)]}' { "log": [ { "commit": "1193755ac6328ad240ba987e6ec41d5e8baf0680", "tree": "40bf847d7e3ebaa57b107151d14e6cd1d280cc6d", "parents": [ "4edebed86690eb8db9af3ab85baf4a34e73266cc", "0ef97dcfce4179a2eba046b855ee2f91d6f1b414" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 01 10:34:35 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 01 10:34:35 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs changes from Al Viro.\n \"A lot of misc stuff. The obvious groups:\n * Miklos\u0027 atomic_open series; kills the damn abuse of\n -\u003ed_revalidate() by NFS, which was the major stumbling block for\n all work in that area.\n * ripping security_file_mmap() and dealing with deadlocks in the\n area; sanitizing the neighborhood of vm_mmap()/vm_munmap() in\n general.\n * -\u003eencode_fh() switched to saner API; insane fake dentry in\n mm/cleancache.c gone.\n * assorted annotations in fs (endianness, __user)\n * parts of Artem\u0027s -\u003es_dirty work (jff2 and reiserfs parts)\n * -\u003eupdate_time() work from Josef.\n * other bits and pieces all over the place.\n\n Normally it would\u0027ve been in two or three pull requests, but\n signal.git stuff had eaten a lot of time during this cycle ;-/\"\n\nFix up trivial conflicts in Documentation/filesystems/vfs.txt (the\n\u0027truncate_range\u0027 inode method was removed by the VM changes, the VFS\nupdate adds an \u0027update_time()\u0027 method), and in fs/btrfs/ulist.[ch] (due\nto sparse fix added twice, with other changes nearby).\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (95 commits)\n nfs: don\u0027t open in -\u003ed_revalidate\n vfs: retry last component if opening stale dentry\n vfs: nameidata_to_filp(): don\u0027t throw away file on error\n vfs: nameidata_to_filp(): inline __dentry_open()\n vfs: do_dentry_open(): don\u0027t put filp\n vfs: split __dentry_open()\n vfs: do_last() common post lookup\n vfs: do_last(): add audit_inode before open\n vfs: do_last(): only return EISDIR for O_CREAT\n vfs: do_last(): check LOOKUP_DIRECTORY\n vfs: do_last(): make ENOENT exit RCU safe\n vfs: make follow_link check RCU safe\n vfs: do_last(): use inode variable\n vfs: do_last(): inline walk_component()\n vfs: do_last(): make exit RCU safe\n vfs: split do_lookup()\n Btrfs: move over to use -\u003eupdate_time\n fs: introduce inode operation -\u003eupdate_time\n reiserfs: get rid of resierfs_sync_super\n reiserfs: mark the superblock as dirty a bit later\n ...\n" }, { "commit": "98de59bfe4b2ff6344d9ad8e5296f80de5dcc5b6", "tree": "f2baf4a8eec3299d5e55dd3899812407cd6d52a7", "parents": [ "9ac4ed4bd0adec75db13a4b08a39a3918ec0e3c9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 19:58:30 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jun 01 10:37:17 2012 -0400" }, "message": "take calculation of final prot in security_mmap_file() into a helper\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8b3ec6814c83d76b85bd13badc48552836c24839", "tree": "2430a4511c7ea41f67b0d841f4c42eac43828db3", "parents": [ "e5467859f7f79b69fc49004403009dfdba3bec53" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 17:11:23 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jun 01 10:37:01 2012 -0400" }, "message": "take security_mmap_file() outside of -\u003emmap_sem\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fb21affa49204acd409328415b49bfe90136653c", "tree": "3535dbe0c0aad049a38cadfcffe78409397a1b32", "parents": [ "a00b6151a2ae4c52576c35d3998e144a993d50b8", "f23ca335462e3c84f13270b9e65f83936068ec2c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 18:47:30 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 18:47:30 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal\n\nPull second pile of signal handling patches from Al Viro:\n \"This one is just task_work_add() series + remaining prereqs for it.\n\n There probably will be another pull request from that tree this\n cycle - at least for helpers, to get them out of the way for per-arch\n fixes remaining in the tree.\"\n\nFix trivial conflict in kernel/irq/manage.c: the merge of Andrew\u0027s pile\nhad brought in commit 97fd75b7b8e0 (\"kernel/irq/manage.c: use the\npr_foo() infrastructure to prefix printks\") which changed one of the\npr_err() calls that this merge moves around.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:\n keys: kill task_struct-\u003ereplacement_session_keyring\n keys: kill the dummy key_replace_session_keyring()\n keys: change keyctl_session_to_parent() to use task_work_add()\n genirq: reimplement exit_irq_thread() hook via task_work_add()\n task_work_add: generic process-context callbacks\n avr32: missed _TIF_NOTIFY_RESUME on one of do_notify_resume callers\n parisc: need to check NOTIFY_RESUME when exiting from syscall\n move key_repace_session_keyring() into tracehook_notify_resume()\n TIF_NOTIFY_RESUME is defined on all targets now\n" }, { "commit": "ac34ebb3a67e699edcb5ac72f19d31679369dfaa", "tree": "21785208005952128545c0d7804c2dddf177766f", "parents": [ "ee62c6b2dc93c09585b51fad18449dc5edb9977f" ], "author": { "name": "Christopher Yeoh", "email": "cyeoh@au1.ibm.com", "time": "Thu May 31 16:26:42 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 17:49:32 2012 -0700" }, "message": "aio/vfs: cleanup of rw_copy_check_uvector() and compat_rw_copy_check_uvector()\n\nA cleanup of rw_copy_check_uvector and compat_rw_copy_check_uvector after\nchanges made to support CMA in an earlier patch.\n\nRather than having an additional check_access parameter to these\nfunctions, the first paramater type is overloaded to allow the caller to\nspecify CHECK_IOVEC_ONLY which means check that the contents of the iovec\nare valid, but do not check the memory that they point to. This is used\nby process_vm_readv/writev where we need to validate that a iovec passed\nto the syscall is valid but do not want to check the memory that it points\nto at this point because it refers to an address space in another process.\n\nSigned-off-by: Chris Yeoh \u003cyeohc@au1.ibm.com\u003e\nReviewed-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "81ab6e7b26b453a795d46f2616ed0e31d97f05b9", "tree": "a8d50eb5b35ad93b793450bfef4d90df34494a2c", "parents": [ "ae3cef7300e9fddc35ad251dd5f27c5b88c8594a" ], "author": { "name": "Boaz Harrosh", "email": "bharrosh@panasas.com", "time": "Thu May 31 16:26:15 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 17:49:28 2012 -0700" }, "message": "kmod: convert two call sites to call_usermodehelper_fns()\n\nBoth kernel/sys.c \u0026\u0026 security/keys/request_key.c where inlining the exact\nsame code as call_usermodehelper_fns(); So simply convert these sites to\ndirectly use call_usermodehelper_fns().\n\nSigned-off-by: Boaz Harrosh \u003cbharrosh@panasas.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4f1c28d241d0882f25112d494885cd6084db225b", "tree": "4332c441b47b3ce6f29b424d24923aebdc44d7eb", "parents": [ "ecb41a77411358d385e3fde5b4e98a5f3d9cfdd5" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Thu May 31 16:26:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 17:49:26 2012 -0700" }, "message": "security/keys/keyctl.c: suppress memory allocation failure warning\n\nThis allocation may be large. The code is probing to see if it will\nsucceed and if not, it falls back to vmalloc(). We should suppress any\npage-allocation failure messages when the fallback happens.\n\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e5467859f7f79b69fc49004403009dfdba3bec53", "tree": "73b011daf79eeddd61bbcaf65cd197b5e5f6f149", "parents": [ "d007794a182bc072a7b7479909dbd0d67ba341be" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:30:51 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:11:54 2012 -0400" }, "message": "split -\u003efile_mmap() into -\u003emmap_addr()/-\u003emmap_file()\n\n... i.e. file-dependent and address-dependent checks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d007794a182bc072a7b7479909dbd0d67ba341be", "tree": "75aa7ccd563a0fe8b60391824c92f64098674dda", "parents": [ "cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:11:37 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:10:54 2012 -0400" }, "message": "split cap_mmap_addr() out of cap_file_mmap()\n\n... switch callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cc1dad7183e4cb7f5d313b6942f2059fc0eabab6", "tree": "372614e5c981ff868682af2babdd8d0fec356952", "parents": [ "c862868bb455694704c255481369c40d7185eb25" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 02 19:40:47 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue May 29 23:28:33 2012 -0400" }, "message": "selinuxfs snprintf() misuses\n\na) %d does _not_ produce a page worth of output\nb) snprintf() doesn\u0027t return negatives - it used to in old glibc, but\nthat\u0027s the kernel...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "413cd3d9abeaef590e5ce00564f7a443165db238", "tree": "fc7d254053793a95d1470f7c9eafb782d8cf91d6", "parents": [ "4d1d61a6b203d957777d73fcebf19d90b038b5b2" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri May 11 10:59:08 2012 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 23 22:11:23 2012 -0400" }, "message": "keys: change keyctl_session_to_parent() to use task_work_add()\n\nChange keyctl_session_to_parent() to use task_work_add() and move\nkey_replace_session_keyring() logic into task_work-\u003efunc().\n\nNote that we do task_work_cancel() before task_work_add() to ensure that\nonly one work can be pending at any time. This is important, we must not\nallow user-space to abuse the parent\u0027s -\u003etask_works list.\n\nThe callback, replace_session_keyring(), checks PF_EXITING. I guess this\nis not really needed but looks better.\n\nAs a side effect, this fixes the (unlikely) race. The callers of\nkey_replace_session_keyring() and keyctl_session_to_parent() lack the\nnecessary barriers, the parent can miss the request.\n\nNow we can remove task_struct-\u003ereplacement_session_keyring and related\ncode.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: Richard Kuo \u003crkuo@codeaurora.org\u003e\nCc: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Alexander Gordeev \u003cagordeev@redhat.com\u003e\nCc: Chris Zankel \u003cchris@zankel.net\u003e\nCc: David Smith \u003cdsmith@redhat.com\u003e\nCc: \"Frank Ch. Eigler\" \u003cfche@redhat.com\u003e\nCc: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nCc: Larry Woodman \u003clwoodman@redhat.com\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1227dd773d8d4e3983b4b751f9ffa0f41402fb7c", "tree": "8fb48e099710fa179c6ca7dd4c5298513dcd5659", "parents": [ "f9369910a6225b8d4892c3f20ae740a711cd5ace" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Apr 24 02:44:49 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 23 22:09:19 2012 -0400" }, "message": "TIF_NOTIFY_RESUME is defined on all targets now\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "644473e9c60c1ff4f6351fed637a6e5551e3dce7", "tree": "10316518bedc735a2c6552886658d69dfd9f1eb0", "parents": [ "fb827ec68446c83e9e8754fa9b55aed27ecc4661", "4b06a81f1daee668fbd6de85557bfb36dd36078f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 23 17:42:39 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 23 17:42:39 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace enhancements from Eric Biederman:\n \"This is a course correction for the user namespace, so that we can\n reach an inexpensive, maintainable, and reasonably complete\n implementation.\n\n Highlights:\n - Config guards make it impossible to enable the user namespace and\n code that has not been converted to be user namespace safe.\n\n - Use of the new kuid_t type ensures the if you somehow get past the\n config guards the kernel will encounter type errors if you enable\n user namespaces and attempt to compile in code whose permission\n checks have not been updated to be user namespace safe.\n\n - All uids from child user namespaces are mapped into the initial\n user namespace before they are processed. Removing the need to add\n an additional check to see if the user namespace of the compared\n uids remains the same.\n\n - With the user namespaces compiled out the performance is as good or\n better than it is today.\n\n - For most operations absolutely nothing changes performance or\n operationally with the user namespace enabled.\n\n - The worst case performance I could come up with was timing 1\n billion cache cold stat operations with the user namespace code\n enabled. This went from 156s to 164s on my laptop (or 156ns to\n 164ns per stat operation).\n\n - (uid_t)-1 and (gid_t)-1 are reserved as an internal error value.\n Most uid/gid setting system calls treat these value specially\n anyway so attempting to use -1 as a uid would likely cause\n entertaining failures in userspace.\n\n - If setuid is called with a uid that can not be mapped setuid fails.\n I have looked at sendmail, login, ssh and every other program I\n could think of that would call setuid and they all check for and\n handle the case where setuid fails.\n\n - If stat or a similar system call is called from a context in which\n we can not map a uid we lie and return overflowuid. The LFS\n experience suggests not lying and returning an error code might be\n better, but the historical precedent with uids is different and I\n can not think of anything that would break by lying about a uid we\n can\u0027t map.\n\n - Capabilities are localized to the current user namespace making it\n safe to give the initial user in a user namespace all capabilities.\n\n My git tree covers all of the modifications needed to convert the core\n kernel and enough changes to make a system bootable to runlevel 1.\"\n\nFix up trivial conflicts due to nearby independent changes in fs/stat.c\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (46 commits)\n userns: Silence silly gcc warning.\n cred: use correct cred accessor with regards to rcu read lock\n userns: Convert the move_pages, and migrate_pages permission checks to use uid_eq\n userns: Convert cgroup permission checks to use uid_eq\n userns: Convert tmpfs to use kuid and kgid where appropriate\n userns: Convert sysfs to use kgid/kuid where appropriate\n userns: Convert sysctl permission checks to use kuid and kgids.\n userns: Convert proc to use kuid/kgid where appropriate\n userns: Convert ext4 to user kuid/kgid where appropriate\n userns: Convert ext3 to use kuid/kgid where appropriate\n userns: Convert ext2 to use kuid/kgid where appropriate.\n userns: Convert devpts to use kuid/kgid where appropriate\n userns: Convert binary formats to use kuid/kgid where appropriate\n userns: Add negative depends on entries to avoid building code that is userns unsafe\n userns: signal remove unnecessary map_cred_ns\n userns: Teach inode_capable to understand inodes whose uids map to other namespaces.\n userns: Fail exec for suid and sgid binaries with ids outside our user namespace.\n userns: Convert stat to return values mapped from kuids and kgids\n userns: Convert user specfied uids and gids in chown into kuids and kgid\n userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs\n ...\n" }, { "commit": "88d6ae8dc33af12fe1c7941b1fae2767374046fd", "tree": "8f17415c0722b0a4d7511ac170cfb4e3802e1ad2", "parents": [ "f5c101892fbd3d2f6d2729bc7eb7b3f6c31dbddd", "0d4dde1ac9a5af74ac76c6ab90557d1ae7b8f5d8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 22 17:40:19 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 22 17:40:19 2012 -0700" }, "message": "Merge branch \u0027for-3.5\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup updates from Tejun Heo:\n \"cgroup file type addition / removal is updated so that file types are\n added and removed instead of individual files so that dynamic file\n type addition / removal can be implemented by cgroup and used by\n controllers. blkio controller changes which will come through block\n tree are dependent on this. Other changes include res_counter cleanup\n and disallowing kthread / PF_THREAD_BOUND threads to be attached to\n non-root cgroups.\n\n There\u0027s a reported bug with the file type addition / removal handling\n which can lead to oops on cgroup umount. The issue is being looked\n into. It shouldn\u0027t cause problems for most setups and isn\u0027t a\n security concern.\"\n\nFix up trivial conflict in Documentation/feature-removal-schedule.txt\n\n* \u0027for-3.5\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (21 commits)\n res_counter: Account max_usage when calling res_counter_charge_nofail()\n res_counter: Merge res_counter_charge and res_counter_charge_nofail\n cgroups: disallow attaching kthreadd or PF_THREAD_BOUND threads\n cgroup: remove cgroup_subsys-\u003epopulate()\n cgroup: get rid of populate for memcg\n cgroup: pass struct mem_cgroup instead of struct cgroup to socket memcg\n cgroup: make css-\u003erefcnt clearing on cgroup removal optional\n cgroup: use negative bias on css-\u003erefcnt to block css_tryget()\n cgroup: implement cgroup_rm_cftypes()\n cgroup: introduce struct cfent\n cgroup: relocate __d_cgrp() and __d_cft()\n cgroup: remove cgroup_add_file[s]()\n cgroup: convert memcg controller to the new cftype interface\n memcg: always create memsw files if CONFIG_CGROUP_MEM_RES_CTLR_SWAP\n cgroup: convert all non-memcg controllers to the new cftype interface\n cgroup: relocate cftype and cgroup_subsys definitions in controllers\n cgroup: merge cft_release_agent cftype array into the base files array\n cgroup: implement cgroup_add_cftypes() and friends\n cgroup: build list of all cgroups under a given cgroupfs_root\n cgroup: move cgroup_clear_directory() call out of cgroup_populate_dir()\n ...\n" }, { "commit": "cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b", "tree": "4322be35db678f6299348a76ad60a2023954af7d", "parents": [ "99262a3dafa3290866512ddfb32609198f8973e9", "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"New notable features:\n - The seccomp work from Will Drewry\n - PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski\n - Longer security labels for Smack from Casey Schaufler\n - Additional ptrace restriction modes for Yama by Kees Cook\"\n\nFix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)\n apparmor: fix long path failure due to disconnected path\n apparmor: fix profile lookup for unconfined\n ima: fix filename hint to reflect script interpreter name\n KEYS: Don\u0027t check for NULL key pointer in key_validate()\n Smack: allow for significantly longer Smack labels v4\n gfp flags for security_inode_alloc()?\n Smack: recursive tramsmute\n Yama: replace capable() with ns_capable()\n TOMOYO: Accept manager programs which do not start with / .\n KEYS: Add invalidation support\n KEYS: Do LRU discard in full keyrings\n KEYS: Permit in-place link replacement in keyring list\n KEYS: Perform RCU synchronisation on keys prior to key destruction\n KEYS: Announce key type (un)registration\n KEYS: Reorganise keys Makefile\n KEYS: Move the key config into security/keys/Kconfig\n KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat\n Yama: remove an unused variable\n samples/seccomp: fix dependencies on arch macros\n Yama: add additional ptrace scopes\n ...\n" }, { "commit": "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab", "tree": "9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f", "parents": [ "cffee16e8b997ab947de661e8820e486b0830c94", "c737f8284cac91428f8fcc8281e69117fa16e887" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n\nPer pull request, for 3.5.\n" }, { "commit": "cffee16e8b997ab947de661e8820e486b0830c94", "tree": "f71adb789f6d850367d35b34955f038239f739b3", "parents": [ "bf83208e0b7f5938f5a7f6d9dfa9960bf04692fa" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed May 16 11:01:05 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri May 18 11:09:52 2012 -0700" }, "message": "apparmor: fix long path failure due to disconnected path\n\nBugLink: http://bugs.launchpad.net/bugs/955892\n\nAll failures from __d_path where being treated as disconnected paths,\nhowever __d_path can also fail when the generated pathname is too long.\n\nThe initial ENAMETOOLONG error was being lost, and ENAMETOOLONG was only\nreturned if the subsequent dentry_path call resulted in that error. Other\nwise if the path was split across a mount point such that the dentry_path\nfit within the buffer when the __d_path did not the failure was treated\nas a disconnected path.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "bf83208e0b7f5938f5a7f6d9dfa9960bf04692fa", "tree": "6c3d31ea4f48a684c87504c229c7db474119437a", "parents": [ "fbbb456347b21279a379b42eeb31151c33d8dd49" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Wed May 16 11:00:05 2012 -0700" }, "committer": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Fri May 18 11:09:28 2012 -0700" }, "message": "apparmor: fix profile lookup for unconfined\n\nBugLink: http://bugs.launchpad.net/bugs/978038\n\nalso affects apparmor portion of\nBugLink: http://bugs.launchpad.net/bugs/987371\n\nThe unconfined profile is not stored in the regular profile list, but\nchange_profile and exec transitions may want access to it when setting\nup specialized transitions like switch to the unconfined profile of a\nnew policy namespace.\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\n" }, { "commit": "fbbb456347b21279a379b42eeb31151c33d8dd49", "tree": "d1d5debe01e000fd38f2af8232d342a054b754a4", "parents": [ "12fa8a2732e6d0bb42c311f76250f7871d042df8" ], "author": { "name": "Mimi Zohar", "email": "zohar@us.ibm.com", "time": "Mon May 14 21:50:11 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 10:36:41 2012 +1000" }, "message": "ima: fix filename hint to reflect script interpreter name\n\nWhen IMA was first upstreamed, the bprm filename and interp were\nalways the same. Currently, the bprm-\u003efilename and bprm-\u003einterp\nare the same, except for when only bprm-\u003einterp contains the\ninterpreter name. So instead of using the bprm-\u003efilename as\nthe IMA filename hint in the measurement list, we could replace\nit with bprm-\u003einterp, but this feels too fragil.\n\nThe following patch is not much better, but at least there is some\nindication that sometimes we\u0027re passing the filename and other times\nthe interpreter name.\n\nReported-by: Andrew Lunn \u003candrew@lunn.ch\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "12fa8a2732e6d0bb42c311f76250f7871d042df8", "tree": "87a8ec37c94d068fb100cdb962af9ba5881e23b4", "parents": [ "b404aef72fdafb601c945c714164c0ee2b04c364", "f7112e6c9abf1c70f001dcf097c1d6e218a93f5c" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 01:11:29 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 01:11:29 2012 +1000" }, "message": "Merge branch \u0027for-1205\u0027 of http://git.gitorious.org/smack-next/kernel into next\n\nPull request from Casey.\n" }, { "commit": "b404aef72fdafb601c945c714164c0ee2b04c364", "tree": "46efed0307e7c208a254614361bbe08ed160ef52", "parents": [ "2cc8a71641b4460783ea3bd7a3476043fdf85397" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue May 15 14:11:11 2012 +0100" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed May 16 00:54:33 2012 +1000" }, "message": "KEYS: Don\u0027t check for NULL key pointer in key_validate()\n\nDon\u0027t bother checking for NULL key pointer in key_validate() as all of the\nplaces that call it will crash anyway if the relevant key pointer is NULL by\nthe time they call key_validate(). Therefore, the checking must be done prior\nto calling here.\n\nWhilst we\u0027re at it, simplify the key_validate() function a bit and mark its\nargument const.\n\nReported-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\ncc: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "f7112e6c9abf1c70f001dcf097c1d6e218a93f5c", "tree": "8ddcab31388e3f220f3ef911f4ec9dce8ac4be92", "parents": [ "ceffec5541cc22486d3ff492e3d76a33a68fbfa3" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Sun May 06 15:22:02 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:48:38 2012 -0700" }, "message": "Smack: allow for significantly longer Smack labels v4\n\nV4 updated to current linux-security#next\nTargeted for git://gitorious.org/smack-next/kernel.git\n\nModern application runtime environments like to use\nnaming schemes that are structured and generated without\nhuman intervention. Even though the Smack limit of 23\ncharacters for a label name is perfectly rational for\nhuman use there have been complaints that the limit is\na problem in environments where names are composed from\na set or sources, including vendor, author, distribution\nchannel and application name. Names like\n\n\tsoftwarehouse-pgwodehouse-coolappstore-mellowmuskrats\n\nare becoming harder to avoid. This patch introduces long\nlabel support in Smack. Labels are now limited to 255\ncharacters instead of the old 23.\n\nThe primary reason for limiting the labels to 23 characters\nwas so they could be directly contained in CIPSO category sets.\nThis is still done were possible, but for labels that are too\nlarge a mapping is required. This is perfectly safe for communication\nthat stays \"on the box\" and doesn\u0027t require much coordination\nbetween boxes beyond what would have been required to keep label\nnames consistent.\n\nThe bulk of this patch is in smackfs, adding and updating\nadministrative interfaces. Because existing APIs can\u0027t be\nchanged new ones that do much the same things as old ones\nhave been introduced.\n\nThe Smack specific CIPSO data representation has been removed\nand replaced with the data format used by netlabel. The CIPSO\nheader is now computed when a label is imported rather than\non use. This results in improved IP performance. The smack\nlabel is now allocated separately from the containing structure,\nallowing for larger strings.\n\nFour new /smack interfaces have been introduced as four\nof the old interfaces strictly required labels be specified\nin fixed length arrays.\n\nThe access interface is supplemented with the check interface:\n\taccess \"Subject Object rwxat\"\n\taccess2 \"Subject Object rwaxt\"\n\nThe load interface is supplemented with the rules interface:\n\tload \"Subject Object rwxat\"\n\tload2 \"Subject Object rwaxt\"\n\nThe load-self interface is supplemented with the self-rules interface:\n\tload-self \"Subject Object rwxat\"\n\tload-self2 \"Subject Object rwaxt\"\n\nThe cipso interface is supplemented with the wire interface:\n\tcipso \"Subject lvl cnt c1 c2 ...\"\n\tcipso2 \"Subject lvl cnt c1 c2 ...\"\n\nThe old interfaces are maintained for compatibility.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "ceffec5541cc22486d3ff492e3d76a33a68fbfa3", "tree": "d1eaebc1b1894ed9391959cc9f5846543a4b4e42", "parents": [ "2267b13a7cad1f9dfe0073c1f902d45953f9faff" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Thu Mar 29 16:19:05 2012 +0900" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:47:44 2012 -0700" }, "message": "gfp flags for security_inode_alloc()?\n\nDave Chinner wrote:\n\u003e Yes, because you have no idea what the calling context is except\n\u003e for the fact that is from somewhere inside filesystem code and the\n\u003e filesystem could be holding locks. Therefore, GFP_NOFS is really the\n\u003e only really safe way to allocate memory here.\n\nI see. Thank you.\n\nI\u0027m not sure, but can call trace happen where somewhere inside network\nfilesystem or stackable filesystem code with locks held invokes operations that\ninvolves GFP_KENREL memory allocation outside that filesystem?\n----------\n[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.\n\nnew_inode_smack() which can be called from smack_inode_alloc_security() needs\nto use GFP_NOFS like SELinux\u0027s inode_alloc_security() does, for\nsecurity_inode_alloc() is called from inode_init_always() and\ninode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.\n\nsmack_inode_init_security() needs to use GFP_NOFS like\nselinux_inode_init_security() does, for initxattrs() callback function (e.g.\nbtrfs_initxattrs()) which is called from security_inode_init_security() is\nusing GFP_NOFS.\n\nsmack_audit_rule_match() needs to use GFP_ATOMIC, for\nsecurity_audit_rule_match() can be called from audit_filter_user_rules() and\naudit_filter_user_rules() is called from audit_filter_user() with RCU read lock\nheld.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Casey Schaufler \u003ccschaufler@cschaufler-intel.(none)\u003e\n" }, { "commit": "2267b13a7cad1f9dfe0073c1f902d45953f9faff", "tree": "c0797ecce868fe590ac46a5d511a2f3812de15d1", "parents": [ "2cc8a71641b4460783ea3bd7a3476043fdf85397" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Mar 13 19:14:19 2012 -0700" }, "committer": { "name": "Casey Schaufler", "email": "cschaufler@vaio-ubuntu.(none)", "time": "Mon May 14 22:45:17 2012 -0700" }, "message": "Smack: recursive tramsmute\n\nThe transmuting directory feature of Smack requires that\nthe transmuting attribute be explicitly set in all cases.\nIt seems the users of this facility would expect that the\ntransmuting attribute be inherited by subdirectories that\nare created in a transmuting directory. This does not seem\nto add any additional complexity to the understanding of\nhow the system works.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\n" }, { "commit": "2cc8a71641b4460783ea3bd7a3476043fdf85397", "tree": "fe8a39bbedc403306c3a0c2f773a4499d6ae99ec", "parents": [ "77b513dda90fd99bd1225410b25e745b74779c1c" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon May 14 10:19:28 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 15 10:27:57 2012 +1000" }, "message": "Yama: replace capable() with ns_capable()\n\nWhen checking capabilities, the question we want to be asking is \"does\ncurrent() have the capability in the child\u0027s namespace?\"\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "77b513dda90fd99bd1225410b25e745b74779c1c", "tree": "5555c83725ac407d2e1c3d020061580918524ceb", "parents": [ "fd75815f727f157a05f4c96b5294a4617c0557da" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@I-love.SAKURA.ne.jp", "time": "Sun May 13 23:03:23 2012 +0900" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 15 10:24:29 2012 +1000" }, "message": "TOMOYO: Accept manager programs which do not start with / .\n\nThe pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is\nsquashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy .\nTherefore, we need to accept manager programs which do not start with / .\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "fd75815f727f157a05f4c96b5294a4617c0557da", "tree": "b2e76abf176d37b5d810b0c813b8c0219754b88c", "parents": [ "31d5a79d7f3d436da176a78ebc12d53c06da402e" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Add invalidation support\n\nAdd support for invalidating a key - which renders it immediately invisible to\nfurther searches and causes the garbage collector to immediately wake up,\nremove it from keyrings and then destroy it when it\u0027s no longer referenced.\n\nIt\u0027s better not to do this with keyctl_revoke() as that marks the key to start\nreturning -EKEYREVOKED to searches when what is actually desired is to have the\nkey refetched.\n\nTo invalidate a key the caller must be granted SEARCH permission by the key.\nThis may be too strict. It may be better to also permit invalidation if the\ncaller has any of READ, WRITE or SETATTR permission.\n\nThe primary use for this is to evict keys that are cached in special keyrings,\nsuch as the DNS resolver or an ID mapper.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "31d5a79d7f3d436da176a78ebc12d53c06da402e", "tree": "d39a75d7d0d0e85102ff8ce5e55e5d6ab7db7262", "parents": [ "233e4735f2a45d9e641c2488b8d7afeb1f377dac" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Do LRU discard in full keyrings\n\nDo an LRU discard in keyrings that are full rather than returning ENFILE. To\nperform this, a time_t is added to the key struct and updated by the creation\nof a link to a key and by a key being found as the result of a search. At the\ncompletion of a successful search, the keyrings in the path between the root of\nthe search and the first found link to it also have their last-used times\nupdated.\n\nNote that discarding a link to a key from a keyring does not necessarily\ndestroy the key as there may be references held by other places.\n\nAn alternate discard method that might suffice is to perform FIFO discard from\nthe keyring, using the spare 2-byte hole in the keylist header as the index of\nthe next link to be discarded.\n\nThis is useful when using a keyring as a cache for DNS results or foreign\nfilesystem IDs.\n\n\nThis can be tested by the following. As root do:\n\n\techo 1000 \u003e/proc/sys/kernel/keys/root_maxkeys\n\n\tkr\u003d`keyctl newring foo @s`\n\tfor ((i\u003d0; i\u003c2000; i++)); do keyctl add user a$i a $kr; done\n\nWithout this patch ENFILE should be reported when the keyring fills up. With\nthis patch, the keyring discards keys in an LRU fashion. Note that the stored\nLRU time has a granularity of 1s.\n\nAfter doing this, /proc/key-users can be observed and should show that most of\nthe 2000 keys have been discarded:\n\n\t[root@andromeda ~]# cat /proc/key-users\n\t 0: 517 516/516 513/1000 5249/20000\n\nThe \"513/1000\" here is the number of quota-accounted keys present for this user\nout of the maximum permitted.\n\nIn /proc/keys, the keyring shows the number of keys it has and the number of\nslots it has allocated:\n\n\t[root@andromeda ~]# grep foo /proc/keys\n\t200c64c4 I--Q-- 1 perm 3b3f0000 0 0 keyring foo: 509/509\n\nThe maximum is (PAGE_SIZE - header) / key pointer size. That\u0027s typically 509\non a 64-bit system and 1020 on a 32-bit system.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "233e4735f2a45d9e641c2488b8d7afeb1f377dac", "tree": "d273536aaea91cf4817dd305450f327ebb37059f", "parents": [ "65d87fe68abf2fc226a9e96be61160f65d6b4680" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Permit in-place link replacement in keyring list\n\nMake use of the previous patch that makes the garbage collector perform RCU\nsynchronisation before destroying defunct keys. Key pointers can now be\nreplaced in-place without creating a new keyring payload and replacing the\nwhole thing as the discarded keys will not be destroyed until all currently\nheld RCU read locks are released.\n\nIf the keyring payload space needs to be expanded or contracted, then a\nreplacement will still need allocating, and the original will still have to be\nfreed by RCU.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "65d87fe68abf2fc226a9e96be61160f65d6b4680", "tree": "23881b6daf54c7522178363f0ae32ddb6c836784", "parents": [ "1eb1bcf5bfad001128293b86d891c9d6f2f27333" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Perform RCU synchronisation on keys prior to key destruction\n\nMake the keys garbage collector invoke synchronize_rcu() prior to destroying\nkeys with a zero usage count. This means that a key can be examined under the\nRCU read lock in the safe knowledge that it won\u0027t get deallocated until after\nthe lock is released - even if its usage count becomes zero whilst we\u0027re\nlooking at it.\n\nThis is useful in keyring search vs key link. Consider a keyring containing a\nlink to a key. That link can be replaced in-place in the keyring without\nrequiring an RCU copy-and-replace on the keyring contents without breaking a\nsearch underway on that keyring when the displaced key is released, provided\nthe key is actually destroyed only after the RCU read lock held by the search\nalgorithm is released.\n\nThis permits __key_link() to replace a key without having to reallocate the key\npayload. A key gets replaced if a new key being linked into a keyring has the\nsame type and description.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\n" }, { "commit": "1eb1bcf5bfad001128293b86d891c9d6f2f27333", "tree": "af7fce4f0dae5bad37335b0fcf8b2e0d27342a9b", "parents": [ "9f7ce8e249ab761c7ed753059cb16319ede41762" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Announce key type (un)registration\n\nAnnounce the (un)registration of a key type in the core key code rather than\nin the callers.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "9f7ce8e249ab761c7ed753059cb16319ede41762", "tree": "2116852f541464dc8591fd201ae479c27b889bf3", "parents": [ "f0894940aed13b21f363a411c7ec57358827ad87" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Reorganise keys Makefile\n\nReorganise the keys directory Makefile to put all the core bits together and\nthe type-specific bits after.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "f0894940aed13b21f363a411c7ec57358827ad87", "tree": "43b1fcfc6e9ff2912943b2b2789559b36e7a192d", "parents": [ "45de6767dc51358a188f75dc4ad9dfddb7fb9480" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Move the key config into security/keys/Kconfig\n\nMove the key config into security/keys/Kconfig as there are going to be a lot\nof key-related options.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\n" }, { "commit": "d16cf20e2f2f13411eece7f7fb72c17d141c4a84", "tree": "8154b3db8cdbb4b8d9f35d4c407cfe961253f0b4", "parents": [ "6714cf5465d2803a21c6a46c1ea747795a8889fa" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 19:45:28 2012 +0200" }, "committer": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 20:25:42 2012 +0200" }, "message": "netfilter: remove ip_queue support\n\nThis patch removes ip_queue support which was marked as obsolete\nyears ago. The nfnetlink_queue modules provides more advanced\nuser-space packet queueing mechanism.\n\nThis patch also removes capability code included in SELinux that\nrefers to ip_queue. Otherwise, we break compilation.\n\nSeveral warning has been sent regarding this to the mailing list\nin the past month without anyone rising the hand to stop this\nwith some strong argument.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\n" }, { "commit": "898bfc1d46bd76f8ea2a0fbd239dd2073efe2aa3", "tree": "e6e666085abe674dbf6292555961fe0a0f2e2d2f", "parents": [ "08162e6a23d476544adfe1164afe9ea8b34ab859", "69964ea4c7b68c9399f7977aa5b9aa6539a6a98a" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri May 04 12:46:40 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Fri May 04 12:46:40 2012 +1000" }, "message": "Merge tag \u0027v3.4-rc5\u0027 into next\n\nLinux 3.4-rc5\n\nMerge to pull in prerequisite change for Smack:\n86812bb0de1a3758dc6c7aa01a763158a7c0638a\n\nRequested by Casey.\n" }, { "commit": "18815a18085364d8514c0d0c4c986776cb74272c", "tree": "a931fb2eee31aee6f8d83ef4493071b9827b1b9f", "parents": [ "9c806aa06f8e121c6058db8e8073798aa5c4355b" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Feb 07 16:45:47 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu May 03 03:28:40 2012 -0700" }, "message": "userns: Convert capabilities related permsion checks\n\n- Use uid_eq when comparing kuids\n Use gid_eq when comparing kgids\n- Use make_kuid(user_ns, 0) to talk about the user_namespace root uid\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "078de5f706ece36afd73bb4b8283314132d2dfdf", "tree": "0dee00713f9cb5e2516260a66b8df99ef7d03e4d", "parents": [ "ae2975bc3476243b45a1e2344236d7920c268f38" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Feb 08 07:00:08 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu May 03 03:28:38 2012 -0700" }, "message": "userns: Store uid and gid values in struct cred with kuid_t and kgid_t types\n\ncred.h and a few trivial users of struct cred are changed. The rest of the users\nof struct cred are left for other patches as there are too many changes to make\nin one go and leave the change reviewable. If the user namespace is disabled and\nCONFIG_UIDGID_STRICT_TYPE_CHECKS are disabled the code will contiue to compile\nand behave correctly.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "ae2975bc3476243b45a1e2344236d7920c268f38", "tree": "e4b2a8472f6047734b6e7e2bdc994375b2790323", "parents": [ "22d917d80e842829d0ca0a561967d728eb1d6303" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 14 15:56:38 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu May 03 03:27:21 2012 -0700" }, "message": "userns: Convert group_info values from gid_t to kgid_t.\n\nAs a first step to converting struct cred to be all kuid_t and kgid_t\nvalues convert the group values stored in group_info to always be\nkgid_t values. Unless user namespaces are used this change should\nhave no effect.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "783291e6900292521a3895583785e0c04a56c5b3", "tree": "9dd368a25ea61b5913646b1d93ec99e865c058ba", "parents": [ "7b44ab978b77a91b327058a0f4db7e6fcdb90b92" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Nov 17 01:32:59 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Apr 26 02:00:59 2012 -0700" }, "message": "userns: Simplify the user_namespace by making userns-\u003ecreator a kuid.\n\n- Transform userns-\u003ecreator from a user_struct reference to a simple\n kuid_t, kgid_t pair.\n\n In cap_capable this allows the check to see if we are the creator of\n a namespace to become the classic suser style euid permission check.\n\n This allows us to remove the need for a struct cred in the mapping\n functions and still be able to dispaly the user namespace creators\n uid and gid as 0.\n\n- Remove the now unnecessary delayed_work in free_user_ns.\n\n All that is left for free_user_ns to do is to call kmem_cache_free\n and put_user_ns. Those functions can be called in any context\n so call them directly from free_user_ns removing the need for delayed work.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "08162e6a23d476544adfe1164afe9ea8b34ab859", "tree": "ace0b15f2f0aa6106d42191c8edaecc91f0322cc", "parents": [ "561381a146a31ff91d7a2370c10871b02ac7343c" ], "author": { "name": "Dan Carpenter", "email": "dan.carpenter@oracle.com", "time": "Fri Apr 20 16:35:24 2012 +0300" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Mon Apr 23 17:20:22 2012 +1000" }, "message": "Yama: remove an unused variable\n\nGCC complains that we don\u0027t use \"one\" any more after 389da25f93 \"Yama:\nadd additional ptrace scopes\".\n\nsecurity/yama/yama_lsm.c:322:12: warning: ?one? defined but not used\n\t[-Wunused-variable]\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "389da25f93eea8ff64181ae7e3e87da68acaef2e", "tree": "09277860746b3372cbb49ea82868709cbae99ec3", "parents": [ "8156b451f37898d3c3652b4e988a4d62ae16eaac" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Mon Apr 16 11:56:45 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Apr 19 13:39:56 2012 +1000" }, "message": "Yama: add additional ptrace scopes\n\nThis expands the available Yama ptrace restrictions to include two more\nmodes. Mode 2 requires CAP_SYS_PTRACE for PTRACE_ATTACH, and mode 3\ncompletely disables PTRACE_ATTACH (and locks the sysctl).\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "51b79bee627d526199b2f6a6bef8ee0c0739b6d1", "tree": "f75bc36f3915284e335f3f69eb039ae88e91f513", "parents": [ "b6a89584c36f307f2c2bbb136ea50985ca4bc7b4" ], "author": { "name": "Jonghwan Choi", "email": "jhbird.choi@samsung.com", "time": "Wed Apr 18 17:23:04 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Thu Apr 19 12:56:39 2012 +1000" }, "message": "security: fix compile error in commoncap.c\n\nAdd missing \"personality.h\"\nsecurity/commoncap.c: In function \u0027cap_bprm_set_creds\u0027:\nsecurity/commoncap.c:510: error: \u0027PER_CLEAR_ON_SETID\u0027 undeclared (first use in this function)\nsecurity/commoncap.c:510: error: (Each undeclared identifier is reported only once\nsecurity/commoncap.c:510: error: for each function it appears in.)\n\nSigned-off-by: Jonghwan Choi \u003cjhbird.choi@samsung.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "d52fc5dde171f030170a6cb78034d166b13c9445", "tree": "f982d0bdab54d5ab31cdd3e69cb88a1376797d1f", "parents": [ "09c79b60960bdd4b00916219402eabfa5e479c5a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 17 16:26:54 2012 -0400" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:37:56 2012 +1000" }, "message": "fcaps: clear the same personality flags as suid when fcaps are used\n\nIf a process increases permissions using fcaps all of the dangerous\npersonality flags which are cleared for suid apps should also be cleared.\nThus programs given priviledge with fcaps will continue to have address space\nrandomization enabled even if the parent tried to disable it to make it\neasier to attack.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "86812bb0de1a3758dc6c7aa01a763158a7c0638a", "tree": "41cb41cd7fe52730a3fe8c88ca298c2494f9040a", "parents": [ "592fe8980688e7cba46897685d014c7fb3018a67" ], "author": { "name": "Casey Schaufler", "email": "casey@schaufler-ca.com", "time": "Tue Apr 17 18:55:46 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:02:28 2012 +1000" }, "message": "Smack: move label list initialization\n\nA kernel with Smack enabled will fail if tmpfs has xattr support.\n\nMove the initialization of predefined Smack label\nlist entries to the LSM initialization from the\nsmackfs setup. This became an issue when tmpfs\nacquired xattr support, but was never correct.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "c29bceb3967398cf2ac8bf8edf9634fdb722df7d", "tree": "9feaa5a8b78812e48fa9b4e9b8b939f06390bee8", "parents": [ "259e5e6c75a910f3b5e656151dc602f53f9d7548" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Thu Apr 12 16:47:51 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:18 2012 +1000" }, "message": "Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS\n\nAdd support for AppArmor to explicitly fail requested domain transitions\nif NO_NEW_PRIVS is set and the task is not unconfined.\n\nTransitions from unconfined are still allowed because this always results\nin a reduction of privileges.\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\n\nv18: new acked-by, new description\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "259e5e6c75a910f3b5e656151dc602f53f9d7548", "tree": "4405fdf68238f2e33f27b04e8c37c9e29a2493d8", "parents": [ "9ccf010f8172b699ea80178860e8ea228f7dce56" ], "author": { "name": "Andy Lutomirski", "email": "luto@amacapital.net", "time": "Thu Apr 12 16:47:50 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:18 2012 +1000" }, "message": "Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time. For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set. The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries. By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged. For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use. It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nv18: updated change desc\nv17: using new define values as per 3.4\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "923e9a1399b620d063cd88537c64561bc3d5f905", "tree": "5d7aec3e06664c7f96726b9439a42a565bcc86ab", "parents": [ "94fb175c0414902ad9dbd956addf3a5feafbc85b" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Apr 10 13:26:44 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 10 16:14:40 2012 -0700" }, "message": "Smack: build when CONFIG_AUDIT not defined\n\nThis fixes builds where CONFIG_AUDIT is not defined and\nCONFIG_SECURITY_SMACK\u003dy.\n\nThis got introduced by the stack-usage reducation commit 48c62af68a40\n(\"LSM: shrink the common_audit_data data union\").\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c737f8284cac91428f8fcc8281e69117fa16e887", "tree": "7cb4cd77df9786925aa2c7cad919c4881651638b", "parents": [ "562c99f20d989f222138dddfd71e275bfb3665de" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 05 13:51:53 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:57 2012 -0400" }, "message": "SELinux: remove unused common_audit_data in flush_unauthorized_files\n\nWe don\u0027t need this variable and it just eats stack space. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "562c99f20d989f222138dddfd71e275bfb3665de", "tree": "47743a88f3aed8b77f79899f45409a597ab77263", "parents": [ "0b36e44cc680b355f0d1b34002b2a10c9e1cae60" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:14 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:44 2012 -0400" }, "message": "SELinux: avc: remove the useless fields in avc_add_callback\n\navc_add_callback now just used for registering reset functions\nin initcalls, and the callback functions just did reset operations.\nSo, reducing the arguments to only one event is enough now.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0b36e44cc680b355f0d1b34002b2a10c9e1cae60", "tree": "60e6a2800af2980b1b83206d2b6f6fd20baf4165", "parents": [ "899838b25f063a94594b1df6e0100aea1ec57fac" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:13 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:07 2012 -0400" }, "message": "SELinux: replace weak GFP_ATOMIC to GFP_KERNEL in avc_add_callback\n\navc_add_callback now only called from initcalls, so replace the\nweak GFP_ATOMIC to GFP_KERNEL, and mark this function __init\nto make a warning when not been called from initcalls.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "899838b25f063a94594b1df6e0100aea1ec57fac", "tree": "ce22a1fca876195237ba92051cb12b34aa957447", "parents": [ "1d3492927118d0ce1ea1ff3e007746699cba8f3e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:06 2012 -0400" }, "message": "SELinux: unify the selinux_audit_data and selinux_late_audit_data\n\nWe no longer need the distinction. We only need data after we decide to do an\naudit. So turn the \"late\" audit data into just \"data\" and remove what we\ncurrently have as \"data\".\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1d3492927118d0ce1ea1ff3e007746699cba8f3e", "tree": "16f50a33be365548a77dfb199337031779af86eb", "parents": [ "50c205f5e5c2e2af002fd4ef537ded79b90b1b56" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:05 2012 -0400" }, "message": "SELinux: remove auditdeny from selinux_audit_data\n\nIt\u0027s just takin\u0027 up space.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "50c205f5e5c2e2af002fd4ef537ded79b90b1b56", "tree": "9965a7746aa8c5e982357d5b8c46850f3283206c", "parents": [ "07f62eb66c6626aa5653a0fcb34c9c040d0bd032" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:04 2012 -0400" }, "message": "LSM: do not initialize common_audit_data to 0\n\nIt isn\u0027t needed. If you don\u0027t set the type of the data associated with\nthat type it is a pretty obvious programming bug. So why waste the cycles?\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "07f62eb66c6626aa5653a0fcb34c9c040d0bd032", "tree": "a928c034e2f08ef3f7fd6af450d75f3d52a261db", "parents": [ "b466066f9b648ccb6aa1e174f0389b7433e460fd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:03 2012 -0400" }, "message": "LSM: BUILD_BUG_ON if the common_audit_data union ever grows\n\nWe did a lot of work to shrink the common_audit_data. Add a BUILD_BUG_ON\nso future programers (let\u0027s be honest, probably me) won\u0027t do something\nfoolish like make it large again!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b466066f9b648ccb6aa1e174f0389b7433e460fd", "tree": "beaec41a751db3ceeb55e4c428bb7e1fe995d880", "parents": [ "0972c74ecba4878baa5f97bb78b242c0eefacfb6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:03 2012 -0400" }, "message": "LSM: remove the task field from common_audit_data\n\nThere are no legitimate users. Always use current and get back some stack\nspace for the common_audit_data.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0972c74ecba4878baa5f97bb78b242c0eefacfb6", "tree": "1ea472908798d38ab940f617a494786efe75f380", "parents": [ "bd5e50f9c1c71daac273fa586424f07205f6b13b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:02 2012 -0400" }, "message": "apparmor: move task from common_audit_data to apparmor_audit_data\n\napparmor is the only LSM that uses the common_audit_data tsk field.\nInstead of making all LSMs pay for the stack space move the aa usage into\nthe apparmor_audit_data.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bd5e50f9c1c71daac273fa586424f07205f6b13b", "tree": "57331d7e1941077cd55d33e7f12e6f8a07cdd80e", "parents": [ "d4cf970d0732628d514405c5a975024b9e205b0b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:01 2012 -0400" }, "message": "LSM: remove the COMMON_AUDIT_DATA_INIT type expansion\n\nJust open code it so grep on the source code works better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d4cf970d0732628d514405c5a975024b9e205b0b", "tree": "481f90ea13b2cbc8dd77bc934aa91024c1df6587", "parents": [ "602a8dd6ea6abd463bc26310c4a1b44919f88e68" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: move common_audit_data to a noinline slow path function\n\nselinux_inode_has_perm is a hot path. Instead of declaring the\ncommon_audit_data on the stack move it to a noinline function only used in\nthe rare case we need to send an audit message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "602a8dd6ea6abd463bc26310c4a1b44919f88e68", "tree": "426df8399ff298942a7e30c3a360a666e51ba920", "parents": [ "2e33405785d3eaec303c54b4a10afdebf3729da7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: remove inode_has_perm_noadp\n\nBoth callers could better be using file_has_perm() to get better audit\nresults.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2e33405785d3eaec303c54b4a10afdebf3729da7", "tree": "f4c0d114503796e9f958341393e336f76a7eb6dd", "parents": [ "154c50ca4eb9ae472f50b6a481213e21ead4457d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:59 2012 -0400" }, "message": "SELinux: delay initialization of audit data in selinux_inode_permission\n\nWe pay a rather large overhead initializing the common_audit_data.\nSince we only need this information if we actually emit an audit\nmessage there is little need to set it up in the hot path. This patch\nsplits the functionality of avc_has_perm() into avc_has_perm_noaudit(),\navc_audit_required() and slow_avc_audit(). But we take care of setting\nup to audit between required() and the actual audit call. Thus saving\nmeasurable time in a hot path.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "154c50ca4eb9ae472f50b6a481213e21ead4457d", "tree": "8f496c340514e7041c50e212aa1d45a18ca7476c", "parents": [ "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:47:11 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:58 2012 -0400" }, "message": "SELinux: if sel_make_bools errors don\u0027t leave inconsistent state\n\nWe reset the bool names and values array to NULL, but do not reset the\nnumber of entries in these arrays to 0. If we error out and then get back\ninto this function we will walk these NULL pointers based on the belief\nthat they are non-zero length.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\ncc: stable@kernel.org\n" }, { "commit": "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f", "tree": "c9fb517b25ff64f1a07abf62fa90512a48949fc4", "parents": [ "bb7081ab93582fd2557160549854200a5fc7b42a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:46 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:57 2012 -0400" }, "message": "SELinux: remove needless sel_div function\n\nI\u0027m not really sure what the idea behind the sel_div function is, but it\u0027s\nuseless. Since a and b are both unsigned, it\u0027s impossible for a % b \u003c 0.\nThat means that part of the function never does anything. Thus it\u0027s just a\nnormal /. Just do that instead. I don\u0027t even understand what that operation\nwas supposed to mean in the signed case however....\n\nIf it was signed:\nsel_div(-2, 4) \u003d\u003d ((-2 / 4) - ((-2 % 4) \u003c 0))\n\t\t ((0) - ((-2) \u003c 0))\n\t\t ((0) - (1))\n\t\t (-1)\n\nWhat actually happens:\nsel_div(-2, 4) \u003d\u003d ((18446744073709551614 / 4) - ((18446744073709551614 % 4) \u003c 0))\n\t\t ((4611686018427387903) - ((2 \u003c 0))\n\t\t (4611686018427387903 - 0)\n\t\t ((unsigned int)4611686018427387903)\n\t\t (4294967295)\n\nNeither makes a whole ton of sense to me. So I\u0027m getting rid of the\nfunction entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bb7081ab93582fd2557160549854200a5fc7b42a", "tree": "fa95a4c7f31d7f3f06d38eab68fcdd19da102e82", "parents": [ "d6ea83ec6864e9297fa8b00ec3dae183413a90e3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:36 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: possible NULL deref in context_struct_to_string\n\nIt\u0027s possible that the caller passed a NULL for scontext. However if this\nis a defered mapping we might still attempt to call *scontext\u003dkstrdup().\nThis is bad. Instead just return the len.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d6ea83ec6864e9297fa8b00ec3dae183413a90e3", "tree": "8a64f20f1a930d8f6ecd5ce0368c55a0c83f49dc", "parents": [ "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:49 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: audit failed attempts to set invalid labels\n\nWe know that some yum operation is causing CAP_MAC_ADMIN failures. This\nimplies that an RPM is laying down (or attempting to lay down) a file with\nan invalid label. The problem is that we don\u0027t have any information to\ntrack down the cause. This patch will cause such a failure to report the\nfailed label in an SELINUX_ERR audit message. This is similar to the\nSELINUX_ERR reports on invalid transitions and things like that. It should\nhelp run down problems on what is trying to set invalid labels in the\nfuture.\n\nResulting records look something like:\ntype\u003dAVC msg\u003daudit(1319659241.138:71): avc: denied { mac_admin } for pid\u003d2594 comm\u003d\"chcon\" capability\u003d33 scontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass\u003dcapability2\ntype\u003dSELINUX_ERR msg\u003daudit(1319659241.138:71): op\u003dsetxattr invalid_context\u003dunconfined_u:object_r:hello:s0\ntype\u003dSYSCALL msg\u003daudit(1319659241.138:71): arch\u003dc000003e syscall\u003d188 success\u003dno exit\u003d-22 a0\u003da2c0e0 a1\u003d390341b79b a2\u003da2d620 a3\u003d1f items\u003d1 ppid\u003d2519 pid\u003d2594 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"chcon\" exe\u003d\"/usr/bin/chcon\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dCWD msg\u003daudit(1319659241.138:71): cwd\u003d\"/root\" type\u003dPATH msg\u003daudit(1319659241.138:71): item\u003d0 name\u003d\"test\" inode\u003d785879 dev\u003dfc:03 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dunconfined_u:object_r:admin_home_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9", "tree": "e0d77f21bda5bec5ace52b3fa557f87b1bb57631", "parents": [ "95dbf739313f09c8d859bde1373bc264ef979337" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:40 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:50 2012 -0400" }, "message": "SELinux: rename dentry_open to file_open\n\ndentry_open takes a file, rename it to file_open\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "95dbf739313f09c8d859bde1373bc264ef979337", "tree": "c798947b740826f1fc6403d8ed840565a086e7ea", "parents": [ "eed7795d0a2c9b2e934afc088e903fa2c17b7958" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:34 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:49 2012 -0400" }, "message": "SELinux: check OPEN on truncate calls\n\nIn RH BZ 578841 we realized that the SELinux sandbox program was allowed to\ntruncate files outside of the sandbox. The reason is because sandbox\nconfinement is determined almost entirely by the \u0027open\u0027 permission. The idea\nwas that if the sandbox was unable to open() files it would be unable to do\nharm to those files. This turns out to be false in light of syscalls like\ntruncate() and chmod() which don\u0027t require a previous open() call. I looked\nat the syscalls that did not have an associated \u0027open\u0027 check and found that\ntruncate(), did not have a seperate permission and even if it did have a\nseparate permission such a permission owuld be inadequate for use by\nsandbox (since it owuld have to be granted so liberally as to be useless).\nThis patch checks the OPEN permission on truncate. I think a better solution\nfor sandbox is a whole new permission, but at least this fixes what we have\ntoday.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "eed7795d0a2c9b2e934afc088e903fa2c17b7958", "tree": "8f402c793774abfea12fd86bec741f0056302324", "parents": [ "aa893269de6277b44be88e25dcd5331c934c29c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:48 2012 -0400" }, "message": "SELinux: add default_type statements\n\nBecause Fedora shipped userspace based on my development tree we now\nhave policy version 27 in the wild defining only default user, role, and\nrange. Thus to add default_type we need a policy.28.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "aa893269de6277b44be88e25dcd5331c934c29c4", "tree": "f994e023f787c1665b65725f2c009a9f5a021be7", "parents": [ "6ce74ec75ca690c4fb3a3c5f8b7767d094d93215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:47 2012 -0400" }, "message": "SELinux: allow default source/target selectors for user/role/range\n\nWhen new objects are created we have great and flexible rules to\ndetermine the type of the new object. We aren\u0027t quite as flexible or\nmature when it comes to determining the user, role, and range. This\npatch adds a new ability to specify the place a new objects user, role,\nand range should come from. For users and roles it can come from either\nthe source or the target of the operation. aka for files the user can\neither come from the source (the running process and todays default) or\nit can come from the target (aka the parent directory of the new file)\n\nexamples always are done with\ndirectory context: system_u:object_r:mnt_t:s0-s0:c0.c512\nprocess context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n\n[no rule]\n\tunconfined_u:object_r:mnt_t:s0 test_none\n[default user source]\n\tunconfined_u:object_r:mnt_t:s0 test_user_source\n[default user target]\n\tsystem_u:object_r:mnt_t:s0 test_user_target\n[default role source]\n\tunconfined_u:unconfined_r:mnt_t:s0 test_role_source\n[default role target]\n\tunconfined_u:object_r:mnt_t:s0 test_role_target\n[default range source low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_source_low\n[default range source high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high\n[default range source low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high\n[default range target low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_target_low\n[default range target high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high\n[default range target low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "72e8c8593f8fdb983d9cd79d824f6b48ef21f14f", "tree": "1a1a81d6fc9007f18bedaace192708efd889eaf7", "parents": [ "47a93a5bcb131879d4425d4559e90ad82990825d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:36 2012 -0400" }, "message": "SELinux: loosen DAC perms on reading policy\n\nThere is no reason the DAC perms on reading the policy file need to be root\nonly. There are selinux checks which should control this access.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "47a93a5bcb131879d4425d4559e90ad82990825d", "tree": "93bc837f9ffbd3f2ed6f7e44e2d2773714b9ada0", "parents": [ "0034102808e0dbbf3a2394b82b1bb40b5778de9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:30 2012 -0400" }, "message": "SELinux: allow seek operations on the file exposing policy\n\nsesearch uses:\nlseek(3, 0, SEEK_SET) \u003d -1 ESPIPE (Illegal seek)\n\nMake that work.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "aeb3ae9da9b50a386b22af786d19b623e8d9f0fa", "tree": "3db9772ea99c931914bec7ded51f896f1d2e24ec", "parents": [ "0093ccb68f3753c0ba4d74c89d7e0f444b8d6123" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Nov 16 21:59:43 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Apr 07 16:55:52 2012 -0700" }, "message": "userns: Add an explicit reference to the parent user namespace\n\nI am about to remove the struct user_namespace reference from struct user_struct.\nSo keep an explicit track of the parent user namespace.\n\nTake advantage of this new reference and replace instances of user_ns-\u003ecreator-\u003euser_ns\nwith user_ns-\u003eparent.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "0093ccb68f3753c0ba4d74c89d7e0f444b8d6123", "tree": "a6fc0ea2a6dfc338fa8fc7126005f40109ef8dce", "parents": [ "c4a4d603796c727b9555867571f89483be9c565e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Nov 16 21:52:53 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Apr 07 16:55:52 2012 -0700" }, "message": "cred: Refcount the user_ns pointed to by the cred.\n\nstruct user_struct will shortly loose it\u0027s user_ns reference\nso make the cred user_ns reference a proper reference complete\nwith reference counting.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "c4a4d603796c727b9555867571f89483be9c565e", "tree": "ae3b47a7b8b35c866df53cb4b4a051d49a28904a", "parents": [ "7e6bd8fadd1216f50468f965d0308f45e5109ced" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Nov 16 23:15:31 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Apr 07 16:55:51 2012 -0700" }, "message": "userns: Use cred-\u003euser_ns instead of cred-\u003euser-\u003euser_ns\n\nOptimize performance and prepare for the removal of the user_ns reference\nfrom user_struct. Remove the slow long walk through cred-\u003euser-\u003euser_ns and\ninstead go straight to cred-\u003euser_ns.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "b61c37f57988567c84359645f8202a7c84bc798a", "tree": "a808c891711d060060a751f4119198dc06e2c847", "parents": [ "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 02 15:48:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:59 2012 -0700" }, "message": "lsm_audit: don\u0027t specify the audit pre/post callbacks in \u0027struct common_audit_data\u0027\n\nIt just bloats the audit data structure for no good reason, since the\nonly time those fields are filled are just before calling the\ncommon_lsm_audit() function, which is also the only user of those\nfields.\n\nSo just make them be the arguments to common_lsm_audit(), rather than\nbloating that structure that is passed around everywhere, and is\ninitialized in hot paths.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09", "tree": "20a7485417c8528d975ef4ff6e90467f63f67ab2", "parents": [ "f8294f1144ad0630075918df4bf94075f5384604" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:38:00 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:41 2012 -0700" }, "message": "SELinux: do not allocate stack space for AVC data unless needed\n\nInstead of declaring the entire selinux_audit_data on the stack when we\nstart an operation on declare it on the stack if we are going to use it.\nWe know it\u0027s usefulness at the end of the security decision and can declare\nit there.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f8294f1144ad0630075918df4bf94075f5384604", "tree": "9c794bc9a5cbc688d3b6819d211df16b979a56c9", "parents": [ "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:55 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from slow_avc_audit()\n\nWe don\u0027t use the argument, so remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02", "tree": "55d2bfda38776aeed69b82cf0bd5b409744b4afd", "parents": [ "48c62af68a403ef1655546bd3e021070c8508573" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:50 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from selinux_audit_data\n\nWe do not use it. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "48c62af68a403ef1655546bd3e021070c8508573", "tree": "ba938e4fb45d5bdaad2dad44071d0625f8e36945", "parents": [ "3b3b0e4fc15efa507b902d90cea39e496a523c3b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:44 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "LSM: shrink the common_audit_data data union\n\nAfter shrinking the common_audit_data stack usage for private LSM data I\u0027m\nnot going to shrink the data union. To do this I\u0027m going to move anything\nlarger than 2 void * ptrs to it\u0027s own structure and require it to be declared\nseparately on the calling stack. Thus hot paths which don\u0027t need more than\na couple pointer don\u0027t have to declare space to hold large unneeded\nstructures. I could get this down to one void * by dealing with the key\nstruct and the struct path. We\u0027ll see if that is helpful after taking care of\nnetworking.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b3b0e4fc15efa507b902d90cea39e496a523c3b", "tree": "d7b91c21ad6c6f4ac21dd51297b74eec47c61684", "parents": [ "95694129b43165911dc4e8a972f0d39ad98d86be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:37:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:48:40 2012 -0700" }, "message": "LSM: shrink sizeof LSM specific portion of common_audit_data\n\nLinus found that the gigantic size of the common audit data caused a big\nperf hit on something as simple as running stat() in a loop. This patch\nrequires LSMs to declare the LSM specific portion separately rather than\ndoing it in a union. Thus each LSM can be responsible for shrinking their\nportion and don\u0027t have to pay a penalty just because other LSMs have a\nbigger space requirement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4baf6e33251b37f111e21289f8ee71fe4cce236e", "tree": "7decc386a60679fd2696041810cf331c0daf1f41", "parents": [ "676f7c8f84d15e94065841529016da5ab92e901b" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Sun Apr 01 12:09:55 2012 -0700" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Sun Apr 01 12:09:55 2012 -0700" }, "message": "cgroup: convert all non-memcg controllers to the new cftype interface\n\nConvert debug, freezer, cpuset, cpu_cgroup, cpuacct, net_prio, blkio,\nnet_cls and device controllers to use the new cftype based interface.\nTermination entry is added to cftype arrays and populate callbacks are\nreplaced with cgroup_subsys-\u003ebase_cftypes initializations.\n\nThis is functionally identical transformation. There shouldn\u0027t be any\nvisible behavior change.\n\nmemcg is rather special and will be converted separately.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cpaul@paulmenage.org\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Vivek Goyal \u003cvgoyal@redhat.com\u003e\n" }, { "commit": "8bb1f229527dee95644e0f8496980bb767c6f620", "tree": "511551e9772f11f855bd5b759b6d449da47e8820", "parents": [ "f22e08a79f3765fecf060b225a46931c94fb0a92", "c0d0259481cc6ec2a38cad810055e455de35c733" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second try at vfs part d#2 from Al Viro:\n \"Miklos\u0027 first series (with do_lookup() rewrite split into edible\n chunks) + assorted bits and pieces.\n\n The \u0027untangling of do_lookup()\u0027 series is is a splitup of what used to\n be a monolithic patch from Miklos, so this series is basically \"how do\n I convince myself that his patch is correct (or find a hole in it)\".\n No holes found and I like the resulting cleanup, so in it went...\"\n\nChanges from try 1: Fix a boot problem with selinux, and commit messages\nprettied up a bit.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)\n vfs: fix out-of-date dentry_unhash() comment\n vfs: split __lookup_hash\n untangling do_lookup() - take __lookup_hash()-calling case out of line.\n untangling do_lookup() - switch to calling __lookup_hash()\n untangling do_lookup() - merge d_alloc_and_lookup() callers\n untangling do_lookup() - merge failure exits in !dentry case\n untangling do_lookup() - massage !dentry case towards __lookup_hash()\n untangling do_lookup() - get rid of need_reval in !dentry case\n untangling do_lookup() - eliminate a loop.\n untangling do_lookup() - expand the area under -\u003ei_mutex\n untangling do_lookup() - isolate !dentry stuff from the rest of it.\n vfs: move MAY_EXEC check from __lookup_hash()\n vfs: don\u0027t revalidate just looked up dentry\n vfs: fix d_need_lookup/d_revalidate order in do_lookup\n ext3: move headers to fs/ext3/\n migrate ext2_fs.h guts to fs/ext2/ext2.h\n new helper: ext2_image_size()\n get rid of pointless includes of ext2_fs.h\n ext2: No longer export ext2_fs.h to user space\n mtdchar: kill persistently held vfsmount\n ...\n" }, { "commit": "2f99c36986ff27a86f06f27212c5f5fa8c7164a3", "tree": "a90fd7fe865bb1c5a00b0946754b505bcf070b60", "parents": [ "4a165d25f63a989d0aabe9d8eed5b3a5d5da1862" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Mar 23 16:04:05 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "get rid of pointless includes of ext2_fs.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a1c2aa1e86a25e7cace2ded47ec52754206a5733", "tree": "6d435240e757e9f83b4f9c42f98c69888f3b3928", "parents": [ "e152c38abaa92352679c9b53c4cce533c03997c6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 18 20:36:59 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "selinuxfs: merge dentry allocation into sel_make_dir()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cdb0f9a1ad2ee3c11e21bc99f0c2021a02844666", "tree": "e4c2ea0b8c432645d1a28bdb694939b1e2891b30", "parents": [ "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:12:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: inline avc_audit() and avc_has_perm_noaudit() into caller\n\nNow that all the slow-path code is gone from these functions, we can\ninline them into the main caller - avc_has_perm_flags().\n\nNow the compiler can see that \u0027avc\u0027 is allocated on the stack for this\ncase, which helps register pressure a bit. It also actually shrinks the\ntotal stack frame, because the stack frame that avc_has_perm_flags()\nalways needed (for that \u0027avc\u0027 allocation) is now sufficient for the\ninlined functions too.\n\nInlining isn\u0027t bad - but mindless inlining of cold code (see the\nprevious commit) is.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad", "tree": "f84e38fa7a54c1a678a14d7a65e583efac1cafa3", "parents": [ "fa2a4519cb6ad94224eb56a1341fff570fd44ea1" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 10:58:08 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: don\u0027t inline slow-path code into avc_has_perm_noaudit()\n\nThe selinux AVC paths remain some of the hottest (and deepest) codepaths\nat filename lookup time, and we make it worse by having the slow path\ncases take up I$ and stack space even when they don\u0027t trigger. Gcc\ntends to always want to inline functions that are just called once -\nnever mind that this might make for slower and worse code in the caller.\n\nSo this tries to improve on it a bit by making the slow-path cases\nexplicitly separate functions that are marked noinline, causing gcc to\nat least no longer allocate stack space for them unless they are\nactually called. It also seems to help register allocation a tiny bit,\nsince gcc now doesn\u0027t take the slow case code into account.\n\nUninlining the slow path may also allow us to inline the remaining hot\npath into the one caller that actually matters: avc_has_perm_flags().\nI\u0027ll have to look at that separately, but both avc_audit() and\navc_has_perm_noaudit() are now small and lean enough that inlining them\nmay make sense.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a591afc01d9e48affbacb365558a31e53c85af45", "tree": "9bb91f4eb94ec69fc4706c4944788ec5f3586063", "parents": [ "820d41cf0cd0e94a5661e093821e2e5c6b36a9d8", "31796ac4e8f0e88f5c10f1ad6dab8f19bebe44a4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "message": "Merge branch \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull x32 support for x86-64 from Ingo Molnar:\n \"This tree introduces the X32 binary format and execution mode for x86:\n 32-bit data space binaries using 64-bit instructions and 64-bit kernel\n syscalls.\n\n This allows applications whose working set fits into a 32 bits address\n space to make use of 64-bit instructions while using a 32-bit address\n space with shorter pointers, more compressed data structures, etc.\"\n\nFix up trivial context conflicts in arch/x86/{Kconfig,vdso/vma.c}\n\n* \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (71 commits)\n x32: Fix alignment fail in struct compat_siginfo\n x32: Fix stupid ia32/x32 inversion in the siginfo format\n x32: Add ptrace for x32\n x32: Switch to a 64-bit clock_t\n x32: Provide separate is_ia32_task() and is_x32_task() predicates\n x86, mtrr: Use explicit sizing and padding for the 64-bit ioctls\n x86/x32: Fix the binutils auto-detect\n x32: Warn and disable rather than error if binutils too old\n x32: Only clear TIF_X32 flag once\n x32: Make sure TS_COMPAT is cleared for x32 tasks\n fs: Remove missed -\u003efds_bits from cessation use of fd_set structs internally\n fs: Fix close_on_exec pointer in alloc_fdtable\n x32: Drop non-__vdso weak symbols from the x32 VDSO\n x32: Fix coding style violations in the x32 VDSO code\n x32: Add x32 VDSO support\n x32: Allow x32 to be configured\n x32: If configured, add x32 system calls to system call tables\n x32: Handle process creation\n x32: Signal-related system calls\n x86: Add #ifdef CONFIG_COMPAT to \u003casm/sys_ia32.h\u003e\n ...\n" }, { "commit": "0195c00244dc2e9f522475868fa278c473ba7339", "tree": "f97ca98ae64ede2c33ad3de05ed7bbfa4f4495ed", "parents": [ "f21ce8f8447c8be8847dadcfdbcc76b0d7365fa5", "141124c02059eee9dbc5c86ea797b1ca888e77f7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 28 15:58:21 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 28 15:58:21 2012 -0700" }, "message": "Merge tag \u0027split-asm_system_h-for-linus-20120328\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system\n\nPull \"Disintegrate and delete asm/system.h\" from David Howells:\n \"Here are a bunch of patches to disintegrate asm/system.h into a set of\n separate bits to relieve the problem of circular inclusion\n dependencies.\n\n I\u0027ve built all the working defconfigs from all the arches that I can\n and made sure that they don\u0027t break.\n\n The reason for these patches is that I recently encountered a circular\n dependency problem that came about when I produced some patches to\n optimise get_order() by rewriting it to use ilog2().\n\n This uses bitops - and on the SH arch asm/bitops.h drags in\n asm-generic/get_order.h by a circuituous route involving asm/system.h.\n\n The main difficulty seems to be asm/system.h. It holds a number of\n low level bits with no/few dependencies that are commonly used (eg.\n memory barriers) and a number of bits with more dependencies that\n aren\u0027t used in many places (eg. switch_to()).\n\n These patches break asm/system.h up into the following core pieces:\n\n (1) asm/barrier.h\n\n Move memory barriers here. This already done for MIPS and Alpha.\n\n (2) asm/switch_to.h\n\n Move switch_to() and related stuff here.\n\n (3) asm/exec.h\n\n Move arch_align_stack() here. Other process execution related bits\n could perhaps go here from asm/processor.h.\n\n (4) asm/cmpxchg.h\n\n Move xchg() and cmpxchg() here as they\u0027re full word atomic ops and\n frequently used by atomic_xchg() and atomic_cmpxchg().\n\n (5) asm/bug.h\n\n Move die() and related bits.\n\n (6) asm/auxvec.h\n\n Move AT_VECTOR_SIZE_ARCH here.\n\n Other arch headers are created as needed on a per-arch basis.\"\n\nFixed up some conflicts from other header file cleanups and moving code\naround that has happened in the meantime, so David\u0027s testing is somewhat\nweakened by that. We\u0027ll find out anything that got broken and fix it..\n\n* tag \u0027split-asm_system_h-for-linus-20120328\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system: (38 commits)\n Delete all instances of asm/system.h\n Remove all #inclusions of asm/system.h\n Add #includes needed to permit the removal of asm/system.h\n Move all declarations of free_initmem() to linux/mm.h\n Disintegrate asm/system.h for OpenRISC\n Split arch_align_stack() out from asm-generic/system.h\n Split the switch_to() wrapper out of asm-generic/system.h\n Move the asm-generic/system.h xchg() implementation to asm-generic/cmpxchg.h\n Create asm-generic/barrier.h\n Make asm-generic/cmpxchg.h #include asm-generic/cmpxchg-local.h\n Disintegrate asm/system.h for Xtensa\n Disintegrate asm/system.h for Unicore32 [based on ver #3, changed by gxt]\n Disintegrate asm/system.h for Tile\n Disintegrate asm/system.h for Sparc\n Disintegrate asm/system.h for SH\n Disintegrate asm/system.h for Score\n Disintegrate asm/system.h for S390\n Disintegrate asm/system.h for PowerPC\n Disintegrate asm/system.h for PA-RISC\n Disintegrate asm/system.h for MN10300\n ...\n" }, { "commit": "9ffc93f203c18a70623f21950f1dd473c9ec48cd", "tree": "1eb3536ae183b0bfbf7f5152a6fe4f430ae881c2", "parents": [ "96f951edb1f1bdbbc99b0cd458f9808bb83d58ae" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "message": "Remove all #inclusions of asm/system.h\n\nRemove all #inclusions of asm/system.h preparatory to splitting and killing\nit. Performed with the following command:\n\nperl -p -i -e \u0027s!^#\\s*include\\s*\u003casm/system[.]h\u003e.*\\n!!\u0027 `grep -Irl \u0027^#\\s*include\\s*\u003casm/system[.]h\u003e\u0027 *`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "0421ea91ddc7895a5a68d3bc670ed4b8e6448a42", "tree": "409b065611770dc4b69df1bb80100e001d52c36c", "parents": [ "e22057c8599373e5caef0bc42bdb95d2a361ab0d" ], "author": { "name": "John Johansen", "email": "john.johansen@canonical.com", "time": "Tue Mar 27 04:14:33 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Mar 28 01:00:05 2012 +1100" }, "message": "apparmor: Fix change_onexec when called from a confined task\n\nFix failure in aa_change_onexec api when the request is made from a confined\ntask. This failure was caused by two problems\n\n The AA_MAY_ONEXEC perm was not being mapped correctly for this case.\n\n The executable name was being checked as second time instead of using the\n requested onexec profile name, which may not be the same as the exec\n profile name. This mistake can not be exploited to grant extra permission\n because of the above flaw where the ONEXEC permission was not being mapped\n so it will not be granted.\n\nBugLink: http://bugs.launchpad.net/bugs/963756\n\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "778aae84ef694325662447eceba1a5f7d3eebdbb", "tree": "7bf3f7e682e220ce30afe3572332fb424a3761f2", "parents": [ "15e9b9b9ed268fa91e52c44d621f3d0296162d15" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "message": "SELinux: selinux/xfrm.h needs net/flow.h\n\nselinux/xfrm.h needs to #include net/flow.h or else suffer:\n\nIn file included from security/selinux/ss/services.c:69:0:\nsecurity/selinux/include/xfrm.h: In function \u0027selinux_xfrm_notify_policyload\u0027:\nsecurity/selinux/include/xfrm.h:53:14: error: \u0027flow_cache_genid\u0027 undeclared (first use in this function)\nsecurity/selinux/include/xfrm.h:53:14: note: each undeclared identifier is reported only once for each function it appears in\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "9d944ef32e83405a07376f112e9f02161d3e9731", "tree": "24170ff64fb83221da133e2afb53f58e840a6eee", "parents": [ "d0bd587a80960d7ba7e0c8396e154028c9045c54" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "usermodehelper: kill umh_wait, renumber UMH_* constants\n\nNo functional changes. It is not sane to use UMH_KILLABLE with enum\numh_wait, but obviously we do not want another argument in\ncall_usermodehelper_* helpers. Kill this enum, use the plain int.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "70834d3070c3f3015ab5c05176d54bd4a0100546", "tree": "4dbcea84c4584de05f83aa911164902b3f00265f", "parents": [ "a02d6fd643cbd4c559113b35b31d3b04e4ec60c7" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:46 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "usermodehelper: use UMH_WAIT_PROC consistently\n\nA few call_usermodehelper() callers use the hardcoded constant instead of\nthe proper UMH_WAIT_PROC, fix them.\n\nReported-by: Tetsuo Handa \u003cpenguin-kernel@i-love.sakura.ne.jp\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Lars Ellenberg \u003cdrbd-dev@lists.linbit.com\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nCc: Michal Januszewski \u003cspock@gentoo.org\u003e\nCc: Florian Tobias Schandinat \u003cFlorianSchandinat@gmx.de\u003e\nCc: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nCc: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f63d395d47f37a4fe771e6d4b1db9d2cdae5ffc5", "tree": "3448a14ae965802adb963762cadeb9989ce4caa2", "parents": [ "643ac9fc5429e85b8b7f534544b80bcc4f34c367", "5a7c9eec9fde1da0e3adf0a4ddb64ff2a324a492" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 08:53:47 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 08:53:47 2012 -0700" }, "message": "Merge tag \u0027nfs-for-3.4-1\u0027 of git://git.linux-nfs.org/projects/trondmy/linux-nfs\n\nPull NFS client updates for Linux 3.4 from Trond Myklebust:\n \"New features include:\n - Add NFS client support for containers.\n\n This should enable most of the necessary functionality, including\n lockd support, and support for rpc.statd, NFSv4 idmapper and\n RPCSEC_GSS upcalls into the correct network namespace from which\n the mount system call was issued.\n\n - NFSv4 idmapper scalability improvements\n\n Base the idmapper cache on the keyring interface to allow\n concurrent access to idmapper entries. Start the process of\n migrating users from the single-threaded daemon-based approach to\n the multi-threaded request-key based approach.\n\n - NFSv4.1 implementation id.\n\n Allows the NFSv4.1 client and server to mutually identify each\n other for logging and debugging purposes.\n\n - Support the \u0027vers\u003d4.1\u0027 mount option for mounting NFSv4.1 instead of\n having to use the more counterintuitive \u0027vers\u003d4,minorversion\u003d1\u0027.\n\n - SUNRPC tracepoints.\n\n Start the process of adding tracepoints in order to improve\n debugging of the RPC layer.\n\n - pNFS object layout support for autologin.\n\n Important bugfixes include:\n\n - Fix a bug in rpc_wake_up/rpc_wake_up_status that caused them to\n fail to wake up all tasks when applied to priority waitqueues.\n\n - Ensure that we handle read delegations correctly, when we try to\n truncate a file.\n\n - A number of fixes for NFSv4 state manager loops (mostly to do with\n delegation recovery).\"\n\n* tag \u0027nfs-for-3.4-1\u0027 of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (224 commits)\n NFS: fix sb-\u003es_id in nfs debug prints\n xprtrdma: Remove assumption that each segment is \u003c\u003d PAGE_SIZE\n xprtrdma: The transport should not bug-check when a dup reply is received\n pnfs-obj: autologin: Add support for protocol autologin\n NFS: Remove nfs4_setup_sequence from generic rename code\n NFS: Remove nfs4_setup_sequence from generic unlink code\n NFS: Remove nfs4_setup_sequence from generic read code\n NFS: Remove nfs4_setup_sequence from generic write code\n NFS: Fix more NFS debug related build warnings\n SUNRPC/LOCKD: Fix build warnings when CONFIG_SUNRPC_DEBUG is undefined\n nfs: non void functions must return a value\n SUNRPC: Kill compiler warning when RPC_DEBUG is unset\n SUNRPC/NFS: Add Kbuild dependencies for NFS_DEBUG/RPC_DEBUG\n NFS: Use cond_resched_lock() to reduce latencies in the commit scans\n NFSv4: It is not safe to dereference lsp-\u003els_state in release_lockowner\n NFS: ncommit count is being double decremented\n SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up()\n Try using machine credentials for RENEW calls\n NFSv4.1: Fix a few issues in filelayout_commit_pagelist\n NFSv4.1: Clean ups and bugfixes for the pNFS read/writeback/commit code\n ...\n" }, { "commit": "48aab2f79dfc1357c48ce22ff5c989b52a590069", "tree": "7f690fe147bccc24b7a017845dbe9a99d7978b5f", "parents": [ "f7493e5d9cc10ac97cf1f1579fdc14117460b40b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "message": "security: optimize avc_audit() common path\n\navc_audit() did a lot of jumping around and had a big stack frame, all\nfor the uncommon case.\n\nSplit up the uncommon case (which we really can\u0027t make go fast anyway)\ninto its own slow function, and mark the conditional branches\nappropriately for the common likely case.\n\nThis causes avc_audit() to no longer show up as one of the hottest\nfunctions on the branch profiles (the new \"perf -b\" thing), and makes\nthe cycle profiles look really nice and dense too.\n\nThe whole audit path is still annoyingly very much one of the biggest\ncosts of name lookup, so these things are worth optimizing for. I wish\nwe could just tell people to turn it off, but realistically we do need\nit: we just need to make sure that the overhead of the necessary evil is\nas low as possible.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e2a0883e4071237d09b604a342c28b96b44a04b3", "tree": "aa56f4d376b5eb1c32358c19c2669c2a94e0e1fd", "parents": [ "3a990a52f9f25f45469e272017a31e7a3fda60ed", "07c0c5d8b8c122b2f2df9ee574ac3083daefc981" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:36:41 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull vfs pile 1 from Al Viro:\n \"This is _not_ all; in particular, Miklos\u0027 and Jan\u0027s stuff is not there\n yet.\"\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (64 commits)\n ext4: initialization of ext4_li_mtx needs to be done earlier\n debugfs-related mode_t whack-a-mole\n hfsplus: add an ioctl to bless files\n hfsplus: change finder_info to u32\n hfsplus: initialise userflags\n qnx4: new helper - try_extent()\n qnx4: get rid of qnx4_bread/qnx4_getblk\n take removal of PF_FORKNOEXEC to flush_old_exec()\n trim includes in inode.c\n um: uml_dup_mmap() relies on -\u003emmap_sem being held, but activate_mm() doesn\u0027t hold it\n um: embed -\u003estub_pages[] into mmu_context\n gadgetfs: list_for_each_safe() misuse\n ocfs2: fix leaks on failure exits in module_init\n ecryptfs: make register_filesystem() the last potential failure exit\n ntfs: forgets to unregister sysctls on register_filesystem() failure\n logfs: missing cleanup on register_filesystem() failure\n jfs: mising cleanup on register_filesystem() failure\n make configfs_pin_fs() return root dentry on success\n configfs: configfs_create_dir() has parent dentry in dentry-\u003ed_parent\n configfs: sanitize configfs_create()\n ...\n" }, { "commit": "3556485f1595e3964ba539e39ea682acbb835cee", "tree": "7f5ee254f425b1427ac0059b5f347a307f8538a1", "parents": [ "b8716614a7cc2fc15ea2a518edd04755fb08d922", "09f61cdbb32a9d812c618d3922db533542736bb0" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 13:25:04 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates for 3.4 from James Morris:\n \"The main addition here is the new Yama security module from Kees Cook,\n which was discussed at the Linux Security Summit last year. Its\n purpose is to collect miscellaneous DAC security enhancements in one\n place. This also marks a departure in policy for LSM modules, which\n were previously limited to being standalone access control systems.\n Chromium OS is using Yama, and I believe there are plans for Ubuntu,\n at least.\n\n This patchset also includes maintenance updates for AppArmor, TOMOYO\n and others.\"\n\nFix trivial conflict in \u003cnet/sock.h\u003e due to the jumo_label-\u003estatic_key\nrename.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)\n AppArmor: Fix location of const qualifier on generated string tables\n TOMOYO: Return error if fails to delete a domain\n AppArmor: add const qualifiers to string arrays\n AppArmor: Add ability to load extended policy\n TOMOYO: Return appropriate value to poll().\n AppArmor: Move path failure information into aa_get_name and rename\n AppArmor: Update dfa matching routines.\n AppArmor: Minor cleanup of d_namespace_path to consolidate error handling\n AppArmor: Retrieve the dentry_path for error reporting when path lookup fails\n AppArmor: Add const qualifiers to generated string tables\n AppArmor: Fix oops in policy unpack auditing\n AppArmor: Fix error returned when a path lookup is disconnected\n KEYS: testing wrong bit for KEY_FLAG_REVOKED\n TOMOYO: Fix mount flags checking order.\n security: fix ima kconfig warning\n AppArmor: Fix the error case for chroot relative path name lookup\n AppArmor: fix mapping of META_READ to audit and quiet flags\n AppArmor: Fix underflow in xindex calculation\n AppArmor: Fix dropping of allowed operations that are force audited\n AppArmor: Add mising end of structure test to caps unpacking\n ...\n" }, { "commit": "9f3938346a5c1fa504647670edb5fea5756cfb00", "tree": "7cf6d24d6b076c8db8571494984924cac03703a2", "parents": [ "69a7aebcf019ab3ff5764525ad6858fbe23bb86d", "317b6e128247f75976b0fc2b9fd8d2c20ef13b3a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 21 09:40:26 2012 -0700" }, "message": "Merge branch \u0027kmap_atomic\u0027 of git://github.com/congwang/linux\n\nPull kmap_atomic cleanup from Cong Wang.\n\nIt\u0027s been in -next for a long time, and it gets rid of the (no longer\nused) second argument to k[un]map_atomic().\n\nFix up a few trivial conflicts in various drivers, and do an \"evil\nmerge\" to catch some new uses that have come in since Cong\u0027s tree.\n\n* \u0027kmap_atomic\u0027 of git://github.com/congwang/linux: (59 commits)\n feature-removal-schedule.txt: schedule the deprecated form of kmap_atomic() for removal\n highmem: kill all __kmap_atomic() [swarren@nvidia.com: highmem: Fix ARM build break due to __kmap_atomic rename]\n drbd: remove the second argument of k[un]map_atomic()\n zcache: remove the second argument of k[un]map_atomic()\n gma500: remove the second argument of k[un]map_atomic()\n dm: remove the second argument of k[un]map_atomic()\n tomoyo: remove the second argument of k[un]map_atomic()\n sunrpc: remove the second argument of k[un]map_atomic()\n rds: remove the second argument of k[un]map_atomic()\n net: remove the second argument of k[un]map_atomic()\n mm: remove the second argument of k[un]map_atomic()\n lib: remove the second argument of k[un]map_atomic()\n power: remove the second argument of k[un]map_atomic()\n kdb: remove the second argument of k[un]map_atomic()\n udf: remove the second argument of k[un]map_atomic()\n ubifs: remove the second argument of k[un]map_atomic()\n squashfs: remove the second argument of k[un]map_atomic()\n reiserfs: remove the second argument of k[un]map_atomic()\n ocfs2: remove the second argument of k[un]map_atomic()\n ntfs: remove the second argument of k[un]map_atomic()\n ...\n" }, { "commit": "40ffe67d2e89c7a475421d007becc11a2f88ea3d", "tree": "5373e71b18895b9ffd8370a88aec6c54438240a0", "parents": [ "38eff2892628fa5c4fc8962a17b7296f42833ebe" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:54:32 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:41 2012 -0400" }, "message": "switch unix_sock to struct path\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0d9cabdccedb79ee5f27b77ff51f29a9e7d23275", "tree": "8bfb64c3672d058eb90aec3c3a9c4f61cef9097c", "parents": [ "701085b219016d38f105b031381b9cee6200253a", "3ce3230a0cff484e5130153f244d4fb8a56b3a8b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Mar 20 18:11:21 2012 -0700" }, "message": "Merge branch \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup\n\nPull cgroup changes from Tejun Heo:\n \"Out of the 8 commits, one fixes a long-standing locking issue around\n tasklist walking and others are cleanups.\"\n\n* \u0027for-3.4\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:\n cgroup: Walk task list under tasklist_lock in cgroup_enable_task_cg_list\n cgroup: Remove wrong comment on cgroup_enable_task_cg_list()\n cgroup: remove cgroup_subsys argument from callbacks\n cgroup: remove extra calls to find_existing_css_set\n cgroup: replace tasklist_lock with rcu_read_lock\n cgroup: simplify double-check locking in cgroup_attach_proc\n cgroup: move struct cgroup_pidlist out from the header file\n cgroup: remove cgroup_attach_task_current_cg()\n" }, { "commit": "c58e0377d61e209600def7d4d9ae535ea94bc210", "tree": "142d1ca23d06458c8b798174e01281ad67b2ab76", "parents": [ "b85417860172ff693dc115d7999805fc240cec1c" ], "author": { "name": "Cong Wang", "email": "amwang@redhat.com", "time": "Fri Nov 25 23:26:35 2011 +0800" }, "committer": { "name": "Cong Wang", "email": "xiyou.wangcong@gmail.com", "time": "Tue Mar 20 21:48:28 2012 +0800" }, "message": "tomoyo: remove the second argument of k[un]map_atomic()\n\nAcked-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Cong Wang \u003camwang@redhat.com\u003e\n" } ], "next": "09f61cdbb32a9d812c618d3922db533542736bb0" }