)]}' { "log": [ { "commit": "e5467859f7f79b69fc49004403009dfdba3bec53", "tree": "73b011daf79eeddd61bbcaf65cd197b5e5f6f149", "parents": [ "d007794a182bc072a7b7479909dbd0d67ba341be" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:30:51 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:11:54 2012 -0400" }, "message": "split -\u003efile_mmap() into -\u003emmap_addr()/-\u003emmap_file()\n\n... i.e. file-dependent and address-dependent checks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d007794a182bc072a7b7479909dbd0d67ba341be", "tree": "75aa7ccd563a0fe8b60391824c92f64098674dda", "parents": [ "cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 30 13:11:37 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 31 13:10:54 2012 -0400" }, "message": "split cap_mmap_addr() out of cap_file_mmap()\n\n... switch callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cc1dad7183e4cb7f5d313b6942f2059fc0eabab6", "tree": "372614e5c981ff868682af2babdd8d0fec356952", "parents": [ "c862868bb455694704c255481369c40d7185eb25" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 02 19:40:47 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue May 29 23:28:33 2012 -0400" }, "message": "selinuxfs snprintf() misuses\n\na) %d does _not_ produce a page worth of output\nb) snprintf() doesn\u0027t return negatives - it used to in old glibc, but\nthat\u0027s the kernel...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b", "tree": "4322be35db678f6299348a76ad60a2023954af7d", "parents": [ "99262a3dafa3290866512ddfb32609198f8973e9", "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 21 20:27:36 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"New notable features:\n - The seccomp work from Will Drewry\n - PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski\n - Longer security labels for Smack from Casey Schaufler\n - Additional ptrace restriction modes for Yama by Kees Cook\"\n\nFix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)\n apparmor: fix long path failure due to disconnected path\n apparmor: fix profile lookup for unconfined\n ima: fix filename hint to reflect script interpreter name\n KEYS: Don\u0027t check for NULL key pointer in key_validate()\n Smack: allow for significantly longer Smack labels v4\n gfp flags for security_inode_alloc()?\n Smack: recursive tramsmute\n Yama: replace capable() with ns_capable()\n TOMOYO: Accept manager programs which do not start with / .\n KEYS: Add invalidation support\n KEYS: Do LRU discard in full keyrings\n KEYS: Permit in-place link replacement in keyring list\n KEYS: Perform RCU synchronisation on keys prior to key destruction\n KEYS: Announce key type (un)registration\n KEYS: Reorganise keys Makefile\n KEYS: Move the key config into security/keys/Kconfig\n KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat\n Yama: remove an unused variable\n samples/seccomp: fix dependencies on arch macros\n Yama: add additional ptrace scopes\n ...\n" }, { "commit": "ff2bb047c4bce9742e94911eeb44b4d6ff4734ab", "tree": "9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f", "parents": [ "cffee16e8b997ab947de661e8820e486b0830c94", "c737f8284cac91428f8fcc8281e69117fa16e887" ], "author": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue May 22 11:21:06 2012 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n\nPer pull request, for 3.5.\n" }, { "commit": "d16cf20e2f2f13411eece7f7fb72c17d141c4a84", "tree": "8154b3db8cdbb4b8d9f35d4c407cfe961253f0b4", "parents": [ "6714cf5465d2803a21c6a46c1ea747795a8889fa" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 19:45:28 2012 +0200" }, "committer": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Tue May 08 20:25:42 2012 +0200" }, "message": "netfilter: remove ip_queue support\n\nThis patch removes ip_queue support which was marked as obsolete\nyears ago. The nfnetlink_queue modules provides more advanced\nuser-space packet queueing mechanism.\n\nThis patch also removes capability code included in SELinux that\nrefers to ip_queue. Otherwise, we break compilation.\n\nSeveral warning has been sent regarding this to the mailing list\nin the past month without anyone rising the hand to stop this\nwith some strong argument.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\n" }, { "commit": "259e5e6c75a910f3b5e656151dc602f53f9d7548", "tree": "4405fdf68238f2e33f27b04e8c37c9e29a2493d8", "parents": [ "9ccf010f8172b699ea80178860e8ea228f7dce56" ], "author": { "name": "Andy Lutomirski", "email": "luto@amacapital.net", "time": "Thu Apr 12 16:47:50 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:18 2012 +1000" }, "message": "Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time. For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set. The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries. By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged. For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use. It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nv18: updated change desc\nv17: using new define values as per 3.4\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "c737f8284cac91428f8fcc8281e69117fa16e887", "tree": "7cb4cd77df9786925aa2c7cad919c4881651638b", "parents": [ "562c99f20d989f222138dddfd71e275bfb3665de" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 05 13:51:53 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:57 2012 -0400" }, "message": "SELinux: remove unused common_audit_data in flush_unauthorized_files\n\nWe don\u0027t need this variable and it just eats stack space. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "562c99f20d989f222138dddfd71e275bfb3665de", "tree": "47743a88f3aed8b77f79899f45409a597ab77263", "parents": [ "0b36e44cc680b355f0d1b34002b2a10c9e1cae60" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:14 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:44 2012 -0400" }, "message": "SELinux: avc: remove the useless fields in avc_add_callback\n\navc_add_callback now just used for registering reset functions\nin initcalls, and the callback functions just did reset operations.\nSo, reducing the arguments to only one event is enough now.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0b36e44cc680b355f0d1b34002b2a10c9e1cae60", "tree": "60e6a2800af2980b1b83206d2b6f6fd20baf4165", "parents": [ "899838b25f063a94594b1df6e0100aea1ec57fac" ], "author": { "name": "Wanlong Gao", "email": "gaowanlong@cn.fujitsu.com", "time": "Wed Mar 07 22:17:13 2012 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:07 2012 -0400" }, "message": "SELinux: replace weak GFP_ATOMIC to GFP_KERNEL in avc_add_callback\n\navc_add_callback now only called from initcalls, so replace the\nweak GFP_ATOMIC to GFP_KERNEL, and mark this function __init\nto make a warning when not been called from initcalls.\n\nSigned-off-by: Wanlong Gao \u003cgaowanlong@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "899838b25f063a94594b1df6e0100aea1ec57fac", "tree": "ce22a1fca876195237ba92051cb12b34aa957447", "parents": [ "1d3492927118d0ce1ea1ff3e007746699cba8f3e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:06 2012 -0400" }, "message": "SELinux: unify the selinux_audit_data and selinux_late_audit_data\n\nWe no longer need the distinction. We only need data after we decide to do an\naudit. So turn the \"late\" audit data into just \"data\" and remove what we\ncurrently have as \"data\".\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1d3492927118d0ce1ea1ff3e007746699cba8f3e", "tree": "16f50a33be365548a77dfb199337031779af86eb", "parents": [ "50c205f5e5c2e2af002fd4ef537ded79b90b1b56" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:05 2012 -0400" }, "message": "SELinux: remove auditdeny from selinux_audit_data\n\nIt\u0027s just takin\u0027 up space.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "50c205f5e5c2e2af002fd4ef537ded79b90b1b56", "tree": "9965a7746aa8c5e982357d5b8c46850f3283206c", "parents": [ "07f62eb66c6626aa5653a0fcb34c9c040d0bd032" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:04 2012 -0400" }, "message": "LSM: do not initialize common_audit_data to 0\n\nIt isn\u0027t needed. If you don\u0027t set the type of the data associated with\nthat type it is a pretty obvious programming bug. So why waste the cycles?\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b466066f9b648ccb6aa1e174f0389b7433e460fd", "tree": "beaec41a751db3ceeb55e4c428bb7e1fe995d880", "parents": [ "0972c74ecba4878baa5f97bb78b242c0eefacfb6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:43 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:03 2012 -0400" }, "message": "LSM: remove the task field from common_audit_data\n\nThere are no legitimate users. Always use current and get back some stack\nspace for the common_audit_data.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bd5e50f9c1c71daac273fa586424f07205f6b13b", "tree": "57331d7e1941077cd55d33e7f12e6f8a07cdd80e", "parents": [ "d4cf970d0732628d514405c5a975024b9e205b0b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:01 2012 -0400" }, "message": "LSM: remove the COMMON_AUDIT_DATA_INIT type expansion\n\nJust open code it so grep on the source code works better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d4cf970d0732628d514405c5a975024b9e205b0b", "tree": "481f90ea13b2cbc8dd77bc934aa91024c1df6587", "parents": [ "602a8dd6ea6abd463bc26310c4a1b44919f88e68" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: move common_audit_data to a noinline slow path function\n\nselinux_inode_has_perm is a hot path. Instead of declaring the\ncommon_audit_data on the stack move it to a noinline function only used in\nthe rare case we need to send an audit message.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "602a8dd6ea6abd463bc26310c4a1b44919f88e68", "tree": "426df8399ff298942a7e30c3a360a666e51ba920", "parents": [ "2e33405785d3eaec303c54b4a10afdebf3729da7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:23:00 2012 -0400" }, "message": "SELinux: remove inode_has_perm_noadp\n\nBoth callers could better be using file_has_perm() to get better audit\nresults.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2e33405785d3eaec303c54b4a10afdebf3729da7", "tree": "f4c0d114503796e9f958341393e336f76a7eb6dd", "parents": [ "154c50ca4eb9ae472f50b6a481213e21ead4457d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 15:01:42 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:59 2012 -0400" }, "message": "SELinux: delay initialization of audit data in selinux_inode_permission\n\nWe pay a rather large overhead initializing the common_audit_data.\nSince we only need this information if we actually emit an audit\nmessage there is little need to set it up in the hot path. This patch\nsplits the functionality of avc_has_perm() into avc_has_perm_noaudit(),\navc_audit_required() and slow_avc_audit(). But we take care of setting\nup to audit between required() and the actual audit call. Thus saving\nmeasurable time in a hot path.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "154c50ca4eb9ae472f50b6a481213e21ead4457d", "tree": "8f496c340514e7041c50e212aa1d45a18ca7476c", "parents": [ "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:47:11 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:58 2012 -0400" }, "message": "SELinux: if sel_make_bools errors don\u0027t leave inconsistent state\n\nWe reset the bool names and values array to NULL, but do not reset the\nnumber of entries in these arrays to 0. If we error out and then get back\ninto this function we will walk these NULL pointers based on the belief\nthat they are non-zero length.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\ncc: stable@kernel.org\n" }, { "commit": "92ae9e82d9a2c4b9b388d6a9e7a4b2ccb0b4452f", "tree": "c9fb517b25ff64f1a07abf62fa90512a48949fc4", "parents": [ "bb7081ab93582fd2557160549854200a5fc7b42a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:46 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:57 2012 -0400" }, "message": "SELinux: remove needless sel_div function\n\nI\u0027m not really sure what the idea behind the sel_div function is, but it\u0027s\nuseless. Since a and b are both unsigned, it\u0027s impossible for a % b \u003c 0.\nThat means that part of the function never does anything. Thus it\u0027s just a\nnormal /. Just do that instead. I don\u0027t even understand what that operation\nwas supposed to mean in the signed case however....\n\nIf it was signed:\nsel_div(-2, 4) \u003d\u003d ((-2 / 4) - ((-2 % 4) \u003c 0))\n\t\t ((0) - ((-2) \u003c 0))\n\t\t ((0) - (1))\n\t\t (-1)\n\nWhat actually happens:\nsel_div(-2, 4) \u003d\u003d ((18446744073709551614 / 4) - ((18446744073709551614 % 4) \u003c 0))\n\t\t ((4611686018427387903) - ((2 \u003c 0))\n\t\t (4611686018427387903 - 0)\n\t\t ((unsigned int)4611686018427387903)\n\t\t (4294967295)\n\nNeither makes a whole ton of sense to me. So I\u0027m getting rid of the\nfunction entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bb7081ab93582fd2557160549854200a5fc7b42a", "tree": "fa95a4c7f31d7f3f06d38eab68fcdd19da102e82", "parents": [ "d6ea83ec6864e9297fa8b00ec3dae183413a90e3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:46:36 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: possible NULL deref in context_struct_to_string\n\nIt\u0027s possible that the caller passed a NULL for scontext. However if this\nis a defered mapping we might still attempt to call *scontext\u003dkstrdup().\nThis is bad. Instead just return the len.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d6ea83ec6864e9297fa8b00ec3dae183413a90e3", "tree": "8a64f20f1a930d8f6ecd5ce0368c55a0c83f49dc", "parents": [ "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:49 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:56 2012 -0400" }, "message": "SELinux: audit failed attempts to set invalid labels\n\nWe know that some yum operation is causing CAP_MAC_ADMIN failures. This\nimplies that an RPM is laying down (or attempting to lay down) a file with\nan invalid label. The problem is that we don\u0027t have any information to\ntrack down the cause. This patch will cause such a failure to report the\nfailed label in an SELINUX_ERR audit message. This is similar to the\nSELINUX_ERR reports on invalid transitions and things like that. It should\nhelp run down problems on what is trying to set invalid labels in the\nfuture.\n\nResulting records look something like:\ntype\u003dAVC msg\u003daudit(1319659241.138:71): avc: denied { mac_admin } for pid\u003d2594 comm\u003d\"chcon\" capability\u003d33 scontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass\u003dcapability2\ntype\u003dSELINUX_ERR msg\u003daudit(1319659241.138:71): op\u003dsetxattr invalid_context\u003dunconfined_u:object_r:hello:s0\ntype\u003dSYSCALL msg\u003daudit(1319659241.138:71): arch\u003dc000003e syscall\u003d188 success\u003dno exit\u003d-22 a0\u003da2c0e0 a1\u003d390341b79b a2\u003da2d620 a3\u003d1f items\u003d1 ppid\u003d2519 pid\u003d2594 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"chcon\" exe\u003d\"/usr/bin/chcon\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dCWD msg\u003daudit(1319659241.138:71): cwd\u003d\"/root\" type\u003dPATH msg\u003daudit(1319659241.138:71): item\u003d0 name\u003d\"test\" inode\u003d785879 dev\u003dfc:03 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dunconfined_u:object_r:admin_home_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "83d498569e9a7a4b92c4c5d3566f2d6a604f28c9", "tree": "e0d77f21bda5bec5ace52b3fa557f87b1bb57631", "parents": [ "95dbf739313f09c8d859bde1373bc264ef979337" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:40 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:50 2012 -0400" }, "message": "SELinux: rename dentry_open to file_open\n\ndentry_open takes a file, rename it to file_open\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "95dbf739313f09c8d859bde1373bc264ef979337", "tree": "c798947b740826f1fc6403d8ed840565a086e7ea", "parents": [ "eed7795d0a2c9b2e934afc088e903fa2c17b7958" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 04 13:45:34 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:49 2012 -0400" }, "message": "SELinux: check OPEN on truncate calls\n\nIn RH BZ 578841 we realized that the SELinux sandbox program was allowed to\ntruncate files outside of the sandbox. The reason is because sandbox\nconfinement is determined almost entirely by the \u0027open\u0027 permission. The idea\nwas that if the sandbox was unable to open() files it would be unable to do\nharm to those files. This turns out to be false in light of syscalls like\ntruncate() and chmod() which don\u0027t require a previous open() call. I looked\nat the syscalls that did not have an associated \u0027open\u0027 check and found that\ntruncate(), did not have a seperate permission and even if it did have a\nseparate permission such a permission owuld be inadequate for use by\nsandbox (since it owuld have to be granted so liberally as to be useless).\nThis patch checks the OPEN permission on truncate. I think a better solution\nfor sandbox is a whole new permission, but at least this fixes what we have\ntoday.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "eed7795d0a2c9b2e934afc088e903fa2c17b7958", "tree": "8f402c793774abfea12fd86bec741f0056302324", "parents": [ "aa893269de6277b44be88e25dcd5331c934c29c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:48 2012 -0400" }, "message": "SELinux: add default_type statements\n\nBecause Fedora shipped userspace based on my development tree we now\nhave policy version 27 in the wild defining only default user, role, and\nrange. Thus to add default_type we need a policy.28.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "aa893269de6277b44be88e25dcd5331c934c29c4", "tree": "f994e023f787c1665b65725f2c009a9f5a021be7", "parents": [ "6ce74ec75ca690c4fb3a3c5f8b7767d094d93215" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 20 14:35:12 2012 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:47 2012 -0400" }, "message": "SELinux: allow default source/target selectors for user/role/range\n\nWhen new objects are created we have great and flexible rules to\ndetermine the type of the new object. We aren\u0027t quite as flexible or\nmature when it comes to determining the user, role, and range. This\npatch adds a new ability to specify the place a new objects user, role,\nand range should come from. For users and roles it can come from either\nthe source or the target of the operation. aka for files the user can\neither come from the source (the running process and todays default) or\nit can come from the target (aka the parent directory of the new file)\n\nexamples always are done with\ndirectory context: system_u:object_r:mnt_t:s0-s0:c0.c512\nprocess context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n\n[no rule]\n\tunconfined_u:object_r:mnt_t:s0 test_none\n[default user source]\n\tunconfined_u:object_r:mnt_t:s0 test_user_source\n[default user target]\n\tsystem_u:object_r:mnt_t:s0 test_user_target\n[default role source]\n\tunconfined_u:unconfined_r:mnt_t:s0 test_role_source\n[default role target]\n\tunconfined_u:object_r:mnt_t:s0 test_role_target\n[default range source low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_source_low\n[default range source high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high\n[default range source low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high\n[default range target low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_target_low\n[default range target high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high\n[default range target low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "72e8c8593f8fdb983d9cd79d824f6b48ef21f14f", "tree": "1a1a81d6fc9007f18bedaace192708efd889eaf7", "parents": [ "47a93a5bcb131879d4425d4559e90ad82990825d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:36 2012 -0400" }, "message": "SELinux: loosen DAC perms on reading policy\n\nThere is no reason the DAC perms on reading the policy file need to be root\nonly. There are selinux checks which should control this access.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "47a93a5bcb131879d4425d4559e90ad82990825d", "tree": "93bc837f9ffbd3f2ed6f7e44e2d2773714b9ada0", "parents": [ "0034102808e0dbbf3a2394b82b1bb40b5778de9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 16 15:08:39 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 09 12:22:30 2012 -0400" }, "message": "SELinux: allow seek operations on the file exposing policy\n\nsesearch uses:\nlseek(3, 0, SEEK_SET) \u003d -1 ESPIPE (Illegal seek)\n\nMake that work.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b61c37f57988567c84359645f8202a7c84bc798a", "tree": "a808c891711d060060a751f4119198dc06e2c847", "parents": [ "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 02 15:48:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:59 2012 -0700" }, "message": "lsm_audit: don\u0027t specify the audit pre/post callbacks in \u0027struct common_audit_data\u0027\n\nIt just bloats the audit data structure for no good reason, since the\nonly time those fields are filled are just before calling the\ncommon_lsm_audit() function, which is also the only user of those\nfields.\n\nSo just make them be the arguments to common_lsm_audit(), rather than\nbloating that structure that is passed around everywhere, and is\ninitialized in hot paths.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09", "tree": "20a7485417c8528d975ef4ff6e90467f63f67ab2", "parents": [ "f8294f1144ad0630075918df4bf94075f5384604" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:38:00 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:41 2012 -0700" }, "message": "SELinux: do not allocate stack space for AVC data unless needed\n\nInstead of declaring the entire selinux_audit_data on the stack when we\nstart an operation on declare it on the stack if we are going to use it.\nWe know it\u0027s usefulness at the end of the security decision and can declare\nit there.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f8294f1144ad0630075918df4bf94075f5384604", "tree": "9c794bc9a5cbc688d3b6819d211df16b979a56c9", "parents": [ "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:55 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from slow_avc_audit()\n\nWe don\u0027t use the argument, so remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7f6a47cf1477ffae9cff1d6ee181e2ce6bfb2f02", "tree": "55d2bfda38776aeed69b82cf0bd5b409744b4afd", "parents": [ "48c62af68a403ef1655546bd3e021070c8508573" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:50 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "SELinux: remove avd from selinux_audit_data\n\nWe do not use it. Remove it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "48c62af68a403ef1655546bd3e021070c8508573", "tree": "ba938e4fb45d5bdaad2dad44071d0625f8e36945", "parents": [ "3b3b0e4fc15efa507b902d90cea39e496a523c3b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 02 13:15:44 2012 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:49:10 2012 -0700" }, "message": "LSM: shrink the common_audit_data data union\n\nAfter shrinking the common_audit_data stack usage for private LSM data I\u0027m\nnot going to shrink the data union. To do this I\u0027m going to move anything\nlarger than 2 void * ptrs to it\u0027s own structure and require it to be declared\nseparately on the calling stack. Thus hot paths which don\u0027t need more than\na couple pointer don\u0027t have to declare space to hold large unneeded\nstructures. I could get this down to one void * by dealing with the key\nstruct and the struct path. We\u0027ll see if that is helpful after taking care of\nnetworking.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3b3b0e4fc15efa507b902d90cea39e496a523c3b", "tree": "d7b91c21ad6c6f4ac21dd51297b74eec47c61684", "parents": [ "95694129b43165911dc4e8a972f0d39ad98d86be" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 03 09:37:02 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 03 09:48:40 2012 -0700" }, "message": "LSM: shrink sizeof LSM specific portion of common_audit_data\n\nLinus found that the gigantic size of the common audit data caused a big\nperf hit on something as simple as running stat() in a loop. This patch\nrequires LSMs to declare the LSM specific portion separately rather than\ndoing it in a union. Thus each LSM can be responsible for shrinking their\nportion and don\u0027t have to pay a penalty just because other LSMs have a\nbigger space requirement.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8bb1f229527dee95644e0f8496980bb767c6f620", "tree": "511551e9772f11f855bd5b759b6d449da47e8820", "parents": [ "f22e08a79f3765fecf060b225a46931c94fb0a92", "c0d0259481cc6ec2a38cad810055e455de35c733" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 13:42:57 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second try at vfs part d#2 from Al Viro:\n \"Miklos\u0027 first series (with do_lookup() rewrite split into edible\n chunks) + assorted bits and pieces.\n\n The \u0027untangling of do_lookup()\u0027 series is is a splitup of what used to\n be a monolithic patch from Miklos, so this series is basically \"how do\n I convince myself that his patch is correct (or find a hole in it)\".\n No holes found and I like the resulting cleanup, so in it went...\"\n\nChanges from try 1: Fix a boot problem with selinux, and commit messages\nprettied up a bit.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)\n vfs: fix out-of-date dentry_unhash() comment\n vfs: split __lookup_hash\n untangling do_lookup() - take __lookup_hash()-calling case out of line.\n untangling do_lookup() - switch to calling __lookup_hash()\n untangling do_lookup() - merge d_alloc_and_lookup() callers\n untangling do_lookup() - merge failure exits in !dentry case\n untangling do_lookup() - massage !dentry case towards __lookup_hash()\n untangling do_lookup() - get rid of need_reval in !dentry case\n untangling do_lookup() - eliminate a loop.\n untangling do_lookup() - expand the area under -\u003ei_mutex\n untangling do_lookup() - isolate !dentry stuff from the rest of it.\n vfs: move MAY_EXEC check from __lookup_hash()\n vfs: don\u0027t revalidate just looked up dentry\n vfs: fix d_need_lookup/d_revalidate order in do_lookup\n ext3: move headers to fs/ext3/\n migrate ext2_fs.h guts to fs/ext2/ext2.h\n new helper: ext2_image_size()\n get rid of pointless includes of ext2_fs.h\n ext2: No longer export ext2_fs.h to user space\n mtdchar: kill persistently held vfsmount\n ...\n" }, { "commit": "2f99c36986ff27a86f06f27212c5f5fa8c7164a3", "tree": "a90fd7fe865bb1c5a00b0946754b505bcf070b60", "parents": [ "4a165d25f63a989d0aabe9d8eed5b3a5d5da1862" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Mar 23 16:04:05 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "get rid of pointless includes of ext2_fs.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a1c2aa1e86a25e7cace2ded47ec52754206a5733", "tree": "6d435240e757e9f83b4f9c42f98c69888f3b3928", "parents": [ "e152c38abaa92352679c9b53c4cce533c03997c6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 18 20:36:59 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 31 16:03:15 2012 -0400" }, "message": "selinuxfs: merge dentry allocation into sel_make_dir()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cdb0f9a1ad2ee3c11e21bc99f0c2021a02844666", "tree": "e4c2ea0b8c432645d1a28bdb694939b1e2891b30", "parents": [ "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:12:57 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: inline avc_audit() and avc_has_perm_noaudit() into caller\n\nNow that all the slow-path code is gone from these functions, we can\ninline them into the main caller - avc_has_perm_flags().\n\nNow the compiler can see that \u0027avc\u0027 is allocated on the stack for this\ncase, which helps register pressure a bit. It also actually shrinks the\ntotal stack frame, because the stack frame that avc_has_perm_flags()\nalways needed (for that \u0027avc\u0027 allocation) is now sufficient for the\ninlined functions too.\n\nInlining isn\u0027t bad - but mindless inlining of cold code (see the\nprevious commit) is.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a554bea89948dfb6d2f9c4c62ce2b12b2dac18ad", "tree": "f84e38fa7a54c1a678a14d7a65e583efac1cafa3", "parents": [ "fa2a4519cb6ad94224eb56a1341fff570fd44ea1" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 10:58:08 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 31 11:24:22 2012 -0700" }, "message": "selinux: don\u0027t inline slow-path code into avc_has_perm_noaudit()\n\nThe selinux AVC paths remain some of the hottest (and deepest) codepaths\nat filename lookup time, and we make it worse by having the slow path\ncases take up I$ and stack space even when they don\u0027t trigger. Gcc\ntends to always want to inline functions that are just called once -\nnever mind that this might make for slower and worse code in the caller.\n\nSo this tries to improve on it a bit by making the slow-path cases\nexplicitly separate functions that are marked noinline, causing gcc to\nat least no longer allocate stack space for them unless they are\nactually called. It also seems to help register allocation a tiny bit,\nsince gcc now doesn\u0027t take the slow case code into account.\n\nUninlining the slow path may also allow us to inline the remaining hot\npath into the one caller that actually matters: avc_has_perm_flags().\nI\u0027ll have to look at that separately, but both avc_audit() and\navc_has_perm_noaudit() are now small and lean enough that inlining them\nmay make sense.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a591afc01d9e48affbacb365558a31e53c85af45", "tree": "9bb91f4eb94ec69fc4706c4944788ec5f3586063", "parents": [ "820d41cf0cd0e94a5661e093821e2e5c6b36a9d8", "31796ac4e8f0e88f5c10f1ad6dab8f19bebe44a4" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 29 18:12:23 2012 -0700" }, "message": "Merge branch \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip\n\nPull x32 support for x86-64 from Ingo Molnar:\n \"This tree introduces the X32 binary format and execution mode for x86:\n 32-bit data space binaries using 64-bit instructions and 64-bit kernel\n syscalls.\n\n This allows applications whose working set fits into a 32 bits address\n space to make use of 64-bit instructions while using a 32-bit address\n space with shorter pointers, more compressed data structures, etc.\"\n\nFix up trivial context conflicts in arch/x86/{Kconfig,vdso/vma.c}\n\n* \u0027x86-x32-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (71 commits)\n x32: Fix alignment fail in struct compat_siginfo\n x32: Fix stupid ia32/x32 inversion in the siginfo format\n x32: Add ptrace for x32\n x32: Switch to a 64-bit clock_t\n x32: Provide separate is_ia32_task() and is_x32_task() predicates\n x86, mtrr: Use explicit sizing and padding for the 64-bit ioctls\n x86/x32: Fix the binutils auto-detect\n x32: Warn and disable rather than error if binutils too old\n x32: Only clear TIF_X32 flag once\n x32: Make sure TS_COMPAT is cleared for x32 tasks\n fs: Remove missed -\u003efds_bits from cessation use of fd_set structs internally\n fs: Fix close_on_exec pointer in alloc_fdtable\n x32: Drop non-__vdso weak symbols from the x32 VDSO\n x32: Fix coding style violations in the x32 VDSO code\n x32: Add x32 VDSO support\n x32: Allow x32 to be configured\n x32: If configured, add x32 system calls to system call tables\n x32: Handle process creation\n x32: Signal-related system calls\n x86: Add #ifdef CONFIG_COMPAT to \u003casm/sys_ia32.h\u003e\n ...\n" }, { "commit": "9ffc93f203c18a70623f21950f1dd473c9ec48cd", "tree": "1eb3536ae183b0bfbf7f5152a6fe4f430ae881c2", "parents": [ "96f951edb1f1bdbbc99b0cd458f9808bb83d58ae" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "message": "Remove all #inclusions of asm/system.h\n\nRemove all #inclusions of asm/system.h preparatory to splitting and killing\nit. Performed with the following command:\n\nperl -p -i -e \u0027s!^#\\s*include\\s*\u003casm/system[.]h\u003e.*\\n!!\u0027 `grep -Irl \u0027^#\\s*include\\s*\u003casm/system[.]h\u003e\u0027 *`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "778aae84ef694325662447eceba1a5f7d3eebdbb", "tree": "7bf3f7e682e220ce30afe3572332fb424a3761f2", "parents": [ "15e9b9b9ed268fa91e52c44d621f3d0296162d15" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Mar 26 16:38:47 2012 +0100" }, "message": "SELinux: selinux/xfrm.h needs net/flow.h\n\nselinux/xfrm.h needs to #include net/flow.h or else suffer:\n\nIn file included from security/selinux/ss/services.c:69:0:\nsecurity/selinux/include/xfrm.h: In function \u0027selinux_xfrm_notify_policyload\u0027:\nsecurity/selinux/include/xfrm.h:53:14: error: \u0027flow_cache_genid\u0027 undeclared (first use in this function)\nsecurity/selinux/include/xfrm.h:53:14: note: each undeclared identifier is reported only once for each function it appears in\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "48aab2f79dfc1357c48ce22ff5c989b52a590069", "tree": "7f690fe147bccc24b7a017845dbe9a99d7978b5f", "parents": [ "f7493e5d9cc10ac97cf1f1579fdc14117460b40b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Mar 22 17:01:41 2012 -0700" }, "message": "security: optimize avc_audit() common path\n\navc_audit() did a lot of jumping around and had a big stack frame, all\nfor the uncommon case.\n\nSplit up the uncommon case (which we really can\u0027t make go fast anyway)\ninto its own slow function, and mark the conditional branches\nappropriately for the common likely case.\n\nThis causes avc_audit() to no longer show up as one of the hottest\nfunctions on the branch profiles (the new \"perf -b\" thing), and makes\nthe cycle profiles look really nice and dense too.\n\nThe whole audit path is still annoyingly very much one of the biggest\ncosts of name lookup, so these things are worth optimizing for. I wish\nwe could just tell people to turn it off, but realistically we do need\nit: we just need to make sure that the overhead of the necessary evil is\nas low as possible.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1fd36adcd98c14d2fd97f545293c488775cb2823", "tree": "c13ab1934a15aebe0d81601d910ce5a3c6fa2c6f", "parents": [ "1dce27c5aa6770e9d195f2bb7db1db3d4dde5591" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Feb 16 17:49:54 2012 +0000" }, "committer": { "name": "H. Peter Anvin", "email": "hpa@zytor.com", "time": "Sun Feb 19 10:30:57 2012 -0800" }, "message": "Replace the fd_sets in struct fdtable with an array of unsigned longs\n\nReplace the fd_sets in struct fdtable with an array of unsigned longs and then\nuse the standard non-atomic bit operations rather than the FD_* macros.\n\nThis:\n\n (1) Removes the abuses of struct fd_set:\n\n (a) Since we don\u0027t want to allocate a full fd_set the vast majority of the\n \t time, we actually, in effect, just allocate a just-big-enough array of\n \t unsigned longs and cast it to an fd_set type - so why bother with the\n \t fd_set at all?\n\n (b) Some places outside of the core fdtable handling code (such as\n \t SELinux) want to look inside the array of unsigned longs hidden inside\n \t the fd_set struct for more efficient iteration over the entire set.\n\n (2) Eliminates the use of FD_*() macros in the kernel completely.\n\n (3) Permits the __FD_*() macros to be deleted entirely where not exposed to\n userspace.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nLink: http://lkml.kernel.org/r/20120216174954.23314.48147.stgit@warthog.procyon.org.uk\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4040153087478993cbf0809f444400a3c808074c", "tree": "2dc7af85b0cf930f1656553bd38410b8c16601a6", "parents": [ "191c542442fdf53cc3c496c00be13367fd9cd42d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Feb 13 03:58:52 2012 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 14 10:45:42 2012 +1100" }, "message": "security: trim security.h\n\nTrim security.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "e7691a1ce341c80ed9504244a36b31c025217391", "tree": "e9941bb350f64a726130e299c411821da6f41a53", "parents": [ "5cd9599bba428762025db6027764f1c59d0b1e1b", "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 10 21:51:23 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security: (32 commits)\n ima: fix invalid memory reference\n ima: free duplicate measurement memory\n security: update security_file_mmap() docs\n selinux: Casting (void *) value returned by kmalloc is useless\n apparmor: fix module parameter handling\n Security: tomoyo: add .gitignore file\n tomoyo: add missing rcu_dereference()\n apparmor: add missing rcu_dereference()\n evm: prevent racing during tfm allocation\n evm: key must be set once during initialization\n mpi/mpi-mpow: NULL dereference on allocation failure\n digsig: build dependency fix\n KEYS: Give key types their own lockdep class for key-\u003esem\n TPM: fix transmit_cmd error logic\n TPM: NSC and TIS drivers X86 dependency fix\n TPM: Export wait_for_stat for other vendor specific drivers\n TPM: Use vendor specific function for status probe\n tpm_tis: add delay after aborting command\n tpm_tis: Check return code from getting timeouts/durations\n tpm: Introduce function to poll for result of self test\n ...\n\nFix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI\nand SIGSIG next to CONFIG_DQL addition.\n" }, { "commit": "8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8", "tree": "a118eaef15d4ba22247f45ee01537ecc906cd161", "parents": [ "805a6af8dba5dfdd35ec35dc52ec0122400b2610", "7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 09 12:16:48 2012 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n\nConflicts:\n\tsecurity/integrity/evm/evm_crypto.c\n\nResolved upstream fix vs. next conflict manually.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "972b2c719990f91eb3b2310d44ef8a2d38955a14", "tree": "b25a250ec5bec4b7b6355d214642d8b57c5cab32", "parents": [ "02550d61f49266930e674286379d3601006b2893", "c3aa077648e147783a7a53b409578234647db853" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 12:19:57 2012 -0800" }, "message": "Merge branch \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\n* \u0027for-linus2\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (165 commits)\n reiserfs: Properly display mount options in /proc/mounts\n vfs: prevent remount read-only if pending removes\n vfs: count unlinked inodes\n vfs: protect remounting superblock read-only\n vfs: keep list of mounts for each superblock\n vfs: switch -\u003eshow_options() to struct dentry *\n vfs: switch -\u003eshow_path() to struct dentry *\n vfs: switch -\u003eshow_devname() to struct dentry *\n vfs: switch -\u003eshow_stats to struct dentry *\n switch security_path_chmod() to struct path *\n vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n vfs: trim includes a bit\n switch mnt_namespace -\u003eroot to struct mount\n vfs: take /proc/*/mounts and friends to fs/proc_namespace.c\n vfs: opencode mntget() mnt_set_mountpoint()\n vfs: spread struct mount - remaining argument of next_mnt()\n vfs: move fsnotify junk to struct mount\n vfs: move mnt_devname\n vfs: move mnt_list to struct mount\n vfs: switch pnode.h macros to struct mount *\n ...\n" }, { "commit": "d8c9584ea2a92879f471fd3a2be3af6c534fb035", "tree": "3541b9c6228f820bdc65e4875156eb27b1c91cb1", "parents": [ "ece2ccb668046610189d88d6aaf05aeb09c988a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 07 18:16:57 2011 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Jan 06 23:16:53 2012 -0500" }, "message": "vfs: prefer -\u003edentry-\u003ed_sb to -\u003emnt-\u003emnt_sb\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "69f594a38967f4540ce7a29b3fd214e68a8330bd", "tree": "dff25b5f5ef0736fb63b08729bec4ff57062c13f", "parents": [ "f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:15 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:00 2012 -0500" }, "message": "ptrace: do not audit capability check when outputing /proc/pid/stat\n\nReading /proc/pid/stat of another process checks if one has ptrace permissions\non that process. If one does have permissions it outputs some data about the\nprocess which might have security and attack implications. If the current\ntask does not have ptrace permissions the read still works, but those fields\nare filled with inocuous (0) values. Since this check and a subsequent denial\nis not a violation of the security policy we should not audit such denials.\n\nThis can be quite useful to removing ptrace broadly across a system without\nflooding the logs when ps is run or something which harmlessly walks proc.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\n" }, { "commit": "6a9de49115d5ff9871d953af1a5c8249e1585731", "tree": "eee3700ccc2ce26c566bfe99129e646fac9f983e", "parents": [ "2653812e14f4e16688ec8247d7fd290bdbbc4747" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:14 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:53 2012 -0500" }, "message": "capabilities: remove the task from capable LSM hook entirely\n\nThe capabilities framework is based around credentials, not necessarily the\ncurrent task. Yet we still passed the current task down into LSMs from the\nsecurity_capable() LSM hook as if it was a meaningful portion of the security\ndecision. This patch removes the \u0027generic\u0027 passing of current and instead\nforces individual LSMs to use current explicitly if they think it is\nappropriate. In our case those LSMs are SELinux and AppArmor.\n\nI believe the AppArmor use of current is incorrect, but that is wholely\nunrelated to this patch. This patch does not change what AppArmor does, it\njust makes it clear in the AppArmor code that it is doing it.\n\nThe SELinux code still uses current in it\u0027s audit message, which may also be\nwrong and needs further investigation. Again this is NOT a change, it may\nhave always been wrong, this patch just makes it clear what is happening.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2653812e14f4e16688ec8247d7fd290bdbbc4747", "tree": "dabb2238a76e000b37374c69901afd6f99479631", "parents": [ "02f5daa563456c1ff3c3422aa3ec00e67460f762" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:19:02 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:52 2012 -0500" }, "message": "selinux: sparse fix: fix several warnings in the security server cod\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "02f5daa563456c1ff3c3422aa3ec00e67460f762", "tree": "b2394602c587815aae9f1b07ac272302800d9288", "parents": [ "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:18:06 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:51 2012 -0500" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e8a65a3f67f8a85802c0a0250e48c4c4652d0da0", "tree": "4f9b55cac61209b6b4f15a1e20396a15a4444b11", "parents": [ "6063c0461b947c26a77674f33a3409eb99e15d2f" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:17:34 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6063c0461b947c26a77674f33a3409eb99e15d2f", "tree": "2ac98e4a0a5fa7f6da95e6c5978684da215b4277", "parents": [ "5c884c1d4ac955987e84acf2d36c0f160536aca4" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:12:13 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:50 2012 -0500" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5c884c1d4ac955987e84acf2d36c0f160536aca4", "tree": "a4d19da174e193a7844788846c53c25948ed2a54", "parents": [ "b46610caba4bd9263afd07c7ef7a79974550554a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:16:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:49 2012 -0500" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b46610caba4bd9263afd07c7ef7a79974550554a", "tree": "3f1edce9d24e9e7af2661ab4c2eeae744beb183c", "parents": [ "94d4ef0c2b3e6c799f78d223e233254a870c4559" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 14:11:24 2011 +1000" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:52:48 2012 -0500" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "dba19c6064766730dd64757a010ec3aec503ecdb", "tree": "2071835ccfcb169b6219be7d5a4692fcfdcbd2c5", "parents": [ "1b9d5ff7644ddf2723c9205f4726c95ec01bf033" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 25 20:49:29 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:12 2012 -0500" }, "message": "get rid of open-coded S_ISREG(), etc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a67aafb5f72a436ca044293309fa7e6351d6a35", "tree": "d9e58600148de9d41b478cf815773b746647d15b", "parents": [ "4acdaf27ebe2034c342f3be57ef49aed1ad885ef" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:52:52 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:54 2012 -0500" }, "message": "switch -\u003emknod() to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4acdaf27ebe2034c342f3be57ef49aed1ad885ef", "tree": "d89a876ee19cd88609a587f8aa6c464a52ee6d98", "parents": [ "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:42:34 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch -\u003ecreate() to umode_t\n\nvfs_create() ignores everything outside of 16bit subset of its\nmode argument; switching it to umode_t is obviously equivalent\nand it\u0027s the only caller of the method\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "18bb1db3e7607e4a997d50991a6f9fa5b0f8722c", "tree": "4ee4e584bc9a67f3ec14ce159d2d7d4a27e68d4a", "parents": [ "8208a22bb8bd3c52ef634b4ff194f14892ab1713" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 01:41:39 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:54:53 2012 -0500" }, "message": "switch vfs_mkdir() and -\u003emkdir() to umode_t\n\nvfs_mkdir() gets int, but immediately drops everything that might not\nfit into umode_t and that\u0027s the only caller of -\u003emkdir()...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "abb434cb0539fb355c1c921f8fd761efbbac3462", "tree": "24a7d99ec161f8fd4dc9ff03c9c4cc93be883ce6", "parents": [ "2494654d4890316e7340fb8b3458daad0474a1b9", "6350323ad8def2ac00d77cdee3b79c9b9fba75c4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 23 17:13:56 2011 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tnet/bluetooth/l2cap_core.c\n\nJust two overlapping changes, one added an initialization of\na local variable, and another change added a new local variable.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "50345f1ea9cda4618d9c26e590a97ecd4bc7ac75", "tree": "57b03dc68f894df468a3ca3c3929e1aff48bd6c2", "parents": [ "428f32817505f67992e8efe62d6a9c7cbb3f2498" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Dec 13 14:49:04 2011 +0000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Dec 21 11:28:56 2011 +1100" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "94d4ef0c2b3e6c799f78d223e233254a870c4559", "tree": "ffb88af7d64d99e6adfe8b78b2f3dc751447dc64", "parents": [ "c3b92c8787367a8bb53d57d9789b558f1295cc96" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Oct 05 12:19:19 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 20 14:38:53 2011 -0500" }, "message": "SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nFix the following bug in sel_netport_insert() where rcu_dereference() should\nbe rcu_dereference_protected() as sel_netport_lock is held.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious rcu_dereference_check() usage. ]\n---------------------------------------------------\nsecurity/selinux/netport.c:127 invoked rcu_dereference_check() without protection!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by ossec-rootcheck/3323:\n #0: (sel_netport_lock){+.....}, at: [\u003cffffffff8117d775\u003e] sel_netport_sid+0xbb/0x226\n\nstack backtrace:\nPid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095\nCall Trace:\n [\u003cffffffff8105cfb7\u003e] lockdep_rcu_dereference+0xa7/0xb0\n [\u003cffffffff8117d871\u003e] sel_netport_sid+0x1b7/0x226\n [\u003cffffffff8117d6ba\u003e] ? sel_netport_avc_callback+0xbc/0xbc\n [\u003cffffffff8117556c\u003e] selinux_socket_bind+0x115/0x230\n [\u003cffffffff810a5388\u003e] ? might_fault+0x4e/0x9e\n [\u003cffffffff810a53d1\u003e] ? might_fault+0x97/0x9e\n [\u003cffffffff81171cf4\u003e] security_socket_bind+0x11/0x13\n [\u003cffffffff812ba967\u003e] sys_bind+0x56/0x95\n [\u003cffffffff81380dac\u003e] ? sysret_check+0x27/0x62\n [\u003cffffffff8105b767\u003e] ? trace_hardirqs_on_caller+0x11e/0x155\n [\u003cffffffff81076fcd\u003e] ? audit_syscall_entry+0x17b/0x1ae\n [\u003cffffffff811b5eae\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff81380d7b\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2ff6fa8fafd6fa94029fa0558a6b85956930f1f5", "tree": "b9e12bb9ef1a92c68bb459ae82fa4e76629bcfca", "parents": [ "b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb" ], "author": { "name": "Thomas Meyer", "email": "thomas@m3y3r.de", "time": "Thu Nov 17 23:43:40 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 19 11:23:56 2011 +1100" }, "message": "selinux: Casting (void *) value returned by kmalloc is useless\n\nThe semantic patch that makes this change is available\nin scripts/coccinelle/api/alloc/drop_kmalloc_cast.cocci.\n\nSigned-off-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7f1fb60c4fc9fb29fbb406ac8c4cfb4e59e168d6", "tree": "c099fd6899f382c439e29aed54c912ee95453324", "parents": [ "d5f43c1ea4260807a894150b680fa0a0dd386259" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Dec 06 07:56:43 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Dec 06 13:57:36 2011 -0500" }, "message": "inet_diag: Partly rename inet_ to sock_\n\nThe ultimate goal is to get the sock_diag module, that works in\nfamily+protocol terms. Currently this is suitable to do on the\ninet_diag basis, so rename parts of the code. It will be moved\nto sock_diag.c later.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "75f2811c6460ccc59d83c66059943ce9c9f81a18", "tree": "49373cf5f5b11358aeb587209ad270496f751609", "parents": [ "396cf9430505cfba529a2f2a037d782719fa5844" ], "author": { "name": "Jesse Gross", "email": "jesse@nicira.com", "time": "Wed Nov 30 17:05:51 2011 -0800" }, "committer": { "name": "Jesse Gross", "email": "jesse@nicira.com", "time": "Sat Dec 03 09:35:10 2011 -0800" }, "message": "ipv6: Add fragment reporting to ipv6_skip_exthdr().\n\nWhile parsing through IPv6 extension headers, fragment headers are\nskipped making them invisible to the caller. This reports the\nfragment offset of the last header in order to make it possible to\ndetermine whether the packet is fragmented and, if so whether it is\na first or last fragment.\n\nSigned-off-by: Jesse Gross \u003cjesse@nicira.com\u003e\n" }, { "commit": "4e3fd7a06dc20b2d8ec6892233ad2012968fe7b6", "tree": "da3fbec7672ac6b967dfa31cec6c88f468a57fa2", "parents": [ "40ba84993d66469d336099c5af74c3da5b73e28d" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Nov 21 03:39:03 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 22 16:43:32 2011 -0500" }, "message": "net: remove ipv6_addr_copy()\n\nC assignment can handle struct in6_addr copying.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "24942c8e5cc8696064ee207ff29d4cf21f70dafc", "tree": "08a8221eb72ec3da7746d7d76f6f5915ce77cde7", "parents": [ "e163bc8e4a0cd1cdffadb58253f7651201722d56", "ff0ff78068dd8a962358dbbdafa9d6f24540d3e5" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 12:39:48 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v3.2-rc2\u0027 into next\n" }, { "commit": "af7ff2c2c45e6c6d533dd968709732da3d1d48f8", "tree": "5c3809af634ee633d351c04d7201324d7da4ca82", "parents": [ "59df3166ef293288d164ab3362a717743e62d20c" ], "author": { "name": "Andy Shevchenko", "email": "andriy.shevchenko@linux.intel.com", "time": "Tue Nov 15 15:11:41 2011 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Nov 16 11:30:26 2011 +1100" }, "message": "selinuxfs: remove custom hex_to_bin()\n\nSigned-off-by: Andy Shevchenko \u003candriy.shevchenko@linux.intel.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "44fc7ea0bfe9143551649a42eb35f1460566c3c5", "tree": "7cfceedba653c69db90912427d140da996ab4f09", "parents": [ "a6ee87790b708dc4cdd3643104417793f0d985ec" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Thu May 26 20:52:10 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 19:31:32 2011 -0400" }, "message": "selinux: Add export.h to files using EXPORT_SYMBOL/THIS_MODULE\n\nThe pervasive, but implicit presence of \u003clinux/module.h\u003e meant\nthat things like this file would happily compile as-is. But\nwith the desire to phase out the module.h being included everywhere,\npoint this file at export.h which will give it THIS_MODULE and\nthe EXPORT_SYMBOL variants.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "7b98a5857c3fa86cb0a7e5f893643491a8b5b425", "tree": "9e8b83d35a9c70f2c02853de808184871df3aba9", "parents": [ "0ff53f5ddbaebeac1c2735125901275acc1fecc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:52:32 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: fix several warnings in the security server code\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0ff53f5ddbaebeac1c2735125901275acc1fecc6", "tree": "7ceff5b004c1ae4e873002dc59be1ae6c4e7de14", "parents": [ "6a3fbe81179c85eb53054a0f4c8423ffec0276a7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:36:39 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: include selinux.h in exports.c\n\nFix warning:\nsecurity/selinux/exports.c:18:6: warning: symbol \u0027selinux_is_enabled\u0027 was not declared. Should it be static?\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a3fbe81179c85eb53054a0f4c8423ffec0276a7", "tree": "b281fee66a005236bbdedf5f22eeacc37669ba4a", "parents": [ "ad3fa08c4ff84ed87649d72e8497735c85561a3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:09:15 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:31 2011 -0700" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ad3fa08c4ff84ed87649d72e8497735c85561a3d", "tree": "e6f22e6d42cf52c689e983be42b9292180564446", "parents": [ "d5813a571876c72766f125b1c6e63414f6822c28" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 10:50:12 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:30 2011 -0700" }, "message": "selinux: sparse fix: eliminate warnings for selinuxfs\n\nFixes several sparse warnings for selinuxfs.c\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "58982b74832917405a483a22beede729e3175376", "tree": "fc6fa24b9cf15490de54501125ac08049abb5ea0", "parents": [ "cc59a582d6081b296e481b8bc9676b5c2faad818" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:17:14 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: declare selinux_disable() in security.h\n\nSparse fix: declare selinux_disable() in security.h\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc59a582d6081b296e481b8bc9676b5c2faad818", "tree": "5ed00269cea7ffef573c78e854a6369a32842437", "parents": [ "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:13:31 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8", "tree": "ff238902759365d93b9ca8739f370fd3ba0f8659", "parents": [ "3417d8d5d4d584bd73e2f6265f7a06b51e4a70a1" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:08:43 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:25 2011 -0700" }, "message": "selinux: sparse fix: make selinux_secmark_refcount static\n\nSparse fix: make selinux_secmark_refcount static.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82c21bfab41a77bc01affe21bea9727d776774a7", "tree": "b0c5850be07c7f6d747df389f8f15780887da630", "parents": [ "87a0874cf19f1bc9bd25bd7d053a0ea25ccf8373" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Aug 01 11:10:33 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Aug 01 17:58:33 2011 -0700" }, "message": "doc: Update the email address for Paul Moore in various source files\n\nMy @hp.com will no longer be valid starting August 5, 2011 so an update is\nnecessary. My new email address is employer independent so we don\u0027t have\nto worry about doing this again any time soon.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "60063497a95e716c9a689af3be2687d261f115b4", "tree": "6ce0d68db76982c53df46aee5f29f944ebf2c320", "parents": [ "148817ba092f9f6edd35bad3c6c6b8e8f90fe2ed" ], "author": { "name": "Arun Sharma", "email": "asharma@fb.com", "time": "Tue Jul 26 16:09:06 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 26 16:49:47 2011 -0700" }, "message": "atomic: use \u003clinux/atomic.h\u003e\n\nThis allows us to move duplicated code in \u003casm/atomic.h\u003e\n(atomic_inc_not_zero() for now) to \u003clinux/atomic.h\u003e\n\nSigned-off-by: Arun Sharma \u003casharma@fb.com\u003e\nReviewed-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nCc: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "423e0ab086ad8b33626e45fa94ac7613146b7ffa", "tree": "249c9337a02254fe5dbede7436f78dfcc1ec508f", "parents": [ "bbd9d6f7fbb0305c9a592bf05a32e87eb364a4ff" ], "author": { "name": "Tim Chen", "email": "tim.c.chen@linux.intel.com", "time": "Tue Jul 19 09:32:38 2011 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 24 10:08:32 2011 -0400" }, "message": "VFS : mount lock scalability for internal mounts\n\nFor a number of file systems that don\u0027t have a mount point (e.g. sockfs\nand pipefs), they are not marked as long term. Therefore in\nmntput_no_expire, all locks in vfs_mount lock are taken instead of just\nlocal cpu\u0027s lock to aggregate reference counts when we release\nreference to file objects. In fact, only local lock need to have been\ntaken to update ref counts as these file systems are in no danger of\ngoing away until we are ready to unregister them.\n\nThe attached patch marks file systems using kern_mount without\nmount point as long term. The contentions of vfs_mount lock\nis now eliminated. Before un-registering such file system,\nkern_unmount should be called to remove the long term flag and\nmake the mount point ready to be freed.\n\nSigned-off-by: Tim Chen \u003ctim.c.chen@linux.intel.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bbd9d6f7fbb0305c9a592bf05a32e87eb364a4ff", "tree": "12b2bb4202b05f6ae6a43c6ce830a0472043dbe5", "parents": [ "8e204874db000928e37199c2db82b7eb8966cc3c", "5a9a43646cf709312d71eca71cef90ad802f28f9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 19:02:39 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 19:02:39 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (107 commits)\n vfs: use ERR_CAST for err-ptr tossing in lookup_instantiate_filp\n isofs: Remove global fs lock\n jffs2: fix IN_DELETE_SELF on overwriting rename() killing a directory\n fix IN_DELETE_SELF on overwriting rename() on ramfs et.al.\n mm/truncate.c: fix build for CONFIG_BLOCK not enabled\n fs:update the NOTE of the file_operations structure\n Remove dead code in dget_parent()\n AFS: Fix silly characters in a comment\n switch d_add_ci() to d_splice_alias() in \"found negative\" case as well\n simplify gfs2_lookup()\n jfs_lookup(): don\u0027t bother with . or ..\n get rid of useless dget_parent() in btrfs rename() and link()\n get rid of useless dget_parent() in fs/btrfs/ioctl.c\n fs: push i_mutex and filemap_write_and_wait down into -\u003efsync() handlers\n drivers: fix up various -\u003ellseek() implementations\n fs: handle SEEK_HOLE/SEEK_DATA properly in all fs\u0027s that define their own llseek\n Ext4: handle SEEK_HOLE/SEEK_DATA generically\n Btrfs: implement our own -\u003ellseek\n fs: add SEEK_HOLE and SEEK_DATA flags\n reiserfs: make reiserfs default to barrier\u003dflush\n ...\n\nFix up trivial conflicts in fs/xfs/linux-2.6/xfs_super.c due to the new\nshrinker callout for the inode cache, that clashed with the xfs code to\nstart the periodic workers later.\n" }, { "commit": "0342cbcfced2ee937d7c8e1c63f3d3082da7c7dc", "tree": "fb98291d321a50de2dfd99f9bcaa33274f0c3952", "parents": [ "391d6276db9fbdedfbc30e1b56390414f0e55988", "7f70893173b056df691b2ee7546bb44fd9abae6a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 16:44:08 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 16:44:08 2011 -0700" }, "message": "Merge branch \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip\n\n* \u0027core-rcu-for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:\n rcu: Fix wrong check in list_splice_init_rcu()\n net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu()\n sysctl,rcu: Convert call_rcu(free_head) to kfree\n vmalloc,rcu: Convert call_rcu(rcu_free_vb) to kfree_rcu()\n vmalloc,rcu: Convert call_rcu(rcu_free_va) to kfree_rcu()\n ipc,rcu: Convert call_rcu(ipc_immediate_free) to kfree_rcu()\n ipc,rcu: Convert call_rcu(free_un) to kfree_rcu()\n security,rcu: Convert call_rcu(sel_netport_free) to kfree_rcu()\n security,rcu: Convert call_rcu(sel_netnode_free) to kfree_rcu()\n ia64,rcu: Convert call_rcu(sn_irq_info_free) to kfree_rcu()\n block,rcu: Convert call_rcu(disk_free_ptbl_rcu_cb) to kfree_rcu()\n scsi,rcu: Convert call_rcu(fc_rport_free_rcu) to kfree_rcu()\n audit_tree,rcu: Convert call_rcu(__put_tree) to kfree_rcu()\n security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu()\n md,rcu: Convert call_rcu(free_conf) to kfree_rcu()\n" }, { "commit": "8209f53d79444747782a28520187abaf689761f2", "tree": "726270ea29e037f026d77a99787b9d844531ac42", "parents": [ "22a3b9771117d566def0150ea787fcc95f16e724", "eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 22 15:06:50 2011 -0700" }, "message": "Merge branch \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc\n\n* \u0027ptrace\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc: (39 commits)\n ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever\n ptrace: fix ptrace_signal() \u0026\u0026 STOP_DEQUEUED interaction\n connector: add an event for monitoring process tracers\n ptrace: dont send SIGSTOP on auto-attach if PT_SEIZED\n ptrace: mv send-SIGSTOP from do_fork() to ptrace_init_task()\n ptrace_init_task: initialize child-\u003ejobctl explicitly\n has_stopped_jobs: s/task_is_stopped/SIGNAL_STOP_STOPPED/\n ptrace: make former thread ID available via PTRACE_GETEVENTMSG after PTRACE_EVENT_EXEC stop\n ptrace: wait_consider_task: s/same_thread_group/ptrace_reparented/\n ptrace: kill real_parent_is_ptracer() in in favor of ptrace_reparented()\n ptrace: ptrace_reparented() should check same_thread_group()\n redefine thread_group_leader() as exit_signal \u003e\u003d 0\n do not change dead_task-\u003eexit_signal\n kill task_detached()\n reparent_leader: check EXIT_DEAD instead of task_detached()\n make do_notify_parent() __must_check, update the callers\n __ptrace_detach: avoid task_detached(), check do_notify_parent()\n kill tracehook_notify_death()\n make do_notify_parent() return bool\n ptrace: s/tracehook_tracer_task()/ptrace_parent()/\n ...\n" }, { "commit": "449a68cc656fddeda448e324c57062a19cf451b9", "tree": "d192d6582aa8a93f8e84d3b1784340c03b9d0b0e", "parents": [ "9801c60e99ed76c5730fb290c00bfad12a419972" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:05:57 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 14:10:15 2011 -0700" }, "message": "security,rcu: Convert call_rcu(sel_netport_free) to kfree_rcu()\n\nThe rcu callback sel_netport_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(sel_netport_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "9801c60e99ed76c5730fb290c00bfad12a419972", "tree": "4c010680b33015e237f0761a3a3c79d180f13857", "parents": [ "f218a7ee7a1c37058eef4bb5fefff9bdb0f52766" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Fri Mar 18 12:05:22 2011 +0800" }, "committer": { "name": "Paul E. McKenney", "email": "paulmck@linux.vnet.ibm.com", "time": "Wed Jul 20 14:10:14 2011 -0700" }, "message": "security,rcu: Convert call_rcu(sel_netnode_free) to kfree_rcu()\n\nThe rcu callback sel_netnode_free() just calls a kfree(),\nso we use kfree_rcu() instead of the call_rcu(sel_netnode_free).\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nReviewed-by: Josh Triplett \u003cjosh@joshtriplett.org\u003e\n" }, { "commit": "cf1dd1dae851ce5765cda5de16aa965eef7c2dbf", "tree": "5ee564e56eca307701ce155e30a2cbb05b9937e3", "parents": [ "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:44:08 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:27 2011 -0400" }, "message": "selinux: don\u0027t transliterate MAY_NOT_BLOCK to IPERM_FLAG_RCU\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e74f71eb78a4a8b9eaf1bc65f20f761648e85f76", "tree": "7bc7fc1344f5ed6e3ce8132b36125ef5cec6407c", "parents": [ "10556cb21a0d0b24d95f00ea6df16f599a3345b2" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jun 20 19:38:15 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:43:26 2011 -0400" }, "message": "-\u003epermission() sanitizing: don\u0027t pass flags to -\u003einode_permission()\n\npass that via mask instead.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "06d984737bac0545fe20bb5447ee488b95adb531", "tree": "b8d89d21a53c28a025dd42598bc3406e25db5ba8", "parents": [ "4b9d33e6d83cc05a8005a8f9a8b9677fa0f53626" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Fri Jun 17 16:50:40 2011 +0200" }, "committer": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Jun 22 19:26:29 2011 +0200" }, "message": "ptrace: s/tracehook_tracer_task()/ptrace_parent()/\n\ntracehook.h is on the way out. Rename tracehook_tracer_task() to\nptrace_parent() and move it from tracehook.h to ptrace.h.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: John Johansen \u003cjohn.johansen@canonical.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\n" }, { "commit": "82b88bb24e28dd4fb4bec30e75412f41326130f0", "tree": "61b1d0eb6ae6059e879571517a0f36bcffdabf34", "parents": [ "60b8b1de0dd2bf246f0e074d287bb3f0bc42a755", "ded509880f6a0213b09f8ae7bef84acb16eaccbf" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 15 09:41:48 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 15 09:41:48 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "ded509880f6a0213b09f8ae7bef84acb16eaccbf", "tree": "ac8819a1b23a13b0f04ca34ab2983040c9d66e99", "parents": [ "0f7e4c33eb2c40b1e9cc24d2eab6de5921bc619c" ], "author": { "name": "Roy.Li", "email": "rongqing.li@windriver.com", "time": "Fri May 20 10:38:06 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jun 14 12:58:51 2011 -0400" }, "message": "SELinux: skip file_name_trans_write() when policy downgraded.\n\nWhen policy version is less than POLICYDB_VERSION_FILENAME_TRANS,\nskip file_name_trans_write().\n\nSigned-off-by: Roy.Li \u003crongqing.li@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "95f4efb2d78661065aaf0be57f5bf00e4d2aea1d", "tree": "e344402e6428194515a0550ef30cf7cb8eeb0fdf", "parents": [ "4c1f683a4a343808536a5617ede85dfc34430472" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 08 15:11:56 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 08 15:11:56 2011 -0700" }, "message": "selinux: simplify and clean up inode_has_perm()\n\nThis is a rather hot function that is called with a potentially NULL\n\"struct common_audit_data\" pointer argument. And in that case it has to\nprovide and initialize its own dummy common_audit_data structure.\n\nHowever, all the _common_ cases already pass it a real audit-data\nstructure, so that uncommon NULL case not only creates a silly run-time\ntest, more importantly it causes that function to have a big stack frame\nfor the dummy variable that isn\u0027t even used in the common case!\n\nSo get rid of that stupid run-time behavior, and make the (few)\nfunctions that currently call with a NULL pointer just call a new helper\nfunction instead (naturally called inode_has_perm_noapd(), since it has\nno adp argument).\n\nThis makes the run-time test be a static code generation issue instead,\nand allows for a much denser stack since none of the common callers need\nthe dummy structure. And a denser stack not only means less stack space\nusage, it means better cache behavior. So we have a win-win-win from\nthis simplification: less code executed, smaller stack footprint, and\nbetter cache behavior.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f01e1af445fac107e91d62a2d59dd535f633810b", "tree": "f5da7e4162f0a6f4bb50e4cb41f6a06c672f66b0", "parents": [ "bc9bc72e2f9bb07384c00604d1a40d0b5f62be6c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 24 13:48:51 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 18:13:57 2011 -0700" }, "message": "selinux: don\u0027t pass in NULL avd to avc_has_perm_noaudit\n\nRight now security_get_user_sids() will pass in a NULL avd pointer to\navc_has_perm_noaudit(), which then forces that function to have a dummy\nentry for that case and just generally test it.\n\nDon\u0027t do it. The normal callers all pass a real avd pointer, and this\nhelper function is incredibly hot. So don\u0027t make avc_has_perm_noaudit()\ndo conditional stuff that isn\u0027t needed for the common case.\n\nThis also avoids some duplicated stack space.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0f7e4c33eb2c40b1e9cc24d2eab6de5921bc619c", "tree": "793c5f834751215dfc93b05540fa9ed46c64ee07", "parents": [ "ea77f7a2e8561012cf100c530170f12351c3b53e" ], "author": { "name": "Kohei Kaigai", "email": "Kohei.Kaigai@emea.nec.com", "time": "Thu May 26 14:59:25 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 26 17:20:53 2011 -0400" }, "message": "selinux: fix case of names with whitespace/multibytes on /selinux/create\n\nI submit the patch again, according to patch submission convension.\n\nThis patch enables to accept percent-encoded object names as forth\nargument of /selinux/create interface to avoid possible bugs when we\ngive an object name including whitespace or multibutes.\n\nE.g) if and when a userspace object manager tries to create a new object\n named as \"resolve.conf but fake\", it shall give this name as the forth\n argument of the /selinux/create. But sscanf() logic in kernel space\n fetches only the part earlier than the first whitespace.\n In this case, selinux may unexpectedly answer a default security context\n configured to \"resolve.conf\", but it is bug.\n\nAlthough I could not test this patch on named TYPE_TRANSITION rules\nactually, But debug printk() message seems to me the logic works\ncorrectly.\nI assume the libselinux provides an interface to apply this logic\ntransparently, so nothing shall not be changed from the viewpoint of\napplication.\n\nSigned-off-by: KaiGai Kohei \u003ckohei.kaigai@emea.nec.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ea77f7a2e8561012cf100c530170f12351c3b53e", "tree": "7302ac1064f4e364aadda84020a176804fb86e22", "parents": [ "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e", "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 26 17:20:14 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 26 17:20:14 2011 -0400" }, "message": "Merge commit \u0027v2.6.39\u0027 into 20110526\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n" }, { "commit": "b7b57551bbda1390959207f79f2038aa7adb72ae", "tree": "d591a08e7e45615b51d8b5ee1634a29920f62c3f", "parents": [ "434d42cfd05a7cc452457a81d2029540cba12150", "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n\nManually resolve conflicts.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "57d19e80f459dd845fb3cfeba8e6df8471bac142", "tree": "8254766715720228db3d50f1ef3c7fe003c06d65", "parents": [ "ee9ec4f82049c678373a611ce20ac67fe9ad836e", "e64851f5a0ad6ec991f74ebb3108c35aa0323d5f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 23 09:12:26 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon May 23 09:12:26 2011 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)\n b43: fix comment typo reqest -\u003e request\n Haavard Skinnemoen has left Atmel\n cris: typo in mach-fs Makefile\n Kconfig: fix copy/paste-ism for dell-wmi-aio driver\n doc: timers-howto: fix a typo (\"unsgined\")\n perf: Only include annotate.h once in tools/perf/util/ui/browsers/annotate.c\n md, raid5: Fix spelling error in comment (\u0027Ofcourse\u0027 --\u003e \u0027Of course\u0027).\n treewide: fix a few typos in comments\n regulator: change debug statement be consistent with the style of the rest\n Revert \"arm: mach-u300/gpio: Fix mem_region resource size miscalculations\"\n audit: acquire creds selectively to reduce atomic op overhead\n rtlwifi: don\u0027t touch with treewide double semicolon removal\n treewide: cleanup continuations and remove logging message whitespace\n ath9k_hw: don\u0027t touch with treewide double semicolon removal\n include/linux/leds-regulator.h: fix syntax in example code\n tty: fix typo in descripton of tty_termios_encode_baud_rate\n xtensa: remove obsolete BKL kernel option from defconfig\n m68k: fix comment typo \u0027occcured\u0027\n arch:Kconfig.locks Remove unused config option.\n treewide: remove extra semicolons\n ...\n" }, { "commit": "257313b2a87795e07a0bdf58d0fffbdba8b31051", "tree": "ff5043526b0381cdc1f1f68d3c6f8ed3635e0ddb", "parents": [ "044aea9b83614948c98564000db07d1d32b2d29b" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 21:22:53 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 19 21:22:53 2011 -0700" }, "message": "selinux: avoid unnecessary avc cache stat hit count\n\nThere is no point in counting hits - we can calculate it from the number\nof lookups and misses.\n\nThis makes the avc statistics a bit smaller, and makes the code\ngeneration better too.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ], "next": "044aea9b83614948c98564000db07d1d32b2d29b" }