- 01 May, 2006 13 commits
-
-
Steve Grubb authored
1) The audit_ipc_perms() function has been split into two different functions: - audit_ipc_obj() - audit_ipc_set_perm() There's a key shift here... The audit_ipc_obj() collects the uid, gid, mode, and SElinux context label of the current ipc object. This audit_ipc_obj() hook is now found in several places. Most notably, it is hooked in ipcperms(), which is called in various places around the ipc code permforming a MAC check. Additionally there are several places where *checkid() is used to validate that an operation is being performed on a valid object while not necessarily having a nearby ipcperms() call. In these locations, audit_ipc_obj() is called to ensure that the information is captured by the audit system. The audit_set_new_perm() function is called any time the permissions on the ipc object changes. In this case, the NEW permissions are recorded (and note that an audit_ipc_obj() call exists just a few lines before each instance). 2) Support for an AUDIT_IPC_SET_PERM audit message type. This allows for separate auxiliary audit records for normal operations on an IPC object and permissions changes. Note that the same struct audit_aux_data_ipcctl is used and populated, however there are separate audit_log_format statements based on the type of the message. Finally, the AUDIT_IPC block of code in audit_free_aux() was extended to handle aux messages of this new type. No more mem leaks I hope ;-) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Steve Grubb authored
Hi, The patch below builds upon the patch sent earlier and adds subject label to all audit events generated via the netlink interface. It also cleans up a few other minor things. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Steve Grubb authored
The below patch should be applied after the inode and ipc sid patches. This patch is a reworking of Tim's patch that has been updated to match the inode and ipc patches since its similar. [updated: > Stephen Smalley also wanted to change a variable from isec to tsec in the > user sid patch. ] Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Steve Grubb authored
Hi, The patch below converts IPC auditing to collect sid's and convert to context string only if it needs to output an audit record. This patch depends on the inode audit change patch already being applied. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Steve Grubb authored
Previously, we were gathering the context instead of the sid. Now in this patch, we gather just the sid and convert to context only if an audit event is being output. This patch brings the performance hit from 146% down to 23% Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Darrel Goeddel authored
This patch provides the ability to filter audit messages based on the elements of the process' SELinux context (user, role, type, mls sensitivity, and mls clearance). It uses the new interfaces from selinux to opaquely store information related to the selinux context and to filter based on that information. It also uses the callback mechanism provided by selinux to refresh the information when a new policy is loaded. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Darrel Goeddel authored
The following patch provides selinux interfaces that will allow the audit system to perform filtering based on the process context (user, role, type, sensitivity, and clearance). These interfaces will allow the selinux module to perform efficient matches based on lower level selinux constructs, rather than relying on context retrievals and string comparisons within the audit module. It also allows for dominance checks on the mls portion of the contexts that are impossible with only string comparisons. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
... it's always current, and that's a good thing - allows simpler locking. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
now we can do that - all callers are process-synchronous and do not hold any locks. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Steve Grubb authored
On Thursday 23 March 2006 09:08, John D. Ramsdell wrote: > I noticed that a socketcall(bind) and socketcall(connect) event contain a > record of type=SOCKADDR, but I cannot see one for a system call event > associated with socketcall(accept). Recording the sockaddr of an accepted > socket is important for cross platform information flow analys Thanks for pointing this out. The following patch should address this. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Al Viro authored
Don't assume that audit_log_exit() et.al. are called for the context of current; pass task explictly. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
- 30 Apr, 2006 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: [PATCH] powerpc: update cell_defconfig [PATCH] spufs: Disable local interrupts for SPE hash_page calls. [PATCH] powerpc: Add cputable entry for POWER6 [PATCH] ppc32 CPM_UART: Fixed odd address translations [PATCH] ppc32: Update board-specific code of the CPM UART users [PATCH] ppc32 CPM_UART: Convert to use platform devices [PATCH] ppc32: odd fixes and improvements in ppc_sys [PATCH] powerpc: Wire up *at syscalls [PATCH] ppc32: add 440GX erratum 440_43 workaround [PATCH] powerpc: Use check_legacy_ioport() on ppc32 too. [PATCH] powerpc64: Fix loading of modules without a .toc section [PATCH] sound/ppc: snd_pmac_toonie_init should be __init powerpc/pseries: Tell firmware our capabilities on new machines [PATCH] powerpc: Fix pagetable bloat for hugepages
-
Ralf Baechle authored
Content of file au1200fb.c was duplicated. Remove. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
- 29 Apr, 2006 5 commits
-
-
Linus Torvalds authored
Let people enable the advansys driver on x86-32, even though it's broken on other architectures due to missing DMA mapping infrastructure. It's used by Jeffrey Phillips Freeman <jeffreyfreeman@syncleus.com> and possibly others. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Chuck Ebbert authored
The FXSAVE information leak patch introduced a bug in FP exception handling: it clears FP exceptions only when there are already none outstanding. Mikael Pettersson reported that causes problems with the Erlang runtime and has tested this fix. Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Acked-by: Mikael Pettersson <mikpe@it.uu.se> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Arnd Bergmann authored
reflect the changes to Kconfig since the last update. Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Arnd Bergmann authored
This patch disables and saves local interrupts during hash_page processing for SPE contexts. We have to do it explicitly in the spu_irq_class_1_bottom function. For the interrupt handlers, we get the behaviour implicitly by using SA_INTERRUPT to disable interrupts while in the handler. Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Anton Blanchard authored
Add a cputable entry for the POWER6 processor. The SIHV and SIPR bits in the mmcra have moved in POWER6, so disable support for that until oprofile is fixed. Also tell firmware that we know about POWER6. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
- 28 Apr, 2006 20 commits
-
-
shin, jacob authored
transfer_objects should only be called when all of the cpus in the node are online. CPU_DEAD notifier callback marks l3->shared to NULL. Signed-off-by: Jacob Shin <jacob.shin@amd.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Antonino A. Daplas authored
Add help text in Kconfig Signed-off-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Antonino A. Daplas authored
As reported in Bugzilla Bug 6406, resume from S3 results in a blank screen. For the IBM Thinkpad X30 using vesafb as the console driver, successful resume from S3 requires option acpi_sleep=s3_bios,s3_mode. Update documentation. I would presume that, in any hardware, using vesafb as the console driver will require as a minimum s3_mode. Signed-off-by: Antonino Daplas <adaplas@pol.net> Cc: <igor47@uchicago.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Martin Schwidefsky authored
Add sys_set_robust_list, sys_get_robust_list, sys_splice, sys_sync_file and sys_tee system calls. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Horst Hummel authored
Generate new sysfs-attribute 'uid' that contains an device specific unique identifier. This can be used to identity multiple ALIASES of the same physical device (PAV). In addition the sysfs-attributes 'vendor' (containing the manufacturer of the device) and 'alias' (identify alias or base device) is added. This is first part of PAV support in LPAR (also valid on zVM). Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Christian Borntraeger authored
Add a read_mostly section and define __read_mostly to prevent cache line pollution due to writes for mostly read variables. In addition fix the incorrect alignment of the cache_line_aligned data section. s390 has a cacheline size of 256 bytes. Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Heiko Carstens authored
In case of an instruction processing damage (IPD) machine check in kernel mode the resulting action is always to stop the kernel. This is not necessarily the best solution since a retry of the failing instruction might succeed. Add logic to retry the instruction if no more than 30 instruction processing damage checks occured in the last 5 minutes. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Gerald Schaefer authored
Print a warning with the z/VM error code if segment_load, segment_type or segment_save fail to ease the problem determination. Signed-off-by: Gerald Schaefer <geraldsc@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stefan Bader authored
Added some changes that where proposed by Andrew Morton. Added 3592 device type. Signed-off-by: Stefan Bader <shbader@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Martin Schwidefsky authored
Add support for atomic futex operations. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Christian Borntraeger authored
With CONFIG_SLAB_DEBUG=y networking over qeth doesn't work. The problem is that the qib structure embedded in the qeth_irq structure needs an alignment of 256 but kmalloc only guarantees an alignment of 8. When using SLAB debugging the alignment of qeth_irq is not sufficient for the embedded qib structure which causes all users of qdio (qeth and zfcp) to stop working. Allocate qeth_irq structure with __get_free_page. That wastes a small amount of memory (~2500 bytes) per online adapter. Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Horst Hummel authored
The dasd state machine is not designed to enable an unformatted device, since 'unformatted' is a final state. The BIODASDENABLE ioctl calls dasd_enable_device() which never returns if the device is in this special state. Return -EPERM in dasd_increase_state for unformatted devices to make dasd_enable_device terminate. Note: To get such an unformatted device online it has to be re-analyzed. This means that the device needs to be disabled prior to re-enablement. Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andreas Herrmann authored
Avoid memory allocation with GFP_KERNEL in qdio_establish/qdio_shutdown. Use memory pool instead. (Otherwise this can lead to an I/O stall where qdio waits for a free page and zfcp waits for end of error recovery in low memory situations.) Signed-off-by: Andreas Herrmann <aherrman@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Laurent Meyer authored
If a signal handler has been established with the SA_ONSTACK option but no alternate stack is provided with sigaltstack(), the kernel still tries to install the alternate stack. Also when setting an alternate stack with sigalstack() and the SS_DISABLE flag, the kernel tries to install the alternate stack on signal delivery. Use the correct conditions sas_ss_flags() to check if the alternate stack has to be used. Signed-off-by: Laurent Meyer <meyerlau@fr.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Stefan Bader authored
Interrupts can stay disabled if an error occurred in _chp_add(). Use spin_unlock_irq on the error paths to reenable interrupts. Signed-off-by: Stefan Bader <shbader@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Peter Oberparleiter authored
Fix a race condition in the I/O termination logic. The race can cause I/O to a dasd device to fail with no retry left after turning one channel path to the device off and on multiple times. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Masami Hiramatsu authored
Fix resume_execution() to handle iret and absolute jump opcode correctly on i386. Signed-off-by: Masami Hiramatsu <hiramatu@sdl.hitachi.co.jp> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: "Keshavamurthy, Anil S" <anil.s.keshavamurthy@intel.com> Cc: Prasanna S Panchamukhi <prasanna@in.ibm.com> Cc: Jim Keniston <jkenisto@us.ibm.com> Cc: Yumiko Sugita <sugita@sdl.hitachi.co.jp> Cc: Satoshi Oshima <soshima@redhat.com> Cc: Hideo Aoki <haoki@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
mao, bibo authored
When trap happens in user space, kprobe_exceptions_notify() funtion will skip it. This patch deletes some unnecessary code for VM_MASK judgement in eflags. Signed-off-by: bibo, mao <bibo.mao@intel.com> Cc: Masami Hiramatsu <hiramatu@sdl.hitachi.co.jp> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Acked-by: "Keshavamurthy, Anil S" <anil.s.keshavamurthy@intel.com> Acked-by: Prasanna S Panchamukhi <prasanna@in.ibm.com> Cc: Jim Keniston <jkenisto@us.ibm.com> Cc: Yumiko Sugita <sugita@sdl.hitachi.co.jp> Cc: Satoshi Oshima <soshima@redhat.com> Cc: Hideo Aoki <haoki@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Andi Kleen authored
Running abnormal VM splits causes weird problems - people can set non-standard splits by accident, then lots of time gets wasted diagnosing it - see the long "[stable] 2.6.16.6 breaks java... sort of" email thread. So we need to make this option harder to set. Use CONFIG_EMBEDDED for this. CONFIG_EMBEDDED isn't really the right thing to use, but there's nothing else obvious and avoiding these problems is more important than Kconfig purity. Signed-off-by: Andi Kleen <ak@suse.de> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Ashok Raj authored
CPU_HOTPLUG has race conditions when we use broadcast mode IPI. - First we introduced no_broadcast option (see include/asm-i386/mach-default/mach_ipi.h) - x86_64 solved it by using physical flat mode (same as bigsmp on i386) since this will not use broadcast shortcuts for IPI. - We switched to use bigsmp on i386 so that we can have same handling as x86_64, but apparently this caused an error message, if kernel was compiled without X86_GENERICARCH, X86_BIGSMP. The message "You have >8 CPUS..." which was bogus and misleading, and only indicated one of the above ARCH wasnt selected. So we do not switch to automatic bigsmp for HOTPLUG_CPU support in i386 until the other related config dependencies for SMP_SUSPEND etc can be done right. Signed-off-by: Ashok Raj <ashok.raj@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-