)]}' { "log": [ { "commit": "4502403dcf8f5c76abd4dbab8726c8e4ecb5cd34", "tree": "79f16f1c9ff482fb926b147a2f4f0b4382f0ccf6", "parents": [ "a937536b868b8369b98967929045f1df54234323" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Sat Mar 16 12:48:11 2013 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 19 00:33:09 2013 +1100" }, "message": "selinux: use GFP_ATOMIC under spin_lock\n\nThe call tree here is:\n\nsk_clone_lock() \u003c- takes bh_lock_sock(newsk);\nxfrm_sk_clone_policy()\n__xfrm_sk_clone_policy()\nclone_policy() \u003c- uses GFP_ATOMIC for allocations\nsecurity_xfrm_policy_clone()\nsecurity_ops-\u003exfrm_policy_clone_security()\nselinux_xfrm_policy_clone()\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "56a79b7b021bf1b08334e63c2c14b280e2dbf47a", "tree": "0419233e6194f4f12073c9284852885aa8984bec", "parents": [ "1c82315a12144cde732636e259d39e3ee81b3c5b", "dcf787f39162ce32ca325b3e784aba2d2444619a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:02 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:03 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull more VFS bits from Al Viro:\n \"Unfortunately, it looks like xattr series will have to wait until the\n next cycle ;-/\n\n This pile contains 9p cleanups and fixes (races in v9fs_fid_add()\n etc), fixup for nommu breakage in shmem.c, several cleanups and a bit\n more file_inode() work\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:\n constify path_get/path_put and fs_struct.c stuff\n fix nommu breakage in shmem.c\n cache the value of file_inode() in struct file\n 9p: if v9fs_fid_lookup() gets to asking server, it\u0027d better have hashed dentry\n 9p: make sure -\u003elookup() adds fid to the right dentry\n 9p: untangle -\u003elookup() a bit\n 9p: double iput() in -\u003elookup() if d_materialise_unique() fails\n 9p: v9fs_fid_add() can\u0027t fail now\n v9fs: get rid of v9fs_dentry\n 9p: turn fid-\u003edlist into hlist\n 9p: don\u0027t bother with private lock in -\u003ed_fsdata; dentry-\u003ed_lock will do just fine\n more file_inode() open-coded instances\n selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\n(In the meantime, the hlist traversal macros have changed, so this\nrequired a semantic conflict fixup for the newly hlistified fid-\u003edlist)\n" }, { "commit": "b67bfe0d42cac56c512dd5da4b1b347a23f4b70a", "tree": "3d465aea12b97683f26ffa38eba8744469de9997", "parents": [ "1e142b29e210b5dfb2deeb6ce2210b60af16d2a6" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Wed Feb 27 17:06:00 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Feb 27 19:10:24 2013 -0800" }, "message": "hlist: drop the node parameter from iterators\n\nI\u0027m not sure why, but the hlist for each entry iterators were conceived\n\n list_for_each_entry(pos, head, member)\n\nThe hlist ones were greedy and wanted an extra parameter:\n\n hlist_for_each_entry(tpos, pos, head, member)\n\nWhy did they need an extra pos parameter? I\u0027m not quite sure. Not only\nthey don\u0027t really need it, it also prevents the iterator from looking\nexactly like the list iterator, which is unfortunate.\n\nBesides the semantic patch, there was some manual work required:\n\n - Fix up the actual hlist iterators in linux/list.h\n - Fix up the declaration of other iterators based on the hlist ones.\n - A very small amount of places were using the \u0027node\u0027 parameter, this\n was modified to use \u0027obj-\u003emember\u0027 instead.\n - Coccinelle didn\u0027t handle the hlist_for_each_entry_safe iterator\n properly, so those had to be fixed up manually.\n\nThe semantic patch which is mostly the work of Peter Senna Tschudin is here:\n\n@@\niterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;\n\ntype T;\nexpression a,c,d,e;\nidentifier b;\nstatement S;\n@@\n\n-T b;\n \u003c+... when !\u003d b\n(\nhlist_for_each_entry(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue(a,\n- b,\nc) S\n|\nhlist_for_each_entry_from(a,\n- b,\nc) S\n|\nhlist_for_each_entry_rcu(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_rcu_bh(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue_rcu_bh(a,\n- b,\nc) S\n|\nfor_each_busy_worker(a, c,\n- b,\nd) S\n|\nax25_uid_for_each(a,\n- b,\nc) S\n|\nax25_for_each(a,\n- b,\nc) S\n|\ninet_bind_bucket_for_each(a,\n- b,\nc) S\n|\nsctp_for_each_hentry(a,\n- b,\nc) S\n|\nsk_for_each(a,\n- b,\nc) S\n|\nsk_for_each_rcu(a,\n- b,\nc) S\n|\nsk_for_each_from\n-(a, b)\n+(a)\nS\n+ sk_for_each_from(a) S\n|\nsk_for_each_safe(a,\n- b,\nc, d) S\n|\nsk_for_each_bound(a,\n- b,\nc) S\n|\nhlist_for_each_entry_safe(a,\n- b,\nc, d, e) S\n|\nhlist_for_each_entry_continue_rcu(a,\n- b,\nc) S\n|\nnr_neigh_for_each(a,\n- b,\nc) S\n|\nnr_neigh_for_each_safe(a,\n- b,\nc, d) S\n|\nnr_node_for_each(a,\n- b,\nc) S\n|\nnr_node_for_each_safe(a,\n- b,\nc, d) S\n|\n- for_each_gfn_sp(a, c, d, b) S\n+ for_each_gfn_sp(a, c, d) S\n|\n- for_each_gfn_indirect_valid_sp(a, c, d, b) S\n+ for_each_gfn_indirect_valid_sp(a, c, d) S\n|\nfor_each_host(a,\n- b,\nc) S\n|\nfor_each_host_safe(a,\n- b,\nc, d) S\n|\nfor_each_mesh_entry(a,\n- b,\nc, d) S\n)\n ...+\u003e\n\n[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]\n[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]\n[akpm@linux-foundation.org: checkpatch fixes]\n[akpm@linux-foundation.org: fix warnings]\n[akpm@linux-foudnation.org: redo intrusive kvm changes]\nTested-by: Peter Senna Tschudin \u003cpeter.senna@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nCc: Wu Fengguang \u003cfengguang.wu@intel.com\u003e\nCc: Marcelo Tosatti \u003cmtosatti@redhat.com\u003e\nCc: Gleb Natapov \u003cgleb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45e09bd51b2be1fbb86c2e3d5bb00d32744f1ecb", "tree": "4cf68d20342e7b0253ea07ae2b265b15b994f684", "parents": [ "d895cb1af15c04c522a25c79cc429076987c089b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 16:24:16 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 27 13:22:14 2013 -0500" }, "message": "selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d895cb1af15c04c522a25c79cc429076987c089b", "tree": "895dc9157e28f603d937a58be664e4e440d5530c", "parents": [ "9626357371b519f2b955fef399647181034a77fe", "d3d009cb965eae7e002ea5badf603ea8f4c34915" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile (part one) from Al Viro:\n \"Assorted stuff - cleaning namei.c up a bit, fixing -\u003ed_name/-\u003ed_parent\n locking violations, etc.\n\n The most visible changes here are death of FS_REVAL_DOT (replaced with\n \"has -\u003ed_weak_revalidate()\") and a new helper getting from struct file\n to inode. Some bits of preparation to xattr method interface changes.\n\n Misc patches by various people sent this cycle *and* ocfs2 fixes from\n several cycles ago that should\u0027ve been upstream right then.\n\n PS: the next vfs pile will be xattr stuff.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)\n saner proc_get_inode() calling conventions\n proc: avoid extra pde_put() in proc_fill_super()\n fs: change return values from -EACCES to -EPERM\n fs/exec.c: make bprm_mm_init() static\n ocfs2/dlm: use GFP_ATOMIC inside a spin_lock\n ocfs2: fix possible use-after-free with AIO\n ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path\n get_empty_filp()/alloc_file() leave both -\u003ef_pos and -\u003ef_version zero\n target: writev() on single-element vector is pointless\n export kernel_write(), convert open-coded instances\n fs: encode_fh: return FILEID_INVALID if invalid fid_type\n kill f_vfsmnt\n vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op\n nfsd: handle vfs_getattr errors in acl protocol\n switch vfs_getattr() to struct path\n default SET_PERSONALITY() in linux/elf.h\n ceph: prepopulate inodes only when request is aborted\n d_hash_and_lookup(): export, switch open-coded instances\n 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()\n 9p: split dropping the acls from v9fs_set_create_acl()\n ...\n" }, { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5dbbaf2de89613d19a9286d4db0a535ca2735d26", "tree": "1eaa64968a8ecf83aee4d2f6792840abde6c4916", "parents": [ "6f96c142f77c96a34ac377a3616ee7abcd77fb4d" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:19 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "tun: fix LSM/SELinux labeling of tun/tap devices\n\nThis patch corrects some problems with LSM/SELinux that were introduced\nwith the multiqueue patchset. The problem stems from the fact that the\nmultiqueue work changed the relationship between the tun device and its\nassociated socket; before the socket persisted for the life of the\ndevice, however after the multiqueue changes the socket only persisted\nfor the life of the userspace connection (fd open). For non-persistent\ndevices this is not an issue, but for persistent devices this can cause\nthe tun device to lose its SELinux label.\n\nWe correct this problem by adding an opaque LSM security blob to the\ntun device struct which allows us to have the LSM security state, e.g.\nSELinux labeling information, persist for the lifetime of the tun\ndevice. In the process we tweak the LSM hooks to work with this new\napproach to TUN device/socket labeling and introduce a new LSM hook,\nsecurity_tun_dev_attach_queue(), to approve requests to attach to a\nTUN queue via TUNSETQUEUE.\n\nThe SELinux code has been adjusted to match the new LSM hooks, the\nother LSMs do not make use of the LSM TUN controls. This patch makes\nuse of the recently added \"tun_socket:attach_queue\" permission to\nrestrict access to the TUNSETQUEUE operation. On older SELinux\npolicies which do not define the \"tun_socket:attach_queue\" permission\nthe access control decision for TUNSETQUEUE will be handled according\nto the SELinux policy\u0027s unknown permission setting.\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f96c142f77c96a34ac377a3616ee7abcd77fb4d", "tree": "a481cf442e39dae7f0392b38db461f5b3076e7eb", "parents": [ "cce894bb824429fd312706c7012acae43e725865" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:13 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "selinux: add the \"attach_queue\" permission to the \"tun_socket\" class\n\nAdd a new permission to align with the new TUN multiqueue support,\n\"tun_socket:attach_queue\".\n\nThe corresponding SELinux reference policy patch is show below:\n\n diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors\n index 28802c5..a0664a1 100644\n --- a/policy/flask/access_vectors\n +++ b/policy/flask/access_vectors\n @@ -827,6 +827,9 @@ class kernel_service\n\n class tun_socket\n inherits socket\n +{\n + attach_queue\n +}\n\n class x_pointer\n inherits x_device\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9dd9ff99532d7a7f8222fd1f0d410d91c0f15ac5", "tree": "71a4981ece4592723cf6f0a37289e50a1028fbbf", "parents": [ "0d0863b02002c25140a1b9e113b81211bcc780e8" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Fri Dec 14 22:09:50 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 15 17:14:38 2012 -0800" }, "message": "bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6e73d71d8485607c692302d2058894588e3a387f", "tree": "ef660acbe7b5076beca493af6fe351ed17404fa0", "parents": [ "7c77ab24e30bad7598b5cfda93be6f32ed439c2f" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 18:59:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 10 14:09:01 2012 -0500" }, "message": "rtnetlink: add missing message types to selinux perm table\n\nRebased on the latest net-next tree.\n\nRTM_NEWNETCONF and RTM_GETNETCONF are missing in this table.\n\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ee07c6e7a6f8a25c18f0a6b18152fbd7499245f6", "tree": "055d61934deeedf93eefbde3106f6a751c35d932", "parents": [ "5d248c491b38d4f1b2a0bd7721241d68cd0b3067" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 00:04:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 07 14:32:52 2012 -0500" }, "message": "bridge: export multicast database via netlink\n\nV5: fix two bugs pointed out by Thomas\n remove seq check for now, mark it as TODO\n\nV4: remove some useless #include\n some coding style fix\n\nV3: drop debugging printk\u0027s\n update selinux perm table as well\n\nV2: drop patch 1/2, export ifindex directly\n Redesign netlink attributes\n Improve netlink seq check\n Handle IPv6 addr as well\n\nThis patch exports bridge multicast database via netlink\nmessage type RTM_GETMDB. Similar to fdb, but currently bridge-specific.\nWe may need to support modify multicast database too (RTM_{ADD,DEL}MDB).\n\n(Thanks to Thomas for patient reviews)\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Jesper Dangaard Brouer \u003cbrouer@redhat.com\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88a693b5c1287be4da937699cb82068ce9db0135", "tree": "a18c1d6ee8e7792a3fb6741361b8fb84d16636af", "parents": [ "99b6e1e7233073a23a20824db8c5260a723ed192" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Thu Nov 08 16:09:27 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Nov 21 21:55:32 2012 +1100" }, "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0: (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "45525b26a46cd593cb72070304c4cd7c8391bd37", "tree": "9064f045ef433e4d74d281daa995ee3c082e806e", "parents": [ "dd8e8c4a2c902d8350b702e7bc7c2799e5e7e331" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:30:07 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:36:50 2012 -0400" }, "message": "fix a leak in replace_fd() users\n\nreplace_fd() began with \"eats a reference, tries to insert into\ndescriptor table\" semantics; at some point I\u0027d switched it to\nmuch saner current behaviour (\"try to insert into descriptor\ntable, grabbing a new reference if inserted; caller should do\nfput() in any case\"), but forgot to update the callers.\nMea culpa...\n\n[Spotted by Pavel Roskin, who has really weird system with pipe-fed\ncoredumps as part of what he considers a normal boot ;-)]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "314e51b9851b4f4e8ab302243ff5a6fc6147f379", "tree": "f757b89206355fd129830782566768693eed23ce", "parents": [ "0103bd16fb90bc741c7a03fd1ea4e8a505abad23" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:29:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:19 2012 +0900" }, "message": "mm: kill vma flag VM_RESERVED and mm-\u003ereserved_vm counter\n\nA long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,\ncurrently it lost original meaning but still has some effects:\n\n | effect | alternative flags\n-+------------------------+---------------------------------------------\n1| account as reserved_vm | VM_IO\n2| skip in core dump | VM_IO, VM_DONTDUMP\n3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n\nThis patch removes reserved_vm counter from mm_struct. Seems like nobody\ncares about it, it does not exported into userspace directly, it only\nreduces total_vm showed in proc.\n\nThus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.\n\nremap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.\nremap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.\n\n[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "aab174f0df5d72d31caccf281af5f614fa254578", "tree": "2a172c5009c4ac8755e858593154c258ce7709a0", "parents": [ "ca41cc96b2813221b05af57d0355157924de5a07", "2bd2c1941f141ad780135ccc1cd08ca71a24f10a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs update from Al Viro:\n\n - big one - consolidation of descriptor-related logics; almost all of\n that is moved to fs/file.c\n\n (BTW, I\u0027m seriously tempted to rename the result to fd.c. As it is,\n we have a situation when file_table.c is about handling of struct\n file and file.c is about handling of descriptor tables; the reasons\n are historical - file_table.c used to be about a static array of\n struct file we used to have way back).\n\n A lot of stray ends got cleaned up and converted to saner primitives,\n disgusting mess in android/binder.c is still disgusting, but at least\n doesn\u0027t poke so much in descriptor table guts anymore. A bunch of\n relatively minor races got fixed in process, plus an ext4 struct file\n leak.\n\n - related thing - fget_light() partially unuglified; see fdget() in\n there (and yes, it generates the code as good as we used to have).\n\n - also related - bits of Cyrill\u0027s procfs stuff that got entangled into\n that work; _not_ all of it, just the initial move to fs/proc/fd.c and\n switch of fdinfo to seq_file.\n\n - Alex\u0027s fs/coredump.c spiltoff - the same story, had been easier to\n take that commit than mess with conflicts. The rest is a separate\n pile, this was just a mechanical code movement.\n\n - a few misc patches all over the place. Not all for this cycle,\n there\u0027ll be more (and quite a few currently sit in akpm\u0027s tree).\"\n\nFix up trivial conflicts in the android binder driver, and some fairly\nsimple conflicts due to two different changes to the sock_alloc_file()\ninterface (\"take descriptor handling from sock_alloc_file() to callers\"\nvs \"net: Providing protocol type via system.sockprotoname xattr of\n/proc/PID/fd entries\" adding a dentry name to the socket)\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)\n MAX_LFS_FILESIZE should be a loff_t\n compat: fs: Generic compat_sys_sendfile implementation\n fs: push rcu_barrier() from deactivate_locked_super() to filesystems\n btrfs: reada_extent doesn\u0027t need kref for refcount\n coredump: move core dump functionality into its own file\n coredump: prevent double-free on an error path in core dumper\n usb/gadget: fix misannotations\n fcntl: fix misannotations\n ceph: don\u0027t abuse d_delete() on failure exits\n hypfs: -\u003ed_parent is never NULL or negative\n vfs: delete surplus inode NULL check\n switch simple cases of fget_light to fdget\n new helpers: fdget()/fdput()\n switch o2hb_region_dev_write() to fget_light()\n proc_map_files_readdir(): don\u0027t bother with grabbing files\n make get_file() return its argument\n vhost_set_vring(): turn pollstart/pollstop into bool\n switch prctl_set_mm_exe_file() to fget_light()\n switch xfs_find_handle() to fget_light()\n switch xfs_swapext() to fget_light()\n ...\n" }, { "commit": "aecdc33e111b2c447b622e287c6003726daa1426", "tree": "3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6", "parents": [ "a20acf99f75e49271381d65db097c9763060a1e8", "a3a6cab5ea10cca64d036851fe0d932448f2fe4f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n 1) GRE now works over ipv6, from Dmitry Kozlov.\n\n 2) Make SCTP more network namespace aware, from Eric Biederman.\n\n 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.\n\n 4) Make openvswitch network namespace aware, from Pravin B Shelar.\n\n 5) IPV6 NAT implementation, from Patrick McHardy.\n\n 6) Server side support for TCP Fast Open, from Jerry Chu and others.\n\n 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel\n Borkmann.\n\n 8) Increate the loopback default MTU to 64K, from Eric Dumazet.\n\n 9) Use a per-task rather than per-socket page fragment allocator for\n outgoing networking traffic. This benefits processes that have very\n many mostly idle sockets, which is quite common.\n\n From Eric Dumazet.\n\n10) Use up to 32K for page fragment allocations, with fallbacks to\n smaller sizes when higher order page allocations fail. Benefits are\n a) less segments for driver to process b) less calls to page\n allocator c) less waste of space.\n\n From Eric Dumazet.\n\n11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.\n\n12) VXLAN device driver, one way to handle VLAN issues such as the\n limitation of 4096 VLAN IDs yet still have some level of isolation.\n From Stephen Hemminger.\n\n13) As usual there is a large boatload of driver changes, with the scale\n perhaps tilted towards the wireless side this time around.\n\nFix up various fairly trivial conflicts, mostly caused by the user\nnamespace changes.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)\n hyperv: Add buffer for extended info after the RNDIS response message.\n hyperv: Report actual status in receive completion packet\n hyperv: Remove extra allocated space for recv_pkt_list elements\n hyperv: Fix page buffer handling in rndis_filter_send_request()\n hyperv: Fix the missing return value in rndis_filter_set_packet_filter()\n hyperv: Fix the max_xfer_size in RNDIS initialization\n vxlan: put UDP socket in correct namespace\n vxlan: Depend on CONFIG_INET\n sfc: Fix the reported priorities of different filter types\n sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP\n sfc: Fix loopback self-test with separate_tx_channels\u003d1\n sfc: Fix MCDI structure field lookup\n sfc: Add parentheses around use of bitfield macro arguments\n sfc: Fix null function pointer in efx_sriov_channel_type\n vxlan: virtual extensible lan\n igmp: export symbol ip_mc_leave_group\n netlink: add attributes to fdb interface\n tg3: unconditionally select HWMON support when tg3 is enabled.\n Revert \"net: ti cpsw ethernet: allow reading phy interface mode from DT\"\n gre: fix sparse warning\n ...\n" }, { "commit": "437589a74b6a590d175f86cf9f7b2efcee7765e7", "tree": "37bf8635b1356d80ef002b00e84f3faf3d555a63", "parents": [ "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "72235465864d84cedb2d9f26f8e1de824ee20339" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"This is a mostly modest set of changes to enable basic user namespace\n support. This allows the code to code to compile with user namespaces\n enabled and removes the assumption there is only the initial user\n namespace. Everything is converted except for the most complex of the\n filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,\n nfs, ocfs2 and xfs as those patches need a bit more review.\n\n The strategy is to push kuid_t and kgid_t values are far down into\n subsystems and filesystems as reasonable. Leaving the make_kuid and\n from_kuid operations to happen at the edge of userspace, as the values\n come off the disk, and as the values come in from the network.\n Letting compile type incompatible compile errors (present when user\n namespaces are enabled) guide me to find the issues.\n\n The most tricky areas have been the places where we had an implicit\n union of uid and gid values and were storing them in an unsigned int.\n Those places were converted into explicit unions. I made certain to\n handle those places with simple trivial patches.\n\n Out of that work I discovered we have generic interfaces for storing\n quota by projid. I had never heard of the project identifiers before.\n Adding full user namespace support for project identifiers accounts\n for most of the code size growth in my git tree.\n\n Ultimately there will be work to relax privlige checks from\n \"capable(FOO)\" to \"ns_capable(user_ns, FOO)\" where it is safe allowing\n root in a user names to do those things that today we only forbid to\n non-root users because it will confuse suid root applications.\n\n While I was pushing kuid_t and kgid_t changes deep into the audit code\n I made a few other cleanups. I capitalized on the fact we process\n netlink messages in the context of the message sender. I removed\n usage of NETLINK_CRED, and started directly using current-\u003etty.\n\n Some of these patches have also made it into maintainer trees, with no\n problems from identical code from different trees showing up in\n linux-next.\n\n After reading through all of this code I feel like I might be able to\n win a game of kernel trivial pursuit.\"\n\nFix up some fairly trivial conflicts in netfilter uid/git logging code.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)\n userns: Convert the ufs filesystem to use kuid/kgid where appropriate\n userns: Convert the udf filesystem to use kuid/kgid where appropriate\n userns: Convert ubifs to use kuid/kgid\n userns: Convert squashfs to use kuid/kgid where appropriate\n userns: Convert reiserfs to use kuid and kgid where appropriate\n userns: Convert jfs to use kuid/kgid where appropriate\n userns: Convert jffs2 to use kuid and kgid where appropriate\n userns: Convert hpfs to use kuid and kgid where appropriate\n userns: Convert btrfs to use kuid/kgid where appropriate\n userns: Convert bfs to use kuid/kgid where appropriate\n userns: Convert affs to use kuid/kgid wherwe appropriate\n userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids\n userns: On ia64 deal with current_uid and current_gid being kuid and kgid\n userns: On ppc convert current_uid from a kuid before printing.\n userns: Convert s390 getting uid and gid system calls to use kuid and kgid\n userns: Convert s390 hypfs to use kuid and kgid where appropriate\n userns: Convert binder ipc to use kuids\n userns: Teach security_path_chown to take kuids and kgids\n userns: Add user namespace support to IMA\n userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n ...\n" }, { "commit": "6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db", "tree": "8faea23112a11f52524eb413f71b7b02712d8b53", "parents": [ "d9f72f359e00a45a6cd7cc2d5121b04b9dc927e1", "6672d90fe779dc0dfffe027c3ede12609df091c2" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tdrivers/net/team/team.c\n\tdrivers/net/usb/qmi_wwan.c\n\tnet/batman-adv/bat_iv_ogm.c\n\tnet/ipv4/fib_frontend.c\n\tnet/ipv4/route.c\n\tnet/l2tp/l2tp_netlink.c\n\nThe team, fib_frontend, route, and l2tp_netlink conflicts were simply\noverlapping changes.\n\nqmi_wwan and bat_iv_ogm were of the \"use HEAD\" variety.\n\nWith help from Antonio Quartulli.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cb0942b81249798e15c3f04eee2946ef543e8115", "tree": "7d494c580a847342577661782c5173f76178aa81", "parents": [ "cecb46f194460d23cacf3b13593f9f5a4f7a0fed" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Aug 27 14:48:26 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:10:25 2012 -0400" }, "message": "make get_file() return its argument\n\nsimplifies a bunch of callers...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c3c073f808b22dfae15ef8412b6f7b998644139a", "tree": "3369bcbe414738d90e6ccfe257f6ce3e72f6a5ae", "parents": [ "ad47bd7252bf402fe7dba92f5240b5ed16832ae7" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Aug 21 22:32:06 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:09:59 2012 -0400" }, "message": "new helper: iterate_fd()\n\niterates through the opened files in given descriptor table,\ncalling a supplied function; we stop once non-zero is returned.\nCallback gets struct file *, descriptor number and const void *\nargument passed to iterator. It is called with files-\u003efile_lock\nheld, so it is not allowed to block.\n\ntty_io, netprio_cgroup and selinux flush_unauthorized_files()\nconverted to its use.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee97cd872d08b8623076f2a63ffb872d0884411a", "tree": "0eb578bbf88459dff4e04b0273531971c539c466", "parents": [ "8280d16172243702ed43432f826ca6130edb4086" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Aug 21 12:26:45 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:09:58 2012 -0400" }, "message": "switch flush_unauthorized_files() to replace_fd()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "581abc09c2205e05256d7f75410345d5392d5098", "tree": "af6bbd233f6030fa51a7dcbf0754e83650e0b0ad", "parents": [ "609fcd1b3a55f99667c61609895c83019b21baad" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Aug 20 00:09:36 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:22 2012 -0700" }, "message": "userns: Convert selinux to use kuid and kgid where appropriate\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "ee8372dd1989287c5eedb69d44bac43f69e496f1", "tree": "419de8719e0cf610f313345d25b231e376083ebd", "parents": [ "b42664f898c976247f7f609b8bb9c94d7475ca10" ], "author": { "name": "Nicolas Dichtel", "email": "nicolas.dichtel@6wind.com", "time": "Mon Sep 10 22:09:45 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 18 15:57:03 2012 -0400" }, "message": "xfrm: invalidate dst on policy insertion/deletion\n\nWhen a policy is inserted or deleted, all dst should be recalculated.\n\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e", "tree": "2a9f9513a13c73cb1196ebe3426389c1140e2888", "parents": [ "9785e10aedfa0fad5c1aac709dce5ada1b123783" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:46:30 2012 -0400" }, "message": "netlink: hide struct module parameter in netlink_kernel_create\n\nThis patch defines netlink_kernel_create as a wrapper function of\n__netlink_kernel_create to hide the struct module *me parameter\n(which seems to be THIS_MODULE in all existing netlink subsystems).\n\nSuggested by David S. Miller.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9785e10aedfa0fad5c1aac709dce5ada1b123783", "tree": "ca523e084318b6e908b18c6f3e9e53ea7e9a1c49", "parents": [ "16fa9e1d104e6f2c18005a4ac7ea60e4c7fc1286" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:53 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:45:27 2012 -0400" }, "message": "netlink: kill netlink_set_nonroot\n\nReplace netlink_set_nonroot by one new field `flags\u0027 in\nstruct netlink_kernel_cfg that is passed to netlink_kernel_create.\n\nThis patch also renames NL_NONROOT_* to NL_CFG_F_NONROOT_* since\nnow the flags field in nl_table is generic (so we can add more\nflags if needed in the future).\n\nAlso adjust all callers in the net-next tree to use these flags\ninstead of netlink_set_nonroot.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6290c2c439732727899405f39fb76c2f5585b707", "tree": "3b016b4602b6711e4354d1b288018888574d9d48", "parents": [ "c76562b6709fee5eff8a6a779be41c0bce661fd7" ], "author": { "name": "Mel Gorman", "email": "mgorman@suse.de", "time": "Tue Jul 31 16:44:44 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 31 18:42:47 2012 -0700" }, "message": "selinux: tag avc cache alloc as non-critical\n\nFailing to allocate a cache entry will only harm performance not\ncorrectness. Do not consume valuable reserve pages for something like\nthat.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Mel Gorman \u003cmgorman@suse.de\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Rik van Riel \u003criel@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nCc: Eric B Munson \u003cemunson@mgebm.net\u003e\nCc: Mel Gorman \u003cmgorman@suse.de\u003e\nCc: Mike Christie \u003cmichaelc@cs.wisc.edu\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e\nCc: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\nCc: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "27c1ee3f929555b71fa39ec0d81a7e7185de1b16", "tree": "42e40bdfe4efac660d650658019391536ce67a42", "parents": [ "37cd9600a9e20359b0283983c9e3a55d84347168", "086ff4b3a7fb9cdf41e6a5d0ccd99b86d84633a1" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 30 17:25:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 30 17:25:34 2012 -0700" }, "message": "Merge branch \u0027akpm\u0027 (Andrew\u0027s patch-bomb)\n\nMerge Andrew\u0027s first set of patches:\n \"Non-MM patches:\n\n - lots of misc bits\n\n - tree-wide have_clk() cleanups\n\n - quite a lot of printk tweaks. I draw your attention to \"printk:\n convert the format for KERN_\u003cLEVEL\u003e to a 2 byte pattern\" which\n looks a bit scary. But afaict it\u0027s solid.\n\n - backlight updates\n\n - lib/ feature work (notably the addition and use of memweight())\n\n - checkpatch updates\n\n - rtc updates\n\n - nilfs updates\n\n - fatfs updates (partial, still waiting for acks)\n\n - kdump, proc, fork, IPC, sysctl, taskstats, pps, etc\n\n - new fault-injection feature work\"\n\n* Merge emailed patches from Andrew Morton \u003cakpm@linux-foundation.org\u003e: (128 commits)\n drivers/misc/lkdtm.c: fix missing allocation failure check\n lib/scatterlist: do not re-write gfp_flags in __sg_alloc_table()\n fault-injection: add tool to run command with failslab or fail_page_alloc\n fault-injection: add selftests for cpu and memory hotplug\n powerpc: pSeries reconfig notifier error injection module\n memory: memory notifier error injection module\n PM: PM notifier error injection module\n cpu: rewrite cpu-notifier-error-inject module\n fault-injection: notifier error injection\n c/r: fcntl: add F_GETOWNER_UIDS option\n resource: make sure requested range is included in the root range\n include/linux/aio.h: cpp-\u003eC conversions\n fs: cachefiles: add support for large files in filesystem caching\n pps: return PTR_ERR on error in device_create\n taskstats: check nla_reserve() return\n sysctl: suppress kmemleak messages\n ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION\n ipc: compat: use signed size_t types for msgsnd and msgrcv\n ipc: allow compat IPC version field parsing if !ARCH_WANT_OLD_COMPAT_IPC\n ipc: add COMPAT_SHMLBA support\n ...\n" }, { "commit": "1d151c337d79fa3de88654d2514f58fbd916a8e0", "tree": "79f96ea4b081f310aa62246e879224467b092261", "parents": [ "65fed8f6f23070b56d0ed3841173ddd410130a89" ], "author": { "name": "Cyrill Gorcunov", "email": "gorcunov@openvz.org", "time": "Mon Jul 30 14:43:00 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 30 17:25:21 2012 -0700" }, "message": "c/r: fcntl: add F_GETOWNER_UIDS option\n\nWhen we restore file descriptors we would like them to look exactly as\nthey were at dumping time.\n\nWith help of fcntl it\u0027s almost possible, the missing snippet is file\nowners UIDs.\n\nTo be able to read their values the F_GETOWNER_UIDS is introduced.\n\nThis option is valid iif CONFIG_CHECKPOINT_RESTORE is turned on, otherwise\nreturning -EINVAL.\n\nSigned-off-by: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: \"Serge E. Hallyn\" \u003cserge@hallyn.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e3fea3f70fd68af0574a5f24246cdb4ed07f2b74", "tree": "c3a8ae06734b2987646dd89c87c0a16ee50d420e", "parents": [ "5935e6dcaaa8f666dd7f1169fa87d36752ebeb94" ], "author": { "name": "Al Viro", "email": "viro@ZenIV.linux.org.uk", "time": "Sat Jun 09 08:15:16 2012 +0100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Mon Jul 30 15:36:50 2012 +1000" }, "message": "selinux: fix selinux_inode_setxattr oops\n\nOK, what we have so far is e.g.\n\tsetxattr(path, name, whatever, 0, XATTR_REPLACE)\nwith name being good enough to get through xattr_permission().\nThen we reach security_inode_setxattr() with the desired value and size.\nAha. name should begin with \"security.selinux\", or we won\u0027t get that\nfar in selinux_inode_setxattr(). Suppose we got there and have enough\npermissions to relabel that sucker. We call security_context_to_sid()\nwith value \u003d\u003d NULL, size \u003d\u003d 0. OK, we want ss_initialized to be non-zero.\nI.e. after everything had been set up and running. No problem...\n\nWe do 1-byte kmalloc(), zero-length memcpy() (which doesn\u0027t oops, even\nthought the source is NULL) and put a NUL there. I.e. form an empty\nstring. string_to_context_struct() is called and looks for the first\n\u0027:\u0027 in there. Not found, -EINVAL we get. OK, security_context_to_sid_core()\nhas rc \u003d\u003d -EINVAL, force \u003d\u003d 0, so it silently returns -EINVAL.\nAll it takes now is not having CAP_MAC_ADMIN and we are fucked.\n\nAll right, it might be a different bug (modulo strange code quoted in the\nreport), but it\u0027s real. Easily fixed, AFAICS:\n\nDeal with size \u003d\u003d 0, value \u003d\u003d NULL case in selinux_inode_setxattr()\n\nCc: stable@vger.kernel.org\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nTested-by: Dave Jones \u003cdavej@redhat.com\u003e\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8ded2bbc1845e19c771eb55209aab166ef011243", "tree": "9ab400cdd407a9426fdfcc3432d7c0e19a0607ed", "parents": [ "4cb38750d49010ae72e718d46605ac9ba5a851b4" ], "author": { "name": "Josh Boyer", "email": "jwboyer@redhat.com", "time": "Wed Jul 25 10:40:34 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 26 13:36:43 2012 -0700" }, "message": "posix_types.h: Cleanup stale __NFDBITS and related definitions\n\nRecently, glibc made a change to suppress sign-conversion warnings in\nFD_SET (glibc commit ceb9e56b3d1). This uncovered an issue with the\nkernel\u0027s definition of __NFDBITS if applications #include\n\u003clinux/types.h\u003e after including \u003csys/select.h\u003e. A build failure would\nbe seen when passing the -Werror\u003dsign-compare and -D_FORTIFY_SOURCE\u003d2\nflags to gcc.\n\nIt was suggested that the kernel should either match the glibc\ndefinition of __NFDBITS or remove that entirely. The current in-kernel\nuses of __NFDBITS can be replaced with BITS_PER_LONG, and there are no\nuses of the related __FDELT and __FDMASK defines. Given that, we\u0027ll\ncontinue the cleanup that was started with commit 8b3d1cda4f5f\n(\"posix_types: Remove fd_set macros\") and drop the remaining unused\nmacros.\n\nAdditionally, linux/time.h has similar macros defined that expand to\nnothing so we\u0027ll remove those at the same time.\n\nReported-by: Jeff Law \u003claw@redhat.com\u003e\nSuggested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCC: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Josh Boyer \u003cjwboyer@redhat.com\u003e\n[ .. and fix up whitespace as per akpm ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3c4cfadef6a1665d9cd02a543782d03d3e6740c6", "tree": "3df72faaacd494d5ac8c9668df4f529b1b5e4457", "parents": [ "e017507f37d5cb8b541df165a824958bc333bec3", "320f5ea0cedc08ef65d67e056bcb9d181386ef2c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 24 10:01:50 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 24 10:01:50 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David S Miller:\n\n 1) Remove the ipv4 routing cache. Now lookups go directly into the FIB\n trie and use prebuilt routes cached there.\n\n No more garbage collection, no more rDOS attacks on the routing\n cache. Instead we now get predictable and consistent performance,\n no matter what the pattern of traffic we service.\n\n This has been almost 2 years in the making. Special thanks to\n Julian Anastasov, Eric Dumazet, Steffen Klassert, and others who\n have helped along the way.\n\n I\u0027m sure that with a change of this magnitude there will be some\n kind of fallout, but such things ought the be simple to fix at this\n point. Luckily I\u0027m not European so I\u0027ll be around all of August to\n fix things :-)\n\n The major stages of this work here are each fronted by a forced\n merge commit whose commit message contains a top-level description\n of the motivations and implementation issues.\n\n 2) Pre-demux of established ipv4 TCP sockets, saves a route demux on\n input.\n\n 3) TCP SYN/ACK performance tweaks from Eric Dumazet.\n\n 4) Add namespace support for netfilter L4 conntrack helpers, from Gao\n Feng.\n\n 5) Add config mechanism for Energy Efficient Ethernet to ethtool, from\n Yuval Mintz.\n\n 6) Remove quadratic behavior from /proc/net/unix, from Eric Dumazet.\n\n 7) Support for connection tracker helpers in userspace, from Pablo\n Neira Ayuso.\n\n 8) Allow userspace driven TX load balancing functions in TEAM driver,\n from Jiri Pirko.\n\n 9) Kill off NLMSG_PUT and RTA_PUT macros, more gross stuff with\n embedded gotos.\n\n10) TCP Small Queues, essentially minimize the amount of TCP data queued\n up in the packet scheduler layer. Whereas the existing BQL (Byte\n Queue Limits) limits the pkt_sched --\u003e netdevice queuing levels,\n this controls the TCP --\u003e pkt_sched queueing levels.\n\n From Eric Dumazet.\n\n11) Reduce the number of get_page/put_page ops done on SKB fragments,\n from Alexander Duyck.\n\n12) Implement protection against blind resets in TCP (RFC 5961), from\n Eric Dumazet.\n\n13) Support the client side of TCP Fast Open, basically the ability to\n send data in the SYN exchange, from Yuchung Cheng.\n\n Basically, the sender queues up data with a sendmsg() call using\n MSG_FASTOPEN, then they do the connect() which emits the queued up\n fastopen data.\n\n14) Avoid all the problems we get into in TCP when timers or PMTU events\n hit a locked socket. The TCP Small Queues changes added a\n tcp_release_cb() that allows us to queue work up to the\n release_sock() caller, and that\u0027s what we use here too. From Eric\n Dumazet.\n\n15) Zero copy on TX support for TUN driver, from Michael S. Tsirkin.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1870 commits)\n genetlink: define lockdep_genl_is_held() when CONFIG_LOCKDEP\n r8169: revert \"add byte queue limit support\".\n ipv4: Change rt-\u003ert_iif encoding.\n net: Make skb-\u003eskb_iif always track skb-\u003edev\n ipv4: Prepare for change of rt-\u003ert_iif encoding.\n ipv4: Remove all RTCF_DIRECTSRC handliing.\n ipv4: Really ignore ICMP address requests/replies.\n decnet: Don\u0027t set RTCF_DIRECTSRC.\n net/ipv4/ip_vti.c: Fix __rcu warnings detected by sparse.\n ipv4: Remove redundant assignment\n rds: set correct msg_namelen\n openvswitch: potential NULL deref in sample()\n tcp: dont drop MTU reduction indications\n bnx2x: Add new 57840 device IDs\n tcp: avoid oops in tcp_metrics and reset tcpm_stamp\n niu: Change niu_rbr_fill() to use unlikely() to check niu_rbr_add_page() return value\n niu: Fix to check for dma mapping errors.\n net: Fix references to out-of-scope variables in put_cmsg_compat()\n net: ethernet: davinci_emac: add pm_runtime support\n net: ethernet: davinci_emac: Remove unnecessary #include\n ...\n" }, { "commit": "a66d2c8f7ec1284206ca7c14569e2a607583f1e3", "tree": "08cf68bcef3559b370843cab8191e5cc0f740bde", "parents": [ "a6be1fcbc57f95bb47ef3c8e4ee3d83731b8f21e", "8cae6f7158ec1fa44c8a04a43db7d8020ec60437" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 23 12:27:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 23 12:27:27 2012 -0700" }, "message": "Merge branch \u0027for-linus-2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull the big VFS changes from Al Viro:\n \"This one is *big* and changes quite a few things around VFS. What\u0027s in there:\n\n - the first of two really major architecture changes - death to open\n intents.\n\n The former is finally there; it was very long in making, but with\n Miklos getting through really hard and messy final push in\n fs/namei.c, we finally have it. Unlike his variant, this one\n doesn\u0027t introduce struct opendata; what we have instead is\n -\u003eatomic_open() taking preallocated struct file * and passing\n everything via its fields.\n\n Instead of returning struct file *, it returns -E... on error, 0\n on success and 1 in \"deal with it yourself\" case (e.g. symlink\n found on server, etc.).\n\n See comments before fs/namei.c:atomic_open(). That made a lot of\n goodies finally possible and quite a few are in that pile:\n -\u003elookup(), -\u003ed_revalidate() and -\u003ecreate() do not get struct\n nameidata * anymore; -\u003elookup() and -\u003ed_revalidate() get lookup\n flags instead, -\u003ecreate() gets \"do we want it exclusive\" flag.\n\n With the introduction of new helper (kern_path_locked()) we are rid\n of all struct nameidata instances outside of fs/namei.c; it\u0027s still\n visible in namei.h, but not for long. Come the next cycle,\n declaration will move either to fs/internal.h or to fs/namei.c\n itself. [me, miklos, hch]\n\n - The second major change: behaviour of final fput(). Now we have\n __fput() done without any locks held by caller *and* not from deep\n in call stack.\n\n That obviously lifts a lot of constraints on the locking in there.\n Moreover, it\u0027s legal now to call fput() from atomic contexts (which\n has immediately simplified life for aio.c). We also don\u0027t need\n anti-recursion logics in __scm_destroy() anymore.\n\n There is a price, though - the damn thing has become partially\n asynchronous. For fput() from normal process we are guaranteed\n that pending __fput() will be done before the caller returns to\n userland, exits or gets stopped for ptrace.\n\n For kernel threads and atomic contexts it\u0027s done via\n schedule_work(), so theoretically we might need a way to make sure\n it\u0027s finished; so far only one such place had been found, but there\n might be more.\n\n There\u0027s flush_delayed_fput() (do all pending __fput()) and there\u0027s\n __fput_sync() (fput() analog doing __fput() immediately). I hope\n we won\u0027t need them often; see warnings in fs/file_table.c for\n details. [me, based on task_work series from Oleg merged last\n cycle]\n\n - sync series from Jan\n\n - large part of \"death to sync_supers()\" work from Artem; the only\n bits missing here are exofs and ext4 ones. As far as I understand,\n those are going via the exofs and ext4 trees resp.; once they are\n in, we can put -\u003ewrite_super() to the rest, along with the thread\n calling it.\n\n - preparatory bits from unionmount series (from dhowells).\n\n - assorted cleanups and fixes all over the place, as usual.\n\n This is not the last pile for this cycle; there\u0027s at least jlayton\u0027s\n ESTALE work and fsfreeze series (the latter - in dire need of fixes,\n so I\u0027m not sure it\u0027ll make the cut this cycle). I\u0027ll probably throw\n symlink/hardlink restrictions stuff from Kees into the next pile, too.\n Plus there\u0027s a lot of misc patches I hadn\u0027t thrown into that one -\n it\u0027s large enough as it is...\"\n\n* \u0027for-linus-2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (127 commits)\n ext4: switch EXT4_IOC_RESIZE_FS to mnt_want_write_file()\n btrfs: switch btrfs_ioctl_balance() to mnt_want_write_file()\n switch dentry_open() to struct path, make it grab references itself\n spufs: shift dget/mntget towards dentry_open()\n zoran: don\u0027t bother with struct file * in zoran_map\n ecryptfs: don\u0027t reinvent the wheels, please - use struct completion\n don\u0027t expose I_NEW inodes via dentry-\u003ed_inode\n tidy up namei.c a bit\n unobfuscate follow_up() a bit\n ext3: pass custom EOF to generic_file_llseek_size()\n ext4: use core vfs llseek code for dir seeks\n vfs: allow custom EOF in generic_file_llseek code\n vfs: Avoid unnecessary WB_SYNC_NONE writeback during sys_sync and reorder sync passes\n vfs: Remove unnecessary flushing of block devices\n vfs: Make sys_sync writeout also block device inodes\n vfs: Create function for iterating over block devices\n vfs: Reorder operations during sys_sync\n quota: Move quota syncing to -\u003esync_fs method\n quota: Split dquot_quota_sync() to writeback and cache flushing part\n vfs: Move noop_backing_dev_info check from sync into writeback\n ...\n" }, { "commit": "765927b2d508712d320c8934db963bbe14c3fcec", "tree": "97acdb14fae285764def396c4ed01d4d5c93e76a", "parents": [ "bf349a447059656ebe63fb4fd1ccb27ac1da22ad" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 26 21:58:53 2012 +0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 23 00:01:29 2012 +0400" }, "message": "switch dentry_open() to struct path, make it grab references itself\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "abaa72d7fd9a20a67b62e6afa0e746e27851dc33", "tree": "ebe4134fcc93a6e205e6004b3e652d7a62281651", "parents": [ "67da22d23fa6f3324e03bcd0580b914b2e4afbf3", "3e4b9459fb0e149c6b74c9e89399a8fc39a92b44" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 19 11:17:30 2012 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jul 19 11:17:30 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tdrivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c\n" }, { "commit": "e2f3b78557ff11f58d836e016900c3210f4fb1c1", "tree": "7ecaa578bee0dd90fc22daa0e3a736411f2d4309", "parents": [ "6f7024285864290259d6b4c36f9e84a4b89ec3c4", "3d2195c3324b27e65ba53d9626a6bd91a2515797" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 18 13:42:44 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 18 13:42:44 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull SELinux regression fixes from James Morris.\n\nAndrew Morton has a box that hit that open perms problem.\n\nI also renamed the \"epollwakeup\" selinux name for the new capability to\nbe \"block_suspend\", to match the rename done by commit d9914cf66181\n(\"PM: Rename CAP_EPOLLWAKEUP to CAP_BLOCK_SUSPEND\").\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n SELinux: do not check open perms if they are not known to policy\n SELinux: include definition of new capabilities\n" }, { "commit": "3d2195c3324b27e65ba53d9626a6bd91a2515797", "tree": "c17445689c2926fa446c9bef4f5b169b60ce4f15", "parents": [ "64919e60915c5151b3dd4c8d2d9237a115ca990c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 06 14:13:30 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Mon Jul 16 11:41:47 2012 +1000" }, "message": "SELinux: do not check open perms if they are not known to policy\n\nWhen I introduced open perms policy didn\u0027t understand them and I\nimplemented them as a policycap. When I added the checking of open perm\nto truncate I forgot to conditionalize it on the userspace defined\npolicy capability. Running an old policy with a new kernel will not\ncheck open on open(2) but will check it on truncate. Conditionalize the\ntruncate check the same as the open check.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nCc: stable@vger.kernel.org # 3.4.x\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "64919e60915c5151b3dd4c8d2d9237a115ca990c", "tree": "712cbc272e15a3b3fe70f27a1ac1d7c57bf2300c", "parents": [ "918227bb1b59444a2c467711fd50cc22bb4a897b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 06 14:13:29 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Mon Jul 16 11:40:31 2012 +1000" }, "message": "SELinux: include definition of new capabilities\n\nThe kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP. We need to\ndefine these in SELinux so they can be mediated by policy.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a31f2d17b331db970259e875b7223d3aba7e3821", "tree": "0d10021be81446ab360f4240b0d16729f518387f", "parents": [ "dd7f36ba3ce17d4fe85987d83efd5901b0935816" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Fri Jun 29 06:15:21 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 29 16:46:02 2012 -0700" }, "message": "netlink: add netlink_kernel_cfg parameter to netlink_kernel_create\n\nThis patch adds the following structure:\n\nstruct netlink_kernel_cfg {\n unsigned int groups;\n void (*input)(struct sk_buff *skb);\n struct mutex *cb_mutex;\n};\n\nThat can be passed to netlink_kernel_create to set optional configurations\nfor netlink kernel sockets.\n\nI\u0027ve populated this structure by looking for NULL and zero parameters at the\nexisting code. The remaining parameters that always need to be set are still\nleft in the original interface.\n\nThat includes optional parameters for the netlink socket creation. This allows\neasy extensibility of this interface in the future.\n\nThis patch also adapts all callers to use this new interface.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "01f534d0ae9d7b3ad4dcd943d53418731da82ea7", "tree": "fe28a740034f70149a07812e62b5b88080e95531", "parents": [ "b61bb01974730e2fd7d36ab4cc848ca6f44cffd4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:41:57 2012 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:54:06 2012 -0700" }, "message": "selinux: netlink: Move away from NLMSG_PUT().\n\nAnd use nlmsg_data() while we\u0027re here too.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2597a8344ce051d0afe331706bcb4660bbdb9861", "tree": "f0ab9af632909f4afea1a162370a94583d91ba78", "parents": [ "4c809d630c17af0e8112d5362367ced9b44b009b" ], "author": { "name": "Alban Crequy", "email": "alban.crequy@collabora.co.uk", "time": "Mon May 14 03:56:39 2012 +0000" }, "committer": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Thu Jun 07 14:58:43 2012 +0200" }, "message": "netfilter: selinux: switch hook PFs to nfproto\n\nThis patch is a cleanup. Use NFPROTO_* for consistency with other\nnetfilter code.\n\nSigned-off-by: Alban Crequy \u003calban.crequy@collabora.co.uk\u003e\nReviewed-by: Javier Martinez Canillas \u003cjavier.martinez@collabora.co.uk\u003e\nReviewed-by: Vincent Sanders \u003cvincent.sanders@collabora.co.uk\u003e\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\n" }, { "commit": "e5467859f7f79b69fc49004403009dfdba3bec53", "tree": "73b011daf79eeddd61bbcaf65cd197b5e5f6f149", "parents": [ "d007794a182bc072a7b7479909dbd0d67ba341be" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:30:51 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:11:54 2012 -0400" }, "message": "split -\u003efile_mmap() into -\u003emmap_addr()/-\u003emmap_file()\n\n... i.e. file-dependent and address-dependent checks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d007794a182bc072a7b7479909dbd0d67ba341be", "tree": "75aa7ccd563a0fe8b60391824c92f64098674dda", "parents": [ "cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:11:37 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:10:54 2012 -0400" }, "message": "split cap_mmap_addr() out of cap_file_mmap()\n\n... switch callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cc1dad7183e4cb7f5d313b6942f2059fc0eabab6", "tree": "372614e5c981ff868682af2babdd8d0fec356952", "parents": [ "c862868bb455694704c255481369c40d7185eb25" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 02 19:40:47 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue May 29 23:28:33 2012 -0400" }, "message": "selinuxfs snprintf() misuses\n\na) %d does _not_ produce a page worth of output\nb) snprintf() doesn\u0027t return negatives - it used to in old glibc, but\nthat\u0027s the kernel...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b", "tree": "4322be35db678f6299348a76ad60a2023954af7d", "parents": [ "99262a3dafa3290866512ddfb32609198f8973e9", "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"New notable features:\n - The seccomp work from Will Drewry\n - PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski\n - Longer security labels for Smack from Casey Schaufler\n - Additional ptrace restriction modes for Yama by Kees Cook\"\n\nFix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)\n apparmor: fix long path failure due to disconnected path\n apparmor: fix profile lookup for unconfined\n ima: fix filename hint to reflect script interpreter name\n KEYS: Don\u0027t check for NULL key pointer in key_validate()\n Smack: allow for significantly longer Smack labels v4\n gfp flags for security_inode_alloc()?\n Smack: recursive tramsmute\n Yama: replace capable() with ns_capable()\n TOMOYO: Accept manager programs which do not start with / .\n KEYS: Add invalidation support\n KEYS: Do LRU discard in full keyrings\n KEYS: Permit in-place link replacement in keyring list\n KEYS: Perform RCU synchronisation on keys prior to key destruction\n KEYS: Announce key type (un)registration\n KEYS: Reorganise keys Makefile\n KEYS: Move the key config into security/keys/Kconfig\n KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat\n Yama: remove an unused variable\n samples/seccomp: fix dependencies on arch macros\n Yama: add additional ptrace scopes\n ...\n" }, { "commit": "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab", "tree": "9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f", "parents": [ "cffee16e8b997ab947de661e8820e486b0830c94", "c737f8284cac91428f8fcc8281e69117fa16e887" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n\nPer pull request, for 3.5.\n" }, { "commit": "d16cf20e2f2f13411eece7f7fb72c17d141c4a84", "tree": "8154b3db8cdbb4b8d9f35d4c407cfe961253f0b4", "parents": [ "6714cf5465d2803a21c6a46c1ea747795a8889fa" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 19:45:28 2012 +0200" }, "committer": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 20:25:42 2012 +0200" }, "message": "netfilter: remove ip_queue support\n\nThis patch removes ip_queue support which was marked as obsolete\nyears ago. The nfnetlink_queue modules provides more advanced\nuser-space packet queueing mechanism.\n\nThis patch also removes capability code included in SELinux that\nrefers to ip_queue. Otherwise, we break compilation.\n\nSeveral warning has been sent regarding this to the mailing list\nin the past month without anyone rising the hand to stop this\nwith some strong argument.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\n" }, { "commit": "259e5e6c75a910f3b5e656151dc602f53f9d7548", "tree": "4405fdf68238f2e33f27b04e8c37c9e29a2493d8", "parents": [ "9ccf010f8172b699ea80178860e8ea228f7dce56" ], "author": { "name": "Andy Lutomirski", "email": "luto@amacapital.net", "time": "Thu Apr 12 16:47:50 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:18 2012 +1000" }, "message": "Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time. For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set. The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries. By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged. For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use. It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nv18: updated change desc\nv17: using new define values as per 3.4\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "c737f8284cac91428f8fcc8281e69117fa16e887", "tree": "7cb4cd77df9786925aa2c7cad919c4881651638b", "parents": [ "562c99f20d989f222138dddfd71e275bfb3665de" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 05 13:51:53 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:57 2012 -0400" }, "message": "SELinux: remove unused common_audit_data in flush_unauthorized_files\n\nWe don\u0027t need this variable and it just eats stack space. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "562c99f20d989f222138dddfd71e275bfb3665de", "tree": "47743a88f3aed8b77f79899f45409a597ab77263", "parents": [ "0b36e44cc680b355f0d1b34002b2a10c9e1cae60" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:14 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:44 2012 -0400" }, "message": "SELinux: avc: remove the useless fields in avc_add_callback\n\navc_add_callback now just used for registering reset functions\nin initcalls, and the callback functions just did reset operations.\nSo, reducing the arguments to only one event is enough now.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0b36e44cc680b355f0d1b34002b2a10c9e1cae60", "tree": "60e6a2800af2980b1b83206d2b6f6fd20baf4165", "parents": [ "899838b25f063a94594b1df6e0100aea1ec57fac" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:13 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:07 2012 -0400" }, "message": "SELinux: replace weak GFP_ATOMIC to GFP_KERNEL in avc_add_callback\n\navc_add_callback now only called from initcalls, so replace the\nweak GFP_ATOMIC to GFP_KERNEL, and mark this function __init\nto make a warning when not been called from initcalls.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "899838b25f063a94594b1df6e0100aea1ec57fac", "tree": "ce22a1fca876195237ba92051cb12b34aa957447", "parents": [ "1d3492927118d0ce1ea1ff3e007746699cba8f3e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:06 2012 -0400" }, "message": "SELinux: unify the selinux_audit_data and selinux_late_audit_data\n\nWe no longer need the distinction. We only need data after we decide to do an\naudit. So turn the \"late\" audit data into just \"data\" and remove what we\ncurrently have as \"data\".\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1d3492927118d0ce1ea1ff3e007746699cba8f3e", "tree": "16f50a33be365548a77dfb199337031779af86eb", "parents": [ "50c205f5e5c2e2af002fd4ef537ded79b90b1b56" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:05 2012 -0400" }, "message": "SELinux: remove auditdeny from selinux_audit_data\n\nIt\u0027s just takin\u0027 up space.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "50c205f5e5c2e2af002fd4ef537ded79b90b1b56", "tree": "9965a7746aa8c5e982357d5b8c46850f3283206c", "parents": [ "07f62eb66c6626aa5653a0fcb34c9c040d0bd032" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:04 2012 -0400" }, "message": "LSM: do not initialize common_audit_data to 0\n\nIt isn\u0027t needed. If you don\u0027t set the type of the data associated with\nthat type it is a pretty obvious programming bug. So why waste the cycles?\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b466066f9b648ccb6aa1e174f0389b7433e460fd", "tree": "beaec41a751db3ceeb55e4c428bb7e1fe995d880", "parents": [ "0972c74ecba4878baa5f97bb78b242c0eefacfb6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:03 2012 -0400" }, "message": "LSM: remove the task field from common_audit_data\n\nThere are no legitimate users. Always use current and get back some stack\nspace for the common_audit_data.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bd5e50f9c1c71daac273fa586424f07205f6b13b", "tree": "57331d7e1941077cd55d33e7f12e6f8a07cdd80e", "parents": [ "d4cf970d0732628d514405c5a975024b9e205b0b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:01 2012 -0400" }, "message": "LSM: remove the COMMON_AUDIT_DATA_INIT type expansion\n\nJust open code it so grep on the source code works better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d4cf970d0732628d514405c5a975024b9e205b0b", "tree": "481f90ea13b2cbc8dd77bc934aa91024c1df6587", "parents": [ "602a8dd6ea6abd463bc26310c4a1b44919f88e68" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: move common_audit_data to a noinline slow path function\n\nselinux_inode_has_perm is a hot path. Instead of declaring the\ncommon_audit_data on the stack move it to a noinline function only used in\nthe rare case we need to send an audit message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "602a8dd6ea6abd463bc26310c4a1b44919f88e68", "tree": "426df8399ff298942a7e30c3a360a666e51ba920", "parents": [ "2e33405785d3eaec303c54b4a10afdebf3729da7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: remove inode_has_perm_noadp\n\nBoth callers could better be using file_has_perm() to get better audit\nresults.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2e33405785d3eaec303c54b4a10afdebf3729da7", "tree": "f4c0d114503796e9f958341393e336f76a7eb6dd", "parents": [ "154c50ca4eb9ae472f50b6a481213e21ead4457d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:59 2012 -0400" }, "message": "SELinux: delay initialization of audit data in selinux_inode_permission\n\nWe pay a rather large overhead initializing the common_audit_data.\nSince we only need this information if we actually emit an audit\nmessage there is little need to set it up in the hot path. This patch\nsplits the functionality of avc_has_perm() into avc_has_perm_noaudit(),\navc_audit_required() and slow_avc_audit(). But we take care of setting\nup to audit between required() and the actual audit call. Thus saving\nmeasurable time in a hot path.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "154c50ca4eb9ae472f50b6a481213e21ead4457d", "tree": "8f496c340514e7041c50e212aa1d45a18ca7476c", "parents": [ "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:47:11 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:58 2012 -0400" }, "message": "SELinux: if sel_make_bools errors don\u0027t leave inconsistent state\n\nWe reset the bool names and values array to NULL, but do not reset the\nnumber of entries in these arrays to 0. If we error out and then get back\ninto this function we will walk these NULL pointers based on the belief\nthat they are non-zero length.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\ncc: stable@kernel.org\n" }, { "commit": "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f", "tree": "c9fb517b25ff64f1a07abf62fa90512a48949fc4", "parents": [ "bb7081ab93582fd2557160549854200a5fc7b42a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:46 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:57 2012 -0400" }, "message": "SELinux: remove needless sel_div function\n\nI\u0027m not really sure what the idea behind the sel_div function is, but it\u0027s\nuseless. Since a and b are both unsigned, it\u0027s impossible for a % b \u003c 0.\nThat means that part of the function never does anything. Thus it\u0027s just a\nnormal /. Just do that instead. I don\u0027t even understand what that operation\nwas supposed to mean in the signed case however....\n\nIf it was signed:\nsel_div(-2, 4) \u003d\u003d ((-2 / 4) - ((-2 % 4) \u003c 0))\n\t\t ((0) - ((-2) \u003c 0))\n\t\t ((0) - (1))\n\t\t (-1)\n\nWhat actually happens:\nsel_div(-2, 4) \u003d\u003d ((18446744073709551614 / 4) - ((18446744073709551614 % 4) \u003c 0))\n\t\t ((4611686018427387903) - ((2 \u003c 0))\n\t\t (4611686018427387903 - 0)\n\t\t ((unsigned int)4611686018427387903)\n\t\t (4294967295)\n\nNeither makes a whole ton of sense to me. So I\u0027m getting rid of the\nfunction entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bb7081ab93582fd2557160549854200a5fc7b42a", "tree": "fa95a4c7f31d7f3f06d38eab68fcdd19da102e82", "parents": [ "d6ea83ec6864e9297fa8b00ec3dae183413a90e3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:36 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: possible NULL deref in context_struct_to_string\n\nIt\u0027s possible that the caller passed a NULL for scontext. However if this\nis a defered mapping we might still attempt to call *scontext\u003dkstrdup().\nThis is bad. Instead just return the len.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d6ea83ec6864e9297fa8b00ec3dae183413a90e3", "tree": "8a64f20f1a930d8f6ecd5ce0368c55a0c83f49dc", "parents": [ "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:49 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: audit failed attempts to set invalid labels\n\nWe know that some yum operation is causing CAP_MAC_ADMIN failures. This\nimplies that an RPM is laying down (or attempting to lay down) a file with\nan invalid label. The problem is that we don\u0027t have any information to\ntrack down the cause. This patch will cause such a failure to report the\nfailed label in an SELINUX_ERR audit message. This is similar to the\nSELINUX_ERR reports on invalid transitions and things like that. It should\nhelp run down problems on what is trying to set invalid labels in the\nfuture.\n\nResulting records look something like:\ntype\u003dAVC msg\u003daudit(1319659241.138:71): avc: denied { mac_admin } for pid\u003d2594 comm\u003d\"chcon\" capability\u003d33 scontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass\u003dcapability2\ntype\u003dSELINUX_ERR msg\u003daudit(1319659241.138:71): op\u003dsetxattr invalid_context\u003dunconfined_u:object_r:hello:s0\ntype\u003dSYSCALL msg\u003daudit(1319659241.138:71): arch\u003dc000003e syscall\u003d188 success\u003dno exit\u003d-22 a0\u003da2c0e0 a1\u003d390341b79b a2\u003da2d620 a3\u003d1f items\u003d1 ppid\u003d2519 pid\u003d2594 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"chcon\" exe\u003d\"/usr/bin/chcon\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dCWD msg\u003daudit(1319659241.138:71): cwd\u003d\"/root\" type\u003dPATH msg\u003daudit(1319659241.138:71): item\u003d0 name\u003d\"test\" inode\u003d785879 dev\u003dfc:03 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dunconfined_u:object_r:admin_home_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9", "tree": "e0d77f21bda5bec5ace52b3fa557f87b1bb57631", "parents": [ "95dbf739313f09c8d859bde1373bc264ef979337" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:40 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:50 2012 -0400" }, "message": "SELinux: rename dentry_open to file_open\n\ndentry_open takes a file, rename it to file_open\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "95dbf739313f09c8d859bde1373bc264ef979337", "tree": "c798947b740826f1fc6403d8ed840565a086e7ea", "parents": [ "eed7795d0a2c9b2e934afc088e903fa2c17b7958" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:34 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:49 2012 -0400" }, "message": "SELinux: check OPEN on truncate calls\n\nIn RH BZ 578841 we realized that the SELinux sandbox program was allowed to\ntruncate files outside of the sandbox. The reason is because sandbox\nconfinement is determined almost entirely by the \u0027open\u0027 permission. The idea\nwas that if the sandbox was unable to open() files it would be unable to do\nharm to those files. This turns out to be false in light of syscalls like\ntruncate() and chmod() which don\u0027t require a previous open() call. I looked\nat the syscalls that did not have an associated \u0027open\u0027 check and found that\ntruncate(), did not have a seperate permission and even if it did have a\nseparate permission such a permission owuld be inadequate for use by\nsandbox (since it owuld have to be granted so liberally as to be useless).\nThis patch checks the OPEN permission on truncate. I think a better solution\nfor sandbox is a whole new permission, but at least this fixes what we have\ntoday.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "eed7795d0a2c9b2e934afc088e903fa2c17b7958", "tree": "8f402c793774abfea12fd86bec741f0056302324", "parents": [ "aa893269de6277b44be88e25dcd5331c934c29c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:48 2012 -0400" }, "message": "SELinux: add default_type statements\n\nBecause Fedora shipped userspace based on my development tree we now\nhave policy version 27 in the wild defining only default user, role, and\nrange. Thus to add default_type we need a policy.28.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "aa893269de6277b44be88e25dcd5331c934c29c4", "tree": "f994e023f787c1665b65725f2c009a9f5a021be7", "parents": [ "6ce74ec75ca690c4fb3a3c5f8b7767d094d93215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:47 2012 -0400" }, "message": "SELinux: allow default source/target selectors for user/role/range\n\nWhen new objects are created we have great and flexible rules to\ndetermine the type of the new object. We aren\u0027t quite as flexible or\nmature when it comes to determining the user, role, and range. This\npatch adds a new ability to specify the place a new objects user, role,\nand range should come from. For users and roles it can come from either\nthe source or the target of the operation. aka for files the user can\neither come from the source (the running process and todays default) or\nit can come from the target (aka the parent directory of the new file)\n\nexamples always are done with\ndirectory context: system_u:object_r:mnt_t:s0-s0:c0.c512\nprocess context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n\n[no rule]\n\tunconfined_u:object_r:mnt_t:s0 test_none\n[default user source]\n\tunconfined_u:object_r:mnt_t:s0 test_user_source\n[default user target]\n\tsystem_u:object_r:mnt_t:s0 test_user_target\n[default role source]\n\tunconfined_u:unconfined_r:mnt_t:s0 test_role_source\n[default role target]\n\tunconfined_u:object_r:mnt_t:s0 test_role_target\n[default range source low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_source_low\n[default range source high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high\n[default range source low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high\n[default range target low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_target_low\n[default range target high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high\n[default range target low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "72e8c8593f8fdb983d9cd79d824f6b48ef21f14f", "tree": "1a1a81d6fc9007f18bedaace192708efd889eaf7", "parents": [ "47a93a5bcb131879d4425d4559e90ad82990825d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:36 2012 -0400" }, "message": "SELinux: loosen DAC perms on reading policy\n\nThere is no reason the DAC perms on reading the policy file need to be root\nonly. There are selinux checks which should control this access.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "47a93a5bcb131879d4425d4559e90ad82990825d", "tree": "93bc837f9ffbd3f2ed6f7e44e2d2773714b9ada0", "parents": [ "0034102808e0dbbf3a2394b82b1bb40b5778de9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:30 2012 -0400" }, "message": "SELinux: allow seek operations on the file exposing policy\n\nsesearch uses:\nlseek(3, 0, SEEK_SET) \u003d -1 ESPIPE (Illegal seek)\n\nMake that work.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b61c37f57988567c84359645f8202a7c84bc798a", "tree": "a808c891711d060060a751f4119198dc06e2c847", "parents": [ "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 02 15:48:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:59 2012 -0700" }, "message": "lsm_audit: don\u0027t specify the audit pre/post callbacks in \u0027struct common_audit_data\u0027\n\nIt just bloats the audit data structure for no good reason, since the\nonly time those fields are filled are just before calling the\ncommon_lsm_audit() function, which is also the only user of those\nfields.\n\nSo just make them be the arguments to common_lsm_audit(), rather than\nbloating that structure that is passed around everywhere, and is\ninitialized in hot paths.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09", "tree": "20a7485417c8528d975ef4ff6e90467f63f67ab2", "parents": [ "f8294f1144ad0630075918df4bf94075f5384604" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:38:00 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:41 2012 -0700" }, "message": "SELinux: do not allocate stack space for AVC data unless needed\n\nInstead of declaring the entire selinux_audit_data on the stack when we\nstart an operation on declare it on the stack if we are going to use it.\nWe know it\u0027s usefulness at the end of the security decision and can declare\nit there.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f8294f1144ad0630075918df4bf94075f5384604", "tree": "9c794bc9a5cbc688d3b6819d211df16b979a56c9", "parents": [ "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:55 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from slow_avc_audit()\n\nWe don\u0027t use the argument, so remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02", "tree": "55d2bfda38776aeed69b82cf0bd5b409744b4afd", "parents": [ "48c62af68a403ef1655546bd3e021070c8508573" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:50 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from selinux_audit_data\n\nWe do not use it. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "48c62af68a403ef1655546bd3e021070c8508573", "tree": "ba938e4fb45d5bdaad2dad44071d0625f8e36945", "parents": [ "3b3b0e4fc15efa507b902d90cea39e496a523c3b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:44 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "LSM: shrink the common_audit_data data union\n\nAfter shrinking the common_audit_data stack usage for private LSM data I\u0027m\nnot going to shrink the data union. To do this I\u0027m going to move anything\nlarger than 2 void * ptrs to it\u0027s own structure and require it to be declared\nseparately on the calling stack. Thus hot paths which don\u0027t need more than\na couple pointer don\u0027t have to declare space to hold large unneeded\nstructures. I could get this down to one void * by dealing with the key\nstruct and the struct path. We\u0027ll see if that is helpful after taking care of\nnetworking.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b3b0e4fc15efa507b902d90cea39e496a523c3b", "tree": "d7b91c21ad6c6f4ac21dd51297b74eec47c61684", "parents": [ "95694129b43165911dc4e8a972f0d39ad98d86be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:37:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:48:40 2012 -0700" }, "message": "LSM: shrink sizeof LSM specific portion of common_audit_data\n\nLinus found that the gigantic size of the common audit data caused a big\nperf hit on something as simple as running stat() in a loop. This patch\nrequires LSMs to declare the LSM specific portion separately rather than\ndoing it in a union. Thus each LSM can be responsible for shrinking their\nportion and don\u0027t have to pay a penalty just because other LSMs have a\nbigger space requirement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8bb1f229527dee95644e0f8496980bb767c6f620", "tree": "511551e9772f11f855bd5b759b6d449da47e8820", "parents": [ "f22e08a79f3765fecf060b225a46931c94fb0a92", "c0d0259481cc6ec2a38cad810055e455de35c733" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second try at vfs part d#2 from Al Viro:\n \"Miklos\u0027 first series (with do_lookup() rewrite split into edible\n chunks) + assorted bits and pieces.\n\n The \u0027untangling of do_lookup()\u0027 series is is a splitup of what used to\n be a monolithic patch from Miklos, so this series is basically \"how do\n I convince myself that his patch is correct (or find a hole in it)\".\n No holes found and I like the resulting cleanup, so in it went...\"\n\nChanges from try 1: Fix a boot problem with selinux, and commit messages\nprettied up a bit.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)\n vfs: fix out-of-date dentry_unhash() comment\n vfs: split __lookup_hash\n untangling do_lookup() - take __lookup_hash()-calling case out of line.\n untangling do_lookup() - switch to calling __lookup_hash()\n untangling do_lookup() - merge d_alloc_and_lookup() callers\n untangling do_lookup() - merge failure exits in !dentry case\n untangling do_lookup() - massage !dentry case towards __lookup_hash()\n untangling do_lookup() - get rid of need_reval in !dentry case\n untangling do_lookup() - eliminate a loop.\n untangling do_lookup() - expand the area under -\u003ei_mutex\n untangling do_lookup() - isolate !dentry stuff from the rest of it.\n vfs: move MAY_EXEC check from __lookup_hash()\n vfs: don\u0027t revalidate just looked up dentry\n vfs: fix d_need_lookup/d_revalidate order in do_lookup\n ext3: move headers to fs/ext3/\n migrate ext2_fs.h guts to fs/ext2/ext2.h\n new helper: ext2_image_size()\n get rid of pointless includes of ext2_fs.h\n ext2: No longer export ext2_fs.h to user space\n mtdchar: kill persistently held vfsmount\n ...\n" }, { "commit": "2f99c36986ff27a86f06f27212c5f5fa8c7164a3", "tree": "a90fd7fe865bb1c5a00b0946754b505bcf070b60", "parents": [ "4a165d25f63a989d0aabe9d8eed5b3a5d5da1862" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Mar 23 16:04:05 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "get rid of pointless includes of ext2_fs.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a1c2aa1e86a25e7cace2ded47ec52754206a5733", "tree": "6d435240e757e9f83b4f9c42f98c69888f3b3928", "parents": [ "e152c38abaa92352679c9b53c4cce533c03997c6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 18 20:36:59 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "selinuxfs: merge dentry allocation into sel_make_dir()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cdb0f9a1ad2ee3c11e21bc99f0c2021a02844666", "tree": "e4c2ea0b8c432645d1a28bdb694939b1e2891b30", "parents": [ "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:12:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: inline avc_audit() and avc_has_perm_noaudit() into caller\n\nNow that all the slow-path code is gone from these functions, we can\ninline them into the main caller - avc_has_perm_flags().\n\nNow the compiler can see that \u0027avc\u0027 is allocated on the stack for this\ncase, which helps register pressure a bit. It also actually shrinks the\ntotal stack frame, because the stack frame that avc_has_perm_flags()\nalways needed (for that \u0027avc\u0027 allocation) is now sufficient for the\ninlined functions too.\n\nInlining isn\u0027t bad - but mindless inlining of cold code (see the\nprevious commit) is.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad", "tree": "f84e38fa7a54c1a678a14d7a65e583efac1cafa3", "parents": [ "fa2a4519cb6ad94224eb56a1341fff570fd44ea1" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 10:58:08 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: don\u0027t inline slow-path code into avc_has_perm_noaudit()\n\nThe selinux AVC paths remain some of the hottest (and deepest) codepaths\nat filename lookup time, and we make it worse by having the slow path\ncases take up I$ and stack space even when they don\u0027t trigger. Gcc\ntends to always want to inline functions that are just called once -\nnever mind that this might make for slower and worse code in the caller.\n\nSo this tries to improve on it a bit by making the slow-path cases\nexplicitly separate functions that are marked noinline, causing gcc to\nat least no longer allocate stack space for them unless they are\nactually called. It also seems to help register allocation a tiny bit,\nsince gcc now doesn\u0027t take the slow case code into account.\n\nUninlining the slow path may also allow us to inline the remaining hot\npath into the one caller that actually matters: avc_has_perm_flags().\nI\u0027ll have to look at that separately, but both avc_audit() and\navc_has_perm_noaudit() are now small and lean enough that inlining them\nmay make sense.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a591afc01d9e48affbacb365558a31e53c85af45", "tree": "9bb91f4eb94ec69fc4706c4944788ec5f3586063", "parents": [ "820d41cf0cd0e94a5661e093821e2e5c6b36a9d8", "31796ac4e8f0e88f5c10f1ad6dab8f19bebe44a4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "message": "Merge branch \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull x32 support for x86-64 from Ingo Molnar:\n \"This tree introduces the X32 binary format and execution mode for x86:\n 32-bit data space binaries using 64-bit instructions and 64-bit kernel\n syscalls.\n\n This allows applications whose working set fits into a 32 bits address\n space to make use of 64-bit instructions while using a 32-bit address\n space with shorter pointers, more compressed data structures, etc.\"\n\nFix up trivial context conflicts in arch/x86/{Kconfig,vdso/vma.c}\n\n* \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (71 commits)\n x32: Fix alignment fail in struct compat_siginfo\n x32: Fix stupid ia32/x32 inversion in the siginfo format\n x32: Add ptrace for x32\n x32: Switch to a 64-bit clock_t\n x32: Provide separate is_ia32_task() and is_x32_task() predicates\n x86, mtrr: Use explicit sizing and padding for the 64-bit ioctls\n x86/x32: Fix the binutils auto-detect\n x32: Warn and disable rather than error if binutils too old\n x32: Only clear TIF_X32 flag once\n x32: Make sure TS_COMPAT is cleared for x32 tasks\n fs: Remove missed -\u003efds_bits from cessation use of fd_set structs internally\n fs: Fix close_on_exec pointer in alloc_fdtable\n x32: Drop non-__vdso weak symbols from the x32 VDSO\n x32: Fix coding style violations in the x32 VDSO code\n x32: Add x32 VDSO support\n x32: Allow x32 to be configured\n x32: If configured, add x32 system calls to system call tables\n x32: Handle process creation\n x32: Signal-related system calls\n x86: Add #ifdef CONFIG_COMPAT to \u003casm/sys_ia32.h\u003e\n ...\n" }, { "commit": "9ffc93f203c18a70623f21950f1dd473c9ec48cd", "tree": "1eb3536ae183b0bfbf7f5152a6fe4f430ae881c2", "parents": [ "96f951edb1f1bdbbc99b0cd458f9808bb83d58ae" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "message": "Remove all #inclusions of asm/system.h\n\nRemove all #inclusions of asm/system.h preparatory to splitting and killing\nit. Performed with the following command:\n\nperl -p -i -e \u0027s!^#\\s*include\\s*\u003casm/system[.]h\u003e.*\\n!!\u0027 `grep -Irl \u0027^#\\s*include\\s*\u003casm/system[.]h\u003e\u0027 *`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "778aae84ef694325662447eceba1a5f7d3eebdbb", "tree": "7bf3f7e682e220ce30afe3572332fb424a3761f2", "parents": [ "15e9b9b9ed268fa91e52c44d621f3d0296162d15" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "message": "SELinux: selinux/xfrm.h needs net/flow.h\n\nselinux/xfrm.h needs to #include net/flow.h or else suffer:\n\nIn file included from security/selinux/ss/services.c:69:0:\nsecurity/selinux/include/xfrm.h: In function \u0027selinux_xfrm_notify_policyload\u0027:\nsecurity/selinux/include/xfrm.h:53:14: error: \u0027flow_cache_genid\u0027 undeclared (first use in this function)\nsecurity/selinux/include/xfrm.h:53:14: note: each undeclared identifier is reported only once for each function it appears in\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "48aab2f79dfc1357c48ce22ff5c989b52a590069", "tree": "7f690fe147bccc24b7a017845dbe9a99d7978b5f", "parents": [ "f7493e5d9cc10ac97cf1f1579fdc14117460b40b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "message": "security: optimize avc_audit() common path\n\navc_audit() did a lot of jumping around and had a big stack frame, all\nfor the uncommon case.\n\nSplit up the uncommon case (which we really can\u0027t make go fast anyway)\ninto its own slow function, and mark the conditional branches\nappropriately for the common likely case.\n\nThis causes avc_audit() to no longer show up as one of the hottest\nfunctions on the branch profiles (the new \"perf -b\" thing), and makes\nthe cycle profiles look really nice and dense too.\n\nThe whole audit path is still annoyingly very much one of the biggest\ncosts of name lookup, so these things are worth optimizing for. I wish\nwe could just tell people to turn it off, but realistically we do need\nit: we just need to make sure that the overhead of the necessary evil is\nas low as possible.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1fd36adcd98c14d2fd97f545293c488775cb2823", "tree": "c13ab1934a15aebe0d81601d910ce5a3c6fa2c6f", "parents": [ "1dce27c5aa6770e9d195f2bb7db1db3d4dde5591" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 16 17:49:54 2012 +0000" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Sun Feb 19 10:30:57 2012 -0800" }, "message": "Replace the fd_sets in struct fdtable with an array of unsigned longs\n\nReplace the fd_sets in struct fdtable with an array of unsigned longs and then\nuse the standard non-atomic bit operations rather than the FD_* macros.\n\nThis:\n\n (1) Removes the abuses of struct fd_set:\n\n (a) Since we don\u0027t want to allocate a full fd_set the vast majority of the\n \t time, we actually, in effect, just allocate a just-big-enough array of\n \t unsigned longs and cast it to an fd_set type - so why bother with the\n \t fd_set at all?\n\n (b) Some places outside of the core fdtable handling code (such as\n \t SELinux) want to look inside the array of unsigned longs hidden inside\n \t the fd_set struct for more efficient iteration over the entire set.\n\n (2) Eliminates the use of FD_*() macros in the kernel completely.\n\n (3) Permits the __FD_*() macros to be deleted entirely where not exposed to\n userspace.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nLink: http://lkml.kernel.org/r/20120216174954.23314.48147.stgit@warthog.procyon.org.uk\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "972b2c719990f91eb3b2310d44ef8a2d38955a14", "tree": "b25a250ec5bec4b7b6355d214642d8b57c5cab32", "parents": [ "02550d61f49266930e674286379d3601006b2893", "c3aa077648e147783a7a53b409578234647db853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "message": "Merge branch \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\n* \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (165 commits)\n reiserfs: Properly display mount options in /proc/mounts\n vfs: prevent remount read-only if pending removes\n vfs: count unlinked inodes\n vfs: protect remounting superblock read-only\n vfs: keep list of mounts for each superblock\n vfs: switch -\u003eshow_options() to struct dentry *\n vfs: switch -\u003eshow_path() to struct dentry *\n vfs: switch -\u003eshow_devname() to struct dentry *\n vfs: switch -\u003eshow_stats to struct dentry *\n switch security_path_chmod() to struct path *\n vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n vfs: trim includes a bit\n switch mnt_namespace -\u003eroot to struct mount\n vfs: take /proc/*/mounts and friends to fs/proc_namespace.c\n vfs: opencode mntget() mnt_set_mountpoint()\n vfs: spread struct mount - remaining argument of next_mnt()\n vfs: move fsnotify junk to struct mount\n vfs: move mnt_devname\n vfs: move mnt_list to struct mount\n vfs: switch pnode.h macros to struct mount *\n ...\n" }, { "commit": "d8c9584ea2a92879f471fd3a2be3af6c534fb035", "tree": "3541b9c6228f820bdc65e4875156eb27b1c91cb1", "parents": [ "ece2ccb668046610189d88d6aaf05aeb09c988a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:16:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "69f594a38967f4540ce7a29b3fd214e68a8330bd", "tree": "dff25b5f5ef0736fb63b08729bec4ff57062c13f", "parents": [ "f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:00 2012 -0500" }, "message": "ptrace: do not audit capability check when outputing /proc/pid/stat\n\nReading /proc/pid/stat of another process checks if one has ptrace permissions\non that process. If one does have permissions it outputs some data about the\nprocess which might have security and attack implications. If the current\ntask does not have ptrace permissions the read still works, but those fields\nare filled with inocuous (0) values. Since this check and a subsequent denial\nis not a violation of the security policy we should not audit such denials.\n\nThis can be quite useful to removing ptrace broadly across a system without\nflooding the logs when ps is run or something which harmlessly walks proc.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2653812e14f4e16688ec8247d7fd290bdbbc4747", "tree": "dabb2238a76e000b37374c69901afd6f99479631", "parents": [ "02f5daa563456c1ff3c3422aa3ec00e67460f762" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:19:02 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:52 2012 -0500" }, "message": "selinux: sparse fix: fix several warnings in the security server cod\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "02f5daa563456c1ff3c3422aa3ec00e67460f762", "tree": "b2394602c587815aae9f1b07ac272302800d9288", "parents": [ "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:18:06 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:51 2012 -0500" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0", "tree": "4f9b55cac61209b6b4f15a1e20396a15a4444b11", "parents": [ "6063c0461b947c26a77674f33a3409eb99e15d2f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:17:34 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6063c0461b947c26a77674f33a3409eb99e15d2f", "tree": "2ac98e4a0a5fa7f6da95e6c5978684da215b4277", "parents": [ "5c884c1d4ac955987e84acf2d36c0f160536aca4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:12:13 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5c884c1d4ac955987e84acf2d36c0f160536aca4", "tree": "a4d19da174e193a7844788846c53c25948ed2a54", "parents": [ "b46610caba4bd9263afd07c7ef7a79974550554a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:16:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:49 2012 -0500" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b46610caba4bd9263afd07c7ef7a79974550554a", "tree": "3f1edce9d24e9e7af2661ab4c2eeae744beb183c", "parents": [ "94d4ef0c2b3e6c799f78d223e233254a870c4559" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:11:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:48 2012 -0500" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" } ], "next": "dba19c6064766730dd64757a010ec3aec503ecdb" }