Add new per-packet access controls to SELinux, replacing the old
packet controls.
Packets are labeled with the iptables SECMARK and CONNSECMARK targets,
then security policy for the packets is enforced with these controls.
To allow for a smooth transition to the new controls, the old code is
still present, but not active by default. To restore previous
behavior, the old controls may be activated at runtime by writing a
'1' to /selinux/compat_net, and also via the kernel boot parameter
selinux_compat_net. Switching between the network control models
requires the security load_policy permission. The old controls will
probably eventually be removed and any continued use is discouraged.
With this patch, the new secmark controls for SElinux are disabled by
default, so existing behavior is entirely preserved, and the user is
not affected at all.
It also provides a config option to enable the secmark controls by
default (which can always be overridden at boot and runtime). It is
also noted in the kconfig help that the user will need updated
userspace if enabling secmark controls for SELinux and that they'll
probably need the SECMARK and CONNMARK targets, and conntrack protocol
helpers, although such decisions are beyond the scope of kernel
configuration.
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
From: David Howells <dhowells@redhat.com>
Apply some alterations to the memory barrier document that I worked out
with Paul McKenney of IBM, plus some of the alterations suggested by Alan
Stern.
The following changes were made:
(*) One of the examples given for what can happen with overlapping memory
barriers was wrong.
(*) The description of general memory barriers said that a general barrier is
a combination of a read barrier and a write barrier. This isn't entirely
true: it implies both, but is more than a combination of both.
(*) The first example in the "SMP Barrier Pairing" section was wrong: the
loads around the read barrier need to touch the memory locations in the
opposite order to the stores around the write barrier.
(*) Added a note to make explicit that the loads should be in reverse order to
the stores.
(*) Adjusted the diagrams in the "Examples Of Memory Barrier Sequences"
section to make them clearer. Added a couple of diagrams to make it more
clear as to how it could go wrong without the barrier.
(*) Added a section on memory speculation.
(*) Dropped any references to memory allocation routines doing memory
barriers. They may do sometimes, but it can't be relied on. This may be
worthy of further documentation later.
(*) Made the fact that a LOCK followed by an UNLOCK should not be considered a
full memory barrier more explicit and gave an example.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Paul E. McKenney <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Update documentation to match reality. INPCK controls whether input
parity checking is enabled.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
- remove the following global function that is both unused and
unimplemented:
- register_firmware()
- make the following needlessly global function static:
- firmware_class_uevent()
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Grand unification of the three types of workarounds we have so far.
The "skip mode page 8" workaround is now limited to devices which
pretend to be of TYPE_DISK instead of TYPE_RBC. This workaround is no
longer enabled for Initio bridges.
Patch update in anticipation of more workarounds:
- Add module parameter "workarounds".
- Deprecate parameter "force_inquiry_hack".
- Compose the blacklist of a compound type for better readability and
extensibility.
- Remove a now unused #define.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We need to be able to have a "SPI bus 0" matching chip numbering; but
that number was wrongly used to flag dynamic allocation of a bus number.
This patch resolves that issue; now negative numbers trigger dynamic alloc.
It also updates the how-to-write-a-controller-driver overview to mention
this stuff.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This driver turns a PXA2xx synchronous serial port (SSP) into a SPI master
controller (see Documentation/spi/spi_summary). The driver has the following
features:
- Support for any PXA2xx SSP
- SSP PIO and SSP DMA data transfers.
- External and Internal (SSPFRM) chip selects.
- Per slave device (chip) configuration.
- Full suspend, freeze, resume support.
Signed-off-by: Stephen Street <stephen@streetfiresound.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fix the simple watchdog daemon program in Doc/watchdog/watchdog-api.txt
to build cleanly.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Changing the driver to use dynamic device numbers was one of the many
changes that were made in order to have the driver accepted into the
mainline kernel. Therefore I would say that the entry in devices.txt is
obsolete. This patch removes it.
Signed-off-by: Peter Osterlund <petero2@telia.com>
Cc: Torben Mathiasen <device@lanana.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
BBTI has updated their driver, and removed the old one from their website.
This patch updates the get_dvb_firmware script to download the firmware
from the new driver location.
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET_SCHED]: HFSC: fix thinko in hfsc_adjust_levels()
[IPV6]: skb leakage in inet6_csk_xmit
[BRIDGE]: Do sysfs registration inside rtnl.
[NET]: Do sysfs registration as part of register_netdevice.
[TG3]: Fix possible NULL deref in tg3_run_loopback().
[NET] linkwatch: Handle jiffies wrap-around
[IRDA]: Switching to a workqueue for the SIR work
[IRDA]: smsc-ircc: Minimal hotplug support.
[IRDA]: Removing unused EXPORT_SYMBOLs
[IRDA]: New maintainer.
[NET]: Make netdev_chain a raw notifier.
[IPV4]: ip_options_fragment() has no effect on fragmentation
[NET]: Add missing operstates documentation.
* git://git.kernel.org/pub/scm/linux/kernel/git/perex/alsa: (22 commits)
[ALSA] via82xx - Use DXS_SRC as default for VIA8235/8237/8251 chips
[ALSA] hda-codec - Add model entry for ASUS Z62F
[ALSA] PCMCIA sound devices shouldn't depend on ISA
[ALSA] hda-codec - Fix capture from line-in on VAIO SZ/FE laptops
[ALSA] Fix Oops at rmmod with CONFIG_SND_VERBOSE_PROCFS=n
[ALSA] PCM core - introduce CONFIG_SND_PCM_XRUN_DEBUG
[ALSA] adding __devinitdata to pci_device_id
[ALSA] add __devinitdata to all pci_device_id
[ALSA] hda-codec - Add codec id for AD1988B codec chip
[ALSA] hda-codec - Add model entry for ASUS M9 laptop
[ALSA] pcxhr - Fix a compiler warning on 64bit architectures
[ALSA] via82xx: tweak VT8251 workaround
[ALSA] intel8x0 - Disable ALI5455 SPDIF-input
[ALSA] via82xx: add support for VIA VT8251 (AC'97)
[ALSA] Fix typos and add information about Jack support to Audiophile-Usb.txt
[ALSA] Fix double free in error path of miro driver
[ALSA] hda-codec - Add entry for Epox EP-5LDA+ GLi
[ALSA] sound/pci/: remove duplicate #include's
[ALSA] hda-codec - Use model 'hp' for all HP laptops with AD1981HD
[ALSA] continue on IS_ERR from platform device registration
...
As reported in Bugzilla Bug 6406, resume from S3 results in a blank screen.
For the IBM Thinkpad X30 using vesafb as the console driver, successful resume
from S3 requires option acpi_sleep=s3_bios,s3_mode. Update documentation.
I would presume that, in any hardware, using vesafb as the console driver will
require as a minimum s3_mode.
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Cc: <igor47@uchicago.edu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6:
[PATCH] PCI quirk: VIA IRQ fixup should only run for VIA southbridges
[PATCH] PCI: fix potential resource leak in drivers/pci/msi.c
[PATCH] PCI: Documentation: no more device ids
[PATCH] PCI: fix via irq SATA patch
Document that we don't like to add more PCI device ids
but are happy to accept PCI vendor ids for linux/include/pci_ids.h
Original text from Jeff Garzik.
Signed-off-by: Ingo Oeser <netdev@axxeo.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Refering to <kernelsource>/Documentation/pci.txt
the struct pci_device_id can be released after loading the module.
Signed-off-by: Kenrik Kretzschmar <henne@nachtwindheim.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When abort failed, the driver gets reset handleer called. In the reset
handler, driver calls 'scsi_done()' callback for same SCSI command packet
(struct scsi_cmnd) multiple times if there are multiple SCSI command packet
in the pend_list. More over, if there are entry in the pend_lsit with
IOCTL packet associated, the driver returns it to wrong free_list so that,
in turn, the driver could end up with 'NULL pointer dereference..' during
I/O command building with incorrect resource.
Also, the patch contains several minor/cosmetic changes besides this.
Signed-off-by: Seokmann Ju <seokmann.ju@lsil.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Update the schedule for the removal of drivers depending on
OBSOLETE_OSS_DRIVER as follows:
- adjust OBSOLETE_OSS_DRIVER dependencie
- from the release of 2.6.16 till the release of 2.6.17:
approx. two months for users to report problems with the ALSA
drivers for the same hardware
- after the release of 2.6.17 (and before 2.6.18):
remove the subset of drivers marked at OBSOLETE_OSS_DRIVER without
known regressions in the ALSA drivers for the same hardware
Additionally, correct some OBSOLETE_OSS_DRIVER dependencies.
A rationale of the changes is in
http://lkml.org/lkml/2006/1/28/135
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We added the ability to change a block device's IO elevator scheduler both
at kernel boot and on-the-fly, but we only documented the elevator= boot
parameter. Add a quick how-to on doing it on the fly.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Jens Axboe <axboe@suse.de>
Add new line of /proc/meminfo output.
Explain the HugePage_ lines in /proc/meminfo (from Bill Irwin).
Change KB to kB since the latter is what is used in the kernel.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Improve serial driver documentation:
- Remove CVS id.
- Update pointer to reference driver documentation.
- Add comments about new uart_write_console function.
- Add TIOCM_LOOP modem control bit description.
- Add commentry about enable_ms method being called multiple times.
- Add commentry about startup/shutdown method calling.
- Mention that dereferencing port->info after shutdown is invalid.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (170 commits)
commit 3d9dd7564d
Author: Zach Brown <zach.brown@oracle.com>
Date: Fri Apr 14 16:04:18 2006 -0700
[PATCH] ip_output: account for fraggap when checking to add trailer_len
During other work I noticed that ip_append_data() seemed to be forgetting to
include the frag gap in its calculation of a fragment that consumes the rest of
the payload. Herbert confirmed that this was a bug that snuck in during a
previous rework.
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 08d099974a
Author: Linus Walleij <triad@df.lth.se>
Date: Fri Apr 14 16:03:33 2006 -0700
[IRDA]: smsc-ircc2, smcinit support for ALi ISA bridges
...
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6: (78 commits)
commit e97b81ddbb
Author: Mark M. Hoffman <mhoffman@lightlink.com>
Date: Thu Mar 23 16:50:25 2006 +0100
[PATCH] i2c-parport: Make type parameter mandatory
This patch forces the user to specify what type of adapter is present when
loading i2c-parport or i2c-parport-light. If none is specified, the driver
init simply fails - instead of assuming adapter type 0.
This alleviates the sometimes lengthy boot time delays which can be caused
by accidentally building one of these into a kernel along with several i2c
slave drivers that have lengthy probe routines (e.g. hwmon drivers).
Kconfig and documentation updated accordingly.
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
...
Documentation to describe asynchronous xfrm events to help people
writting HA code in user space.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
This updates the DMA API documentation to address a few issues:
- The dma_map_sg() call results are used like pci_map_sg() results:
using sg_dma_address() and sg_dma_len(). That's not wholly obvious
to folk reading _only_ the "new" DMA-API.txt writeup.
- Buffers allocated by dma_alloc_coherent() may not be completely
free of coherency concerns ... some CPUs also have write buffers
that may need to be flushed.
- Cacheline coherence issues are now mentioned as being among issues
which affect dma buffers, and complicate/prevent using of static and
(especially) stack based buffers with the DMA calls.
I don't think many drivers currently need to worry about flushing write
buffers, but I did hit it with one SOC using external SDRAM for DMA
descriptors: without explicit writebuffer flushing, the on-chip DMA
controller accessed descriptors before the CPU completed the writes.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch forces the user to specify what type of adapter is present when
loading i2c-parport or i2c-parport-light. If none is specified, the driver
init simply fails - instead of assuming adapter type 0.
This alleviates the sometimes lengthy boot time delays which can be caused
by accidentally building one of these into a kernel along with several i2c
slave drivers that have lengthy probe routines (e.g. hwmon drivers).
Kconfig and documentation updated accordingly.
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild:
kconfig: fix typo in change count initialization
kconfig: recenter menuconfig
kconfig: revert conf behaviour change
kconfig: fix default value for choice input
kbuild: fix NULL dereference in scripts/mod/modpost.c
kbuild: fix mode of checkstack.pl and other files.
kbuild: rebuild initramfs if content of initramfs changes
kbuild: properly pass options to hostcc when doing make O=..
kbuild: modules_install for external modules must not remove existing modules
kbuild: fix make dir/
ver_linux: don't print reiser4progs version if none found
kbuild: mips: fix sed regexp to generate asm-offset.h
kbuild: fix building single targets with make O=.. single-target
kbuild: use relative path to -I
kbuild: fix unneeded rebuilds in drivers/net/chelsio after moving source tree
kbuild: fix unneeded rebuilds in drivers/media/video after moving source tree
kbuild: fix garbled text in modules.txt
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block:
[PATCH] vfs: add splice_write and splice_read to documentation
[PATCH] Remove sys_ prefix of new syscalls from __NR_sys_*
[PATCH] splice: warning fix
[PATCH] another round of fs/pipe.c cleanups
[PATCH] splice: comment styles
[PATCH] splice: add Ingo as addition copyright holder
[PATCH] splice: unlikely() optimizations
[PATCH] splice: speedups and optimizations
[PATCH] pipe.c/fifo.c code cleanups
[PATCH] get rid of the PIPE_*() macros
[PATCH] splice: speedup __generic_file_splice_read
[PATCH] splice: add direct fd <-> fd splicing support
[PATCH] splice: add optional input and output offsets
[PATCH] introduce a "kernel-internal pipe object" abstraction
[PATCH] splice: be smarter about calling do_page_cache_readahead()
[PATCH] splice: optimize the splice buffer mapping
[PATCH] splice: cleanup __generic_file_splice_read()
[PATCH] splice: only call wake_up_interruptible() when we really have to
[PATCH] splice: potential !page dereference
[PATCH] splice: mark the io page as accessed
With Hansjoerg Lipp <hjlipp@web.de>
Add a README file for the Siemens Gigaset drivers to the Documentation/isdn
directory.
Signed-off-by: Hansjoerg Lipp <hjlipp@web.de>
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
In the memory barrier document, improve the example of the data dependency
barrier situation by:
(1) showing the initial values of the variables involved; and
(2) repeating the instruction sequence description, this time with the data
dependency barrier actually shown to make it clear what the revised
sequence actually is.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix the memory barrier documentation to attempt to describe atomic ops
correctly.
atomic_t ops that return a value _do_ imply smp_mb() either side, and so
don't actually require smp_mb__*_atomic_*() special barriers.
Also explains why special barriers exist in addition to normal barriers.
Further fix the memory barrier documents to portray bitwise operation
memory barrier effects correctly following Nick Piggin's comments.
It makes the point that any atomic op that both modifies some state in
memory and returns information on that state implies memory barriers on
both sides.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix mtrr-add.c and mtrr-show.c in Doc/mtrr.txt to build cleanly.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix C source file in Doc/laptop-mode.txt to compile.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
These are the last conversions of pci_set_dma_mask(),
pci_set_consistent_dma_mask() and pci_dma_supported() to use DMA_xBIT_MASK
constants from linux/dma-mapping.h
Signed-off-by: Tobias Klauser <tklauser@nuerscht.ch>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Implement the scheduled unexport of panic_timeout.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch adds the new splice_write and splice_read file operations to
Documentation/filesystems/vfs.txt.
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Jens Axboe <axboe@suse.de>
Overriding the whole EH code is a per-transport, not per-host thing.
Move ->eh_strategy_handler to the transport class, same as
->eh_timed_out.
Downside is that scsi_host_alloc can't check for the total lack of EH
anymore, but the transition period from old EH where we needed it is
long gone already.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
From: Keith Mannthey, Andi Kleen
Implement memory hotadd without sparsemem. The memory in the SRAT
hotadd area is just preserved instead and can be activated later.
There are a few restrictions:
- Only one continuous hotadd area allowed per node
The main problem is dealing with the many buggy SRAT tables
that are out there. The strategy here is to reject anything
suspicious.
Originally from Keith Mannthey, with several hacks and changes by AK
and also contributions from Andrew Morton
[ TBD: Problems pointed out by KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>:
1) Goto's rebuild_zonelist patch will not work if CONFIG_MEMORY_HOTPLUG=n.
Rebuilding zonelist is necessary when the system has just memory <
4G at boot, and hot add memory > 4G. because x86_64 has DMA32,
ZONE_NORAML is not included into zonelist at boot time if system
doesn't have memory >4G at boot.
[AK: should just force the higher zones at boot time when SRAT tells us]
2) zone and node's spanned_pages and present_pages are not incremented.
They should be.
For example, our server (ia64/Fujitsu PrimeQuest) can equip memory
from 4G to 1T(maybe 2T in future), and SRAT will *always* say we have
possible 1T +memory. (Microsoft requires "write all possible memory
in SRAT") When we reserve memmap for possible 1T memory, Linux will
not work well in +minimum 4G configuraion ;)
[AK: needs limiting to 5-10% of max memory]
]
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>