Commit graph

90935 commits

Author SHA1 Message Date
Stefan Richter
bd7dee6311 firewire: remove superfluous reference counting
The card->kref became obsolete since patch "firewire: fix crash in
automatic module unloading" added another counter of card users.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
2008-04-18 17:55:31 +02:00
Philippe De Muyter
a6ca4f7081 ieee1394: limit early node speed to host interface speed
The following patch limits the node speed to the host interface speed,
before using it.

Signed-off-by: Philippe De Muyter <phdm@macqel.be>

It should actually suffice to do this only for the local node's
speedcap[].  But there is another bug in the speed calculation:
The local node's speed is not correctly propagated to the speeds
which are to be used to access remote nodes.
http://thread.gmane.org/gmane.linux.kernel.firewire.devel/11772/focus=12024

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:31 +02:00
Robert P. J. Day
ee2d91e2b3 ieee1394: Remove superfluous calls to kobject_set_name().
Unless you're adding a kobject to the sysfs hierarchy, there is no
point setting its kobject name.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:31 +02:00
Stefan Richter
9508c208aa ieee1394: ohci1394: missing PPC PMac feature calls in failure path
The failure path of ohci1394_pci_probe() reuses ohci1394_pci_remove().
Doing so it missed to call ohci1394_pmac_off() in a few unlikely early
error cases.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:31 +02:00
Stefan Richter
c4e2e02bc9 ieee1394: ohci1394: refactor some printk format strings
to reduce the size of ohci1394.ko.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:31 +02:00
Stefan Richter
d09c680383 ieee1394: ohci1394: unroll a macro with return
We don't want to hide something like return in a preprocessor macro.
Unroll the macro and use a goto, which also reduces the size of
ohci1394.ko.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:30 +02:00
Robert P. J. Day
e351c4d069 ieee1394: Use shorter list_splice_init() for brevity.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:30 +02:00
Harvey Harrison
b1ce1fd778 ieee1394: replace remaining __FUNCTION__ occurrences
__FUNCTION__ is gcc-specific, use __func__

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:30 +02:00
Stefan Richter
b25d166616 ieee1394: ohci1394: refactor probe, remove, suspend, resume
Clean up shared code and variable names.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:30 +02:00
Stefan Richter
38275ac36d ieee1394: ohci1394: switch on bus power after resume on PPC PMac
The platform feature calls in the suspend method switched off cable
power, but the calls in the resume method did not switch it back on.

Add the necessary feature call to .resume.  Also add the corresponding
call to .suspend to make .suspend's behavior explicitly the same on all
PMacs.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:30 +02:00
Stefan Richter
d2ace29fa4 ieee1394: prevent device binding of raw1394, video1394, dv1394
These drivers don't need to match any unit_directory type device.
They just need the id_table for module autoloading per module alias.

Not binding any of these drivers allows special-purpose drivers with
similar or same IDs to bind to devices.  This currently only benefits
out-of-tree drivers; on the other hand it is in no way detrimental to
in-tree drivers.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:29 +02:00
Marcin Slusarz
63995d4650 ieee1394: be*_add_cpu conversion
replace all:
big_endian_variable = cpu_to_beX(beX_to_cpu(big_endian_variable) +
					expression_in_cpu_byteorder);
with:
	beX_add_cpu(&big_endian_variable, expression_in_cpu_byteorder);
generated with semantic patch

Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:29 +02:00
Stefan Richter
a4b47d62c5 ieee1394: sbp2: relax SCSI DMA alignment
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2008-04-18 17:55:29 +02:00
Linus Torvalds
253ba4e79e Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6
* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6: (87 commits)
  [XFS] Fix merge failure
  [XFS] The forward declarations for the xfs_ioctl() helpers and the
  [XFS] Update XFS documentation for noikeep/ikeep.
  [XFS] Update XFS Documentation for ikeep and ihashsize
  [XFS] Remove unused HAVE_SPLICE macro.
  [XFS] Remove CONFIG_XFS_SECURITY.
  [XFS] xfs_bmap_compute_maxlevels should be based on di_forkoff
  [XFS] Always use di_forkoff when checking for attr space.
  [XFS] Ensure the inode is joined in xfs_itruncate_finish
  [XFS] Remove periodic logging of in-core superblock counters.
  [XFS] fix logic error in xfs_alloc_ag_vextent_near()
  [XFS] Don't error out on good I/Os.
  [XFS] Catch log unmount failures.
  [XFS] Sanitise xfs_log_force error checking.
  [XFS] Check for errors when changing buffer pointers.
  [XFS] Don't allow silent errors in xfs_inactive().
  [XFS] Catch errors from xfs_imap().
  [XFS] xfs_bulkstat_one_dinode() never returns an error.
  [XFS] xfs_iflush_fork() never returns an error.
  [XFS] Catch unwritten extent conversion errors.
  ...
2008-04-18 08:39:39 -07:00
Linus Torvalds
188da98800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6: (58 commits)
  ide: remove ide_init_default_irq() macro
  ide: move default IDE ports setup to ide_generic host driver
  ide: remove obsoleted "idex=noprobe" kernel parameter (take 2)
  ide: remove needless hwif->irq check from ide_hwif_configure()
  ide: init hwif->{io_ports,irq} explicitly in legacy VLB host drivers
  ide: limit legacy VLB host drivers to alpha, x86 and mips
  cmd640: init hwif->{io_ports,irq} explicitly
  cmd640: cleanup setup_device_ptrs()
  ide: add ide-4drives host driver (take 3)
  ide: remove ppc ifdef from init_ide_data()
  ide: remove ide_default_io_ctl() macro
  ide: remove CONFIG_IDE_ARCH_OBSOLETE_INIT
  ide: add CONFIG_IDE_ARCH_OBSOLETE_DEFAULTS (take 2)
  ppc/pmac: remove no longer needed IDE quirk
  ppc: don't include <linux/ide.h>
  ppc: remove ppc_ide_md
  ppc/pplus: remove ppc_ide_md.ide_init_hwif hook
  ppc/sandpoint: remove ppc_ide_md hooks
  ppc/lopec: remove ppc_ide_md hooks
  ppc/mpc8xx: remove ppc_ide_md hooks
  ...
2008-04-18 08:39:24 -07:00
Linus Torvalds
07fe944e87 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx:
  dmaengine: ack to flags: make use of the unused bits in the 'ack' field
  iop-adma: remove the workaround for missed interrupts on iop3xx
  async_tx: kill ->device_dependency_added
  async_tx: fix multiple dependency submission
  fsldma: Split the MPC83xx event from MPC85xx and refine irq codes.
  fsldma: Remove CONFIG_FSL_DMA_SELFTEST, keep fsl_dma_self_test() running always.
2008-04-18 08:38:55 -07:00
Linus Torvalds
8019aa946a Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: (79 commits)
  ata-acpi: don't call _GTF for disabled drive
  sata_mv add temporary 3 second init delay for SiliconImage PMs
  sata_mv remove redundant edma init code
  sata_mv add basic port multiplier support
  sata_mv fix SOC flags, enable NCQ on SOC
  sata_mv disable hotplug for now
  sata_mv cosmetics
  sata_mv hardreset rework
  [libata] improve Kconfig help text for new PMP, SFF options
  libata: make EH fail gracefully if no reset method is available
  libata: Be a bit more slack about early devices
  libata: cable logic
  libata: move link onlineness check out of softreset methods
  libata: kill dead code paths in reset path
  pata_scc: fix build breakage
  libata: make PMP support optional
  libata: implement PMP helpers
  libata: separate PMP support code from core code
  libata: make SFF support optional
  libata: don't use ap->ioaddr in non-SFF drivers
  ...
2008-04-18 08:38:06 -07:00
Linus Torvalds
73e3e6481f Merge git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt
* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt:
  clocksource: make clocksource watchdog cycle through online CPUs
  Documentation: move timer related documentation to a single place
  clockevents: optimise tick_nohz_stop_sched_tick() a bit
  locking: remove unused double_spin_lock()
  hrtimers: simplify lockdep handling
  timers: simplify lockdep handling
  posix-timers: fix shadowed variables
  timer_list: add annotations to workqueue.c
  hrtimer: use nanosleep specific restart_block fields
  hrtimer: add nanosleep specific restart_block member
2008-04-18 08:37:41 -07:00
Linus Torvalds
4adeaaf51e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6:
  jfs: replace __inline with inline
  jfs: le*_add_cpu conversion
2008-04-18 08:37:19 -07:00
Linus Torvalds
9732b61123 Merge git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-kgdb
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-kgdb:
  kgdb: always use icache flush for sw breakpoints
  kgdb: fix SMP NMI kgdb_handle_exception exit race
  kgdb: documentation fixes
  kgdb: allow static kgdbts boot configuration
  kgdb: add documentation
  kgdb: Kconfig fix
  kgdb: add kgdb internal test suite
  kgdb: fix several kgdb regressions
  kgdb: kgdboc pl011 I/O module
  kgdb: fix optional arch functions and probe_kernel_*
  kgdb: add x86 HW breakpoints
  kgdb: print breakpoint removed on exception
  kgdb: clocksource watchdog
  kgdb: fix NMI hangs
  kgdb: fix kgdboc dynamic module configuration
  kgdb: document parameters
  x86: kgdb support
  consoles: polling support, kgdboc
  kgdb: core
  uaccess: add probe_kernel_write()
2008-04-18 08:37:01 -07:00
Linus Torvalds
9e9abecfc0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: (613 commits)
  x86: standalone trampoline code
  x86: move suspend wakeup code to C
  x86: coding style fixes to arch/x86/kernel/acpi/sleep.c
  x86: setup_trampoline() - fix section mismatch warning
  x86: section mismatch fixes, #1
  x86: fix paranoia about using BIOS quickboot mechanism.
  x86: print out buggy mptable
  x86: use cpu_online()
  x86: use cpumask_of_cpu()
  x86: remove unnecessary tmp local variable
  x86: remove unnecessary memset()
  x86: use ioapic_read_entry() and ioapic_write_entry()
  x86: avoid redundant loop in io_apic_level_ack_pending()
  x86: remove superfluous initialisation in boot code.
  x86: merge mpparse_{32,64}.c
  x86: unify mp_register_gsi
  x86: unify mp_config_acpi_legacy_irqs
  x86: unify mp_register_ioapic
  x86: unify uniq_io_apic_id
  x86: unify smp_scan_config
  ...
2008-04-18 08:25:51 -07:00
Linus Torvalds
d7bb545d86 Merge branch 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc
* 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc:
  Remove DEBUG_SEMAPHORE from Kconfig
  Improve semaphore documentation
  Simplify semaphore implementation
  Add down_timeout and change ACPI to use it
  Introduce down_killable()
  Generic semaphore implementation
  Add semaphore.h to kernel_lock.c
  Fix quota.h includes
2008-04-18 08:25:29 -07:00
Linus Torvalds
75e98b3415 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: (104 commits)
  IB/iser: Don't change itt endianness
  IB/mlx4: Update module version and release date
  IPoIB: Handle case when P_Key is deleted and re-added at same index
  IB/iser: Release connection resources on RDMA_CM_EVENT_DEVICE_REMOVAL event
  IB/mlx4: Fix incorrect comment
  IB/mlx4: Fix race when detaching a QP from a multicast group
  IB/ehca: Support all ibv_devinfo values in query_device() and query_port()
  RDMA/nes: Free IRQ before killing tasklet
  IB/mthca: Update module version and release date
  IB/mlx4: Update QP state if query QP succeeds
  IB/mthca: Update QP state if query QP succeeds
  RDMA/amso1100: Add check for NULL reply_msg in c2_intr()
  IB/mlx4: Add support for resizing CQs
  IB/mlx4: Add support for modifying CQ moderation parameters
  IPoIB: Support modifying IPoIB CQ event moderation
  IB/core: Add support for modify CQ
  IPoIB: Add basic ethtool support
  mlx4_core: Increase max number of QPs to 128K
  RDMA/amso1100: Add support for "send with invalidate" work requests
  IB/core: Add support for "send with invalidate" work requests
  ...
2008-04-18 08:20:06 -07:00
Linus Torvalds
30bc94566e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  security: enhance DEFAULT_MMAP_MIN_ADDR description
  SELinux: add netport.[ch]
  SELinux: Add network port SID cache
  SELinux: turn mount options strings into defines
  selinux/ss/services.c should #include <linux/selinux.h>
  selinux: introduce permissive types
  selinux: remove ptrace_sid
  SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()
  security: code cleanup
  security: replace remaining __FUNCTION__ occurrences
  SELinux: create new open permission
  selinux: selinux/netlabel.c should #include "netlabel.h"
  SELinux: unify printk messages
  SELinux: remove unused backpointers from security objects
  SELinux: Correct the NetLabel locking for the sk_security_struct
2008-04-18 08:19:40 -07:00
Linus Torvalds
4cba84b5d6 Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (36 commits)
  [S390] Remove code duplication from monreader / dcssblk.
  [S390] kernel: show last breaking-event-address on oops
  [S390] lowcore: Change type of lowcores softirq_pending to __u32.
  [S390] zcrypt: Comments and kernel-doc cleanup
  [S390] uaccess: Always access the correct address space.
  [S390] Fix a lot of sparse warnings.
  [S390] Convert s390 to GENERIC_CLOCKEVENTS.
  [S390] genirq/clockevents: move irq affinity prototypes/inlines to interrupt.h
  [S390] Convert monitor calls to function calls.
  [S390] qdio (new feature): enhancing info-retrieval from QDIO-adapters
  [S390] replace remaining __FUNCTION__ occurrences
  [S390] remove redundant display of free swap space in show_mem()
  [S390] qdio: remove outdated developerworks link.
  [S390] Add debug_register_mode() function to debug feature API
  [S390] crypto: use more descriptive function names for init/exit routines.
  [S390] switch sched_clock to store-clock-extended.
  [S390] zcrypt: add support for large random numbers
  [S390] hw_random: allow rng_dev_read() to return hardware errors.
  [S390] Vertical cpu management.
  [S390] cpu topology support for s390.
  ...
2008-04-18 08:19:15 -07:00
Linus Torvalds
7d939fbdfe Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
  slub: No need for per node slab counters if !SLUB_DEBUG
  slub: Move map/flag clearing to __free_slab
  slub: Fixes to per cpu stat output in sysfs
  slub: Deal with config variable dependencies
  slub: Reduce #ifdef ZONE_DMA by moving kmalloc_caches_dma near dma logic
  slub: Initialize per-cpu stats
2008-04-18 08:19:00 -07:00
Roland McGrath
18c98b6527 ptrace_signal subroutine
This breaks out the ptrace handling from get_signal_to_deliver into a
new subroutine.  The actual code there doesn't change, and it gets
inlined into nearly identical compiled code.  This makes the function
substantially shorter and thus easier to read, and it nicely isolates
the ptrace magic.

Signed-off-by: Roland McGrath <roland@redhat.com>
Acked-by: Kyle McMartin <kyle@mcmartin.ca>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-18 08:17:57 -07:00
Li Zefan
0e04388f01 cgroup: fix a race condition in manipulating tsk->cg_list
When I ran a test program to fork mass processes and at the same time
'cat /cgroup/tasks', I got the following oops:

  ------------[ cut here ]------------
  kernel BUG at lib/list_debug.c:72!
  invalid opcode: 0000 [#1] SMP
  Pid: 4178, comm: a.out Not tainted (2.6.25-rc9 #72)
  ...
  Call Trace:
   [<c044a5f9>] ? cgroup_exit+0x55/0x94
   [<c0427acf>] ? do_exit+0x217/0x5ba
   [<c0427ed7>] ? do_group_exit+0.65/0x7c
   [<c0427efd>] ? sys_exit_group+0xf/0x11
   [<c0404842>] ? syscall_call+0x7/0xb
   [<c05e0000>] ? init_cyrix+0x2fa/0x479
  ...
  EIP: [<c04df671>] list_del+0x35/0x53 SS:ESP 0068:ebc7df4
  ---[ end trace caffb7332252612b ]---
  Fixing recursive fault but reboot is needed!

After digging into the code and debugging, I finlly found out a race
situation:

				do_exit()
				  ->cgroup_exit()
				    ->if (!list_empty(&tsk->cg_list))
				        list_del(&tsk->cg_list);

  cgroup_iter_start()
    ->cgroup_enable_task_cg_list()
      ->list_add(&tsk->cg_list, ..);

In this case the list won't be deleted though the process has exited.

We got two bug reports in the past, which seem to be the same bug as
this one:
	http://lkml.org/lkml/2008/3/5/332
	http://lkml.org/lkml/2007/10/17/224

Actually sometimes I got oops on list_del, sometimes oops on list_add.
And I can change my test program a bit to trigger other oops.

The patch has been tested both on x86_32 and x86_64.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Paul Menage <menage@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-18 08:17:57 -07:00
maximilian attems
5f46ce14bd security: enhance DEFAULT_MMAP_MIN_ADDR description
Got burned by setting the proposed default of 65536
across all Debian archs.

Thus proposing to be more specific on which archs you may
set this. Also propose a value for arm and friends that
doesn't break sshd.

Reword to mention working archs ia64 and ppc64 too.

Signed-off-by: maximilian attems <max@stro.at>
Cc: Martin Michlmayr <tbm@cyrius.com>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:18 +10:00
James Morris
27cc2a6e57 SELinux: add netport.[ch]
Thank you, git.

Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:17 +10:00
Paul Moore
3e11217263 SELinux: Add network port SID cache
Much like we added a network node cache, this patch adds a network port
cache. The design is taken almost completely from the network node cache
which in turn was taken from the network interface cache.  The basic idea is
to cache entries in a hash table based on protocol/port information.  The
hash function only takes the port number into account since the number of
different protocols in use at any one time is expected to be relatively
small.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:16 +10:00
Eric Paris
832cbd9aa1 SELinux: turn mount options strings into defines
Convert the strings used for mount options into #defines rather than
retyping the string throughout the SELinux code.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:13 +10:00
Adrian Bunk
0e55a004b5 selinux/ss/services.c should #include <linux/selinux.h>
Every file should include the headers containing the externs for its global
code.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:12 +10:00
Eric Paris
64dbf07474 selinux: introduce permissive types
Introduce the concept of a permissive type.  A new ebitmap is introduced to
the policy database which indicates if a given type has the permissive bit
set or not.  This bit is tested for the scontext of any denial.  The bit is
meaningless on types which only appear as the target of a decision and never
the source.  A domain running with a permissive type will be allowed to
perform any action similarly to when the system is globally set permissive.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:11 +10:00
Roland McGrath
0356357c51 selinux: remove ptrace_sid
This changes checks related to ptrace to get rid of the ptrace_sid tracking.
It's good to disentangle the security model from the ptrace implementation
internals.  It's sufficient to check against the SID of the ptracer at the
time a tracee attempts a transition.

Signed-off-by: Roland McGrath <roland@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:10 +10:00
Eric Paris
eda4f69ca5 SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()
This patch turns the case where we have a call into avc_has_perm with no
requested permissions into a BUG_ON.  All callers to this should be in
the kernel and thus should be a function we need to fix if we ever hit
this.  The /selinux/access permission checking it done directly in the
security server and not through the avc, so those requests which we
cannot control from userspace should not be able to trigger this BUG_ON.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:09 +10:00
Andrew Morton
f0115e6c89 security: code cleanup
ERROR: "(foo*)" should be "(foo *)"
#168: FILE: security/selinux/hooks.c:2656:
+		       "%s, rc=%d\n", __func__, (char*)value, -rc);

total: 1 errors, 0 warnings, 195 lines checked

./patches/security-replace-remaining-__function__-occurences.patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Harvey Harrison <harvey.harrison@gmail.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:08 +10:00
Harvey Harrison
dd6f953adb security: replace remaining __FUNCTION__ occurrences
__FUNCTION__ is gcc-specific, use __func__

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:07 +10:00
Eric Paris
b0c636b999 SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file.  The idea
is that opening a file and reading/writing to that file are not the same
thing.  Its different if a program had its stdout redirected to /tmp/output
than if the program tried to directly open /tmp/output. This should allow
policy writers to more liberally give read/write permissions across the
policy while still blocking many design and programing flaws SELinux is so
good at catching today.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:06 +10:00
Adrian Bunk
d4ee4231a3 selinux: selinux/netlabel.c should #include "netlabel.h"
Every file should include the headers containing the externs for its
global code.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:06 +10:00
James Morris
454d972c24 SELinux: unify printk messages
Replace "security:" prefixes in printk messages with "SELinux"
to help users identify the source of the messages.  Also fix a
couple of minor formatting issues.

Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:05 +10:00
James Morris
98e9894650 SELinux: remove unused backpointers from security objects
Remove unused backpoiters from security objects.

Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:04 +10:00
Paul Moore
f74af6e816 SELinux: Correct the NetLabel locking for the sk_security_struct
The RCU/spinlock locking approach for the nlbl_state in the sk_security_struct
was almost certainly overkill.  This patch removes both the RCU and spinlock
locking, relying on the existing socket locks to handle the case of multiple
writers.  This change also makes several code reductions possible.

Less locking, less code - it's a Good Thing.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:03 +10:00
David S. Miller
3c051235a7 [IPV6]: Fix dangling references on error in fib6_add().
Fixes bugzilla #8895

If a super-tree leaf has 'rt' assigned to it and we
get an error from fib6_add_rt2node(), we'll leave
a reference to 'rt' in pn->leaf and then do an
unconditional dst_free().

We should prune such references.

Based upon a report by Vincent Perrier.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-18 01:46:19 -07:00
Roel Kluin
62be1f7167 [GFS2] fix assertion in log_refund()
since unsigned, unused >= 0 is always true.

Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2008-04-18 08:36:09 +01:00
David S. Miller
1e42198609 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2008-04-17 23:56:30 -07:00
Jesper Juhl
794eb6bf20 [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found
dev_get_by_index() may return NULL if nothing is found. In 
net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the 
function is called, but the return value is never checked. If it returns 
NULL then we'll deref a NULL pointer on the very next line.
I checked the callers, and I don't think this can actually happen today, 
but code changes over time and in the future it might happen and it does 
no harm to be defensive and check for the failure, so that if/when it 
happens we'll fail gracefully instead of crashing.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-17 23:22:54 -07:00
Patrick McHardy
f5ba2d3217 [PKT_SCHED]: Fix datalen check in tcf_simp_init().
datalen is unsigned so it can never be less than zero,
but that's ok because the attribute passed to nla_len()
has been validated and therefore a negative return
value is impossible.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-17 23:19:55 -07:00
Pavel Emelyanov
53083773dc [INET]: Uninline the __inet_inherit_port call.
This deblats ~200 bytes when ipv6 and dccp are 'y'.

Besides, this will ease compilation issues for patches
I'm working on to make inet hash tables more scalable 
wrt net namespaces.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-17 23:18:15 -07:00
Pavel Emelyanov
e56d8b8a2e [INET]: Drop the inet_inherit_port() call.
As I can see from the code, two places (tcp_v6_syn_recv_sock and
dccp_v6_request_recv_sock) that call this one already run with
BHs disabled, so it's safe to call __inet_inherit_port there.

Besides (in case I missed smth with code review) the calltrace
tcp_v6_syn_recv_sock
 `- tcp_v4_syn_recv_sock
     `- __inet_inherit_port
and the similar for DCCP are valid, but assumes BHs to be disabled.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-17 23:17:34 -07:00