)]}' { "log": [ { "commit": "4502403dcf8f5c76abd4dbab8726c8e4ecb5cd34", "tree": "79f16f1c9ff482fb926b147a2f4f0b4382f0ccf6", "parents": [ "a937536b868b8369b98967929045f1df54234323" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Sat Mar 16 12:48:11 2013 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 19 00:33:09 2013 +1100" }, "message": "selinux: use GFP_ATOMIC under spin_lock\n\nThe call tree here is:\n\nsk_clone_lock() \u003c- takes bh_lock_sock(newsk);\nxfrm_sk_clone_policy()\n__xfrm_sk_clone_policy()\nclone_policy() \u003c- uses GFP_ATOMIC for allocations\nsecurity_xfrm_policy_clone()\nsecurity_ops-\u003exfrm_policy_clone_security()\nselinux_xfrm_policy_clone()\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8aec0f5d4137532de14e6554fd5dd201ff3a3c49", "tree": "314f28e5ad96423c6983aec9270462d76c0bb343", "parents": [ "c39ac49f23424086b43aceeace243f7a8bcc3ad8" ], "author": { "name": "Mathieu Desnoyers", "email": "mathieu.desnoyers@efficios.com", "time": "Mon Feb 25 10:20:36 2013 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 12 11:05:45 2013 -0700" }, "message": "Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys\n\nLooking at mm/process_vm_access.c:process_vm_rw() and comparing it to\ncompat_process_vm_rw() shows that the compatibility code requires an\nexplicit \"access_ok()\" check before calling\ncompat_rw_copy_check_uvector(). The same difference seems to appear when\nwe compare fs/read_write.c:do_readv_writev() to\nfs/compat.c:compat_do_readv_writev().\n\nThis subtle difference between the compat and non-compat requirements\nshould probably be debated, as it seems to be error-prone. In fact,\nthere are two others sites that use this function in the Linux kernel,\nand they both seem to get it wrong:\n\nNow shifting our attention to fs/aio.c, we see that aio_setup_iocb()\nalso ends up calling compat_rw_copy_check_uvector() through\naio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to\nbe missing. Same situation for\nsecurity/keys/compat.c:compat_keyctl_instantiate_key_iov().\n\nI propose that we add the access_ok() check directly into\ncompat_rw_copy_check_uvector(), so callers don\u0027t have to worry about it,\nand it therefore makes the compat call code similar to its non-compat\ncounterpart. Place the access_ok() check in the same location where\ncopy_from_user() can trigger a -EFAULT error in the non-compat code, so\nthe ABI behaviors are alike on both compat and non-compat.\n\nWhile we are here, fix compat_do_readv_writev() so it checks for\ncompat_rw_copy_check_uvector() negative return values.\n\nAnd also, fix a memory leak in compat_keyctl_instantiate_key_iov() error\nhandling.\n\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0da9dfdd2cd9889201bc6f6f43580c99165cd087", "tree": "960a37da7bc3e35d9c598eff7b829ab5959e7027", "parents": [ "7c6baa304b841673d3a55ea4fcf9a5cbf7a1674b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Mar 12 16:44:31 2013 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 12 16:44:31 2013 +1100" }, "message": "keys: fix race with concurrent install_user_keyrings()\n\nThis fixes CVE-2013-1792.\n\nThere is a race in install_user_keyrings() that can cause a NULL pointer\ndereference when called concurrently for the same user if the uid and\nuid-session keyrings are not yet created. It might be possible for an\nunprivileged user to trigger this by calling keyctl() from userspace in\nparallel immediately after logging in.\n\nAssume that we have two threads both executing lookup_user_key(), both\nlooking for KEY_SPEC_USER_SESSION_KEYRING.\n\n\tTHREAD A\t\t\tTHREAD B\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\t\t\t\t\t\u003d\u003d\u003ecall install_user_keyrings();\n\tif (!cred-\u003euser-\u003esession_keyring)\n\t\u003d\u003d\u003ecall install_user_keyrings()\n\t\t\t\t\t...\n\t\t\t\t\tuser-\u003euid_keyring \u003d uid_keyring;\n\tif (user-\u003euid_keyring)\n\t\treturn 0;\n\t\u003c\u003d\u003d\n\tkey \u003d cred-\u003euser-\u003esession_keyring [\u003d\u003d NULL]\n\t\t\t\t\tuser-\u003esession_keyring \u003d session_keyring;\n\tatomic_inc(\u0026key-\u003eusage); [oops]\n\nAt the point thread A dereferences cred-\u003euser-\u003esession_keyring, thread B\nhasn\u0027t updated user-\u003esession_keyring yet, but thread A assumes it is\npopulated because install_user_keyrings() returned ok.\n\nThe race window is really small but can be exploited if, for example,\nthread B is interrupted or preempted after initializing uid_keyring, but\nbefore doing setting session_keyring.\n\nThis couldn\u0027t be reproduced on a stock kernel. However, after placing\nsystemtap probe on \u0027user-\u003esession_keyring \u003d session_keyring;\u0027 that\nintroduced some delay, the kernel could be crashed reliably.\n\nFix this by checking both pointers before deciding whether to return.\nAlternatively, the test could be done away with entirely as it is checked\ninside the mutex - but since the mutex is global, that may not be the best\nway.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReported-by: Mateusz Guzik \u003cmguzik@redhat.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "ba0e3427b03c3d1550239779eca5c1c5a53a2152", "tree": "bf73e476924c5a52249e99ce5f4c30978b581800", "parents": [ "6dbe51c251a327e012439c4772097a13df43c5b8" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Mar 02 19:14:03 2013 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Mar 03 19:35:38 2013 -0800" }, "message": "userns: Stop oopsing in key_change_session_keyring\n\nDave Jones \u003cdavej@redhat.com\u003e writes:\n\u003e Just hit this on Linus\u0027 current tree.\n\u003e\n\u003e [ 89.621770] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8\n\u003e [ 89.623111] IP: [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.624062] PGD 122bfd067 PUD 122bfe067 PMD 0\n\u003e [ 89.624901] Oops: 0000 [#1] PREEMPT SMP\n\u003e [ 89.625678] Modules linked in: caif_socket caif netrom bridge hidp 8021q garp stp mrp rose llc2 af_rxrpc phonet af_key binfmt_misc bnep l2tp_ppp can_bcm l2tp_core pppoe pppox can_raw scsi_transport_iscsi ppp_generic slhc nfnetlink can ipt_ULOG ax25 decnet irda nfc rds x25 crc_ccitt appletalk atm ipx p8023 psnap p8022 llc lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_filter ip6_tables btusb bluetooth snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm vhost_net snd_page_alloc snd_timer tun macvtap usb_debug snd rfkill microcode macvlan edac_core pcspkr serio_raw kvm_amd soundcore kvm r8169 mii\n\u003e [ 89.637846] CPU 2\n\u003e [ 89.638175] Pid: 782, comm: trinity-main Not tainted 3.8.0+ #63 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H\n\u003e [ 89.639850] RIP: 0010:[\u003cffffffff810784b0\u003e] [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.641161] RSP: 0018:ffff880115657eb8 EFLAGS: 00010207\n\u003e [ 89.641984] RAX: 00000000000003e8 RBX: ffff88012688b000 RCX: 0000000000000000\n\u003e [ 89.643069] RDX: 0000000000000000 RSI: ffffffff81c32960 RDI: ffff880105839600\n\u003e [ 89.644167] RBP: ffff880115657ed8 R08: 0000000000000000 R09: 0000000000000000\n\u003e [ 89.645254] R10: 0000000000000001 R11: 0000000000000246 R12: ffff880105839600\n\u003e [ 89.646340] R13: ffff88011beea490 R14: ffff88011beea490 R15: 0000000000000000\n\u003e [ 89.647431] FS: 00007f3ac063b740(0000) GS:ffff88012b200000(0000) knlGS:0000000000000000\n\u003e [ 89.648660] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b\n\u003e [ 89.649548] CR2: 00000000000000c8 CR3: 0000000122bfc000 CR4: 00000000000007e0\n\u003e [ 89.650635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n\u003e [ 89.651723] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n\u003e [ 89.652812] Process trinity-main (pid: 782, threadinfo ffff880115656000, task ffff88011beea490)\n\u003e [ 89.654128] Stack:\n\u003e [ 89.654433] 0000000000000000 ffff8801058396a0 ffff880105839600 ffff88011beeaa78\n\u003e [ 89.655769] ffff880115657ef8 ffffffff812c7d9b ffffffff82079be0 0000000000000000\n\u003e [ 89.657073] ffff880115657f28 ffffffff8106c665 0000000000000002 ffff880115657f58\n\u003e [ 89.658399] Call Trace:\n\u003e [ 89.658822] [\u003cffffffff812c7d9b\u003e] key_change_session_keyring+0xfb/0x140\n\u003e [ 89.659845] [\u003cffffffff8106c665\u003e] task_work_run+0xa5/0xd0\n\u003e [ 89.660698] [\u003cffffffff81002911\u003e] do_notify_resume+0x71/0xb0\n\u003e [ 89.661581] [\u003cffffffff816c9a4a\u003e] int_signal+0x12/0x17\n\u003e [ 89.662385] Code: 24 90 00 00 00 48 8b b3 90 00 00 00 49 8b 4c 24 40 48 39 f2 75 08 e9 83 00 00 00 48 89 ca 48 81 fa 60 29 c3 81 0f 84 41 fe ff ff \u003c48\u003e 8b 8a c8 00 00 00 48 39 ce 75 e4 3b 82 d0 00 00 00 0f 84 4b\n\u003e [ 89.667778] RIP [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.668733] RSP \u003cffff880115657eb8\u003e\n\u003e [ 89.669301] CR2: 00000000000000c8\n\u003e\n\u003e My fastest trinity induced oops yet!\n\u003e\n\u003e\n\u003e Appears to be..\n\u003e\n\u003e if ((set_ns \u003d\u003d subset_ns-\u003eparent) \u0026\u0026\n\u003e 850: 48 8b 8a c8 00 00 00 mov 0xc8(%rdx),%rcx\n\u003e\n\u003e from the inlined cred_cap_issubset\n\nBy historical accident we have been reading trying to set new-\u003euser_ns\nfrom new-\u003euser_ns. Which is totally silly as new-\u003euser_ns is NULL (as\nis every other field in new except session_keyring at that point).\n\nThe intent is clearly to copy all of the fields from old to new so copy\nold-\u003euser_ns into into new-\u003euser_ns.\n\nCc: stable@vger.kernel.org\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nTested-by: Dave Jones \u003cdavej@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "56a79b7b021bf1b08334e63c2c14b280e2dbf47a", "tree": "0419233e6194f4f12073c9284852885aa8984bec", "parents": [ "1c82315a12144cde732636e259d39e3ee81b3c5b", "dcf787f39162ce32ca325b3e784aba2d2444619a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:02 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:03 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull more VFS bits from Al Viro:\n \"Unfortunately, it looks like xattr series will have to wait until the\n next cycle ;-/\n\n This pile contains 9p cleanups and fixes (races in v9fs_fid_add()\n etc), fixup for nommu breakage in shmem.c, several cleanups and a bit\n more file_inode() work\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:\n constify path_get/path_put and fs_struct.c stuff\n fix nommu breakage in shmem.c\n cache the value of file_inode() in struct file\n 9p: if v9fs_fid_lookup() gets to asking server, it\u0027d better have hashed dentry\n 9p: make sure -\u003elookup() adds fid to the right dentry\n 9p: untangle -\u003elookup() a bit\n 9p: double iput() in -\u003elookup() if d_materialise_unique() fails\n 9p: v9fs_fid_add() can\u0027t fail now\n v9fs: get rid of v9fs_dentry\n 9p: turn fid-\u003edlist into hlist\n 9p: don\u0027t bother with private lock in -\u003ed_fsdata; dentry-\u003ed_lock will do just fine\n more file_inode() open-coded instances\n selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\n(In the meantime, the hlist traversal macros have changed, so this\nrequired a semantic conflict fixup for the newly hlistified fid-\u003edlist)\n" }, { "commit": "b67bfe0d42cac56c512dd5da4b1b347a23f4b70a", "tree": "3d465aea12b97683f26ffa38eba8744469de9997", "parents": [ "1e142b29e210b5dfb2deeb6ce2210b60af16d2a6" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Wed Feb 27 17:06:00 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Feb 27 19:10:24 2013 -0800" }, "message": "hlist: drop the node parameter from iterators\n\nI\u0027m not sure why, but the hlist for each entry iterators were conceived\n\n list_for_each_entry(pos, head, member)\n\nThe hlist ones were greedy and wanted an extra parameter:\n\n hlist_for_each_entry(tpos, pos, head, member)\n\nWhy did they need an extra pos parameter? I\u0027m not quite sure. Not only\nthey don\u0027t really need it, it also prevents the iterator from looking\nexactly like the list iterator, which is unfortunate.\n\nBesides the semantic patch, there was some manual work required:\n\n - Fix up the actual hlist iterators in linux/list.h\n - Fix up the declaration of other iterators based on the hlist ones.\n - A very small amount of places were using the \u0027node\u0027 parameter, this\n was modified to use \u0027obj-\u003emember\u0027 instead.\n - Coccinelle didn\u0027t handle the hlist_for_each_entry_safe iterator\n properly, so those had to be fixed up manually.\n\nThe semantic patch which is mostly the work of Peter Senna Tschudin is here:\n\n@@\niterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;\n\ntype T;\nexpression a,c,d,e;\nidentifier b;\nstatement S;\n@@\n\n-T b;\n \u003c+... when !\u003d b\n(\nhlist_for_each_entry(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue(a,\n- b,\nc) S\n|\nhlist_for_each_entry_from(a,\n- b,\nc) S\n|\nhlist_for_each_entry_rcu(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_rcu_bh(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue_rcu_bh(a,\n- b,\nc) S\n|\nfor_each_busy_worker(a, c,\n- b,\nd) S\n|\nax25_uid_for_each(a,\n- b,\nc) S\n|\nax25_for_each(a,\n- b,\nc) S\n|\ninet_bind_bucket_for_each(a,\n- b,\nc) S\n|\nsctp_for_each_hentry(a,\n- b,\nc) S\n|\nsk_for_each(a,\n- b,\nc) S\n|\nsk_for_each_rcu(a,\n- b,\nc) S\n|\nsk_for_each_from\n-(a, b)\n+(a)\nS\n+ sk_for_each_from(a) S\n|\nsk_for_each_safe(a,\n- b,\nc, d) S\n|\nsk_for_each_bound(a,\n- b,\nc) S\n|\nhlist_for_each_entry_safe(a,\n- b,\nc, d, e) S\n|\nhlist_for_each_entry_continue_rcu(a,\n- b,\nc) S\n|\nnr_neigh_for_each(a,\n- b,\nc) S\n|\nnr_neigh_for_each_safe(a,\n- b,\nc, d) S\n|\nnr_node_for_each(a,\n- b,\nc) S\n|\nnr_node_for_each_safe(a,\n- b,\nc, d) S\n|\n- for_each_gfn_sp(a, c, d, b) S\n+ for_each_gfn_sp(a, c, d) S\n|\n- for_each_gfn_indirect_valid_sp(a, c, d, b) S\n+ for_each_gfn_indirect_valid_sp(a, c, d) S\n|\nfor_each_host(a,\n- b,\nc) S\n|\nfor_each_host_safe(a,\n- b,\nc, d) S\n|\nfor_each_mesh_entry(a,\n- b,\nc, d) S\n)\n ...+\u003e\n\n[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]\n[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]\n[akpm@linux-foundation.org: checkpatch fixes]\n[akpm@linux-foundation.org: fix warnings]\n[akpm@linux-foudnation.org: redo intrusive kvm changes]\nTested-by: Peter Senna Tschudin \u003cpeter.senna@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nCc: Wu Fengguang \u003cfengguang.wu@intel.com\u003e\nCc: Marcelo Tosatti \u003cmtosatti@redhat.com\u003e\nCc: Gleb Natapov \u003cgleb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45e09bd51b2be1fbb86c2e3d5bb00d32744f1ecb", "tree": "4cf68d20342e7b0253ea07ae2b265b15b994f684", "parents": [ "d895cb1af15c04c522a25c79cc429076987c089b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 16:24:16 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 27 13:22:14 2013 -0500" }, "message": "selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d895cb1af15c04c522a25c79cc429076987c089b", "tree": "895dc9157e28f603d937a58be664e4e440d5530c", "parents": [ "9626357371b519f2b955fef399647181034a77fe", "d3d009cb965eae7e002ea5badf603ea8f4c34915" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile (part one) from Al Viro:\n \"Assorted stuff - cleaning namei.c up a bit, fixing -\u003ed_name/-\u003ed_parent\n locking violations, etc.\n\n The most visible changes here are death of FS_REVAL_DOT (replaced with\n \"has -\u003ed_weak_revalidate()\") and a new helper getting from struct file\n to inode. Some bits of preparation to xattr method interface changes.\n\n Misc patches by various people sent this cycle *and* ocfs2 fixes from\n several cycles ago that should\u0027ve been upstream right then.\n\n PS: the next vfs pile will be xattr stuff.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)\n saner proc_get_inode() calling conventions\n proc: avoid extra pde_put() in proc_fill_super()\n fs: change return values from -EACCES to -EPERM\n fs/exec.c: make bprm_mm_init() static\n ocfs2/dlm: use GFP_ATOMIC inside a spin_lock\n ocfs2: fix possible use-after-free with AIO\n ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path\n get_empty_filp()/alloc_file() leave both -\u003ef_pos and -\u003ef_version zero\n target: writev() on single-element vector is pointless\n export kernel_write(), convert open-coded instances\n fs: encode_fh: return FILEID_INVALID if invalid fid_type\n kill f_vfsmnt\n vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op\n nfsd: handle vfs_getattr errors in acl protocol\n switch vfs_getattr() to struct path\n default SET_PERSONALITY() in linux/elf.h\n ceph: prepopulate inodes only when request is aborted\n d_hash_and_lookup(): export, switch open-coded instances\n 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()\n 9p: split dropping the acls from v9fs_set_create_acl()\n ...\n" }, { "commit": "182be684784334598eee1d90274e7f7aa0063616", "tree": "7b4d555a24fbbe9b22086f31246d1aa6df5e5330", "parents": [ "ecf3d1f1aa74da0d632b651a2e05a911f60e92c0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 24 02:21:54 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Feb 26 02:46:10 2013 -0500" }, "message": "kill f_vfsmnt\n\nvery few users left...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "446d64e3e1154806092ac27de198dff1225797d9", "tree": "6ae7509b776f88bf7c28254e63ba34ddcd091a92", "parents": [ "a2c2c3a71c25627e4840795b3c269918d0e71b28" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:37 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 03:10:52 2013 +1100" }, "message": "block: fix part_pack_uuid() build error\n\nCommit \"85865c1 ima: add policy support for file system uuid\"\nintroduced a CONFIG_BLOCK dependency. This patch defines a\nwrapper called blk_part_pack_uuid(), which returns -EINVAL,\nwhen CONFIG_BLOCK is not defined.\n\nsecurity/integrity/ima/ima_policy.c:538:4: error: implicit declaration\nof function \u0027part_pack_uuid\u0027 [-Werror\u003dimplicit-function-declaration]\n\nChangelog v2:\n- Reference commit number in patch description\nChangelog v1:\n- rename ima_part_pack_uuid() to blk_part_pack_uuid()\n- resolve scripts/checkpatch.pl warnings\nChangelog v0:\n- fix UUID scripts/Lindent msgs\n\nReported-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nReported-by: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: David Rientjes \u003crientjes@google.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nCc: Jens Axboe \u003caxboe@kernel.dk\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a2c2c3a71c25627e4840795b3c269918d0e71b28", "tree": "f643772b0087e7bf5a9801ed07580ee8d5ce93c9", "parents": [ "ab7826595e9ec51a51f622c5fc91e2f59440481a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:36 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 02:46:38 2013 +1100" }, "message": "ima: \"remove enforce checking duplication\" merge fix\n\nCommit \"750943a ima: remove enforce checking duplication\" combined\nthe \u0027in IMA policy\u0027 and \u0027enforcing file integrity\u0027 checks. For\nthe non-file, kernel module verification, a specific check for\n\u0027enforcing file integrity\u0027 was not added. This patch adds the\ncheck.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "53eb8c82d581fdd4b389a3e417261f3ae924e603", "tree": "de3893156c17c9ab220e4460630f581c55a0f487", "parents": [ "024e4ec1856d57bb78c06ec903d29dcf716f5f47" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Feb 21 16:41:31 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 17:22:15 2013 -0800" }, "message": "device_cgroup: don\u0027t grab mutex in rcu callback\n\nCommit 103a197c0c4e (\"security/device_cgroup: lock assert fails in\ndev_exception_clean()\") grabs devcgroup_mutex to fix assert failure, but\na mutex can\u0027t be grabbed in rcu callback. Since there shouldn\u0027t be any\nother references when css_free is called, mutex isn\u0027t needed for list\ncleanup in devcgroup_css_free().\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "33673dcb372b5d8179c22127ca71deb5f3dc7016", "tree": "d182e9dc6aa127375a92b5eb619d6cd2ddc23ce7", "parents": [ "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "5b2660326039a32b28766cb4c1a8b1bdcfadc375" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"This is basically a maintenance update for the TPM driver and EVM/IMA\"\n\nFix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)\n tpm/ibmvtpm: build only when IBM pseries is configured\n ima: digital signature verification using asymmetric keys\n ima: rename hash calculation functions\n ima: use new crypto_shash API instead of old crypto_hash\n ima: add policy support for file system uuid\n evm: add file system uuid to EVM hmac\n tpm_tis: check pnp_acpi_device return code\n char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value\n char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe\n char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute\n char/tpm/tpm_i2c_stm_st33: Don\u0027t use memcpy for one byte assignment\n tpm_i2c_stm_st33: removed unused variables/code\n TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup\n tpm: Fix cancellation of TPM commands (interrupt mode)\n tpm: Fix cancellation of TPM commands (polling mode)\n tpm: Store TPM vendor ID\n TPM: Work around buggy TPMs that block during continue self test\n tpm_i2c_stm_st33: fix oops when i2c client is unavailable\n char/tpm: Use struct dev_pm_ops for power management\n TPM: STMicroelectronics ST33 I2C BUILD STUFF\n ...\n" }, { "commit": "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "tree": "ba144f62734e9d89ed515466972c318de561ccb2", "parents": [ "a0b1c42951dd06ec83cc1bc2c9788131d9fefcd8" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 21 12:00:25 2013 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 07:56:25 2013 -0800" }, "message": "KEYS: Revert one application of \"Fix unreachable code\" patch\n\nA patch to fix some unreachable code in search_my_process_keyrings() got\napplied twice by two different routes upstream as commits e67eab39bee2\nand b010520ab3d2 (both \"fix unreachable code\").\n\nUnfortunately, the second application removed something it shouldn\u0027t\nhave and this wasn\u0027t detected by GIT. This is due to the patch not\nhaving sufficient lines of context to distinguish the two places of\napplication.\n\nThe effect of this is relatively minor: inside the kernel, the keyring\nsearch routines may search multiple keyrings and then prioritise the\nerrors if no keys or negative keys are found in any of them. With the\nextra deletion, the presence of a negative key in the thread keyring\n(causing ENOKEY) is incorrectly overridden by an error searching the\nprocess keyring.\n\nSo revert the second application of the patch.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Jiri Kosina \u003cjkosina@suse.cz\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e0751257a64ea10cca96ccb06522bfb10e36cb5b", "tree": "7ff1ec8b4d359f383fc3408876dd6ff6532f9ab6", "parents": [ "50af554466804bf51a52fa3d1d0a76f96bd33929" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Feb 07 00:12:08 2013 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 21:22:18 2013 -0500" }, "message": "ima: digital signature verification using asymmetric keys\n\nAsymmetric keys were introduced in linux-3.7 to verify the signature on\nsigned kernel modules. The asymmetric keys infrastructure abstracts the\nsignature verification from the crypto details. This patch adds IMA/EVM\nsignature verification using asymmetric keys. Support for additional\nsignature verification methods can now be delegated to the asymmetric\nkey infrastructure.\n\nAlthough the module signature header and the IMA/EVM signature header\ncould use the same format, to minimize the signature length and save\nspace in the extended attribute, this patch defines a new IMA/EVM\nheader format. The main difference is that the key identifier is a\nsha1[12 - 19] hash of the key modulus and exponent, similar to the\ncurrent implementation. The only purpose of the key identifier is to\nidentify the corresponding key in the kernel keyring. ima-evm-utils\nwas updated to support the new signature format.\n\nWhile asymmetric signature verification functionality supports many\ndifferent hash algorithms, the hash used in this patch is calculated\nduring the IMA collection phase, based on the configured algorithm.\nThe default algorithm is sha1, but for backwards compatibility md5\nis supported. Due to this current limitation, signatures should be\ngenerated using a sha1 hash algorithm.\n\nChanges in this patch:\n- Functionality has been moved to separate source file in order to get rid of\n in source #ifdefs.\n- keyid is derived according to the RFC 3280. It does not require to assign\n IMA/EVM specific \"description\" when loading X509 certificate. Kernel\n asymmetric key subsystem automatically generate the description. Also\n loading a certificate does not require using of ima-evm-utils and can be\n done using keyctl only.\n- keyid size is reduced to 32 bits to save xattr space. Key search is done\n using partial match functionality of asymmetric_key_match().\n- Kconfig option title was changed\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "50af554466804bf51a52fa3d1d0a76f96bd33929", "tree": "b7a3737c726a690ddefa60fdc01427d46d1d08b2", "parents": [ "76bb28f6126f20ee987b9d2570fa653d95d30ae9" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon May 14 14:13:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:13 2013 -0500" }, "message": "ima: rename hash calculation functions\n\nRename hash calculation functions to reflect meaning\nand change argument order in conventional way.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "76bb28f6126f20ee987b9d2570fa653d95d30ae9", "tree": "d03a184b5fb611544519662784ec50fee55bac72", "parents": [ "85865c1fa189fcba49089e6254a0226f2269bebc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 10:42:30 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:12 2013 -0500" }, "message": "ima: use new crypto_shash API instead of old crypto_hash\n\nOld crypto hash API internally uses shash API.\nUsing shash API directly is more efficient.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "85865c1fa189fcba49089e6254a0226f2269bebc", "tree": "e3bcc153e1218302a3bccd30f55295361396a781", "parents": [ "74de66842473bdafa798010e58f1999ec70a8983" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 23:23:13 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:29 2013 -0500" }, "message": "ima: add policy support for file system uuid\n\nThe IMA policy permits specifying rules to enable or disable\nmeasurement/appraisal/audit based on the file system magic number.\nIf, for example, the policy contains an ext4 measurement rule,\nthe rule is enabled for all ext4 partitions.\n\nSometimes it might be necessary to enable measurement/appraisal/audit\nonly for one partition and disable it for another partition of the\nsame type. With the existing IMA policy syntax, this can not be done.\n\nThis patch provides support for IMA policy rules to specify the file\nsystem by its UUID (eg. fsuuid\u003d397449cd-687d-4145-8698-7fed4a3e0363).\n\nFor partitions not being appraised, it might be a good idea to mount\nfile systems with the \u0027noexec\u0027 option to prevent executing non-verified\nbinaries.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "74de66842473bdafa798010e58f1999ec70a8983", "tree": "83bb9c589051fd7269a9cd2bf1d7be9a955eccbd", "parents": [ "6e38bfaad6c83bdd07eb659f9bfd50f8d71a5a46" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 10 10:37:20 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:28 2013 -0500" }, "message": "evm: add file system uuid to EVM hmac\n\nEVM uses the same key for all file systems to calculate the HMAC,\nmaking it possible to paste inodes from one file system on to another\none, without EVM being able to detect it. To prevent such an attack,\nit is necessary to make the EVM HMAC file system specific.\n\nThis patch uses the file system UUID, a file system unique identifier,\nto bind the EVM HMAC to the file system. The value inode-\u003ei_sb-\u003es_uuid\nis used for the HMAC hash calculation, instead of using it for deriving\nthe file system specific key. Initializing the key for every inode HMAC\ncalculation is a bit more expensive operation than adding the uuid to\nthe HMAC hash.\n\nChanging the HMAC calculation method or adding additional info to the\ncalculation, requires existing EVM labeled file systems to be relabeled.\nThis patch adds a Kconfig HMAC version option for backwards compatability.\n\nChangelog v1:\n- squash \"hmac version setting\"\nChangelog v0:\n- add missing Kconfig depends (Mimi)\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "22f837981514e157f8f9737b25ac6d7d90a14006", "tree": "5537a70dcd9225023335b1bd1cd0e9a9c0e95cb9", "parents": [ "949db153b6466c6f7cad5a427ecea94985927311", "6642f91c92da07369cf1e582503ea3ccb4a7f1a9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 28 11:41:37 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 28 11:41:37 2013 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nPull networking updates from David Miller:\n \"Much more accumulated than I would have liked due to an unexpected\n bout with a nasty flu:\n\n 1) AH and ESP input don\u0027t set ECN field correctly because the\n transport head of the SKB isn\u0027t set correctly, fix from Li\n RongQing.\n\n 2) If netfilter conntrack zones are disabled, we can return an\n uninitialized variable instead of the proper error code. Fix from\n Borislav Petkov.\n\n 3) Fix double SKB free in ath9k driver beacon handling, from Felix\n Feitkau.\n\n 4) Remove bogus assumption about netns cleanup ordering in\n nf_conntrack, from Pablo Neira Ayuso.\n\n 5) Remove a bogus BUG_ON in the new TCP fastopen code, from Eric\n Dumazet. It uses spin_is_locked() in it\u0027s test and is therefore\n unsuitable for UP.\n\n 6) Fix SELINUX labelling regressions added by the tuntap multiqueue\n changes, from Paul Moore.\n\n 7) Fix CRC errors with jumbo frame receive in tg3 driver, from Nithin\n Nayak Sujir.\n\n 8) CXGB4 driver sets interrupt coalescing parameters only on first\n queue, rather than all of them. Fix from Thadeu Lima de Souza\n Cascardo.\n\n 9) Fix regression in the dispatch of read/write registers in dm9601\n driver, from Tushar Behera.\n\n 10) ipv6_append_data miscalculates header length, from Romain KUNTZ.\n\n 11) Fix PMTU handling regressions on ipv4 routes, from Steffen\n Klassert, Timo Teräs, and Julian Anastasov.\n\n 12) In 3c574_cs driver, add necessary parenthesis to \"x \u003c\u003c y \u0026 z\"\n expression. From Nickolai Zeldovich.\n\n 13) macvlan_get_size() causes underallocation netlink message space,\n fix from Eric Dumazet.\n\n 14) Avoid division by zero in xfrm_replay_advance_bmp(), from Nickolai\n Zeldovich. Amusingly the zero check was already there, we were\n just performing it after the modulus :-)\n\n 15) Some more splice bug fixes from Eric Dumazet, which fix things\n mostly eminating from how we now more aggressively use high-order\n pages in SKBs.\n\n 16) Fix size calculation bug when freeing hash tables in the IPSEC\n xfrm code, from Michal Kubecek.\n\n 17) Fix PMTU event propagation into socket cached routes, from Steffen\n Klassert.\n\n 18) Fix off by one in TX buffer release in netxen driver, from Eric\n Dumazet.\n\n 19) Fix rediculous memory allocation requirements introduced by the\n tuntap multiqueue changes, from Jason Wang.\n\n 20) Remove bogus AMD platform workaround in r8169 driver that causes\n major problems in normal operation, from Timo Teräs.\n\n 21) virtio-net set affinity and select queue don\u0027t handle\n discontiguous cpu numbers properly, fix from Wanlong Gao.\n\n 22) Fix a route refcounting issue in loopback driver, from Eric\n Dumazet. There\u0027s a similar fix coming that we might add to the\n macvlan driver as well.\n\n 23) Fix SKB leaks in batman-adv\u0027s distributed arp table code, from\n Matthias Schiffer.\n\n 24) r8169 driver gives descriptor ownership back the hardware before\n we\u0027re done reading the VLAN tag out of it, fix from Francois\n Romieu.\n\n 25) Checksums not calculated properly in GRE tunnel driver fix from\n Pravin B Shelar.\n\n26) Fix SCTP memory leak on namespace exit.\"\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (101 commits)\n dm9601: support dm9620 variant\n SCTP: Free the per-net sysctl table on net exit. v2\n net: phy: icplus: fix broken INTR pin settings\n net: phy: icplus: Use the RGMII interface mode to configure clock delays\n IP_GRE: Fix kernel panic in IP_GRE with GRE csum.\n sctp: set association state to established in dupcook_a handler\n ip6mr: limit IPv6 MRT_TABLE identifiers\n r8169: fix vlan tag read ordering.\n net: cdc_ncm: use IAD provided by the USB core\n batman-adv: filter ARP packets with invalid MAC addresses in DAT\n batman-adv: check for more types of invalid IP addresses in DAT\n batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()\n net: loopback: fix a dst refcounting issue\n virtio-net: reset virtqueue affinity when doing cpu hotplug\n virtio-net: split out clean affinity function\n virtio-net: fix the set affinity bug when CPU IDs are not consecutive\n can: pch_can: fix invalid error codes\n can: ti_hecc: fix invalid error codes\n can: c_can: fix invalid error codes\n r8169: remove the obsolete and incorrect AMD workaround\n ...\n" }, { "commit": "5a73fcfa8875a94c2956e7ff8fba54d31a3e2854", "tree": "4f7a55a1f4c7524aaa422fc216717c1c0424d48e", "parents": [ "d79d72e02485c00b886179538dc8deaffa3be507" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 15:14:38 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:39 2013 -0500" }, "message": "ima: differentiate appraise status only for hook specific rules\n\nDifferent hooks can require different methods for appraising a\nfile\u0027s integrity. As a result, an integrity appraisal status is\ncached on a per hook basis.\n\nOnly a hook specific rule, requires the inode to be re-appraised.\nThis patch eliminates unnecessary appraisals.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "d79d72e02485c00b886179538dc8deaffa3be507", "tree": "92690d5cbd6e4a0a3bee369033fe18d9b2d065f7", "parents": [ "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 03 17:08:11 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:36 2013 -0500" }, "message": "ima: per hook cache integrity appraisal status\n\nWith the new IMA policy \u0027appraise_type\u003d\u0027 option, different hooks\ncan require different methods for appraising a file\u0027s integrity.\n\nFor example, the existing \u0027ima_appraise_tcb\u0027 policy defines a\ngeneric rule, requiring all root files to be appraised, without\nspecfying the appraisal method. A more specific rule could require\nall kernel modules, for example, to be signed.\n\nappraise fowner\u003d0 func\u003dMODULE_CHECK appraise_type\u003dimasig\nappraise fowner\u003d0\n\nAs a result, the integrity appraisal results for the same inode, but\nfor different hooks, could differ. This patch caches the integrity\nappraisal results on a per hook basis.\n\nChangelog v2:\n- Rename ima_cache_status() to ima_set_cache_status()\n- Rename and move get_appraise_status() to ima_get_cache_status()\nChangelog v0:\n- include IMA_APPRAISE/APPRAISED_SUBMASK in IMA_DO/DONE_MASK (Dmitry)\n- Support independent MODULE_CHECK appraise status.\n- fixed IMA_XXXX_APPRAISE/APPRAISED flags\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4", "tree": "914edd29a01e55aa993f810246ff01e8c1c19ae0", "parents": [ "0e5a247cb37a97d843ef76d09d5f80deb7893ba3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 09:29:09 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:34 2013 -0500" }, "message": "ima: increase iint flag size\n\nIn preparation for hook specific appraise status results, increase\nthe iint flags size.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "0e5a247cb37a97d843ef76d09d5f80deb7893ba3", "tree": "7206abaf6d20e69a89584046ed7dc9970ba2da12", "parents": [ "a175b8bb29ebbad380ab4788f307fbfc47997b19" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 13:58:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:31 2013 -0500" }, "message": "ima: added policy support for \u0027security.ima\u0027 type\n\nThe \u0027security.ima\u0027 extended attribute may contain either the file data\u0027s\nhash or a digital signature. This patch adds support for requiring a\nspecific extended attribute type. It extends the IMA policy with a new\nkeyword \u0027appraise_type\u003dimasig\u0027. (Default is hash.)\n\nChangelog v2:\n- Fixed Documentation/ABI/testing/ima_policy option syntax\nChangelog v1:\n- Differentiate between \u0027required\u0027 vs. \u0027actual\u0027 extended attribute\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "103a197c0c4ec936f5a243b5b092e4e49213f569", "tree": "e39515c278a0f923537aaee97bef38aad671ab00", "parents": [ "a67adb997419fb53540d4a4f79c6471c60bc69b6" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Jan 17 01:04:14 2013 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:55 2013 +1100" }, "message": "security/device_cgroup: lock assert fails in dev_exception_clean()\n\ndevcgroup_css_free() calls dev_exception_clean() without the devcgroup_mutex being locked.\n\nShutting down a kvm virt was giving me the following trace:\n\n[36280.732764] ------------[ cut here ]------------\n[36280.732778] WARNING: at /home/snits/dev/linux/security/device_cgroup.c:172 dev_exception_clean+0xa9/0xc0()\n[36280.732782] Hardware name: Studio XPS 8100\n[36280.732785] Modules linked in: xt_REDIRECT fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle bridge stp llc nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter it87 hwmon_vid xt_state nf_conntrack ip6_tables snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq coretemp snd_seq_device crc32c_intel snd_pcm snd_page_alloc snd_timer snd broadcom tg3 serio_raw i7core_edac edac_core ptp pps_core lpc_ich pcspkr mfd_core soundcore microcode i2c_i801 nfsd auth_rpcgss nfs_acl lockd vhost_net sunrpc tun macvtap macvlan kvm_intel kvm uinput binfmt_misc autofs4 usb_storage firewire_ohci firewire_core crc_itu_t radeon drm_kms_helper ttm\n[36280.732921] Pid: 933, comm: libvirtd Tainted: G W 3.8.0-rc3-00307-g4c217de #1\n[36280.732922] Call Trace:\n[36280.732927] [\u003cffffffff81044303\u003e] warn_slowpath_common+0x93/0xc0\n[36280.732930] [\u003cffffffff8104434a\u003e] warn_slowpath_null+0x1a/0x20\n[36280.732932] [\u003cffffffff812deaf9\u003e] dev_exception_clean+0xa9/0xc0\n[36280.732934] [\u003cffffffff812deb2a\u003e] devcgroup_css_free+0x1a/0x30\n[36280.732938] [\u003cffffffff810ccd76\u003e] cgroup_diput+0x76/0x210\n[36280.732941] [\u003cffffffff8119eac0\u003e] d_delete+0x120/0x180\n[36280.732943] [\u003cffffffff81195cff\u003e] vfs_rmdir+0xef/0x130\n[36280.732945] [\u003cffffffff81195e47\u003e] do_rmdir+0x107/0x1c0\n[36280.732949] [\u003cffffffff8132d17e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n[36280.732951] [\u003cffffffff81198646\u003e] sys_rmdir+0x16/0x20\n[36280.732954] [\u003cffffffff8173bd82\u003e] system_call_fastpath+0x16/0x1b\n[36280.732956] ---[ end trace ca39dced899a7d9f ]---\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a67adb997419fb53540d4a4f79c6471c60bc69b6", "tree": "5796039c0789a8504fb3b7d1a5cb81b4e47121fb", "parents": [ "9a9284153d965a57edc7162a8e57c14c97f3a935" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jan 18 23:56:39 2013 +0200" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:50 2013 +1100" }, "message": "evm: checking if removexattr is not a NULL\n\nThe following lines of code produce a kernel oops.\n\nfd \u003d socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);\nfchmod(fd, 0666);\n\n[ 139.922364] BUG: unable to handle kernel NULL pointer dereference at (null)\n[ 139.924982] IP: [\u003c (null)\u003e] (null)\n[ 139.924982] *pde \u003d 00000000\n[ 139.924982] Oops: 0000 [#5] SMP\n[ 139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button\n[ 139.924982] Pid: 3070, comm: acpid Tainted: G D 3.8.0-rc2-kds+ #465 Bochs Bochs\n[ 139.924982] EIP: 0060:[\u003c00000000\u003e] EFLAGS: 00010246 CPU: 0\n[ 139.924982] EIP is at 0x0\n[ 139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2\n[ 139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4\n[ 139.924982] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068\n[ 139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0\n[ 139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000\n[ 139.924982] DR6: ffff0ff0 DR7: 00000400\n[ 139.924982] Process acpid (pid: 3070, ti\u003dcc02c000 task\u003dd7705340 task.ti\u003dcc02c000)\n[ 139.924982] Stack:\n[ 139.924982] c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940\n[ 139.924982] e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3\n[ 139.924982] 00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08\n[ 139.924982] Call Trace:\n[ 139.924982] [\u003cc1203c88\u003e] ? evm_update_evmxattr+0x5b/0x62\n[ 139.924982] [\u003cc1203964\u003e] evm_inode_post_setattr+0x22/0x26\n[ 139.924982] [\u003cc10e20c3\u003e] notify_change+0x25f/0x281\n[ 139.924982] [\u003cc10cbf56\u003e] chmod_common+0x59/0x76\n[ 139.924982] [\u003cc10e27a1\u003e] ? put_unused_fd+0x33/0x33\n[ 139.924982] [\u003cc10cca09\u003e] sys_fchmod+0x39/0x5c\n[ 139.924982] [\u003cc13f4f30\u003e] syscall_call+0x7/0xb\n[ 139.924982] Code: Bad EIP value.\n\nThis happens because sockets do not define the removexattr operation.\nBefore removing the xattr, verify the removexattr function pointer is\nnot NULL.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a175b8bb29ebbad380ab4788f307fbfc47997b19", "tree": "8e0dbb1def59d05412e57ff2f9fc089bb304bffa", "parents": [ "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:06:28 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:05 2013 -0500" }, "message": "ima: forbid write access to files with digital signatures\n\nThis patch forbids write access to files with digital signatures, as they\nare considered immutable.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0", "tree": "5779ef0eadc9b871f0b1b06cc0107d0c28dfc726", "parents": [ "ee866331749b07373743ce18ceaffb1dd841d855" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Sep 04 00:40:17 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:03 2013 -0500" }, "message": "ima: move full pathname resolution to separate function\n\nDefine a new function ima_d_path(), which returns the full pathname.\nThis function will be used further, for example, by the directory\nverification code.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ee866331749b07373743ce18ceaffb1dd841d855", "tree": "c99c1f5218e5a1f9fcf756142922a2a996870c57", "parents": [ "16cac49f727621c6b0467ffe15ed72c2febb1296" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 17:00:43 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:01 2013 -0500" }, "message": "integrity: reduce storage size for ima_status and evm_status\n\nThis patch reduces size of the iint structure by 8 bytes.\nIt saves about 15% of iint cache memory.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "16cac49f727621c6b0467ffe15ed72c2febb1296", "tree": "dc9b4914116ad2ecb1831184192470900e609a27", "parents": [ "b51524635b73cfa27cc393859b277cee9c042820" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Dec 13 11:15:04 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:59 2013 -0500" }, "message": "ima: rename FILE_MMAP to MMAP_CHECK\n\nRename FILE_MMAP hook to MMAP_CHECK to be consistent with the other\nhook names.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "b51524635b73cfa27cc393859b277cee9c042820", "tree": "c4fae16b423b732dce39b28faca4ae4f1dadc3f9", "parents": [ "750943a30714b7e9a5a2b0e08eeef7a808b5a869" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 01:01:29 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:57 2013 -0500" }, "message": "ima: remove security.ima hexdump\n\nHexdump is not really helping. Audit messages prints error messages.\nRemove it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "750943a30714b7e9a5a2b0e08eeef7a808b5a869", "tree": "a75f963abc43a13e3d1a558b2f8c3d47b018b63d", "parents": [ "def3e8b9ee23cb69036910e48ec4e3eff40e04cb" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:57:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:44 2013 -0500" }, "message": "ima: remove enforce checking duplication\n\nBased on the IMA appraisal policy, files are appraised. For those\nfiles appraised, the IMA hooks return the integrity appraisal result,\nassuming IMA-appraisal is in enforcing mode. This patch combines\nboth of these criteria (in policy and enforcing file integrity),\nremoving the checking duplication.\n\nChangelog v1:\n- Update hook comments\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "def3e8b9ee23cb69036910e48ec4e3eff40e04cb", "tree": "0840ab9e618f15f4c3c5e8ee6fafe5a17c814af2", "parents": [ "e90805656d4683f84d360276102ae63adc777a38" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 20 22:38:53 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:07 2013 -0500" }, "message": "ima: set appraise status in fix mode only when xattr is fixed\n\nWhen a file system is mounted read-only, setting the xattr value in\nfix mode fails with an error code -EROFS. The xattr should be fixed\nafter the file system is remounted read-write. This patch verifies\nthat the set xattr succeeds, before setting the appraise status value\nto INTEGRITY_PASS.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "e90805656d4683f84d360276102ae63adc777a38", "tree": "b252fcd8e8b1f0fde0277c24413ad21c857515c2", "parents": [ "7163a993840f0906d4ce1e3f193575c99dac21e1" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 17:11:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:05 2013 -0500" }, "message": "evm: remove unused cleanup functions\n\nEVM cannot be built as a kernel module. Remove the unncessary __exit\nfunctions.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7163a993840f0906d4ce1e3f193575c99dac21e1", "tree": "3c1c04f5da24cf2492b20b861c9974549978436c", "parents": [ "cf9ce948f47640797bd19980e1d99c6d17d0bdc3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 03 14:19:09 2013 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:03 2013 -0500" }, "message": "ima: re-initialize IMA policy LSM info\n\nAlthough the IMA policy does not change, the LSM policy can be\nreloaded, leaving the IMA LSM based rules referring to the old,\nstale LSM policy. This patch updates the IMA LSM based rules\nto reflect the reloaded LSM policy.\n\nReported-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\ntested-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "5dbbaf2de89613d19a9286d4db0a535ca2735d26", "tree": "1eaa64968a8ecf83aee4d2f6792840abde6c4916", "parents": [ "6f96c142f77c96a34ac377a3616ee7abcd77fb4d" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:19 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "tun: fix LSM/SELinux labeling of tun/tap devices\n\nThis patch corrects some problems with LSM/SELinux that were introduced\nwith the multiqueue patchset. The problem stems from the fact that the\nmultiqueue work changed the relationship between the tun device and its\nassociated socket; before the socket persisted for the life of the\ndevice, however after the multiqueue changes the socket only persisted\nfor the life of the userspace connection (fd open). For non-persistent\ndevices this is not an issue, but for persistent devices this can cause\nthe tun device to lose its SELinux label.\n\nWe correct this problem by adding an opaque LSM security blob to the\ntun device struct which allows us to have the LSM security state, e.g.\nSELinux labeling information, persist for the lifetime of the tun\ndevice. In the process we tweak the LSM hooks to work with this new\napproach to TUN device/socket labeling and introduce a new LSM hook,\nsecurity_tun_dev_attach_queue(), to approve requests to attach to a\nTUN queue via TUNSETQUEUE.\n\nThe SELinux code has been adjusted to match the new LSM hooks, the\nother LSMs do not make use of the LSM TUN controls. This patch makes\nuse of the recently added \"tun_socket:attach_queue\" permission to\nrestrict access to the TUNSETQUEUE operation. On older SELinux\npolicies which do not define the \"tun_socket:attach_queue\" permission\nthe access control decision for TUNSETQUEUE will be handled according\nto the SELinux policy\u0027s unknown permission setting.\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f96c142f77c96a34ac377a3616ee7abcd77fb4d", "tree": "a481cf442e39dae7f0392b38db461f5b3076e7eb", "parents": [ "cce894bb824429fd312706c7012acae43e725865" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:13 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "selinux: add the \"attach_queue\" permission to the \"tun_socket\" class\n\nAdd a new permission to align with the new TUN multiqueue support,\n\"tun_socket:attach_queue\".\n\nThe corresponding SELinux reference policy patch is show below:\n\n diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors\n index 28802c5..a0664a1 100644\n --- a/policy/flask/access_vectors\n +++ b/policy/flask/access_vectors\n @@ -827,6 +827,9 @@ class kernel_service\n\n class tun_socket\n inherits socket\n +{\n + attach_queue\n +}\n\n class x_pointer\n inherits x_device\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a7f2a366f62319dfebf8d4dfe8b211f631c78457", "tree": "67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2", "parents": [ "a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Dec 21 08:34:21 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 24 09:35:48 2012 -0500" }, "message": "ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall\n\nThe new kernel module syscall appraises kernel modules based\non policy. If the IMA policy requires kernel module checking,\nfallback to module signature enforcing for the existing syscall.\nWithout CONFIG_MODULE_SIG_FORCE enabled, the kernel module\u0027s\nintegrity is unknown, return -EACCES.\n\nChangelog v1:\n- Fix ima_module_check() return result (Tetsuo Handa)\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "e67eab39bee26f509d38d00ca1a8f24b63f46a31", "tree": "252072ae63bd5ecb8186242ace12e7df3a1311ad", "parents": [ "a68c2f12b4b28994aaf622bbe5724b7258cc2fcf" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Dec 20 15:05:54 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 20 17:40:21 2012 -0800" }, "message": "keys: fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9eb127cc04c4005c8c0708ce92146d91da862b42", "tree": "bebab2c136110edf32d6cf32f898871df9fbb0e6", "parents": [ "e32795503de02da4e7e74a5e039cc268f6a0ecfb", "152a2a8b5e1d4cbe91a7c66f1028db15164a3766" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nPull networking fixes from David Miller:\n\n 1) Really fix tuntap SKB use after free bug, from Eric Dumazet.\n\n 2) Adjust SKB data pointer to point past the transport header before\n calling icmpv6_notify() so that the headers are in the state which\n that function expects. From Duan Jiong.\n\n 3) Fix ambiguities in the new tuntap multi-queue APIs. From Jason\n Wang.\n\n 4) mISDN needs to use del_timer_sync(), from Konstantin Khlebnikov.\n\n 5) Don\u0027t destroy mutex after freeing up device private in mac802154,\n fix also from Konstantin Khlebnikov.\n\n 6) Fix INET request socket leak in TCP and DCCP, from Christoph Paasch.\n\n 7) SCTP HMAC kconfig rework, from Neil Horman.\n\n 8) Fix SCTP jprobes function signature, otherwise things explode, from\n Daniel Borkmann.\n\n 9) Fix typo in ipv6-offload Makefile variable reference, from Simon\n Arlott.\n\n10) Don\u0027t fail USBNET open just because remote wakeup isn\u0027t supported,\n from Oliver Neukum.\n\n11) be2net driver bug fixes from Sathya Perla.\n\n12) SOLOS PCI ATM driver bug fixes from Nathan Williams and David\n Woodhouse.\n\n13) Fix MTU changing regression in 8139cp driver, from John Greene.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)\n solos-pci: ensure all TX packets are aligned to 4 bytes\n solos-pci: add firmware upgrade support for new models\n solos-pci: remove superfluous debug output\n solos-pci: add GPIO support for newer versions on Geos board\n 8139cp: Prevent dev_close/cp_interrupt race on MTU change\n net: qmi_wwan: add ZTE MF880\n drivers/net: Use of_match_ptr() macro in smsc911x.c\n drivers/net: Use of_match_ptr() macro in smc91x.c\n ipv6: addrconf.c: remove unnecessary \"if\"\n bridge: Correctly encode addresses when dumping mdb entries\n bridge: Do not unregister all PF_BRIDGE rtnl operations\n use generic usbnet_manage_power()\n usbnet: generic manage_power()\n usbnet: handle PM failure gracefully\n ksz884x: fix receive polling race condition\n qlcnic: update driver version\n qlcnic: fix unused variable warnings\n net: fec: forbid FEC_PTP on SoCs that do not support\n be2net: fix wrong frag_idx reported by RX CQ\n be2net: fix be_close() to ensure all events are ack\u0027ed\n ...\n" }, { "commit": "7a684c452e2589f3ddd7e2d466b4f747d3715ad9", "tree": "fed803e7450770993575b37807ba2195eafd5b0e", "parents": [ "7f2de8171ddf28fdb2ca7f9a683ee1207849f718", "e10e1774efbdaec54698454200619a03a01e1d64" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "message": "Merge tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module update from Rusty Russell:\n \"Nothing all that exciting; a new module-from-fd syscall for those who\n want to verify the source of the module (ChromeOS) and/or use standard\n IMA on it or other security hooks.\"\n\n* tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:\n MODSIGN: Fix kbuild output when using default extra_certificates\n MODSIGN: Avoid using .incbin in C source\n modules: don\u0027t hand 0 to vmalloc.\n module: Remove a extra null character at the top of module-\u003estrtab.\n ASN.1: Use the ASN1_LONG_TAG and ASN1_INDEFINITE_LENGTH constants\n ASN.1: Define indefinite length marker constant\n moduleparam: use __UNIQUE_ID()\n __UNIQUE_ID()\n MODSIGN: Add modules_sign make target\n powerpc: add finit_module syscall.\n ima: support new kernel module syscall\n add finit_module syscall to asm-generic\n ARM: add finit_module syscall to ARM\n security: introduce kernel_module_from_file hook\n module: add flags arg to sys_finit_module()\n module: add syscall to load module from fd\n" }, { "commit": "a2faf2fc534f57ba26bc4d613795236ed4f5fb1c", "tree": "d75c4daadb469c8f08c498532fbf1fff68879e69", "parents": [ "4351654e3ddf86a04966163dce4def586303e5cc", "5155040ed349950e16c093ba8e65ad534994df2a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull (again) user namespace infrastructure changes from Eric Biederman:\n \"Those bugs, those darn embarrasing bugs just want don\u0027t want to get\n fixed.\n\n Linus I just updated my mirror of your kernel.org tree and it appears\n you successfully pulled everything except the last 4 commits that fix\n those embarrasing bugs.\n\n When you get a chance can you please repull my branch\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:\n userns: Fix typo in description of the limitation of userns_install\n userns: Add a more complete capability subset test to commit_creds\n userns: Require CAP_SYS_ADMIN for most uses of setns.\n Fix cap_capable to only allow owners in the parent user namespace to have caps.\n" }, { "commit": "6a2b60b17b3e48a418695a94bd2420f6ab32e519", "tree": "54b7792fa68b8890f710fa6398b6ba8626a039a8", "parents": [ "9228ff90387e276ad67b10c0eb525c9d6a57d5e9", "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"While small this set of changes is very significant with respect to\n containers in general and user namespaces in particular. The user\n space interface is now complete.\n\n This set of changes adds support for unprivileged users to create user\n namespaces and as a user namespace root to create other namespaces.\n The tyranny of supporting suid root preventing unprivileged users from\n using cool new kernel features is broken.\n\n This set of changes completes the work on setns, adding support for\n the pid, user, mount namespaces.\n\n This set of changes includes a bunch of basic pid namespace\n cleanups/simplifications. Of particular significance is the rework of\n the pid namespace cleanup so it no longer requires sending out\n tendrils into all kinds of unexpected cleanup paths for operation. At\n least one case of broken error handling is fixed by this cleanup.\n\n The files under /proc/\u003cpid\u003e/ns/ have been converted from regular files\n to magic symlinks which prevents incorrect caching by the VFS,\n ensuring the files always refer to the namespace the process is\n currently using and ensuring that the ptrace_mayaccess permission\n checks are always applied.\n\n The files under /proc/\u003cpid\u003e/ns/ have been given stable inode numbers\n so it is now possible to see if different processes share the same\n namespaces.\n\n Through the David Miller\u0027s net tree are changes to relax many of the\n permission checks in the networking stack to allowing the user\n namespace root to usefully use the networking stack. Similar changes\n for the mount namespace and the pid namespace are coming through my\n tree.\n\n Two small changes to add user namespace support were commited here adn\n in David Miller\u0027s -net tree so that I could complete the work on the\n /proc/\u003cpid\u003e/ns/ files in this tree.\n\n Work remains to make it safe to build user namespaces and 9p, afs,\n ceph, cifs, coda, gfs2, ncpfs, nfs, nfsd, ocfs2, and xfs so the\n Kconfig guard remains in place preventing that user namespaces from\n being built when any of those filesystems are enabled.\n\n Future design work remains to allow root users outside of the initial\n user namespace to mount more than just /proc and /sys.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (38 commits)\n proc: Usable inode numbers for the namespace file descriptors.\n proc: Fix the namespace inode permission checks.\n proc: Generalize proc inode allocation\n userns: Allow unprivilged mounts of proc and sysfs\n userns: For /proc/self/{uid,gid}_map derive the lower userns from the struct file\n procfs: Print task uids and gids in the userns that opened the proc file\n userns: Implement unshare of the user namespace\n userns: Implent proc namespace operations\n userns: Kill task_user_ns\n userns: Make create_new_namespaces take a user_ns parameter\n userns: Allow unprivileged use of setns.\n userns: Allow unprivileged users to create new namespaces\n userns: Allow setting a userns mapping to your current uid.\n userns: Allow chown and setgid preservation\n userns: Allow unprivileged users to create user namespaces.\n userns: Ignore suid and sgid on binaries if the uid or gid can not be mapped\n userns: fix return value on mntns_install() failure\n vfs: Allow unprivileged manipulation of the mount namespace.\n vfs: Only support slave subtrees across different user namespaces\n vfs: Add a user namespace reference from struct mnt_namespace\n ...\n" }, { "commit": "2a74dbb9a86e8102dcd07d284135b4530a84826e", "tree": "a54403e312b6062dfb57bd904ba8b8ce3b11e720", "parents": [ "770b6cb4d21fb3e3df2a7a51e186a3c14db1ec30", "e93072374112db9dc86635934ee761249be28370" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"A quiet cycle for the security subsystem with just a few maintenance\n updates.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n Smack: create a sysfs mount point for smackfs\n Smack: use select not depends in Kconfig\n Yama: remove locking from delete path\n Yama: add RCU to drop read locking\n drivers/char/tpm: remove tasklet and cleanup\n KEYS: Use keyring_alloc() to create special keyrings\n KEYS: Reduce initial permissions on keys\n KEYS: Make the session and process keyrings per-thread\n seccomp: Make syscall skipping and nr changes more consistent\n key: Fix resource leak\n keys: Fix unreachable code\n KEYS: Add payload preparsing opportunity prior to key instantiate or update\n" }, { "commit": "9dd9ff99532d7a7f8222fd1f0d410d91c0f15ac5", "tree": "71a4981ece4592723cf6f0a37289e50a1028fbbf", "parents": [ "0d0863b02002c25140a1b9e113b81211bcc780e8" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Fri Dec 14 22:09:50 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 15 17:14:38 2012 -0800" }, "message": "bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "520d9eabce18edfef76a60b7b839d54facafe1f9", "tree": "69aed7689a6467f88aad8ea43790d5cf2f30ec7c", "parents": [ "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Dec 13 18:06:40 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 14 13:50:32 2012 -0800" }, "message": "Fix cap_capable to only allow owners in the parent user namespace to have caps.\n\nAndy Lutomirski pointed out that the current behavior of allowing the\nowner of a user namespace to have all caps when that owner is not in a\nparent user namespace is wrong. Add a test to ensure the owner of a user\nnamespace is in the parent of the user namespace to fix this bug.\n\nThankfully this bug did not apply to the initial user namespace, keeping\nthe mischief that can be caused by this bug quite small.\n\nThis is bug was introduced in v3.5 by commit 783291e6900\n\"Simplify the user_namespace by making userns-\u003ecreator a kuid.\"\nBut did not matter until the permisions required to create\na user namespace were relaxed allowing a user namespace to be created\ninside of a user namespace.\n\nThe bug made it possible for the owner of a user namespace to be\npresent in a child user namespace. Since the owner of a user nameapce\nis granted all capabilities it became possible for users in a\ngrandchild user namespace to have all privilges over their parent user\nnamspace.\n\nReorder the checks in cap_capable. This should make the common case\nfaster and make it clear that nothing magic happens in the initial\nuser namespace. The reordering is safe because cred-\u003euser_ns\ncan only be in targ_ns or targ_ns-\u003eparent but not both.\n\nAdd a comment a the top of the loop to make the logic of\nthe code clear.\n\nAdd a distinct variable ns that changes as we walk up\nthe user namespace hierarchy to make it clear which variable\nis changing.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e93072374112db9dc86635934ee761249be28370", "tree": "87abc5694cd43644e754f4a00a0b6a656eb5be19", "parents": [ "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 01 18:14:32 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:23 2012 -0800" }, "message": "Smack: create a sysfs mount point for smackfs\n\nThere are a number of \"conventions\" for where to put LSM filesystems.\nSmack adheres to none of them. Create a mount point at /sys/fs/smackfs\nfor mounting smackfs so that Smack can be conventional.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a", "tree": "8629b99d4166e0b5dd730a6e1a187e4b319e82f3", "parents": [ "3f0cc6ae86627de825d2371b6d61643f2ce58908" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Nov 02 11:28:11 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:10 2012 -0800" }, "message": "Smack: use select not depends in Kconfig\n\nThe components NETLABEL and SECURITY_NETWORK are required by\nSmack. Using \"depends\" in Kconfig hides the Smack option\nif the user hasn\u0027t figured out that they need to be enabled\nwhile using make menuconfig. Using select is a better choice.\nBecause select is not recursive depends on NET and SECURITY\nare added. The reflects similar usage in TOMOYO and AppArmor.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "fdf90729e57812cb12d7938e2dee7c71e875fb08", "tree": "0ec17c765406dedc37ac278823d50587d53d1525", "parents": [ "1625cee56f8e6193b5a0809a414dfa395bd9cf1e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Oct 16 12:40:08 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:26 2012 +1030" }, "message": "ima: support new kernel module syscall\n\nWith the addition of the new kernel module syscall, which defines two\narguments - a file descriptor to the kernel module and a pointer to a NULL\nterminated string of module arguments - it is now possible to measure and\nappraise kernel modules like any other file on the file system.\n\nThis patch adds support to measure and appraise kernel modules in an\nextensible and consistent manner.\n\nTo support filesystems without extended attribute support, additional\npatches could pass the signature as the first parameter.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "2e72d51b4ac32989496870cd8171b3682fea1839", "tree": "b8190d17aa5d59508f8c979ce0160f21bef89500", "parents": [ "2f3238aebedb243804f58d62d57244edec4149b2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Oct 16 07:32:07 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:24 2012 +1030" }, "message": "security: introduce kernel_module_from_file hook\n\nNow that kernel module origins can be reasoned about, provide a hook to\nthe LSMs to make policy decisions about the module file. This will let\nChrome OS enforce that loadable kernel modules can only come from its\nread-only hash-verified root filesystem. Other LSMs can, for example,\nread extended attributes for signatures, etc.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "a2013a13e68354e0c8f3696b69701803e13fb737", "tree": "a7e1da6bfad1aa2afd83f401874d606269ce90b4", "parents": [ "dadfab4873256d2145640c0ce468fcbfb48977fe", "106f9d9337f65bd428c0c79f650e3489e458d771" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\nPull trivial branch from Jiri Kosina:\n \"Usual stuff -- comment/printk typo fixes, documentation updates, dead\n code elimination.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)\n HOWTO: fix double words typo\n x86 mtrr: fix comment typo in mtrr_bp_init\n propagate name change to comments in kernel source\n doc: Update the name of profiling based on sysfs\n treewide: Fix typos in various drivers\n treewide: Fix typos in various Kconfig\n wireless: mwifiex: Fix typo in wireless/mwifiex driver\n messages: i2o: Fix typo in messages/i2o\n scripts/kernel-doc: check that non-void fcts describe their return value\n Kernel-doc: Convention: Use a \"Return\" section to describe return values\n radeon: Fix typo and copy/paste error in comments\n doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c\n various: Fix spelling of \"asynchronous\" in comments.\n Fix misspellings of \"whether\" in comments.\n eisa: Fix spelling of \"asynchronous\".\n various: Fix spelling of \"registered\" in comments.\n doc: fix quite a few typos within Documentation\n target: iscsi: fix comment typos in target/iscsi drivers\n treewide: fix typo of \"suport\" in various comments and Kconfig\n treewide: fix typo of \"suppport\" in various comments\n ...\n" }, { "commit": "6be35c700f742e911ecedd07fcc43d4439922334", "tree": "ca9f37214d204465fcc2d79c82efd291e357c53c", "parents": [ "e37aa63e87bd581f9be5555ed0ba83f5295c92fc", "520dfe3a3645257bf83660f672c47f8558f3d4c4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n1) Allow to dump, monitor, and change the bridge multicast database\n using netlink. From Cong Wang.\n\n2) RFC 5961 TCP blind data injection attack mitigation, from Eric\n Dumazet.\n\n3) Networking user namespace support from Eric W. Biederman.\n\n4) tuntap/virtio-net multiqueue support by Jason Wang.\n\n5) Support for checksum offload of encapsulated packets (basically,\n tunneled traffic can still be checksummed by HW). From Joseph\n Gasparakis.\n\n6) Allow BPF filter access to VLAN tags, from Eric Dumazet and\n Daniel Borkmann.\n\n7) Bridge port parameters over netlink and BPDU blocking support\n from Stephen Hemminger.\n\n8) Improve data access patterns during inet socket demux by rearranging\n socket layout, from Eric Dumazet.\n\n9) TIPC protocol updates and cleanups from Ying Xue, Paul Gortmaker, and\n Jon Maloy.\n\n10) Update TCP socket hash sizing to be more in line with current day\n realities. The existing heurstics were choosen a decade ago.\n From Eric Dumazet.\n\n11) Fix races, queue bloat, and excessive wakeups in ATM and\n associated drivers, from Krzysztof Mazur and David Woodhouse.\n\n12) Support DOVE (Distributed Overlay Virtual Ethernet) extensions\n in VXLAN driver, from David Stevens.\n\n13) Add \"oops_only\" mode to netconsole, from Amerigo Wang.\n\n14) Support set and query of VEB/VEPA bridge mode via PF_BRIDGE, also\n allow DCB netlink to work on namespaces other than the initial\n namespace. From John Fastabend.\n\n15) Support PTP in the Tigon3 driver, from Matt Carlson.\n\n16) tun/vhost zero copy fixes and improvements, plus turn it on\n by default, from Michael S. Tsirkin.\n\n17) Support per-association statistics in SCTP, from Michele\n Baldessari.\n\nAnd many, many, driver updates, cleanups, and improvements. Too\nnumerous to mention individually.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1722 commits)\n net/mlx4_en: Add support for destination MAC in steering rules\n net/mlx4_en: Use generic etherdevice.h functions.\n net: ethtool: Add destination MAC address to flow steering API\n bridge: add support of adding and deleting mdb entries\n bridge: notify mdb changes via netlink\n ndisc: Unexport ndisc_{build,send}_skb().\n uapi: add missing netconf.h to export list\n pkt_sched: avoid requeues if possible\n solos-pci: fix double-free of TX skb in DMA mode\n bnx2: Fix accidental reversions.\n bna: Driver Version Updated to 3.1.2.1\n bna: Firmware update\n bna: Add RX State\n bna: Rx Page Based Allocation\n bna: TX Intr Coalescing Fix\n bna: Tx and Rx Optimizations\n bna: Code Cleanup and Enhancements\n ath9k: check pdata variable before dereferencing it\n ath5k: RX timestamp is reported at end of frame\n ath9k_htc: RX timestamp is reported at end of frame\n ...\n" }, { "commit": "d206e09036d6201f90b2719484c8a59526c46125", "tree": "84b9057919bcb8cfd1cff47baa5fc74457e77d6d", "parents": [ "fef3ff2eb777e76cfa5ae67591982d902c17139c", "15ef4ffaa797034d5ff82844daf8f595d7c6d53c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "message": "Merge branch \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"A lot of activities on cgroup side. The big changes are focused on\n making cgroup hierarchy handling saner.\n\n - cgroup_rmdir() had peculiar semantics - it allowed cgroup\n destruction to be vetoed by individual controllers and tried to\n drain refcnt synchronously. The vetoing never worked properly and\n caused good deal of contortions in cgroup. memcg was the last\n reamining user. Michal Hocko removed the usage and cgroup_rmdir()\n path has been simplified significantly. This was done in a\n separate branch so that the memcg people can base further memcg\n changes on top.\n\n - The above allowed cleaning up cgroup lifecycle management and\n implementation of generic cgroup iterators which are used to\n improve hierarchy support.\n\n - cgroup_freezer updated to allow migration in and out of a frozen\n cgroup and handle hierarchy. If a cgroup is frozen, all descendant\n cgroups are frozen.\n\n - netcls_cgroup and netprio_cgroup updated to handle hierarchy\n properly.\n\n - Various fixes and cleanups.\n\n - Two merge commits. One to pull in memcg and rmdir cleanups (needed\n to build iterators). The other pulled in cgroup/for-3.7-fixes for\n device_cgroup fixes so that further device_cgroup patches can be\n stacked on top.\"\n\nFixed up a trivial conflict in mm/memcontrol.c as per Tejun (due to\ncommit bea8c150a7 (\"memcg: fix hotplugged memory zone oops\") in master\ntouching code close to commit 2ef37d3fe4 (\"memcg: Simplify\nmem_cgroup_force_empty_list error handling\") in for-3.8)\n\n* \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (65 commits)\n cgroup: update Documentation/cgroups/00-INDEX\n cgroup_rm_file: don\u0027t delete the uncreated files\n cgroup: remove subsystem files when remounting cgroup\n cgroup: use cgroup_addrm_files() in cgroup_clear_directory()\n cgroup: warn about broken hierarchies only after css_online\n cgroup: list_del_init() on removed events\n cgroup: fix lockdep warning for event_control\n cgroup: move list add after list head initilization\n netprio_cgroup: allow nesting and inherit config on cgroup creation\n netprio_cgroup: implement netprio[_set]_prio() helpers\n netprio_cgroup: use cgroup-\u003eid instead of cgroup_netprio_state-\u003eprioidx\n netprio_cgroup: reimplement priomap expansion\n netprio_cgroup: shorten variable names in extend_netdev_table()\n netprio_cgroup: simplify write_priomap()\n netcls_cgroup: move config inheritance to -\u003ecss_online() and remove .broken_hierarchy marking\n cgroup: remove obsolete guarantee from cgroup_task_migrate.\n cgroup: add cgroup-\u003eid\n cgroup, cpuset: remove cgroup_subsys-\u003epost_clone()\n cgroup: s/CGRP_CLONE_CHILDREN/CGRP_CPUSET_CLONE_CHILDREN/\n cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n ...\n" }, { "commit": "6e73d71d8485607c692302d2058894588e3a387f", "tree": "ef660acbe7b5076beca493af6fe351ed17404fa0", "parents": [ "7c77ab24e30bad7598b5cfda93be6f32ed439c2f" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 18:59:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 10 14:09:01 2012 -0500" }, "message": "rtnetlink: add missing message types to selinux perm table\n\nRebased on the latest net-next tree.\n\nRTM_NEWNETCONF and RTM_GETNETCONF are missing in this table.\n\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ee07c6e7a6f8a25c18f0a6b18152fbd7499245f6", "tree": "055d61934deeedf93eefbde3106f6a751c35d932", "parents": [ "5d248c491b38d4f1b2a0bd7721241d68cd0b3067" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 00:04:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 07 14:32:52 2012 -0500" }, "message": "bridge: export multicast database via netlink\n\nV5: fix two bugs pointed out by Thomas\n remove seq check for now, mark it as TODO\n\nV4: remove some useless #include\n some coding style fix\n\nV3: drop debugging printk\u0027s\n update selinux perm table as well\n\nV2: drop patch 1/2, export ifindex directly\n Redesign netlink attributes\n Improve netlink seq check\n Handle IPv6 addr as well\n\nThis patch exports bridge multicast database via netlink\nmessage type RTM_GETMDB. Similar to fdb, but currently bridge-specific.\nWe may need to support modify multicast database too (RTM_{ADD,DEL}MDB).\n\n(Thanks to Thomas for patient reviews)\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Jesper Dangaard Brouer \u003cbrouer@redhat.com\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88a693b5c1287be4da937699cb82068ce9db0135", "tree": "a18c1d6ee8e7792a3fb6741361b8fb84d16636af", "parents": [ "99b6e1e7233073a23a20824db8c5260a723ed192" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Thu Nov 08 16:09:27 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Nov 21 21:55:32 2012 +1100" }, "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0: (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "235e752789eb65a81477bb82845323dfcbf93012", "tree": "c4efa5eff81c01029ab884c0d43af16bb91b44b4", "parents": [ "93b69d437effff11b1c37f330d3265c37ec2f84b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Nov 19 15:21:26 2012 -0800" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:08 2012 -0800" }, "message": "Yama: remove locking from delete path\n\nInstead of locking the list during a delete, mark entries as invalid\nand trigger a workqueue to clean them up. This lets us easily handle\ntask_free from interrupt context.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\n" }, { "commit": "93b69d437effff11b1c37f330d3265c37ec2f84b", "tree": "59473ffd3079719ebdff415fef688ee29f1f5eb8", "parents": [ "b5666502700855a1eb1a15482005b22478b9460e" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Oct 18 14:53:58 2012 -0700" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:07 2012 -0800" }, "message": "Yama: add RCU to drop read locking\n\nStop using spinlocks in the read path. Add RCU list to handle the readers.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReviewed-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4c44aaafa8108f584831850ab48a975e971db2de", "tree": "c86f225e8256d28271acf3ea8926e70358f3e5c1", "parents": [ "bcf58e725ddc45d31addbc6627d4f0edccc824c1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Jul 26 05:05:21 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Nov 20 04:17:44 2012 -0800" }, "message": "userns: Kill task_user_ns\n\nThe task_user_ns function hides the fact that it is getting the user\nnamespace from struct cred on the task. struct cred may go away as\nsoon as the rcu lock is released. This leads to a race where we\ncan dereference a stale user namespace pointer.\n\nTo make it obvious a struct cred is involved kill task_user_ns.\n\nTo kill the race modify the users of task_user_ns to only\nreference the user namespace while the rcu lock is held.\n\nCc: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "92fb97487a7e41b222c1417cabd1d1ab7cc3a48c", "tree": "c220c622b9ac9b16535535d448e9cd29be72c77e", "parents": [ "b1929db42f8a649d9a9e397119f628c27fd4021f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "message": "cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n\nRename cgroup_subsys css lifetime related callbacks to better describe\nwhat their roles are. Also, update documentation.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "4b1c7840b7d01b14a1a00fa0e61b761d4391ba67", "tree": "1e93e0a8a0bb6fb2f5934a58a6eb32b3077b18b8", "parents": [ "5b805f2a7675634fbdf9ac1c9b2256905ab2ea68" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:16:53 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:28:04 2012 -0800" }, "message": "device_cgroup: add lockdep asserts\n\ndevice_cgroup uses RCU safe -\u003eexceptions list which is write-protected\nby devcgroup_mutex and has had some issues using locking correctly.\nAdd lockdep asserts to utility functions so that future errors can be\neasily detected.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "201e72acb2d3821e2de9ce6091e98859c316b29a", "tree": "01e47038346474d659714151b8209673c11f330a", "parents": [ "64e104771351d365e51e588a0e9a656ae6ed2f50" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:17:37 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:25:51 2012 -0800" }, "message": "device_cgroup: fix RCU usage\n\ndev_cgroup-\u003eexceptions is protected with devcgroup_mutex for writes\nand RCU for reads; however, RCU usage isn\u0027t correct.\n\n* dev_exception_clean() doesn\u0027t use RCU variant of list_del() and\n kfree(). The function can race with may_access() and may_access()\n may end up dereferencing already freed memory. Use list_del_rcu()\n and kfree_rcu() instead.\n\n* may_access() may be called only with RCU read locked but doesn\u0027t use\n RCU safe traversal over -\u003eexceptions. Use list_for_each_entry_rcu().\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: stable@vger.kernel.org\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "64e104771351d365e51e588a0e9a656ae6ed2f50", "tree": "e5078e0ba32729735846aa465c1f53f5d98c11ac", "parents": [ "3d70f8c617a436c7146ecb81df2265b4626dfe89" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Tue Nov 06 07:25:04 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 07:25:20 2012 -0800" }, "message": "device_cgroup: fix unchecked cgroup parent usage\n\nIn 4cef7299b478687 (\"device_cgroup: add proper checking when changing\ndefault behavior\") the cgroup parent usage is unchecked. root will not\nhave a parent and trying to use device.{allow,deny} will cause problems.\nFor some reason my stressing scripts didn\u0027t test the root directory so I\ndidn\u0027t catch it on my regular tests.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "3bd7bf1f0fe14f591c089ae61bbfa9bd356f178a", "tree": "0058693cc9e70b7461dae551f8a19aff2efd13ca", "parents": [ "f16f84937d769c893492160b1a8c3672e3992beb", "e657e078d3dfa9f96976db7a2b5fd7d7c9f1f1a6" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:28:52 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:29:19 2012 +0100" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nSync up with Linus\u0027 tree to be able to apply Cesar\u0027s patch\nagainst newer version of the code.\n\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "4cef7299b4786879a3e113e84084a72b24590c5b", "tree": "31efb5e00be1c1e5cc266046c783c7569e495ede", "parents": [ "26fd8405dd470cb8b54cb96859b7dd437e5e1391" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:45 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: add proper checking when changing default behavior\n\nBefore changing a group\u0027s default behavior to ALLOW, we must check if\nits parent\u0027s behavior is also ALLOW.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "26fd8405dd470cb8b54cb96859b7dd437e5e1391", "tree": "c4d77df24842b0d980ccd10e09b00c6230db3176", "parents": [ "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: stop using simple_strtoul()\n\nConvert the code to use kstrtou32() instead of simple_strtoul() which is\ndeprecated. The real size of the variables are u32, so use kstrtou32\ninstead of kstrtoul\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f", "tree": "404da02312a547f3ff66003fe4002a4b4ff14dcb", "parents": [ "8c9506d16925f1b1314d93af383ca3134eb534d8" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:38 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: rename deny_all to behavior\n\nThis was done in a v2 patch but v1 ended up being committed. The\nvariable name is less confusing and stores the default behavior when no\nmatching exception exists.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8c9506d16925f1b1314d93af383ca3134eb534d8", "tree": "e14dbc5816b375463b8d37eda0f79bcd0ea96a3b", "parents": [ "ef5d437f71afdf4afdbab99213add99f4b1318fd" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Thu Oct 25 13:37:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "cgroup: fix invalid rcu dereference\n\nCommit ad676077a2ae (\"device_cgroup: convert device_cgroup internally to\npolicy + exceptions\") removed rcu locks which are needed in\ntask_devcgroup called in this chain:\n\n devcgroup_inode_mknod OR __devcgroup_inode_permission -\u003e\n __devcgroup_inode_permission -\u003e\n task_devcgroup -\u003e\n task_subsys_state -\u003e\n task_subsys_state_check.\n\nChange the code so that task_devcgroup is safely called with rcu read\nlock held.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.6.0-rc5-next-20120913+ #42 Not tainted\n -------------------------------\n include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by kdevtmpfs/23:\n #0: (sb_writers){.+.+.+}, at: [\u003cffffffff8116873f\u003e]\n mnt_want_write+0x1f/0x50\n #1: (\u0026sb-\u003es_type-\u003ei_mutex_key#3/1){+.+.+.}, at: [\u003cffffffff811558af\u003e]\n kern_path_create+0x7f/0x170\n\n stack backtrace:\n Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42\n Call Trace:\n lockdep_rcu_suspicious+0xfd/0x130\n devcgroup_inode_mknod+0x19d/0x240\n vfs_mknod+0x71/0xf0\n handle_create.isra.2+0x72/0x200\n devtmpfsd+0x114/0x140\n ? handle_create.isra.2+0x200/0x200\n kthread+0xd6/0xe0\n kernel_thread_helper+0x4/0x10\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b010520ab3d2c05eb444ed5e01fe6c33842f597a", "tree": "cf958deb54615a8ff5432bdbf3b70da2a76b9508", "parents": [ "6f7c962c0b8efc78aec4c5514865fb5be83f4d92" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Oct 25 15:23:35 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Thu Oct 25 18:00:27 2012 +0200" }, "message": "keys: Fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "2e680dd61e80592385338bfbeb86833d1c60546c", "tree": "a62b80465dd15a7fddb34367ccb7c94e47951dc5", "parents": [ "0e9e3e306c7e472bdcffa34c4c4584301eda03b3" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 24 06:27:32 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Oct 25 02:12:50 2012 +1100" }, "message": "apparmor: fix IRQ stack overflow during free_profile\n\nBugLink: http://bugs.launchpad.net/bugs/1056078\n\nProfile replacement can cause long chains of profiles to build up when\nthe profile being replaced is pinned. When the pinned profile is finally\nfreed, it puts the reference to its replacement, which may in turn nest\nanother call to free_profile on the stack. Because this may happen for\neach profile in the replacedby chain this can result in a recusion that\ncauses the stack to overflow.\n\nBreak this nesting by directly walking the chain of replacedby profiles\n(ie. use iteration instead of recursion to free the list). This results\nin at most 2 levels of free_profile being called, while freeing a\nreplacedby chain.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "43c422eda99b894f18d1cca17bcd2401efaf7bd0", "tree": "2de386d66b58edaace714ecf0364e47fcad38f7e", "parents": [ "985c9e615a605041d728c08b83d3dda19ae7def8" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 17 13:29:33 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Oct 17 16:29:46 2012 -0700" }, "message": "apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40\n\nThe capability defines have moved causing the auto generated names\nof capabilities that apparmor uses in logging to be incorrect.\n\nFix the autogenerated table source to uapi/linux/capability.h\n\nReported-by: YanHong \u003cclouds.yan@gmail.com\u003e\nReported-by: Krzysztof Kolasa \u003ckkolasa@winsoft.pl\u003e\nAnalyzed-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45525b26a46cd593cb72070304c4cd7c8391bd37", "tree": "9064f045ef433e4d74d281daa995ee3c082e806e", "parents": [ "dd8e8c4a2c902d8350b702e7bc7c2799e5e7e331" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:30:07 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:36:50 2012 -0400" }, "message": "fix a leak in replace_fd() users\n\nreplace_fd() began with \"eats a reference, tries to insert into\ndescriptor table\" semantics; at some point I\u0027d switched it to\nmuch saner current behaviour (\"try to insert into descriptor\ntable, grabbing a new reference if inserted; caller should do\nfput() in any case\"), but forgot to update the callers.\nMea culpa...\n\n[Spotted by Pavel Roskin, who has really weird system with pipe-fed\ncoredumps as part of what he considers a normal boot ;-)]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d", "tree": "f414482d768b015a609924293b779b4ad0b8f764", "parents": [ "b6eea87fc6850d3531a64a27d2323a4498cd4e43", "dbadc17683e6c673a69b236c0f041b931cc55c42" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "message": "Merge branch \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module signing support from Rusty Russell:\n \"module signing is the highlight, but it\u0027s an all-over David Howells frenzy...\"\n\nHmm \"Magrathea: Glacier signing key\". Somebody has been reading too much HHGTTG.\n\n* \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)\n X.509: Fix indefinite length element skip error handling\n X.509: Convert some printk calls to pr_devel\n asymmetric keys: fix printk format warning\n MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking\n MODSIGN: Make mrproper should remove generated files.\n MODSIGN: Use utf8 strings in signer\u0027s name in autogenerated X.509 certs\n MODSIGN: Use the same digest for the autogen key sig as for the module sig\n MODSIGN: Sign modules during the build process\n MODSIGN: Provide a script for generating a key ID from an X.509 cert\n MODSIGN: Implement module signature checking\n MODSIGN: Provide module signing public keys to the kernel\n MODSIGN: Automatically generate module signing keys if missing\n MODSIGN: Provide Kconfig options\n MODSIGN: Provide gitignore and make clean rules for extra files\n MODSIGN: Add FIPS policy\n module: signature checking hook\n X.509: Add a crypto key parser for binary (DER) X.509 certificates\n MPILIB: Provide a function to read raw data into an MPI\n X.509: Add an ASN.1 decoder\n X.509: Add simple ASN.1 grammar compiler\n ...\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9e2d8656f5e8aa214e66b462680cf86b210b74a8", "tree": "f67d62e896cedf75599ea45f9ecf9999c6ad24cd", "parents": [ "1ea4f4f8405cc1ceec23f2d261bc3775785e6712", "9e695d2ecc8451cc2c1603d60b5c8e7f5581923a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "message": "Merge branch \u0027akpm\u0027 (Andrew\u0027s patch-bomb)\n\nMerge patches from Andrew Morton:\n \"A few misc things and very nearly all of the MM tree. A tremendous\n amount of stuff (again), including a significant rbtree library\n rework.\"\n\n* emailed patches from Andrew Morton \u003cakpm@linux-foundation.org\u003e: (160 commits)\n sparc64: Support transparent huge pages.\n mm: thp: Use more portable PMD clearing sequenece in zap_huge_pmd().\n mm: Add and use update_mmu_cache_pmd() in transparent huge page code.\n sparc64: Document PGD and PMD layout.\n sparc64: Eliminate PTE table memory wastage.\n sparc64: Halve the size of PTE tables\n sparc64: Only support 4MB huge pages and 8KB base pages.\n memory-hotplug: suppress \"Trying to free nonexistent resource \u003cXXXXXXXXXXXXXXXX-YYYYYYYYYYYYYYYY\u003e\" warning\n mm: memcg: clean up mm_match_cgroup() signature\n mm: document PageHuge somewhat\n mm: use %pK for /proc/vmallocinfo\n mm, thp: fix mlock statistics\n mm, thp: fix mapped pages avoiding unevictable list on mlock\n memory-hotplug: update memory block\u0027s state and notify userspace\n memory-hotplug: preparation to notify memory block\u0027s state at memory hot remove\n mm: avoid section mismatch warning for memblock_type_name\n make GFP_NOTRACK definition unconditional\n cma: decrease cc.nr_migratepages after reclaiming pagelist\n CMA: migrate mlocked pages\n kpageflags: fix wrong KPF_THP on non-huge compound pages\n ...\n" }, { "commit": "314e51b9851b4f4e8ab302243ff5a6fc6147f379", "tree": "f757b89206355fd129830782566768693eed23ce", "parents": [ "0103bd16fb90bc741c7a03fd1ea4e8a505abad23" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:29:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:19 2012 +0900" }, "message": "mm: kill vma flag VM_RESERVED and mm-\u003ereserved_vm counter\n\nA long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,\ncurrently it lost original meaning but still has some effects:\n\n | effect | alternative flags\n-+------------------------+---------------------------------------------\n1| account as reserved_vm | VM_IO\n2| skip in core dump | VM_IO, VM_DONTDUMP\n3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n\nThis patch removes reserved_vm counter from mm_struct. Seems like nobody\ncares about it, it does not exported into userspace directly, it only\nreduces total_vm showed in proc.\n\nThus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.\n\nremap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.\nremap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.\n\n[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2dd8ad81e31d0d36a5d448329c646ab43eb17788", "tree": "cd358be45ed8067673edac7f1db6b6a42a96d9db", "parents": [ "0b173bc4daa8f8ec03a85abf5e47b23502ff80af" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:28:51 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:18 2012 +0900" }, "message": "mm: use mm-\u003eexe_file instead of first VM_EXECUTABLE vma-\u003evm_file\n\nSome security modules and oprofile still uses VM_EXECUTABLE for retrieving\na task\u0027s executable file. After this patch they will use mm-\u003eexe_file\ndirectly. mm-\u003eexe_file is protected with mm-\u003emmap_sem, so locking stays\nthe same.\n\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nAcked-by: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\t\t\t[arch/tile]\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\t[tomoyo]\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50e0d10232db05c6776afcf6098459bff47e8b15", "tree": "0e89971de6d960c8946cc9351d73b297347a0260", "parents": [ "8711798772641b2f593beebebcab5b1ec2309f0c", "c37d6154c0b9163c27e53cc1d0be3867b4abd760" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "message": "Merge tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic\n\nPull asm-generic updates from Arnd Bergmann:\n \"This has three changes for asm-generic that did not really fit into\n any other branch as normal asm-generic changes do. One is a fix for a\n build warning, the other two are more interesting:\n\n * A patch from Mark Brown to allow using the common clock\n infrastructure on all architectures, so we can use the clock API in\n architecture independent device drivers.\n\n * The UAPI split patches from David Howells for the asm-generic\n files. There are other architecture specific series that are going\n through the arch maintainer tree and that depend on this one.\n\n There may be a few small merge conflicts between Mark\u0027s patch and the\n following arch header file split patches. In each case the solution\n will be to keep the new \"generic-y +\u003d clkdev.h\" line, even if it ends\n up being the only line in the Kbuild file.\"\n\n* tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:\n UAPI: (Scripted) Disintegrate include/asm-generic\n asm-generic: Add default clkdev.h\n asm-generic: xor: mark static functions as __maybe_unused\n" }, { "commit": "cf7f601c067994f371ba77721d1e45fce61a4569", "tree": "4ff5a12ae84cf47a9815c3e3979341a66360cb31", "parents": [ "9bb9c3be56834653878f766f471fa1c20e562f4c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:49:48 2012 +1030" }, "message": "KEYS: Add payload preparsing opportunity prior to key instantiate or update\n\nGive the key type the opportunity to preparse the payload prior to the\ninstantiation and update routines being called. This is done with the\nprovision of two new key type operations:\n\n\tint (*preparse)(struct key_preparsed_payload *prep);\n\tvoid (*free_preparse)(struct key_preparsed_payload *prep);\n\nIf the first operation is present, then it is called before key creation (in\nthe add/update case) or before the key semaphore is taken (in the update and\ninstantiate cases). The second operation is called to clean up if the first\nwas called.\n\npreparse() is given the opportunity to fill in the following structure:\n\n\tstruct key_preparsed_payload {\n\t\tchar\t\t*description;\n\t\tvoid\t\t*type_data[2];\n\t\tvoid\t\t*payload;\n\t\tconst void\t*data;\n\t\tsize_t\t\tdatalen;\n\t\tsize_t\t\tquotalen;\n\t};\n\nBefore the preparser is called, the first three fields will have been cleared,\nthe payload pointer and size will be stored in data and datalen and the default\nquota size from the key_type struct will be stored into quotalen.\n\nThe preparser may parse the payload in any way it likes and may store data in\nthe type_data[] and payload fields for use by the instantiate() and update()\nops.\n\nThe preparser may also propose a description for the key by attaching it as a\nstring to the description field. This can be used by passing a NULL or \"\"\ndescription to the add_key() system call or the key_create_or_update()\nfunction. This cannot work with request_key() as that required the description\nto tell the upcall about the key to be created.\n\nThis, for example permits keys that store PGP public keys to generate their own\nname from the user ID and public key fingerprint in the key.\n\nThe instantiate() and update() operations are then modified to look like this:\n\n\tint (*instantiate)(struct key *key, struct key_preparsed_payload *prep);\n\tint (*update)(struct key *key, struct key_preparsed_payload *prep);\n\nand the new payload data is passed in *prep, whether or not it was preparsed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "638c87a91666df1f16866badee862ce38bf31e4a", "tree": "67be4d125ad6abe2eeee00eab12e0fc8f03fa099", "parents": [ "7cb9cf0224efd6d41b2bdd9bfb412b42aa4281f8", "d26e1936227b538a1691b978566ef269aef10853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull IMA bugfix (security subsystem) from James Morris.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n ima: fix bug in argument order\n" }, { "commit": "db9aeca97a58563e1ab927d157c9b5048f233e73", "tree": "6569621429efe0e6cc0529b78c50939913f0bd35", "parents": [ "ad676077a2ae4af4bb6627486ce19ccce04f1efe" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:20 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: rename whitelist to exception list\n\nThis patch replaces the \"whitelist\" usage in the code and comments and replace\nthem by exception list related information.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad676077a2ae4af4bb6627486ce19ccce04f1efe", "tree": "638e05256abe3b04f6acdbecf630b003143649c4", "parents": [ "868539a3b671e0f736ddd11b67bf1dc3d8a5a921" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:17 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: convert device_cgroup internally to policy + exceptions\n\nThe original model of device_cgroup is having a whitelist where all the\nallowed devices are listed. The problem with this approach is that is\nimpossible to have the case of allowing everything but few devices.\n\nThe reason for that lies in the way the whitelist is handled internally:\nsince there\u0027s only a whitelist, the \"all devices\" entry would have to be\nremoved and replaced by the entire list of possible devices but the ones\nthat are being denied. Since dev_t is 32 bits long, representing the allowed\ndevices as a bitfield is not memory efficient.\n\nThis patch replaces the \"whitelist\" by a \"exceptions\" list and the default\npolicy is kept as \"deny_all\" variable in dev_cgroup structure.\n\nThe current interface determines that whenever \"a\" is written to devices.allow\nor devices.deny, the entry masking all devices will be added or removed,\nrespectively. This behavior is kept and it\u0027s what will determine the default\npolicy:\n\n\t# cat devices.list\n\ta *:* rwm\n\t# echo a \u003edevices.deny\n\t# cat devices.list\n\t# echo a \u003edevices.allow\n\t# cat devices.list\n\ta *:* rwm\n\nThe interface is also preserved. For example, if one wants to block only access\nto /dev/null:\n\t# ls -l /dev/null\n\tcrw-rw-rw- 1 root root 1, 3 Jul 24 16:17 /dev/null\n\t# echo a \u003edevices.allow\n\t# echo \"c 1:3 rwm\" \u003edevices.deny\n\t# cat /dev/null\n\tcat: /dev/null: Operation not permitted\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 r\" \u003edevices.allow\n\t# cat /dev/null\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rw\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rwm\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\t#\n\nNote that I didn\u0027t rename the functions/variables in this patch, but in the\nnext one to make reviewing easier.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "868539a3b671e0f736ddd11b67bf1dc3d8a5a921", "tree": "2c2c10e2983c40ffad02fb01d55fad6f4a6b3175", "parents": [ "66b8ef67756b3051bf42a077a82c3c5c279caa5b" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:15 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: introduce dev_whitelist_clean()\n\nThis function cleans all the items in a whitelist and will be used by the next\npatches.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "66b8ef67756b3051bf42a077a82c3c5c279caa5b", "tree": "60527442334744981f0766dae6f46bf7ae9b4d4f", "parents": [ "12ae6779332181432a7feda740735ffa5bb3d32d" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:13 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:13 2012 +0900" }, "message": "device_cgroup: add \"deny_all\" in dev_cgroup structure\n\ndeny_all will determine if the default policy is to deny all device access\nunless for the ones in the exception list.\n\nThis variable will be used in the next patches to convert device_cgroup\ninternally into a default policy + rules.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d26e1936227b538a1691b978566ef269aef10853", "tree": "c1b803d6177f6c39932a159c7bdb2c557497e16f", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 18:26:53 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Oct 05 22:32:16 2012 +1000" }, "message": "ima: fix bug in argument order\n\nmask argument goes first, then func, like ima_must_measure\nand ima_get_action. ima_inode_post_setattr() assumes that.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498", "tree": "42ef93e164b8b2a01adab30db4b33f370f4280d7", "parents": [ "f3dfd599af993385b40fc7a1c947afc12729bc4d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "message": "UAPI: (Scripted) Disintegrate include/asm-generic\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nAcked-by: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Dave Jones \u003cdavej@redhat.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "aab174f0df5d72d31caccf281af5f614fa254578", "tree": "2a172c5009c4ac8755e858593154c258ce7709a0", "parents": [ "ca41cc96b2813221b05af57d0355157924de5a07", "2bd2c1941f141ad780135ccc1cd08ca71a24f10a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs update from Al Viro:\n\n - big one - consolidation of descriptor-related logics; almost all of\n that is moved to fs/file.c\n\n (BTW, I\u0027m seriously tempted to rename the result to fd.c. As it is,\n we have a situation when file_table.c is about handling of struct\n file and file.c is about handling of descriptor tables; the reasons\n are historical - file_table.c used to be about a static array of\n struct file we used to have way back).\n\n A lot of stray ends got cleaned up and converted to saner primitives,\n disgusting mess in android/binder.c is still disgusting, but at least\n doesn\u0027t poke so much in descriptor table guts anymore. A bunch of\n relatively minor races got fixed in process, plus an ext4 struct file\n leak.\n\n - related thing - fget_light() partially unuglified; see fdget() in\n there (and yes, it generates the code as good as we used to have).\n\n - also related - bits of Cyrill\u0027s procfs stuff that got entangled into\n that work; _not_ all of it, just the initial move to fs/proc/fd.c and\n switch of fdinfo to seq_file.\n\n - Alex\u0027s fs/coredump.c spiltoff - the same story, had been easier to\n take that commit than mess with conflicts. The rest is a separate\n pile, this was just a mechanical code movement.\n\n - a few misc patches all over the place. Not all for this cycle,\n there\u0027ll be more (and quite a few currently sit in akpm\u0027s tree).\"\n\nFix up trivial conflicts in the android binder driver, and some fairly\nsimple conflicts due to two different changes to the sock_alloc_file()\ninterface (\"take descriptor handling from sock_alloc_file() to callers\"\nvs \"net: Providing protocol type via system.sockprotoname xattr of\n/proc/PID/fd entries\" adding a dentry name to the socket)\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)\n MAX_LFS_FILESIZE should be a loff_t\n compat: fs: Generic compat_sys_sendfile implementation\n fs: push rcu_barrier() from deactivate_locked_super() to filesystems\n btrfs: reada_extent doesn\u0027t need kref for refcount\n coredump: move core dump functionality into its own file\n coredump: prevent double-free on an error path in core dumper\n usb/gadget: fix misannotations\n fcntl: fix misannotations\n ceph: don\u0027t abuse d_delete() on failure exits\n hypfs: -\u003ed_parent is never NULL or negative\n vfs: delete surplus inode NULL check\n switch simple cases of fget_light to fdget\n new helpers: fdget()/fdput()\n switch o2hb_region_dev_write() to fget_light()\n proc_map_files_readdir(): don\u0027t bother with grabbing files\n make get_file() return its argument\n vhost_set_vring(): turn pollstart/pollstop into bool\n switch prctl_set_mm_exe_file() to fget_light()\n switch xfs_find_handle() to fget_light()\n switch xfs_swapext() to fget_light()\n ...\n" }, { "commit": "aecdc33e111b2c447b622e287c6003726daa1426", "tree": "3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6", "parents": [ "a20acf99f75e49271381d65db097c9763060a1e8", "a3a6cab5ea10cca64d036851fe0d932448f2fe4f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n 1) GRE now works over ipv6, from Dmitry Kozlov.\n\n 2) Make SCTP more network namespace aware, from Eric Biederman.\n\n 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.\n\n 4) Make openvswitch network namespace aware, from Pravin B Shelar.\n\n 5) IPV6 NAT implementation, from Patrick McHardy.\n\n 6) Server side support for TCP Fast Open, from Jerry Chu and others.\n\n 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel\n Borkmann.\n\n 8) Increate the loopback default MTU to 64K, from Eric Dumazet.\n\n 9) Use a per-task rather than per-socket page fragment allocator for\n outgoing networking traffic. This benefits processes that have very\n many mostly idle sockets, which is quite common.\n\n From Eric Dumazet.\n\n10) Use up to 32K for page fragment allocations, with fallbacks to\n smaller sizes when higher order page allocations fail. Benefits are\n a) less segments for driver to process b) less calls to page\n allocator c) less waste of space.\n\n From Eric Dumazet.\n\n11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.\n\n12) VXLAN device driver, one way to handle VLAN issues such as the\n limitation of 4096 VLAN IDs yet still have some level of isolation.\n From Stephen Hemminger.\n\n13) As usual there is a large boatload of driver changes, with the scale\n perhaps tilted towards the wireless side this time around.\n\nFix up various fairly trivial conflicts, mostly caused by the user\nnamespace changes.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)\n hyperv: Add buffer for extended info after the RNDIS response message.\n hyperv: Report actual status in receive completion packet\n hyperv: Remove extra allocated space for recv_pkt_list elements\n hyperv: Fix page buffer handling in rndis_filter_send_request()\n hyperv: Fix the missing return value in rndis_filter_set_packet_filter()\n hyperv: Fix the max_xfer_size in RNDIS initialization\n vxlan: put UDP socket in correct namespace\n vxlan: Depend on CONFIG_INET\n sfc: Fix the reported priorities of different filter types\n sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP\n sfc: Fix loopback self-test with separate_tx_channels\u003d1\n sfc: Fix MCDI structure field lookup\n sfc: Add parentheses around use of bitfield macro arguments\n sfc: Fix null function pointer in efx_sriov_channel_type\n vxlan: virtual extensible lan\n igmp: export symbol ip_mc_leave_group\n netlink: add attributes to fdb interface\n tg3: unconditionally select HWMON support when tg3 is enabled.\n Revert \"net: ti cpsw ethernet: allow reading phy interface mode from DT\"\n gre: fix sparse warning\n ...\n" }, { "commit": "4442d7704c7311d1c42383d365e0b883e0075975", "tree": "ee80c095ea8b13c2ad62c9406ddc6166c5b09cb4", "parents": [ "f8aa23a55f813c9bddec2a6176e0e67274e6e7c1", "d4f65b5d2497b2fd9c45f06b71deb4ab084a5b66" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:30:19 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:30:19 2012 +0100" }, "message": "Merge branch \u0027modsign-keys-devel\u0027 into security-next-keys\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "f8aa23a55f813c9bddec2a6176e0e67274e6e7c1", "tree": "1b1927cedb4f1d769fac19242f3a365c84e40cec", "parents": [ "96b5c8fea6c0861621051290d705ec2e971963f1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "message": "KEYS: Use keyring_alloc() to create special keyrings\n\nUse keyring_alloc() to create special keyrings now that it has a permissions\nparameter rather than using key_alloc() + key_instantiate_and_link().\n\nAlso document and export keyring_alloc() so that modules can use it too.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "96b5c8fea6c0861621051290d705ec2e971963f1", "tree": "3e3812fb8eb9590b8dca812e916d16cfd53aa862", "parents": [ "3a50597de8635cd05133bd12c95681c82fe7b878" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "message": "KEYS: Reduce initial permissions on keys\n\nReduce the initial permissions on new keys to grant the possessor everything,\nview permission only to the user (so the keys can be seen in /proc/keys) and\nnothing else.\n\nThis gives the creator a chance to adjust the permissions mask before other\nprocesses can access the new key or create a link to it.\n\nTo aid with this, keyring_alloc() now takes a permission argument rather than\nsetting the permissions itself.\n\nThe following permissions are now set:\n\n (1) The user and user-session keyrings grant the user that owns them full\n permissions and grant a possessor everything bar SETATTR.\n\n (2) The process and thread keyrings grant the possessor full permissions but\n only grant the user VIEW. This permits the user to see them in\n /proc/keys, but not to do anything with them.\n\n (3) Anonymous session keyrings grant the possessor full permissions, but only\n grant the user VIEW and READ. This means that the user can see them in\n /proc/keys and can list them, but nothing else. Possibly READ shouldn\u0027t\n be provided either.\n\n (4) Named session keyrings grant everything an anonymous session keyring does,\n plus they grant the user LINK permission. The whole point of named\n session keyrings is that others can also subscribe to them. Possibly this\n should be a separate permission to LINK.\n\n (5) The temporary session keyring created by call_sbin_request_key() gets the\n same permissions as an anonymous session keyring.\n\n (6) Keys created by add_key() get VIEW, SEARCH, LINK and SETATTR for the\n possessor, plus READ and/or WRITE if the key type supports them. The used\n only gets VIEW now.\n\n (7) Keys created by request_key() now get the same as those created by\n add_key().\n\nReported-by: Lennart Poettering \u003clennart@poettering.net\u003e\nReported-by: Stef Walter \u003cstefw@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "3a50597de8635cd05133bd12c95681c82fe7b878", "tree": "d81c3e46dcef80fbaf84fdf1e8f43676625bab8e", "parents": [ "a84a921978b7d56e0e4b87ffaca6367429b4d8ff" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:29 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:29 2012 +0100" }, "message": "KEYS: Make the session and process keyrings per-thread\n\nMake the session keyring per-thread rather than per-process, but still\ninherited from the parent thread to solve a problem with PAM and gdm.\n\nThe problem is that join_session_keyring() will reject attempts to change the\nsession keyring of a multithreaded program but gdm is now multithreaded before\nit gets to the point of starting PAM and running pam_keyinit to create the\nsession keyring. See:\n\n\thttps://bugs.freedesktop.org/show_bug.cgi?id\u003d49211\n\nThe reason that join_session_keyring() will only change the session keyring\nunder a single-threaded environment is that it\u0027s hard to alter the other\nthread\u0027s credentials to effect the change in a multi-threaded program. The\nproblems are such as:\n\n (1) How to prevent two threads both running join_session_keyring() from\n racing.\n\n (2) Another thread\u0027s credentials may not be modified directly by this process.\n\n (3) The number of threads is uncertain whilst we\u0027re not holding the\n appropriate spinlock, making preallocation slightly tricky.\n\n (4) We could use TIF_NOTIFY_RESUME and key_replace_session_keyring() to get\n another thread to replace its keyring, but that means preallocating for\n each thread.\n\nA reasonable way around this is to make the session keyring per-thread rather\nthan per-process and just document that if you want a common session keyring,\nyou must get it before you spawn any threads - which is the current situation\nanyway.\n\nWhilst we\u0027re at it, we can the process keyring behave in the same way. This\nmeans we can clean up some of the ickyness in the creds code.\n\nBasically, after this patch, the session, process and thread keyrings are about\ninheritance rules only and not about sharing changes of keyring.\n\nReported-by: Mantas M. \u003cgrawity@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Ray Strode \u003crstrode@redhat.com\u003e\n" }, { "commit": "437589a74b6a590d175f86cf9f7b2efcee7765e7", "tree": "37bf8635b1356d80ef002b00e84f3faf3d555a63", "parents": [ "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "72235465864d84cedb2d9f26f8e1de824ee20339" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"This is a mostly modest set of changes to enable basic user namespace\n support. This allows the code to code to compile with user namespaces\n enabled and removes the assumption there is only the initial user\n namespace. Everything is converted except for the most complex of the\n filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,\n nfs, ocfs2 and xfs as those patches need a bit more review.\n\n The strategy is to push kuid_t and kgid_t values are far down into\n subsystems and filesystems as reasonable. Leaving the make_kuid and\n from_kuid operations to happen at the edge of userspace, as the values\n come off the disk, and as the values come in from the network.\n Letting compile type incompatible compile errors (present when user\n namespaces are enabled) guide me to find the issues.\n\n The most tricky areas have been the places where we had an implicit\n union of uid and gid values and were storing them in an unsigned int.\n Those places were converted into explicit unions. I made certain to\n handle those places with simple trivial patches.\n\n Out of that work I discovered we have generic interfaces for storing\n quota by projid. I had never heard of the project identifiers before.\n Adding full user namespace support for project identifiers accounts\n for most of the code size growth in my git tree.\n\n Ultimately there will be work to relax privlige checks from\n \"capable(FOO)\" to \"ns_capable(user_ns, FOO)\" where it is safe allowing\n root in a user names to do those things that today we only forbid to\n non-root users because it will confuse suid root applications.\n\n While I was pushing kuid_t and kgid_t changes deep into the audit code\n I made a few other cleanups. I capitalized on the fact we process\n netlink messages in the context of the message sender. I removed\n usage of NETLINK_CRED, and started directly using current-\u003etty.\n\n Some of these patches have also made it into maintainer trees, with no\n problems from identical code from different trees showing up in\n linux-next.\n\n After reading through all of this code I feel like I might be able to\n win a game of kernel trivial pursuit.\"\n\nFix up some fairly trivial conflicts in netfilter uid/git logging code.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)\n userns: Convert the ufs filesystem to use kuid/kgid where appropriate\n userns: Convert the udf filesystem to use kuid/kgid where appropriate\n userns: Convert ubifs to use kuid/kgid\n userns: Convert squashfs to use kuid/kgid where appropriate\n userns: Convert reiserfs to use kuid and kgid where appropriate\n userns: Convert jfs to use kuid/kgid where appropriate\n userns: Convert jffs2 to use kuid and kgid where appropriate\n userns: Convert hpfs to use kuid and kgid where appropriate\n userns: Convert btrfs to use kuid/kgid where appropriate\n userns: Convert bfs to use kuid/kgid where appropriate\n userns: Convert affs to use kuid/kgid wherwe appropriate\n userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids\n userns: On ia64 deal with current_uid and current_gid being kuid and kgid\n userns: On ppc convert current_uid from a kuid before printing.\n userns: Convert s390 getting uid and gid system calls to use kuid and kgid\n userns: Convert s390 hypfs to use kuid and kgid where appropriate\n userns: Convert binder ipc to use kuids\n userns: Teach security_path_chown to take kuids and kgids\n userns: Add user namespace support to IMA\n userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n ...\n" }, { "commit": "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "tree": "e82a527bd978ee96283f03d0df36f47d9aee1e41", "parents": [ "c0e8a139a5bb8add02b4111e9e1957d810d7285e", "8c7f6edbda01f1b1a2e60ad61f14fe38023e433b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 10:52:28 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 10:52:28 2012 -0700" }, "message": "Merge branch \u0027for-3.7-hierarchy\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup hierarchy update from Tejun Heo:\n \"Currently, different cgroup subsystems handle nested cgroups\n completely differently. There\u0027s no consistency among subsystems and\n the behaviors often are outright broken.\n\n People at least seem to agree that the broken hierarhcy behaviors need\n to be weeded out if any progress is gonna be made on this front and\n that the fallouts from deprecating the broken behaviors should be\n acceptable especially given that the current behaviors don\u0027t make much\n sense when nested.\n\n This patch makes cgroup emit warning messages if cgroups for\n subsystems with broken hierarchy behavior are nested to prepare for\n fixing them in the future. This was put in a separate branch because\n more related changes were expected (didn\u0027t make it this round) and the\n memory cgroup wanted to pull in this and make changes on top.\"\n\n* \u0027for-3.7-hierarchy\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:\n cgroup: mark subsystems with broken hierarchy support and whine if cgroups are nested for them\n" }, { "commit": "033d9959ed2dc1029217d4165f80a71702dc578e", "tree": "3d306316e44bdabce2e0bf2ef7e466e525f90b4c", "parents": [ "974a847e00cf3ff1695e62b276892137893706ab", "7c6e72e46c9ea4a88f3f8ba96edce9db4bd48726" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 09:54:49 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 09:54:49 2012 -0700" }, "message": "Merge branch \u0027for-3.7\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq\n\nPull workqueue changes from Tejun Heo:\n \"This is workqueue updates for v3.7-rc1. A lot of activities this\n round including considerable API and behavior cleanups.\n\n * delayed_work combines a timer and a work item. The handling of the\n timer part has always been a bit clunky leading to confusing\n cancelation API with weird corner-case behaviors. delayed_work is\n updated to use new IRQ safe timer and cancelation now works as\n expected.\n\n * Another deficiency of delayed_work was lack of the counterpart of\n mod_timer() which led to cancel+queue combinations or open-coded\n timer+work usages. mod_delayed_work[_on]() are added.\n\n These two delayed_work changes make delayed_work provide interface\n and behave like timer which is executed with process context.\n\n * A work item could be executed concurrently on multiple CPUs, which\n is rather unintuitive and made flush_work() behavior confusing and\n half-broken under certain circumstances. This problem doesn\u0027t\n exist for non-reentrant workqueues. While non-reentrancy check\n isn\u0027t free, the overhead is incurred only when a work item bounces\n across different CPUs and even in simulated pathological scenario\n the overhead isn\u0027t too high.\n\n All workqueues are made non-reentrant. This removes the\n distinction between flush_[delayed_]work() and\n flush_[delayed_]_work_sync(). The former is now as strong as the\n latter and the specified work item is guaranteed to have finished\n execution of any previous queueing on return.\n\n * In addition to the various bug fixes, Lai redid and simplified CPU\n hotplug handling significantly.\n\n * Joonsoo introduced system_highpri_wq and used it during CPU\n hotplug.\n\n There are two merge commits - one to pull in IRQ safe timer from\n tip/timers/core and the other to pull in CPU hotplug fixes from\n wq/for-3.6-fixes as Lai\u0027s hotplug restructuring depended on them.\"\n\nFixed a number of trivial conflicts, but the more interesting conflicts\nwere silent ones where the deprecated interfaces had been used by new\ncode in the merge window, and thus didn\u0027t cause any real data conflicts.\n\nTejun pointed out a few of them, I fixed a couple more.\n\n* \u0027for-3.7\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: (46 commits)\n workqueue: remove spurious WARN_ON_ONCE(in_irq()) from try_to_grab_pending()\n workqueue: use cwq_set_max_active() helper for workqueue_set_max_active()\n workqueue: introduce cwq_set_max_active() helper for thaw_workqueues()\n workqueue: remove @delayed from cwq_dec_nr_in_flight()\n workqueue: fix possible stall on try_to_grab_pending() of a delayed work item\n workqueue: use hotcpu_notifier() for workqueue_cpu_down_callback()\n workqueue: use __cpuinit instead of __devinit for cpu callbacks\n workqueue: rename manager_mutex to assoc_mutex\n workqueue: WORKER_REBIND is no longer necessary for idle rebinding\n workqueue: WORKER_REBIND is no longer necessary for busy rebinding\n workqueue: reimplement idle worker rebinding\n workqueue: deprecate __cancel_delayed_work()\n workqueue: reimplement cancel_delayed_work() using try_to_grab_pending()\n workqueue: use mod_delayed_work() instead of __cancel + queue\n workqueue: use irqsafe timer for delayed_work\n workqueue: clean up delayed_work initializers and add missing one\n workqueue: make deferrable delayed_work initializer names consistent\n workqueue: cosmetic whitespace updates for macro definitions\n workqueue: deprecate system_nrt[_freezable]_wq\n workqueue: deprecate flush[_delayed]_work_sync()\n ...\n" }, { "commit": "94095a1fff89dffe9451839deae4c6a40cf3ec21", "tree": "c1beac5dc336d836c269253db3b00a302777598f", "parents": [ "620e77533f29796df7aff861e79bd72e08554ebb", "f784e8a7989c0da3062d04bfea3db90f41e8f738" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 10:25:54 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 10:25:54 2012 -0700" }, "message": "Merge branch \u0027core-urgent-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull core kernel fixes from Ingo Molnar:\n \"This is a complex task_work series from Oleg that fixes the bug that\n this VFS commit tried to fix:\n\n d35abdb28824 hold task_lock around checks in keyctl\n\n but solves the problem without the lockup regression that d35abdb28824\n introduced in v3.6.\n\n This series came late in v3.6 and I did not feel confident about it so\n late in the cycle. Might be worth backporting to -stable if it proves\n itself upstream.\"\n\n* \u0027core-urgent-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:\n task_work: Simplify the usage in ptrace_notify() and get_signal_to_deliver()\n task_work: Revert \"hold task_lock around checks in keyctl\"\n task_work: task_work_add() should not succeed after exit_task_work()\n task_work: Make task_work_add() lockless\n" }, { "commit": "99dbb1632f1165c2726056ebfce6edde0e5a0208", "tree": "2b2fc83db20b4c6d13842496899774b0dc2868e2", "parents": [ "aae6f989c6e97ff8197717fa4d032ad4eba091a7", "9c33c512b2d3167a3580659942ee78437b1b1bc6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 09:06:36 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 09:06:36 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\nPull the trivial tree from Jiri Kosina:\n \"Tiny usual fixes all over the place\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)\n doc: fix old config name of kprobetrace\n fs/fs-writeback.c: cleanup riteback_sb_inodes kerneldoc\n btrfs: fix the commment for the action flags in delayed-ref.h\n btrfs: fix trivial typo for the comment of BTRFS_FREE_INO_OBJECTID\n vfs: fix kerneldoc for generic_fh_to_parent()\n treewide: fix comment/printk/variable typos\n ipr: fix small coding style issues\n doc: fix broken utf8 encoding\n nfs: comment fix\n platform/x86: fix asus_laptop.wled_type module parameter\n mfd: printk/comment fixes\n doc: getdelays.c: remember to close() socket on error in create_nl_socket()\n doc: aliasing-test: close fd on write error\n mmc: fix comment typos\n dma: fix comments\n spi: fix comment/printk typos in spi\n Coccinelle: fix typo in memdup_user.cocci\n tmiofb: missing NULL pointer checks\n tools: perf: Fix typo in tools/perf\n tools/testing: fix comment / output typos\n ...\n" }, { "commit": "6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db", "tree": "8faea23112a11f52524eb413f71b7b02712d8b53", "parents": [ "d9f72f359e00a45a6cd7cc2d5121b04b9dc927e1", "6672d90fe779dc0dfffe027c3ede12609df091c2" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tdrivers/net/team/team.c\n\tdrivers/net/usb/qmi_wwan.c\n\tnet/batman-adv/bat_iv_ogm.c\n\tnet/ipv4/fib_frontend.c\n\tnet/ipv4/route.c\n\tnet/l2tp/l2tp_netlink.c\n\nThe team, fib_frontend, route, and l2tp_netlink conflicts were simply\noverlapping changes.\n\nqmi_wwan and bat_iv_ogm were of the \"use HEAD\" variety.\n\nWith help from Antonio Quartulli.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" } ], "next": "a84a921978b7d56e0e4b87ffaca6367429b4d8ff" }