)]}' { "log": [ { "commit": "c59d87c460767bc35dafd490139d3cfe78fb8da4", "tree": "2aad8261f86488e501d9645bd35d1398906da46d", "parents": [ "06f8e2d6754dc631732415b741b5aa58a0f7133f" ], "author": { "name": "Christoph Hellwig", "email": "hch@infradead.org", "time": "Fri Aug 12 16:21:35 2011 -0500" }, "committer": { "name": "Alex Elder", "email": "aelder@sgi.com", "time": "Fri Aug 12 16:21:35 2011 -0500" }, "message": "xfs: remove subdirectories\n\nUse the move from Linux 2.6 to Linux 3.x as an excuse to kill the\nannoying subdirectories in the XFS source code. Besides the large\namount of file rename the only changes are to the Makefile, a few\nfiles including headers with the subdirectory prefix, and the binary\nsysctl compat code that includes a header under fs/xfs/ from\nkernel/.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Alex Elder \u003caelder@sgi.com\u003e\n" }, { "commit": "256c53a65128cbc8a766b1503f3f25a52a8d07cb", "tree": "aa15c1cd93ad2d99609016fa0bcf46f305d64d58", "parents": [ "814ecf6e5b7854504ae83255173e53836c5d8420" ], "author": { "name": "Denis Kirjanov", "email": "dkirjanov@kernel.org", "time": "Wed Mar 23 16:43:08 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:46:51 2011 -0700" }, "message": "sysctl_check: drop dead code\n\nDrop dead code.\n\nSigned-off-by: Denis Kirjanov \u003cdkirjanov@kernel.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "814ecf6e5b7854504ae83255173e53836c5d8420", "tree": "0e6ba9405264833b672b5b640aadc93e4050d56d", "parents": [ "ad4ac17ad1e2f0bd0ce38b2585c5d7fa2b0780dc" ], "author": { "name": "Denis Kirjanov", "email": "dkirjanov@kernel.org", "time": "Wed Mar 23 16:43:08 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:46:50 2011 -0700" }, "message": "sysctl_check: drop table-\u003eprocname checks\n\nSince the for loop checks for the table-\u003eprocname drop useless\ntable-\u003eprocname checks inside the loop body\n\nSigned-off-by: Denis Kirjanov \u003cdkirjanov@kernel.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a9febbb4bd1302b6f01aa1203b0a804e4e5c9e25", "tree": "7367bee631d0a050e0d392102dd652ec48a57a08", "parents": [ "5a2b3ef4559f3d0ef58cbfb723f528f1c6b2e601" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Oct 15 14:34:12 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 15 14:42:24 2010 -0700" }, "message": "sysctl: min/max bounds are optional\n\nsysctl check complains with a WARN() when proc_doulongvec_minmax() or\nproc_doulongvec_ms_jiffies_minmax() are used by a vector of longs (with\nmore than one element), with no min or max value specified.\n\nThis is unexpected, given we had a bug on this min/max handling :)\n\nReported-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nAcked-by: WANG Cong \u003cxiyou.wangcong@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "83ac201b4f06eb8aeb7ac93cf162651ba30e0b28", "tree": "9b27ff2aa077624ea9548448965ad7fe97577f31", "parents": [ "a965cf946d38b0ff164a054477a91df70b0dd997" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Apr 03 02:22:26 2009 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Nov 11 00:42:53 2009 -0800" }, "message": "sysctl: Remove dead code from sysctl_check\n\nNow that the sys_sysctl is now a compatibility wrapper around\n/proc/sys we can remove much of sysctl_check and reduce it\nto a few remaining sanity checks. This completely decouples\nit from the binary sysctl system call.\n\nLittle things like ensuring that the sysctl has not already\nbeen registered are all that remain.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "8c85dd8730bfb696e691145335f884c7baef8277", "tree": "2dca1aac534a4322695c12b2870b7c25cf60ccbe", "parents": [ "115a57c5b31ab560574fe1a09deaba2ae89e77b5" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Oct 26 16:50:07 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 29 07:39:30 2009 -0700" }, "message": "sysctl: fix false positives when PROC_SYSCTL\u003dn\n\nHaving -\u003eprocname but not -\u003eproc_handler is valid when PROC_SYSCTL\u003dn,\npeople use such combination to reduce ifdefs with non-standard handlers.\n\nAddresses http://bugzilla.kernel.org/show_bug.cgi?id\u003d14408\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nReported-by: Peter Teoh \u003chtmldeveloper@gmail.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "eefef1cf7653cd4e0aaf743c00ae8345086cdc01", "tree": "af97b788658c5bf21ef2ca609c5f43ca59421269", "parents": [ "ead731837d142b103eab9870105f50bc40b69255" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Sun Feb 01 01:04:33 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Feb 01 01:04:33 2009 -0800" }, "message": "net: add ARP notify option for devices\n\nThis adds another inet device option to enable gratuitous ARP\nwhen device is brought up or address change. This is handy for\nclusters or virtualization.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nSigned-off-by: Jeremy Fitzhardinge \u003cjeremy.fitzhardinge@citrix.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f3f0d7b026ae34d6ed5ae67cd4dd5909f9cd70a5", "tree": "d4c58e8c90b171ac6c494ddd48cfe0eb3cf3da8c", "parents": [ "ea5a3dc8356bf1cf27bab9a5a0da5dfbbb82013d" ], "author": { "name": "Tim Shimmin", "email": "tes@sgi.com", "time": "Thu Oct 30 18:30:09 2008 +1100" }, "committer": { "name": "Lachlan McIlroy", "email": "lachlan@redback.melbourne.sgi.com", "time": "Thu Oct 30 18:30:09 2008 +1100" }, "message": "[XFS] remove restricted chown parameter from xfs linux\n\nOn Linux all filesystems are supposed to be operating under Posix\u0027\nrestricted chown. Restricted chown means it restricts chown to the owner\nunless you have CAP_FOWNER.\n\nNOTE: that 2 files outside of fs/xfs have been modified too for this\nchange.\n\nReviewed-by: Dave Chinner \u003cdavid@fromorbit.com\u003e\n\nSGI-PV: 988919\n\nSGI-Modid: 2.6.x-xfs-melb:linux:32413b\n\nSigned-off-by: Tim Shimmin \u003ctes@sgi.com\u003e\nSigned-off-by: Christoph Hellwig \u003chch@infradead.org\u003e\nSigned-off-by: David Chinner \u003cdavid@fromorbit.com\u003e\nSigned-off-by: Lachlan McIlroy \u003clachlan@sgi.com\u003e\n" }, { "commit": "99541c23cd32bacf1a591ca537a7c0cb9053ad7e", "tree": "c7156bfa677ddcf6a376ca7d9eaa8d924d7824db", "parents": [ "339caf2a224fc9af0f01686bf287dda32c6efca6" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@parallels.com", "time": "Fri Jul 25 01:48:31 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:45 2008 -0700" }, "message": "sysctl: check for bogus modes\n\nCatch, e. g., 644/0644 typo.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@parallels.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8b21985c91ffb3062bfbd3f2bfbeceb5333afaac", "tree": "76648de1b28409def2453fbc92d67f35133a32f3", "parents": [ "edde08f2a8f13a648ab6d26f33e88d0c6146f3d1" ], "author": { "name": "Jan Beulich", "email": "jbeulich@novell.com", "time": "Fri Feb 08 04:19:57 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Feb 08 09:22:31 2008 -0800" }, "message": "constify tables in kernel/sysctl_check.c\n\nRemains the question whether it is intended that many, perhaps even large,\ntables are compiled in without ever having a chance to get used, i.e.\nwhether there shouldn\u0027t #ifdef CONFIG_xxx get added.\n\n[akpm@linux-foundation.org: fix cut-n-paste error]\nSigned-off-by: Jan Beulich \u003cjbeulich@novell.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Dave Jones \u003cdavej@codemonkey.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b7391de67da515c91f48aa371de77cb6cc5c07e", "tree": "22b9f5d9d1c36b374eb5765219aca3c7e1f23486", "parents": [ "46c383cc4530ccc438cb325e92e11eb21dd3d4fc" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Feb 04 22:29:45 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Feb 05 09:44:20 2008 -0800" }, "message": "capabilities: introduce per-process capability bounding set\n\nThe capability bounding set is a set beyond which capabilities cannot grow.\n Currently cap_bset is per-system. It can be manipulated through sysctl,\nbut only init can add capabilities. Root can remove capabilities. By\ndefault it includes all caps except CAP_SETPCAP.\n\nThis patch makes the bounding set per-process when file capabilities are\nenabled. It is inherited at fork from parent. Noone can add elements,\nCAP_SETPCAP is required to remove them.\n\nOne example use of this is to start a safer container. For instance, until\ndevice namespaces or per-container device whitelists are introduced, it is\nbest to take CAP_MKNOD away from a container.\n\nThe bounding set will not affect pP and pE immediately. It will only\naffect pP\u0027 and pE\u0027 after subsequent exec()s. It also does not affect pI,\nand exec() does not constrain pI\u0027. So to really start a shell with no way\nof regain CAP_MKNOD, you would do\n\n\tprctl(PR_CAPBSET_DROP, CAP_MKNOD);\n\tcap_t cap \u003d cap_get_proc();\n\tcap_value_t caparray[1];\n\tcaparray[0] \u003d CAP_MKNOD;\n\tcap_set_flag(cap, CAP_INHERITABLE, 1, caparray, CAP_DROP);\n\tcap_set_proc(cap);\n\tcap_free(cap);\n\nThe following test program will get and set the bounding\nset (but not pI). For instance\n\n\t./bset get\n\t\t(lists capabilities in bset)\n\t./bset drop cap_net_raw\n\t\t(starts shell with new bset)\n\t\t(use capset, setuid binary, or binary with\n\t\tfile capabilities to try to increase caps)\n\n************************************************************\ncap_bound.c\n************************************************************\n #include \u003csys/prctl.h\u003e\n #include \u003clinux/capability.h\u003e\n #include \u003csys/types.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstdio.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cstring.h\u003e\n\n #ifndef PR_CAPBSET_READ\n #define PR_CAPBSET_READ 23\n #endif\n\n #ifndef PR_CAPBSET_DROP\n #define PR_CAPBSET_DROP 24\n #endif\n\nint usage(char *me)\n{\n\tprintf(\"Usage: %s get\\n\", me);\n\tprintf(\" %s drop \u003ccapability\u003e\\n\", me);\n\treturn 1;\n}\n\n #define numcaps 32\nchar *captable[numcaps] \u003d {\n\t\"cap_chown\",\n\t\"cap_dac_override\",\n\t\"cap_dac_read_search\",\n\t\"cap_fowner\",\n\t\"cap_fsetid\",\n\t\"cap_kill\",\n\t\"cap_setgid\",\n\t\"cap_setuid\",\n\t\"cap_setpcap\",\n\t\"cap_linux_immutable\",\n\t\"cap_net_bind_service\",\n\t\"cap_net_broadcast\",\n\t\"cap_net_admin\",\n\t\"cap_net_raw\",\n\t\"cap_ipc_lock\",\n\t\"cap_ipc_owner\",\n\t\"cap_sys_module\",\n\t\"cap_sys_rawio\",\n\t\"cap_sys_chroot\",\n\t\"cap_sys_ptrace\",\n\t\"cap_sys_pacct\",\n\t\"cap_sys_admin\",\n\t\"cap_sys_boot\",\n\t\"cap_sys_nice\",\n\t\"cap_sys_resource\",\n\t\"cap_sys_time\",\n\t\"cap_sys_tty_config\",\n\t\"cap_mknod\",\n\t\"cap_lease\",\n\t\"cap_audit_write\",\n\t\"cap_audit_control\",\n\t\"cap_setfcap\"\n};\n\nint getbcap(void)\n{\n\tint comma\u003d0;\n\tunsigned long i;\n\tint ret;\n\n\tprintf(\"i know of %d capabilities\\n\", numcaps);\n\tprintf(\"capability bounding set:\");\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tret \u003d prctl(PR_CAPBSET_READ, i);\n\t\tif (ret \u003c 0)\n\t\t\tperror(\"prctl\");\n\t\telse if (ret\u003d\u003d1)\n\t\t\tprintf(\"%s%s\", (comma++) ? \", \" : \" \", captable[i]);\n\t}\n\tprintf(\"\\n\");\n\treturn 0;\n}\n\nint capdrop(char *str)\n{\n\tunsigned long i;\n\n\tint found\u003d0;\n\tfor (i\u003d0; i\u003cnumcaps; i++) {\n\t\tif (strcmp(captable[i], str) \u003d\u003d 0) {\n\t\t\tfound\u003d1;\n\t\t\tbreak;\n\t\t}\n\t}\n\tif (!found)\n\t\treturn 1;\n\tif (prctl(PR_CAPBSET_DROP, i)) {\n\t\tperror(\"prctl\");\n\t\treturn 1;\n\t}\n\treturn 0;\n}\n\nint main(int argc, char *argv[])\n{\n\tif (argc\u003c2)\n\t\treturn usage(argv[0]);\n\tif (strcmp(argv[1], \"get\")\u003d\u003d0)\n\t\treturn getbcap();\n\tif (strcmp(argv[1], \"drop\")!\u003d0 || argc\u003c3)\n\t\treturn usage(argv[0]);\n\tif (capdrop(argv[2])) {\n\t\tprintf(\"unknown capability\\n\");\n\t\treturn 1;\n\t}\n\treturn execl(\"/bin/bash\", \"/bin/bash\", NULL);\n}\n************************************************************\n\n[serue@us.ibm.com: fix typo]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003ea\nSigned-off-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nTested-by: Jiri Slaby \u003cjirislaby@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e51b6ba077791f2f8c876022b37419be7a2ceec3", "tree": "9d8ca18f3239eff84cad5b79b715c332970fa89d", "parents": [ "23eb06de7d2d333a0f7ebba2da663e00c9c9483e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Nov 30 23:54:00 2007 +1100" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 14:55:17 2008 -0800" }, "message": "sysctl: Infrastructure for per namespace sysctls\n\nThis patch implements the basic infrastructure for per namespace sysctls.\n\nA list of lists of sysctl headers is added, allowing each namespace to have\nit\u0027s own list of sysctl headers.\n\nEach list of sysctl headers has a lookup function to find the first\nsysctl header in the list, allowing the lists to have a per namespace\ninstance.\n\nregister_sysct_root is added to tell sysctl.c about additional\nlists of sysctl_headers. As all of the users are expected to be in\nkernel no unregister function is provided.\n\nsysctl_head_next is updated to walk through the list of lists.\n\n__register_sysctl_paths is added to add a new sysctl table on\na non-default sysctl list.\n\nThe only intrusive part of this patch is propagating the information\nto decided which list of sysctls to use for sysctl_check_table.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Daniel Lezcano \u003cdlezcano@fr.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "81ef16e763bb899053e06f6050603a305456a085", "tree": "4f6ba85240f8c57a089e9762fff44749410100a8", "parents": [ "48483b3290988952a593c6e66ca354c19f1a4350" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Sat Jan 26 14:11:06 2008 +0100" }, "committer": { "name": "Martin Schwidefsky", "email": "schwidefsky@de.ibm.com", "time": "Sat Jan 26 14:11:16 2008 +0100" }, "message": "[S390] Remove appldata include from sysctl_check.c\n\nForgot to remove this when removing the appldata binary sysctls.\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\n" }, { "commit": "64396accc2831fcbdc7d793edc25481a5ebc75b2", "tree": "c8e4f3abbd51c20b502fa2e98c9a693673d8f979", "parents": [ "421d99193537a6522aac2148286f08792167d5fd" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Dec 17 16:20:28 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Dec 17 19:28:17 2007 -0800" }, "message": "sysctl: fix ax25 checks\n\nFix:\n\nsysctl table check failed: /net/ax25/ax0/ax25_default_mode .3.9.1.2 Unknown\nsysctl binary path\nPid: 2936, comm: kissattach Not tainted 2.6.24-rc5 #1\n [\u003cc012ca6a\u003e] set_fail+0x3b/0x43\n [\u003cc012ce7a\u003e] sysctl_check_table+0x408/0x456\n [\u003cc012ce8e\u003e] sysctl_check_table+0x41c/0x456\n [\u003cc012ce8e\u003e] sysctl_check_table+0x41c/0x456\n ...\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Bernard Pidoux \u003cpidoux@ccr.jussieu.fr\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "874a5f87f53f80b798140b07fcf81f8d3718b3cc", "tree": "4142862ffba59ecfc2a76c7ce3e185a42d871e04", "parents": [ "6fab2600f9eae779ac49416e651a7f160004c9ae" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Nov 19 21:35:42 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 05 05:37:56 2007 -0800" }, "message": "[SYSCTL_CHECK]: Fix typo in KERN_SPARC_SCONS_PWROFF entry string.\n\nBased upon a report by Mikael Pettersson.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8c27eba54970c6ebbb408186e5baa2274435e869", "tree": "47348cfc4c008692eee4a9174fcc6d8b20f5e647", "parents": [ "8912858bcb9e314549a4abc15db6b5841a96fa2c", "5dba4797115c8fa05c1a4d12927a6ae0b33ffc41" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Nov 26 20:09:07 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Nov 26 20:09:07 2007 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/net-2.6: (41 commits)\n [XFRM]: Fix leak of expired xfrm_states\n [ATM]: [he] initialize lock and tasklet earlier\n [IPV4]: Remove bogus ifdef mess in arp_process\n [SKBUFF]: Free old skb properly in skb_morph\n [IPV4]: Fix memory leak in inet_hashtables.h when NUMA is on\n [IPSEC]: Temporarily remove locks around copying of non-atomic fields\n [TCP] MTUprobe: Cleanup send queue check (no need to loop)\n [TCP]: MTUprobe: receiver window \u0026 data available checks fixed\n [MAINTAINERS]: tlan list is subscribers-only\n [SUNRPC]: Remove SPIN_LOCK_UNLOCKED\n [SUNRPC]: Make xprtsock.c:xs_setup_{udp,tcp}() static\n [PFKEY]: Sending an SADB_GET responds with an SADB_GET\n [IRDA]: Compilation for CONFIG_INET\u003dn case\n [IPVS]: Fix compiler warning about unused register_ip_vs_protocol\n [ARP]: Fix arp reply when sender ip 0\n [IPV6] TCPMD5: Fix deleting key operation.\n [IPV6] TCPMD5: Check return value of tcp_alloc_md5sig_pool().\n [IPV4] TCPMD5: Use memmove() instead of memcpy() because we have overlaps.\n [IPV4] TCPMD5: Omit redundant NULL check for kfree() argument.\n ieee80211: Stop net_ratelimit/IEEE80211_DEBUG_DROP log pollution\n ...\n" }, { "commit": "37e3a6ac5a30468021a2f366e497d455bbcb5d21", "tree": "4dd18ad0044c766407fc4578ab3804ade67a50b5", "parents": [ "43ebbf119a9670d8f08b9e57968e109c770f8636" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Tue Nov 20 11:13:34 2007 +0100" }, "committer": { "name": "Martin Schwidefsky", "email": "schwidefsky@de.ibm.com", "time": "Tue Nov 20 11:13:45 2007 +0100" }, "message": "[S390] appldata: remove unused binary sysctls.\n\nRemove binary sysctls that never worked due to missing strategy functions.\n\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Christian Borntraeger \u003cborntraeger@de.ibm.com\u003e\nCc: Gerald Schaefer \u003cgeraldsc@de.ibm.com\u003e\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\n" }, { "commit": "43ebbf119a9670d8f08b9e57968e109c770f8636", "tree": "d4a16e6e86c57678a4fbcf73449a0bb06502ff67", "parents": [ "411788ea7fca01ee803af8225ac35807b4d02050" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Tue Nov 20 11:13:33 2007 +0100" }, "committer": { "name": "Martin Schwidefsky", "email": "schwidefsky@de.ibm.com", "time": "Tue Nov 20 11:13:45 2007 +0100" }, "message": "[S390] cmm: remove unused binary sysctls.\n\nRemove binary sysctls that never worked due to missing strategy functions.\n\nCc: Christian Borntraeger \u003cborntraeger@de.ibm.com\u003e\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\n" }, { "commit": "9055fa1f3ded5ad858a55ae18439ed55227ee7eb", "tree": "d8ea30e4b8b53f3f6e47cb6c2823fc84d40bea60", "parents": [ "9e103fa6bd53147e228e941256803a6b8927cdb9" ], "author": { "name": "Simon Horman", "email": "horms@verge.net.au", "time": "Mon Nov 19 21:51:13 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 19 21:51:13 2007 -0800" }, "message": "[IPVS]: Move remaining sysctl handlers over to CTL_UNNUMBERED\n\nSwitch the remaining IPVS sysctl entries over to to use CTL_UNNUMBERED,\nI stronly doubt that anyone is using the sys_sysctl interface to\nthese variables.\n\nSigned-off-by: Simon Horman \u003chorms@verge.net.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9e103fa6bd53147e228e941256803a6b8927cdb9", "tree": "9460058bcf8d27f4a3f9f69103b896ff74cf6f0a", "parents": [ "611cd55b155a89d9a0ce5f92a9cbabc5e284d0d4" ], "author": { "name": "Simon Horman", "email": "horms@verge.net.au", "time": "Mon Nov 19 21:50:21 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 19 21:50:21 2007 -0800" }, "message": "[IPVS]: Fix sysctl warnings about missing strategy in schedulers\n\nsysctl table check failed: /net/ipv4/vs/lblc_expiration .3.5.21.19 Missing strategy\n[...]\nsysctl table check failed: /net/ipv4/vs/lblcr_expiration .3.5.21.20 Missing strategy\n\nSwitch these entried over to use CTL_UNNUMBERED as clearly\nthe sys_syscal portion wasn\u0027t working.\n\nThis is along the same lines as Christian Borntraeger\u0027s patch that fixes\nup entries with no stratergy in net/ipv4/ipvs/ip_vs_ctl.c\n\nSigned-off-by: Simon Horman \u003chorms@verge.net.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "611cd55b155a89d9a0ce5f92a9cbabc5e284d0d4", "tree": "369fe04d727a5ef83b2585f95604ce3092051021", "parents": [ "21df56c6e2372e09c916111efb6c14c372a5ab2e" ], "author": { "name": "Christian Borntraeger", "email": "borntraeger@de.ibm.com", "time": "Mon Nov 19 21:49:25 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 19 21:49:25 2007 -0800" }, "message": "[IPVS]: Fix sysctl warnings about missing strategy\n\nRunning the latest git code I get the following messages during boot:\nsysctl table check failed: /net/ipv4/vs/drop_entry .3.5.21.4 Missing strategy\n[...]\t\t \nsysctl table check failed: /net/ipv4/vs/drop_packet .3.5.21.5 Missing strategy\n[...]\nsysctl table check failed: /net/ipv4/vs/secure_tcp .3.5.21.6 Missing strategy\n[...]\nsysctl table check failed: /net/ipv4/vs/sync_threshold .3.5.21.24 Missing strategy\n\nI removed the binary sysctl handler for those messages and also removed\nthe definitions in ip_vs.h. The alternative would be to implement a \nproper strategy handler, but syscall sysctl is deprecated.\n\nThere are other sysctl definitions that are commented out or work with \nthe default sysctl_data strategy. I did not touch these. \n\nSigned-off-by: Christian Borntraeger \u003cborntraeger@de.ibm.com\u003e\nAcked-by: Simon Horman \u003chorms@verge.net.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ce1d18e0064d55106a7042c07cfca97cad66f407", "tree": "300e54075dc4eb795dbe9cc0023cff32d2106aab", "parents": [ "6dd10a62353a50b30b30e0c18653650975b29c71" ], "author": { "name": "Olof Johansson", "email": "olof@lixom.net", "time": "Tue Nov 13 21:15:24 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 13 21:15:24 2007 -0800" }, "message": "[SYSCTL]: Fix warning for token-ring from sysctl checker\n\nAs seen when booting ppc64_defconfig:\n\nsysctl table check failed: /net/token-ring .3.14 procname does not match binary path procname\n\nSigned-off-by: Olof Johansson \u003colof@lixom.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5db6a4dac1c7f459af2f895f6889346cedd467a1", "tree": "d29fab4f6e5f4ecd7f640e42458d3951f74b6ffa", "parents": [ "df59ebc49ef101302e9328ff76ff28c18df39cfb" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Nov 05 14:50:52 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Nov 05 15:12:31 2007 -0800" }, "message": "Dump stack during sysctl registration failure\n\nLet\u0027s make immediately obvious from where sysctl comes from and messages\nitself more noticeable.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5081dba6588a0c228821ede4635441f7758eb757", "tree": "e01ae7a431a41bce25fc0805dc778d955fc02a02", "parents": [ "974717012029ee36d19069c12e3c9bb13fa715a8" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Oct 22 12:55:36 2007 -0600" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Oct 22 19:15:59 2007 -0700" }, "message": "Fix appletalk sysctl entry name\n\nGabriel C reported that modprobing appletalk on current git gives a\nwarning in dmesg :\n\n \"sysctl table check failed: /net/appletalk .3.7 procname does not match binary path procname\"\n\nOops. My apologies it appears I made a mistake when creating my table\nto check up on sysctl values.\n\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nTested-by: Gabriel C \u003cnix.or.die@googlemail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "72c2d5823fc7be799a12184974c3bdc57acea3c4", "tree": "5c17418efb57cd5b2cdc0d751f577b2c64012423", "parents": [ "7058cb02ddab4bce70a46e519804fccb7ac0a060" ], "author": { "name": "Andrew Morgan", "email": "morgan@kernel.org", "time": "Thu Oct 18 03:05:59 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:24 2007 -0700" }, "message": "V3 file capabilities: alter behavior of cap_setpcap\n\nThe non-filesystem capability meaning of CAP_SETPCAP is that a process, p1,\ncan change the capabilities of another process, p2. This is not the\nmeaning that was intended for this capability at all, and this\nimplementation came about purely because, without filesystem capabilities,\nthere was no way to use capabilities without one process bestowing them on\nanother.\n\nSince we now have a filesystem support for capabilities we can fix the\nimplementation of CAP_SETPCAP.\n\nThe most significant thing about this change is that, with it in effect, no\nprocess can set the capabilities of another process.\n\nThe capabilities of a program are set via the capability convolution\nrules:\n\n pI(post-exec) \u003d pI(pre-exec)\n pP(post-exec) \u003d (X(aka cap_bset) \u0026 fP) | (pI(post-exec) \u0026 fI)\n pE(post-exec) \u003d fE ? pP(post-exec) : 0\n\nat exec() time. As such, the only influence the pre-exec() program can\nhave on the post-exec() program\u0027s capabilities are through the pI\ncapability set.\n\nThe correct implementation for CAP_SETPCAP (and that enabled by this patch)\nis that it can be used to add extra pI capabilities to the current process\n- to be picked up by subsequent exec()s when the above convolution rules\nare applied.\n\nHere is how it works:\n\nLet\u0027s say we have a process, p. It has capability sets, pE, pP and pI.\nGenerally, p, can change the value of its own pI to pI\u0027 where\n\n (pI\u0027 \u0026 ~pI) \u0026 ~pP \u003d 0.\n\nThat is, the only new things in pI\u0027 that were not present in pI need to\nbe present in pP.\n\nThe role of CAP_SETPCAP is basically to permit changes to pI beyond\nthe above:\n\n if (pE \u0026 CAP_SETPCAP) {\n pI\u0027 \u003d anything; /* ie., even (pI\u0027 \u0026 ~pI) \u0026 ~pP !\u003d 0 */\n }\n\nThis capability is useful for things like login, which (say, via\npam_cap) might want to raise certain inheritable capabilities for use\nby the children of the logged-in user\u0027s shell, but those capabilities\nare not useful to or needed by the login program itself.\n\nOne such use might be to limit who can run ping. You set the\ncapabilities of the \u0027ping\u0027 program to be \"\u003d cap_net_raw+i\", and then\nonly shells that have (pI \u0026 CAP_NET_RAW) will be able to run\nit. Without CAP_SETPCAP implemented as described above, login(pam_cap)\nwould have to also have (pP \u0026 CAP_NET_RAW) in order to raise this\ncapability and pass it on through the inheritable set.\n\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8ada720d89d678eb5a09d3048a5e9a35c526800c", "tree": "58f2f7946638d0376acfbf39595fbf6e88f7e597", "parents": [ "49ffcf8f99e8d33ec8afb450956804af518fd788" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Oct 18 03:05:57 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:23 2007 -0700" }, "message": "sysctl: for irda update sysctl_checks list of binary paths\n\nIt turns out that the net/irda code didn\u0027t register any of it\u0027s binary paths\nin the global sysctl.h header file so I missed them completely when making an\nauthoritative list of binary sysctl paths in the kernel. So add them to the\nlist of valid binary sysctl paths.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Samuel Ortiz \u003csamuel@sortiz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "49ffcf8f99e8d33ec8afb450956804af518fd788", "tree": "f55aac9ddebb4f798ba8ff8152c73a73a3dc93a2", "parents": [ "fc6cd25b738c2369d7ed3a6ef2ca248b51fcd2d4" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Oct 18 03:05:57 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:23 2007 -0700" }, "message": "sysctl: update sysctl_check_table\n\nWell it turns out after I dug into the problems a little more I was returning\na few false positives so this patch updates my logic to remove them.\n\n- Don\u0027t complain about 0 ctl_names in sysctl_check_binary_path\n It is valid for someone to remove the sysctl binary interface\n and still keep the same sysctl proc interface.\n\n- Count ctl_names and procnames as matching if they both don\u0027t\n exist.\n\n- Only warn about missing min\u0026max when the generic functions care.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fc6cd25b738c2369d7ed3a6ef2ca248b51fcd2d4", "tree": "bd3708eac72edf06097a8a2ed72c3a3fea0b0998", "parents": [ "f429cd37a21b8efc825bdbb22db7f033564cbc98" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Oct 18 03:05:54 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:23 2007 -0700" }, "message": "sysctl: Error on bad sysctl tables\n\nAfter going through the kernels sysctl tables several times it has become\nclear that code review and testing is just not effective in prevent\nproblematic sysctl tables from being used in the stable kernel. I certainly\ncan\u0027t seem to fix the problems as fast as they are introduced.\n\nTherefore this patch adds sysctl_check_table which is called when a sysctl\ntable is registered and checks to see if we have a problematic sysctl table.\n\nThe biggest part of the code is the table of valid binary sysctl entries, but\nsince we have frozen our set of binary sysctls this table should not need to\nchange, and it makes it much easier to detect when someone unintentionally\nadds a new binary sysctl value.\n\nAs best as I can determine all of the several hundred errors spewed on boot up\nnow are legitimate.\n\n[bunk@kernel.org: kernel/sysctl_check.c must #include \u003clinux/string.h\u003e]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }