trivial: fix where cgroup documentation is not correctly referred to
cgroup documentation was moved to Documentation/cgroups/. There are some
places that still refer to Documentation/controllers/,
Documentation/cgroups.txt and Documentation/cpusets.txt. Fix those.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Reviewed-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Paul Menage <menage@google.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Linus Torvalds [Sun, 29 Mar 2009 20:05:41 +0000 (13:05 -0700)]
Merge branch 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip
* 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
bzip2/lzma: don't ask for compression mode for the default initramfs
bzip2/lzma: consistently capitalize LZMA in Kconfig
bzip2/lzma: clarify the meaning of the CONFIG_RD_ options
bzip2/lzma: move CONFIG_RD_* options under CONFIG_EMBEDDED
Ralf Baechle [Sun, 29 Mar 2009 10:59:50 +0000 (12:59 +0200)]
Fix build error in <linux/irq.h>
<linux/irq.h> relies on <linux/gfp.h> and <linux/topology.h> having been
included previous. If not, the errors like below will result.
CC arch/mips/mti-malta/malta-int.o
In file included from arch/mips/mti-malta/malta-int.c:25:
include/linux/irq.h: In function ‘init_alloc_desc_masks’:
include/linux/irq.h:444: error: implicit declaration of function ‘cpu_to_node’
include/linux/irq.h:446: error: ‘GFP_ATOMIC’ undeclared (first use in this function)
include/linux/irq.h:446: error: (Each undeclared identifier is reported only once
include/linux/irq.h:446: error: for each function it appears in.)
make[3]: *** [arch/mips/mti-malta/malta-int.o] Error 1
make[2]: *** [arch/mips/mti-malta] Error 2
make[1]: *** [sub-make] Error 2
Linus Torvalds [Sun, 29 Mar 2009 00:32:14 +0000 (17:32 -0700)]
Merge branch 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: remove the pointer math from double_unlock_hb, fix
futex: remove the pointer math from double_unlock_hb
futex: clean up fault logic
futex: unlock before returning -EFAULT
futex: use current->time_slack_ns for rt tasks too
futex: add double_unlock_hb()
futex: additional (get|put)_futex_key() fixes
futex: update futex commentary
Linus Torvalds [Sun, 29 Mar 2009 00:30:42 +0000 (17:30 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
smack: Add a new '-CIPSO' option to the network address label configuration
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
lsm: Remove the socket_post_accept() hook
selinux: Remove the "compat_net" compatibility code
netlabel: Label incoming TCP connections correctly in SELinux
lsm: Relocate the IPv4 security_inet_conn_request() hooks
TOMOYO: Fix a typo.
smack: convert smack to standard linux lists
Annotate struct fs_struct's usage count to indicate the restrictions upon it.
It may not be incremented, except by clone(CLONE_FS), as this affects the
check in check_unsafe_exec() in fs/exec.c.
Hugh Dickins [Sat, 28 Mar 2009 23:21:27 +0000 (23:21 +0000)]
fix setuid sometimes wouldn't
check_unsafe_exec() also notes whether the fs_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient
use of get_fs_struct(), which also raises that sharing count.
This might occasionally cause a setuid program not to change euid,
in the same way as happened with files->count (check_unsafe_exec
also looks at sighand->count, but /proc doesn't raise that one).
We'd prefer exec not to unshare fs_struct: so fix this in procfs,
replacing get_fs_struct() by get_fs_path(), which does path_get
while still holding task_lock, instead of raising fs->count.
Hugh Dickins [Sat, 28 Mar 2009 23:20:19 +0000 (23:20 +0000)]
fix setuid sometimes doesn't
Joe Malicki reports that setuid sometimes doesn't: very rarely,
a setuid root program does not get root euid; and, by the way,
they have a health check running lsof every few minutes.
Right, check_unsafe_exec() notes whether the files_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient
use of get_files_struct(), which also raises that sharing count.
There's a rather simple fix for this: exec's check on files->count
has been redundant ever since 2.6.1 made it unshare_files() (except
while compat_do_execve() omitted to do so) - just remove that check.
[Note to -stable: this patch will not apply before 2.6.29: earlier
releases should just remove the files->count line from unsafe_exec().]
Reported-by: Joe Malicki <jmalicki@metacarta.com> Narrowed-down-by: Michael Itz <mitz@metacarta.com> Tested-by: Joe Malicki <jmalicki@metacarta.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Sat, 28 Mar 2009 23:16:03 +0000 (23:16 +0000)]
compat_do_execve should unshare_files
2.6.26's commit fd8328be874f4190a811c58cd4778ec2c74d2c05
"sanitize handling of shared descriptor tables in failing execve()"
moved the unshare_files() from flush_old_exec() and several binfmts
to the head of do_execve(); but forgot to make the same change to
compat_do_execve(), leaving a CLONE_FILES files_struct shared across
exec from a 32-bit process on a 64-bit kernel.
It's arguable whether the files_struct really ought to be unshared
across exec; but 2.6.1 made that so to stop the loading binary's fd
leaking into other threads, and a 32-bit process on a 64-bit kernel
ought to behave in the same way as 32 on 32 and 64 on 64.
H. Peter Anvin [Sun, 29 Mar 2009 00:24:03 +0000 (17:24 -0700)]
bzip2/lzma: don't ask for compression mode for the default initramfs
Impact: Kconfig noise reduction, documentation
The default initramfs is so small that it makes no sense to worry
about the additional memory taken by not double-compressing it.
Therefore, don't bug the user with it.
Also, improve the description of the option, which was downright
incorrect.
H. Peter Anvin [Sat, 28 Mar 2009 22:49:08 +0000 (15:49 -0700)]
bzip2/lzma: move CONFIG_RD_* options under CONFIG_EMBEDDED
Impact: reduce Kconfig noise
Move the options that control possible initramfs/initrd compressions
underneath CONFIG_EMBEDDED. The only impact of leaving these options
set to y is additional code in the init section of the kernel; there
is no reason to burden non-embedded users with these options.
Linus Torvalds [Sat, 28 Mar 2009 21:04:53 +0000 (14:04 -0700)]
Merge branch 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c-core: Some style cleanups
i2c-piix4: Add support for the Broadcom HT1100 chipset
i2c-piix4: Add support to SB800 SMBus changes
i2c-pca-platform: Use defaults if no platform_data given
i2c-algo-pca: Use timeout for checking the state machine
i2c-algo-pca: Rework waiting for a free bus
i2c-algo-pca: Add PCA9665 support
i2c: Adapt debug macros for KERN_* constants
i2c-davinci: Fix timeout handling
i2c: Adapter timeout is in jiffies
i2c: Set a default timeout value for all adapters
i2c: Add missing KERN_* constants to printks
i2c-algo-pcf: Handle timeout correctly
i2c-algo-pcf: Style cleanups
eeprom/at24: Remove EXPERIMENTAL
i2c-nforce2: Add support for MCP67, MCP73, MCP78S and MCP79
i2c: Clarify which clients are auto-removed
i2c: Let checkpatch shout on users of the legacy model
i2c: Document the different ways to instantiate i2c devices
Linus Torvalds [Sat, 28 Mar 2009 21:03:14 +0000 (14:03 -0700)]
Merge branch 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm: (422 commits)
[ARM] 5435/1: fix compile warning in sanity_check_meminfo()
[ARM] 5434/1: ARM: OMAP: Fix mailbox compile for 24xx
[ARM] pxa: fix the bad assumption that PCMCIA sockets always start with 0
[ARM] pxa: fix Colibri PXA300 and PXA320 LCD backlight pins
imxfb: Fix TFT mode
i.MX21/27: remove ifdef CONFIG_FB_IMX
imxfb: add clock support
mxc: add arch_reset() function
clkdev: add possibility to get a clock based on the device name
i.MX1: remove fb support from mach-imx
[ARM] pxa: build arch/arm/plat-pxa/mfp.c only when PXA3xx or ARCH_MMP defined
Gemini: Add support for Teltonika RUT100
Gemini: gpiolib based GPIO support v2
MAINTAINERS: add myself as Gemini architecture maintainer
ARM: Add Gemini architecture v3
[ARM] OMAP: Fix compile for omap2_init_common_hw()
MAINTAINERS: Add myself as Faraday ARM core variant maintainer
ARM: Add support for FA526 v2
[ARM] acorn,ebsa110,footbridge,integrator,sa1100: Convert asm/io.h to linux/io.h
[ARM] collie: fix two minor formatting nits
...
* git://git.kernel.org/pub/scm/linux/kernel/git/arjan/linux-2.6-async-for-30:
fastboot: remove duplicate unpack_to_rootfs()
ide/net: flip the order of SATA and network init
async: remove the temporary (2.6.29) "async is off by default" code
Linus Torvalds [Sat, 28 Mar 2009 20:55:49 +0000 (13:55 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6:
Blackfin arch: be less noisy when gets a gpio conflict after kernel has booted
Blackfin arch: add RSI's definitions to bf514 and bf516
Blackfin arch: add link-time asserts to make sure on-chip regions dont overflow
Blackfin arch: sport spi needs 6 gpio pins
Blackfin arch: add sport-spi related resource stuff to board file
Blackfin arch: Blacklist Hibernate (PM_SUSPEND_MEM) on BF561 as well
Blackfin arch: Privide BF537-STAMP platform data of ADP5520 Multifunction driver
Blackfin arch: enable the platfrom PATA driver with CF Cards
Blackfin arch: clean up sports header file
Blackfin arch: convert BF5{18,27,48}_FAMILY to CONFIG_BF{51,52,54}x
Blackfin arch: bf51x processors also have 8 timers
Blackfin arch: add a check to make sure only Blackfin GPIOs may generate IRQs
Blackfin arch: update default kernel configuration
Blackfin arch: include linux headers that this one uses definitions from fro sport drivers
Linus Torvalds [Sat, 28 Mar 2009 20:40:20 +0000 (13:40 -0700)]
Merge branch 'percpu-cpumask-x86-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'percpu-cpumask-x86-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (682 commits)
percpu: fix spurious alignment WARN in legacy SMP percpu allocator
percpu: generalize embedding first chunk setup helper
percpu: more flexibility for @dyn_size of pcpu_setup_first_chunk()
percpu: make x86 addr <-> pcpu ptr conversion macros generic
linker script: define __per_cpu_load on all SMP capable archs
x86: UV: remove uv_flush_tlb_others() WARN_ON
percpu: finer grained locking to break deadlock and allow atomic free
percpu: move fully free chunk reclamation into a work
percpu: move chunk area map extension out of area allocation
percpu: replace pcpu_realloc() with pcpu_mem_alloc() and pcpu_mem_free()
x86, percpu: setup reserved percpu area for x86_64
percpu, module: implement reserved allocation and use it for module percpu variables
percpu: add an indirection ptr for chunk page map access
x86: make embedding percpu allocator return excessive free space
percpu: use negative for auto for pcpu_setup_first_chunk() arguments
percpu: improve first chunk initial area map handling
percpu: cosmetic renames in pcpu_setup_first_chunk()
percpu: clean up percpu constants
x86: un-__init fill_pud/pmd/pte
x86: remove vestigial fix_ioremap prototypes
...
Manually merge conflicts in arch/ia64/kernel/irq_ia64.c
Shane Huang [Sat, 28 Mar 2009 20:34:46 +0000 (21:34 +0100)]
i2c-piix4: Add support to SB800 SMBus changes
Add support for the AMD SB800 Family series of products.
Major changes include the changes to addressing the SMBus registers at different
location from the locations in the previous compatible parts from AMD such as
SB400/SB600/SB700. For SB800, the main features and register definitions of
SMBus and other interfaces are still compatible with the previous products with
the only change being in how to access the internal registers for these blocks.
Signed-off-by: Shane Huang <shane.huang@amd.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
Wolfram Sang [Sat, 28 Mar 2009 20:34:45 +0000 (21:34 +0100)]
i2c-algo-pca: Use timeout for checking the state machine
We now timeout also if the state machine does not change within the
given time. For that, the driver-specific completion-functions are
extended to return true or false depending on the timeout. This then
gets checked in the algorithm.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Signed-off-by: Jean Delvare <khali@linux-fr.org>
Frank Seidel [Sat, 28 Mar 2009 20:34:44 +0000 (21:34 +0100)]
i2c: Adapt debug macros for KERN_* constants
According to kerneljanitors todo list all printk calls (beginning
a new line) should have an according KERN_* constant.
Those are the changes to the debug macros in the i2c subsystem
to meet this requirement. Also changing no-debug statements
to raw printks again.
Signed-off-by: Frank Seidel <frank@f-seidel.de> Signed-off-by: Jean Delvare <khali@linux-fr.org> Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Jean Delvare [Sat, 28 Mar 2009 20:34:43 +0000 (21:34 +0100)]
i2c: Adapter timeout is in jiffies
i2c_adapter.timeout is in jiffies. Fix all drivers which thought
otherwise. It didn't really matter as long as the value was only used
inside the driver, but soon i2c-core will use it too so it must have
the proper unit.
Note: for the i2c-mpc driver, this fixes a bug in polling mode.
Timeout would trigger after 1 jiffy, which is most probably not what
the author wanted.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Clifford Wolf <clifford@clifford.at> Acked-by: Sean MacLennan <smaclennan@pikatech.com> Cc: Stefan Roese <sr@denx.de> Acked-by: Lennert Buytenhek <kernel@wantstofly.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Grant Likely <grant.likely@secretlab.ca> Acked-by: Mark A. Greer <mgreer@mvista.com>
Jean Delvare [Sat, 28 Mar 2009 20:34:43 +0000 (21:34 +0100)]
i2c: Set a default timeout value for all adapters
Setting a default timeout value on a per-algo basis doesn't make any
sense. Move the default value setting to i2c-core. Individual adapter
drivers can specify a different (non-zero) value if they wish.
Also express the timeout value in a way which results in the same
duration regarless of the value of HZ.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Frank Seidel [Sat, 28 Mar 2009 20:34:42 +0000 (21:34 +0100)]
i2c: Add missing KERN_* constants to printks
According to kerneljanitors todo list all printk calls (beginning
a new line) should have an according KERN_* constant.
Those are the missing pieces here for the i2c subsystem.
Signed-off-by: Frank Seidel <frank@f-seidel.de> Signed-off-by: Jean Delvare <khali@linux-fr.org>
Roel Kluin [Sat, 28 Mar 2009 20:34:42 +0000 (21:34 +0100)]
i2c-algo-pcf: Handle timeout correctly
With a postfix decrement these timeouts reach -1 rather than 0, but after the
loop it is tested whether they have become 0.
As pointed out by Jean Delvare, the msg_num should be tested before the timeout.
With the current order, you could exit with a timeout error while all the
messages were successfully transferred.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Eric Brower <ebrower@gmail.com>
Jean Delvare [Sat, 28 Mar 2009 20:34:41 +0000 (21:34 +0100)]
i2c-nforce2: Add support for MCP67, MCP73, MCP78S and MCP79
The MCP78S and MCP79 appear to be compatible with the previous nForce
chips as far as the SMBus controller is concerned. The MCP67 and MCP73
were not tested yet but I'd be very surprised if they weren't
compatible too.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Oleg Ryjkov <olegr@olegr.ca> Cc: Malcolm Lalkaka <mlalkaka@gmail.com> Cc: Zbigniew Luszpinski <zbiggy@o2.pl>
Jean Delvare [Sat, 28 Mar 2009 20:34:40 +0000 (21:34 +0100)]
i2c: Clarify which clients are auto-removed
The automatic removal of i2c clients only affects the clients which
were created automatically in the first place. Add a comment saying
that to avoid any confusion.
Jean Delvare [Sat, 28 Mar 2009 20:34:40 +0000 (21:34 +0100)]
i2c: Document the different ways to instantiate i2c devices
On popular demand, here comes some documentation about how to
instantiate i2c devices in the new (standard) i2c device driver
binding model.
I have also clarified how the class bitfield lets driver authors
control which buses are probed in the auto-detect case, and warned
more loudly against the abuse of this method.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Michael Lawnick <nospam_lawnick@gmx.de> Acked-by: Hans Verkuil <hverkuil@xs4all.nl>
[ARM] 5435/1: fix compile warning in sanity_check_meminfo()
Compiling recent 2.6.29-rc kernels for ARM gives me the following warning:
arch/arm/mm/mmu.c: In function 'sanity_check_meminfo':
arch/arm/mm/mmu.c:697: warning: comparison between pointer and integer
This is because commit 3fd9825c42c784a59b3b90bdf073f49d4bb42a8d
"[ARM] 5402/1: fix a case of wrap-around in sanity_check_meminfo()"
in 2.6.29-rc5-git4 added a comparison of a pointer with PAGE_OFFSET,
which is an integer.
Fixed by casting PAGE_OFFSET to void *.
Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Acked-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Li, Shaohua [Wed, 13 Aug 2008 09:26:01 +0000 (17:26 +0800)]
fastboot: remove duplicate unpack_to_rootfs()
we check if initrd is initramfs first and then do the real unpack. The check
isn't required, we can directly do unpack. If the initrd isn't an
initramfs, we can remove the garbage. In my laptop, this saves 0.1s boot
time.
This patch penalizes non-initramfs initrd case, but nowadays, initramfs is
the most widely used method for initrds.
Signed-off-by: Shaohua Li <shaohua.li@intel.com> Acked-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Arjan van de Ven [Tue, 27 Jan 2009 02:58:11 +0000 (18:58 -0800)]
ide/net: flip the order of SATA and network init
this patch flips the order in which sata and network drivers are initialized.
SATA probing takes quite a bit of time, and with the asynchronous infrastructure
other drivers that run after it can execute in parallel. Network drivers do tend
to take some real time talking to the hardware, so running these later is
a good thing (the sata probe then runs concurrent)
This saves about 15% of my kernels boot time.
Both Dave and Jeff acked this patch and suggested it should go via the async
tree.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: David S. Miller <davem@davemloft.net> Acked-by: Jeff Garzik <jeff@garzik.org>
Arjan van de Ven [Sun, 15 Mar 2009 18:11:44 +0000 (11:11 -0700)]
async: remove the temporary (2.6.29) "async is off by default" code
Now that everyone has been able to test the async code (and it's being used
in the Moblin betas by default), we can enable it by default.
The various fixes needed have gone into 2.6.29 already.
[With an important bugfix from Stefan Richter]
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Etienne Basset [Fri, 27 Mar 2009 21:11:01 +0000 (17:11 -0400)]
smack: Add a new '-CIPSO' option to the network address label configuration
This patch adds a new special option '-CIPSO' to the Smack subsystem. When used
in the netlabel list, it means "use CIPSO networking". A use case is when your
local network speaks CIPSO and you want also to connect to the unlabeled
Internet. This patch also add some documentation describing that. The patch
also corrects an oops when setting a '' SMACK64 xattr to a file.
Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 27 Mar 2009 21:10:54 +0000 (17:10 -0400)]
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The
largest changes are to fix the labeling of incoming TCP connections in a
manner similar to the recent SELinux changes which use the
security_inet_conn_request() hook to label the request_sock and let the label
move to the child socket via the normal network stack mechanisms. In addition
to the incoming TCP connection fixes this patch also removes the smk_labled
field from the socket_smack struct as the minor optimization advantage was
outweighed by the difficulty in maintaining it's proper state.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 27 Mar 2009 21:10:48 +0000 (17:10 -0400)]
lsm: Remove the socket_post_accept() hook
The socket_post_accept() hook is not currently used by any in-tree modules
and its existence continues to cause problems by confusing people about
what can be safely accomplished using this hook. If a legitimate need for
this hook arises in the future it can always be reintroduced.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 27 Mar 2009 21:10:41 +0000 (17:10 -0400)]
selinux: Remove the "compat_net" compatibility code
The SELinux "compat_net" is marked as deprecated, the time has come to
finally remove it from the kernel. Further code simplifications are
likely in the future, but this patch was intended to be a simple,
straight-up removal of the compat_net code.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 27 Mar 2009 21:10:34 +0000 (17:10 -0400)]
netlabel: Label incoming TCP connections correctly in SELinux
The current NetLabel/SELinux behavior for incoming TCP connections works but
only through a series of happy coincidences that rely on the limited nature of
standard CIPSO (only able to convey MLS attributes) and the write equality
imposed by the SELinux MLS constraints. The problem is that network sockets
created as the result of an incoming TCP connection were not on-the-wire
labeled based on the security attributes of the parent socket but rather based
on the wire label of the remote peer. The issue had to do with how IP options
were managed as part of the network stack and where the LSM hooks were in
relation to the code which set the IP options on these newly created child
sockets. While NetLabel/SELinux did correctly set the socket's on-the-wire
label it was promptly cleared by the network stack and reset based on the IP
options of the remote peer.
This patch, in conjunction with a prior patch that adjusted the LSM hook
locations, works to set the correct on-the-wire label format for new incoming
connections through the security_inet_conn_request() hook. Besides the
correct behavior there are many advantages to this change, the most significant
is that all of the NetLabel socket labeling code in SELinux now lives in hooks
which can return error codes to the core stack which allows us to finally get
ride of the selinux_netlbl_inode_permission() logic which greatly simplfies
the NetLabel/SELinux glue code. In the process of developing this patch I
also ran into a small handful of AF_INET6 cleanliness issues that have been
fixed which should make the code safer and easier to extend in the future.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 27 Mar 2009 21:10:28 +0000 (17:10 -0400)]
lsm: Relocate the IPv4 security_inet_conn_request() hooks
The current placement of the security_inet_conn_request() hooks do not allow
individual LSMs to override the IP options of the connection's request_sock.
This is a problem as both SELinux and Smack have the ability to use labeled
networking protocols which make use of IP options to carry security attributes
and the inability to set the IP options at the start of the TCP handshake is
problematic.
This patch moves the IPv4 security_inet_conn_request() hooks past the code
where the request_sock's IP options are set/reset so that the LSM can safely
manipulate the IP options as needed. This patch intentionally does not change
the related IPv6 hooks as IPv6 based labeling protocols which use IPv6 options
are not currently implemented, once they are we will have a better idea of
the correct placement for the IPv6 hooks.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: James Morris <jmorris@namei.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (166 commits)
Revert "ax25: zero length frame filtering in AX25"
Revert "netrom: zero length frame filtering in NetRom"
cfg80211: default CONFIG_WIRELESS_OLD_REGULATORY to n
mac80211/iwlwifi: move virtual A-MDPU queue bookkeeping to iwlwifi
mac80211: fix aggregation to not require queue stop
mac80211: add skb length sanity checking
mac80211: unify and fix TX aggregation start
mac80211: clean up __ieee80211_tx args
mac80211: rework the pending packets code
mac80211: fix A-MPDU queue assignment
mac80211: rewrite fragmentation
iwlwifi: show current driver status in user readable format
b43: Add BCM4307 PCI-ID
cfg80211: fix locking in nl80211_set_wiphy
mac80211: fix RX path
ath5k: properly drop packets from ops->tx
ar9170: single module build
ath9k: fix dma mapping leak of rx buffer upon rmmod
rt2x00: New USB ID for rt73usb
ath5k: warn and correct rate for unknown hw rate indexes
...
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: We need to use compat_sys_ustat() as well.
sparc64: Fix MM refcount check in smp_flush_tlb_pending().