)]}' { "log": [ { "commit": "e67eab39bee26f509d38d00ca1a8f24b63f46a31", "tree": "252072ae63bd5ecb8186242ace12e7df3a1311ad", "parents": [ "a68c2f12b4b28994aaf622bbe5724b7258cc2fcf" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Dec 20 15:05:54 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 20 17:40:21 2012 -0800" }, "message": "keys: fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9eb127cc04c4005c8c0708ce92146d91da862b42", "tree": "bebab2c136110edf32d6cf32f898871df9fbb0e6", "parents": [ "e32795503de02da4e7e74a5e039cc268f6a0ecfb", "152a2a8b5e1d4cbe91a7c66f1028db15164a3766" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 20:29:15 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nPull networking fixes from David Miller:\n\n 1) Really fix tuntap SKB use after free bug, from Eric Dumazet.\n\n 2) Adjust SKB data pointer to point past the transport header before\n calling icmpv6_notify() so that the headers are in the state which\n that function expects. From Duan Jiong.\n\n 3) Fix ambiguities in the new tuntap multi-queue APIs. From Jason\n Wang.\n\n 4) mISDN needs to use del_timer_sync(), from Konstantin Khlebnikov.\n\n 5) Don\u0027t destroy mutex after freeing up device private in mac802154,\n fix also from Konstantin Khlebnikov.\n\n 6) Fix INET request socket leak in TCP and DCCP, from Christoph Paasch.\n\n 7) SCTP HMAC kconfig rework, from Neil Horman.\n\n 8) Fix SCTP jprobes function signature, otherwise things explode, from\n Daniel Borkmann.\n\n 9) Fix typo in ipv6-offload Makefile variable reference, from Simon\n Arlott.\n\n10) Don\u0027t fail USBNET open just because remote wakeup isn\u0027t supported,\n from Oliver Neukum.\n\n11) be2net driver bug fixes from Sathya Perla.\n\n12) SOLOS PCI ATM driver bug fixes from Nathan Williams and David\n Woodhouse.\n\n13) Fix MTU changing regression in 8139cp driver, from John Greene.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)\n solos-pci: ensure all TX packets are aligned to 4 bytes\n solos-pci: add firmware upgrade support for new models\n solos-pci: remove superfluous debug output\n solos-pci: add GPIO support for newer versions on Geos board\n 8139cp: Prevent dev_close/cp_interrupt race on MTU change\n net: qmi_wwan: add ZTE MF880\n drivers/net: Use of_match_ptr() macro in smsc911x.c\n drivers/net: Use of_match_ptr() macro in smc91x.c\n ipv6: addrconf.c: remove unnecessary \"if\"\n bridge: Correctly encode addresses when dumping mdb entries\n bridge: Do not unregister all PF_BRIDGE rtnl operations\n use generic usbnet_manage_power()\n usbnet: generic manage_power()\n usbnet: handle PM failure gracefully\n ksz884x: fix receive polling race condition\n qlcnic: update driver version\n qlcnic: fix unused variable warnings\n net: fec: forbid FEC_PTP on SoCs that do not support\n be2net: fix wrong frag_idx reported by RX CQ\n be2net: fix be_close() to ensure all events are ack\u0027ed\n ...\n" }, { "commit": "7a684c452e2589f3ddd7e2d466b4f747d3715ad9", "tree": "fed803e7450770993575b37807ba2195eafd5b0e", "parents": [ "7f2de8171ddf28fdb2ca7f9a683ee1207849f718", "e10e1774efbdaec54698454200619a03a01e1d64" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 19 07:55:08 2012 -0800" }, "message": "Merge tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module update from Rusty Russell:\n \"Nothing all that exciting; a new module-from-fd syscall for those who\n want to verify the source of the module (ChromeOS) and/or use standard\n IMA on it or other security hooks.\"\n\n* tag \u0027modules-next-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:\n MODSIGN: Fix kbuild output when using default extra_certificates\n MODSIGN: Avoid using .incbin in C source\n modules: don\u0027t hand 0 to vmalloc.\n module: Remove a extra null character at the top of module-\u003estrtab.\n ASN.1: Use the ASN1_LONG_TAG and ASN1_INDEFINITE_LENGTH constants\n ASN.1: Define indefinite length marker constant\n moduleparam: use __UNIQUE_ID()\n __UNIQUE_ID()\n MODSIGN: Add modules_sign make target\n powerpc: add finit_module syscall.\n ima: support new kernel module syscall\n add finit_module syscall to asm-generic\n ARM: add finit_module syscall to ARM\n security: introduce kernel_module_from_file hook\n module: add flags arg to sys_finit_module()\n module: add syscall to load module from fd\n" }, { "commit": "a2faf2fc534f57ba26bc4d613795236ed4f5fb1c", "tree": "d75c4daadb469c8f08c498532fbf1fff68879e69", "parents": [ "4351654e3ddf86a04966163dce4def586303e5cc", "5155040ed349950e16c093ba8e65ad534994df2a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Dec 18 10:55:28 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull (again) user namespace infrastructure changes from Eric Biederman:\n \"Those bugs, those darn embarrasing bugs just want don\u0027t want to get\n fixed.\n\n Linus I just updated my mirror of your kernel.org tree and it appears\n you successfully pulled everything except the last 4 commits that fix\n those embarrasing bugs.\n\n When you get a chance can you please repull my branch\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:\n userns: Fix typo in description of the limitation of userns_install\n userns: Add a more complete capability subset test to commit_creds\n userns: Require CAP_SYS_ADMIN for most uses of setns.\n Fix cap_capable to only allow owners in the parent user namespace to have caps.\n" }, { "commit": "6a2b60b17b3e48a418695a94bd2420f6ab32e519", "tree": "54b7792fa68b8890f710fa6398b6ba8626a039a8", "parents": [ "9228ff90387e276ad67b10c0eb525c9d6a57d5e9", "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Dec 17 15:44:47 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"While small this set of changes is very significant with respect to\n containers in general and user namespaces in particular. The user\n space interface is now complete.\n\n This set of changes adds support for unprivileged users to create user\n namespaces and as a user namespace root to create other namespaces.\n The tyranny of supporting suid root preventing unprivileged users from\n using cool new kernel features is broken.\n\n This set of changes completes the work on setns, adding support for\n the pid, user, mount namespaces.\n\n This set of changes includes a bunch of basic pid namespace\n cleanups/simplifications. Of particular significance is the rework of\n the pid namespace cleanup so it no longer requires sending out\n tendrils into all kinds of unexpected cleanup paths for operation. At\n least one case of broken error handling is fixed by this cleanup.\n\n The files under /proc/\u003cpid\u003e/ns/ have been converted from regular files\n to magic symlinks which prevents incorrect caching by the VFS,\n ensuring the files always refer to the namespace the process is\n currently using and ensuring that the ptrace_mayaccess permission\n checks are always applied.\n\n The files under /proc/\u003cpid\u003e/ns/ have been given stable inode numbers\n so it is now possible to see if different processes share the same\n namespaces.\n\n Through the David Miller\u0027s net tree are changes to relax many of the\n permission checks in the networking stack to allowing the user\n namespace root to usefully use the networking stack. Similar changes\n for the mount namespace and the pid namespace are coming through my\n tree.\n\n Two small changes to add user namespace support were commited here adn\n in David Miller\u0027s -net tree so that I could complete the work on the\n /proc/\u003cpid\u003e/ns/ files in this tree.\n\n Work remains to make it safe to build user namespaces and 9p, afs,\n ceph, cifs, coda, gfs2, ncpfs, nfs, nfsd, ocfs2, and xfs so the\n Kconfig guard remains in place preventing that user namespaces from\n being built when any of those filesystems are enabled.\n\n Future design work remains to allow root users outside of the initial\n user namespace to mount more than just /proc and /sys.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (38 commits)\n proc: Usable inode numbers for the namespace file descriptors.\n proc: Fix the namespace inode permission checks.\n proc: Generalize proc inode allocation\n userns: Allow unprivilged mounts of proc and sysfs\n userns: For /proc/self/{uid,gid}_map derive the lower userns from the struct file\n procfs: Print task uids and gids in the userns that opened the proc file\n userns: Implement unshare of the user namespace\n userns: Implent proc namespace operations\n userns: Kill task_user_ns\n userns: Make create_new_namespaces take a user_ns parameter\n userns: Allow unprivileged use of setns.\n userns: Allow unprivileged users to create new namespaces\n userns: Allow setting a userns mapping to your current uid.\n userns: Allow chown and setgid preservation\n userns: Allow unprivileged users to create user namespaces.\n userns: Ignore suid and sgid on binaries if the uid or gid can not be mapped\n userns: fix return value on mntns_install() failure\n vfs: Allow unprivileged manipulation of the mount namespace.\n vfs: Only support slave subtrees across different user namespaces\n vfs: Add a user namespace reference from struct mnt_namespace\n ...\n" }, { "commit": "2a74dbb9a86e8102dcd07d284135b4530a84826e", "tree": "a54403e312b6062dfb57bd904ba8b8ce3b11e720", "parents": [ "770b6cb4d21fb3e3df2a7a51e186a3c14db1ec30", "e93072374112db9dc86635934ee761249be28370" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Dec 16 15:40:50 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"A quiet cycle for the security subsystem with just a few maintenance\n updates.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n Smack: create a sysfs mount point for smackfs\n Smack: use select not depends in Kconfig\n Yama: remove locking from delete path\n Yama: add RCU to drop read locking\n drivers/char/tpm: remove tasklet and cleanup\n KEYS: Use keyring_alloc() to create special keyrings\n KEYS: Reduce initial permissions on keys\n KEYS: Make the session and process keyrings per-thread\n seccomp: Make syscall skipping and nr changes more consistent\n key: Fix resource leak\n keys: Fix unreachable code\n KEYS: Add payload preparsing opportunity prior to key instantiate or update\n" }, { "commit": "9dd9ff99532d7a7f8222fd1f0d410d91c0f15ac5", "tree": "71a4981ece4592723cf6f0a37289e50a1028fbbf", "parents": [ "0d0863b02002c25140a1b9e113b81211bcc780e8" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Fri Dec 14 22:09:50 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Dec 15 17:14:38 2012 -0800" }, "message": "bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "520d9eabce18edfef76a60b7b839d54facafe1f9", "tree": "69aed7689a6467f88aad8ea43790d5cf2f30ec7c", "parents": [ "98f842e675f96ffac96e6c50315790912b2812be" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Dec 13 18:06:40 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 14 13:50:32 2012 -0800" }, "message": "Fix cap_capable to only allow owners in the parent user namespace to have caps.\n\nAndy Lutomirski pointed out that the current behavior of allowing the\nowner of a user namespace to have all caps when that owner is not in a\nparent user namespace is wrong. Add a test to ensure the owner of a user\nnamespace is in the parent of the user namespace to fix this bug.\n\nThankfully this bug did not apply to the initial user namespace, keeping\nthe mischief that can be caused by this bug quite small.\n\nThis is bug was introduced in v3.5 by commit 783291e6900\n\"Simplify the user_namespace by making userns-\u003ecreator a kuid.\"\nBut did not matter until the permisions required to create\na user namespace were relaxed allowing a user namespace to be created\ninside of a user namespace.\n\nThe bug made it possible for the owner of a user namespace to be\npresent in a child user namespace. Since the owner of a user nameapce\nis granted all capabilities it became possible for users in a\ngrandchild user namespace to have all privilges over their parent user\nnamspace.\n\nReorder the checks in cap_capable. This should make the common case\nfaster and make it clear that nothing magic happens in the initial\nuser namespace. The reordering is safe because cred-\u003euser_ns\ncan only be in targ_ns or targ_ns-\u003eparent but not both.\n\nAdd a comment a the top of the loop to make the logic of\nthe code clear.\n\nAdd a distinct variable ns that changes as we walk up\nthe user namespace hierarchy to make it clear which variable\nis changing.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e93072374112db9dc86635934ee761249be28370", "tree": "87abc5694cd43644e754f4a00a0b6a656eb5be19", "parents": [ "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Nov 01 18:14:32 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:23 2012 -0800" }, "message": "Smack: create a sysfs mount point for smackfs\n\nThere are a number of \"conventions\" for where to put LSM filesystems.\nSmack adheres to none of them. Create a mount point at /sys/fs/smackfs\nfor mounting smackfs so that Smack can be conventional.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a", "tree": "8629b99d4166e0b5dd730a6e1a187e4b319e82f3", "parents": [ "3f0cc6ae86627de825d2371b6d61643f2ce58908" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Nov 02 11:28:11 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Fri Dec 14 10:57:10 2012 -0800" }, "message": "Smack: use select not depends in Kconfig\n\nThe components NETLABEL and SECURITY_NETWORK are required by\nSmack. Using \"depends\" in Kconfig hides the Smack option\nif the user hasn\u0027t figured out that they need to be enabled\nwhile using make menuconfig. Using select is a better choice.\nBecause select is not recursive depends on NET and SECURITY\nare added. The reflects similar usage in TOMOYO and AppArmor.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "fdf90729e57812cb12d7938e2dee7c71e875fb08", "tree": "0ec17c765406dedc37ac278823d50587d53d1525", "parents": [ "1625cee56f8e6193b5a0809a414dfa395bd9cf1e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Oct 16 12:40:08 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:26 2012 +1030" }, "message": "ima: support new kernel module syscall\n\nWith the addition of the new kernel module syscall, which defines two\narguments - a file descriptor to the kernel module and a pointer to a NULL\nterminated string of module arguments - it is now possible to measure and\nappraise kernel modules like any other file on the file system.\n\nThis patch adds support to measure and appraise kernel modules in an\nextensible and consistent manner.\n\nTo support filesystems without extended attribute support, additional\npatches could pass the signature as the first parameter.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "2e72d51b4ac32989496870cd8171b3682fea1839", "tree": "b8190d17aa5d59508f8c979ce0160f21bef89500", "parents": [ "2f3238aebedb243804f58d62d57244edec4149b2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Oct 16 07:32:07 2012 +1030" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Fri Dec 14 13:05:24 2012 +1030" }, "message": "security: introduce kernel_module_from_file hook\n\nNow that kernel module origins can be reasoned about, provide a hook to\nthe LSMs to make policy decisions about the module file. This will let\nChrome OS enforce that loadable kernel modules can only come from its\nread-only hash-verified root filesystem. Other LSMs can, for example,\nread extended attributes for signatures, etc.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "a2013a13e68354e0c8f3696b69701803e13fb737", "tree": "a7e1da6bfad1aa2afd83f401874d606269ce90b4", "parents": [ "dadfab4873256d2145640c0ce468fcbfb48977fe", "106f9d9337f65bd428c0c79f650e3489e458d771" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 13 12:00:02 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\nPull trivial branch from Jiri Kosina:\n \"Usual stuff -- comment/printk typo fixes, documentation updates, dead\n code elimination.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)\n HOWTO: fix double words typo\n x86 mtrr: fix comment typo in mtrr_bp_init\n propagate name change to comments in kernel source\n doc: Update the name of profiling based on sysfs\n treewide: Fix typos in various drivers\n treewide: Fix typos in various Kconfig\n wireless: mwifiex: Fix typo in wireless/mwifiex driver\n messages: i2o: Fix typo in messages/i2o\n scripts/kernel-doc: check that non-void fcts describe their return value\n Kernel-doc: Convention: Use a \"Return\" section to describe return values\n radeon: Fix typo and copy/paste error in comments\n doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c\n various: Fix spelling of \"asynchronous\" in comments.\n Fix misspellings of \"whether\" in comments.\n eisa: Fix spelling of \"asynchronous\".\n various: Fix spelling of \"registered\" in comments.\n doc: fix quite a few typos within Documentation\n target: iscsi: fix comment typos in target/iscsi drivers\n treewide: fix typo of \"suport\" in various comments and Kconfig\n treewide: fix typo of \"suppport\" in various comments\n ...\n" }, { "commit": "6be35c700f742e911ecedd07fcc43d4439922334", "tree": "ca9f37214d204465fcc2d79c82efd291e357c53c", "parents": [ "e37aa63e87bd581f9be5555ed0ba83f5295c92fc", "520dfe3a3645257bf83660f672c47f8558f3d4c4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 18:07:07 2012 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n1) Allow to dump, monitor, and change the bridge multicast database\n using netlink. From Cong Wang.\n\n2) RFC 5961 TCP blind data injection attack mitigation, from Eric\n Dumazet.\n\n3) Networking user namespace support from Eric W. Biederman.\n\n4) tuntap/virtio-net multiqueue support by Jason Wang.\n\n5) Support for checksum offload of encapsulated packets (basically,\n tunneled traffic can still be checksummed by HW). From Joseph\n Gasparakis.\n\n6) Allow BPF filter access to VLAN tags, from Eric Dumazet and\n Daniel Borkmann.\n\n7) Bridge port parameters over netlink and BPDU blocking support\n from Stephen Hemminger.\n\n8) Improve data access patterns during inet socket demux by rearranging\n socket layout, from Eric Dumazet.\n\n9) TIPC protocol updates and cleanups from Ying Xue, Paul Gortmaker, and\n Jon Maloy.\n\n10) Update TCP socket hash sizing to be more in line with current day\n realities. The existing heurstics were choosen a decade ago.\n From Eric Dumazet.\n\n11) Fix races, queue bloat, and excessive wakeups in ATM and\n associated drivers, from Krzysztof Mazur and David Woodhouse.\n\n12) Support DOVE (Distributed Overlay Virtual Ethernet) extensions\n in VXLAN driver, from David Stevens.\n\n13) Add \"oops_only\" mode to netconsole, from Amerigo Wang.\n\n14) Support set and query of VEB/VEPA bridge mode via PF_BRIDGE, also\n allow DCB netlink to work on namespaces other than the initial\n namespace. From John Fastabend.\n\n15) Support PTP in the Tigon3 driver, from Matt Carlson.\n\n16) tun/vhost zero copy fixes and improvements, plus turn it on\n by default, from Michael S. Tsirkin.\n\n17) Support per-association statistics in SCTP, from Michele\n Baldessari.\n\nAnd many, many, driver updates, cleanups, and improvements. Too\nnumerous to mention individually.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1722 commits)\n net/mlx4_en: Add support for destination MAC in steering rules\n net/mlx4_en: Use generic etherdevice.h functions.\n net: ethtool: Add destination MAC address to flow steering API\n bridge: add support of adding and deleting mdb entries\n bridge: notify mdb changes via netlink\n ndisc: Unexport ndisc_{build,send}_skb().\n uapi: add missing netconf.h to export list\n pkt_sched: avoid requeues if possible\n solos-pci: fix double-free of TX skb in DMA mode\n bnx2: Fix accidental reversions.\n bna: Driver Version Updated to 3.1.2.1\n bna: Firmware update\n bna: Add RX State\n bna: Rx Page Based Allocation\n bna: TX Intr Coalescing Fix\n bna: Tx and Rx Optimizations\n bna: Code Cleanup and Enhancements\n ath9k: check pdata variable before dereferencing it\n ath5k: RX timestamp is reported at end of frame\n ath9k_htc: RX timestamp is reported at end of frame\n ...\n" }, { "commit": "d206e09036d6201f90b2719484c8a59526c46125", "tree": "84b9057919bcb8cfd1cff47baa5fc74457e77d6d", "parents": [ "fef3ff2eb777e76cfa5ae67591982d902c17139c", "15ef4ffaa797034d5ff82844daf8f595d7c6d53c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Dec 12 08:18:24 2012 -0800" }, "message": "Merge branch \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"A lot of activities on cgroup side. The big changes are focused on\n making cgroup hierarchy handling saner.\n\n - cgroup_rmdir() had peculiar semantics - it allowed cgroup\n destruction to be vetoed by individual controllers and tried to\n drain refcnt synchronously. The vetoing never worked properly and\n caused good deal of contortions in cgroup. memcg was the last\n reamining user. Michal Hocko removed the usage and cgroup_rmdir()\n path has been simplified significantly. This was done in a\n separate branch so that the memcg people can base further memcg\n changes on top.\n\n - The above allowed cleaning up cgroup lifecycle management and\n implementation of generic cgroup iterators which are used to\n improve hierarchy support.\n\n - cgroup_freezer updated to allow migration in and out of a frozen\n cgroup and handle hierarchy. If a cgroup is frozen, all descendant\n cgroups are frozen.\n\n - netcls_cgroup and netprio_cgroup updated to handle hierarchy\n properly.\n\n - Various fixes and cleanups.\n\n - Two merge commits. One to pull in memcg and rmdir cleanups (needed\n to build iterators). The other pulled in cgroup/for-3.7-fixes for\n device_cgroup fixes so that further device_cgroup patches can be\n stacked on top.\"\n\nFixed up a trivial conflict in mm/memcontrol.c as per Tejun (due to\ncommit bea8c150a7 (\"memcg: fix hotplugged memory zone oops\") in master\ntouching code close to commit 2ef37d3fe4 (\"memcg: Simplify\nmem_cgroup_force_empty_list error handling\") in for-3.8)\n\n* \u0027for-3.8\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (65 commits)\n cgroup: update Documentation/cgroups/00-INDEX\n cgroup_rm_file: don\u0027t delete the uncreated files\n cgroup: remove subsystem files when remounting cgroup\n cgroup: use cgroup_addrm_files() in cgroup_clear_directory()\n cgroup: warn about broken hierarchies only after css_online\n cgroup: list_del_init() on removed events\n cgroup: fix lockdep warning for event_control\n cgroup: move list add after list head initilization\n netprio_cgroup: allow nesting and inherit config on cgroup creation\n netprio_cgroup: implement netprio[_set]_prio() helpers\n netprio_cgroup: use cgroup-\u003eid instead of cgroup_netprio_state-\u003eprioidx\n netprio_cgroup: reimplement priomap expansion\n netprio_cgroup: shorten variable names in extend_netdev_table()\n netprio_cgroup: simplify write_priomap()\n netcls_cgroup: move config inheritance to -\u003ecss_online() and remove .broken_hierarchy marking\n cgroup: remove obsolete guarantee from cgroup_task_migrate.\n cgroup: add cgroup-\u003eid\n cgroup, cpuset: remove cgroup_subsys-\u003epost_clone()\n cgroup: s/CGRP_CLONE_CHILDREN/CGRP_CPUSET_CLONE_CHILDREN/\n cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n ...\n" }, { "commit": "6e73d71d8485607c692302d2058894588e3a387f", "tree": "ef660acbe7b5076beca493af6fe351ed17404fa0", "parents": [ "7c77ab24e30bad7598b5cfda93be6f32ed439c2f" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 18:59:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Dec 10 14:09:01 2012 -0500" }, "message": "rtnetlink: add missing message types to selinux perm table\n\nRebased on the latest net-next tree.\n\nRTM_NEWNETCONF and RTM_GETNETCONF are missing in this table.\n\nCc: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ee07c6e7a6f8a25c18f0a6b18152fbd7499245f6", "tree": "055d61934deeedf93eefbde3106f6a751c35d932", "parents": [ "5d248c491b38d4f1b2a0bd7721241d68cd0b3067" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Dec 07 00:04:48 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 07 14:32:52 2012 -0500" }, "message": "bridge: export multicast database via netlink\n\nV5: fix two bugs pointed out by Thomas\n remove seq check for now, mark it as TODO\n\nV4: remove some useless #include\n some coding style fix\n\nV3: drop debugging printk\u0027s\n update selinux perm table as well\n\nV2: drop patch 1/2, export ifindex directly\n Redesign netlink attributes\n Improve netlink seq check\n Handle IPv6 addr as well\n\nThis patch exports bridge multicast database via netlink\nmessage type RTM_GETMDB. Similar to fdb, but currently bridge-specific.\nWe may need to support modify multicast database too (RTM_{ADD,DEL}MDB).\n\n(Thanks to Thomas for patient reviews)\n\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nCc: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Jesper Dangaard Brouer \u003cbrouer@redhat.com\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88a693b5c1287be4da937699cb82068ce9db0135", "tree": "a18c1d6ee8e7792a3fb6741361b8fb84d16636af", "parents": [ "99b6e1e7233073a23a20824db8c5260a723ed192" ], "author": { "name": "Dave Jones", "email": "davej@redhat.com", "time": "Thu Nov 08 16:09:27 2012 -0800" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Nov 21 21:55:32 2012 +1100" }, "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0: (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "235e752789eb65a81477bb82845323dfcbf93012", "tree": "c4efa5eff81c01029ab884c0d43af16bb91b44b4", "parents": [ "93b69d437effff11b1c37f330d3265c37ec2f84b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Nov 19 15:21:26 2012 -0800" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:08 2012 -0800" }, "message": "Yama: remove locking from delete path\n\nInstead of locking the list during a delete, mark entries as invalid\nand trigger a workqueue to clean them up. This lets us easily handle\ntask_free from interrupt context.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\n" }, { "commit": "93b69d437effff11b1c37f330d3265c37ec2f84b", "tree": "59473ffd3079719ebdff415fef688ee29f1f5eb8", "parents": [ "b5666502700855a1eb1a15482005b22478b9460e" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Oct 18 14:53:58 2012 -0700" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Nov 20 10:32:07 2012 -0800" }, "message": "Yama: add RCU to drop read locking\n\nStop using spinlocks in the read path. Add RCU list to handle the readers.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReviewed-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "4c44aaafa8108f584831850ab48a975e971db2de", "tree": "c86f225e8256d28271acf3ea8926e70358f3e5c1", "parents": [ "bcf58e725ddc45d31addbc6627d4f0edccc824c1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Jul 26 05:05:21 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Nov 20 04:17:44 2012 -0800" }, "message": "userns: Kill task_user_ns\n\nThe task_user_ns function hides the fact that it is getting the user\nnamespace from struct cred on the task. struct cred may go away as\nsoon as the rcu lock is released. This leads to a race where we\ncan dereference a stale user namespace pointer.\n\nTo make it obvious a struct cred is involved kill task_user_ns.\n\nTo kill the race modify the users of task_user_ns to only\nreference the user namespace while the rcu lock is held.\n\nCc: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "92fb97487a7e41b222c1417cabd1d1ab7cc3a48c", "tree": "c220c622b9ac9b16535535d448e9cd29be72c77e", "parents": [ "b1929db42f8a649d9a9e397119f628c27fd4021f" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Nov 19 08:13:38 2012 -0800" }, "message": "cgroup: rename -\u003ecreate/post_create/pre_destroy/destroy() to -\u003ecss_alloc/online/offline/free()\n\nRename cgroup_subsys css lifetime related callbacks to better describe\nwhat their roles are. Also, update documentation.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "4b1c7840b7d01b14a1a00fa0e61b761d4391ba67", "tree": "1e93e0a8a0bb6fb2f5934a58a6eb32b3077b18b8", "parents": [ "5b805f2a7675634fbdf9ac1c9b2256905ab2ea68" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:16:53 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:28:04 2012 -0800" }, "message": "device_cgroup: add lockdep asserts\n\ndevice_cgroup uses RCU safe -\u003eexceptions list which is write-protected\nby devcgroup_mutex and has had some issues using locking correctly.\nAdd lockdep asserts to utility functions so that future errors can be\neasily detected.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "201e72acb2d3821e2de9ce6091e98859c316b29a", "tree": "01e47038346474d659714151b8209673c11f330a", "parents": [ "64e104771351d365e51e588a0e9a656ae6ed2f50" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 09:17:37 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 12:25:51 2012 -0800" }, "message": "device_cgroup: fix RCU usage\n\ndev_cgroup-\u003eexceptions is protected with devcgroup_mutex for writes\nand RCU for reads; however, RCU usage isn\u0027t correct.\n\n* dev_exception_clean() doesn\u0027t use RCU variant of list_del() and\n kfree(). The function can race with may_access() and may_access()\n may end up dereferencing already freed memory. Use list_del_rcu()\n and kfree_rcu() instead.\n\n* may_access() may be called only with RCU read locked but doesn\u0027t use\n RCU safe traversal over -\u003eexceptions. Use list_for_each_entry_rcu().\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: stable@vger.kernel.org\nCc: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\n" }, { "commit": "64e104771351d365e51e588a0e9a656ae6ed2f50", "tree": "e5078e0ba32729735846aa465c1f53f5d98c11ac", "parents": [ "3d70f8c617a436c7146ecb81df2265b4626dfe89" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Tue Nov 06 07:25:04 2012 -0800" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Nov 06 07:25:20 2012 -0800" }, "message": "device_cgroup: fix unchecked cgroup parent usage\n\nIn 4cef7299b478687 (\"device_cgroup: add proper checking when changing\ndefault behavior\") the cgroup parent usage is unchecked. root will not\nhave a parent and trying to use device.{allow,deny} will cause problems.\nFor some reason my stressing scripts didn\u0027t test the root directory so I\ndidn\u0027t catch it on my regular tests.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n" }, { "commit": "3bd7bf1f0fe14f591c089ae61bbfa9bd356f178a", "tree": "0058693cc9e70b7461dae551f8a19aff2efd13ca", "parents": [ "f16f84937d769c893492160b1a8c3672e3992beb", "e657e078d3dfa9f96976db7a2b5fd7d7c9f1f1a6" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:28:52 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sun Oct 28 19:29:19 2012 +0100" }, "message": "Merge branch \u0027master\u0027 into for-next\n\nSync up with Linus\u0027 tree to be able to apply Cesar\u0027s patch\nagainst newer version of the code.\n\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "4cef7299b4786879a3e113e84084a72b24590c5b", "tree": "31efb5e00be1c1e5cc266046c783c7569e495ede", "parents": [ "26fd8405dd470cb8b54cb96859b7dd437e5e1391" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:45 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: add proper checking when changing default behavior\n\nBefore changing a group\u0027s default behavior to ALLOW, we must check if\nits parent\u0027s behavior is also ALLOW.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "26fd8405dd470cb8b54cb96859b7dd437e5e1391", "tree": "c4d77df24842b0d980ccd10e09b00c6230db3176", "parents": [ "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: stop using simple_strtoul()\n\nConvert the code to use kstrtou32() instead of simple_strtoul() which is\ndeprecated. The real size of the variables are u32, so use kstrtou32\ninstead of kstrtoul\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5b7aa7d5bb2c5cf7fc05aaa41561af321706ab5f", "tree": "404da02312a547f3ff66003fe4002a4b4ff14dcb", "parents": [ "8c9506d16925f1b1314d93af383ca3134eb534d8" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 25 13:37:38 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "device_cgroup: rename deny_all to behavior\n\nThis was done in a v2 patch but v1 ended up being committed. The\nvariable name is less confusing and stores the default behavior when no\nmatching exception exists.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Jiri Slaby \u003cjslaby@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8c9506d16925f1b1314d93af383ca3134eb534d8", "tree": "e14dbc5816b375463b8d37eda0f79bcd0ea96a3b", "parents": [ "ef5d437f71afdf4afdbab99213add99f4b1318fd" ], "author": { "name": "Jiri Slaby", "email": "jslaby@suse.cz", "time": "Thu Oct 25 13:37:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:52 2012 -0700" }, "message": "cgroup: fix invalid rcu dereference\n\nCommit ad676077a2ae (\"device_cgroup: convert device_cgroup internally to\npolicy + exceptions\") removed rcu locks which are needed in\ntask_devcgroup called in this chain:\n\n devcgroup_inode_mknod OR __devcgroup_inode_permission -\u003e\n __devcgroup_inode_permission -\u003e\n task_devcgroup -\u003e\n task_subsys_state -\u003e\n task_subsys_state_check.\n\nChange the code so that task_devcgroup is safely called with rcu read\nlock held.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.6.0-rc5-next-20120913+ #42 Not tainted\n -------------------------------\n include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by kdevtmpfs/23:\n #0: (sb_writers){.+.+.+}, at: [\u003cffffffff8116873f\u003e]\n mnt_want_write+0x1f/0x50\n #1: (\u0026sb-\u003es_type-\u003ei_mutex_key#3/1){+.+.+.}, at: [\u003cffffffff811558af\u003e]\n kern_path_create+0x7f/0x170\n\n stack backtrace:\n Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42\n Call Trace:\n lockdep_rcu_suspicious+0xfd/0x130\n devcgroup_inode_mknod+0x19d/0x240\n vfs_mknod+0x71/0xf0\n handle_create.isra.2+0x72/0x200\n devtmpfsd+0x114/0x140\n ? handle_create.isra.2+0x200/0x200\n kthread+0xd6/0xe0\n kernel_thread_helper+0x4/0x10\n\nSigned-off-by: Jiri Slaby \u003cjslaby@suse.cz\u003e\nCc: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b010520ab3d2c05eb444ed5e01fe6c33842f597a", "tree": "cf958deb54615a8ff5432bdbf3b70da2a76b9508", "parents": [ "6f7c962c0b8efc78aec4c5514865fb5be83f4d92" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Thu Oct 25 15:23:35 2012 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Thu Oct 25 18:00:27 2012 +0200" }, "message": "keys: Fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "2e680dd61e80592385338bfbeb86833d1c60546c", "tree": "a62b80465dd15a7fddb34367ccb7c94e47951dc5", "parents": [ "0e9e3e306c7e472bdcffa34c4c4584301eda03b3" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 24 06:27:32 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Oct 25 02:12:50 2012 +1100" }, "message": "apparmor: fix IRQ stack overflow during free_profile\n\nBugLink: http://bugs.launchpad.net/bugs/1056078\n\nProfile replacement can cause long chains of profiles to build up when\nthe profile being replaced is pinned. When the pinned profile is finally\nfreed, it puts the reference to its replacement, which may in turn nest\nanother call to free_profile on the stack. Because this may happen for\neach profile in the replacedby chain this can result in a recusion that\ncauses the stack to overflow.\n\nBreak this nesting by directly walking the chain of replacedby profiles\n(ie. use iteration instead of recursion to free the list). This results\nin at most 2 levels of free_profile being called, while freeing a\nreplacedby chain.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "43c422eda99b894f18d1cca17bcd2401efaf7bd0", "tree": "2de386d66b58edaace714ecf0364e47fcad38f7e", "parents": [ "985c9e615a605041d728c08b83d3dda19ae7def8" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed Oct 17 13:29:33 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Oct 17 16:29:46 2012 -0700" }, "message": "apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40\n\nThe capability defines have moved causing the auto generated names\nof capabilities that apparmor uses in logging to be incorrect.\n\nFix the autogenerated table source to uapi/linux/capability.h\n\nReported-by: YanHong \u003cclouds.yan@gmail.com\u003e\nReported-by: Krzysztof Kolasa \u003ckkolasa@winsoft.pl\u003e\nAnalyzed-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "45525b26a46cd593cb72070304c4cd7c8391bd37", "tree": "9064f045ef433e4d74d281daa995ee3c082e806e", "parents": [ "dd8e8c4a2c902d8350b702e7bc7c2799e5e7e331" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:30:07 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 16 13:36:50 2012 -0400" }, "message": "fix a leak in replace_fd() users\n\nreplace_fd() began with \"eats a reference, tries to insert into\ndescriptor table\" semantics; at some point I\u0027d switched it to\nmuch saner current behaviour (\"try to insert into descriptor\ntable, grabbing a new reference if inserted; caller should do\nfput() in any case\"), but forgot to update the callers.\nMea culpa...\n\n[Spotted by Pavel Roskin, who has really weird system with pipe-fed\ncoredumps as part of what he considers a normal boot ;-)]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d", "tree": "f414482d768b015a609924293b779b4ad0b8f764", "parents": [ "b6eea87fc6850d3531a64a27d2323a4498cd4e43", "dbadc17683e6c673a69b236c0f041b931cc55c42" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 14 13:39:34 2012 -0700" }, "message": "Merge branch \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux\n\nPull module signing support from Rusty Russell:\n \"module signing is the highlight, but it\u0027s an all-over David Howells frenzy...\"\n\nHmm \"Magrathea: Glacier signing key\". Somebody has been reading too much HHGTTG.\n\n* \u0027modules-next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)\n X.509: Fix indefinite length element skip error handling\n X.509: Convert some printk calls to pr_devel\n asymmetric keys: fix printk format warning\n MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking\n MODSIGN: Make mrproper should remove generated files.\n MODSIGN: Use utf8 strings in signer\u0027s name in autogenerated X.509 certs\n MODSIGN: Use the same digest for the autogen key sig as for the module sig\n MODSIGN: Sign modules during the build process\n MODSIGN: Provide a script for generating a key ID from an X.509 cert\n MODSIGN: Implement module signature checking\n MODSIGN: Provide module signing public keys to the kernel\n MODSIGN: Automatically generate module signing keys if missing\n MODSIGN: Provide Kconfig options\n MODSIGN: Provide gitignore and make clean rules for extra files\n MODSIGN: Add FIPS policy\n module: signature checking hook\n X.509: Add a crypto key parser for binary (DER) X.509 certificates\n MPILIB: Provide a function to read raw data into an MPI\n X.509: Add an ASN.1 decoder\n X.509: Add simple ASN.1 grammar compiler\n ...\n" }, { "commit": "808d4e3cfdcc52b19276175464f6dbca4df13b09", "tree": "11c319127e8c1314c1ed1a777e4284032ab5bd00", "parents": [ "4b2c551f77f5a0c496e2125b1d883f4b26aabf2c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 11:42:01 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 11 20:02:04 2012 -0400" }, "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9e2d8656f5e8aa214e66b462680cf86b210b74a8", "tree": "f67d62e896cedf75599ea45f9ecf9999c6ad24cd", "parents": [ "1ea4f4f8405cc1ceec23f2d261bc3775785e6712", "9e695d2ecc8451cc2c1603d60b5c8e7f5581923a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:23:15 2012 +0900" }, "message": "Merge branch \u0027akpm\u0027 (Andrew\u0027s patch-bomb)\n\nMerge patches from Andrew Morton:\n \"A few misc things and very nearly all of the MM tree. A tremendous\n amount of stuff (again), including a significant rbtree library\n rework.\"\n\n* emailed patches from Andrew Morton \u003cakpm@linux-foundation.org\u003e: (160 commits)\n sparc64: Support transparent huge pages.\n mm: thp: Use more portable PMD clearing sequenece in zap_huge_pmd().\n mm: Add and use update_mmu_cache_pmd() in transparent huge page code.\n sparc64: Document PGD and PMD layout.\n sparc64: Eliminate PTE table memory wastage.\n sparc64: Halve the size of PTE tables\n sparc64: Only support 4MB huge pages and 8KB base pages.\n memory-hotplug: suppress \"Trying to free nonexistent resource \u003cXXXXXXXXXXXXXXXX-YYYYYYYYYYYYYYYY\u003e\" warning\n mm: memcg: clean up mm_match_cgroup() signature\n mm: document PageHuge somewhat\n mm: use %pK for /proc/vmallocinfo\n mm, thp: fix mlock statistics\n mm, thp: fix mapped pages avoiding unevictable list on mlock\n memory-hotplug: update memory block\u0027s state and notify userspace\n memory-hotplug: preparation to notify memory block\u0027s state at memory hot remove\n mm: avoid section mismatch warning for memblock_type_name\n make GFP_NOTRACK definition unconditional\n cma: decrease cc.nr_migratepages after reclaiming pagelist\n CMA: migrate mlocked pages\n kpageflags: fix wrong KPF_THP on non-huge compound pages\n ...\n" }, { "commit": "314e51b9851b4f4e8ab302243ff5a6fc6147f379", "tree": "f757b89206355fd129830782566768693eed23ce", "parents": [ "0103bd16fb90bc741c7a03fd1ea4e8a505abad23" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:29:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:19 2012 +0900" }, "message": "mm: kill vma flag VM_RESERVED and mm-\u003ereserved_vm counter\n\nA long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,\ncurrently it lost original meaning but still has some effects:\n\n | effect | alternative flags\n-+------------------------+---------------------------------------------\n1| account as reserved_vm | VM_IO\n2| skip in core dump | VM_IO, VM_DONTDUMP\n3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP\n\nThis patch removes reserved_vm counter from mm_struct. Seems like nobody\ncares about it, it does not exported into userspace directly, it only\nreduces total_vm showed in proc.\n\nThus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.\n\nremap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.\nremap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.\n\n[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2dd8ad81e31d0d36a5d448329c646ab43eb17788", "tree": "cd358be45ed8067673edac7f1db6b6a42a96d9db", "parents": [ "0b173bc4daa8f8ec03a85abf5e47b23502ff80af" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Mon Oct 08 16:28:51 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 16:22:18 2012 +0900" }, "message": "mm: use mm-\u003eexe_file instead of first VM_EXECUTABLE vma-\u003evm_file\n\nSome security modules and oprofile still uses VM_EXECUTABLE for retrieving\na task\u0027s executable file. After this patch they will use mm-\u003eexe_file\ndirectly. mm-\u003eexe_file is protected with mm-\u003emmap_sem, so locking stays\nthe same.\n\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nAcked-by: Chris Metcalf \u003ccmetcalf@tilera.com\u003e\t\t\t[arch/tile]\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\t[tomoyo]\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Hugh Dickins \u003chughd@google.com\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nAcked-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Jason Baron \u003cjbaron@redhat.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Robert Richter \u003crobert.richter@amd.com\u003e\nCc: Suresh Siddha \u003csuresh.b.siddha@intel.com\u003e\nCc: Venkatesh Pallipadi \u003cvenki@google.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50e0d10232db05c6776afcf6098459bff47e8b15", "tree": "0e89971de6d960c8946cc9351d73b297347a0260", "parents": [ "8711798772641b2f593beebebcab5b1ec2309f0c", "c37d6154c0b9163c27e53cc1d0be3867b4abd760" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 09 15:58:38 2012 +0900" }, "message": "Merge tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic\n\nPull asm-generic updates from Arnd Bergmann:\n \"This has three changes for asm-generic that did not really fit into\n any other branch as normal asm-generic changes do. One is a fix for a\n build warning, the other two are more interesting:\n\n * A patch from Mark Brown to allow using the common clock\n infrastructure on all architectures, so we can use the clock API in\n architecture independent device drivers.\n\n * The UAPI split patches from David Howells for the asm-generic\n files. There are other architecture specific series that are going\n through the arch maintainer tree and that depend on this one.\n\n There may be a few small merge conflicts between Mark\u0027s patch and the\n following arch header file split patches. In each case the solution\n will be to keep the new \"generic-y +\u003d clkdev.h\" line, even if it ends\n up being the only line in the Kbuild file.\"\n\n* tag \u0027asm-generic\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:\n UAPI: (Scripted) Disintegrate include/asm-generic\n asm-generic: Add default clkdev.h\n asm-generic: xor: mark static functions as __maybe_unused\n" }, { "commit": "cf7f601c067994f371ba77721d1e45fce61a4569", "tree": "4ff5a12ae84cf47a9815c3e3979341a66360cb31", "parents": [ "9bb9c3be56834653878f766f471fa1c20e562f4c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:49:48 2012 +1030" }, "message": "KEYS: Add payload preparsing opportunity prior to key instantiate or update\n\nGive the key type the opportunity to preparse the payload prior to the\ninstantiation and update routines being called. This is done with the\nprovision of two new key type operations:\n\n\tint (*preparse)(struct key_preparsed_payload *prep);\n\tvoid (*free_preparse)(struct key_preparsed_payload *prep);\n\nIf the first operation is present, then it is called before key creation (in\nthe add/update case) or before the key semaphore is taken (in the update and\ninstantiate cases). The second operation is called to clean up if the first\nwas called.\n\npreparse() is given the opportunity to fill in the following structure:\n\n\tstruct key_preparsed_payload {\n\t\tchar\t\t*description;\n\t\tvoid\t\t*type_data[2];\n\t\tvoid\t\t*payload;\n\t\tconst void\t*data;\n\t\tsize_t\t\tdatalen;\n\t\tsize_t\t\tquotalen;\n\t};\n\nBefore the preparser is called, the first three fields will have been cleared,\nthe payload pointer and size will be stored in data and datalen and the default\nquota size from the key_type struct will be stored into quotalen.\n\nThe preparser may parse the payload in any way it likes and may store data in\nthe type_data[] and payload fields for use by the instantiate() and update()\nops.\n\nThe preparser may also propose a description for the key by attaching it as a\nstring to the description field. This can be used by passing a NULL or \"\"\ndescription to the add_key() system call or the key_create_or_update()\nfunction. This cannot work with request_key() as that required the description\nto tell the upcall about the key to be created.\n\nThis, for example permits keys that store PGP public keys to generate their own\nname from the user ID and public key fingerprint in the key.\n\nThe instantiate() and update() operations are then modified to look like this:\n\n\tint (*instantiate)(struct key *key, struct key_preparsed_payload *prep);\n\tint (*update)(struct key *key, struct key_preparsed_payload *prep);\n\nand the new payload data is passed in *prep, whether or not it was preparsed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "638c87a91666df1f16866badee862ce38bf31e4a", "tree": "67be4d125ad6abe2eeee00eab12e0fc8f03fa099", "parents": [ "7cb9cf0224efd6d41b2bdd9bfb412b42aa4281f8", "d26e1936227b538a1691b978566ef269aef10853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Oct 07 21:07:21 2012 +0900" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull IMA bugfix (security subsystem) from James Morris.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:\n ima: fix bug in argument order\n" }, { "commit": "db9aeca97a58563e1ab927d157c9b5048f233e73", "tree": "6569621429efe0e6cc0529b78c50939913f0bd35", "parents": [ "ad676077a2ae4af4bb6627486ce19ccce04f1efe" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:20 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: rename whitelist to exception list\n\nThis patch replaces the \"whitelist\" usage in the code and comments and replace\nthem by exception list related information.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad676077a2ae4af4bb6627486ce19ccce04f1efe", "tree": "638e05256abe3b04f6acdbecf630b003143649c4", "parents": [ "868539a3b671e0f736ddd11b67bf1dc3d8a5a921" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:17 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: convert device_cgroup internally to policy + exceptions\n\nThe original model of device_cgroup is having a whitelist where all the\nallowed devices are listed. The problem with this approach is that is\nimpossible to have the case of allowing everything but few devices.\n\nThe reason for that lies in the way the whitelist is handled internally:\nsince there\u0027s only a whitelist, the \"all devices\" entry would have to be\nremoved and replaced by the entire list of possible devices but the ones\nthat are being denied. Since dev_t is 32 bits long, representing the allowed\ndevices as a bitfield is not memory efficient.\n\nThis patch replaces the \"whitelist\" by a \"exceptions\" list and the default\npolicy is kept as \"deny_all\" variable in dev_cgroup structure.\n\nThe current interface determines that whenever \"a\" is written to devices.allow\nor devices.deny, the entry masking all devices will be added or removed,\nrespectively. This behavior is kept and it\u0027s what will determine the default\npolicy:\n\n\t# cat devices.list\n\ta *:* rwm\n\t# echo a \u003edevices.deny\n\t# cat devices.list\n\t# echo a \u003edevices.allow\n\t# cat devices.list\n\ta *:* rwm\n\nThe interface is also preserved. For example, if one wants to block only access\nto /dev/null:\n\t# ls -l /dev/null\n\tcrw-rw-rw- 1 root root 1, 3 Jul 24 16:17 /dev/null\n\t# echo a \u003edevices.allow\n\t# echo \"c 1:3 rwm\" \u003edevices.deny\n\t# cat /dev/null\n\tcat: /dev/null: Operation not permitted\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 r\" \u003edevices.allow\n\t# cat /dev/null\n\t# echo \u003e/dev/null\n\tbash: /dev/null: Operation not permitted\n\tmknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rw\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\tmknod: `/tmp/null\u0027: Operation not permitted\n\t# echo \"c 1:3 rwm\" \u003edevices.allow\n\t# echo \u003e/dev/null\n\t# cat /dev/null\n\t# mknod /tmp/null c 1 3\n\t#\n\nNote that I didn\u0027t rename the functions/variables in this patch, but in the\nnext one to make reviewing easier.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "868539a3b671e0f736ddd11b67bf1dc3d8a5a921", "tree": "2c2c10e2983c40ffad02fb01d55fad6f4a6b3175", "parents": [ "66b8ef67756b3051bf42a077a82c3c5c279caa5b" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:15 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:14 2012 +0900" }, "message": "device_cgroup: introduce dev_whitelist_clean()\n\nThis function cleans all the items in a whitelist and will be used by the next\npatches.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "66b8ef67756b3051bf42a077a82c3c5c279caa5b", "tree": "60527442334744981f0766dae6f46bf7ae9b4d4f", "parents": [ "12ae6779332181432a7feda740735ffa5bb3d32d" ], "author": { "name": "Aristeu Rozanski", "email": "aris@redhat.com", "time": "Thu Oct 04 17:15:13 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:05:13 2012 +0900" }, "message": "device_cgroup: add \"deny_all\" in dev_cgroup structure\n\ndeny_all will determine if the default policy is to deny all device access\nunless for the ones in the exception list.\n\nThis variable will be used in the next patches to convert device_cgroup\ninternally into a default policy + rules.\n\nSigned-off-by: Aristeu Rozanski \u003caris@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Li Zefan \u003clizefan@huawei.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d26e1936227b538a1691b978566ef269aef10853", "tree": "c1b803d6177f6c39932a159c7bdb2c557497e16f", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Thu Sep 27 18:26:53 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Oct 05 22:32:16 2012 +1000" }, "message": "ima: fix bug in argument order\n\nmask argument goes first, then func, like ima_must_measure\nand ima_get_action. ima_inode_post_setattr() assumes that.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498", "tree": "42ef93e164b8b2a01adab30db4b33f370f4280d7", "parents": [ "f3dfd599af993385b40fc7a1c947afc12729bc4d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Oct 04 18:20:15 2012 +0100" }, "message": "UAPI: (Scripted) Disintegrate include/asm-generic\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nAcked-by: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Dave Jones \u003cdavej@redhat.com\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "aab174f0df5d72d31caccf281af5f614fa254578", "tree": "2a172c5009c4ac8755e858593154c258ce7709a0", "parents": [ "ca41cc96b2813221b05af57d0355157924de5a07", "2bd2c1941f141ad780135ccc1cd08ca71a24f10a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 20:25:04 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs update from Al Viro:\n\n - big one - consolidation of descriptor-related logics; almost all of\n that is moved to fs/file.c\n\n (BTW, I\u0027m seriously tempted to rename the result to fd.c. As it is,\n we have a situation when file_table.c is about handling of struct\n file and file.c is about handling of descriptor tables; the reasons\n are historical - file_table.c used to be about a static array of\n struct file we used to have way back).\n\n A lot of stray ends got cleaned up and converted to saner primitives,\n disgusting mess in android/binder.c is still disgusting, but at least\n doesn\u0027t poke so much in descriptor table guts anymore. A bunch of\n relatively minor races got fixed in process, plus an ext4 struct file\n leak.\n\n - related thing - fget_light() partially unuglified; see fdget() in\n there (and yes, it generates the code as good as we used to have).\n\n - also related - bits of Cyrill\u0027s procfs stuff that got entangled into\n that work; _not_ all of it, just the initial move to fs/proc/fd.c and\n switch of fdinfo to seq_file.\n\n - Alex\u0027s fs/coredump.c spiltoff - the same story, had been easier to\n take that commit than mess with conflicts. The rest is a separate\n pile, this was just a mechanical code movement.\n\n - a few misc patches all over the place. Not all for this cycle,\n there\u0027ll be more (and quite a few currently sit in akpm\u0027s tree).\"\n\nFix up trivial conflicts in the android binder driver, and some fairly\nsimple conflicts due to two different changes to the sock_alloc_file()\ninterface (\"take descriptor handling from sock_alloc_file() to callers\"\nvs \"net: Providing protocol type via system.sockprotoname xattr of\n/proc/PID/fd entries\" adding a dentry name to the socket)\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)\n MAX_LFS_FILESIZE should be a loff_t\n compat: fs: Generic compat_sys_sendfile implementation\n fs: push rcu_barrier() from deactivate_locked_super() to filesystems\n btrfs: reada_extent doesn\u0027t need kref for refcount\n coredump: move core dump functionality into its own file\n coredump: prevent double-free on an error path in core dumper\n usb/gadget: fix misannotations\n fcntl: fix misannotations\n ceph: don\u0027t abuse d_delete() on failure exits\n hypfs: -\u003ed_parent is never NULL or negative\n vfs: delete surplus inode NULL check\n switch simple cases of fget_light to fdget\n new helpers: fdget()/fdput()\n switch o2hb_region_dev_write() to fget_light()\n proc_map_files_readdir(): don\u0027t bother with grabbing files\n make get_file() return its argument\n vhost_set_vring(): turn pollstart/pollstop into bool\n switch prctl_set_mm_exe_file() to fget_light()\n switch xfs_find_handle() to fget_light()\n switch xfs_swapext() to fget_light()\n ...\n" }, { "commit": "aecdc33e111b2c447b622e287c6003726daa1426", "tree": "3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6", "parents": [ "a20acf99f75e49271381d65db097c9763060a1e8", "a3a6cab5ea10cca64d036851fe0d932448f2fe4f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n 1) GRE now works over ipv6, from Dmitry Kozlov.\n\n 2) Make SCTP more network namespace aware, from Eric Biederman.\n\n 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.\n\n 4) Make openvswitch network namespace aware, from Pravin B Shelar.\n\n 5) IPV6 NAT implementation, from Patrick McHardy.\n\n 6) Server side support for TCP Fast Open, from Jerry Chu and others.\n\n 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel\n Borkmann.\n\n 8) Increate the loopback default MTU to 64K, from Eric Dumazet.\n\n 9) Use a per-task rather than per-socket page fragment allocator for\n outgoing networking traffic. This benefits processes that have very\n many mostly idle sockets, which is quite common.\n\n From Eric Dumazet.\n\n10) Use up to 32K for page fragment allocations, with fallbacks to\n smaller sizes when higher order page allocations fail. Benefits are\n a) less segments for driver to process b) less calls to page\n allocator c) less waste of space.\n\n From Eric Dumazet.\n\n11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.\n\n12) VXLAN device driver, one way to handle VLAN issues such as the\n limitation of 4096 VLAN IDs yet still have some level of isolation.\n From Stephen Hemminger.\n\n13) As usual there is a large boatload of driver changes, with the scale\n perhaps tilted towards the wireless side this time around.\n\nFix up various fairly trivial conflicts, mostly caused by the user\nnamespace changes.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)\n hyperv: Add buffer for extended info after the RNDIS response message.\n hyperv: Report actual status in receive completion packet\n hyperv: Remove extra allocated space for recv_pkt_list elements\n hyperv: Fix page buffer handling in rndis_filter_send_request()\n hyperv: Fix the missing return value in rndis_filter_set_packet_filter()\n hyperv: Fix the max_xfer_size in RNDIS initialization\n vxlan: put UDP socket in correct namespace\n vxlan: Depend on CONFIG_INET\n sfc: Fix the reported priorities of different filter types\n sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP\n sfc: Fix loopback self-test with separate_tx_channels\u003d1\n sfc: Fix MCDI structure field lookup\n sfc: Add parentheses around use of bitfield macro arguments\n sfc: Fix null function pointer in efx_sriov_channel_type\n vxlan: virtual extensible lan\n igmp: export symbol ip_mc_leave_group\n netlink: add attributes to fdb interface\n tg3: unconditionally select HWMON support when tg3 is enabled.\n Revert \"net: ti cpsw ethernet: allow reading phy interface mode from DT\"\n gre: fix sparse warning\n ...\n" }, { "commit": "4442d7704c7311d1c42383d365e0b883e0075975", "tree": "ee80c095ea8b13c2ad62c9406ddc6166c5b09cb4", "parents": [ "f8aa23a55f813c9bddec2a6176e0e67274e6e7c1", "d4f65b5d2497b2fd9c45f06b71deb4ab084a5b66" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:30:19 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:30:19 2012 +0100" }, "message": "Merge branch \u0027modsign-keys-devel\u0027 into security-next-keys\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "f8aa23a55f813c9bddec2a6176e0e67274e6e7c1", "tree": "1b1927cedb4f1d769fac19242f3a365c84e40cec", "parents": [ "96b5c8fea6c0861621051290d705ec2e971963f1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "message": "KEYS: Use keyring_alloc() to create special keyrings\n\nUse keyring_alloc() to create special keyrings now that it has a permissions\nparameter rather than using key_alloc() + key_instantiate_and_link().\n\nAlso document and export keyring_alloc() so that modules can use it too.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "96b5c8fea6c0861621051290d705ec2e971963f1", "tree": "3e3812fb8eb9590b8dca812e916d16cfd53aa862", "parents": [ "3a50597de8635cd05133bd12c95681c82fe7b878" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:56 2012 +0100" }, "message": "KEYS: Reduce initial permissions on keys\n\nReduce the initial permissions on new keys to grant the possessor everything,\nview permission only to the user (so the keys can be seen in /proc/keys) and\nnothing else.\n\nThis gives the creator a chance to adjust the permissions mask before other\nprocesses can access the new key or create a link to it.\n\nTo aid with this, keyring_alloc() now takes a permission argument rather than\nsetting the permissions itself.\n\nThe following permissions are now set:\n\n (1) The user and user-session keyrings grant the user that owns them full\n permissions and grant a possessor everything bar SETATTR.\n\n (2) The process and thread keyrings grant the possessor full permissions but\n only grant the user VIEW. This permits the user to see them in\n /proc/keys, but not to do anything with them.\n\n (3) Anonymous session keyrings grant the possessor full permissions, but only\n grant the user VIEW and READ. This means that the user can see them in\n /proc/keys and can list them, but nothing else. Possibly READ shouldn\u0027t\n be provided either.\n\n (4) Named session keyrings grant everything an anonymous session keyring does,\n plus they grant the user LINK permission. The whole point of named\n session keyrings is that others can also subscribe to them. Possibly this\n should be a separate permission to LINK.\n\n (5) The temporary session keyring created by call_sbin_request_key() gets the\n same permissions as an anonymous session keyring.\n\n (6) Keys created by add_key() get VIEW, SEARCH, LINK and SETATTR for the\n possessor, plus READ and/or WRITE if the key type supports them. The used\n only gets VIEW now.\n\n (7) Keys created by request_key() now get the same as those created by\n add_key().\n\nReported-by: Lennart Poettering \u003clennart@poettering.net\u003e\nReported-by: Stef Walter \u003cstefw@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "3a50597de8635cd05133bd12c95681c82fe7b878", "tree": "d81c3e46dcef80fbaf84fdf1e8f43676625bab8e", "parents": [ "a84a921978b7d56e0e4b87ffaca6367429b4d8ff" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:29 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 02 19:24:29 2012 +0100" }, "message": "KEYS: Make the session and process keyrings per-thread\n\nMake the session keyring per-thread rather than per-process, but still\ninherited from the parent thread to solve a problem with PAM and gdm.\n\nThe problem is that join_session_keyring() will reject attempts to change the\nsession keyring of a multithreaded program but gdm is now multithreaded before\nit gets to the point of starting PAM and running pam_keyinit to create the\nsession keyring. See:\n\n\thttps://bugs.freedesktop.org/show_bug.cgi?id\u003d49211\n\nThe reason that join_session_keyring() will only change the session keyring\nunder a single-threaded environment is that it\u0027s hard to alter the other\nthread\u0027s credentials to effect the change in a multi-threaded program. The\nproblems are such as:\n\n (1) How to prevent two threads both running join_session_keyring() from\n racing.\n\n (2) Another thread\u0027s credentials may not be modified directly by this process.\n\n (3) The number of threads is uncertain whilst we\u0027re not holding the\n appropriate spinlock, making preallocation slightly tricky.\n\n (4) We could use TIF_NOTIFY_RESUME and key_replace_session_keyring() to get\n another thread to replace its keyring, but that means preallocating for\n each thread.\n\nA reasonable way around this is to make the session keyring per-thread rather\nthan per-process and just document that if you want a common session keyring,\nyou must get it before you spawn any threads - which is the current situation\nanyway.\n\nWhilst we\u0027re at it, we can the process keyring behave in the same way. This\nmeans we can clean up some of the ickyness in the creds code.\n\nBasically, after this patch, the session, process and thread keyrings are about\ninheritance rules only and not about sharing changes of keyring.\n\nReported-by: Mantas M. \u003cgrawity@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Ray Strode \u003crstrode@redhat.com\u003e\n" }, { "commit": "437589a74b6a590d175f86cf9f7b2efcee7765e7", "tree": "37bf8635b1356d80ef002b00e84f3faf3d555a63", "parents": [ "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "72235465864d84cedb2d9f26f8e1de824ee20339" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"This is a mostly modest set of changes to enable basic user namespace\n support. This allows the code to code to compile with user namespaces\n enabled and removes the assumption there is only the initial user\n namespace. Everything is converted except for the most complex of the\n filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,\n nfs, ocfs2 and xfs as those patches need a bit more review.\n\n The strategy is to push kuid_t and kgid_t values are far down into\n subsystems and filesystems as reasonable. Leaving the make_kuid and\n from_kuid operations to happen at the edge of userspace, as the values\n come off the disk, and as the values come in from the network.\n Letting compile type incompatible compile errors (present when user\n namespaces are enabled) guide me to find the issues.\n\n The most tricky areas have been the places where we had an implicit\n union of uid and gid values and were storing them in an unsigned int.\n Those places were converted into explicit unions. I made certain to\n handle those places with simple trivial patches.\n\n Out of that work I discovered we have generic interfaces for storing\n quota by projid. I had never heard of the project identifiers before.\n Adding full user namespace support for project identifiers accounts\n for most of the code size growth in my git tree.\n\n Ultimately there will be work to relax privlige checks from\n \"capable(FOO)\" to \"ns_capable(user_ns, FOO)\" where it is safe allowing\n root in a user names to do those things that today we only forbid to\n non-root users because it will confuse suid root applications.\n\n While I was pushing kuid_t and kgid_t changes deep into the audit code\n I made a few other cleanups. I capitalized on the fact we process\n netlink messages in the context of the message sender. I removed\n usage of NETLINK_CRED, and started directly using current-\u003etty.\n\n Some of these patches have also made it into maintainer trees, with no\n problems from identical code from different trees showing up in\n linux-next.\n\n After reading through all of this code I feel like I might be able to\n win a game of kernel trivial pursuit.\"\n\nFix up some fairly trivial conflicts in netfilter uid/git logging code.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)\n userns: Convert the ufs filesystem to use kuid/kgid where appropriate\n userns: Convert the udf filesystem to use kuid/kgid where appropriate\n userns: Convert ubifs to use kuid/kgid\n userns: Convert squashfs to use kuid/kgid where appropriate\n userns: Convert reiserfs to use kuid and kgid where appropriate\n userns: Convert jfs to use kuid/kgid where appropriate\n userns: Convert jffs2 to use kuid and kgid where appropriate\n userns: Convert hpfs to use kuid and kgid where appropriate\n userns: Convert btrfs to use kuid/kgid where appropriate\n userns: Convert bfs to use kuid/kgid where appropriate\n userns: Convert affs to use kuid/kgid wherwe appropriate\n userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids\n userns: On ia64 deal with current_uid and current_gid being kuid and kgid\n userns: On ppc convert current_uid from a kuid before printing.\n userns: Convert s390 getting uid and gid system calls to use kuid and kgid\n userns: Convert s390 hypfs to use kuid and kgid where appropriate\n userns: Convert binder ipc to use kuids\n userns: Teach security_path_chown to take kuids and kgids\n userns: Add user namespace support to IMA\n userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n ...\n" }, { "commit": "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "tree": "e82a527bd978ee96283f03d0df36f47d9aee1e41", "parents": [ "c0e8a139a5bb8add02b4111e9e1957d810d7285e", "8c7f6edbda01f1b1a2e60ad61f14fe38023e433b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 10:52:28 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 10:52:28 2012 -0700" }, "message": "Merge branch \u0027for-3.7-hierarchy\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup hierarchy update from Tejun Heo:\n \"Currently, different cgroup subsystems handle nested cgroups\n completely differently. There\u0027s no consistency among subsystems and\n the behaviors often are outright broken.\n\n People at least seem to agree that the broken hierarhcy behaviors need\n to be weeded out if any progress is gonna be made on this front and\n that the fallouts from deprecating the broken behaviors should be\n acceptable especially given that the current behaviors don\u0027t make much\n sense when nested.\n\n This patch makes cgroup emit warning messages if cgroups for\n subsystems with broken hierarchy behavior are nested to prepare for\n fixing them in the future. This was put in a separate branch because\n more related changes were expected (didn\u0027t make it this round) and the\n memory cgroup wanted to pull in this and make changes on top.\"\n\n* \u0027for-3.7-hierarchy\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:\n cgroup: mark subsystems with broken hierarchy support and whine if cgroups are nested for them\n" }, { "commit": "033d9959ed2dc1029217d4165f80a71702dc578e", "tree": "3d306316e44bdabce2e0bf2ef7e466e525f90b4c", "parents": [ "974a847e00cf3ff1695e62b276892137893706ab", "7c6e72e46c9ea4a88f3f8ba96edce9db4bd48726" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 09:54:49 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 09:54:49 2012 -0700" }, "message": "Merge branch \u0027for-3.7\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq\n\nPull workqueue changes from Tejun Heo:\n \"This is workqueue updates for v3.7-rc1. A lot of activities this\n round including considerable API and behavior cleanups.\n\n * delayed_work combines a timer and a work item. The handling of the\n timer part has always been a bit clunky leading to confusing\n cancelation API with weird corner-case behaviors. delayed_work is\n updated to use new IRQ safe timer and cancelation now works as\n expected.\n\n * Another deficiency of delayed_work was lack of the counterpart of\n mod_timer() which led to cancel+queue combinations or open-coded\n timer+work usages. mod_delayed_work[_on]() are added.\n\n These two delayed_work changes make delayed_work provide interface\n and behave like timer which is executed with process context.\n\n * A work item could be executed concurrently on multiple CPUs, which\n is rather unintuitive and made flush_work() behavior confusing and\n half-broken under certain circumstances. This problem doesn\u0027t\n exist for non-reentrant workqueues. While non-reentrancy check\n isn\u0027t free, the overhead is incurred only when a work item bounces\n across different CPUs and even in simulated pathological scenario\n the overhead isn\u0027t too high.\n\n All workqueues are made non-reentrant. This removes the\n distinction between flush_[delayed_]work() and\n flush_[delayed_]_work_sync(). The former is now as strong as the\n latter and the specified work item is guaranteed to have finished\n execution of any previous queueing on return.\n\n * In addition to the various bug fixes, Lai redid and simplified CPU\n hotplug handling significantly.\n\n * Joonsoo introduced system_highpri_wq and used it during CPU\n hotplug.\n\n There are two merge commits - one to pull in IRQ safe timer from\n tip/timers/core and the other to pull in CPU hotplug fixes from\n wq/for-3.6-fixes as Lai\u0027s hotplug restructuring depended on them.\"\n\nFixed a number of trivial conflicts, but the more interesting conflicts\nwere silent ones where the deprecated interfaces had been used by new\ncode in the merge window, and thus didn\u0027t cause any real data conflicts.\n\nTejun pointed out a few of them, I fixed a couple more.\n\n* \u0027for-3.7\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: (46 commits)\n workqueue: remove spurious WARN_ON_ONCE(in_irq()) from try_to_grab_pending()\n workqueue: use cwq_set_max_active() helper for workqueue_set_max_active()\n workqueue: introduce cwq_set_max_active() helper for thaw_workqueues()\n workqueue: remove @delayed from cwq_dec_nr_in_flight()\n workqueue: fix possible stall on try_to_grab_pending() of a delayed work item\n workqueue: use hotcpu_notifier() for workqueue_cpu_down_callback()\n workqueue: use __cpuinit instead of __devinit for cpu callbacks\n workqueue: rename manager_mutex to assoc_mutex\n workqueue: WORKER_REBIND is no longer necessary for idle rebinding\n workqueue: WORKER_REBIND is no longer necessary for busy rebinding\n workqueue: reimplement idle worker rebinding\n workqueue: deprecate __cancel_delayed_work()\n workqueue: reimplement cancel_delayed_work() using try_to_grab_pending()\n workqueue: use mod_delayed_work() instead of __cancel + queue\n workqueue: use irqsafe timer for delayed_work\n workqueue: clean up delayed_work initializers and add missing one\n workqueue: make deferrable delayed_work initializer names consistent\n workqueue: cosmetic whitespace updates for macro definitions\n workqueue: deprecate system_nrt[_freezable]_wq\n workqueue: deprecate flush[_delayed]_work_sync()\n ...\n" }, { "commit": "94095a1fff89dffe9451839deae4c6a40cf3ec21", "tree": "c1beac5dc336d836c269253db3b00a302777598f", "parents": [ "620e77533f29796df7aff861e79bd72e08554ebb", "f784e8a7989c0da3062d04bfea3db90f41e8f738" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 10:25:54 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 10:25:54 2012 -0700" }, "message": "Merge branch \u0027core-urgent-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull core kernel fixes from Ingo Molnar:\n \"This is a complex task_work series from Oleg that fixes the bug that\n this VFS commit tried to fix:\n\n d35abdb28824 hold task_lock around checks in keyctl\n\n but solves the problem without the lockup regression that d35abdb28824\n introduced in v3.6.\n\n This series came late in v3.6 and I did not feel confident about it so\n late in the cycle. Might be worth backporting to -stable if it proves\n itself upstream.\"\n\n* \u0027core-urgent-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:\n task_work: Simplify the usage in ptrace_notify() and get_signal_to_deliver()\n task_work: Revert \"hold task_lock around checks in keyctl\"\n task_work: task_work_add() should not succeed after exit_task_work()\n task_work: Make task_work_add() lockless\n" }, { "commit": "99dbb1632f1165c2726056ebfce6edde0e5a0208", "tree": "2b2fc83db20b4c6d13842496899774b0dc2868e2", "parents": [ "aae6f989c6e97ff8197717fa4d032ad4eba091a7", "9c33c512b2d3167a3580659942ee78437b1b1bc6" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 09:06:36 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 01 09:06:36 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\nPull the trivial tree from Jiri Kosina:\n \"Tiny usual fixes all over the place\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)\n doc: fix old config name of kprobetrace\n fs/fs-writeback.c: cleanup riteback_sb_inodes kerneldoc\n btrfs: fix the commment for the action flags in delayed-ref.h\n btrfs: fix trivial typo for the comment of BTRFS_FREE_INO_OBJECTID\n vfs: fix kerneldoc for generic_fh_to_parent()\n treewide: fix comment/printk/variable typos\n ipr: fix small coding style issues\n doc: fix broken utf8 encoding\n nfs: comment fix\n platform/x86: fix asus_laptop.wled_type module parameter\n mfd: printk/comment fixes\n doc: getdelays.c: remember to close() socket on error in create_nl_socket()\n doc: aliasing-test: close fd on write error\n mmc: fix comment typos\n dma: fix comments\n spi: fix comment/printk typos in spi\n Coccinelle: fix typo in memdup_user.cocci\n tmiofb: missing NULL pointer checks\n tools: perf: Fix typo in tools/perf\n tools/testing: fix comment / output typos\n ...\n" }, { "commit": "6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db", "tree": "8faea23112a11f52524eb413f71b7b02712d8b53", "parents": [ "d9f72f359e00a45a6cd7cc2d5121b04b9dc927e1", "6672d90fe779dc0dfffe027c3ede12609df091c2" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 28 14:40:49 2012 -0400" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tdrivers/net/team/team.c\n\tdrivers/net/usb/qmi_wwan.c\n\tnet/batman-adv/bat_iv_ogm.c\n\tnet/ipv4/fib_frontend.c\n\tnet/ipv4/route.c\n\tnet/l2tp/l2tp_netlink.c\n\nThe team, fib_frontend, route, and l2tp_netlink conflicts were simply\noverlapping changes.\n\nqmi_wwan and bat_iv_ogm were of the \"use HEAD\" variety.\n\nWith help from Antonio Quartulli.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a84a921978b7d56e0e4b87ffaca6367429b4d8ff", "tree": "03edfc3a5039edd443078d7adc20d585be89022b", "parents": [ "631527703d1aa2f0c5dc2af0d998f4da95c83f0e" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Fri Sep 28 12:20:02 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Sep 28 12:20:02 2012 +0100" }, "message": "key: Fix resource leak\n\nOn an error iov may still have been reallocated and need freeing\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "631527703d1aa2f0c5dc2af0d998f4da95c83f0e", "tree": "a2aec36285e598c3f1c34aef166b242859bddb63", "parents": [ "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Alan Cox", "email": "alan@linux.intel.com", "time": "Fri Sep 28 12:20:02 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Sep 28 12:20:02 2012 +0100" }, "message": "keys: Fix unreachable code\n\nWe set ret to NULL then test it. Remove the bogus test\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "bf5308344527d015ac9a6d2bda4ad4d40fd7d943", "tree": "566e61e2cfc648c374d15cfc8c661b73e1a471f8", "parents": [ "3585e96cd1049682b8a19a0b699422156e9d735b", "979570e02981d4a8fc20b3cc8fd651856c98ee9d" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Sep 28 13:37:32 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri Sep 28 13:37:32 2012 +1000" }, "message": "Merge tag \u0027v3.6-rc7\u0027 into next\n\nLinux 3.6-rc7\n\nRequested by David Howells so he can merge his key susbsystem work into\nmy tree with requisite -linus changesets.\n" }, { "commit": "cb0942b81249798e15c3f04eee2946ef543e8115", "tree": "7d494c580a847342577661782c5173f76178aa81", "parents": [ "cecb46f194460d23cacf3b13593f9f5a4f7a0fed" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Aug 27 14:48:26 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:10:25 2012 -0400" }, "message": "make get_file() return its argument\n\nsimplifies a bunch of callers...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c3c073f808b22dfae15ef8412b6f7b998644139a", "tree": "3369bcbe414738d90e6ccfe257f6ce3e72f6a5ae", "parents": [ "ad47bd7252bf402fe7dba92f5240b5ed16832ae7" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Aug 21 22:32:06 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:09:59 2012 -0400" }, "message": "new helper: iterate_fd()\n\niterates through the opened files in given descriptor table,\ncalling a supplied function; we stop once non-zero is returned.\nCallback gets struct file *, descriptor number and const void *\nargument passed to iterator. It is called with files-\u003efile_lock\nheld, so it is not allowed to block.\n\ntty_io, netprio_cgroup and selinux flush_unauthorized_files()\nconverted to its use.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee97cd872d08b8623076f2a63ffb872d0884411a", "tree": "0eb578bbf88459dff4e04b0273531971c539c466", "parents": [ "8280d16172243702ed43432f826ca6130edb4086" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Aug 21 12:26:45 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Sep 26 21:09:58 2012 -0400" }, "message": "switch flush_unauthorized_files() to replace_fd()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d2b31ca644fdc8704de3367a6a56a5c958c77f53", "tree": "70967aaec7a5a86ffdd6adf3a45d3b3cb8833678", "parents": [ "8b94eea4bfb8df693c5b35d08b74f13cfb92f3de" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Jun 01 16:14:19 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:25 2012 -0700" }, "message": "userns: Teach security_path_chown to take kuids and kgids\n\nDon\u0027t make the security modules deal with raw user space uid and\ngids instead pass in a kuid_t and a kgid_t so that security modules\nonly have to deal with internal kernel uids and gids.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "8b94eea4bfb8df693c5b35d08b74f13cfb92f3de", "tree": "908ffbf4f0bb117ca47346712dc0e57f6434cda1", "parents": [ "cf9c93526f4517581a9e8f1c0d9093a4c7748ec6" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri May 25 18:24:12 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:24 2012 -0700" }, "message": "userns: Add user namespace support to IMA\n\nUse kuid\u0027s in the IMA rules.\n\nWhen reporting the current uid in audit logs use from_kuid\nto get a usable value.\n\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "cf9c93526f4517581a9e8f1c0d9093a4c7748ec6", "tree": "9e9eba640d957fe83e081602f7c227480fb413b5", "parents": [ "29f82ae56e8798f7907d60145e0186082800d130" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri May 25 18:22:35 2012 -0600" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:24 2012 -0700" }, "message": "userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n\nCc: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "581abc09c2205e05256d7f75410345d5392d5098", "tree": "af6bbd233f6030fa51a7dcbf0754e83650e0b0ad", "parents": [ "609fcd1b3a55f99667c61609895c83019b21baad" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Aug 20 00:09:36 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:22 2012 -0700" }, "message": "userns: Convert selinux to use kuid and kgid where appropriate\n\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjames.l.morris@oracle.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "609fcd1b3a55f99667c61609895c83019b21baad", "tree": "f90cec33d1f1e0922c28d5528cd0f535dc235b92", "parents": [ "2db81452931eb51cc739d6e495cf1bd4860c3c99" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Feb 07 16:34:10 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:22 2012 -0700" }, "message": "userns: Convert tomoyo to use kuid and kgid where appropriate\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "2db81452931eb51cc739d6e495cf1bd4860c3c99", "tree": "959805577a8e8c449fc4b3c576d2f0c840090fa4", "parents": [ "e4849737f76c8767e70dc1575f6e59fc3682b3fe" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Feb 07 16:33:13 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 21 03:13:21 2012 -0700" }, "message": "userns: Convert apparmor to use kuid and kgid where appropriate\n\nCc: John Johansen \u003cjohn.johansen@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "0a72ba7aff26fb6e918cee6d2bbfd289069f10ae", "tree": "4263886ae20b6875153c20513b607e6208e8a3f6", "parents": [ "46a2f3b9e99353cc63e15563e8abee71162330f7" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Sep 19 15:32:49 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 19 08:55:20 2012 -0400" }, "message": "ima: change flags container data type\n\nIMA audit hashes patches introduced new IMA flags and required\nspace went beyond 8 bits. Currently the only flag is IMA_DIGSIG.\nThis patch use 16 bit short instead of 8 bit char.\nWithout this fix IMA signature will be replaced with hash, which\nshould not happen.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "ee8372dd1989287c5eedb69d44bac43f69e496f1", "tree": "419de8719e0cf610f313345d25b231e376083ebd", "parents": [ "b42664f898c976247f7f609b8bb9c94d7475ca10" ], "author": { "name": "Nicolas Dichtel", "email": "nicolas.dichtel@6wind.com", "time": "Mon Sep 10 22:09:45 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 18 15:57:03 2012 -0400" }, "message": "xfrm: invalidate dst on policy insertion/deletion\n\nWhen a policy is inserted or deleted, all dst should be recalculated.\n\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "46a2f3b9e99353cc63e15563e8abee71162330f7", "tree": "0d8857d5209990480975cc76379f6de1b4c0bf24", "parents": [ "449543b0436a9146b855aad39eab76ae4853e88d" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Wed Aug 22 11:44:03 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:51:06 2012 -0700" }, "message": "Smack: setprocattr memory leak fix\n\nThe data structure allocations being done in prepare_creds\nare duplicated in smack_setprocattr. This results in the\nstructure allocated in prepare_creds being orphaned and\nnever freed. The duplicate code is removed from\nsmack_setprocattr.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "449543b0436a9146b855aad39eab76ae4853e88d", "tree": "1b430fec0506e78929cfd944972d7dd49d0f76fd", "parents": [ "c00bedb368ae02a066aed8a888afc286c1df2e60" ], "author": { "name": "Rafal Krypa", "email": "r.krypa@samsung.com", "time": "Wed Jul 11 17:49:30 2012 +0200" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:50:52 2012 -0700" }, "message": "Smack: implement revoking all rules for a subject label\n\nAdd /smack/revoke-subject special file. Writing a SMACK label to this file will\nset the access to \u0027-\u0027 for all access rules with that subject label.\n\nTargeted for git://git.gitorious.org/smack-next/kernel.git\n\nSigned-off-by: Rafal Krypa \u003cr.krypa@samsung.com\u003e\n" }, { "commit": "c00bedb368ae02a066aed8a888afc286c1df2e60", "tree": "9f72de8b17597cdedb755c553dafe992e2724b1b", "parents": [ "e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Thu Aug 09 17:46:38 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Sep 18 09:50:37 2012 -0700" }, "message": "Smack: remove task_wait() hook.\n\nOn 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:\n\u003e Allow SIGCHLD to be passed to child process without\n\u003e explicit policy. This will help to keep the access\n\u003e control policy simple and easily maintainable with\n\u003e complex applications that require use of multiple\n\u003e security contexts. It will also help to keep them\n\u003e as isolated as possible.\n\u003e\n\u003e Signed-off-by: Jarkko Sakkinen \u003cjarkko.sakkinen@intel.com\u003e\n\nI have a slightly different version that applies to the\ncurrent smack-next tree.\n\nAllow SIGCHLD to be passed to child process without\nexplicit policy. This will help to keep the access\ncontrol policy simple and easily maintainable with\ncomplex applications that require use of multiple\nsecurity contexts. It will also help to keep them\nas isolated as possible.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n\n security/smack/smack_lsm.c | 37 ++++++++-----------------------------\n 1 files changed, 8 insertions(+), 29 deletions(-)\n" }, { "commit": "8c7f6edbda01f1b1a2e60ad61f14fe38023e433b", "tree": "f1db9712b109575cba86e37140e1e4f8a56ca780", "parents": [ "fbcbe2b3c92ee1c930dcfcf8bb764074c100fd63" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Thu Sep 13 12:20:58 2012 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Fri Sep 14 12:01:16 2012 -0700" }, "message": "cgroup: mark subsystems with broken hierarchy support and whine if cgroups are nested for them\n\nCurrently, cgroup hierarchy support is a mess. cpu related subsystems\nbehave correctly - configuration, accounting and control on a parent\nproperly cover its children. blkio and freezer completely ignore\nhierarchy and treat all cgroups as if they\u0027re directly under the root\ncgroup. Others show yet different behaviors.\n\nThese differing interpretations of cgroup hierarchy make using cgroup\nconfusing and it impossible to co-mount controllers into the same\nhierarchy and obtain sane behavior.\n\nEventually, we want full hierarchy support from all subsystems and\nprobably a unified hierarchy. Users using separate hierarchies\nexpecting completely different behaviors depending on the mounted\nsubsystem is deterimental to making any progress on this front.\n\nThis patch adds cgroup_subsys.broken_hierarchy and sets it to %true\nfor controllers which are lacking in hierarchy support. The goal of\nthis patch is two-fold.\n\n* Move users away from using hierarchy on currently non-hierarchical\n subsystems, so that implementing proper hierarchy support on those\n doesn\u0027t surprise them.\n\n* Keep track of which controllers are broken how and nudge the\n subsystems to implement proper hierarchy support.\n\nFor now, start with a single warning message. We can whine louder\nlater on.\n\nv2: Fixed a typo spotted by Michal. Warning message updated.\n\nv3: Updated memcg part so that it doesn\u0027t generate warning in the\n cases where .use_hierarchy\u003dfalse doesn\u0027t make the behavior\n different from root.use_hierarchy\u003dtrue. Fixed a typo spotted by\n Glauber.\n\nv4: Check -\u003ebroken_hierarchy after cgroup creation is complete so that\n -\u003ecreate() can affect the result per Michal. Dropped unnecessary\n memcg root handling per Michal.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nAcked-by: Li Zefan \u003clizefan@huawei.com\u003e\nAcked-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Glauber Costa \u003cglommer@parallels.com\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: Paul Turner \u003cpjt@google.com\u003e\nCc: Johannes Weiner \u003channes@cmpxchg.org\u003e\nCc: Thomas Graf \u003ctgraf@suug.ch\u003e\nCc: Vivek Goyal \u003cvgoyal@redhat.com\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Arnaldo Carvalho de Melo \u003cacme@ghostprotocols.net\u003e\nCc: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nCc: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\n" }, { "commit": "9a56c2db49e7349c7963f0ce66c1ef578d44ebd3", "tree": "de29b56483bb00efabca3ba35c7001cab2aab7be", "parents": [ "5fce5e0bbd44263c36f58ad1113b599d06ed1978" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 08 07:53:04 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Sep 13 18:28:02 2012 -0700" }, "message": "userns: Convert security/keys to the new userns infrastructure\n\n- Replace key_user -\u003euser_ns equality checks with kuid_has_mapping checks.\n- Use from_kuid to generate key descriptions\n- Use kuid_t and kgid_t and the associated helpers instead of uid_t and gid_t\n- Avoid potential problems with file descriptor passing by displaying\n keys in the user namespace of the opener of key status proc files.\n\nCc: linux-security-module@vger.kernel.org\nCc: keyrings@linux-nfs.org\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8", "tree": "f920b77b98c38e28dd2974564db102160e59f3e9", "parents": [ "45e2472e67bf66f794d507b52e82af92e0614e49" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Thu Jun 14 10:04:36 2012 -0700" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:48:44 2012 -0400" }, "message": "ima: audit log hashes\n\nThis adds an \u0027audit\u0027 policy action which audit logs file measurements.\n\nChangelog v6:\n - use new action flag handling (Dmitry Kasatkin).\n - removed whitespace (Mimi)\n\nChangelog v5:\n - use audit_log_untrustedstring.\n\nChangelog v4:\n - cleanup digest -\u003e hash conversion.\n - use filename rather than d_path in ima_audit_measurement.\n\nChangelog v3:\n - Use newly exported audit_log_task_info for logging pid/ppid/uid/etc.\n - Update the ima_policy ABI documentation.\n\nChangelog v2:\n - Use \u0027audit\u0027 action rather than \u0027measure_and_audit\u0027 to permit\n auditing in the absence of measuring..\n\nChangelog v1:\n - Initial posting.\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "45e2472e67bf66f794d507b52e82af92e0614e49", "tree": "4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac", "parents": [ "d9d300cdb6f233c4c591348919c758062198a4f4" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Sep 12 20:51:32 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Sep 13 14:23:57 2012 -0400" }, "message": "ima: generic IMA action flag handling\n\nMake the IMA action flag handling generic in order to support\nadditional new actions, without requiring changes to the base\nimplementation. New actions, like audit logging, will only\nneed to modify the define statements.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "b3f68f16dbcde6fcdf0fd27695391ff7e9d41233", "tree": "26833634b038b8fd9d18f109deb10770eb3f2a6e", "parents": [ "9da33de62431c7839f98156720862262272a8380" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Sun Aug 26 21:12:14 2012 +0200" }, "committer": { "name": "Ingo Molnar", "email": "mingo@kernel.org", "time": "Thu Sep 13 16:47:36 2012 +0200" }, "message": "task_work: Revert \"hold task_lock around checks in keyctl\"\n\nThis reverts commit d35abdb28824cf74f0a106a0f9c6f3ff700a35bf.\n\ntask_lock() was added to ensure exit_mm() and thus exit_task_work() is\nnot possible before task_work_add().\n\nThis is wrong, task_lock() must not be nested with write_lock(tasklist).\nAnd this is no longer needed, task_work_add() now fails if it is called\nafter exit_task_work().\n\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nLink: http://lkml.kernel.org/r/20120826191214.GA4231@redhat.com\nSigned-off-by: Ingo Molnar \u003cmingo@kernel.org\u003e\n" }, { "commit": "d4f65b5d2497b2fd9c45f06b71deb4ab084a5b66", "tree": "57128a75a755e2b4a6521408cc2eaf73c88e54aa", "parents": [ "eeea3ac912207dcf759b95b2b4c36f96bce583bf" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "message": "KEYS: Add payload preparsing opportunity prior to key instantiate or update\n\nGive the key type the opportunity to preparse the payload prior to the\ninstantiation and update routines being called. This is done with the\nprovision of two new key type operations:\n\n\tint (*preparse)(struct key_preparsed_payload *prep);\n\tvoid (*free_preparse)(struct key_preparsed_payload *prep);\n\nIf the first operation is present, then it is called before key creation (in\nthe add/update case) or before the key semaphore is taken (in the update and\ninstantiate cases). The second operation is called to clean up if the first\nwas called.\n\npreparse() is given the opportunity to fill in the following structure:\n\n\tstruct key_preparsed_payload {\n\t\tchar\t\t*description;\n\t\tvoid\t\t*type_data[2];\n\t\tvoid\t\t*payload;\n\t\tconst void\t*data;\n\t\tsize_t\t\tdatalen;\n\t\tsize_t\t\tquotalen;\n\t};\n\nBefore the preparser is called, the first three fields will have been cleared,\nthe payload pointer and size will be stored in data and datalen and the default\nquota size from the key_type struct will be stored into quotalen.\n\nThe preparser may parse the payload in any way it likes and may store data in\nthe type_data[] and payload fields for use by the instantiate() and update()\nops.\n\nThe preparser may also propose a description for the key by attaching it as a\nstring to the description field. This can be used by passing a NULL or \"\"\ndescription to the add_key() system call or the key_create_or_update()\nfunction. This cannot work with request_key() as that required the description\nto tell the upcall about the key to be created.\n\nThis, for example permits keys that store PGP public keys to generate their own\nname from the user ID and public key fingerprint in the key.\n\nThe instantiate() and update() operations are then modified to look like this:\n\n\tint (*instantiate)(struct key *key, struct key_preparsed_payload *prep);\n\tint (*update)(struct key *key, struct key_preparsed_payload *prep);\n\nand the new payload data is passed in *prep, whether or not it was preparsed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "d9d300cdb6f233c4c591348919c758062198a4f4", "tree": "2a00e8e9100b1d799e5b779008ad0081e7fe5264", "parents": [ "e23eb920b0f3978687c497de2ac3eb9e281dab32" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Jun 27 11:26:14 2012 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 12 07:28:05 2012 -0400" }, "message": "ima: rename ima_must_appraise_or_measure\n\nWhen AUDIT action support is added to the IMA,\nima_must_appraise_or_measure() does not reflect the real meaning anymore.\nRename it to ima_get_action().\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e", "tree": "2a9f9513a13c73cb1196ebe3426389c1140e2888", "parents": [ "9785e10aedfa0fad5c1aac709dce5ada1b123783" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:46:30 2012 -0400" }, "message": "netlink: hide struct module parameter in netlink_kernel_create\n\nThis patch defines netlink_kernel_create as a wrapper function of\n__netlink_kernel_create to hide the struct module *me parameter\n(which seems to be THIS_MODULE in all existing netlink subsystems).\n\nSuggested by David S. Miller.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9785e10aedfa0fad5c1aac709dce5ada1b123783", "tree": "ca523e084318b6e908b18c6f3e9e53ea7e9a1c49", "parents": [ "16fa9e1d104e6f2c18005a4ac7ea60e4c7fc1286" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:53 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:45:27 2012 -0400" }, "message": "netlink: kill netlink_set_nonroot\n\nReplace netlink_set_nonroot by one new field `flags\u0027 in\nstruct netlink_kernel_cfg that is passed to netlink_kernel_create.\n\nThis patch also renames NL_NONROOT_* to NL_CFG_F_NONROOT_* since\nnow the flags field in nl_table is generic (so we can add more\nflags if needed in the future).\n\nAlso adjust all callers in the net-next tree to use these flags\ninstead of netlink_set_nonroot.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8606404fa555c2ee691376fcc640ab89fe752035", "tree": "4b2d2e43b7ad196b46757faff10d04803381a543", "parents": [ "5a44b41207174e1882ce0c24a752f4cfb65dab07" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Aug 31 14:07:06 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:48 2012 -0400" }, "message": "ima: digital signature verification support\n\nThis patch adds support for digital signature based integrity appraisal.\nWith this patch, \u0027security.ima\u0027 contains either the file data hash or\na digital signature of the file data hash. The file data hash provides\nthe security attribute of file integrity. In addition to file integrity,\na digital signature provides the security attribute of authenticity.\n\nUnlike EVM, when the file metadata changes, the digital signature is\nreplaced with an HMAC, modification of the file data does not cause the\n\u0027security.ima\u0027 digital signature to be replaced with a hash. As a\nresult, after any modification, subsequent file integrity appraisals\nwould fail.\n\nAlthough digitally signed files can be modified, but by not updating\n\u0027security.ima\u0027 to reflect these modifications, in essence digitally\nsigned files could be considered \u0027immutable\u0027.\n\nIMA uses a different keyring than EVM. While the EVM keyring should not\nbe updated after initialization and locked, the IMA keyring should allow\nupdating or adding new keys when upgrading or installing packages.\n\nChangelog v4:\n- Change IMA_DIGSIG to hex equivalent\nChangelog v3:\n- Permit files without any \u0027security.ima\u0027 xattr to be labeled properly.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a44b41207174e1882ce0c24a752f4cfb65dab07", "tree": "a5426be63a4f165f3ce15d1e61d8fd10f37fd8c3", "parents": [ "42c63330f2b05aa6077c1bfc2798c04afe54f6b2" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jan 09 22:59:36 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add support for different security.ima data types\n\nIMA-appraisal currently verifies the integrity of a file based on a\nknown \u0027good\u0027 measurement value. This patch reserves the first byte\nof \u0027security.ima\u0027 as a place holder for the type of method used for\nverifying file data integrity.\n\nChangelog v1:\n- Use the newly defined \u0027struct evm_ima_xattr_data\u0027\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@nokia.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "42c63330f2b05aa6077c1bfc2798c04afe54f6b2", "tree": "bbd7d212ba9c686b2b649718b8b919bdd2eecea4", "parents": [ "9957a5043e7b0b7361cdf48eea22b2900293e63a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Thu Mar 10 18:54:15 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:47 2012 -0400" }, "message": "ima: add ima_inode_setxattr/removexattr function and calls\n\nBased on xattr_permission comments, the restriction to modify \u0027security\u0027\nxattr is left up to the underlying fs or lsm. Ensure that not just anyone\ncan modify or remove \u0027security.ima\u0027.\n\nChangelog v1:\n- Unless IMA-APPRAISE is configured, use stub ima_inode_removexattr()/setxattr()\n functions. (Moved ima_inode_removexattr()/setxattr() to ima_appraise.c)\n\nChangelog:\n - take i_mutex to fix locking (Dmitry Kasatkin)\n - ima_reset_appraise_flags should only be called when modifying or\n removing the \u0027security.ima\u0027 xattr. Requires CAP_SYS_ADMIN privilege.\n (Incorporated fix from Roberto Sassu)\n - Even if allowed to update security.ima, reset the appraisal flags,\n forcing re-appraisal.\n - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN\n - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs\n - ima_protect_xattr should be static\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "a10bf26b2f53242836e9362c6c9c857b627b82a9", "tree": "98c7b83684f1df42571013af4c0572c7eeea8e76", "parents": [ "bf2276d10ce58ff44ab8857266a6718024496af6" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Feb 08 14:15:42 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:46 2012 -0400" }, "message": "ima: replace iint spinblock with rwlock/read_lock\n\nFor performance, replace the iint spinlock with rwlock/read_lock.\n\nEric Paris questioned this change, from spinlocks to rwlocks, saying\n\"rwlocks have been shown to actually be slower on multi processor\nsystems in a number of cases due to the cache line bouncing required.\"\n\nBased on performance measurements compiling the kernel on a cold\nboot with multiple jobs with/without this patch, Dmitry Kasatkin\nand I found that rwlocks performed better than spinlocks, but very\ninsignificantly. For example with total compilation time around 6\nminutes, with rwlocks time was 1 - 3 seconds shorter... but always\nlike that.\n\nChangelog v2:\n- new patch taken from the \u0027allocating iint improvements\u0027 patch\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "bf2276d10ce58ff44ab8857266a6718024496af6", "tree": "7be39c026fd30856248f68c964d0f1e2ae703c25", "parents": [ "07f6a79415d7d502ee0c7d02ace6594a7be7429a" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@intel.com", "time": "Wed Oct 19 12:04:40 2011 +0300" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: allocating iint improvements\n\nWith IMA-appraisal\u0027s removal of the iint mutex and taking the i_mutex\ninstead, allocating the iint becomes a lot simplier, as we don\u0027t need\nto be concerned with two processes racing to allocate the iint. This\npatch cleans up and improves performance for allocating the iint.\n\n- removed redundant double i_mutex locking\n- combined iint allocation with tree search\n\nChangelog v2:\n- removed the rwlock/read_lock changes from this patch\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "07f6a79415d7d502ee0c7d02ace6594a7be7429a", "tree": "af2a9b3bb84ab621cbf11ab609dd8cc3566f2b12", "parents": [ "2fe5d6def1672ae6635dd71867bf36dcfaa7434b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Mar 09 22:25:48 2011 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:45 2012 -0400" }, "message": "ima: add appraise action keywords and default rules\n\nUnlike the IMA measurement policy, the appraise policy can not be dependent\non runtime process information, such as the task uid, as the \u0027security.ima\u0027\nxattr is written on file close and must be updated each time the file changes,\nregardless of the current task uid.\n\nThis patch extends the policy language with \u0027fowner\u0027, defines an appraise\npolicy, which appraises all files owned by root, and defines \u0027ima_appraise_tcb\u0027,\na new boot command line option, to enable the appraise policy.\n\nChangelog v3:\n- separate the measure from the appraise rules in order to support measuring\n without appraising and appraising without measuring.\n- change appraisal default for filesystems without xattr support to fail\n- update default appraise policy for cgroups\n\nChangelog v1:\n- don\u0027t appraise RAMFS (Dmitry Kasatkin)\n- merged rest of \"ima: ima_must_appraise_or_measure API change\" commit\n (Dmtiry Kasatkin)\n\n ima_must_appraise_or_measure() called ima_match_policy twice, which\n searched the policy for a matching rule. Once for a matching measurement\n rule and subsequently for an appraisal rule. Searching the policy twice\n is unnecessary overhead, which could be noticeable with a large policy.\n\n The new version of ima_must_appraise_or_measure() does everything in a\n single iteration using a new version of ima_match_policy(). It returns\n IMA_MEASURE, IMA_APPRAISE mask.\n\n With the use of action mask only one efficient matching function\n is enough. Removed other specific versions of matching functions.\n\nChangelog:\n- change \u0027owner\u0027 to \u0027fowner\u0027 to conform to the new LSM conditions posted by\n Roberto Sassu.\n- fix calls to ima_log_string()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b", "tree": "f83878d309605440b5bc2d2d43a16ccece64c645", "parents": [ "4199d35cbc90c15db447d115bd96ffa5f1d60d3a" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Feb 13 10:15:05 2012 -0500" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Fri Sep 07 14:57:44 2012 -0400" }, "message": "ima: integrity appraisal extension\n\nIMA currently maintains an integrity measurement list used to assert the\nintegrity of the running system to a third party. The IMA-appraisal\nextension adds local integrity validation and enforcement of the\nmeasurement against a \"good\" value stored as an extended attribute\n\u0027security.ima\u0027. The initial methods for validating \u0027security.ima\u0027 are\nhashed based, which provides file data integrity, and digital signature\nbased, which in addition to providing file data integrity, provides\nauthenticity.\n\nThis patch creates and maintains the \u0027security.ima\u0027 xattr, containing\nthe file data hash measurement. Protection of the xattr is provided by\nEVM, if enabled and configured.\n\nBased on policy, IMA calls evm_verifyxattr() to verify a file\u0027s metadata\nintegrity and, assuming success, compares the file\u0027s current hash value\nwith the one stored as an extended attribute in \u0027security.ima\u0027.\n\nChangelov v4:\n- changed iint cache flags to hex values\n\nChangelog v3:\n- change appraisal default for filesystems without xattr support to fail\n\nChangelog v2:\n- fix audit msg \u0027res\u0027 value\n- removed unused \u0027ima_appraise\u003d\u0027 values\n\nChangelog v1:\n- removed unused iint mutex (Dmitry Kasatkin)\n- setattr hook must not reset appraised (Dmitry Kasatkin)\n- evm_verifyxattr() now differentiates between no \u0027security.evm\u0027 xattr\n (INTEGRITY_NOLABEL) and no EVM \u0027protected\u0027 xattrs included in the\n \u0027security.evm\u0027 (INTEGRITY_NOXATTRS).\n- replace hash_status with ima_status (Dmitry Kasatkin)\n- re-initialize slab element ima_status on free (Dmitry Kasatkin)\n- include \u0027security.ima\u0027 in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA\n- merged half \"ima: ima_must_appraise_or_measure API change\" (Dmitry Kasatkin)\n- removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)\n- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured\n (moved ima_inode_post_setattr() to ima_appraise.c)\n- make sure ima_collect_measurement() can read file\n\nChangelog:\n- add \u0027iint\u0027 to evm_verifyxattr() call (Dimitry Kasatkin)\n- fix the race condition between chmod, which takes the i_mutex and then\n iint-\u003emutex, and ima_file_free() and process_measurement(), which take\n the locks in the reverse order, by eliminating iint-\u003emutex. (Dmitry Kasatkin)\n- cleanup of ima_appraise_measurement() (Dmitry Kasatkin)\n- changes as a result of the iint not allocated for all regular files, but\n only for those measured/appraised.\n- don\u0027t try to appraise new/empty files\n- expanded ima_appraisal description in ima/Kconfig\n- IMA appraise definitions required even if IMA_APPRAISE not enabled\n- add return value to ima_must_appraise() stub\n- unconditionally set status \u003d INTEGRITY_PASS *after* testing status,\n not before. (Found by Joe Perches)\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n" }, { "commit": "2e4930eb7c8fb20a39dfb5f8a8f80402710dcea8", "tree": "01e5e84032b2d7efe3441080e5ce1c484f696680", "parents": [ "c6993e4ac002c92bc75379212e9179c36d4bf7ee" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Aug 27 11:38:13 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Sep 08 01:06:14 2012 +1000" }, "message": "Yama: handle 32-bit userspace prctl\n\nWhen running a 64-bit kernel and receiving prctls from a 32-bit\nuserspace, the \"-1\" used as an unsigned long will end up being\nmisdetected. The kernel is looking for 0xffffffffffffffff instead of\n0xffffffff. Since prctl lacks a distinct compat interface, Yama needs\nto handle this translation itself. As such, support either value as\nmeaning PR_SET_PTRACER_ANY, to avoid breaking the ABI for 64-bit.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "c6993e4ac002c92bc75379212e9179c36d4bf7ee", "tree": "cdb4c800ea3cf4003b07087166cc767dab79032f", "parents": [ "81198078d7da4240f3cbfc2c6a8ea6cd417f51a7" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Sep 04 13:32:13 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Sep 05 14:12:31 2012 -0700" }, "message": "security: allow Yama to be unconditionally stacked\n\nUnconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected,\nno matter what LSM module is primary.\n\nUbuntu and Chrome OS already carry patches to do this, and Fedora\nhas voiced interest in doing this as well. Instead of having multiple\ndistributions (or LSM authors) carrying these patches, just allow Yama\nto be called unconditionally when selected by the new CONFIG.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "ec2e1ed2d7f703ee5dfc9bff501bf0ccb70ab23b", "tree": "aec16a9fe1c1d64b009d965f44f5280e2385d73f", "parents": [ "d64569289ab7f7c11a0694d9791e18e373deac3b" ], "author": { "name": "Paul Bolle", "email": "pebolle@tiscali.nl", "time": "Sun Jul 01 15:45:50 2012 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Sat Sep 01 08:35:34 2012 -0700" }, "message": "AppArmor: remove af_names.h from .gitignore\n\nCommit 4fdef2183e6598cc977a9bb9321ef99a44125da3 (\"AppArmor: Cleanup make\nfile to remove cruft and make it easier to read\") removed all traces of\naf_names.h from the tree. Remove its entry in AppArmor\u0027s .gitignore file\ntoo.\n\nSigned-off-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "20328b56cdf8fcc79f28c6c50ad8190fc0779e80", "tree": "e8c38d27456bda5b112f0edccf63757e7098d997", "parents": [ "c5df39262dd59dbbffb1017fca0f1661408ac9d5" ], "author": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 15:01:47 2012 -0500" }, "committer": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 16:23:23 2012 -0500" }, "message": "ima: enable the IBM vTPM as the default TPM in the PPC64 case\n\nEnable tpm_ibmvtpm driver by default when IMA is enabled on PPC64\n\nSigned-off-by: Kent Yoder \u003ckey@linux.vnet.ibm.com\u003e\n" }, { "commit": "41ab999c80f1d368f32a2554ba8f44feff26f54d", "tree": "8d53970a210364e19ecbdc05f6d8c8f88e6aadbf", "parents": [ "e5dcd87fee12ed64a9ea911102025facc0c7d10c" ], "author": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Thu Jun 07 13:47:14 2012 -0500" }, "committer": { "name": "Kent Yoder", "email": "key@linux.vnet.ibm.com", "time": "Wed Aug 22 11:11:33 2012 -0500" }, "message": "tpm: Move tpm_get_random api into the TPM device driver\n\nMove the tpm_get_random api from the trusted keys code into the TPM\ndevice driver itself so that other callers can make use of it. Also,\nchange the api slightly so that the number of bytes read is returned in\nthe call, since the TPM command can potentially return fewer bytes than\nrequested.\n\nAcked-by: David Safford \u003csafford@linux.vnet.ibm.com\u003e\nReviewed-by: H. Peter Anvin \u003chpa@linux.intel.com\u003e\nSigned-off-by: Kent Yoder \u003ckey@linux.vnet.ibm.com\u003e\n" }, { "commit": "3b07e9ca26866697616097044f25fbe53dbab693", "tree": "7621d076c91c05bc0fc3c63bdc54c279a487dfea", "parents": [ "43829731dd372d04d6706c51052b9dabab9ca356" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Aug 20 14:51:24 2012 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Mon Aug 20 14:51:24 2012 -0700" }, "message": "workqueue: deprecate system_nrt[_freezable]_wq\n\nsystem_nrt[_freezable]_wq are now spurious. Mark them deprecated and\nconvert all users to system[_freezable]_wq.\n\nIf you\u0027re cc\u0027d and wondering what\u0027s going on: Now all workqueues are\nnon-reentrant, so there\u0027s no reason to use system_nrt[_freezable]_wq.\nPlease use system[_freezable]_wq instead.\n\nThis patch doesn\u0027t make any functional difference.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-By: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\n\nCc: Jens Axboe \u003caxboe@kernel.dk\u003e\nCc: David Airlie \u003cairlied@linux.ie\u003e\nCc: Jiri Kosina \u003cjkosina@suse.cz\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\n" } ], "next": "7612bfeecc197bbb6629842b5c6ff1967f0a9b70" }