- 04 Jan, 2005 40 commits
-
-
Neil Brown authored
Trim a couple redundant comments, minor whitespace cleanup. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
We need to handle nfserr_dropit as a special case here, since we don't want to return it in the rdattr_error attribute. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Replace series of if's by a switch, remove (now unnecessary) label "out". Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Minor simplification of error handling in encode_dirent. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Move code to encode the special rdattr_error attribute to nfsd4_encode_rdattr_error(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Make nfsd4_encode_dirent_fattr() slightly more concise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Move readdir attribute encoding to nfsd4_encode_dirent_fattr(), remove the (no-longer used) error label. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
The local variables bmval0 and bmval1 turn out not to really help much. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Remove unused assignment Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
No sensible client is ever going to request only the RDATTR_ERROR attribute, so there's no point optimizing for that case. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Return the special NFSv4 pseudo filesystem fsid (0/0) in a GETATTR on an NFSv4 pseudo filesystem node. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
We were reporting mounted_on fileid instead of fileid in readdir responses. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Just noticed while fixing some other sparse-related stuff. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Fix open downgrade decode error. Signed-off-by: Andy Adamson <andros@umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Call a helper function from svcauth_unix_accept() and svcauth_null_accept() instead of duplicating code. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
Fix some discrepencies between the server-side auth_null and auth_unix rpc code: in particular, make sure we return an auth error in the auth_null case instead of dropping when we fail to match an export entry, and make sure such responses are encoded correctly. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Neil Brown authored
-EAGAIN has a special treatment in the nfsd code since it's used to indicate that an upcall has been initiated and that a request should be dropped pending the upcall result. But when the break_lease functions return -EWOULDBLOCK (==-EAGAIN on most architectures), we actually prefer to return nfserr_jukebox. So translate -EAGAIN returns to -ETIMEDOUT (which will be translated to nfserr_jukebox). Undo the mapping of -EWOULDBLOCK to nfserr_jukebox, since on most architectures that has the undesireable effect of mapping -EAGAIN to nfserr_jukebox. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Pekka Enberg authored
This patch has the following cleanups to oprofile: - Remove spurious casts - vfree() accepts NULL pointers so remove redundant test - The parameter for __free_cpu_buffer() is not used so merge the function with free_cpu_buffer() Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile sparc64 arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile sh arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile s390 arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile parisc arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile ppc64 arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile arm arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile alpha arch updates, including some internal API changes. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile ia64 arch updates, including some internal API changes and support for stack trace sampling. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Keith Owens <kaos@melbourne.sgi.com> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile i386 arch updates, including some internal API changes and support for stack trace sampling. (akpm: I added a nasty hack to fix the x86_64 build. However the feature is untested on x86_64 and probably doesn't work yet). Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
Allow stack tracing to work when sampling on timer is forced using the timer=1 boot option. Reported by Akinobu Mita. Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
oprofile arch-independent updates, including some internal API changes and support for stack trace sampling. Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Greg Banks authored
Add check_user_page_readable() for kernel modules which need to follow user space addresses but can't use get_user(). Signed-off-by: John Levon <levon@movementarian.org> Signed-off-by: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch rewrites the SELinux next_entry() function and all callers to copy entry data from the binary policy into properly aligned buffers, eliminating unaligned accesses. This patch is in response to a bug report from Prarit Bhargava for SELinux and ia64, and he has confirmed that this patch eliminates the unaligned access warnings. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch adds a member node to selinuxfs to export the security_member_sid interface to userspace for obtaining security polyinstantiation decisions. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch adds new permission checks to the SELinux mmap and mprotect hooks to enable control over the ability to make executable a mapping that can contain data not covered by the existing file-based permission checks. The task->self execmem permission controls the ability to create an executable anonymous mapping or a writable executable private file mapping. The task->file execmod permission controls the ability to make executable a previously written private file mapping, e.g. for text relocations. Thanks to Roland McGrath for input and feedback on earlier versions of this patch. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch for adds dynamic context transition support to SELinux via writes to the existing /proc/pid/attr/current interface. Previously, SELinux only supported exec-based context transitions. This functionality allows privileged applications to apply privilege bracketing without necessarily being refactored to an exec-based model (although such a model has advantages in least privilege and isolation). A process must have setcurrent permission to use this mechanism at all, and the dyntransition permission must be granted between the old and new security contexts. Multi-threaded processes are not allowed to use this operation, as it will yield an inconsistency among the security contexts of the threads sharing the same mm. Ptrace permission is revalidated against the new context if the process is being ptraced. Author: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch ensures that the comm is included in the audit message if avc_audit is unable to determine the exe due to the mmap_sem being held. This is helpful in tracking down the causes of permission denials that occur in the mmap/mprotect hooks. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch updates the selinux_task_setscheduler hook function to use the standard helper for task permission checks since it is now safe to audit from this hook (due to the upstream change to setscheduler() to not hold the runqueue lock during the security hook call). Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stephen D. Smalley authored
This patch regenerates the SELinux module headers to use a new format and updates their use by the AVC. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
James Morris authored
This patch adds an selinuxfs based API to the AVC, to allow monitoring of the cache, and tuning of the cache size. The latter is mediated via the new setsecparam permission. AVC statistics may be monitored via the avcstat utility: http://people.redhat.com/jmorris/selinux/perf/avcstat.cSigned-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
James Morris authored
Atomic underflow debugging in this kernel exposed a bug in the AVC RCU code, fix below. The effect of this bug would be delayed node reclamation. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
James Morris authored
The following patch improves the scalability of SELinux by replacing the global avc_lock with an RCU based scheme by Kaigai Kohei. The size of the cache is made tunable, to allow administrators to tune systems for different workloads, while statistics are exported via selinuxfs to allow AVC performance to be monitored at a low level. AVC nodes are also allocated now via a slab cache, and AVC references have been removed from the code. This code has been extensively tested and benchmarked (see benchmark results below). Baseline performance is not improved, although it is clear that dramatic scalability improvements are achieved. Baseline performance and networking scalability are areas where work is ongoing (in particular, we need to add caching of some network security objects so that we don't fallback to policy database lookups on each permission call). Benchmark results: =============================================================================================== System: 4 node 16-way IA64 NUMA - 'Stream' is based on http://www.cs.virginia.edu/stream/ , HPC memory bandwidth test, higher result is better. - Hackbench: scheduler scalability benchmark by Rusty, lower is better. Standard kernel: 2.6.9-1.648_EL SELINUX=0 : Stream 6159.987MB/s HackBench 53.144 2.6.9-1.648_EL SELINUX=1 : Stream 5872.529MB/s HackBench 1043.132 Kernel with RCU/AVC patches: 2.6.9-1.689_avcrcu.root SELINUX=0 : Stream 8829.647MB/s HackBench 53.976 2.6.9-1.689_avcrcu.root SELINUX=1 : Stream 8817.117MB/s HackBench 50.975 =============================================================================================== System: 8-way PIII 900Mhz Xeon with 9GB RAM Fileystem: ext2 for all testing. Notes: AVC was reset before tests, so avc was flushed. System was run in enforcing mode. Key: std-nolsm: standard kernel with LSM disabled std-lsmcap: standard kernel with LSM enabled, capabilities LSM std-sel-strict: standard kernel with SELinux enabled, capabilities secondary LSM rcu-sel-strict: as above with RCU & AVC stats patches
-