)]}' { "log": [ { "commit": "93997f6ddb9d574cd58694f13c5b15212927bfa1", "tree": "730d902f168df136dad8b7a2b0b438a2929311f3", "parents": [ "f634460c90751da21745eec7a220edf76c7d0c76" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Tue Apr 30 15:28:05 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 30 17:04:06 2013 -0700" }, "message": "KEYS: split call to call_usermodehelper_fns()\n\nUse call_usermodehelper_setup() + call_usermodehelper_exec() instead of\ncalling call_usermodehelper_fns(). In case there\u0027s an OOM in this last\nfunction the cleanup function may not be called - in this case we would\nmiss a call to key_put().\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: \"Rafael J. Wysocki\" \u003crjw@sisk.pl\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "191a712090bb8a10e6f129360eeed2d68f3d4c9a", "tree": "17e2d6c27fb8a7c3a61828fbcc7c343a4966a0a9", "parents": [ "46d9be3e5eb01f71fc02653755d970247174b400", "2a0010af17b1739ef8ea8cf02647a127241ee674" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 29 19:14:20 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 29 19:14:20 2013 -0700" }, "message": "Merge branch \u0027for-3.10\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup updates from Tejun Heo:\n\n - Fixes and a lot of cleanups. Locking cleanup is finally complete.\n cgroup_mutex is no longer exposed to individual controlelrs which\n used to cause nasty deadlock issues. Li fixed and cleaned up quite a\n bit including long standing ones like racy cgroup_path().\n\n - device cgroup now supports proper hierarchy thanks to Aristeu.\n\n - perf_event cgroup now supports proper hierarchy.\n\n - A new mount option \"__DEVEL__sane_behavior\" is added. As indicated\n by the name, this option is to be used for development only at this\n point and generates a warning message when used. Unfortunately,\n cgroup interface currently has too many brekages and inconsistencies\n to implement a consistent and unified hierarchy on top. The new flag\n is used to collect the behavior changes which are necessary to\n implement consistent unified hierarchy. It\u0027s likely that this flag\n won\u0027t be used verbatim when it becomes ready but will be enabled\n implicitly along with unified hierarchy.\n\n The option currently disables some of broken behaviors in cgroup core\n and also .use_hierarchy switch in memcg (will be routed through -mm),\n which can be used to make very unusual hierarchy where nesting is\n partially honored. It will also be used to implement hierarchy\n support for blk-throttle which would be impossible otherwise without\n introducing a full separate set of control knobs.\n\n This is essentially versioning of interface which isn\u0027t very nice but\n at this point I can\u0027t see any other options which would allow keeping\n the interface the same while moving towards hierarchy behavior which\n is at least somewhat sane. The planned unified hierarchy is likely\n to require some level of adaptation from userland anyway, so I think\n it\u0027d be best to take the chance and update the interface such that\n it\u0027s supportable in the long term.\n\n Maintaining the existing interface does complicate cgroup core but\n shouldn\u0027t put too much strain on individual controllers and I think\n it\u0027d be manageable for the foreseeable future. Maybe we\u0027ll be able\n to drop it in a decade.\n\nFix up conflicts (including a semantic one adding a new #include to ppc\nthat was uncovered by header the file changes) as per Tejun.\n\n* \u0027for-3.10\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (45 commits)\n cpuset: fix compile warning when CONFIG_SMP\u003dn\n cpuset: fix cpu hotplug vs rebuild_sched_domains() race\n cpuset: use rebuild_sched_domains() in cpuset_hotplug_workfn()\n cgroup: restore the call to eventfd-\u003epoll()\n cgroup: fix use-after-free when umounting cgroupfs\n cgroup: fix broken file xattrs\n devcg: remove parent_cgroup.\n memcg: force use_hierarchy if sane_behavior\n cgroup: remove cgrp-\u003etop_cgroup\n cgroup: introduce sane_behavior mount option\n move cgroupfs_root to include/linux/cgroup.h\n cgroup: convert cgroupfs_root flag bits to masks and add CGRP_ prefix\n cgroup: make cgroup_path() not print double slashes\n Revert \"cgroup: remove bind() method from cgroup_subsys.\"\n perf: make perf_event cgroup hierarchical\n cgroup: implement cgroup_is_descendant()\n cgroup: make sure parent won\u0027t be destroyed before its children\n cgroup: remove bind() method from cgroup_subsys.\n devcg: remove broken_hierarchy tag\n cgroup: remove cgroup_lock_is_held()\n ...\n" }, { "commit": "e57d5cf2f894e3f2727f8cf74bed0bc81cae70c8", "tree": "fef5ebac1e3291e772d0852a8716b0b4bd2c27ef", "parents": [ "f00baae7ad6c5f1503528efa852f0be8e9513f0e" ], "author": { "name": "Rami Rosen", "email": "ramirose@gmail.com", "time": "Tue Apr 16 23:24:55 2013 +0300" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Apr 18 11:34:35 2013 -0700" }, "message": "devcg: remove parent_cgroup.\n\nIn devcgroup_css_alloc(), there is no longer need for parent_cgroup.\nbd2953ebbb(\"devcg: propagate local changes down the hierarchy\") made\nthe variable parent_cgroup redundant. This patch removes parent_cgroup\nfrom devcgroup_css_alloc().\n\nSigned-off-by: Rami Rosen \u003cramirose@gmail.com\u003e\nAcked-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "ca10b9e9a8ca7342ee07065289cbe74ac128c169", "tree": "33842f41a127f9da904ddd5d61839590e986e420", "parents": [ "c802d759623acbd6e1ee9fbdabae89159a513913" ], "author": { "name": "Eric Dumazet", "email": "edumazet@google.com", "time": "Mon Apr 08 17:58:11 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Apr 09 13:23:11 2013 -0400" }, "message": "selinux: add a skb_owned_by() hook\n\nCommit 90ba9b1986b5ac (tcp: tcp_make_synack() can use alloc_skb())\nbroke certain SELinux/NetLabel configurations by no longer correctly\nassigning the sock to the outgoing SYNACK packet.\n\nCost of atomic operations on the LISTEN socket is quite big,\nand we would like it to happen only if really needed.\n\nThis patch introduces a new security_ops-\u003eskb_owned_by() method,\nthat is a void operation unless selinux is active.\n\nReported-by: Miroslav Vadkerti \u003cmvadkert@redhat.com\u003e\nDiagnosed-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: linux-security-module@vger.kernel.org\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nTested-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8adf12b0ffd0a10340bab355e586f8533a69630d", "tree": "ed13bbcf24ac2e87a82f0cdeb32b5461ac9433c9", "parents": [ "2219449a65ace0290cd9c2260ff337e326b8be8a" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Sun Apr 07 10:25:39 2013 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Apr 08 08:31:59 2013 -0700" }, "message": "devcg: remove broken_hierarchy tag\n\nbd2953ebbb (\"devcg: propagate local changes down the hierarchy\")\nimplemented proper hierarchy support. Remove the broken tag.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Aristeu Rozanski \u003caris@redhat.com\u003e\n" }, { "commit": "2c3de1c2d7d68c6ba4c1ecd82c68285f34d9609e", "tree": "6a09ce761173a966718f9009514dcc90bd9947b7", "parents": [ "9064171268d838b8f283fe111ef086b9479d059a", "87a8ebd637dafc255070f503909a053cf0d98d3f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 28 13:43:46 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 28 13:43:46 2013 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull userns fixes from Eric W Biederman:\n \"The bulk of the changes are fixing the worst consequences of the user\n namespace design oversight in not considering what happens when one\n namespace starts off as a clone of another namespace, as happens with\n the mount namespace.\n\n The rest of the changes are just plain bug fixes.\n\n Many thanks to Andy Lutomirski for pointing out many of these issues.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:\n userns: Restrict when proc and sysfs can be mounted\n ipc: Restrict mounting the mqueue filesystem\n vfs: Carefully propogate mounts across user namespaces\n vfs: Add a mount flag to lock read only bind mounts\n userns: Don\u0027t allow creation if the user is chrooted\n yama: Better permission check for ptraceme\n pid: Handle the exit of a multi-threaded init.\n scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids.\n" }, { "commit": "eddc0a3abff273842a94784d2d022bbc36dc9015", "tree": "d1d4eea461dbd3b32e09079f00fccac6fde07e2c", "parents": [ "751c644b95bb48aaa8825f0c66abbcc184d92051" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Mar 21 02:30:41 2013 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Mar 26 13:17:58 2013 -0700" }, "message": "yama: Better permission check for ptraceme\n\nChange the permission check for yama_ptrace_ptracee to the standard\nptrace permission check, testing if the traceer has CAP_SYS_PTRACE\nin the tracees user namespace.\n\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "bd2953ebbb533aeda9b86c82a53d5197a9a38f1b", "tree": "b59a35d956a8223d7f68b8d7190a3d14ebf29580", "parents": [ "1909554c9715e4d032497993bb56f2726bfa89ae" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Fri Feb 15 11:55:47 2013 -0500" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 20 07:50:21 2013 -0700" }, "message": "devcg: propagate local changes down the hierarchy\n\nThis patch makes exception changes to propagate down in hierarchy respecting\nwhen possible local exceptions.\n\nNew exceptions allowing additional access to devices won\u0027t be propagated, but\nit\u0027ll be possible to add an exception to access all of part of the newly\nallowed device(s).\n\nNew exceptions disallowing access to devices will be propagated down and the\nlocal group\u0027s exceptions will be revalidated for the new situation.\nExample:\n A\n / \\\n B\n\n group behavior exceptions\n A allow \"b 8:* rwm\", \"c 116:1 rw\"\n B deny \"c 1:3 rwm\", \"c 116:2 rwm\", \"b 3:* rwm\"\n\nIf a new exception is added to group A:\n\t# echo \"c 116:* r\" \u003e A/devices.deny\nit\u0027ll propagate down and after revalidating B\u0027s local exceptions, the exception\n\"c 116:2 rwm\" will be removed.\n\nIn case parent\u0027s exceptions change and local exceptions are not allowed anymore,\nthey\u0027ll be deleted.\n\nv7:\n- do not allow behavior change when the cgroup has children\n- update documentation\n\nv6: fixed issues pointed by Serge Hallyn\n- only copy parent\u0027s exceptions while propagating behavior if the local\n behavior is different\n- while propagating exceptions, do not clear and copy parent\u0027s: it\u0027d be against\n the premise we don\u0027t propagate access to more devices\n\nv5: fixed issues pointed by Serge Hallyn\n- updated documentation\n- not propagating when an exception is written to devices.allow\n- when propagating a new behavior, clean the local exceptions list if they\u0027re\n for a different behavior\n\nv4: fixed issues pointed by Tejun Heo\n- separated function to walk the tree and collect valid propagation targets\n\nv3: fixed issues pointed by Tejun Heo\n- update documentation\n- move css_online/css_offline changes to a new patch\n- use cgroup_for_each_descendant_pre() instead of own descendant walk\n- move exception_copy rework to a separared patch\n- move exception_clean rework to a separated patch\n\nv2: fixed issues pointed by Tejun Heo\n- instead of keeping the local settings that won\u0027t apply anymore, remove them\n\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "1909554c9715e4d032497993bb56f2726bfa89ae", "tree": "db3a67d9f29afd47e8d827cebeabd5f87a7a1225", "parents": [ "c39a2a3018f8065cb5ea38b0314c1bbedb2cfa0d" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Fri Feb 15 11:55:46 2013 -0500" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 20 07:50:17 2013 -0700" }, "message": "devcg: use css_online and css_offline\n\nAllocate resources and change behavior only when online. This is needed in\norder to determine if a node is suitable for hierarchy propagation or if it\u0027s\nbeing removed.\n\nLocking:\nBoth functions take devcgroup_mutex to make changes to device_cgroup structure.\nHierarchy propagation will also take devcgroup_mutex before walking the\ntree while walking the tree itself is protected by rcu lock.\n\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "c39a2a3018f8065cb5ea38b0314c1bbedb2cfa0d", "tree": "a930f23ff557c701e91e826940d37ad0c9b38fd0", "parents": [ "26898fdff371d78f122cf15d8732d1d37f2d1338" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Fri Feb 15 11:55:45 2013 -0500" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 20 07:50:13 2013 -0700" }, "message": "devcg: prepare may_access() for hierarchy support\n\nCurrently may_access() is only able to verify if an exception is valid for the\ncurrent cgroup, which has the same behavior. With hierarchy, it\u0027ll be also used\nto verify if a cgroup local exception is valid towards its cgroup parent, which\nmight have different behavior.\n\nv2:\n- updated patch description\n- rebased on top of a new patch to expand the may_access() logic to make it\n more clear\n- fixed argument description order in may_access()\n\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "26898fdff371d78f122cf15d8732d1d37f2d1338", "tree": "e6da9b9fe1f6d957f0aae86288525ecb8afb4e08", "parents": [ "3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Fri Feb 15 11:55:44 2013 -0500" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 20 07:50:09 2013 -0700" }, "message": "devcg: expand may_access() logic\n\nIn order to make the next patch more clear, expand may_access() logic.\n\nv2: may_access() returns bool now\n\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "4502403dcf8f5c76abd4dbab8726c8e4ecb5cd34", "tree": "79f16f1c9ff482fb926b147a2f4f0b4382f0ccf6", "parents": [ "a937536b868b8369b98967929045f1df54234323" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Sat Mar 16 12:48:11 2013 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 19 00:33:09 2013 +1100" }, "message": "selinux: use GFP_ATOMIC under spin_lock\n\nThe call tree here is:\n\nsk_clone_lock() \u003c- takes bh_lock_sock(newsk);\nxfrm_sk_clone_policy()\n__xfrm_sk_clone_policy()\nclone_policy() \u003c- uses GFP_ATOMIC for allocations\nsecurity_xfrm_policy_clone()\nsecurity_ops-\u003exfrm_policy_clone_security()\nselinux_xfrm_policy_clone()\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8aec0f5d4137532de14e6554fd5dd201ff3a3c49", "tree": "314f28e5ad96423c6983aec9270462d76c0bb343", "parents": [ "c39ac49f23424086b43aceeace243f7a8bcc3ad8" ], "author": { "name": "Mathieu Desnoyers", "email": "mathieu.desnoyers@efficios.com", "time": "Mon Feb 25 10:20:36 2013 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 12 11:05:45 2013 -0700" }, "message": "Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys\n\nLooking at mm/process_vm_access.c:process_vm_rw() and comparing it to\ncompat_process_vm_rw() shows that the compatibility code requires an\nexplicit \"access_ok()\" check before calling\ncompat_rw_copy_check_uvector(). The same difference seems to appear when\nwe compare fs/read_write.c:do_readv_writev() to\nfs/compat.c:compat_do_readv_writev().\n\nThis subtle difference between the compat and non-compat requirements\nshould probably be debated, as it seems to be error-prone. In fact,\nthere are two others sites that use this function in the Linux kernel,\nand they both seem to get it wrong:\n\nNow shifting our attention to fs/aio.c, we see that aio_setup_iocb()\nalso ends up calling compat_rw_copy_check_uvector() through\naio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to\nbe missing. Same situation for\nsecurity/keys/compat.c:compat_keyctl_instantiate_key_iov().\n\nI propose that we add the access_ok() check directly into\ncompat_rw_copy_check_uvector(), so callers don\u0027t have to worry about it,\nand it therefore makes the compat call code similar to its non-compat\ncounterpart. Place the access_ok() check in the same location where\ncopy_from_user() can trigger a -EFAULT error in the non-compat code, so\nthe ABI behaviors are alike on both compat and non-compat.\n\nWhile we are here, fix compat_do_readv_writev() so it checks for\ncompat_rw_copy_check_uvector() negative return values.\n\nAnd also, fix a memory leak in compat_keyctl_instantiate_key_iov() error\nhandling.\n\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0da9dfdd2cd9889201bc6f6f43580c99165cd087", "tree": "960a37da7bc3e35d9c598eff7b829ab5959e7027", "parents": [ "7c6baa304b841673d3a55ea4fcf9a5cbf7a1674b" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Mar 12 16:44:31 2013 +1100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Mar 12 16:44:31 2013 +1100" }, "message": "keys: fix race with concurrent install_user_keyrings()\n\nThis fixes CVE-2013-1792.\n\nThere is a race in install_user_keyrings() that can cause a NULL pointer\ndereference when called concurrently for the same user if the uid and\nuid-session keyrings are not yet created. It might be possible for an\nunprivileged user to trigger this by calling keyctl() from userspace in\nparallel immediately after logging in.\n\nAssume that we have two threads both executing lookup_user_key(), both\nlooking for KEY_SPEC_USER_SESSION_KEYRING.\n\n\tTHREAD A\t\t\tTHREAD B\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\t\t\t\t\t\u003d\u003d\u003ecall install_user_keyrings();\n\tif (!cred-\u003euser-\u003esession_keyring)\n\t\u003d\u003d\u003ecall install_user_keyrings()\n\t\t\t\t\t...\n\t\t\t\t\tuser-\u003euid_keyring \u003d uid_keyring;\n\tif (user-\u003euid_keyring)\n\t\treturn 0;\n\t\u003c\u003d\u003d\n\tkey \u003d cred-\u003euser-\u003esession_keyring [\u003d\u003d NULL]\n\t\t\t\t\tuser-\u003esession_keyring \u003d session_keyring;\n\tatomic_inc(\u0026key-\u003eusage); [oops]\n\nAt the point thread A dereferences cred-\u003euser-\u003esession_keyring, thread B\nhasn\u0027t updated user-\u003esession_keyring yet, but thread A assumes it is\npopulated because install_user_keyrings() returned ok.\n\nThe race window is really small but can be exploited if, for example,\nthread B is interrupted or preempted after initializing uid_keyring, but\nbefore doing setting session_keyring.\n\nThis couldn\u0027t be reproduced on a stock kernel. However, after placing\nsystemtap probe on \u0027user-\u003esession_keyring \u003d session_keyring;\u0027 that\nintroduced some delay, the kernel could be crashed reliably.\n\nFix this by checking both pointers before deciding whether to return.\nAlternatively, the test could be done away with entirely as it is checked\ninside the mutex - but since the mutex is global, that may not be the best\nway.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReported-by: Mateusz Guzik \u003cmguzik@redhat.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "ba0e3427b03c3d1550239779eca5c1c5a53a2152", "tree": "bf73e476924c5a52249e99ce5f4c30978b581800", "parents": [ "6dbe51c251a327e012439c4772097a13df43c5b8" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Mar 02 19:14:03 2013 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Mar 03 19:35:38 2013 -0800" }, "message": "userns: Stop oopsing in key_change_session_keyring\n\nDave Jones \u003cdavej@redhat.com\u003e writes:\n\u003e Just hit this on Linus\u0027 current tree.\n\u003e\n\u003e [ 89.621770] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8\n\u003e [ 89.623111] IP: [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.624062] PGD 122bfd067 PUD 122bfe067 PMD 0\n\u003e [ 89.624901] Oops: 0000 [#1] PREEMPT SMP\n\u003e [ 89.625678] Modules linked in: caif_socket caif netrom bridge hidp 8021q garp stp mrp rose llc2 af_rxrpc phonet af_key binfmt_misc bnep l2tp_ppp can_bcm l2tp_core pppoe pppox can_raw scsi_transport_iscsi ppp_generic slhc nfnetlink can ipt_ULOG ax25 decnet irda nfc rds x25 crc_ccitt appletalk atm ipx p8023 psnap p8022 llc lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_filter ip6_tables btusb bluetooth snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm vhost_net snd_page_alloc snd_timer tun macvtap usb_debug snd rfkill microcode macvlan edac_core pcspkr serio_raw kvm_amd soundcore kvm r8169 mii\n\u003e [ 89.637846] CPU 2\n\u003e [ 89.638175] Pid: 782, comm: trinity-main Not tainted 3.8.0+ #63 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H\n\u003e [ 89.639850] RIP: 0010:[\u003cffffffff810784b0\u003e] [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.641161] RSP: 0018:ffff880115657eb8 EFLAGS: 00010207\n\u003e [ 89.641984] RAX: 00000000000003e8 RBX: ffff88012688b000 RCX: 0000000000000000\n\u003e [ 89.643069] RDX: 0000000000000000 RSI: ffffffff81c32960 RDI: ffff880105839600\n\u003e [ 89.644167] RBP: ffff880115657ed8 R08: 0000000000000000 R09: 0000000000000000\n\u003e [ 89.645254] R10: 0000000000000001 R11: 0000000000000246 R12: ffff880105839600\n\u003e [ 89.646340] R13: ffff88011beea490 R14: ffff88011beea490 R15: 0000000000000000\n\u003e [ 89.647431] FS: 00007f3ac063b740(0000) GS:ffff88012b200000(0000) knlGS:0000000000000000\n\u003e [ 89.648660] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b\n\u003e [ 89.649548] CR2: 00000000000000c8 CR3: 0000000122bfc000 CR4: 00000000000007e0\n\u003e [ 89.650635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n\u003e [ 89.651723] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n\u003e [ 89.652812] Process trinity-main (pid: 782, threadinfo ffff880115656000, task ffff88011beea490)\n\u003e [ 89.654128] Stack:\n\u003e [ 89.654433] 0000000000000000 ffff8801058396a0 ffff880105839600 ffff88011beeaa78\n\u003e [ 89.655769] ffff880115657ef8 ffffffff812c7d9b ffffffff82079be0 0000000000000000\n\u003e [ 89.657073] ffff880115657f28 ffffffff8106c665 0000000000000002 ffff880115657f58\n\u003e [ 89.658399] Call Trace:\n\u003e [ 89.658822] [\u003cffffffff812c7d9b\u003e] key_change_session_keyring+0xfb/0x140\n\u003e [ 89.659845] [\u003cffffffff8106c665\u003e] task_work_run+0xa5/0xd0\n\u003e [ 89.660698] [\u003cffffffff81002911\u003e] do_notify_resume+0x71/0xb0\n\u003e [ 89.661581] [\u003cffffffff816c9a4a\u003e] int_signal+0x12/0x17\n\u003e [ 89.662385] Code: 24 90 00 00 00 48 8b b3 90 00 00 00 49 8b 4c 24 40 48 39 f2 75 08 e9 83 00 00 00 48 89 ca 48 81 fa 60 29 c3 81 0f 84 41 fe ff ff \u003c48\u003e 8b 8a c8 00 00 00 48 39 ce 75 e4 3b 82 d0 00 00 00 0f 84 4b\n\u003e [ 89.667778] RIP [\u003cffffffff810784b0\u003e] commit_creds+0x250/0x2f0\n\u003e [ 89.668733] RSP \u003cffff880115657eb8\u003e\n\u003e [ 89.669301] CR2: 00000000000000c8\n\u003e\n\u003e My fastest trinity induced oops yet!\n\u003e\n\u003e\n\u003e Appears to be..\n\u003e\n\u003e if ((set_ns \u003d\u003d subset_ns-\u003eparent) \u0026\u0026\n\u003e 850: 48 8b 8a c8 00 00 00 mov 0xc8(%rdx),%rcx\n\u003e\n\u003e from the inlined cred_cap_issubset\n\nBy historical accident we have been reading trying to set new-\u003euser_ns\nfrom new-\u003euser_ns. Which is totally silly as new-\u003euser_ns is NULL (as\nis every other field in new except session_keyring at that point).\n\nThe intent is clearly to copy all of the fields from old to new so copy\nold-\u003euser_ns into into new-\u003euser_ns.\n\nCc: stable@vger.kernel.org\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nTested-by: Dave Jones \u003cdavej@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "56a79b7b021bf1b08334e63c2c14b280e2dbf47a", "tree": "0419233e6194f4f12073c9284852885aa8984bec", "parents": [ "1c82315a12144cde732636e259d39e3ee81b3c5b", "dcf787f39162ce32ca325b3e784aba2d2444619a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:02 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 03 13:23:03 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull more VFS bits from Al Viro:\n \"Unfortunately, it looks like xattr series will have to wait until the\n next cycle ;-/\n\n This pile contains 9p cleanups and fixes (races in v9fs_fid_add()\n etc), fixup for nommu breakage in shmem.c, several cleanups and a bit\n more file_inode() work\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:\n constify path_get/path_put and fs_struct.c stuff\n fix nommu breakage in shmem.c\n cache the value of file_inode() in struct file\n 9p: if v9fs_fid_lookup() gets to asking server, it\u0027d better have hashed dentry\n 9p: make sure -\u003elookup() adds fid to the right dentry\n 9p: untangle -\u003elookup() a bit\n 9p: double iput() in -\u003elookup() if d_materialise_unique() fails\n 9p: v9fs_fid_add() can\u0027t fail now\n v9fs: get rid of v9fs_dentry\n 9p: turn fid-\u003edlist into hlist\n 9p: don\u0027t bother with private lock in -\u003ed_fsdata; dentry-\u003ed_lock will do just fine\n more file_inode() open-coded instances\n selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\n(In the meantime, the hlist traversal macros have changed, so this\nrequired a semantic conflict fixup for the newly hlistified fid-\u003edlist)\n" }, { "commit": "b67bfe0d42cac56c512dd5da4b1b347a23f4b70a", "tree": "3d465aea12b97683f26ffa38eba8744469de9997", "parents": [ "1e142b29e210b5dfb2deeb6ce2210b60af16d2a6" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Wed Feb 27 17:06:00 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Feb 27 19:10:24 2013 -0800" }, "message": "hlist: drop the node parameter from iterators\n\nI\u0027m not sure why, but the hlist for each entry iterators were conceived\n\n list_for_each_entry(pos, head, member)\n\nThe hlist ones were greedy and wanted an extra parameter:\n\n hlist_for_each_entry(tpos, pos, head, member)\n\nWhy did they need an extra pos parameter? I\u0027m not quite sure. Not only\nthey don\u0027t really need it, it also prevents the iterator from looking\nexactly like the list iterator, which is unfortunate.\n\nBesides the semantic patch, there was some manual work required:\n\n - Fix up the actual hlist iterators in linux/list.h\n - Fix up the declaration of other iterators based on the hlist ones.\n - A very small amount of places were using the \u0027node\u0027 parameter, this\n was modified to use \u0027obj-\u003emember\u0027 instead.\n - Coccinelle didn\u0027t handle the hlist_for_each_entry_safe iterator\n properly, so those had to be fixed up manually.\n\nThe semantic patch which is mostly the work of Peter Senna Tschudin is here:\n\n@@\niterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;\n\ntype T;\nexpression a,c,d,e;\nidentifier b;\nstatement S;\n@@\n\n-T b;\n \u003c+... when !\u003d b\n(\nhlist_for_each_entry(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue(a,\n- b,\nc) S\n|\nhlist_for_each_entry_from(a,\n- b,\nc) S\n|\nhlist_for_each_entry_rcu(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_rcu_bh(a,\n- b,\nc, d) S\n|\nhlist_for_each_entry_continue_rcu_bh(a,\n- b,\nc) S\n|\nfor_each_busy_worker(a, c,\n- b,\nd) S\n|\nax25_uid_for_each(a,\n- b,\nc) S\n|\nax25_for_each(a,\n- b,\nc) S\n|\ninet_bind_bucket_for_each(a,\n- b,\nc) S\n|\nsctp_for_each_hentry(a,\n- b,\nc) S\n|\nsk_for_each(a,\n- b,\nc) S\n|\nsk_for_each_rcu(a,\n- b,\nc) S\n|\nsk_for_each_from\n-(a, b)\n+(a)\nS\n+ sk_for_each_from(a) S\n|\nsk_for_each_safe(a,\n- b,\nc, d) S\n|\nsk_for_each_bound(a,\n- b,\nc) S\n|\nhlist_for_each_entry_safe(a,\n- b,\nc, d, e) S\n|\nhlist_for_each_entry_continue_rcu(a,\n- b,\nc) S\n|\nnr_neigh_for_each(a,\n- b,\nc) S\n|\nnr_neigh_for_each_safe(a,\n- b,\nc, d) S\n|\nnr_node_for_each(a,\n- b,\nc) S\n|\nnr_node_for_each_safe(a,\n- b,\nc, d) S\n|\n- for_each_gfn_sp(a, c, d, b) S\n+ for_each_gfn_sp(a, c, d) S\n|\n- for_each_gfn_indirect_valid_sp(a, c, d, b) S\n+ for_each_gfn_indirect_valid_sp(a, c, d) S\n|\nfor_each_host(a,\n- b,\nc) S\n|\nfor_each_host_safe(a,\n- b,\nc, d) S\n|\nfor_each_mesh_entry(a,\n- b,\nc, d) S\n)\n ...+\u003e\n\n[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]\n[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]\n[akpm@linux-foundation.org: checkpatch fixes]\n[akpm@linux-foundation.org: fix warnings]\n[akpm@linux-foudnation.org: redo intrusive kvm changes]\nTested-by: Peter Senna Tschudin \u003cpeter.senna@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nCc: Wu Fengguang \u003cfengguang.wu@intel.com\u003e\nCc: Marcelo Tosatti \u003cmtosatti@redhat.com\u003e\nCc: Gleb Natapov \u003cgleb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45e09bd51b2be1fbb86c2e3d5bb00d32744f1ecb", "tree": "4cf68d20342e7b0253ea07ae2b265b15b994f684", "parents": [ "d895cb1af15c04c522a25c79cc429076987c089b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 16:24:16 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 27 13:22:14 2013 -0500" }, "message": "selinux: opened file can\u0027t have NULL or negative -\u003ef_path.dentry\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d895cb1af15c04c522a25c79cc429076987c089b", "tree": "895dc9157e28f603d937a58be664e4e440d5530c", "parents": [ "9626357371b519f2b955fef399647181034a77fe", "d3d009cb965eae7e002ea5badf603ea8f4c34915" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Feb 26 20:16:07 2013 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile (part one) from Al Viro:\n \"Assorted stuff - cleaning namei.c up a bit, fixing -\u003ed_name/-\u003ed_parent\n locking violations, etc.\n\n The most visible changes here are death of FS_REVAL_DOT (replaced with\n \"has -\u003ed_weak_revalidate()\") and a new helper getting from struct file\n to inode. Some bits of preparation to xattr method interface changes.\n\n Misc patches by various people sent this cycle *and* ocfs2 fixes from\n several cycles ago that should\u0027ve been upstream right then.\n\n PS: the next vfs pile will be xattr stuff.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)\n saner proc_get_inode() calling conventions\n proc: avoid extra pde_put() in proc_fill_super()\n fs: change return values from -EACCES to -EPERM\n fs/exec.c: make bprm_mm_init() static\n ocfs2/dlm: use GFP_ATOMIC inside a spin_lock\n ocfs2: fix possible use-after-free with AIO\n ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path\n get_empty_filp()/alloc_file() leave both -\u003ef_pos and -\u003ef_version zero\n target: writev() on single-element vector is pointless\n export kernel_write(), convert open-coded instances\n fs: encode_fh: return FILEID_INVALID if invalid fid_type\n kill f_vfsmnt\n vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op\n nfsd: handle vfs_getattr errors in acl protocol\n switch vfs_getattr() to struct path\n default SET_PERSONALITY() in linux/elf.h\n ceph: prepopulate inodes only when request is aborted\n d_hash_and_lookup(): export, switch open-coded instances\n 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()\n 9p: split dropping the acls from v9fs_set_create_acl()\n ...\n" }, { "commit": "182be684784334598eee1d90274e7f7aa0063616", "tree": "7b4d555a24fbbe9b22086f31246d1aa6df5e5330", "parents": [ "ecf3d1f1aa74da0d632b651a2e05a911f60e92c0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 24 02:21:54 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Feb 26 02:46:10 2013 -0500" }, "message": "kill f_vfsmnt\n\nvery few users left...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "446d64e3e1154806092ac27de198dff1225797d9", "tree": "6ae7509b776f88bf7c28254e63ba34ddcd091a92", "parents": [ "a2c2c3a71c25627e4840795b3c269918d0e71b28" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:37 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 03:10:52 2013 +1100" }, "message": "block: fix part_pack_uuid() build error\n\nCommit \"85865c1 ima: add policy support for file system uuid\"\nintroduced a CONFIG_BLOCK dependency. This patch defines a\nwrapper called blk_part_pack_uuid(), which returns -EINVAL,\nwhen CONFIG_BLOCK is not defined.\n\nsecurity/integrity/ima/ima_policy.c:538:4: error: implicit declaration\nof function \u0027part_pack_uuid\u0027 [-Werror\u003dimplicit-function-declaration]\n\nChangelog v2:\n- Reference commit number in patch description\nChangelog v1:\n- rename ima_part_pack_uuid() to blk_part_pack_uuid()\n- resolve scripts/checkpatch.pl warnings\nChangelog v0:\n- fix UUID scripts/Lindent msgs\n\nReported-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nReported-by: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nAcked-by: David Rientjes \u003crientjes@google.com\u003e\nAcked-by: Randy Dunlap \u003crdunlap@infradead.org\u003e\nCc: Jens Axboe \u003caxboe@kernel.dk\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a2c2c3a71c25627e4840795b3c269918d0e71b28", "tree": "f643772b0087e7bf5a9801ed07580ee8d5ce93c9", "parents": [ "ab7826595e9ec51a51f622c5fc91e2f59440481a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Sun Feb 24 23:42:36 2013 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Feb 26 02:46:38 2013 +1100" }, "message": "ima: \"remove enforce checking duplication\" merge fix\n\nCommit \"750943a ima: remove enforce checking duplication\" combined\nthe \u0027in IMA policy\u0027 and \u0027enforcing file integrity\u0027 checks. For\nthe non-file, kernel module verification, a specific check for\n\u0027enforcing file integrity\u0027 was not added. This patch adds the\ncheck.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "496ad9aa8ef448058e36ca7a787c61f2e63f0f54", "tree": "8f4abde793cd7db5bb8fde6d27ebcacd0e54379a", "parents": [ "57eccb830f1cc93d4b506ba306d8dfa685e0c88f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jan 23 17:07:38 2013 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 22 23:31:31 2013 -0500" }, "message": "new helper: file_inode(file)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "53eb8c82d581fdd4b389a3e417261f3ae924e603", "tree": "de3893156c17c9ab220e4460630f581c55a0f487", "parents": [ "024e4ec1856d57bb78c06ec903d29dcf716f5f47" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Feb 21 16:41:31 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 17:22:15 2013 -0800" }, "message": "device_cgroup: don\u0027t grab mutex in rcu callback\n\nCommit 103a197c0c4e (\"security/device_cgroup: lock assert fails in\ndev_exception_clean()\") grabs devcgroup_mutex to fix assert failure, but\na mutex can\u0027t be grabbed in rcu callback. Since there shouldn\u0027t be any\nother references when css_free is called, mutex isn\u0027t needed for list\ncleanup in devcgroup_css_free().\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "33673dcb372b5d8179c22127ca71deb5f3dc7016", "tree": "d182e9dc6aa127375a92b5eb619d6cd2ddc23ce7", "parents": [ "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "5b2660326039a32b28766cb4c1a8b1bdcfadc375" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 08:18:12 2013 -0800" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"This is basically a maintenance update for the TPM driver and EVM/IMA\"\n\nFix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)\n tpm/ibmvtpm: build only when IBM pseries is configured\n ima: digital signature verification using asymmetric keys\n ima: rename hash calculation functions\n ima: use new crypto_shash API instead of old crypto_hash\n ima: add policy support for file system uuid\n evm: add file system uuid to EVM hmac\n tpm_tis: check pnp_acpi_device return code\n char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value\n char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe\n char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute\n char/tpm/tpm_i2c_stm_st33: Don\u0027t use memcpy for one byte assignment\n tpm_i2c_stm_st33: removed unused variables/code\n TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup\n tpm: Fix cancellation of TPM commands (interrupt mode)\n tpm: Fix cancellation of TPM commands (polling mode)\n tpm: Store TPM vendor ID\n TPM: Work around buggy TPMs that block during continue self test\n tpm_i2c_stm_st33: fix oops when i2c client is unavailable\n char/tpm: Use struct dev_pm_ops for power management\n TPM: STMicroelectronics ST33 I2C BUILD STUFF\n ...\n" }, { "commit": "fe9453a1dcb5fb146f9653267e78f4a558066f6f", "tree": "ba144f62734e9d89ed515466972c318de561ccb2", "parents": [ "a0b1c42951dd06ec83cc1bc2c9788131d9fefcd8" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 21 12:00:25 2013 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Feb 21 07:56:25 2013 -0800" }, "message": "KEYS: Revert one application of \"Fix unreachable code\" patch\n\nA patch to fix some unreachable code in search_my_process_keyrings() got\napplied twice by two different routes upstream as commits e67eab39bee2\nand b010520ab3d2 (both \"fix unreachable code\").\n\nUnfortunately, the second application removed something it shouldn\u0027t\nhave and this wasn\u0027t detected by GIT. This is due to the patch not\nhaving sufficient lines of context to distinguish the two places of\napplication.\n\nThe effect of this is relatively minor: inside the kernel, the keyring\nsearch routines may search multiple keyrings and then prioritise the\nerrors if no keys or negative keys are found in any of them. With the\nextra deletion, the presence of a negative key in the thread keyring\n(causing ENOKEY) is incorrectly overridden by an error searching the\nprocess keyring.\n\nSo revert the second application of the patch.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Jiri Kosina \u003cjkosina@suse.cz\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e0751257a64ea10cca96ccb06522bfb10e36cb5b", "tree": "7ff1ec8b4d359f383fc3408876dd6ff6532f9ab6", "parents": [ "50af554466804bf51a52fa3d1d0a76f96bd33929" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Feb 07 00:12:08 2013 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 21:22:18 2013 -0500" }, "message": "ima: digital signature verification using asymmetric keys\n\nAsymmetric keys were introduced in linux-3.7 to verify the signature on\nsigned kernel modules. The asymmetric keys infrastructure abstracts the\nsignature verification from the crypto details. This patch adds IMA/EVM\nsignature verification using asymmetric keys. Support for additional\nsignature verification methods can now be delegated to the asymmetric\nkey infrastructure.\n\nAlthough the module signature header and the IMA/EVM signature header\ncould use the same format, to minimize the signature length and save\nspace in the extended attribute, this patch defines a new IMA/EVM\nheader format. The main difference is that the key identifier is a\nsha1[12 - 19] hash of the key modulus and exponent, similar to the\ncurrent implementation. The only purpose of the key identifier is to\nidentify the corresponding key in the kernel keyring. ima-evm-utils\nwas updated to support the new signature format.\n\nWhile asymmetric signature verification functionality supports many\ndifferent hash algorithms, the hash used in this patch is calculated\nduring the IMA collection phase, based on the configured algorithm.\nThe default algorithm is sha1, but for backwards compatibility md5\nis supported. Due to this current limitation, signatures should be\ngenerated using a sha1 hash algorithm.\n\nChanges in this patch:\n- Functionality has been moved to separate source file in order to get rid of\n in source #ifdefs.\n- keyid is derived according to the RFC 3280. It does not require to assign\n IMA/EVM specific \"description\" when loading X509 certificate. Kernel\n asymmetric key subsystem automatically generate the description. Also\n loading a certificate does not require using of ima-evm-utils and can be\n done using keyctl only.\n- keyid size is reduced to 32 bits to save xattr space. Key search is done\n using partial match functionality of asymmetric_key_match().\n- Kconfig option title was changed\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "50af554466804bf51a52fa3d1d0a76f96bd33929", "tree": "b7a3737c726a690ddefa60fdc01427d46d1d08b2", "parents": [ "76bb28f6126f20ee987b9d2570fa653d95d30ae9" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon May 14 14:13:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:13 2013 -0500" }, "message": "ima: rename hash calculation functions\n\nRename hash calculation functions to reflect meaning\nand change argument order in conventional way.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "76bb28f6126f20ee987b9d2570fa653d95d30ae9", "tree": "d03a184b5fb611544519662784ec50fee55bac72", "parents": [ "85865c1fa189fcba49089e6254a0226f2269bebc" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 10:42:30 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:41:12 2013 -0500" }, "message": "ima: use new crypto_shash API instead of old crypto_hash\n\nOld crypto hash API internally uses shash API.\nUsing shash API directly is more efficient.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "85865c1fa189fcba49089e6254a0226f2269bebc", "tree": "e3bcc153e1218302a3bccd30f55295361396a781", "parents": [ "74de66842473bdafa798010e58f1999ec70a8983" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 23:23:13 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:29 2013 -0500" }, "message": "ima: add policy support for file system uuid\n\nThe IMA policy permits specifying rules to enable or disable\nmeasurement/appraisal/audit based on the file system magic number.\nIf, for example, the policy contains an ext4 measurement rule,\nthe rule is enabled for all ext4 partitions.\n\nSometimes it might be necessary to enable measurement/appraisal/audit\nonly for one partition and disable it for another partition of the\nsame type. With the existing IMA policy syntax, this can not be done.\n\nThis patch provides support for IMA policy rules to specify the file\nsystem by its UUID (eg. fsuuid\u003d397449cd-687d-4145-8698-7fed4a3e0363).\n\nFor partitions not being appraised, it might be a good idea to mount\nfile systems with the \u0027noexec\u0027 option to prevent executing non-verified\nbinaries.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "74de66842473bdafa798010e58f1999ec70a8983", "tree": "83bb9c589051fd7269a9cd2bf1d7be9a955eccbd", "parents": [ "6e38bfaad6c83bdd07eb659f9bfd50f8d71a5a46" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 10 10:37:20 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 06 10:40:28 2013 -0500" }, "message": "evm: add file system uuid to EVM hmac\n\nEVM uses the same key for all file systems to calculate the HMAC,\nmaking it possible to paste inodes from one file system on to another\none, without EVM being able to detect it. To prevent such an attack,\nit is necessary to make the EVM HMAC file system specific.\n\nThis patch uses the file system UUID, a file system unique identifier,\nto bind the EVM HMAC to the file system. The value inode-\u003ei_sb-\u003es_uuid\nis used for the HMAC hash calculation, instead of using it for deriving\nthe file system specific key. Initializing the key for every inode HMAC\ncalculation is a bit more expensive operation than adding the uuid to\nthe HMAC hash.\n\nChanging the HMAC calculation method or adding additional info to the\ncalculation, requires existing EVM labeled file systems to be relabeled.\nThis patch adds a Kconfig HMAC version option for backwards compatability.\n\nChangelog v1:\n- squash \"hmac version setting\"\nChangelog v0:\n- add missing Kconfig depends (Mimi)\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "22f837981514e157f8f9737b25ac6d7d90a14006", "tree": "5537a70dcd9225023335b1bd1cd0e9a9c0e95cb9", "parents": [ "949db153b6466c6f7cad5a427ecea94985927311", "6642f91c92da07369cf1e582503ea3ccb4a7f1a9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 28 11:41:37 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 28 11:41:37 2013 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nPull networking updates from David Miller:\n \"Much more accumulated than I would have liked due to an unexpected\n bout with a nasty flu:\n\n 1) AH and ESP input don\u0027t set ECN field correctly because the\n transport head of the SKB isn\u0027t set correctly, fix from Li\n RongQing.\n\n 2) If netfilter conntrack zones are disabled, we can return an\n uninitialized variable instead of the proper error code. Fix from\n Borislav Petkov.\n\n 3) Fix double SKB free in ath9k driver beacon handling, from Felix\n Feitkau.\n\n 4) Remove bogus assumption about netns cleanup ordering in\n nf_conntrack, from Pablo Neira Ayuso.\n\n 5) Remove a bogus BUG_ON in the new TCP fastopen code, from Eric\n Dumazet. It uses spin_is_locked() in it\u0027s test and is therefore\n unsuitable for UP.\n\n 6) Fix SELINUX labelling regressions added by the tuntap multiqueue\n changes, from Paul Moore.\n\n 7) Fix CRC errors with jumbo frame receive in tg3 driver, from Nithin\n Nayak Sujir.\n\n 8) CXGB4 driver sets interrupt coalescing parameters only on first\n queue, rather than all of them. Fix from Thadeu Lima de Souza\n Cascardo.\n\n 9) Fix regression in the dispatch of read/write registers in dm9601\n driver, from Tushar Behera.\n\n 10) ipv6_append_data miscalculates header length, from Romain KUNTZ.\n\n 11) Fix PMTU handling regressions on ipv4 routes, from Steffen\n Klassert, Timo Teräs, and Julian Anastasov.\n\n 12) In 3c574_cs driver, add necessary parenthesis to \"x \u003c\u003c y \u0026 z\"\n expression. From Nickolai Zeldovich.\n\n 13) macvlan_get_size() causes underallocation netlink message space,\n fix from Eric Dumazet.\n\n 14) Avoid division by zero in xfrm_replay_advance_bmp(), from Nickolai\n Zeldovich. Amusingly the zero check was already there, we were\n just performing it after the modulus :-)\n\n 15) Some more splice bug fixes from Eric Dumazet, which fix things\n mostly eminating from how we now more aggressively use high-order\n pages in SKBs.\n\n 16) Fix size calculation bug when freeing hash tables in the IPSEC\n xfrm code, from Michal Kubecek.\n\n 17) Fix PMTU event propagation into socket cached routes, from Steffen\n Klassert.\n\n 18) Fix off by one in TX buffer release in netxen driver, from Eric\n Dumazet.\n\n 19) Fix rediculous memory allocation requirements introduced by the\n tuntap multiqueue changes, from Jason Wang.\n\n 20) Remove bogus AMD platform workaround in r8169 driver that causes\n major problems in normal operation, from Timo Teräs.\n\n 21) virtio-net set affinity and select queue don\u0027t handle\n discontiguous cpu numbers properly, fix from Wanlong Gao.\n\n 22) Fix a route refcounting issue in loopback driver, from Eric\n Dumazet. There\u0027s a similar fix coming that we might add to the\n macvlan driver as well.\n\n 23) Fix SKB leaks in batman-adv\u0027s distributed arp table code, from\n Matthias Schiffer.\n\n 24) r8169 driver gives descriptor ownership back the hardware before\n we\u0027re done reading the VLAN tag out of it, fix from Francois\n Romieu.\n\n 25) Checksums not calculated properly in GRE tunnel driver fix from\n Pravin B Shelar.\n\n26) Fix SCTP memory leak on namespace exit.\"\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (101 commits)\n dm9601: support dm9620 variant\n SCTP: Free the per-net sysctl table on net exit. v2\n net: phy: icplus: fix broken INTR pin settings\n net: phy: icplus: Use the RGMII interface mode to configure clock delays\n IP_GRE: Fix kernel panic in IP_GRE with GRE csum.\n sctp: set association state to established in dupcook_a handler\n ip6mr: limit IPv6 MRT_TABLE identifiers\n r8169: fix vlan tag read ordering.\n net: cdc_ncm: use IAD provided by the USB core\n batman-adv: filter ARP packets with invalid MAC addresses in DAT\n batman-adv: check for more types of invalid IP addresses in DAT\n batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()\n net: loopback: fix a dst refcounting issue\n virtio-net: reset virtqueue affinity when doing cpu hotplug\n virtio-net: split out clean affinity function\n virtio-net: fix the set affinity bug when CPU IDs are not consecutive\n can: pch_can: fix invalid error codes\n can: ti_hecc: fix invalid error codes\n can: c_can: fix invalid error codes\n r8169: remove the obsolete and incorrect AMD workaround\n ...\n" }, { "commit": "5a73fcfa8875a94c2956e7ff8fba54d31a3e2854", "tree": "4f7a55a1f4c7524aaa422fc216717c1c0424d48e", "parents": [ "d79d72e02485c00b886179538dc8deaffa3be507" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 15:14:38 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:39 2013 -0500" }, "message": "ima: differentiate appraise status only for hook specific rules\n\nDifferent hooks can require different methods for appraising a\nfile\u0027s integrity. As a result, an integrity appraisal status is\ncached on a per hook basis.\n\nOnly a hook specific rule, requires the inode to be re-appraised.\nThis patch eliminates unnecessary appraisals.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "d79d72e02485c00b886179538dc8deaffa3be507", "tree": "92690d5cbd6e4a0a3bee369033fe18d9b2d065f7", "parents": [ "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 03 17:08:11 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:36 2013 -0500" }, "message": "ima: per hook cache integrity appraisal status\n\nWith the new IMA policy \u0027appraise_type\u003d\u0027 option, different hooks\ncan require different methods for appraising a file\u0027s integrity.\n\nFor example, the existing \u0027ima_appraise_tcb\u0027 policy defines a\ngeneric rule, requiring all root files to be appraised, without\nspecfying the appraisal method. A more specific rule could require\nall kernel modules, for example, to be signed.\n\nappraise fowner\u003d0 func\u003dMODULE_CHECK appraise_type\u003dimasig\nappraise fowner\u003d0\n\nAs a result, the integrity appraisal results for the same inode, but\nfor different hooks, could differ. This patch caches the integrity\nappraisal results on a per hook basis.\n\nChangelog v2:\n- Rename ima_cache_status() to ima_set_cache_status()\n- Rename and move get_appraise_status() to ima_get_cache_status()\nChangelog v0:\n- include IMA_APPRAISE/APPRAISED_SUBMASK in IMA_DO/DONE_MASK (Dmitry)\n- Support independent MODULE_CHECK appraise status.\n- fixed IMA_XXXX_APPRAISE/APPRAISED flags\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "f578c08ec959cb0cdadf02bdc9689a4df3e9b9d4", "tree": "914edd29a01e55aa993f810246ff01e8c1c19ae0", "parents": [ "0e5a247cb37a97d843ef76d09d5f80deb7893ba3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Dec 05 09:29:09 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:34 2013 -0500" }, "message": "ima: increase iint flag size\n\nIn preparation for hook specific appraise status results, increase\nthe iint flags size.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "0e5a247cb37a97d843ef76d09d5f80deb7893ba3", "tree": "7206abaf6d20e69a89584046ed7dc9970ba2da12", "parents": [ "a175b8bb29ebbad380ab4788f307fbfc47997b19" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jun 08 13:58:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Jan 22 16:10:31 2013 -0500" }, "message": "ima: added policy support for \u0027security.ima\u0027 type\n\nThe \u0027security.ima\u0027 extended attribute may contain either the file data\u0027s\nhash or a digital signature. This patch adds support for requiring a\nspecific extended attribute type. It extends the IMA policy with a new\nkeyword \u0027appraise_type\u003dimasig\u0027. (Default is hash.)\n\nChangelog v2:\n- Fixed Documentation/ABI/testing/ima_policy option syntax\nChangelog v1:\n- Differentiate between \u0027required\u0027 vs. \u0027actual\u0027 extended attribute\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "103a197c0c4ec936f5a243b5b092e4e49213f569", "tree": "e39515c278a0f923537aaee97bef38aad671ab00", "parents": [ "a67adb997419fb53540d4a4f79c6471c60bc69b6" ], "author": { "name": "Jerry Snitselaar", "email": "jerry.snitselaar@oracle.com", "time": "Thu Jan 17 01:04:14 2013 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:55 2013 +1100" }, "message": "security/device_cgroup: lock assert fails in dev_exception_clean()\n\ndevcgroup_css_free() calls dev_exception_clean() without the devcgroup_mutex being locked.\n\nShutting down a kvm virt was giving me the following trace:\n\n[36280.732764] ------------[ cut here ]------------\n[36280.732778] WARNING: at /home/snits/dev/linux/security/device_cgroup.c:172 dev_exception_clean+0xa9/0xc0()\n[36280.732782] Hardware name: Studio XPS 8100\n[36280.732785] Modules linked in: xt_REDIRECT fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle bridge stp llc nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter it87 hwmon_vid xt_state nf_conntrack ip6_tables snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq coretemp snd_seq_device crc32c_intel snd_pcm snd_page_alloc snd_timer snd broadcom tg3 serio_raw i7core_edac edac_core ptp pps_core lpc_ich pcspkr mfd_core soundcore microcode i2c_i801 nfsd auth_rpcgss nfs_acl lockd vhost_net sunrpc tun macvtap macvlan kvm_intel kvm uinput binfmt_misc autofs4 usb_storage firewire_ohci firewire_core crc_itu_t radeon drm_kms_helper ttm\n[36280.732921] Pid: 933, comm: libvirtd Tainted: G W 3.8.0-rc3-00307-g4c217de #1\n[36280.732922] Call Trace:\n[36280.732927] [\u003cffffffff81044303\u003e] warn_slowpath_common+0x93/0xc0\n[36280.732930] [\u003cffffffff8104434a\u003e] warn_slowpath_null+0x1a/0x20\n[36280.732932] [\u003cffffffff812deaf9\u003e] dev_exception_clean+0xa9/0xc0\n[36280.732934] [\u003cffffffff812deb2a\u003e] devcgroup_css_free+0x1a/0x30\n[36280.732938] [\u003cffffffff810ccd76\u003e] cgroup_diput+0x76/0x210\n[36280.732941] [\u003cffffffff8119eac0\u003e] d_delete+0x120/0x180\n[36280.732943] [\u003cffffffff81195cff\u003e] vfs_rmdir+0xef/0x130\n[36280.732945] [\u003cffffffff81195e47\u003e] do_rmdir+0x107/0x1c0\n[36280.732949] [\u003cffffffff8132d17e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n[36280.732951] [\u003cffffffff81198646\u003e] sys_rmdir+0x16/0x20\n[36280.732954] [\u003cffffffff8173bd82\u003e] system_call_fastpath+0x16/0x1b\n[36280.732956] ---[ end trace ca39dced899a7d9f ]---\n\nSigned-off-by: Jerry Snitselaar \u003cjerry.snitselaar@oracle.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a67adb997419fb53540d4a4f79c6471c60bc69b6", "tree": "5796039c0789a8504fb3b7d1a5cb81b4e47121fb", "parents": [ "9a9284153d965a57edc7162a8e57c14c97f3a935" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Jan 18 23:56:39 2013 +0200" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Jan 22 00:27:50 2013 +1100" }, "message": "evm: checking if removexattr is not a NULL\n\nThe following lines of code produce a kernel oops.\n\nfd \u003d socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);\nfchmod(fd, 0666);\n\n[ 139.922364] BUG: unable to handle kernel NULL pointer dereference at (null)\n[ 139.924982] IP: [\u003c (null)\u003e] (null)\n[ 139.924982] *pde \u003d 00000000\n[ 139.924982] Oops: 0000 [#5] SMP\n[ 139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button\n[ 139.924982] Pid: 3070, comm: acpid Tainted: G D 3.8.0-rc2-kds+ #465 Bochs Bochs\n[ 139.924982] EIP: 0060:[\u003c00000000\u003e] EFLAGS: 00010246 CPU: 0\n[ 139.924982] EIP is at 0x0\n[ 139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2\n[ 139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4\n[ 139.924982] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068\n[ 139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0\n[ 139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000\n[ 139.924982] DR6: ffff0ff0 DR7: 00000400\n[ 139.924982] Process acpid (pid: 3070, ti\u003dcc02c000 task\u003dd7705340 task.ti\u003dcc02c000)\n[ 139.924982] Stack:\n[ 139.924982] c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940\n[ 139.924982] e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3\n[ 139.924982] 00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08\n[ 139.924982] Call Trace:\n[ 139.924982] [\u003cc1203c88\u003e] ? evm_update_evmxattr+0x5b/0x62\n[ 139.924982] [\u003cc1203964\u003e] evm_inode_post_setattr+0x22/0x26\n[ 139.924982] [\u003cc10e20c3\u003e] notify_change+0x25f/0x281\n[ 139.924982] [\u003cc10cbf56\u003e] chmod_common+0x59/0x76\n[ 139.924982] [\u003cc10e27a1\u003e] ? put_unused_fd+0x33/0x33\n[ 139.924982] [\u003cc10cca09\u003e] sys_fchmod+0x39/0x5c\n[ 139.924982] [\u003cc13f4f30\u003e] syscall_call+0x7/0xb\n[ 139.924982] Code: Bad EIP value.\n\nThis happens because sockets do not define the removexattr operation.\nBefore removing the xattr, verify the removexattr function pointer is\nnot NULL.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "a175b8bb29ebbad380ab4788f307fbfc47997b19", "tree": "8e0dbb1def59d05412e57ff2f9fc089bb304bffa", "parents": [ "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:06:28 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:05 2013 -0500" }, "message": "ima: forbid write access to files with digital signatures\n\nThis patch forbids write access to files with digital signatures, as they\nare considered immutable.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0", "tree": "5779ef0eadc9b871f0b1b06cc0107d0c28dfc726", "parents": [ "ee866331749b07373743ce18ceaffb1dd841d855" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Tue Sep 04 00:40:17 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:03 2013 -0500" }, "message": "ima: move full pathname resolution to separate function\n\nDefine a new function ima_d_path(), which returns the full pathname.\nThis function will be used further, for example, by the directory\nverification code.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ee866331749b07373743ce18ceaffb1dd841d855", "tree": "c99c1f5218e5a1f9fcf756142922a2a996870c57", "parents": [ "16cac49f727621c6b0467ffe15ed72c2febb1296" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 17:00:43 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:50:01 2013 -0500" }, "message": "integrity: reduce storage size for ima_status and evm_status\n\nThis patch reduces size of the iint structure by 8 bytes.\nIt saves about 15% of iint cache memory.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "16cac49f727621c6b0467ffe15ed72c2febb1296", "tree": "dc9b4914116ad2ecb1831184192470900e609a27", "parents": [ "b51524635b73cfa27cc393859b277cee9c042820" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Dec 13 11:15:04 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:59 2013 -0500" }, "message": "ima: rename FILE_MMAP to MMAP_CHECK\n\nRename FILE_MMAP hook to MMAP_CHECK to be consistent with the other\nhook names.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "b51524635b73cfa27cc393859b277cee9c042820", "tree": "c4fae16b423b732dce39b28faca4ae4f1dadc3f9", "parents": [ "750943a30714b7e9a5a2b0e08eeef7a808b5a869" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Fri Sep 21 01:01:29 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:57 2013 -0500" }, "message": "ima: remove security.ima hexdump\n\nHexdump is not really helping. Audit messages prints error messages.\nRemove it.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "750943a30714b7e9a5a2b0e08eeef7a808b5a869", "tree": "a75f963abc43a13e3d1a558b2f8c3d47b018b63d", "parents": [ "def3e8b9ee23cb69036910e48ec4e3eff40e04cb" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 15:57:10 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 17:49:44 2013 -0500" }, "message": "ima: remove enforce checking duplication\n\nBased on the IMA appraisal policy, files are appraised. For those\nfiles appraised, the IMA hooks return the integrity appraisal result,\nassuming IMA-appraisal is in enforcing mode. This patch combines\nboth of these criteria (in policy and enforcing file integrity),\nremoving the checking duplication.\n\nChangelog v1:\n- Update hook comments\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "def3e8b9ee23cb69036910e48ec4e3eff40e04cb", "tree": "0840ab9e618f15f4c3c5e8ee6fafe5a17c814af2", "parents": [ "e90805656d4683f84d360276102ae63adc777a38" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 20 22:38:53 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:07 2013 -0500" }, "message": "ima: set appraise status in fix mode only when xattr is fixed\n\nWhen a file system is mounted read-only, setting the xattr value in\nfix mode fails with an error code -EROFS. The xattr should be fixed\nafter the file system is remounted read-write. This patch verifies\nthat the set xattr succeeds, before setting the appraise status value\nto INTEGRITY_PASS.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "e90805656d4683f84d360276102ae63adc777a38", "tree": "b252fcd8e8b1f0fde0277c24413ad21c857515c2", "parents": [ "7163a993840f0906d4ce1e3f193575c99dac21e1" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Mon Sep 03 17:11:56 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:05 2013 -0500" }, "message": "evm: remove unused cleanup functions\n\nEVM cannot be built as a kernel module. Remove the unncessary __exit\nfunctions.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "7163a993840f0906d4ce1e3f193575c99dac21e1", "tree": "3c1c04f5da24cf2492b20b861c9974549978436c", "parents": [ "cf9ce948f47640797bd19980e1d99c6d17d0bdc3" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Jan 03 14:19:09 2013 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Jan 16 15:47:03 2013 -0500" }, "message": "ima: re-initialize IMA policy LSM info\n\nAlthough the IMA policy does not change, the LSM policy can be\nreloaded, leaving the IMA LSM based rules referring to the old,\nstale LSM policy. This patch updates the IMA LSM based rules\nto reflect the reloaded LSM policy.\n\nReported-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\ntested-by: Sven Vermeulen \u003csven.vermeulen@siphos.be\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "5dbbaf2de89613d19a9286d4db0a535ca2735d26", "tree": "1eaa64968a8ecf83aee4d2f6792840abde6c4916", "parents": [ "6f96c142f77c96a34ac377a3616ee7abcd77fb4d" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:19 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "tun: fix LSM/SELinux labeling of tun/tap devices\n\nThis patch corrects some problems with LSM/SELinux that were introduced\nwith the multiqueue patchset. The problem stems from the fact that the\nmultiqueue work changed the relationship between the tun device and its\nassociated socket; before the socket persisted for the life of the\ndevice, however after the multiqueue changes the socket only persisted\nfor the life of the userspace connection (fd open). For non-persistent\ndevices this is not an issue, but for persistent devices this can cause\nthe tun device to lose its SELinux label.\n\nWe correct this problem by adding an opaque LSM security blob to the\ntun device struct which allows us to have the LSM security state, e.g.\nSELinux labeling information, persist for the lifetime of the tun\ndevice. In the process we tweak the LSM hooks to work with this new\napproach to TUN device/socket labeling and introduce a new LSM hook,\nsecurity_tun_dev_attach_queue(), to approve requests to attach to a\nTUN queue via TUNSETQUEUE.\n\nThe SELinux code has been adjusted to match the new LSM hooks, the\nother LSMs do not make use of the LSM TUN controls. This patch makes\nuse of the recently added \"tun_socket:attach_queue\" permission to\nrestrict access to the TUNSETQUEUE operation. On older SELinux\npolicies which do not define the \"tun_socket:attach_queue\" permission\nthe access control decision for TUNSETQUEUE will be handled according\nto the SELinux policy\u0027s unknown permission setting.\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f96c142f77c96a34ac377a3616ee7abcd77fb4d", "tree": "a481cf442e39dae7f0392b38db461f5b3076e7eb", "parents": [ "cce894bb824429fd312706c7012acae43e725865" ], "author": { "name": "Paul Moore", "email": "pmoore@redhat.com", "time": "Mon Jan 14 07:12:13 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 14 18:16:59 2013 -0500" }, "message": "selinux: add the \"attach_queue\" permission to the \"tun_socket\" class\n\nAdd a new permission to align with the new TUN multiqueue support,\n\"tun_socket:attach_queue\".\n\nThe corresponding SELinux reference policy patch is show below:\n\n diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors\n index 28802c5..a0664a1 100644\n --- a/policy/flask/access_vectors\n +++ b/policy/flask/access_vectors\n @@ -827,6 +827,9 @@ class kernel_service\n\n class tun_socket\n inherits socket\n +{\n + attach_queue\n +}\n\n class x_pointer\n inherits x_device\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@parisplace.org\u003e\nTested-by: Jason Wang \u003cjasowang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a7f2a366f62319dfebf8d4dfe8b211f631c78457", "tree": "67e502cd2da52cc6c75d1fa9dcaed27fd05b86e2", "parents": [ "a49f0d1ea3ec94fc7cf33a7c36a16343b74bd565" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Dec 21 08:34:21 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Dec 24 09:35:48 2012 -0500" }, "message": "ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall\n\nThe new kernel module syscall appraises kernel modules based\non policy. If the IMA policy requires kernel module checking,\nfallback to module signature enforcing for the existing syscall.\nWithout CONFIG_MODULE_SIG_FORCE enabled, the kernel module\u0027s\nintegrity is unknown, return -EACCES.\n\nChangelog v1:\n- Fix ima_module_check() return result (Tetsuo Handa)\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nReviewed-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "e67eab39bee26f509d38d00ca1a8f24b63f46a31", "tree": "252072ae63bd5ecb8186242ace12e7df3a1311ad", "parents": [ "a68c2f12b4b28994aaf622bbe5724b7258cc2fcf" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Dec 20 15:05:54 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 20 17:40:21 2012 -0800" }, "message": "keys: fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9eb127cc04c4005c8c0708ce92146d91da862b42", "tree": "bebab2c136110edf32d6cf32f898871df9fbb0e6", "parents": [ "e32795503de02da4e7e74a5e039cc268f6a0ecfb", "152a2a8b5e1d4cbe91a7c66f1028db15164a3766" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nPull networking fixes from David Miller:\n\n 1) Really fix tuntap SKB use after free bug, from Eric Dumazet.\n\n 2) Adjust SKB data pointer to point past the transport header before\n calling icmpv6_notify() so that the headers are in the state which\n that function expects. From Duan Jiong.\n\n 3) Fix ambiguities in the new tuntap multi-queue APIs. From Jason\n Wang.\n\n 4) mISDN needs to use del_timer_sync(), from Konstantin Khlebnikov.\n\n 5) Don\u0027t destroy mutex after freeing up device private in mac802154,\n fix also from Konstantin Khlebnikov.\n\n 6) Fix INET request socket leak in TCP and DCCP, from Christoph Paasch.\n\n 7) SCTP HMAC kconfig rework, from Neil Horman.\n\n 8) Fix SCTP jprobes function signature, otherwise things explode, from\n Daniel Borkmann.\n\n 9) Fix typo in ipv6-offload Makefile variable reference, from Simon\n Arlott.\n\n10) Don\u0027t fail USBNET open just because remote wakeup isn\u0027t supported,\n from Oliver Neukum.\n\n11) be2net driver bug fixes from Sathya Perla.\n\n12) SOLOS PCI ATM driver bug fixes from Nathan Williams and David\n Woodhouse.\n\n13) Fix MTU changing regression in 8139cp driver, from John Greene.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)\n solos-pci: ensure all TX packets are aligned to 4 bytes\n solos-pci: add firmware upgrade support for new models\n solos-pci: remove superfluous debug output\n solos-pci: add GPIO support for newer versions on Geos board\n 8139cp: Prevent dev_close/cp_interrupt race on MTU change\n net: qmi_wwan: add ZTE MF880\n drivers/net: Use of_match_ptr() macro in smsc911x.c\n drivers/net: Use of_match_ptr() macro in smc91x.c\n ipv6: addrconf.c: remove unnecessary \"if\"\n bridge: Correctly encode addresses when dumping mdb entries\n bridge: Do not unregister all PF_BRIDGE rtnl operations\n use generic usbnet_manage_power()\n usbnet: generic manage_power()\n usbnet: handle PM failure gracefully\n ksz884x: fix receive polling race condition\n qlcnic: update driver version\n qlcnic: fix unused variable warnings\n net: fec: forbid FEC_PTP on SoCs that do not support\n be2net: fix wrong frag_idx reported by RX CQ\n be2net: fix be_close() to ensure all events are ack\u0027ed\n ...\n" }, { "commit": "7a684c452e2589f3ddd7e2d466b4f747d3715ad9", "tree": "fed803e7450770993575b37807ba2195eafd5b0e", "parents": [ "7f2de8171ddf28fdb2ca7f9a683ee1207849f718", "e10e1774efbdaec54698454200619a03a01e1d64" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "message": "Merge tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module update from Rusty Russell:\n \"Nothing all that exciting; a new module-from-fd syscall for those who\n want to verify the source of the module (ChromeOS) and/or use standard\n IMA on it or other security hooks.\"\n\n* tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:\n MODSIGN: Fix kbuild output when using default extra_certificates\n MODSIGN: Avoid using .incbin in C source\n modules: don\u0027t hand 0 to vmalloc.\n module: Remove a extra null character at the top of module-\u003estrtab.\n ASN.1: Use the ASN1_LONG_TAG and ASN1_INDEFINITE_LENGTH constants\n ASN.1: Define indefinite length marker constant\n moduleparam: use __UNIQUE_ID()\n __UNIQUE_ID()\n MODSIGN: Add modules_sign make target\n powerpc: add finit_module syscall.\n ima: support new kernel module syscall\n add finit_module syscall to asm-generic\n ARM: add finit_module syscall to ARM\n security: introduce kernel_module_from_file hook\n module: add flags arg to sys_finit_module()\n module: add syscall to load module from fd\n" }, { "commit": "a2faf2fc534f57ba26bc4d613795236ed4f5fb1c", "tree": "d75c4daadb469c8f08c498532fbf1fff68879e69", "parents": [ "4351654e3ddf86a04966163dce4def586303e5cc", "5155040ed349950e16c093ba8e65ad534994df2a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull (again) user namespace infrastructure changes from Eric Biederman:\n \"Those bugs, those darn embarrasing bugs just want don\u0027t want to get\n fixed.\n\n Linus I just updated my mirror of your kernel.org tree and it appears\n you successfully pulled everything except the last 4 commits that fix\n those embarrasing bugs.\n\n When you get a chance can you please repull my branch\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:\n userns: Fix typo in description of the limitation of userns_install\n userns: Add a more complete capability subset test to commit_creds\n userns: Require CAP_SYS_ADMIN for most uses of setns.\n Fix cap_capable to only allow owners in the parent user namespace to have caps.\n" }, { "commit": "6a2b60b17b3e48a418695a94bd2420f6ab32e519", "tree": "54b7792fa68b8890f710fa6398b6ba8626a039a8", "parents": [ "9228ff90387e276ad67b10c0eb525c9d6a57d5e9", "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"While small this set of changes is very significant with respect to\n containers in general and user namespaces in particular. The user\n space interface is now complete.\n\n This set of changes adds support for unprivileged users to create user\n namespaces and as a user namespace root to create other namespaces.\n The tyranny of supporting suid root preventing unprivileged users from\n using cool new kernel features is broken.\n\n This set of changes completes the work on setns, adding support for\n the pid, user, mount namespaces.\n\n This set of changes includes a bunch of basic pid namespace\n cleanups/simplifications. Of particular significance is the rework of\n the pid namespace cleanup so it no longer requires sending out\n tendrils into all kinds of unexpected cleanup paths for operation. At\n least one case of broken error handling is fixed by this cleanup.\n\n The files under /proc/\u003cpid\u003e/ns/ have been converted from regular files\n to magic symlinks which prevents incorrect caching by the VFS,\n ensuring the files always refer to the namespace the process is\n currently using and ensuring that the ptrace_mayaccess permission\n checks are always applied.\n\n The files under /proc/\u003cpid\u003e/ns/ have been given stable inode numbers\n so it is now possible to see if different processes share the same\n namespaces.\n\n Through the David Miller\u0027s net tree are changes to relax many of the\n permission checks in the networking stack to allowing the user\n namespace root to usefully use the networking stack. Similar changes\n for the mount namespace and the pid namespace are coming through my\n tree.\n\n Two small changes to add user namespace support were commited here adn\n in David Miller\u0027s -net tree so that I could complete the work on the\n /proc/\u003cpid\u003e/ns/ files in this tree.\n\n Work remains to make it safe to build user namespaces and 9p, afs,\n ceph, cifs, coda, gfs2, ncpfs, nfs, nfsd, ocfs2, and xfs so the\n Kconfig guard remains in place preventing that user namespaces from\n being built when any of those filesystems are enabled.\n\n Future design work remains to allow root users outside of the initial\n user namespace to mount more than just /proc and /sys.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (38 commits)\n proc: Usable inode numbers for the namespace file descriptors.\n proc: Fix the namespace inode permission checks.\n proc: Generalize proc inode allocation\n userns: Allow unprivilged mounts of proc and sysfs\n userns: For /proc/self/{uid,gid}_map derive the lower userns from the struct file\n procfs: Print task uids and gids in the userns that opened the proc file\n userns: Implement unshare of the user namespace\n userns: Implent proc namespace operations\n userns: Kill task_user_ns\n userns: Make create_new_namespaces take a user_ns parameter\n userns: Allow unprivileged use of setns.\n userns: Allow unprivileged users to create new namespaces\n userns: Allow setting a userns mapping to your current uid.\n userns: Allow chown and setgid preservation\n userns: Allow unprivileged users to create user namespaces.\n userns: Ignore suid and sgid on binaries if the uid or gid can not be mapped\n userns: fix return value on mntns_install() failure\n vfs: Allow unprivileged manipulation of the mount namespace.\n vfs: Only support slave subtrees across different user namespaces\n vfs: Add a user namespace reference from struct mnt_namespace\n ...\n" }, { "commit": "2a74dbb9a86e8102dcd07d284135b4530a84826e", "tree": "a54403e312b6062dfb57bd904ba8b8ce3b11e720", "parents": [ "770b6cb4d21fb3e3df2a7a51e186a3c14db1ec30", "e93072374112db9dc86635934ee761249be28370" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"A quiet cycle for the security subsystem with just a few maintenance\n updates.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n Smack: create a sysfs mount point for smackfs\n Smack: use select not depends in Kconfig\n Yama: remove locking from delete path\n Yama: add RCU to drop read locking\n drivers/char/tpm: remove tasklet and cleanup\n KEYS: Use keyring_alloc() to create special keyrings\n KEYS: Reduce initial permissions on keys\n KEYS: Make the session and process keyrings per-thread\n seccomp: Make syscall skipping and nr changes more consistent\n key: Fix resource leak\n keys: Fix unreachable code\n KEYS: Add payload preparsing opportunity prior to key instantiate or update\n" }, { "commit": "9dd9ff99532d7a7f8222fd1f0d410d91c0f15ac5", "tree": "71a4981ece4592723cf6f0a37289e50a1028fbbf", "parents": [ "0d0863b02002c25140a1b9e113b81211bcc780e8" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Fri Dec 14 22:09:50 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 15 17:14:38 2012 -0800" }, "message": "bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "520d9eabce18edfef76a60b7b839d54facafe1f9", "tree": "69aed7689a6467f88aad8ea43790d5cf2f30ec7c", "parents": [ "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Dec 13 18:06:40 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 14 13:50:32 2012 -0800" }, "message": "Fix cap_capable to only allow owners in the parent user namespace to have caps.\n\nAndy Lutomirski pointed out that the current behavior of allowing the\nowner of a user namespace to have all caps when that owner is not in a\nparent user namespace is wrong. Add a test to ensure the owner of a user\nnamespace is in the parent of the user namespace to fix this bug.\n\nThankfully this bug did not apply to the initial user namespace, keeping\nthe mischief that can be caused by this bug quite small.\n\nThis is bug was introduced in v3.5 by commit 783291e6900\n\"Simplify the user_namespace by making userns-\u003ecreator a kuid.\"\nBut did not matter until the permisions required to create\na user namespace were relaxed allowing a user namespace to be created\ninside of a user namespace.\n\nThe bug made it possible for the owner of a user namespace to be\npresent in a child user namespace. Since the owner of a user nameapce\nis granted all capabilities it became possible for users in a\ngrandchild user namespace to have all privilges over their parent user\nnamspace.\n\nReorder the checks in cap_capable. This should make the common case\nfaster and make it clear that nothing magic happens in the initial\nuser namespace. The reordering is safe because cred-\u003euser_ns\ncan only be in targ_ns or targ_ns-\u003eparent but not both.\n\nAdd a comment a the top of the loop to make the logic of\nthe code clear.\n\nAdd a distinct variable ns that changes as we walk up\nthe user namespace hierarchy to make it clear which variable\nis changing.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e93072374112db9dc86635934ee761249be28370", "tree": "87abc5694cd43644e754f4a00a0b6a656eb5be19", "parents": [ "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 01 18:14:32 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:23 2012 -0800" }, "message": "Smack: create a sysfs mount point for smackfs\n\nThere are a number of \"conventions\" for where to put LSM filesystems.\nSmack adheres to none of them. Create a mount point at /sys/fs/smackfs\nfor mounting smackfs so that Smack can be conventional.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a", "tree": "8629b99d4166e0b5dd730a6e1a187e4b319e82f3", "parents": [ "3f0cc6ae86627de825d2371b6d61643f2ce58908" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Nov 02 11:28:11 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:10 2012 -0800" }, "message": "Smack: use select not depends in Kconfig\n\nThe components NETLABEL and SECURITY_NETWORK are required by\nSmack. Using \"depends\" in Kconfig hides the Smack option\nif the user hasn\u0027t figured out that they need to be enabled\nwhile using make menuconfig. Using select is a better choice.\nBecause select is not recursive depends on NET and SECURITY\nare added. The reflects similar usage in TOMOYO and AppArmor.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "fdf90729e57812cb12d7938e2dee7c71e875fb08", "tree": "0ec17c765406dedc37ac278823d50587d53d1525", "parents": [ "1625cee56f8e6193b5a0809a414dfa395bd9cf1e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Oct 16 12:40:08 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:26 2012 +1030" }, "message": "ima: support new kernel module syscall\n\nWith the addition of the new kernel module syscall, which defines two\narguments - a file descriptor to the kernel module and a pointer to a NULL\nterminated string of module arguments - it is now possible to measure and\nappraise kernel modules like any other file on the file system.\n\nThis patch adds support to measure and appraise kernel modules in an\nextensible and consistent manner.\n\nTo support filesystems without extended attribute support, additional\npatches could pass the signature as the first parameter.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "2e72d51b4ac32989496870cd8171b3682fea1839", "tree": "b8190d17aa5d59508f8c979ce0160f21bef89500", "parents": [ "2f3238aebedb243804f58d62d57244edec4149b2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Oct 16 07:32:07 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:24 2012 +1030" }, "message": "security: introduce kernel_module_from_file hook\n\nNow that kernel module origins can be reasoned about, provide a hook to\nthe LSMs to make policy decisions about the module file. This will let\nChrome OS enforce that loadable kernel modules can only come from its\nread-only hash-verified root filesystem. Other LSMs can, for example,\nread extended attributes for signatures, etc.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "a2013a13e68354e0c8f3696b69701803e13fb737", "tree": "a7e1da6bfad1aa2afd83f401874d606269ce90b4", "parents": [ "dadfab4873256d2145640c0ce468fcbfb48977fe", "106f9d9337f65bd428c0c79f650e3489e458d771" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\nPull trivial branch from Jiri Kosina:\n \"Usual stuff -- comment/printk typo fixes, documentation updates, dead\n code elimination.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)\n HOWTO: fix double words typo\n x86 mtrr: fix comment typo in mtrr_bp_init\n propagate name change to comments in kernel source\n doc: Update the name of profiling based on sysfs\n treewide: Fix typos in various drivers\n treewide: Fix typos in various Kconfig\n wireless: mwifiex: Fix typo in wireless/mwifiex driver\n messages: i2o: Fix typo in messages/i2o\n scripts/kernel-doc: check that non-void fcts describe their return value\n Kernel-doc: Convention: Use a \"Return\" section to describe return values\n radeon: Fix typo and copy/paste error in comments\n doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c\n various: Fix spelling of \"asynchronous\" in comments.\n Fix misspellings of \"whether\" in comments.\n eisa: Fix spelling of \"asynchronous\".\n various: Fix spelling of \"registered\" in comments.\n doc: fix quite a few typos within Documentation\n target: iscsi: fix comment typos in target/iscsi drivers\n treewide: fix typo of \"suport\" in various comments and Kconfig\n treewide: fix typo of \"suppport\" in various comments\n ...\n" }, { "commit": "6be35c700f742e911ecedd07fcc43d4439922334", "tree": "ca9f37214d204465fcc2d79c82efd291e357c53c", "parents": [ "e37aa63e87bd581f9be5555ed0ba83f5295c92fc", "520dfe3a3645257bf83660f672c47f8558f3d4c4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n1) Allow to dump, monitor, and change the bridge multicast database\n using netlink. From Cong Wang.\n\n2) RFC 5961 TCP blind data injection attack mitigation, from Eric\n Dumazet.\n\n3) Networking user namespace support from Eric W. Biederman.\n\n4) tuntap/virtio-net multiqueue support by Jason Wang.\n\n5) Support for checksum offload of encapsulated packets (basically,\n tunneled traffic can still be checksummed by HW). From Joseph\n Gasparakis.\n\n6) Allow BPF filter access to VLAN tags, from Eric Dumazet and\n Daniel Borkmann.\n\n7) Bridge port parameters over netlink and BPDU blocking support\n from Stephen Hemminger.\n\n8) Improve data access patterns during inet socket demux by rearranging\n socket layout, from Eric Dumazet.\n\n9) TIPC protocol updates and cleanups from Ying Xue, Paul Gortmaker, and\n Jon Maloy.\n\n10) Update TCP socket hash sizing to be more in line with current day\n realities. The existing heurstics were choosen a decade ago.\n From Eric Dumazet.\n\n11) Fix races, queue bloat, and excessive wakeups in ATM and\n associated drivers, from Krzysztof Mazur and David Woodhouse.\n\n12) Support DOVE (Distributed Overlay Virtual Ethernet) extensions\n in VXLAN driver, from David Stevens.\n\n13) Add \"oops_only\" mode to netconsole, from Amerigo Wang.\n\n14) Support set and query of VEB/VEPA bridge mode via PF_BRIDGE, also\n allow DCB netlink to work on namespaces other than the initial\n namespace. From John Fastabend.\n\n15) Support PTP in the Tigon3 driver, from Matt Carlson.\n\n16) tun/vhost zero copy fixes and improvements, plus turn it on\n by default, from Michael S. Tsirkin.\n\n17) Support per-association statistics in SCTP, from Michele\n Baldessari.\n\nAnd many, many, driver updates, cleanups, and improvements. Too\nnumerous to mention individually.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1722 commits)\n net/mlx4_en: Add support for destination MAC in steering rules\n net/mlx4_en: Use generic etherdevice.h functions.\n net: ethtool: Add destination MAC address to flow steering API\n bridge: add support of adding and deleting mdb entries\n bridge: notify mdb changes via netlink\n ndisc: Unexport ndisc_{build,send}_skb().\n uapi: add missing netconf.h to export list\n pkt_sched: avoid requeues if possible\n solos-pci: fix double-free of TX skb in DMA mode\n bnx2: Fix accidental reversions.\n bna: Driver Version Updated to 3.1.2.1\n bna: Firmware update\n bna: Add RX State\n bna: Rx Page Based Allocation\n bna: TX Intr Coalescing Fix\n bna: Tx and Rx Optimizations\n bna: Code Cleanup and Enhancements\n ath9k: check pdata variable before dereferencing it\n ath5k: RX timestamp is reported at end of frame\n ath9k_htc: RX timestamp is reported at end of frame\n ...\n" }, { "commit": "d206e09036d6201f90b2719484c8a59526c46125", "tree": "84b9057919bcb8cfd1cff47baa5fc74457e77d6d", "parents": [ "fef3ff2eb777e76cfa5ae67591982d902c17139c", "15ef4ffaa797034d5ff82844daf8f595d7c6d53c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "message": "Merge branch \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"A lot of activities on cgroup side. The big changes are focused on\n making cgroup hierarchy handling saner.\n\n - cgroup_rmdir() had peculiar semantics - it allowed cgroup\n destruction to be vetoed by individual controllers and tried to\n drain refcnt synchronously. The vetoing never worked properly and\n caused good deal of contortions in cgroup. memcg was the last\n reamining user. Michal Hocko removed the usage and cgroup_rmdir()\n path has been simplified significantly. This was done in a\n separate branch so that the memcg people can base further memcg\n changes on top.\n\n - The above allowed cleaning up cgroup lifecycle management and\n implementation of generic cgroup iterators which are used to\n improve hierarchy support.\n\n - cgroup_freezer updated to allow migration in and out of a frozen\n cgroup and handle hierarchy. If a cgroup is frozen, all descendant\n cgroups are frozen.\n\n - netcls_cgroup and netprio_cgroup updated to handle hierarchy\n properly.\n\n - Various fixes and cleanups.\n\n - Two merge commits. One to pull in memcg and rmdir cleanups (needed\n to build iterators). The other pulled in cgroup/for-3.7-fixes for\n device_cgroup fixes so that further device_cgroup patches can be\n stacked on top.\"\n\nFixed up a trivial conflict in mm/memcontrol.c as per Tejun (due to\ncommit bea8c150a7 (\"memcg: fix hotplugged memory zone oops\") in master\ntouching code close to commit 2ef37d3fe4 (\"memcg: Simplify\nmem_cgroup_force_empty_list error handling\") in for-3.8)\n\n* \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (65 commits)\n cgroup: update Documentation/cgroups/00-INDEX\n cgroup_rm_file: don\u0027t delete the uncreated files\n cgroup: remove subsystem files when remounting cgroup\n cgroup: use cgroup_addrm_files() in cgroup_clear_directory()\n cgroup: warn about broken hierarchies only after css_online\n cgroup: list_del_init() on removed events\n cgroup: fix lockdep warning for event_control\n cgroup: move list add after list head initilization\n netprio_cgroup: allow nesting and inherit config on cgroup creation\n netprio_cgroup: implement netprio[_set]_prio() helpers\n netprio_cgroup: use cgroup-\u003eid instead of cgroup_netprio_state-\u003eprioidx\n netprio_cgroup: reimplement priomap expansion\n netprio_cgroup: shorten variable names in extend_netdev_table()\n netprio_cgroup: simplify write_priomap()\n netcls_cgroup: move config inheritance to -\u003ecss_online() and remove .broken_hierarchy marking\n cgroup: remove obsolete guarantee from cgroup_task_migrate.\n cgroup: add cgroup-\u003eid\n cgroup, cpuset: remove cgroup_subsys-\u003epost_clone()\n cgroup: s/CGRP_CLONE_CHILDREN/CGRP_CPUSET_CLONE_CHILDREN/\n cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n ...\n" }, { "commit": "6e73d71d8485607c692302d2058894588e3a387f", "tree": "ef660acbe7b5076beca493af6fe351ed17404fa0", "parents": [ "7c77ab24e30bad7598b5cfda93be6f32ed439c2f" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 18:59:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 10 14:09:01 2012 -0500" }, "message": "rtnetlink: add missing message types to selinux perm table\n\nRebased on the latest net-next tree.\n\nRTM_NEWNETCONF and RTM_GETNETCONF are missing in this table.\n\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ee07c6e7a6f8a25c18f0a6b18152fbd7499245f6", "tree": "055d61934deeedf93eefbde3106f6a751c35d932", "parents": [ "5d248c491b38d4f1b2a0bd7721241d68cd0b3067" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 00:04:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 07 14:32:52 2012 -0500" }, "message": "bridge: export multicast database via netlink\n\nV5: fix two bugs pointed out by Thomas\n remove seq check for now, mark it as TODO\n\nV4: remove some useless #include\n some coding style fix\n\nV3: drop debugging printk\u0027s\n update selinux perm table as well\n\nV2: drop patch 1/2, export ifindex directly\n Redesign netlink attributes\n Improve netlink seq check\n Handle IPv6 addr as well\n\nThis patch exports bridge multicast database via netlink\nmessage type RTM_GETMDB. Similar to fdb, but currently bridge-specific.\nWe may need to support modify multicast database too (RTM_{ADD,DEL}MDB).\n\n(Thanks to Thomas for patient reviews)\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Jesper Dangaard Brouer \u003cbrouer@redhat.com\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88a693b5c1287be4da937699cb82068ce9db0135", "tree": "a18c1d6ee8e7792a3fb6741361b8fb84d16636af", "parents": [ "99b6e1e7233073a23a20824db8c5260a723ed192" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Thu Nov 08 16:09:27 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Nov 21 21:55:32 2012 +1100" }, "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0: (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "235e752789eb65a81477bb82845323dfcbf93012", "tree": "c4efa5eff81c01029ab884c0d43af16bb91b44b4", "parents": [ "93b69d437effff11b1c37f330d3265c37ec2f84b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Nov 19 15:21:26 2012 -0800" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:08 2012 -0800" }, "message": "Yama: remove locking from delete path\n\nInstead of locking the list during a delete, mark entries as invalid\nand trigger a workqueue to clean them up. This lets us easily handle\ntask_free from interrupt context.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\n" }, { "commit": "93b69d437effff11b1c37f330d3265c37ec2f84b", "tree": "59473ffd3079719ebdff415fef688ee29f1f5eb8", "parents": [ "b5666502700855a1eb1a15482005b22478b9460e" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Oct 18 14:53:58 2012 -0700" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:07 2012 -0800" }, "message": "Yama: add RCU to drop read locking\n\nStop using spinlocks in the read path. Add RCU list to handle the readers.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReviewed-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4c44aaafa8108f584831850ab48a975e971db2de", "tree": "c86f225e8256d28271acf3ea8926e70358f3e5c1", "parents": [ "bcf58e725ddc45d31addbc6627d4f0edccc824c1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Jul 26 05:05:21 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Nov 20 04:17:44 2012 -0800" }, "message": "userns: Kill task_user_ns\n\nThe task_user_ns function hides the fact that it is getting the user\nnamespace from struct cred on the task. struct cred may go away as\nsoon as the rcu lock is released. This leads to a race where we\ncan dereference a stale user namespace pointer.\n\nTo make it obvious a struct cred is involved kill task_user_ns.\n\nTo kill the race modify the users of task_user_ns to only\nreference the user namespace while the rcu lock is held.\n\nCc: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "92fb97487a7e41b222c1417cabd1d1ab7cc3a48c", "tree": "c220c622b9ac9b16535535d448e9cd29be72c77e", "parents": [ "b1929db42f8a649d9a9e397119f628c27fd4021f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "message": "cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n\nRename cgroup_subsys css lifetime related callbacks to better describe\nwhat their roles are. Also, update documentation.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "4b1c7840b7d01b14a1a00fa0e61b761d4391ba67", "tree": "1e93e0a8a0bb6fb2f5934a58a6eb32b3077b18b8", "parents": [ "5b805f2a7675634fbdf9ac1c9b2256905ab2ea68" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:16:53 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:28:04 2012 -0800" }, "message": "device_cgroup: add lockdep asserts\n\ndevice_cgroup uses RCU safe -\u003eexceptions list which is write-protected\nby devcgroup_mutex and has had some issues using locking correctly.\nAdd lockdep asserts to utility functions so that future errors can be\neasily detected.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "201e72acb2d3821e2de9ce6091e98859c316b29a", "tree": "01e47038346474d659714151b8209673c11f330a", "parents": [ "64e104771351d365e51e588a0e9a656ae6ed2f50" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:17:37 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:25:51 2012 -0800" }, "message": "device_cgroup: fix RCU usage\n\ndev_cgroup-\u003eexceptions is protected with devcgroup_mutex for writes\nand RCU for reads; however, RCU usage isn\u0027t correct.\n\n* dev_exception_clean() doesn\u0027t use RCU variant of list_del() and\n kfree(). The function can race with may_access() and may_access()\n may end up dereferencing already freed memory. Use list_del_rcu()\n and kfree_rcu() instead.\n\n* may_access() may be called only with RCU read locked but doesn\u0027t use\n RCU safe traversal over -\u003eexceptions. Use list_for_each_entry_rcu().\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: stable@vger.kernel.org\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "64e104771351d365e51e588a0e9a656ae6ed2f50", "tree": "e5078e0ba32729735846aa465c1f53f5d98c11ac", "parents": [ "3d70f8c617a436c7146ecb81df2265b4626dfe89" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Tue Nov 06 07:25:04 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 07:25:20 2012 -0800" }, "message": "device_cgroup: fix unchecked cgroup parent usage\n\nIn 4cef7299b478687 (\"device_cgroup: add proper checking when changing\ndefault behavior\") the cgroup parent usage is unchecked. root will not\nhave a parent and trying to use device.{allow,deny} will cause problems.\nFor some reason my stressing scripts didn\u0027t test the root directory so I\ndidn\u0027t catch it on my regular tests.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "3bd7bf1f0fe14f591c089ae61bbfa9bd356f178a", "tree": "0058693cc9e70b7461dae551f8a19aff2efd13ca", "parents": [ "f16f84937d769c893492160b1a8c3672e3992beb", "e657e078d3dfa9f96976db7a2b5fd7d7c9f1f1a6" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:28:52 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:29:19 2012 +0100" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nSync up with Linus\u0027 tree to be able to apply Cesar\u0027s patch\nagainst newer version of the code.\n\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "4cef7299b4786879a3e113e84084a72b24590c5b", "tree": "31efb5e00be1c1e5cc266046c783c7569e495ede", "parents": [ "26fd8405dd470cb8b54cb96859b7dd437e5e1391" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:45 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: add proper checking when changing default behavior\n\nBefore changing a group\u0027s default behavior to ALLOW, we must check if\nits parent\u0027s behavior is also ALLOW.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "26fd8405dd470cb8b54cb96859b7dd437e5e1391", "tree": "c4d77df24842b0d980ccd10e09b00c6230db3176", "parents": [ "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: stop using simple_strtoul()\n\nConvert the code to use kstrtou32() instead of simple_strtoul() which is\ndeprecated. The real size of the variables are u32, so use kstrtou32\ninstead of kstrtoul\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f", "tree": "404da02312a547f3ff66003fe4002a4b4ff14dcb", "parents": [ "8c9506d16925f1b1314d93af383ca3134eb534d8" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:38 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: rename deny_all to behavior\n\nThis was done in a v2 patch but v1 ended up being committed. The\nvariable name is less confusing and stores the default behavior when no\nmatching exception exists.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8c9506d16925f1b1314d93af383ca3134eb534d8", "tree": "e14dbc5816b375463b8d37eda0f79bcd0ea96a3b", "parents": [ "ef5d437f71afdf4afdbab99213add99f4b1318fd" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Thu Oct 25 13:37:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "cgroup: fix invalid rcu dereference\n\nCommit ad676077a2ae (\"device_cgroup: convert device_cgroup internally to\npolicy + exceptions\") removed rcu locks which are needed in\ntask_devcgroup called in this chain:\n\n devcgroup_inode_mknod OR __devcgroup_inode_permission -\u003e\n __devcgroup_inode_permission -\u003e\n task_devcgroup -\u003e\n task_subsys_state -\u003e\n task_subsys_state_check.\n\nChange the code so that task_devcgroup is safely called with rcu read\nlock held.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.6.0-rc5-next-20120913+ #42 Not tainted\n -------------------------------\n include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by kdevtmpfs/23:\n #0: (sb_writers){.+.+.+}, at: [\u003cffffffff8116873f\u003e]\n mnt_want_write+0x1f/0x50\n #1: (\u0026sb-\u003es_type-\u003ei_mutex_key#3/1){+.+.+.}, at: [\u003cffffffff811558af\u003e]\n kern_path_create+0x7f/0x170\n\n stack backtrace:\n Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42\n Call Trace:\n lockdep_rcu_suspicious+0xfd/0x130\n devcgroup_inode_mknod+0x19d/0x240\n vfs_mknod+0x71/0xf0\n handle_create.isra.2+0x72/0x200\n devtmpfsd+0x114/0x140\n ? handle_create.isra.2+0x200/0x200\n kthread+0xd6/0xe0\n kernel_thread_helper+0x4/0x10\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b010520ab3d2c05eb444ed5e01fe6c33842f597a", "tree": "cf958deb54615a8ff5432bdbf3b70da2a76b9508", "parents": [ "6f7c962c0b8efc78aec4c5514865fb5be83f4d92" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Oct 25 15:23:35 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Thu Oct 25 18:00:27 2012 +0200" }, "message": "keys: Fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "2e680dd61e80592385338bfbeb86833d1c60546c", "tree": "a62b80465dd15a7fddb34367ccb7c94e47951dc5", "parents": [ "0e9e3e306c7e472bdcffa34c4c4584301eda03b3" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 24 06:27:32 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Oct 25 02:12:50 2012 +1100" }, "message": "apparmor: fix IRQ stack overflow during free_profile\n\nBugLink: http://bugs.launchpad.net/bugs/1056078\n\nProfile replacement can cause long chains of profiles to build up when\nthe profile being replaced is pinned. When the pinned profile is finally\nfreed, it puts the reference to its replacement, which may in turn nest\nanother call to free_profile on the stack. Because this may happen for\neach profile in the replacedby chain this can result in a recusion that\ncauses the stack to overflow.\n\nBreak this nesting by directly walking the chain of replacedby profiles\n(ie. use iteration instead of recursion to free the list). This results\nin at most 2 levels of free_profile being called, while freeing a\nreplacedby chain.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "43c422eda99b894f18d1cca17bcd2401efaf7bd0", "tree": "2de386d66b58edaace714ecf0364e47fcad38f7e", "parents": [ "985c9e615a605041d728c08b83d3dda19ae7def8" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 17 13:29:33 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Oct 17 16:29:46 2012 -0700" }, "message": "apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40\n\nThe capability defines have moved causing the auto generated names\nof capabilities that apparmor uses in logging to be incorrect.\n\nFix the autogenerated table source to uapi/linux/capability.h\n\nReported-by: YanHong \u003cclouds.yan@gmail.com\u003e\nReported-by: Krzysztof Kolasa \u003ckkolasa@winsoft.pl\u003e\nAnalyzed-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45525b26a46cd593cb72070304c4cd7c8391bd37", "tree": "9064f045ef433e4d74d281daa995ee3c082e806e", "parents": [ "dd8e8c4a2c902d8350b702e7bc7c2799e5e7e331" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:30:07 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:36:50 2012 -0400" }, "message": "fix a leak in replace_fd() users\n\nreplace_fd() began with \"eats a reference, tries to insert into\ndescriptor table\" semantics; at some point I\u0027d switched it to\nmuch saner current behaviour (\"try to insert into descriptor\ntable, grabbing a new reference if inserted; caller should do\nfput() in any case\"), but forgot to update the callers.\nMea culpa...\n\n[Spotted by Pavel Roskin, who has really weird system with pipe-fed\ncoredumps as part of what he considers a normal boot ;-)]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d", "tree": "f414482d768b015a609924293b779b4ad0b8f764", "parents": [ "b6eea87fc6850d3531a64a27d2323a4498cd4e43", "dbadc17683e6c673a69b236c0f041b931cc55c42" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "message": "Merge branch \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module signing support from Rusty Russell:\n \"module signing is the highlight, but it\u0027s an all-over David Howells frenzy...\"\n\nHmm \"Magrathea: Glacier signing key\". Somebody has been reading too much HHGTTG.\n\n* \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)\n X.509: Fix indefinite length element skip error handling\n X.509: Convert some printk calls to pr_devel\n asymmetric keys: fix printk format warning\n MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking\n MODSIGN: Make mrproper should remove generated files.\n MODSIGN: Use utf8 strings in signer\u0027s name in autogenerated X.509 certs\n MODSIGN: Use the same digest for the autogen key sig as for the module sig\n MODSIGN: Sign modules during the build process\n MODSIGN: Provide a script for generating a key ID from an X.509 cert\n MODSIGN: Implement module signature checking\n MODSIGN: Provide module signing public keys to the kernel\n MODSIGN: Automatically generate module signing keys if missing\n MODSIGN: Provide Kconfig options\n MODSIGN: Provide gitignore and make clean rules for extra files\n MODSIGN: Add FIPS policy\n module: signature checking hook\n X.509: Add a crypto key parser for binary (DER) X.509 certificates\n MPILIB: Provide a function to read raw data into an MPI\n X.509: Add an ASN.1 decoder\n X.509: Add simple ASN.1 grammar compiler\n ...\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9e2d8656f5e8aa214e66b462680cf86b210b74a8", "tree": "f67d62e896cedf75599ea45f9ecf9999c6ad24cd", "parents": [ "1ea4f4f8405cc1ceec23f2d261bc3775785e6712", "9e695d2ecc8451cc2c1603d60b5c8e7f5581923a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "message": "Merge branch \u0027akpm\u0027 (Andrew\u0027s patch-bomb)\n\nMerge patches from Andrew Morton:\n \"A few misc things and very nearly all of the MM tree. A tremendous\n amount of stuff (again), including a significant rbtree library\n rework.\"\n\n* emailed patches from Andrew Morton \u003cakpm@linux-foundation.org\u003e: (160 commits)\n sparc64: Support transparent huge pages.\n mm: thp: Use more portable PMD clearing sequenece in zap_huge_pmd().\n mm: Add and use update_mmu_cache_pmd() in transparent huge page code.\n sparc64: Document PGD and PMD layout.\n sparc64: Eliminate PTE table memory wastage.\n sparc64: Halve the size of PTE tables\n sparc64: Only support 4MB huge pages and 8KB base pages.\n memory-hotplug: suppress \"Trying to free nonexistent resource \u003cXXXXXXXXXXXXXXXX-YYYYYYYYYYYYYYYY\u003e\" warning\n mm: memcg: clean up mm_match_cgroup() signature\n mm: document PageHuge somewhat\n mm: use %pK for /proc/vmallocinfo\n mm, thp: fix mlock statistics\n mm, thp: fix mapped pages avoiding unevictable list on mlock\n memory-hotplug: update memory block\u0027s state and notify userspace\n memory-hotplug: preparation to notify memory block\u0027s state at memory hot remove\n mm: avoid section mismatch warning for memblock_type_name\n make GFP_NOTRACK definition unconditional\n cma: decrease cc.nr_migratepages after reclaiming pagelist\n CMA: migrate mlocked pages\n kpageflags: fix wrong KPF_THP on non-huge compound pages\n ...\n" }, { "commit": "314e51b9851b4f4e8ab302243ff5a6fc6147f379", "tree": "f757b89206355fd129830782566768693eed23ce", "parents": [ "0103bd16fb90bc741c7a03fd1ea4e8a505abad23" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:29:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:19 2012 +0900" }, "message": "mm: kill vma flag VM_RESERVED and mm-\u003ereserved_vm counter\n\nA long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,\ncurrently it lost original meaning but still has some effects:\n\n | effect | alternative flags\n-+------------------------+---------------------------------------------\n1| account as reserved_vm | VM_IO\n2| skip in core dump | VM_IO, VM_DONTDUMP\n3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n\nThis patch removes reserved_vm counter from mm_struct. Seems like nobody\ncares about it, it does not exported into userspace directly, it only\nreduces total_vm showed in proc.\n\nThus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.\n\nremap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.\nremap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.\n\n[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2dd8ad81e31d0d36a5d448329c646ab43eb17788", "tree": "cd358be45ed8067673edac7f1db6b6a42a96d9db", "parents": [ "0b173bc4daa8f8ec03a85abf5e47b23502ff80af" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:28:51 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:18 2012 +0900" }, "message": "mm: use mm-\u003eexe_file instead of first VM_EXECUTABLE vma-\u003evm_file\n\nSome security modules and oprofile still uses VM_EXECUTABLE for retrieving\na task\u0027s executable file. After this patch they will use mm-\u003eexe_file\ndirectly. mm-\u003eexe_file is protected with mm-\u003emmap_sem, so locking stays\nthe same.\n\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nAcked-by: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\t\t\t[arch/tile]\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\t[tomoyo]\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50e0d10232db05c6776afcf6098459bff47e8b15", "tree": "0e89971de6d960c8946cc9351d73b297347a0260", "parents": [ "8711798772641b2f593beebebcab5b1ec2309f0c", "c37d6154c0b9163c27e53cc1d0be3867b4abd760" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "message": "Merge tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic\n\nPull asm-generic updates from Arnd Bergmann:\n \"This has three changes for asm-generic that did not really fit into\n any other branch as normal asm-generic changes do. One is a fix for a\n build warning, the other two are more interesting:\n\n * A patch from Mark Brown to allow using the common clock\n infrastructure on all architectures, so we can use the clock API in\n architecture independent device drivers.\n\n * The UAPI split patches from David Howells for the asm-generic\n files. There are other architecture specific series that are going\n through the arch maintainer tree and that depend on this one.\n\n There may be a few small merge conflicts between Mark\u0027s patch and the\n following arch header file split patches. In each case the solution\n will be to keep the new \"generic-y +\u003d clkdev.h\" line, even if it ends\n up being the only line in the Kbuild file.\"\n\n* tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:\n UAPI: (Scripted) Disintegrate include/asm-generic\n asm-generic: Add default clkdev.h\n asm-generic: xor: mark static functions as __maybe_unused\n" }, { "commit": "cf7f601c067994f371ba77721d1e45fce61a4569", "tree": "4ff5a12ae84cf47a9815c3e3979341a66360cb31", "parents": [ "9bb9c3be56834653878f766f471fa1c20e562f4c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:49:48 2012 +1030" }, "message": "KEYS: Add payload preparsing opportunity prior to key instantiate or update\n\nGive the key type the opportunity to preparse the payload prior to the\ninstantiation and update routines being called. This is done with the\nprovision of two new key type operations:\n\n\tint (*preparse)(struct key_preparsed_payload *prep);\n\tvoid (*free_preparse)(struct key_preparsed_payload *prep);\n\nIf the first operation is present, then it is called before key creation (in\nthe add/update case) or before the key semaphore is taken (in the update and\ninstantiate cases). The second operation is called to clean up if the first\nwas called.\n\npreparse() is given the opportunity to fill in the following structure:\n\n\tstruct key_preparsed_payload {\n\t\tchar\t\t*description;\n\t\tvoid\t\t*type_data[2];\n\t\tvoid\t\t*payload;\n\t\tconst void\t*data;\n\t\tsize_t\t\tdatalen;\n\t\tsize_t\t\tquotalen;\n\t};\n\nBefore the preparser is called, the first three fields will have been cleared,\nthe payload pointer and size will be stored in data and datalen and the default\nquota size from the key_type struct will be stored into quotalen.\n\nThe preparser may parse the payload in any way it likes and may store data in\nthe type_data[] and payload fields for use by the instantiate() and update()\nops.\n\nThe preparser may also propose a description for the key by attaching it as a\nstring to the description field. This can be used by passing a NULL or \"\"\ndescription to the add_key() system call or the key_create_or_update()\nfunction. This cannot work with request_key() as that required the description\nto tell the upcall about the key to be created.\n\nThis, for example permits keys that store PGP public keys to generate their own\nname from the user ID and public key fingerprint in the key.\n\nThe instantiate() and update() operations are then modified to look like this:\n\n\tint (*instantiate)(struct key *key, struct key_preparsed_payload *prep);\n\tint (*update)(struct key *key, struct key_preparsed_payload *prep);\n\nand the new payload data is passed in *prep, whether or not it was preparsed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "638c87a91666df1f16866badee862ce38bf31e4a", "tree": "67be4d125ad6abe2eeee00eab12e0fc8f03fa099", "parents": [ "7cb9cf0224efd6d41b2bdd9bfb412b42aa4281f8", "d26e1936227b538a1691b978566ef269aef10853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull IMA bugfix (security subsystem) from James Morris.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n ima: fix bug in argument order\n" }, { "commit": "db9aeca97a58563e1ab927d157c9b5048f233e73", "tree": "6569621429efe0e6cc0529b78c50939913f0bd35", "parents": [ "ad676077a2ae4af4bb6627486ce19ccce04f1efe" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:20 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: rename whitelist to exception list\n\nThis patch replaces the \"whitelist\" usage in the code and comments and replace\nthem by exception list related information.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad676077a2ae4af4bb6627486ce19ccce04f1efe", "tree": "638e05256abe3b04f6acdbecf630b003143649c4", "parents": [ "868539a3b671e0f736ddd11b67bf1dc3d8a5a921" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:17 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: convert device_cgroup internally to policy + exceptions\n\nThe original model of device_cgroup is having a whitelist where all the\nallowed devices are listed. The problem with this approach is that is\nimpossible to have the case of allowing everything but few devices.\n\nThe reason for that lies in the way the whitelist is handled internally:\nsince there\u0027s only a whitelist, the \"all devices\" entry would have to be\nremoved and replaced by the entire list of possible devices but the ones\nthat are being denied. Since dev_t is 32 bits long, representing the allowed\ndevices as a bitfield is not memory efficient.\n\nThis patch replaces the \"whitelist\" by a \"exceptions\" list and the default\npolicy is kept as \"deny_all\" variable in dev_cgroup structure.\n\nThe current interface determines that whenever \"a\" is written to devices.allow\nor devices.deny, the entry masking all devices will be added or removed,\nrespectively. This behavior is kept and it\u0027s what will determine the default\npolicy:\n\n\t# cat devices.list\n\ta *:* rwm\n\t# echo a \u003edevices.deny\n\t# cat devices.list\n\t# echo a \u003edevices.allow\n\t# cat devices.list\n\ta *:* rwm\n\nThe interface is also preserved. For example, if one wants to block only access\nto /dev/null:\n\t# ls -l /dev/null\n\tcrw-rw-rw- 1 root root 1, 3 Jul 24 16:17 /dev/null\n\t# echo a \u003edevices.allow\n\t# echo \"c 1:3 rwm\" \u003edevices.deny\n\t# cat /dev/null\n\tcat: /dev/null: Operation not permitted\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 r\" \u003edevices.allow\n\t# cat /dev/null\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rw\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rwm\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\t#\n\nNote that I didn\u0027t rename the functions/variables in this patch, but in the\nnext one to make reviewing easier.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "868539a3b671e0f736ddd11b67bf1dc3d8a5a921", "tree": "2c2c10e2983c40ffad02fb01d55fad6f4a6b3175", "parents": [ "66b8ef67756b3051bf42a077a82c3c5c279caa5b" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:15 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: introduce dev_whitelist_clean()\n\nThis function cleans all the items in a whitelist and will be used by the next\npatches.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "66b8ef67756b3051bf42a077a82c3c5c279caa5b", "tree": "60527442334744981f0766dae6f46bf7ae9b4d4f", "parents": [ "12ae6779332181432a7feda740735ffa5bb3d32d" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:13 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:13 2012 +0900" }, "message": "device_cgroup: add \"deny_all\" in dev_cgroup structure\n\ndeny_all will determine if the default policy is to deny all device access\nunless for the ones in the exception list.\n\nThis variable will be used in the next patches to convert device_cgroup\ninternally into a default policy + rules.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d26e1936227b538a1691b978566ef269aef10853", "tree": "c1b803d6177f6c39932a159c7bdb2c557497e16f", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 18:26:53 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Oct 05 22:32:16 2012 +1000" }, "message": "ima: fix bug in argument order\n\nmask argument goes first, then func, like ima_must_measure\nand ima_get_action. ima_inode_post_setattr() assumes that.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498", "tree": "42ef93e164b8b2a01adab30db4b33f370f4280d7", "parents": [ "f3dfd599af993385b40fc7a1c947afc12729bc4d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "message": "UAPI: (Scripted) Disintegrate include/asm-generic\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nAcked-by: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Dave Jones \u003cdavej@redhat.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "aab174f0df5d72d31caccf281af5f614fa254578", "tree": "2a172c5009c4ac8755e858593154c258ce7709a0", "parents": [ "ca41cc96b2813221b05af57d0355157924de5a07", "2bd2c1941f141ad780135ccc1cd08ca71a24f10a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs update from Al Viro:\n\n - big one - consolidation of descriptor-related logics; almost all of\n that is moved to fs/file.c\n\n (BTW, I\u0027m seriously tempted to rename the result to fd.c. As it is,\n we have a situation when file_table.c is about handling of struct\n file and file.c is about handling of descriptor tables; the reasons\n are historical - file_table.c used to be about a static array of\n struct file we used to have way back).\n\n A lot of stray ends got cleaned up and converted to saner primitives,\n disgusting mess in android/binder.c is still disgusting, but at least\n doesn\u0027t poke so much in descriptor table guts anymore. A bunch of\n relatively minor races got fixed in process, plus an ext4 struct file\n leak.\n\n - related thing - fget_light() partially unuglified; see fdget() in\n there (and yes, it generates the code as good as we used to have).\n\n - also related - bits of Cyrill\u0027s procfs stuff that got entangled into\n that work; _not_ all of it, just the initial move to fs/proc/fd.c and\n switch of fdinfo to seq_file.\n\n - Alex\u0027s fs/coredump.c spiltoff - the same story, had been easier to\n take that commit than mess with conflicts. The rest is a separate\n pile, this was just a mechanical code movement.\n\n - a few misc patches all over the place. Not all for this cycle,\n there\u0027ll be more (and quite a few currently sit in akpm\u0027s tree).\"\n\nFix up trivial conflicts in the android binder driver, and some fairly\nsimple conflicts due to two different changes to the sock_alloc_file()\ninterface (\"take descriptor handling from sock_alloc_file() to callers\"\nvs \"net: Providing protocol type via system.sockprotoname xattr of\n/proc/PID/fd entries\" adding a dentry name to the socket)\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)\n MAX_LFS_FILESIZE should be a loff_t\n compat: fs: Generic compat_sys_sendfile implementation\n fs: push rcu_barrier() from deactivate_locked_super() to filesystems\n btrfs: reada_extent doesn\u0027t need kref for refcount\n coredump: move core dump functionality into its own file\n coredump: prevent double-free on an error path in core dumper\n usb/gadget: fix misannotations\n fcntl: fix misannotations\n ceph: don\u0027t abuse d_delete() on failure exits\n hypfs: -\u003ed_parent is never NULL or negative\n vfs: delete surplus inode NULL check\n switch simple cases of fget_light to fdget\n new helpers: fdget()/fdput()\n switch o2hb_region_dev_write() to fget_light()\n proc_map_files_readdir(): don\u0027t bother with grabbing files\n make get_file() return its argument\n vhost_set_vring(): turn pollstart/pollstop into bool\n switch prctl_set_mm_exe_file() to fget_light()\n switch xfs_find_handle() to fget_light()\n switch xfs_swapext() to fget_light()\n ...\n" } ], "next": "aecdc33e111b2c447b622e287c6003726daa1426" }