)]}' { "log": [ { "commit": "f7b6983f0feeefcd2a594138adcffe640593d8de", "tree": "41878fad9f0f0306718fa832eac7dfa76f51222d", "parents": [ "41a49cc3c02ace59d4dddae91ea211c330970ee3" ], "author": { "name": "Masahide NAKAMURA", "email": "nakam@linux-ipv6.org", "time": "Wed Aug 23 22:49:28 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 15:08:35 2006 -0700" }, "message": "[XFRM] POLICY: Support netlink socket interface for sub policy.\n\nSub policy can be used through netlink socket.\nPF_KEY uses main only and it is TODO to support sub.\n\nSigned-off-by: Masahide NAKAMURA \u003cnakam@linux-ipv6.org\u003e\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7e49e6de30efa716614e280d97963c570f3acf29", "tree": "8eaef9d40300d16a7675722e082c5d8ab2a53d40", "parents": [ "77d16f450ae0452d7d4b009f78debb1294fb435c" ], "author": { "name": "Masahide NAKAMURA", "email": "nakam@linux-ipv6.org", "time": "Fri Sep 22 15:05:15 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 22 15:05:15 2006 -0700" }, "message": "[XFRM]: Add XFRM_MODE_xxx for future use.\n\nTransformation mode is used as either IPsec transport or tunnel.\nIt is required to add two more items, route optimization and inbound trigger\nfor Mobile IPv6.\nBased on MIPL2 kernel patch.\n\nThis patch was also written by: Ville Nuorvala \u003cvnuorval@tcs.hut.fi\u003e\n\nSigned-off-by: Masahide NAKAMURA \u003cnakam@linux-ipv6.org\u003e\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cb969f072b6d67770b559617f14e767f47e77ece", "tree": "4112eb0182e8b3e28b42aebaa40ca25454fc6b76", "parents": [ "beb8d13bed80f8388f1a9a107d07ddd342e627e8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:32:20 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:28 2006 -0700" }, "message": "[MLSXFRM]: Default labeling of socket specific IPSec policies\n\nThis defaults the label of socket-specific IPSec policies to be the\nsame as the socket they are set on.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4e2ba18eae7f370c7c3ed96eaca747cc9b39f917", "tree": "9165d8c0fea650e3cf226d4e0bb3c153978f8ae0", "parents": [ "0d681623d30c6565e8b62889f3aa3f4d4662c3e8" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@TrustedCS.com", "time": "Mon Jul 24 23:31:14 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Fri Sep 22 14:53:26 2006 -0700" }, "message": "[MLSXFRM]: Add security context to acquire messages using PF_KEY\n\nThis includes the security context of a security association created\nfor use by IKE in the acquire messages sent to IKE daemons using\nPF_KEY. This would allow the daemons to include the security context\nin the negotiation, so that the resultant association is unique to\nthat security context.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6ab3d5624e172c553004ecc862bfeac16d9d68b7", "tree": "6d98881fe91fd9583c109208d5c27131b93fa248", "parents": [ "e02169b682bc448ccdc819dc8639ed34a23cedd8" ], "author": { "name": "Jörn Engel", "email": "joern@wohnheim.fh-wedel.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "committer": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Fri Jun 30 19:25:36 2006 +0200" }, "message": "Remove obsolete #include \u003clinux/config.h\u003e\n\nSigned-off-by: Jörn Engel \u003cjoern@wohnheim.fh-wedel.de\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\n" }, { "commit": "c8c05a8eec6f1258f6d5cb71a44ee5dc1e989b63", "tree": "b4a04dd9e2b940cb5b2911fb67fbe49c5f8b3fbf", "parents": [ "cec6f7f39c3db7d9f6091bf2f8fc8d520f372719" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Thu Jun 08 23:39:49 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jun 17 21:29:45 2006 -0700" }, "message": "[LSM-IPsec]: SELinux Authorize\n\nThis patch contains a fix for the previous patch that adds security\ncontexts to IPsec policies and security associations. In the previous\npatch, no authorization (besides the check for write permissions to\nSAD and SPD) is required to delete IPsec policies and security\nassocations with security contexts. Thus a user authorized to change\nSAD and SPD can bypass the IPsec policy authorization by simply\ndeleteing policies with security contexts. To fix this security hole,\nan additional authorization check is added for removing security\npolicies and security associations with security contexts.\n\nNote that if no security context is supplied on add or present on\npolicy to be deleted, the SELinux module allows the change\nunconditionally. The hook is called on deletion when no context is\npresent, which we may want to change. At present, I left it up to the\nmodule.\n\nLSM changes:\n\nThe patch adds two new LSM hooks: xfrm_policy_delete and\nxfrm_state_delete. The new hooks are necessary to authorize deletion\nof IPsec policies that have security contexts. The existing hooks\nxfrm_policy_free and xfrm_state_free lack the context to do the\nauthorization, so I decided to split authorization of deletion and\nmemory management of security data, as is typical in the LSM\ninterface.\n\nUse:\n\nThe new delete hooks are checked when xfrm_policy or xfrm_state are\ndeleted by either the xfrm_user interface (xfrm_get_policy,\nxfrm_del_sa) or the pfkey interface (pfkey_spddelete, pfkey_delete).\n\nSELinux changes:\n\nThe new policy_delete and state_delete functions are added.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4a3e2f711a00a1feb72ae12fdc749da10179d185", "tree": "76ced9d3270dea4b864da71fa1d4415d2e3c8b11", "parents": [ "d4ccd08cdfa8d34f4d25b62041343c52fc79385f" ], "author": { "name": "Arjan van de Ven", "email": "arjan@infradead.org", "time": "Mon Mar 20 22:33:17 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:33:17 2006 -0800" }, "message": "[NET] sem2mutex: net/\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d51d081d65048a7a6f9956a7809c3bb504f3b95d", "tree": "55c62e9f6ff96d131a3ba59090d76209b68051ae", "parents": [ "9500e8a81fe6302fcc5e4110adc4d166c9873d3a" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:16:12 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:16:12 2006 -0800" }, "message": "[IPSEC]: Sync series - user\n\nAdd xfrm as the user of the core changes\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "21380b81ef8699179b535e197a95b891a7badac7", "tree": "1a6be9864cabbed59db6357b2f0244413acac4c4", "parents": [ "85259878499d6c428cba191bb4e415a250dcd75a" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Feb 22 14:47:13 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Feb 23 16:10:53 2006 -0800" }, "message": "[XFRM]: Eliminate refcounting confusion by creating __xfrm_state_put().\n\nWe often just do an atomic_dec(\u0026x-\u003erefcnt) on an xfrm_state object\nbecause we know there is more than 1 reference remaining and thus\nwe can elide the heavier xfrm_state_put() call.\n\nDo this behind an inline function called __xfrm_state_put() so that is\nmore obvious and also to allow us to more cleanly add refcount\ndebugging later.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "151bb0ffe51514979abf54063bb5c1dd49365137", "tree": "b8d3465f3a9f682640589395befae5e475168b64", "parents": [ "cabcac0b296cd9683bc168d60839729b720dc2b7" ], "author": { "name": "Jerome Borsboom", "email": "j.borsboom@erasmusmc.nl", "time": "Tue Jan 24 12:57:19 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jan 24 12:57:19 2006 -0800" }, "message": "[AF_KEY]: no message type set\n\nWhen returning a message to userspace in reply to a SADB_FLUSH or \nSADB_X_SPDFLUSH message, the type was not set for the returned PFKEY \nmessage. The patch below corrects this problem.\n\nSigned-off-by: Jerome Borsboom \u003cj.borsboom@erasmusmc.nl\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4fc268d24ceb9f4150777c1b5b2b8e6214e56b2b", "tree": "d2aaf0b5986b03e6129ed3ccd65b9f706cd59c7f", "parents": [ "16f7e0fe2ecc30f30652e8185e1772cdebe39109" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Wed Jan 11 12:17:47 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Jan 11 18:42:14 2006 -0800" }, "message": "[PATCH] capable/capability.h (net/)\n\nnet: Use \u003clinux/capability.h\u003e where capable() is used.\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "09a626600b437d91f6b13ade5c7c4b374893c54e", "tree": "a6de3c2a33b7d896cd22a3fe799d1b40d28daf40", "parents": [ "4bba3925924148c24fb0c7636a04ad69a6a56b84" ], "author": { "name": "Kris Katterjohn", "email": "kjak@users.sourceforge.net", "time": "Sun Jan 08 22:24:28 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Jan 09 14:16:18 2006 -0800" }, "message": "[NET]: Change some \"if (x) BUG();\" to \"BUG_ON(x);\"\n\nThis changes some simple \"if (x) BUG();\" statements to \"BUG_ON(x);\"\n\nSigned-off-by: Kris Katterjohn \u003ckjak@users.sourceforge.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "90ddc4f0470427df306f308ad03db6b6b21644b8", "tree": "f97c1d57b25585394ebbd4b42b8d42a339f98644", "parents": [ "77d76ea310b50a9c8ff15bd290fcb4ed4961adf2" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Thu Dec 22 12:49:22 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:11:15 2006 -0800" }, "message": "[NET]: move struct proto_ops to const\n\nI noticed that some of \u0027struct proto_ops\u0027 used in the kernel may share\na cache line used by locks or other heavily modified data. (default\nlinker alignement is 32 bytes, and L1_CACHE_LINE is 64 or 128 at\nleast)\n\nThis patch makes sure a \u0027struct proto_ops\u0027 can be declared as const,\nso that all cpus can share all parts of it without false sharing.\n\nThis is not mandatory : a driver can still use a read/write structure\nif it needs to (and eventually a __read_mostly)\n\nI made a global stubstitute to change all existing occurences to make\nthem const.\n\nThis should reduce the possibility of false sharing on SMP, and\nspeedup some socket system calls.\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "df71837d5024e2524cd51c93621e558aa7dd9f3f", "tree": "58938f1d46f3c6713b63e5a785e82fdbb10121a1", "parents": [ "88026842b0a760145aa71d69e74fbc9ec118ca44" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:27 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:24 2006 -0800" }, "message": "[LSM-IPSec]: Security association restriction.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the XFRM subsystem,\npfkey interface, ipv4/ipv6, and xfrm_user interface to restrict a\nsocket to use only authorized security associations (or no security\nassociation) to send/receive network packets.\n\nPatch purpose:\n\nThe patch is designed to enable access control per packets based on\nthe strongly authenticated IPSec security association. Such access\ncontrols augment the existing ones based on network interface and IP\naddress. The former are very coarse-grained, and the latter can be\nspoofed. By using IPSec, the system can control access to remote\nhosts based on cryptographic keys generated using the IPSec mechanism.\nThis enables access control on a per-machine basis or per-application\nif the remote machine is running the same mechanism and trusted to\nenforce the access control policy.\n\nPatch design approach:\n\nThe overall approach is that policy (xfrm_policy) entries set by\nuser-level programs (e.g., setkey for ipsec-tools) are extended with a\nsecurity context that is used at policy selection time in the XFRM\nsubsystem to restrict the sockets that can send/receive packets via\nsecurity associations (xfrm_states) that are built from those\npolicies.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nOn output, the policy retrieved (via xfrm_policy_lookup or\nxfrm_sk_policy_lookup) must be authorized for the security context of\nthe socket and the same security context is required for resultant\nsecurity association (retrieved or negotiated via racoon in\nipsec-tools). This is enforced in xfrm_state_find.\n\nOn input, the policy retrieved must also be authorized for the socket\n(at __xfrm_policy_check), and the security context of the policy must\nalso match the security association being used.\n\nThe patch has virtually no impact on packets that do not use IPSec.\nThe existing Netfilter (outgoing) and LSM rcv_skb hooks are used as\nbefore.\n\nAlso, if IPSec is used without security contexts, the impact is\nminimal. The LSM must allow such policies to be selected for the\ncombination of socket and remote machine, but subsequent IPSec\nprocessing proceeds as in the original case.\n\nTesting:\n\nThe pfkey interface is tested using the ipsec-tools. ipsec-tools have\nbeen modified (a separate ipsec-tools patch is available for version\n0.5) that supports assignment of xfrm_policy entries and security\nassociations with security contexts via setkey and the negotiation\nusing the security contexts via racoon.\n\nThe xfrm_user interface is tested via ad hoc programs that set\nsecurity contexts. These programs are also available from me, and\ncontain programs for setting, getting, and deleting policy for testing\nthis interface. Testing of sa functions was done by tracing kernel\nbehavior.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dd0fc66fb33cd610bc1a5db8a5e232d34879b4d7", "tree": "51f96a9db96293b352e358f66032e1f4ff79fafb", "parents": [ "3b0e77bd144203a507eb191f7117d2c5004ea1de" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Fri Oct 07 07:46:04 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 15:00:57 2005 -0700" }, "message": "[PATCH] gfp flags annotations - part 1\n\n - added typedef unsigned int __nocast gfp_t;\n\n - replaced __nocast uses for gfp flags with gfp_t - it gives exactly\n the same warnings as far as sparse is concerned, doesn\u0027t change\n generated code (from gcc point of view we replaced unsigned int with\n typedef) and documents what\u0027s going on far better.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "77d8d7a6848c81084f413e1ec4982123a56e2ccb", "tree": "37a160b0b5fcb8a079bcafec5091fd331e14d54c", "parents": [ "140e26fcd559f6988e5a9056385eecade19d9b49" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Oct 05 12:15:12 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 05 12:15:12 2005 -0700" }, "message": "[IPSEC]: Document that policy direction is derived from the index.\n\nHere is a patch that adds a helper called xfrm_policy_id2dir to\ndocument the fact that the policy direction can be and is derived\nfrom the index.\n\nThis is based on a patch by YOSHIFUJI Hideaki and 210313105@suda.edu.cn.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "00fa02334540ec795934737cd6e6ef8db2560731", "tree": "6d8b137ebcb01954712c33ba2a9ff777a5e81429", "parents": [ "c6f4fafccfa66f0530587ac3c11bb8fd0b8fe8ab" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Tue Oct 04 22:43:04 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 04 22:43:04 2005 -0700" }, "message": "[AF_KEY]: fix sparse gfp nocast warnings\n\nFix implicit nocast warnings in net/key code:\nnet/key/af_key.c:195:27: warning: implicit cast to nocast type\nnet/key/af_key.c:1439:28: warning: implicit cast to nocast type\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dd87147eed934eaff92869f3d158697c7239d1d2", "tree": "5a5d59c2678767530c2a3299a70ccfc14062b347", "parents": [ "d094cd83c06e06e01d8edb540555f3f64e4081c2" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jun 20 13:21:43 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 20 13:21:43 2005 -0700" }, "message": "[IPSEC]: Add XFRM_STATE_NOPMTUDISC flag\n\nThis patch adds the flag XFRM_STATE_NOPMTUDISC for xfrm states. It is\nsimilar to the nopmtudisc on IPIP/GRE tunnels. It only has an effect\non IPv4 tunnel mode states. For these states, it will ensure that the\nDF flag is always cleared.\n\nThis is primarily useful to work around ICMP blackholes.\n\nIn future this flag could also allow a larger MTU to be set within the\ntunnel just like IPIP/GRE tunnels. This could be useful for short haul\ntunnels where temporary fragmentation outside the tunnel is desired over\nsmaller fragments inside the tunnel.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "72cb6962a91f2af9eef69a06198e1949c10259ae", "tree": "3ae65d1c4e7d7cb7ac05bfc6f457312df45f6996", "parents": [ "3f7a87d2fa9b42f7aade43914f060df68cc89cc7" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jun 20 13:18:08 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 20 13:18:08 2005 -0700" }, "message": "[IPSEC]: Add xfrm_init_state\n\nThis patch adds xfrm_init_state which is simply a wrapper that calls\nxfrm_get_type and subsequently x-\u003etype-\u003einit_state. It also gets rid\nof the unused args argument.\n\nAbstracting it out allows us to add common initialisation code, e.g.,\nto set family-specific flags.\n\nThe add_time setting in xfrm_user.c was deleted because it\u0027s already\nset by xfrm_state_alloc.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7d6dfe1f5bc4c56e0c31173014a099ec3fa35907", "tree": "a6b04337c4f6d1ff7b050082dc7e69dc5617d3d0", "parents": [ "f60f6b8f70c756fc786d68f02ec17a1e84db645f" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sat Jun 18 22:45:31 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:45:31 2005 -0700" }, "message": "[IPSEC] Fix xfrm_state leaks in error path\n\nHerbert Xu wrote:\n\u003e @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st\n\u003e if (IS_ERR(x))\n\u003e return PTR_ERR(x);\n\u003e\n\u003e + xfrm_state_hold(x);\n\nThis introduces a leak when xfrm_state_add()/xfrm_state_update()\nfail. We hold two references (one from xfrm_state_alloc(), one\nfrom xfrm_state_hold()), but only drop one. We need to take the\nreference because the reference from xfrm_state_alloc() can\nbe dropped by __xfrm_state_delete(), so the fix is to drop both\nreferences on error. Same problem in xfrm_user.c.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f60f6b8f70c756fc786d68f02ec17a1e84db645f", "tree": "8eee05de129439e4ffde876d2208a613178acfe3", "parents": [ "e7443892f656d760ec1b9d92567178c87e100f4a" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:44:37 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:44:37 2005 -0700" }, "message": "[IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_*\n\nThis patch removes XFRM_SAP_* and converts them over to XFRM_MSG_*.\nThe netlink interface is meant to map directly onto the underlying\nxfrm subsystem. Therefore rather than using a new independent\nrepresentation for the events we can simply use the existing ones\nfrom xfrm_user.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "bf08867f91a43aa3ba2e4598c06c4769a6cdddf6", "tree": "316504b4756a32d802ea037815f2d9022ab88bfe", "parents": [ "4f09f0bbc1cb3c74e8f2047ad4be201a059829ee" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:44:00 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:44:00 2005 -0700" }, "message": "[IPSEC] Turn km_event.data into a union\n\nThis patch turns km_event.data into a union. This makes code that\nuses it clearer.\n \nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "4f09f0bbc1cb3c74e8f2047ad4be201a059829ee", "tree": "d5ceba89f401b073cea383fa245c2b6299b7d07e", "parents": [ "4666faab095230ec8aa62da6c33391287f281154" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:43:43 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:43:43 2005 -0700" }, "message": "[IPSEC] Fix xfrm to pfkey SA state conversion\n\nThis patch adjusts the SA state conversion in af_key such that\nXFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD\ninstead of SADB_STATE_DYING.\n\nAccording to RFC 2367, SADB_STATE_DYING SAs can be turned into\nmature ones through updating their lifetime settings. Since SAs\nwhich are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot\nbe resurrected, this value is unsuitable.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "26b15dad9f1c19d6d4f7b999b07eaa6d98e4b375", "tree": "2ca3039488d9df023fb84eaa7c1f52aa8d1ce69c", "parents": [ "3aa3dfb372576f30835a94409556e3c8681b5756" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Sat Jun 18 22:42:13 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:42:13 2005 -0700" }, "message": "[IPSEC] Add complete xfrm event notification\n\nHeres the final patch.\nWhat this patch provides\n\n- netlink xfrm events\n- ability to have events generated by netlink propagated to pfkey\n and vice versa.\n- fixes the acquire lets-be-happy-with-one-success issue\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }