2f394d6a96041c39e07ad6df720b", "parents": [ "b7e724d303b684655e4ca3dabd5a6840ad19012d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:54 2012 -0500" }, "message": "capabilities: introduce security_capable_noaudit\n\nExactly like security_capable except don\u0027t audit any denials. This is for\nplaces where the kernel may make decisions about what to do if a task has a\ngiven capability, but which failing that capability is not a sign of a\nsecurity policy violation. An example is checking if a task has\nCAP_SYS_ADMIN to lower it\u0027s likelyhood of being killed by the oom killer.\nThis check is not a security violation if it is denied.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "b7e724d303b684655e4ca3dabd5a6840ad19012d", "tree": "5474d8d49d61ade4c5e306a0485a835587237bf4", "parents": [ "6a9de49115d5ff9871d953af1a5c8249e1585731" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: reverse arguments to security_capable\n\nsecurity_capable takes ns, cred, cap. But the LSM capable() hook takes\ncred, ns, cap. The capability helper functions also take cred, ns, cap.\nRather than flip argument order just to flip it back, leave them alone.\nHeck, this should be a little faster since argument will be in the right\nplace!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2653812e14f4e16688ec8247d7fd290bdbbc4747", "tree": "dabb2238a76e000b37374c69901afd6f99479631", "parents": [ "02f5daa563456c1ff3c3422aa3ec00e67460f762" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:19:02 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:52 2012 -0500" }, "message": "selinux: sparse fix: fix several warnings in the security server cod\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "02f5daa563456c1ff3c3422aa3ec00e67460f762", "tree": "b2394602c587815aae9f1b07ac272302800d9288", "parents": [ "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:18:06 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:51 2012 -0500" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0", "tree": "4f9b55cac61209b6b4f15a1e20396a15a4444b11", "parents": [ "6063c0461b947c26a77674f33a3409eb99e15d2f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:17:34 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6063c0461b947c26a77674f33a3409eb99e15d2f", "tree": "2ac98e4a0a5fa7f6da95e6c5978684da215b4277", "parents": [ "5c884c1d4ac955987e84acf2d36c0f160536aca4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:12:13 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5c884c1d4ac955987e84acf2d36c0f160536aca4", "tree": "a4d19da174e193a7844788846c53c25948ed2a54", "parents": [ "b46610caba4bd9263afd07c7ef7a79974550554a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:16:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:49 2012 -0500" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b46610caba4bd9263afd07c7ef7a79974550554a", "tree": "3f1edce9d24e9e7af2661ab4c2eeae744beb183c", "parents": [ "94d4ef0c2b3e6c799f78d223e233254a870c4559" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:11:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:48 2012 -0500" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "117ff42fd43e92d24c6aa6f3e4f0f1e1edada140", "tree": "c08e1c0357fde481a16489b77feb8f6073faf538", "parents": [ "1d5783030a14d1b6ee763f63c8136e581f48b365", "805a6af8dba5dfdd35ec35dc52ec0122400b2610" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 04 21:35:43 2012 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Jan 04 21:35:43 2012 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n" }, { "commit": "d10577a8d86a0c735488d66d32289a6d66bcfa20", "tree": "a38b3606fb863064eb89166f6a3115f7c5eccfd7", "parents": [ "be08d6d260b6e7eb346162a1081cdf5f94fda569" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 13:06:11 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:57:13 2012 -0500" }, "message": "vfs: trim includes a bit\n\n[folded fix for missing magic.h from Tetsuo Handa]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04fc66e789a896e684bfdca30208e57eb832dd96", "tree": "37c26bff07e48c8c25d147850b7906d0d1c79a81", "parents": [ "4572befe248fd0d94aedc98775e3f0ddc8a26651" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:58:38 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:19 2012 -0500" }, "message": "switch -\u003epath_mknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4572befe248fd0d94aedc98775e3f0ddc8a26651", "tree": "2f4c4dabaebadb2790c8266a0434c7030c5f7cc0", "parents": [ "d179333f37d33533f4c77118f757b9e7835ccb7c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Nov 21 14:56:21 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "switch -\u003epath_mkdir() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d179333f37d33533f4c77118f757b9e7835ccb7c", "tree": "479ae66773eab3fd6aa1c843e753a02063c65d40", "parents": [ "84dfa9897ef913771af44484fefbe0de29fdce51" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 26 23:03:17 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:18 2012 -0500" }, "message": "tomoyo_mini_stat: switch to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "52ef0c042bf06f6aef382fade175075627beebc1", "tree": "a1256aebfd835da4cb29a80f391112fea82bf38e", "parents": [ "910f4ecef3f67714ebff69d0bc34313e48afaed2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:30:04 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch securityfs_create_file() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "910f4ecef3f67714ebff69d0bc34313e48afaed2", "tree": "348fe3b5d8789a4c019a700da5501a4756f988de", "parents": [ "49f0a0767211d3076974e59a26f36b567cbe8621" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 04:25:58 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:13 2012 -0500" }, "message": "switch security_path_chmod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "dba19c6064766730dd64757a010ec3aec503ecdb", "tree": "2071835ccfcb169b6219be7d5a4692fcfdcbd2c5", "parents": [ "1b9d5ff7644ddf2723c9205f4726c95ec01bf033" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 25 20:49:29 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:12 2012 -0500" }, "message": "get rid of open-coded S_ISREG(), etc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a67aafb5f72a436ca044293309fa7e6351d6a35", "tree": "d9e58600148de9d41b478cf815773b746647d15b", "parents": [ "4acdaf27ebe2034c342f3be57ef49aed1ad885ef" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:52:52 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:54 2012 -0500" }, "message": "switch -\u003emknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4acdaf27ebe2034c342f3be57ef49aed1ad885ef", "tree": "d89a876ee19cd88609a587f8aa6c464a52ee6d98", "parents": [ "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:42:34 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch -\u003ecreate() to umode_t\n\nvfs_create() ignores everything outside of 16bit subset of its\nmode argument; switching it to umode_t is obviously equivalent\nand it\u0027s the only caller of the method\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c", "tree": "4ee4e584bc9a67f3ec14ce159d2d7d4a27e68d4a", "parents": [ "8208a22bb8bd3c52ef634b4ff194f14892ab1713" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:41:39 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch vfs_mkdir() and -\u003emkdir() to umode_t\n\nvfs_mkdir() gets int, but immediately drops everything that might not\nfit into umode_t and that\u0027s the only caller of -\u003emkdir()...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4c1d5a64f134b254552b6211f6f79a1da667eab7", "tree": "130b704f727054b93f2a784a8d08252a1ecda3a0", "parents": [ "32dc730860155b235f13e0cd3fe58b263279baf9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:21:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:41 2012 -0500" }, "message": "vfs: for usbfs, etc. internal vfsmounts -\u003emnt_sb-\u003es_root \u003d\u003d -\u003emnt_root\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e407699ef56ed948739dd57a5578ba8cb5bd81b2", "tree": "830069801b88d2b7957c6bb0baf012e9637ec4fd", "parents": [ "c5dc332eb93881fc8234d652f6e91a2825b06503" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:14:54 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "btrfs, nfs, apparmor: don\u0027t pull mnt_namespace.h for no reason...\n\nit\u0027s not needed anymore; we used to, back when we had to do\nmount_subtree() by hand, complete with put_mnt_ns() in it.\nNo more... Apparmor didn\u0027t need it since the __d_path() fix.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c5dc332eb93881fc8234d652f6e91a2825b06503", "tree": "40327f76166c51e9109a6a1997566336529f6938", "parents": [ "aa0a4cf0ab4b03db21133a0ba62f558ed1bfcd1d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Nov 24 20:08:53 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:52:38 2012 -0500" }, "message": "tomoyo: stop including hell knows what\n\ntomoyo/realpath.c needs exactly one include - that of common.h. It pulls\neverything the thing needs, without doing ridiculous garbage such as trying\nto include ../../fs/internal.h. If that alone doesn\u0027t scream \"layering\nviolation\", I don\u0027t know what does; and these days it\u0027s all for nothing,\nsince it fortunately does not use any symbols defined in there...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "30e053248da178cf6154bb7e950dc8713567e3fa", "tree": "3ef4cb7f85f581fe53361ea0eb2586a8b6e696c2", "parents": [ "4376eee92e5a8332b470040e672ea99cd44c826a" ], "author": { "name": "Jan Kara", "email": "jack@suse.cz", "time": "Tue Jan 03 13:14:29 2012 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 03 16:12:19 2012 -0800" }, "message": "security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set\n\nCommit 1e39f384bb01 (\"evm: fix build problems\") makes the stub version\nof security_old_inode_init_security() return 0 when CONFIG_SECURITY is\nnot set.\n\nBut that makes callers such as reiserfs_security_init() assume that\nsecurity_old_inode_init_security() has set name, value, and len\narguments properly - but security_old_inode_init_security() left them\nuninitialized which then results in interesting failures.\n\nRevert security_old_inode_init_security() to the old behavior of\nreturning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this\njust fine.\n\n[ Also fixed the S_PRIVATE(inode) case of the actual non-stub\n security_old_inode_init_security() function to return EOPNOTSUPP\n for the same reason, as pointed out by Mimi Zohar.\n\n It got incorrectly changed to match the new function in commit\n fb88c2b6cbb1: \"evm: fix security/security_old_init_security return\n code\". - Linus ]\n\nReported-by: Jorge Bastos \u003cmysql.jorge@decimal.pt\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "abb434cb0539fb355c1c921f8fd761efbbac3462", "tree": "24a7d99ec161f8fd4dc9ff03c9c4cc93be883ce6", "parents": [ "2494654d4890316e7340fb8b3458daad0474a1b9", "6350323ad8def2ac00d77cdee3b79c9b9fba75c4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tnet/bluetooth/l2cap_core.c\n\nJust two overlapping changes, one added an initialization of\na local variable, and another change added a new local variable.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "50345f1ea9cda4618d9c26e590a97ecd4bc7ac75", "tree": "57b03dc68f894df468a3ca3c3929e1aff48bd6c2", "parents": [ "428f32817505f67992e8efe62d6a9c7cbb3f2498" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 13 14:49:04 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 21 11:28:56 2011 +1100" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94d4ef0c2b3e6c799f78d223e233254a870c4559", "tree": "ffb88af7d64d99e6adfe8b78b2f3dc751447dc64", "parents": [ "c3b92c8787367a8bb53d57d9789b558f1295cc96" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Oct 05 12:19:19 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 20 14:38:53 2011 -0500" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "97426f985729573cea06e82e271cc3929f1f5f8e", "tree": "4aafe725018a95dc5c76ede5199d24aea524b060", "parents": [ "d21b59451886cb82448302f8d6f9ac87c3bd56cf" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:42 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:50:08 2011 +0200" }, "message": "evm: prevent racing during tfm allocation\n\nThere is a small chance of racing during tfm allocation.\nThis patch fixes it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d21b59451886cb82448302f8d6f9ac87c3bd56cf", "tree": "f2842dca9ee3c2c3febbe2f6984bb2c5e2a34c28", "parents": [ "511585a28e5b5fd1cac61e601e42efc4c5dd64b5" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Dec 05 13:17:41 2011 +0200" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Dec 20 17:45:45 2011 +0200" }, "message": "evm: key must be set once during initialization\n\nOn multi-core systems, setting of the key before every caclculation,\ncauses invalid HMAC calculation for other tfm users, because internal\nstate (ipad, opad) can be invalid before set key call returns.\nIt needs to be set only once during initialization.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" }