)]}' { "log": [ { "commit": "829199197a430dade2519d54f5545c4a094393b8", "tree": "af50ca9af09b83fd2a5c76cad35bd0603eb33391", "parents": [ "0644ec0cc8a33fb654e348897ad7684e22a4b5d8" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Fri Jan 11 14:32:11 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:56 2013 -0800" }, "message": "kernel/audit.c: avoid negative sleep durations\n\naudit_log_start() performs the same jiffies comparison in two places.\nIf sufficient time has elapsed between the two comparisons, the second\none produces a negative sleep duration:\n\n schedule_timeout: wrong timeout value fffffffffffffff0\n Pid: 6606, comm: trinity-child1 Not tainted 3.8.0-rc1+ #43\n Call Trace:\n schedule_timeout+0x305/0x340\n audit_log_start+0x311/0x470\n audit_log_exit+0x4b/0xfb0\n __audit_syscall_exit+0x25f/0x2c0\n sysret_audit+0x17/0x21\n\nFix it by performing the comparison a single time.\n\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0644ec0cc8a33fb654e348897ad7684e22a4b5d8", "tree": "95a0532a89fdd148593c4bd52faa055d308e3380", "parents": [ "7b9205bd775afc4439ed86d617f9042ee9e76a71" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 11 14:32:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:55 2013 -0800" }, "message": "audit: catch possible NULL audit buffers\n\nIt\u0027s possible for audit_log_start() to return NULL. Handle it in the\nvarious callers.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Jeff Layton \u003cjlayton@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Julien Tinnes \u003cjln@google.com\u003e\nCc: Will Drewry \u003cwad@google.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nCc: Andrea Arcangeli \u003caarcange@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d1c7d97ad58836affde6e39980b96527510b572e", "tree": "4020ac7f88154d5dd919fdf371472ea9153a656e", "parents": [ "ffd8d101a3a7d3f2e79deee1e342801703b6dc70" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Thu Oct 04 19:57:31 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 09 23:33:37 2012 -0400" }, "message": "fs: handle failed audit_log_start properly\n\naudit_log_start() may return NULL, this is unchecked by the caller in\naudit_log_link_denied() and could cause a NULL ptr deref.\n\nIntroduced by commit a51d9eaa (\"fs: add link restriction audit reporting\").\n\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "aecdc33e111b2c447b622e287c6003726daa1426", "tree": "3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6", "parents": [ "a20acf99f75e49271381d65db097c9763060a1e8", "a3a6cab5ea10cca64d036851fe0d932448f2fe4f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n 1) GRE now works over ipv6, from Dmitry Kozlov.\n\n 2) Make SCTP more network namespace aware, from Eric Biederman.\n\n 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.\n\n 4) Make openvswitch network namespace aware, from Pravin B Shelar.\n\n 5) IPV6 NAT implementation, from Patrick McHardy.\n\n 6) Server side support for TCP Fast Open, from Jerry Chu and others.\n\n 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel\n Borkmann.\n\n 8) Increate the loopback default MTU to 64K, from Eric Dumazet.\n\n 9) Use a per-task rather than per-socket page fragment allocator for\n outgoing networking traffic. This benefits processes that have very\n many mostly idle sockets, which is quite common.\n\n From Eric Dumazet.\n\n10) Use up to 32K for page fragment allocations, with fallbacks to\n smaller sizes when higher order page allocations fail. Benefits are\n a) less segments for driver to process b) less calls to page\n allocator c) less waste of space.\n\n From Eric Dumazet.\n\n11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.\n\n12) VXLAN device driver, one way to handle VLAN issues such as the\n limitation of 4096 VLAN IDs yet still have some level of isolation.\n From Stephen Hemminger.\n\n13) As usual there is a large boatload of driver changes, with the scale\n perhaps tilted towards the wireless side this time around.\n\nFix up various fairly trivial conflicts, mostly caused by the user\nnamespace changes.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)\n hyperv: Add buffer for extended info after the RNDIS response message.\n hyperv: Report actual status in receive completion packet\n hyperv: Remove extra allocated space for recv_pkt_list elements\n hyperv: Fix page buffer handling in rndis_filter_send_request()\n hyperv: Fix the missing return value in rndis_filter_set_packet_filter()\n hyperv: Fix the max_xfer_size in RNDIS initialization\n vxlan: put UDP socket in correct namespace\n vxlan: Depend on CONFIG_INET\n sfc: Fix the reported priorities of different filter types\n sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP\n sfc: Fix loopback self-test with separate_tx_channels\u003d1\n sfc: Fix MCDI structure field lookup\n sfc: Add parentheses around use of bitfield macro arguments\n sfc: Fix null function pointer in efx_sriov_channel_type\n vxlan: virtual extensible lan\n igmp: export symbol ip_mc_leave_group\n netlink: add attributes to fdb interface\n tg3: unconditionally select HWMON support when tg3 is enabled.\n Revert \"net: ti cpsw ethernet: allow reading phy interface mode from DT\"\n gre: fix sparse warning\n ...\n" }, { "commit": "cca080d9b622094831672a136e5ee4f702d116b1", "tree": "7a8238c1c0a0d4de682e0ebb97dc06ab3a18fdb5", "parents": [ "e1760bd5ffae8cb98cffb030ee8e631eba28f3d8" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Feb 07 16:53:48 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 18 01:00:26 2012 -0700" }, "message": "userns: Convert audit to work with user namespaces enabled\n\n- Explicitly format uids gids in audit messges in the initial user\n namespace. This is safe because auditd is restrected to be in\n the initial user namespace.\n\n- Convert audit_sig_uid into a kuid_t.\n\n- Enable building the audit code and user namespaces at the same time.\n\nThe net result is that the audit subsystem now uses kuid_t and kgid_t whenever\npossible making it almost impossible to confuse a raw uid_t with a kuid_t\npreventing bugs.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e1760bd5ffae8cb98cffb030ee8e631eba28f3d8", "tree": "4694a60b407c418bf7de4b97355dc3bd0e6c6559", "parents": [ "ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 22:39:43 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:08:54 2012 -0700" }, "message": "userns: Convert the audit loginuid to be a kuid\n\nAlways store audit loginuids in type kuid_t.\n\nPrint loginuids by converting them into uids in the appropriate user\nnamespace, and then printing the resulting uid.\n\nModify audit_get_loginuid to return a kuid_t.\n\nModify audit_set_loginuid to take a kuid_t.\n\nModify /proc/\u003cpid\u003e/loginuid on read to convert the loginuid into the\nuser namespace of the opener of the file.\n\nModify /proc/\u003cpid\u003e/loginud on write to convert the loginuid\nrom the user namespace of the opener of the file.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Paul Moore \u003cpaul@paul-moore.com\u003e ?\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "860c0aaff75e714c21d325f32d36a37572b4fffb", "tree": "2cbe5e79108da3a44ba5e5af7fbe07d22f1ed35a", "parents": [ "017143fecb3364e5fed8107d206799899f5dd684" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:24:49 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:07:40 2012 -0700" }, "message": "audit: Don\u0027t pass pid or uid to audit_log_common_recv_msg\n\nThe only place we use the uid and the pid that we calculate in\naudit_receive_msg is in audit_log_common_recv_msg so move the\ncalculation of these values into the audit_log_common_recv_msg.\n\nSimplify the calcuation of the current pid and uid by\nreading them from current instead of reading them from\nNETLINK_CREDS.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "017143fecb3364e5fed8107d206799899f5dd684", "tree": "b0dcb667e86fb479a0f03e1489144507fe4bda26", "parents": [ "35ce9888ad2a60c95849551e7345bd547714bbff" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:19:06 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:07:07 2012 -0700" }, "message": "audit: Remove the unused uid parameter from audit_receive_filter\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "35ce9888ad2a60c95849551e7345bd547714bbff", "tree": "fe2b6e151fc9a735faebe05a57506295becfddf2", "parents": [ "8aa14b64981ee4b95959e1ed331b672d053aab62" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:12:29 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:06:14 2012 -0700" }, "message": "audit: Properly set the origin port id of audit messages.\n\nFor user generated audit messages set the portid field in the netlink\nheader to the netlink port where the user generated audit message came\nfrom. Reporting the process id in a port id field was just nonsense.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "8aa14b64981ee4b95959e1ed331b672d053aab62", "tree": "961b0db4505ea2885562a0fd230bf67503f5cd28", "parents": [ "f95732e2e0a649c148be0242b72e3c7473092687" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:43:14 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:04:33 2012 -0700" }, "message": "audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET\n\nUse current instead of looking up the current up the current task by\nprocess identifier. Netlink requests are processed in trhe context of\nthe sending task so this is safe.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "f95732e2e0a649c148be0242b72e3c7473092687", "tree": "3bcc942e4456bc95ac43ccdf619425aa24f00873", "parents": [ "02276bda4a2bf094fcde89fb5db4d9e86347ebf4" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:31:17 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:03:59 2012 -0700" }, "message": "audit: kill audit_prepare_user_tty\n\nNow that netlink messages are processed in the context of the sender\ntty_audit_push_task can be called directly and audit_prepare_user_tty\nwhich only added looking up the task of the tty by process id is\nnot needed.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "02276bda4a2bf094fcde89fb5db4d9e86347ebf4", "tree": "7f06da4dd9757c353133b9c512334daf96cfec1e", "parents": [ "34e36d8ecbd958bc15f8e63deade1227de337eb1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:10:16 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:03:31 2012 -0700" }, "message": "audit: Use current instead of NETLINK_CREDS() in audit_filter\n\nGet caller process uid and gid and pid values from the current task\ninstead of the NETLINK_CB. This is simpler than passing NETLINK_CREDS\nfrom from audit_receive_msg to audit_filter_user_rules and avoid the\nchance of being hit by the occassional bugs in netlink uid/gid\ncredential passing. This is a safe changes because all netlink\nrequests are processed in the task of the sending process.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "34e36d8ecbd958bc15f8e63deade1227de337eb1", "tree": "2b6f98480e7a035c2910e39d68ca1ff453a98f89", "parents": [ "c6089735e7243a10faad676680c6e18d50959f74" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:20:20 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 17:38:42 2012 -0700" }, "message": "audit: Limit audit requests to processes in the initial pid and user namespaces.\n\nThis allows the code to safely make the assumption that all of the\nuids gids and pids that need to be send in audit messages are in the\ninitial namespaces.\n\nIf someone cares we may lift this restriction someday but start with\nlimiting access so at least the code is always correct.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "15e473046cb6e5d18a4d0057e61d76315230382b", "tree": "893d2df5d46a6ce156933ac57a1398f0ad22b889", "parents": [ "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 07 20:12:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 10 15:30:41 2012 -0400" }, "message": "netlink: Rename pid to portid to avoid confusion\n\nIt is a frequent mistake to confuse the netlink port identifier with a\nprocess identifier. Try to reduce this confusion by renaming fields\nthat hold port identifiers portid instead of pid.\n\nI have carefully avoided changing the structures exported to\nuserspace to avoid changing the userspace API.\n\nI have successfully built an allyesconfig kernel with this change.\n\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e", "tree": "2a9f9513a13c73cb1196ebe3426389c1140e2888", "parents": [ "9785e10aedfa0fad5c1aac709dce5ada1b123783" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:46:30 2012 -0400" }, "message": "netlink: hide struct module parameter in netlink_kernel_create\n\nThis patch defines netlink_kernel_create as a wrapper function of\n__netlink_kernel_create to hide the struct module *me parameter\n(which seems to be THIS_MODULE in all existing netlink subsystems).\n\nSuggested by David S. Miller.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a0e881b7c189fa2bd76c024dbff91e79511c971d", "tree": "0c801918565b08921d21aceee5b326f64d998f5f", "parents": [ "eff0d13f3823f35d70228cd151d2a2c89288ff32", "dbc6e0222d79e78925fe20733844a796a4b72cf9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 01 10:26:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 01 10:26:23 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second vfs pile from Al Viro:\n \"The stuff in there: fsfreeze deadlock fixes by Jan (essentially, the\n deadlock reproduced by xfstests 068), symlink and hardlink restriction\n patches, plus assorted cleanups and fixes.\n\n Note that another fsfreeze deadlock (emergency thaw one) is *not*\n dealt with - the series by Fernando conflicts a lot with Jan\u0027s, breaks\n userland ABI (FIFREEZE semantics gets changed) and trades the deadlock\n for massive vfsmount leak; this is going to be handled next cycle.\n There probably will be another pull request, but that stuff won\u0027t be\n in it.\"\n\nFix up trivial conflicts due to unrelated changes next to each other in\ndrivers/{staging/gdm72xx/usb_boot.c, usb/gadget/storage_common.c}\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (54 commits)\n delousing target_core_file a bit\n Documentation: Correct s_umount state for freeze_fs/unfreeze_fs\n fs: Remove old freezing mechanism\n ext2: Implement freezing\n btrfs: Convert to new freezing mechanism\n nilfs2: Convert to new freezing mechanism\n ntfs: Convert to new freezing mechanism\n fuse: Convert to new freezing mechanism\n gfs2: Convert to new freezing mechanism\n ocfs2: Convert to new freezing mechanism\n xfs: Convert to new freezing code\n ext4: Convert to new freezing mechanism\n fs: Protect write paths by sb_start_write - sb_end_write\n fs: Skip atime update on frozen filesystem\n fs: Add freezing handling to mnt_want_write() / mnt_drop_write()\n fs: Improve filesystem freezing handling\n switch the protection of percpu_counter list to spinlock\n nfsd: Push mnt_want_write() outside of i_mutex\n btrfs: Push mnt_want_write() outside of i_mutex\n fat: Push mnt_want_write() outside of i_mutex\n ...\n" }, { "commit": "a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc", "tree": "f8ab532f946ec7f9ccdabb6a394d952981084122", "parents": [ "800179c9b8a1e796e441674776d11cd4c05d61d7" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Jul 25 17:29:08 2012 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 29 21:43:08 2012 +0400" }, "message": "fs: add link restriction audit reporting\n\nAdds audit messages for unexpected link restriction violations so that\nsystem owners will have some sort of potentially actionable information\nabout misbehaving processes.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a31f2d17b331db970259e875b7223d3aba7e3821", "tree": "0d10021be81446ab360f4240b0d16729f518387f", "parents": [ "dd7f36ba3ce17d4fe85987d83efd5901b0935816" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Fri Jun 29 06:15:21 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 29 16:46:02 2012 -0700" }, "message": "netlink: add netlink_kernel_cfg parameter to netlink_kernel_create\n\nThis patch adds the following structure:\n\nstruct netlink_kernel_cfg {\n unsigned int groups;\n void (*input)(struct sk_buff *skb);\n struct mutex *cb_mutex;\n};\n\nThat can be passed to netlink_kernel_create to set optional configurations\nfor netlink kernel sockets.\n\nI\u0027ve populated this structure by looking for NULL and zero parameters at the\nexisting code. The remaining parameters that always need to be set are still\nleft in the original interface.\n\nThat includes optional parameters for the netlink socket creation. This allows\neasy extensibility of this interface in the future.\n\nThis patch also adapts all callers to use this new interface.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c64e66c67b574f25a048886807c2007d17d50d0a", "tree": "db193766a1246bcff49de9f8b8b2a286979e3299", "parents": [ "e05273341c573f7b543f45c06e4a232c5b7c5a59" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:45:21 2012 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:54:14 2012 -0700" }, "message": "audit: netlink: Move away from NLMSG_NEW().\n\nAnd use nlmsg_data() while we\u0027re here too.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "66b3fad3f4c535c92b6a1184d535a97d6aa5d82a", "tree": "e0ac7f847b760b9e8b9777df27cd1581099935a2", "parents": [ "9fcf03d0d6e845ed495fc8b1ec328b473ff298b3" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:48:20 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:40 2012 -0400" }, "message": "constify path argument of audit_log_d_path()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f429ee3b808118591d1f3cdf3c0d0793911a5677", "tree": "96d848f5f677d96758ecd2aee5eb6931b75bf218", "parents": [ "22b4eb5e3174efb49791c62823d0cccc35394c36", "c158a35c8a681cf68d36f22f058f9f5466386c71" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:06:51 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:41:31 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits)\n audit: no leading space in audit_log_d_path prefix\n audit: treat s_id as an untrusted string\n audit: fix signedness bug in audit_log_execve_info()\n audit: comparison on interprocess fields\n audit: implement all object interfield comparisons\n audit: allow interfield comparison between gid and ogid\n audit: complex interfield comparison helper\n audit: allow interfield comparison in audit rules\n Kernel: Audit Support For The ARM Platform\n audit: do not call audit_getname on error\n audit: only allow tasks to set their loginuid if it is -1\n audit: remove task argument to audit_set_loginuid\n audit: allow audit matching on inode gid\n audit: allow matching on obj_uid\n audit: remove audit_finish_fork as it can\u0027t be called\n audit: reject entry,always rules\n audit: inline audit_free to simplify the look of generic code\n audit: drop audit_set_macxattr as it doesn\u0027t do anything\n audit: inline checks for not needing to collect aux records\n audit: drop some potentially inadvisable likely notations\n ...\n\nUse evil merge to fix up grammar mistakes in Kconfig file.\n\nBad speling and horrible grammar (and copious swearing) is to be\nexpected, but let\u0027s keep it to commit messages and comments, rather than\nexpose it to users in config help texts or printouts.\n" }, { "commit": "c158a35c8a681cf68d36f22f058f9f5466386c71", "tree": "54a7fe4d21a30848539b2bf94c885f0a0b123717", "parents": [ "41fdc3054e23e3229edea27053522fe052d02ec2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 06 14:07:10 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:04 2012 -0500" }, "message": "audit: no leading space in audit_log_d_path prefix\n\naudit_log_d_path() injects an additional space before the prefix,\nwhich serves no purpose and doesn\u0027t mix well with other audit_log*()\nfunctions that do not sneak extra characters into the log.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3035c51e8ac0512686ceb9f2bd1d13bdc6e4fb29", "tree": "7c26ee810b6d6678f960cf1bb5880055ac4c793f", "parents": [ "5195d8e217a78697152d64fc09a16e063a022465" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:05 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:54 2012 -0500" }, "message": "audit: drop the meaningless and format breaking word \u0027user\u0027\n\nuserspace audit messages look like so:\n\ntype\u003dUSER msg\u003daudit(1271170549.415:24710): user pid\u003d14722 uid\u003d0 auid\u003d500 ses\u003d1 subj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 msg\u003d\u0027\u0027\n\nThat third field just says \u0027user\u0027. That\u0027s useless and doesn\u0027t follow the\nkey\u003dvalue pair we are trying to enforce. We already know it came from the\nuser based on the record type. Kill that word. Die.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "a0e86bd4252519321b0d102dc4ed90557aa7bee9", "tree": "13c3cb632dfb85ea6b9f5c20273d793a99b20f15", "parents": [ "7dd72f5189b257f927cc3b35d98643a5c392f5c3" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Jan 08 22:44:29 2012 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 14:15:21 2012 -0800" }, "message": "audit: always follow va_copy() with va_end()\n\nA call to va_copy() should always be followed by a call to va_end() in\nthe same function. In kernel/autit.c::audit_log_vformat() this is not\nalways done. This patch makes sure va_end() is always called.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "9984de1a5a8a96275fcab818f7419af5a3c86e71", "tree": "1935d411752707a1621c5caf64f75dfe105beb3a", "parents": [ "7c77509c542927ee2a3c8812fad84957e51bf67d" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon May 23 14:51:41 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 09:20:12 2011 -0400" }, "message": "kernel: Map most files to use export.h instead of module.h\n\nThe changed files were only including linux/module.h for the\nEXPORT_SYMBOL infrastructure, and nothing else. Revector them\nonto the isolated export header for faster compile times.\n\nNothing to see here but a whole lot of instances of:\n\n -#include \u003clinux/module.h\u003e\n +#include \u003clinux/export.h\u003e\n\nThis commit is only changing the kernel dir; next targets\nwill probably be mm, fs, the arch dirs, etc.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "60063497a95e716c9a689af3be2687d261f115b4", "tree": "6ce0d68db76982c53df46aee5f29f944ebf2c320", "parents": [ "148817ba092f9f6edd35bad3c6c6b8e8f90fe2ed" ], "author": { "name": "Arun Sharma", "email": "asharma@fb.com", "time": "Tue Jul 26 16:09:06 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 26 16:49:47 2011 -0700" }, "message": "atomic: use \u003clinux/atomic.h\u003e\n\nThis allows us to move duplicated code in \u003casm/atomic.h\u003e\n(atomic_inc_not_zero() for now) to \u003clinux/atomic.h\u003e\n\nSigned-off-by: Arun Sharma \u003casharma@fb.com\u003e\nReviewed-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nCc: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "131ad62d8fc06d9d0a5c61d9526876352c2f2bbd", "tree": "517d1172c9510bc3645d0dbc98938676696abe7c", "parents": [ "15b4d93f0316caec44e07255c1d73bde4fac12e4" ], "author": { "name": "Mr Dash Four", "email": "mr.dash.four@googlemail.com", "time": "Thu Jun 30 13:31:57 2011 +0200" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Jun 30 13:31:57 2011 +0200" }, "message": "netfilter: add SELinux context support to AUDIT target\n\nIn this revision the conversion of secid to SELinux context and adding it\nto the audit log is moved from xt_AUDIT.c to audit.c with the aid of a\nseparate helper function - audit_log_secctx - which does both the conversion\nand logging of SELinux context, thus also preventing internal secid number\nbeing leaked to userspace. If conversion is not successful an error is raised.\n\nWith the introduction of this helper function the work done in xt_AUDIT.c is\nmuch more simplified. It also opens the possibility of this helper function\nbeing used by other modules (including auditd itself), if desired. With this\naddition, typical (raw auditd) output after applying the patch would be:\n\ntype\u003dNETFILTER_PKT msg\u003daudit(1305852240.082:31012): action\u003d0 hook\u003d1 len\u003d52 inif\u003d? outif\u003deth0 saddr\u003d10.1.1.7 daddr\u003d10.1.2.1 ipid\u003d16312 proto\u003d6 sport\u003d56150 dport\u003d22 obj\u003dsystem_u:object_r:ssh_client_packet_t:s0\ntype\u003dNETFILTER_PKT msg\u003daudit(1306772064.079:56): action\u003d0 hook\u003d3 len\u003d48 inif\u003deth0 outif\u003d? smac\u003d00:05:5d:7c:27:0b dmac\u003d00:02:b3:0a:7f:81 macproto\u003d0x0800 saddr\u003d10.1.2.1 daddr\u003d10.1.1.7 ipid\u003d462 proto\u003d6 sport\u003d22 dport\u003d3561 obj\u003dsystem_u:object_r:ssh_server_packet_t:s0\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mr Dash Four \u003cmr.dash.four@googlemail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "c53fa1ed92cd671a1dfb1e7569e9ab672612ddc6", "tree": "9bb539a7731af94cac0112b8f13771e4a33e0450", "parents": [ "06dc94b1ed05f91e246315afeb1c652d6d0dc9ab" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 03 10:55:40 2011 -0800" }, "message": "netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms\n\nNetlink message processing in the kernel is synchronous these days, the\nsession information can be collected when needed.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "14f0290ba44de6ed435fea24bba26e7868421c66", "tree": "449d32e4848007e3edbcab14fa8e09fdc66608ed", "parents": [ "f5c88f56b35599ab9ff2d3398e0153e4cd4a4c82", "a5db219f4cf9f67995eabd53b81a1232c82f5852" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Jan 19 23:51:37 2011 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Jan 19 23:51:37 2011 +0100" }, "message": "Merge branch \u0027master\u0027 of /repos/git/net-next-2.6\n" }, { "commit": "ae9d67aff60af59548b6c7d1a74febea09660122", "tree": "ad296a5cc6791014715384f3587ea60013a424bf", "parents": [ "f1e231a356f90a67f8547c2881a62c92084683c6" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Tue Jan 18 06:48:12 2011 +0100" }, "committer": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Tue Jan 18 06:48:29 2011 +0100" }, "message": "audit: export symbol for use with xt_AUDIT\n\nWhen xt_AUDIT is built as a module, modpost reports a problem.\n\n\tMODPOST 322 modules\n\tERROR: \"audit_enabled\" [net/netfilter/x_tables.ko] undefined!\n\tWARNING: modpost: Found 1 section mismatch(es).\n\nCc: Thomas Graf \u003ctgraf@redhat.com\u003e\nSigned-off-by: Jan Engelhardt \u003cjengelh@medozas.de\u003e\n" }, { "commit": "9db3b9bcc7f53487da8766b32e2d790ad03c53b9", "tree": "5d418276bdd82a129eddde7d10cff3a69ec90fed", "parents": [ "6d2ad1e318adbf593746305746b0c1252d5949ae" ], "author": { "name": "Ross Kirk", "email": "Ross.Kirk@nexor.com", "time": "Fri Oct 22 16:43:17 2010 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Nov 03 13:49:58 2010 -0400" }, "message": "audit: error message typo correction\n\nFixes a typo in the error message raised by audit when auditd has died.\n\nSigned-off-by: Ross Kirk \u003cross.kirk@nexor.com\u003e\n\n--\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "ab263f47c9781a644de8b28013434b645082922e", "tree": "bae72a448f5d5f37fb5c762a4c336fe731523dfd", "parents": [ "207032051a5ed38df332729ba42e98e9a1e60434" ], "author": { "name": "Thomas Gleixner", "email": "tglx@linutronix.de", "time": "Wed Dec 09 14:19:41 2009 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 08:45:42 2010 -0400" }, "message": "audit: Use rcu for task lookup protection\n\nProtect the task lookups in audit_receive_msg() with rcu_read_lock()\ninstead of tasklist_lock and use lock/unlock_sighand to protect\nagainst the exit race.\n\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "207032051a5ed38df332729ba42e98e9a1e60434", "tree": "632311aa731ce8cda33888b54816837f2d1529bd", "parents": [ "3c80fe4ac9cfb13b1bfa4edf1544e8b656716694" ], "author": { "name": "Thomas Gleixner", "email": "tglx@linutronix.de", "time": "Wed Dec 09 14:19:35 2009 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 08:45:42 2010 -0400" }, "message": "audit: Do not send uninitialized data for AUDIT_TTY_GET\n\naudit_receive_msg() sends uninitialized data for AUDIT_TTY_GET when\nthe task was not found.\n\nSend reply only when task was found.\n\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3c80fe4ac9cfb13b1bfa4edf1544e8b656716694", "tree": "c605435b642323cd76eea9567a43d8c67b9c9db1", "parents": [ "f7a998a9491f2da1d3e44d150aa611d10093da4f" ], "author": { "name": "Thomas Gleixner", "email": "tglx@linutronix.de", "time": "Wed Dec 09 14:19:31 2009 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 08:45:25 2010 -0400" }, "message": "audit: Call tty_audit_push_task() outside preempt disabled\n\nWhile auditing all tasklist_lock read_lock sites I stumbled over the\nfollowing call chain:\n\naudit_prepare_user_tty()\n read_lock(\u0026tasklist_lock);\n tty_audit_push_task();\n mutex_lock(\u0026buf-\u003emutex);\n\n --\u003e buf-\u003emutex is locked with preemption disabled.\n\nSolve this by acquiring a reference to the task struct under\nrcu_read_lock and call tty_audit_push_task outside of the preempt\ndisabled region.\n\nMove all code which needs to be protected by sighand lock into\ntty_audit_push_task() and use lock/unlock_sighand as we do not hold\ntasklist_lock.\n\nSigned-off-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b8800aa5d9c7e4e2869321c77b80f322a0d9663a", "tree": "27bda6447f0b2ab2eec7beafcef090da489222fa", "parents": [ "d29be158a68254f58cf1fbf60ce1e89557a321aa" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Wed Oct 20 17:23:50 2010 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 01:42:19 2010 -0400" }, "message": "audit: make functions static\n\nI was doing some namespace checks and found some simple stuff in\naudit that could be cleaned up. Make some functions static, and\nput const on make_reply payload arg.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8c8946f509a494769a8c602b5ed189df01917d39", "tree": "dfd96bd6ca5ea6803c6d77f65ba37e04f78b2d3b", "parents": [ "5f248c9c251c60af3403902b26e08de43964ea0b", "1968f5eed54ce47bde488fd9a450912e4a2d7138" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Aug 10 11:39:13 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify\n\n* \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/notify: (132 commits)\n fanotify: use both marks when possible\n fsnotify: pass both the vfsmount mark and inode mark\n fsnotify: walk the inode and vfsmount lists simultaneously\n fsnotify: rework ignored mark flushing\n fsnotify: remove global fsnotify groups lists\n fsnotify: remove group-\u003emask\n fsnotify: remove the global masks\n fsnotify: cleanup should_send_event\n fanotify: use the mark in handler functions\n audit: use the mark in handler functions\n dnotify: use the mark in handler functions\n inotify: use the mark in handler functions\n fsnotify: send fsnotify_mark to groups in event handling functions\n fsnotify: Exchange list heads instead of moving elements\n fsnotify: srcu to protect read side of inode and vfsmount locks\n fsnotify: use an explicit flag to indicate fsnotify_destroy_mark has been called\n fsnotify: use _rcu functions for mark list traversal\n fsnotify: place marks on object in order of group memory address\n vfs/fsnotify: fsnotify_close can delay the final work in fput\n fsnotify: store struct file not struct path\n ...\n\nFix up trivial delete/modify conflict in fs/notify/inotify/inotify.c.\n" }, { "commit": "ae7b8f4108bcffb42173f867ce845268c7202d48", "tree": "049d357dcbffe597c77c534ea211c3efd26680e3", "parents": [ "b7ba83715317007962ee318587de92f14e9c3aaa" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 20:12:04 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:58:16 2010 -0400" }, "message": "Audit: clean up the audit_watch split\n\nNo real changes, just cleanup to the audit_watch split patch which we done\nwith minimal code changes for easy review. Now fix interfaces to make\nthings work better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "70d4bf6d467a330ccc947df9b2608e329d9e7708", "tree": "477dff26ac865f785e9197065e4807daeb89958c", "parents": [ "4b706372f18de53970e4c6887a96459590fef80a" ], "author": { "name": "Neil Horman", "email": "nhorman@tuxdriver.com", "time": "Tue Jul 20 06:45:56 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jul 20 13:28:05 2010 -0700" }, "message": "drop_monitor: convert some kfree_skb call sites to consume_skb\n\nConvert a few calls from kfree_skb to consume_skb\n\nNoticed while I was working on dropwatch that I was detecting lots of internal\nskb drops in several places. While some are legitimate, several were not,\nfreeing skbs that were at the end of their life, rather than being discarded due\nto an error. This patch converts those calls sites from using kfree_skb to\nconsume_skb, which quiets the in-kernel drop_monitor code from detecting them as\ndrops. Tested successfully by myself\n\nSigned-off-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "c9404c9c392d557a4687c4cbda022b03cb787ce9", "tree": "1633e9e8d6a3f955297affd2c3304bdbb670a73c", "parents": [ "634bad68bc25753816594ecd390dcea980528315" ], "author": { "name": "Adam Buchbinder", "email": "adam.buchbinder@gmail.com", "time": "Fri Dec 18 15:40:42 2009 -0500" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Feb 05 12:22:30 2010 +0100" }, "message": "Fix misspelling of \"should\" and \"shouldn\u0027t\" in comments.\n\nSome comments misspell \"should\" or \"shouldn\u0027t\"; this fixes them. No code changes.\n\nSigned-off-by: Adam Buchbinder \u003cadam.buchbinder@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "939cbf260c1abce6cad4b95ea4ba9f5132b660b3", "tree": "598b4ec56e0bef7d76a8a32136c24348d387756d", "parents": [ "44e51a1b7852bd421ff5303c64dcc5c8524c21ef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Sep 23 13:46:00 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Sep 24 03:50:26 2009 -0400" }, "message": "Audit: send signal info if selinux is disabled\n\nAudit will not respond to signal requests if selinux is disabled since it is\nunable to translate the 0 sid from the sending process to a context. This\npatch just doesn\u0027t send the context info if there isn\u0027t any.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "916d75761c971b6e630a26bd4ba472e90ac9a4b9", "tree": "3a4b18d0d29c1d12f64fefbb2bc5559813a686f7", "parents": [ "9d9609851003ebed15957f0f2ce18492739ee124" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "message": "Fix rule eviction order for AUDIT_DIR\n\nIf syscall removes the root of subtree being watched, we\ndefinitely do not want the rules refering that subtree\nto be destroyed without the syscall in question having\na chance to match them.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d9609851003ebed15957f0f2ce18492739ee124", "tree": "2c116865d2f239b5596b22a3a79eecc82f5e1299", "parents": [ "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:37 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:00:52 2009 -0400" }, "message": "Audit: clean up all op\u003d output to include string quoting\n\nA number of places in the audit system we send an op\u003d followed by a string\nthat includes spaces. Somehow this works but it\u0027s just wrong. This patch\nmoves all of those that I could find to be quoted.\n\nExample:\n\nChange From: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003dremove rule\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nChange To: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003d\"remove rule\"\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "cfcad62c74abfef83762dc05a556d21bdf3980a2", "tree": "d253dbf8dfa4d31379dcd886cc1b41c69921acdd", "parents": [ "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:36 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:59 2009 -0400" }, "message": "audit: seperate audit inode watches into a subfile\n\nIn preparation for converting audit to use fsnotify instead of inotify we\nseperate the inode watching code into it\u0027s own file. This is similar to\nhow the audit tree watching code is already seperated into audit_tree.c\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3", "tree": "dae18e879a4e6d5c2ae53cf89267a6045db49da7", "parents": [ "ee080e6ce93d5993390bccf68c1df5efd9351276" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:40 2009 -0400" }, "message": "Audit: clean up audit_receive_skb\n\naudit_receive_skb is hard to clearly parse what it is doing to the netlink\nmessage. Clean the function up so it is easy and clear to see what is going\non.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ee080e6ce93d5993390bccf68c1df5efd9351276", "tree": "6554d820c773f3ace97fdb1ae5defa43cbc83e05", "parents": [ "038cbcf65fd6a30c79e3917690b8c46321a27915" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:39 2009 -0400" }, "message": "Audit: cleanup netlink mesg handling\n\nThe audit handling of netlink messages is all over the place. Clean things\nup, use predetermined macros, generally make it more readable.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "038cbcf65fd6a30c79e3917690b8c46321a27915", "tree": "bc6fc5fbf9ac6dad6055aa77bb0b1eaf35fdaa37", "parents": [ "e85188f424c8eec7f311deed9a70bec57aeed741" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:35 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:37 2009 -0400" }, "message": "Audit: unify the printk of an skb when auditd not around\n\nRemove code duplication of skb printk when auditd is not around in userspace\nto deal with this message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "def57543418a5f47debae28a0a9dea2effc11692", "tree": "9f27756c75502f6331c5c4260f36779a7b9555bc", "parents": [ "679173b724631f49e537a15fa48ea2000bdc1808" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 10 18:00:14 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:49:04 2009 -0400" }, "message": "Audit: remove spaces from audit_log_d_path\n\naudit_log_d_path had spaces in the strings which would be emitted on the\nerror paths. This patch simply replaces those spaces with an _ or removes\nthe needless spaces entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "55ad2f8d340678397de5916b9cd960f17ebd7150", "tree": "6df2974acdd023948fda996119ff94a3eaf6ab5d", "parents": [ "b3897f567100d18e0597f638b911d23aa5e0dd23" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Mar 19 09:52:47 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:43:36 2009 -0400" }, "message": "audit: ignore terminating NUL in AUDIT_USER_TTY messages\n\nAUDIT_USER_TTY, like all other messages sent from user-space, is sent\nNUL-terminated. Unlike other user-space audit messages, which come only\nfrom trusted sources, AUDIT_USER_TTY messages are processed using\naudit_log_n_untrustedstring().\n\nThis patch modifies AUDIT_USER_TTY handling to ignore the trailing NUL\nand use the \"quoted_string\" representation of the message if possible.\n\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b3897f567100d18e0597f638b911d23aa5e0dd23", "tree": "32fa9d3d8faaae7a87de64163d450460b423fd87", "parents": [ "c28bb7da74ab74a2860d652493aaff7de104d79e" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Mar 19 09:48:27 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:43:24 2009 -0400" }, "message": "Audit: fix handling of \u0027strings\u0027 with NULL characters\n\ncurrently audit_log_n_untrustedstring() uses audit_string_contains_control()\nto check if the \u0027string\u0027 has any control characters. If the \u0027string\u0027 has an\nembedded NULL audit_string_contains_control() will return that the data has\nno control characters and will then pass the string to audit_log_n_string\nwith the total length, not the length up to the first NULL.\naudit_log_n_string() does a memcpy of the entire length and so the actual\naudit record emitted may then contain a NULL and then whatever random memory\nis after the NULL.\n\nSince we want to log the entire octet stream (if we can\u0027t trust the data\nto be a string we can\u0027t trust that a NULL isn\u0027t actually a part of it)\nwe should just consider NULL as a control character. If the caller is\ncertain they want to stop at the first NULL they should be using\naudit_log_untrustedstring.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "48887e63d6e057543067327da6b091297f7fe645", "tree": "f290af5a887bcf840a63043eb2df3a4c02ccaea3", "parents": [ "7f0ed77d241b60f70136f15b8eef30a3de1fa249" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Dec 06 01:05:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:41 2008 -0500" }, "message": "[PATCH] fix broken timestamps in AVC generated by kernel threads\n\nTimestamp in audit_context is valid only if -\u003ein_syscall is set.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a3f07114e3359fb98683069ae397220e8992a24a", "tree": "d5af821616dd749be416ccbbe3f25f6919ea0af9", "parents": [ "218d11a8b071b23b76c484fd5f72a4fe3306801e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Nov 05 12:47:09 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:37 2008 -0500" }, "message": "[PATCH] Audit: make audit\u003d0 actually turn off audit\n\nCurrently audit\u003d0 on the kernel command line does absolutely nothing.\nAudit always loads and always uses its resources such as creating the\nkernel netlink socket. This patch causes audit\u003d0 to actually disable\naudit. Audit will use no resources and starting the userspace auditd\ndaemon will not cause the kernel audit system to activate.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20c6aaa39ab735c7ed78e4e5a214d250efae0a6e", "tree": "132164efa309d2df3daeb9fed80ee75da93672bc", "parents": [ "980dfb0db340b95094732d78b55311f2c539c1af" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Thu Jul 31 10:11:19 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:15:16 2008 -0400" }, "message": "[PATCH] Fix the bug of using AUDIT_STATUS_RATE_LIMIT when set fail, no error output.\n\nWhen the \"status_get-\u003emask\" is \"AUDIT_STATUS_RATE_LIMIT || AUDIT_STATUS_BACKLOG_LIMIT\".\nIf \"audit_set_rate_limit\" fails and \"audit_set_backlog_limit\" succeeds, the \"err\" value\nwill be greater than or equal to 0. It will miss the failure of rate set.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1d6c9649e236caa2e93e3647256216e57172b011", "tree": "f2ddd51635a3aac71d11e6d6ae4d4dc698c120f5", "parents": [ "ee1d315663ee0b494898f813a266d6244b263b4f" ], "author": { "name": "Vesa-Matti J Kari", "email": "vmkari@cc.helsinki.fi", "time": "Wed Jul 23 00:06:13 2008 +0300" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:05:35 2008 -0400" }, "message": "kernel/audit.c control character detection is off-by-one\n\nHello,\n\nAccording to my understanding there is an off-by-one bug in the\nfunction:\n\n audit_string_contains_control()\n\nin:\n\n kernel/audit.c\n\nPatch is included.\n\nI do not know from how many places the function is called from, but for\nexample, SELinux Access Vector Cache tries to log untrusted filenames via\ncall path:\n\navc_audit()\n audit_log_untrustedstring()\n audit_log_n_untrustedstring()\n audit_string_contains_control()\n\nIf audit_string_contains_control() detects control characters, then the\nstring is hex-encoded. But the hex\u003d0x7f dec\u003d127, DEL-character, is not\ndetected.\n\nI guess this could have at least some minor security implications, since a\nuser can create a filename with 0x7f in it, causing logged filename to\npossibly look different when someone reads it on the terminal.\n\nSigned-off-by: Vesa-Matti Kari \u003cvmkari@cc.helsinki.fi\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8de72473effd674a3c1fe9621821f406f5587c9", "tree": "4b96ac9b82cc156f9ee01da00450f1a97222353f", "parents": [ "9f0aecdd1cd6aacee9aa8f08031f4f2e09e454dc" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Tue May 20 09:13:02 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:35 2008 -0400" }, "message": "[PATCH] remove useless argument type in audit_filter_user()\n\nThe second argument \"type\" is not used in audit_filter_user(), so I think that type can be removed. If I\u0027m wrong, please tell me.\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "13d5ef97f0675d789f559cfebc1df9d5e2b1879c", "tree": "12202e8011e27501b47b0c008f20fd2fe875c29b", "parents": [ "481c5346d0981940ee63037eb53e4e37b0735c10" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Fri May 16 10:15:04 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:21 2008 -0400" }, "message": "[PATCH] kernel/audit.c: nlh-\u003enlmsg_type is gotten more than once\n\nThe first argument \"nlh-\u003enlmsg_type\" of audit_receive_filter() should be modified to \"msg_type\" in audit_receive_msg().\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fcaf1eb8685a00a99259e138e403841e984385b0", "tree": "01663c2345f200014f028b7cee2d3270e3100601", "parents": [ "6ee650467d5bf972d10441e99688e9b48171f99c" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Wed May 14 16:11:48 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 17 03:30:22 2008 -0400" }, "message": "[patch 1/1] audit_send_reply(): fix error-path memory leak\n\nAddresses http://bugzilla.kernel.org/show_bug.cgi?id\u003d10663\n\nReporter: Daniel Marjamki \u003cdanielm77@spray.se\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067", "tree": "cb93a5cca0d3e29b79c4dd0bb27755f967c325af", "parents": [ "41126226e186d92a45ed664e546abb5204588359" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Apr 18 13:30:15 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:30 2008 -0400" }, "message": "[patch 2/2] Use find_task_by_vpid in audit code\n\nThe pid to lookup a task by is passed inside audit code via netlink message.\n\nThanks to Denis Lunev, netlink packets are now (since 2.6.24) _always_\nprocessed in the context of the sending task. So this is correct to lookup\nthe task with find_task_by_vpid() here.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7719e437fac119e57b17588bab3a8e39ff9d22eb", "tree": "56b08aec09225ac5587d9d8b7fee089181e26d25", "parents": [ "c782f242f0602edf848355d41e3676753c2280c8" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:56 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:17 2008 -0400" }, "message": "[PATCH 2/2] audit: fix sparse shadowed variable warnings\n\nUse msglen as the identifier.\nkernel/audit.c:724:10: warning: symbol \u0027len\u0027 shadows an earlier one\nkernel/audit.c:575:8: originally declared here\n\nDon\u0027t use ino_f to check the inode field at the end of the functions.\nkernel/auditfilter.c:429:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:420:21: originally declared here\nkernel/auditfilter.c:542:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:529:21: originally declared here\n\ni always used as a counter for a for loop and initialized to zero before\nuse. Eliminate the inner i variables.\nkernel/auditsc.c:1295:8: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\nkernel/auditsc.c:1320:7: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41", "tree": "ae2123e2bd6c054d82d5d2a3b81fdfb30c53e46e", "parents": [ "f3d357b092956959563398b59ef2fdd10aea387d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:11:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:13 2008 -0400" }, "message": "Audit: stop deadlock from signals under load\n\nA deadlock is possible between kauditd and auditd under load if auditd\nreceives a signal. When auditd receives a signal it sends a netlink\nmessage to the kernel asking for information about the sender of the\nsignal. In that same context the audit system will attempt to send a\nnetlink message back to the userspace auditd. If kauditd has already\nfilled the socket buffer (see netlink_attachskb()) auditd will now put\nitself to sleep waiting for room to send the message. Since auditd is\nresponsible for draining that socket we have a deadlock. The fix, since\nthe response from the kernel does not need to be synchronous is to send\nthe signal information back to auditd in a separate thread. And thus\nauditd can continue to drain the audit queue normally.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f3d357b092956959563398b59ef2fdd10aea387d", "tree": "b797d759fb81aa461bf0d7734e2f5be7b5e75288", "parents": [ "2532386f480eefbdd67b48be55fb4fb3e5a6081c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:02:28 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:04 2008 -0400" }, "message": "Audit: save audit_backlog_limit audit messages in case auditd comes back\n\nThis patch causes the kernel audit subsystem to store up to\naudit_backlog_limit messages for use by auditd if it ever appears\nsometime in the future in userspace. This is useful to collect audit\nmessages during bootup and even when auditd is stopped. This is NOT a\nreliable mechanism, it does not ever call audit_panic, nor should it.\naudit_log_lost()/audit_panic() are called during the normal delivery\nmechanism. The messages are still sent to printk/syslog as usual and if\ntoo many messages appear to be queued they will be silently discarded.\n\nI liked doing it by default, but this patch only uses the queue in\nquestion if it was booted with audit\u003d1 or if the kernel was built\nenabling audit by default.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d7a96f3a1ae279a2129653d6cb18d722f2f00f91", "tree": "fc38736f303133f80912f1640f2d4fac0027fe04", "parents": [ "03d37d25e0f91b28c4b6d002be6221f1af4b19d8" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:01:11 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:37 2008 +1000" }, "message": "Audit: internally use the new LSM audit hooks\n\nConvert Audit to use the new LSM Audit hooks instead of\nthe exported SELinux interface.\n\nBasically, use:\nsecurity_audit_rule_init\nsecuirty_audit_rule_free\nsecurity_audit_rule_known\nsecurity_audit_rule_match\n\ninstad of (respectively) :\nselinux_audit_rule_init\nselinux_audit_rule_free\naudit_rule_has_selinux\nselinux_audit_rule_match\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a862b32f3da5a2120043921ad301322ad526084", "tree": "bb97054b2f648504f670e3eaed2626b547c4d081", "parents": [ "713a04aeaba35bb95d442cdeb52055498519be25" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:54:38 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:34 2008 +1000" }, "message": "Audit: use new LSM hooks instead of SELinux exports\n\nStop using the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\nkfree(ctx)\n\nand use following generic LSM equivalents respectively:\nsecurity_inode_getsecid(inode, secid)\nsecurity_ipc_getsecid*(ipcp, secid)\nsecurity_task_getsecid(tsk, secid)\nsecurity_sid_to_secctx(sid, ctx, len)\nsecurity_release_secctx(ctx, len)\n\nCall security_release_secctx only if security_secid_to_secctx\nsucceeded.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "f706d5d22c35e18ed13a4b2b4991aac75bf39df5", "tree": "89de67dd7ea1a72cbf6147bbb8a3b7cfb6e746ae", "parents": [ "5214b729e1c2dc3af8f55e6c4c548844c3bea0f5" ], "author": { "name": "Dave Jones", "email": "davej@codemonkey.org.uk", "time": "Fri Mar 28 14:15:56 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 28 14:45:21 2008 -0700" }, "message": "audit: silence two kerneldoc warnings in kernel/audit.c\n\nSilence two kerneldoc warnings.\n\nWarning(kernel/audit.c:1276): No description found for parameter \u0027string\u0027\nWarning(kernel/audit.c:1276): No description found for parameter \u0027len\u0027\n\n[also fix a typo for bonus points]\n\nSigned-off-by: Dave Jones \u003cdavej@codemonkey.org.uk\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "75c0371a2d385ecbd6e1f854d9dce20889f06736", "tree": "34a9988cfb3077c88a44b904f466d129b01caae9", "parents": [ "4f42c288e66a3395e94158badbd182b2dae8eccb" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Mar 20 15:39:41 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 20 15:39:41 2008 -0700" }, "message": "audit: netlink socket can be auto-bound to pid other than current-\u003epid (v2)\n\nFrom:\tPavel Emelyanov \u003cxemul@openvz.org\u003e\n\nThis patch is based on the one from Thomas.\n\nThe kauditd_thread() calls the netlink_unicast() and passes \nthe audit_pid to it. The audit_pid, in turn, is received from \nthe user space and the tool (I\u0027ve checked the audit v1.6.9) \nuses getpid() to pass one in the kernel. Besides, this tool \ndoesn\u0027t bind the netlink socket to this id, but simply creates \nit allowing the kernel to auto-bind one.\n\nThat\u0027s the preamble.\n\nThe problem is that netlink_autobind() _does_not_ guarantees\nthat the socket will be auto-bound to the current pid. Instead\nit uses the current pid as a hint to start looking for a free\nid. So, in case of conflict, the audit messages can be sent\nto a wrong socket. This can happen (it\u0027s unlikely, but can be)\nin case some task opens more than one netlink sockets and then\nthe audit one starts - in this case the audit\u0027s pid can be busy\nand its socket will be bound to another id.\n\nThe proposal is to introduce an audit_nlk_pid in audit subsys,\nthat will point to the netlink socket to send packets to. It\nwill most often be equal to audit_pid. The socket id can be \ngot from the skb\u0027s netlink CB right in the audit_receive_msg.\nThe audit_nlk_pid reset to 0 is not required, since all the\ndecisions are taken based on audit_pid value only.\n\nLater, if the audit tools will bind the socket themselves, the\nkernel will have to provide a way to setup the audit_nlk_pid\nas well.\n\nA good side effect of this patch is that audit_pid can later \nbe converted to struct pid, as it is not longer safe to use \npid_t-s in the presence of pid namespaces. But audit code still \nuses the tgid from task_struct in the audit_signal_info and in\nthe audit_filter_syscall.\n\nSigned-off-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8d07a67cface19ac07d7324f38bda7bbb06bbdb2", "tree": "4706fb5efe2ecdcfa9edac84f7a2682555808fff", "parents": [ "b29ee87e9b441e72454efd1be56aa1a05ffb2f58" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Feb 21 16:59:22 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[PATCH] drop EOE records from printk\n\nHi,\n\nWhile we are looking at the printk issue, I see that its printk\u0027ing the EOE\n(end of event) records which is really not something that we need in syslog.\nIts really intended for the realtime audit event stream handled by the audit\ndaemon. So, lets avoid printk\u0027ing that record type.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b29ee87e9b441e72454efd1be56aa1a05ffb2f58", "tree": "03003a0f8cc126cd2ef3577f0db836e5d30ae22a", "parents": [ "422b03cf75e11dfdfb29b0f19709bac585335f86" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 21 15:53:05 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[RFC] AUDIT: do not panic when printk loses messages\n\nOn the latest kernels if one was to load about 15 rules, set the failure\nstate to panic, and then run service auditd stop the kernel will panic.\nThis is because auditd stops, then the script deletes all of the rules.\nThese deletions are sent as audit messages out of the printk kernel\ninterface which is already known to be lossy. These will overun the\ndefault kernel rate limiting (10 really fast messages) and will call\naudit_panic(). The same effect can happen if a slew of avc\u0027s come\nthrough while auditd is stopped.\n\nThis can be fixed a number of ways but this patch fixes the problem by\njust not panicing if auditd is not running. We know printk is lossy and\nif the user chooses to set the failure mode to panic and tries to use\nprintk we can\u0027t make any promises no matter how hard we try, so why try?\nAt least in this way we continue to get lost message accounting and will\neventually know that things went bad.\n\nThe other change is to add a new call to audit_log_lost() if auditd\ndisappears. We already pulled the skb off the queue and couldn\u0027t send\nit so that message is lost. At least this way we will account for the\nlast message and panic if the machine is configured to panic. This code\npath should only be run if auditd dies for unforeseen reasons. If\nauditd closes correctly audit_pid will get set to 0 and we won\u0027t walk\nthis code path.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cf28b4863f9ee8f122e8ff3ac0d403e07ba9c6d9", "tree": "65c91f6911b34c32e517938289621ce0e7baeaf3", "parents": [ "c32c2f63a9d6c953aaf168c0b2551da9734f76d2" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:44 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:09 2008 -0800" }, "message": "d_path: Make d_path() use a struct path\n\nd_path() is used on a \u003cdentry,vfsmount\u003e pair. Lets use a struct path to\nreflect this.\n\n[akpm@linux-foundation.org: fix build in mm/memory.c]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Bryan Wu \u003cbryan.wu@analog.com\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "320f1b1ed28c601cc152053a2f428a126cb608bc", "tree": "5865f2acf0d84b61fc81108f1bbb33896d11df84", "parents": [ "148b38dc9309044c8656aa36d5fd86069e2ea7cc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jan 23 22:55:05 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:25:04 2008 -0500" }, "message": "[AUDIT] ratelimit printk messages audit\n\nsome printk messages from the audit system can become excessive. This\npatch ratelimits those messages. It was found that messages, such as\nthe audit backlog lost printk message could flood the logs to the point\nthat a machine could take an nmi watchdog hit or otherwise become\nunresponsive.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "148b38dc9309044c8656aa36d5fd86069e2ea7cc", "tree": "905eaa71e29c5d4f65ef8a74e225db68d31cd934", "parents": [ "ef00be0554f1af9f2b685e0e3bb9e2ec0181937e" ], "author": { "name": "Richard Knutsson", "email": "ricknu-0@student.ltu.se", "time": "Thu Jan 10 11:02:40 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:57 2008 -0500" }, "message": "[patch 2/2] audit: complement va_copy with va_end()\n\nComplement va_copy() with va_end().\n\nSigned-off-by: Richard Knutsson \u003cricknu-0@student.ltu.se\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n" }, { "commit": "ef00be0554f1af9f2b685e0e3bb9e2ec0181937e", "tree": "54827faae4e5bcd81fa6b4a17c80ed9990b69cf2", "parents": [ "b593d384efcff7bdf6beb1bc1bc69927977aee26" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Thu Jan 10 11:02:39 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:51 2008 -0500" }, "message": "[patch 1/2] kernel/audit.c: warning fix\n\nkernel/audit.c: In function \u0027audit_log_start\u0027:\nkernel/audit.c:1133: warning: \u0027serial\u0027 may be used uninitialized in this function\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n" }, { "commit": "b593d384efcff7bdf6beb1bc1bc69927977aee26", "tree": "9055ef0decc84dcbf0da67135535f0746e602e8e", "parents": [ "50397bd1e471391d27f64efad9271459c913de87" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 17:38:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:45 2008 -0500" }, "message": "[AUDIT] create context if auditing was ever enabled\n\nDisabling audit at runtime by auditctl doesn\u0027t mean that we can\nstop allocating contexts for new processes; we don\u0027t want to miss them\nwhen that sucker is reenabled.\n\n(based on work from Al Viro in the RHEL kernel series)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "50397bd1e471391d27f64efad9271459c913de87", "tree": "2b23b983ebcb9085cbf38c1688ba0c0f28ccfd2f", "parents": [ "1a6b9f2317f18db768010252c957d99daf40678f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 18:14:19 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:39 2008 -0500" }, "message": "[AUDIT] clean up audit_receive_msg()\n\ngenerally clean up audit_receive_msg() don\u0027t free random memory if\nselinux_sid_to_string fails for some reason. Move generic auditing\nto a helper function\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1a6b9f2317f18db768010252c957d99daf40678f", "tree": "e63199fab4ec31e05b22f3af10505bdcfcb57be8", "parents": [ "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 17:09:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:33 2008 -0500" }, "message": "[AUDIT] make audit\u003d0 really stop audit messages\n\nSome audit messages (namely configuration changes) are still emitted even if\nthe audit subsystem has been explicitly disabled. This patch turns those\nmessages off as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e445deb593d67c8ed13bd357c780a93d78bc84cf", "tree": "b6c14711659e16f817a4cb9eaa1fd8dba0c7b162", "parents": [ "6246ccab99093a562044596dd868213caa0b2b4c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:19:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:08:14 2008 -0500" }, "message": "[AUDIT] include audit type in audit message when using printk\n\nCurrently audit drops the audit type when an audit message goes through\nprintk instead of the audit deamon. This is a minor annoyance in\nthat the audit type is no longer part of the message and the information\nthe audit type conveys needs to be carried in, or derived from the\nmessage data.\n\nThe attached patch includes the type number as part of the printk.\nAdmittedly it isn\u0027t the type name that the audit deamon provides but I\nthink this is better than dropping the type completely.\n\nSigned-pff-by: John Johansen \u003cjjohansen@suse.de\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "406a1d868001423c85a3165288e566e65f424fe6", "tree": "2663aa7139f884ba5ef0425911fc9a579fcb1c6f", "parents": [ "29ffe1a5c52dae13b6efead97aab9b058f38fce4" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jan 28 20:47:09 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jan 31 19:27:08 2008 -0800" }, "message": "[AUDIT]: Increase skb-\u003etruesize in audit_expand\n\nThe recent UDP patch exposed this bug in the audit code. It\nwas calling pskb_expand_head without increasing skb-\u003etruesize.\nThe caller of pskb_expand_head needs to do so because that function\nis designed to be called in places where truesize is already fixed\nand therefore it doesn\u0027t update its value.\n\nBecause the audit system is using it in a place where the truesize\nhas not yet been fixed, it needs to update its value manually.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5600b892789c21749898e1ef815a2b9b152f51e0", "tree": "f06c729ce3d157a45f7d67f41d097249df9586b9", "parents": [ "bd3a8492baecde685a7568f9785651e9b11747f5" ], "author": { "name": "Daniel Walker", "email": "dwalker@mvista.com", "time": "Thu Oct 18 03:06:10 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:25 2007 -0700" }, "message": "whitespace fixes: system auditing\n\nJust removing white space at the end of lines.\n\nSigned-off-by: Daniel Walker \u003cdwalker@mvista.com\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cd40b7d3983c708aabe3d3008ec64ffce56d33b0", "tree": "0d6fe9cfd2f03fdeee126e317d4bfb145afc458d", "parents": [ "aed815601f3f95281ab3a01f7e2cbe1bd54285a0" ], "author": { "name": "Denis V. Lunev", "email": "den@openvz.org", "time": "Wed Oct 10 21:15:29 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 10 21:15:29 2007 -0700" }, "message": "[NET]: make netlink user -\u003e kernel interface synchronious\n\nThis patch make processing netlink user -\u003e kernel messages synchronious.\nThis change was inspired by the talk with Alexey Kuznetsov about current\nnetlink messages processing. He says that he was badly wrong when introduced \nasynchronious user -\u003e kernel communication.\n\nThe call netlink_unicast is the only path to send message to the kernel\nnetlink socket. But, unfortunately, it is also used to send data to the\nuser.\n\nBefore this change the user message has been attached to the socket queue\nand sk-\u003esk_data_ready was called. The process has been blocked until all\npending messages were processed. The bad thing is that this processing\nmay occur in the arbitrary process context.\n\nThis patch changes nlk-\u003edata_ready callback to get 1 skb and force packet\nprocessing right in the netlink_unicast.\n\nKernel -\u003e user path in netlink_unicast remains untouched.\n\nEINTR processing for in netlink_run_queue was changed. It forces rtnl_lock\ndrop, but the process remains in the cycle until the message will be fully\nprocessed. So, there is no need to use this kludges now.\n\nSigned-off-by: Denis V. Lunev \u003cden@openvz.org\u003e\nAcked-by: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b4b510290b056b86611757ce1175a230f1080f53", "tree": "7bd1d45855ac7457be6d50338c60751f19e436d9", "parents": [ "e9dc86534051b78e41e5b746cccc291b57a3a311" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 13:05:38 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:09 2007 -0700" }, "message": "[NET]: Support multiple network namespaces with netlink\n\nEach netlink socket will live in exactly one network namespace,\nthis includes the controlling kernel sockets.\n\nThis patch updates all of the existing netlink protocols\nto only support the initial network namespace. Request\nby clients in other namespaces will get -ECONREFUSED.\nAs they would if the kernel did not have the support for\nthat netlink protocol compiled in.\n\nAs each netlink protocol is updated to be multiple network\nnamespace safe it can register multiple kernel sockets\nto acquire a presence in the rest of the network namespaces.\n\nThe implementation in af_netlink is a simple filter implementation\nat hash table insertion and hash table look up time.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "831441862956fffa17b9801db37e6ea1650b0f69", "tree": "b0334921341f8f1734bdd3243de76d676329d21c", "parents": [ "787d2214c19bcc9b6ac48af0ce098277a801eded" ], "author": { "name": "Rafael J. Wysocki", "email": "rjw@sisk.pl", "time": "Tue Jul 17 04:03:35 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 17 10:23:02 2007 -0700" }, "message": "Freezer: make kernel threads nonfreezable by default\n\nCurrently, the freezer treats all tasks as freezable, except for the kernel\nthreads that explicitly set the PF_NOFREEZE flag for themselves. This\napproach is problematic, since it requires every kernel thread to either\nset PF_NOFREEZE explicitly, or call try_to_freeze(), even if it doesn\u0027t\ncare for the freezing of tasks at all.\n\nIt seems better to only require the kernel threads that want to or need to\nbe frozen to use some freezer-related code and to remove any\nfreezer-related code from the other (nonfreezable) kernel threads, which is\ndone in this patch.\n\nThe patch causes all kernel threads to be nonfreezable by default (ie. to\nhave PF_NOFREEZE set by default) and introduces the set_freezable()\nfunction that should be called by the freezable kernel threads in order to\nunset PF_NOFREEZE. It also makes all of the currently freezable kernel\nthreads call set_freezable(), so it shouldn\u0027t cause any (intentional)\nchange of behaviour to appear. Additionally, it updates documentation to\ndescribe the freezing of tasks more accurately.\n\n[akpm@linux-foundation.org: build fixes]\nSigned-off-by: Rafael J. Wysocki \u003crjw@sisk.pl\u003e\nAcked-by: Nigel Cunningham \u003cnigel@nigel.suspend2.net\u003e\nCc: Pavel Machek \u003cpavel@ucw.cz\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Gautham R Shenoy \u003cego@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "039b6b3ed84e45a6f8316358dd2bfdc83d59fc45", "tree": "7d64edaeb2a67808742988dea3cccacecc1b17b8", "parents": [ "b2bbe383ef7e792e92a5f53be955e71bd253ab32" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@mindspring.com", "time": "Tue May 08 00:29:20 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:09 2007 -0700" }, "message": "audit: add spaces on either side of case \"...\" operator.\n\nFollowing the programming advice laid down in the gcc manual, make\nsure the case \"...\" operator has spaces on either side.\n\nAccording to:\n\nhttp://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Case-Ranges.html#Case-Ranges:\n\n \"Be careful: Write spaces around the ..., for otherwise it may be\nparsed wrong when you use it with integer values.\"\n\nSigned-off-by: Robert P. J. Day \u003crpjday@mindspring.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "af65bdfce98d7965fbe93a48b8128444a2eea024", "tree": "e6ac5ff82a0d5067213135cdf049b912b02e824d", "parents": [ "b076deb8498e26c9aa2f44046fe5e9936ae2fb5a" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Apr 20 14:14:21 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:29:03 2007 -0700" }, "message": "[NETLINK]: Switch cb_lock spinlock to mutex and allow to override it\n\nSwitch cb_lock to mutex and allow netlink kernel users to override it\nwith a subsystem specific mutex for consistent locking in dump callbacks.\nAll netlink_dump_start users have been audited not to rely on any\nside-effects of the previously used spinlock.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b529ccf2799c14346d1518e9bdf1f88f03643e99", "tree": "f899a5a5d66d2ca21724c1871ee3afeda6c4a670", "parents": [ "965ffea43d4ebe8cd7b9fee78d651268dd7d23c5" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Wed Apr 25 19:08:35 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:34 2007 -0700" }, "message": "[NETLINK]: Introduce nlmsg_hdr() helper\n\nFor the common \"(struct nlmsghdr *)skb-\u003edata\" sequence, so that we reduce the\nnumber of direct accesses to skb-\u003edata and for consistency with all the other\ncast skb member helpers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "27a884dc3cb63b93c2b3b643f5b31eed5f8a4d26", "tree": "5a267e40f9b94014be38dad5de0a52b6628834e0", "parents": [ "be8bd86321fa7f06359d866ef61fb4d2f3e9dce9" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Thu Apr 19 20:29:13 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:26:28 2007 -0700" }, "message": "[SK_BUFF]: Convert skb-\u003etail to sk_buff_data_t\n\nSo that it is also an offset from skb-\u003ehead, reduces its size from 8 to 4 bytes\non 64bit architectures, allowing us to combine the 4 bytes hole left by the\nlayer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4\n64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN...\n:-)\n\nMany calculations that previously required that skb-\u003e{transport,network,\nmac}_header be first converted to a pointer now can be done directly, being\nmeaningful as offsets or pointers.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6a01b07fae482f9b34491b317056c89d3b96ca2e", "tree": "b3e80a8147101db29dcc18596ea20b1fcbeef6ad", "parents": [ "a17b4ad778e1857944f5a1df95fb7758cd5cc58d" ], "author": { "name": "Steve Grubb", "email": "sgrubb redhat com", "time": "Fri Jan 19 14:39:55 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:12 2007 -0500" }, "message": "[PATCH] audit config lockdown\n\nThe following patch adds a new mode to the audit system. It uses the\naudit_enabled config option to introduce the idea of audit enabled, but\nconfiguration is immutable. Any attempt to change the configuration\nwhile in this mode is audited. To change the audit rules, you\u0027d need to\nreboot the machine.\n\nTo use this option, you\u0027d need a modified version of auditctl and use \"-e 2\".\nThis is intended to go at the end of the audit.rules file for people that\nwant an immutable configuration.\n\nThis patch also adds \"res\u003d\" to a number of configuration commands that did not\nhave it before.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7dfb71030f7636a0d65200158113c37764552f93", "tree": "276b812903d377b16d8828e888552fd256f48aab", "parents": [ "8a05aac2631aa0e6494d9dc990f8c68ed8b8fde7" ], "author": { "name": "Nigel Cunningham", "email": "ncunningham@linuxmail.org", "time": "Wed Dec 06 20:34:23 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Thu Dec 07 08:39:27 2006 -0800" }, "message": "[PATCH] Add include/linux/freezer.h and move definitions from sched.h\n\nMove process freezing functions from include/linux/sched.h to freezer.h, so\nthat modifications to the freezer or the kernel configuration don\u0027t require\nrecompiling just about everything.\n\n[akpm@osdl.org: fix ueagle driver]\nSigned-off-by: Nigel Cunningham \u003cnigel@suspend2.net\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nCc: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4899b8b16b302299cc91289f7b5bac295e9ab387", "tree": "e9bfd4f3a44f6a49e60f1b8930a015c6772524ef", "parents": [ "d195412c35fe777811bd58ad43fba3aacc67e15c" ], "author": { "name": "Andrew Morton", "email": "akpm@osdl.org", "time": "Fri Oct 06 00:43:48 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 06 08:53:39 2006 -0700" }, "message": "[PATCH] kauditd_thread warning fix\n\nSquash this warning:\n\n kernel/audit.c: In function \u0027kauditd_thread\u0027:\n kernel/audit.c:367: warning: no return statement in function returning non-void\n\nWe might as test kthread_should_stop(), although it\u0027s not very pointful at\npresent.\n\nThe code which starts this thread looks racy - the kernel could start multiple\nthreads.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Jeff Garzik \u003cjeff@garzik.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d", "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86", "parents": [ "62bac0185ad3dfef11d9602980445c54d45199c6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8ef2d3040e5cf38f7d64a408038f576b4a5ec987", "tree": "def11d400d2262e104cb1c64a953276794d8c9a8", "parents": [ "3b33ac3182a4554742757a0c61ee1df162cf8225" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Sep 07 17:03:02 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:17 2006 -0400" }, "message": "[PATCH] sanity check audit_buffer\n\nAdd sanity checks for NULL audit_buffer consistent with other\naudit_log* routines.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6988434ee5f532c71be3131fba23283f5cf43847", "tree": "bdec2a0f267af6b3067dca31753565db25c28127", "parents": [ "73d3ec5abad3f1730ac8530899d2c14d92f3ad63" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:17:12 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:39 2006 -0400" }, "message": "[PATCH] fix oops with CONFIG_AUDIT and !CONFIG_AUDITSYSCALL\n\nAlways initialize the audit_inode_hash[] so we don\u0027t oops on list rules.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c7bdb545d23026b18be53289fd866d1ac07f5f8c", "tree": "6d9a218871d88f7579dd53f14692df2529b6e712", "parents": [ "576a30eb6453439b3c37ba24455ac7090c247b5a" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Tue Jun 27 13:26:11 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 29 16:57:55 2006 -0700" }, "message": "[NETLINK]: Encapsulate eff_cap usage within security framework.\n\nThis patch encapsulates the usage of eff_cap (in netlink_skb_params) within\nthe security framework by extending security_netlink_recv to include a required\ncapability parameter and converting all direct usage of eff_caps outside\nof the lsm modules to use the interface. It also updates the SELinux\nimplementation of the security_netlink_send and security_netlink_recv\nhooks to take advantage of the sid in the netlink_skb_params struct.\nThis also enables SELinux to perform auditing of netlink capability checks.\nPlease apply, for 2.6.18 if possible.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "34af946a22724c4e2b204957f2b24b22a0fb121c", "tree": "7881dcbd0a698257c126198cdb6d97d4e45ee51e", "parents": [ "b6cd0b772dcc5dc9b4c03d53946474dee399fa72" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Jun 27 02:53:55 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:39 2006 -0700" }, "message": "[PATCH] spin/rwlock init cleanups\n\nlocking init cleanups:\n\n - convert \" \u003d SPIN_LOCK_UNLOCKED\" to spin_lock_init() or DEFINE_SPINLOCK()\n - convert rwlocks in a similar manner\n\nthis patch was generated automatically.\n\nMotivation:\n\n - cleanliness\n - lockdep needs control of lock initialization, which the open-coded\n variants do not give\n - it\u0027s also useful for -rt and for lock debugging in general\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ], "next": "9c937dcc71021f2dbf78f904f03d962dd9bcc130" }