aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* dmi: Let dmi_walk() users pass private dataJean Delvare2009-03-30
| | | | | | | | | | | At the moment, dmi_walk() lacks flexibility, users can't pass data to the callback function. Add a pointer for private data to make this function more flexible. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Hans de Goede <hdegoede@redhat.com> Cc: Matthew Garrett <mjg@redhat.com> Cc: Roland Dreier <rolandd@cisco.com>
* hwmon: Define a standard interface for chassis intrusion detectionJean Delvare2009-03-30
| | | | | | | | | | | Define a standard interface for the chassis intrusion detection feature some hardware monitoring chips have. Some drivers have custom sysfs entries for it, but a standard interface would allow integration with user-space (namely libsensors.) Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Hans de Goede <j.w.r.degoede@hhs.nl> Acked-by: Matt Roberds <mattroberds@cox.net>
* Move the pcf8591 driver to hwmonJean Delvare2009-03-30
| | | | | | | | | | | | | | Directory drivers/i2c/chips is going away, so drivers there must find new homes. For the pcf8591 driver, the best choice seems to be the hwmon subsystem. While the Philips PCF8591 device isn't a typical hardware monitoring chip, its DAC interface is compatible with the hwmon one, so it fits somewhat. If a better subsystem is ever created for ADC/DAC chips, the driver could be moved there. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Aurelien Jarno <aurelien@aurel32.net>
* hwmon: (w83627ehf) Only expose in6 or temp3 on the W83667HGGong Jun2009-03-30
| | | | | | | | | The pin for in6 and temp3 is shared on the W83667HG, so only one of these features can be supported on any given system. Let the driver select which one depending on the temp3 disabled bit. Signed-off-by: Gong Jun <JGong@nuvoton.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
* hwmon: (w83627ehf) Add support for W83667HGGong Jun2009-03-30
| | | | | | | | | | | | | Add initial support for the Nuvoton W83667HG chip to the w83627ehf driver. It has been tested on ASUS P5QL PRO by Gong Jun. At the moment there is still a usability issue which is that only in6 or temp3 can be present on the W83667HG, so the driver shouldn't expose both. This will be addressed later. Signed-off-by: Gong Jun <JGong@nuvoton.com> Acked-by: David Hubbard <david.c.hubbard@gmail.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
* hwmon: (w83627ehf) Invert fan pin variables logicJean Delvare2009-03-30
| | | | | | | | Use positive logic for fan pin variables (variable is set if pin is used for fan), instead of negative logic which is error prone. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Gong Jun <JGong@nuvoton.com>
* hwmon: (hdaps) Fix Thinkpad X41 axis inversionFrank Seidel2009-03-30
| | | | | | | | Fix for kernel.org bug #7154: hdaps inversion of actual Thinkpad X41's Y-axis. Signed-off-by: Frank Seidel <frank@f-seidel.de> Signed-off-by: Jean Delvare <khali@linux-fr.org>
* hwmon: (hdaps) Allow inversion of separate axisFrank Seidel2009-03-30
| | | | | | | | Fix for kernel.org bug #7154: hdaps inversion of each axis. This version is based on the work from Michael Ruoss <miruoss@student.ethz.ch>. Signed-off-by: Frank Seidel <frank@f-seidel.de> Signed-off-by: Jean Delvare <khali@linux-fr.org>
* hwmon: (ds1621) Clean up documentationJean Delvare2009-03-30
| | | | | | | | | | * The alarms sysfs file is deprecated, and individual alarm files are self-explanatory. * The driver doesn't implement high-reslution temperature readings so don't document that. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Aurelien Jarno <aurelien@aurel32.net>
* hwmon: (ds1621) Avoid unneeded register accessJean Delvare2009-03-30
| | | | | | | | | | Register access over SMBus isn't cheap, so avoid register access where possible: * Only write back the configuration register if it changed. * Don't refresh the register cache when we don't have to. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Aurelien Jarno <aurelien@aurel32.net>
* hwmon: (ds1621) Clean up register accessJean Delvare2009-03-30
| | | | | | | | | | | | | | Fix a few oddities in how the ds1621 driver accesses the registers: * We don't need a wrapper to access the configuration register. * Check for error before calling swab16. Error checking isn't complete yet, but that's a start. * Device-specific read functions should never be called during detection, as by definition we don't know what device we are talking to at that point. * Likewise, don't assume that register reads succeed during detection. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Aurelien Jarno <aurelien@aurel32.net>
* hwmon: (ds1621) Reorder code statementsJean Delvare2009-03-30
| | | | | | | | Reorder the ds1621 driver code so that we can get rid of forward function declarations. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Aurelien Jarno <aurelien@aurel32.net>
* Merge branch 'bzip2-lzma-for-linus' of ↵Linus Torvalds2009-03-29
|\ | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip * 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip: bzip2/lzma: don't ask for compression mode for the default initramfs bzip2/lzma: consistently capitalize LZMA in Kconfig bzip2/lzma: clarify the meaning of the CONFIG_RD_ options bzip2/lzma: move CONFIG_RD_* options under CONFIG_EMBEDDED
| * bzip2/lzma: don't ask for compression mode for the default initramfsH. Peter Anvin2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | Impact: Kconfig noise reduction, documentation The default initramfs is so small that it makes no sense to worry about the additional memory taken by not double-compressing it. Therefore, don't bug the user with it. Also, improve the description of the option, which was downright incorrect. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
| * bzip2/lzma: consistently capitalize LZMA in KconfigH. Peter Anvin2009-03-28
| | | | | | | | | | | | | | | | | | Impact: message formatting Consistently spell LZMA in all capitals, since it (unlike gzip or bzip2) is an acronym. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
| * bzip2/lzma: clarify the meaning of the CONFIG_RD_ optionsH. Peter Anvin2009-03-28
| | | | | | | | | | | | | | | | | | Impact: Kconfig clarification Make it clear that the CONFIG_RD_* options are about what formats are supported, not about what formats are actually being used. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
| * bzip2/lzma: move CONFIG_RD_* options under CONFIG_EMBEDDEDH. Peter Anvin2009-03-28
| | | | | | | | | | | | | | | | | | | | | | Impact: reduce Kconfig noise Move the options that control possible initramfs/initrd compressions underneath CONFIG_EMBEDDED. The only impact of leaving these options set to y is additional code in the init section of the kernel; there is no reason to burden non-embedded users with these options. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
| * Merge commit 'v2.6.29' into x86/setup-lzmaIngo Molnar2009-03-26
| |\
* | | Fix build error in <linux/irq.h>Ralf Baechle2009-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <linux/irq.h> relies on <linux/gfp.h> and <linux/topology.h> having been included previous. If not, the errors like below will result. CC arch/mips/mti-malta/malta-int.o In file included from arch/mips/mti-malta/malta-int.c:25: include/linux/irq.h: In function ‘init_alloc_desc_masks’: include/linux/irq.h:444: error: implicit declaration of function ‘cpu_to_node’ include/linux/irq.h:446: error: ‘GFP_ATOMIC’ undeclared (first use in this function) include/linux/irq.h:446: error: (Each undeclared identifier is reported only once include/linux/irq.h:446: error: for each function it appears in.) make[3]: *** [arch/mips/mti-malta/malta-int.o] Error 1 make[2]: *** [arch/mips/mti-malta] Error 2 make[1]: *** [sub-make] Error 2 Fixed by including the two missing headers. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | sched: fix errors in struct & function commentsRandy Dunlap2009-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix kernel-doc errors in sched.c: the structs don't have kernel-doc notation and the short function description needs to be one line only. Error(kernel/sched.c:3197): cannot understand prototype: 'struct sd_lb_stats ' Error(kernel/sched.c:3228): cannot understand prototype: 'struct sg_lb_stats ' Error(kernel/sched.c:3375): duplicate section name 'Description' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | maple: fix Error in kernel-doc notationRandy Dunlap2009-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix kernel-doc error in maple (it's not kernel-doc): Error(drivers/sh/maple/maple.c:782): cannot understand prototype: 'struct bus_type maple_bus_type = ' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> cc: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | Merge branch 'futexes-for-linus' of ↵Linus Torvalds2009-03-28
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: futex: remove the pointer math from double_unlock_hb, fix futex: remove the pointer math from double_unlock_hb futex: clean up fault logic futex: unlock before returning -EFAULT futex: use current->time_slack_ns for rt tasks too futex: add double_unlock_hb() futex: additional (get|put)_futex_key() fixes futex: update futex commentary
| * \ \ Merge branch 'linus' into core/futexesIngo Molnar2009-03-28
| |\ \ \
| * | | | futex: remove the pointer math from double_unlock_hb, fixIngo Molnar2009-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: fix double unlock crash Thomas Gleixner noticed that the simplified double_unlock_hb() became ... too unsophisticated: in the hb1 == hb2 case it will do a double unlock. Reported-by: Thomas Gleixner <tglx@linutronix.de> Cc: Darren Hart <dvhltc@us.ibm.com> LKML-Reference: <20090312221118.11146.68610.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: remove the pointer math from double_unlock_hbDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: simplify code I mistakenly included the pointer value ordering in the double_unlock_hb() in my previous patch. It's only necessary in the double_lock_hb() function. This patch removes it. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312221118.11146.68610.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: clean up fault logicDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: cleanup Older versions of the futex code held the mmap_sem which had to be dropped in order to call get_user(), so a two-pronged fault handling mechanism was employed to handle faults of the atomic operations. The mmap_sem is no longer held, so get_user() should be adequate. This patch greatly simplifies the logic and improves legibility. Build and boot tested on a 4 way Intel x86_64 workstation. Passes basic pthread_mutex and PI tests out of ltp/testcases/realtime. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312075612.9856.48612.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: unlock before returning -EFAULTDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: rt-mutex failure case fix futex_lock_pi can potentially return -EFAULT with the rt_mutex held. This seems like the wrong thing to do as userspace should assume -EFAULT means the lock was not taken. Even if it could figure this out, we'd be leaving the pi_state->owner in an inconsistent state. This patch unlocks the rt_mutex prior to returning -EFAULT to userspace. Build and boot tested on a 4 way Intel x86_64 workstation. Passes basic pthread_mutex and PI tests out of ltp/testcases/realtime. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312075606.9856.88729.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: use current->time_slack_ns for rt tasks tooDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RT tasks should set their timer slack to 0 on their own. This patch removes the 'if (rt_task()) slack = 0;' block in futex_wait. Build and boot tested on a 4 way Intel x86_64 workstation. Passes basic pthread_mutex and PI tests out of ltp/testcases/realtime. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Arjan van de Ven <arjan@linux.intel.com> LKML-Reference: <20090312075559.9856.28822.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: add double_unlock_hb()Darren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: cleanup The futex code uses double_lock_hb() which locks the hb->lock's in pointer value order. There is no parallel unlock routine, and the code unlocks them in name order, ignoring pointer value. This patch adds double_unlock_hb() to refactor the duplicated code segments. Build and boot tested on a 4 way Intel x86_64 workstation. Passes basic pthread_mutex and PI tests out of ltp/testcases/realtime. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312075552.9856.48021.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: additional (get|put)_futex_key() fixesDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: fix races futex_requeue and futex_lock_pi still had some bad (get|put)_futex_key() usage. This patch adds the missing put_futex_keys() and corrects a goto in futex_lock_pi() to avoid a double get. Build and boot tested on a 4 way Intel x86_64 workstation. Passes basic pthread_mutex and PI tests out of ltp/testcases/realtime. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312075545.9856.75152.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | | | futex: update futex commentaryDarren Hart2009-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impact: cleanup The futex_hash_bucket can be a bit confusing when first looking at the code as it is a shared queue (and futex_q isn't a queue at all, but rather an element on the queue). The mmap_sem is no longer held outside of the futex_handle_fault() routine, yet numerous comments refer to it. The fshared argument is no an integer. I left some of these comments along as they are simply removed in future patches. Some of the commentary refering to futexes by virtual page mappings was not very clear, and completely accurate (as for shared futexes both the page and the offset are used to determine the key). For the purposes of the function description, just referring to "the futex" seems sufficient. With hashed futexes we now access the page after the hash-bucket is locked, and not only after it is enqueued. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <20090312075537.9856.29954.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* | | | | Merge branch 'for-linus' of ↵Linus Torvalds2009-03-28
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: smack: Add a new '-CIPSO' option to the network address label configuration netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections lsm: Remove the socket_post_accept() hook selinux: Remove the "compat_net" compatibility code netlabel: Label incoming TCP connections correctly in SELinux lsm: Relocate the IPv4 security_inet_conn_request() hooks TOMOYO: Fix a typo. smack: convert smack to standard linux lists
| * | | | | smack: Add a new '-CIPSO' option to the network address label configurationEtienne Basset2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a new special option '-CIPSO' to the Smack subsystem. When used in the netlabel list, it means "use CIPSO networking". A use case is when your local network speaks CIPSO and you want also to connect to the unlabeled Internet. This patch also add some documentation describing that. The patch also corrects an oops when setting a '' SMACK64 xattr to a file. Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connectionsPaul Moore2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch cleans up a lot of the Smack network access control code. The largest changes are to fix the labeling of incoming TCP connections in a manner similar to the recent SELinux changes which use the security_inet_conn_request() hook to label the request_sock and let the label move to the child socket via the normal network stack mechanisms. In addition to the incoming TCP connection fixes this patch also removes the smk_labled field from the socket_smack struct as the minor optimization advantage was outweighed by the difficulty in maintaining it's proper state. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | lsm: Remove the socket_post_accept() hookPaul Moore2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The socket_post_accept() hook is not currently used by any in-tree modules and its existence continues to cause problems by confusing people about what can be safely accomplished using this hook. If a legitimate need for this hook arises in the future it can always be reintroduced. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | selinux: Remove the "compat_net" compatibility codePaul Moore2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SELinux "compat_net" is marked as deprecated, the time has come to finally remove it from the kernel. Further code simplifications are likely in the future, but this patch was intended to be a simple, straight-up removal of the compat_net code. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | netlabel: Label incoming TCP connections correctly in SELinuxPaul Moore2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current NetLabel/SELinux behavior for incoming TCP connections works but only through a series of happy coincidences that rely on the limited nature of standard CIPSO (only able to convey MLS attributes) and the write equality imposed by the SELinux MLS constraints. The problem is that network sockets created as the result of an incoming TCP connection were not on-the-wire labeled based on the security attributes of the parent socket but rather based on the wire label of the remote peer. The issue had to do with how IP options were managed as part of the network stack and where the LSM hooks were in relation to the code which set the IP options on these newly created child sockets. While NetLabel/SELinux did correctly set the socket's on-the-wire label it was promptly cleared by the network stack and reset based on the IP options of the remote peer. This patch, in conjunction with a prior patch that adjusted the LSM hook locations, works to set the correct on-the-wire label format for new incoming connections through the security_inet_conn_request() hook. Besides the correct behavior there are many advantages to this change, the most significant is that all of the NetLabel socket labeling code in SELinux now lives in hooks which can return error codes to the core stack which allows us to finally get ride of the selinux_netlbl_inode_permission() logic which greatly simplfies the NetLabel/SELinux glue code. In the process of developing this patch I also ran into a small handful of AF_INET6 cleanliness issues that have been fixed which should make the code safer and easier to extend in the future. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | lsm: Relocate the IPv4 security_inet_conn_request() hooksPaul Moore2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current placement of the security_inet_conn_request() hooks do not allow individual LSMs to override the IP options of the connection's request_sock. This is a problem as both SELinux and Smack have the ability to use labeled networking protocols which make use of IP options to carry security attributes and the inability to set the IP options at the start of the TCP handshake is problematic. This patch moves the IPv4 security_inet_conn_request() hooks past the code where the request_sock's IP options are set/reset so that the LSM can safely manipulate the IP options as needed. This patch intentionally does not change the related IPv6 hooks as IPv6 based labeling protocols which use IPv6 options are not currently implemented, once they are we will have a better idea of the correct placement for the IPv6 hooks. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | Merge branch 'master' of ↵James Morris2009-03-27
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | ssh://master.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 into next
| * | | | | | TOMOYO: Fix a typo.Tetsuo Handa2009-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a typo. Reported-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: James Morris <jmorris@namei.org>
| * | | | | | Merge branch 'master' into nextJames Morris2009-03-26
| |\ \ \ \ \ \
| * | | | | | | smack: convert smack to standard linux listsEtienne Basset2009-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the following patch (on top of 2.6.29) converts Smack lists to standard linux lists Please review and consider for inclusion in 2.6.30-rc regards, Etienne Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
* | | | | | | | Annotate struct fs_struct's usage count restrictionDavid Howells2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Annotate struct fs_struct's usage count to indicate the restrictions upon it. It may not be incremented, except by clone(CLONE_FS), as this affects the check in check_unsafe_exec() in fs/exec.c. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | | | | fix setuid sometimes wouldn'tHugh Dickins2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | check_unsafe_exec() also notes whether the fs_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient use of get_fs_struct(), which also raises that sharing count. This might occasionally cause a setuid program not to change euid, in the same way as happened with files->count (check_unsafe_exec also looks at sighand->count, but /proc doesn't raise that one). We'd prefer exec not to unshare fs_struct: so fix this in procfs, replacing get_fs_struct() by get_fs_path(), which does path_get while still holding task_lock, instead of raising fs->count. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org ___ fs/proc/base.c | 50 +++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | | | | fix setuid sometimes doesn'tHugh Dickins2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Joe Malicki reports that setuid sometimes doesn't: very rarely, a setuid root program does not get root euid; and, by the way, they have a health check running lsof every few minutes. Right, check_unsafe_exec() notes whether the files_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient use of get_files_struct(), which also raises that sharing count. There's a rather simple fix for this: exec's check on files->count has been redundant ever since 2.6.1 made it unshare_files() (except while compat_do_execve() omitted to do so) - just remove that check. [Note to -stable: this patch will not apply before 2.6.29: earlier releases should just remove the files->count line from unsafe_exec().] Reported-by: Joe Malicki <jmalicki@metacarta.com> Narrowed-down-by: Michael Itz <mitz@metacarta.com> Tested-by: Joe Malicki <jmalicki@metacarta.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | | | | compat_do_execve should unshare_filesHugh Dickins2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.6.26's commit fd8328be874f4190a811c58cd4778ec2c74d2c05 "sanitize handling of shared descriptor tables in failing execve()" moved the unshare_files() from flush_old_exec() and several binfmts to the head of do_execve(); but forgot to make the same change to compat_do_execve(), leaving a CLONE_FILES files_struct shared across exec from a 32-bit process on a 64-bit kernel. It's arguable whether the files_struct really ought to be unshared across exec; but 2.6.1 made that so to stop the loading binary's fd leaking into other threads, and a 32-bit process on a 64-bit kernel ought to behave in the same way as 32 on 32 and 64 on 64. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | | | | Merge branch 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6Linus Torvalds2009-03-28
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6: i2c-core: Some style cleanups i2c-piix4: Add support for the Broadcom HT1100 chipset i2c-piix4: Add support to SB800 SMBus changes i2c-pca-platform: Use defaults if no platform_data given i2c-algo-pca: Use timeout for checking the state machine i2c-algo-pca: Rework waiting for a free bus i2c-algo-pca: Add PCA9665 support i2c: Adapt debug macros for KERN_* constants i2c-davinci: Fix timeout handling i2c: Adapter timeout is in jiffies i2c: Set a default timeout value for all adapters i2c: Add missing KERN_* constants to printks i2c-algo-pcf: Handle timeout correctly i2c-algo-pcf: Style cleanups eeprom/at24: Remove EXPERIMENTAL i2c-nforce2: Add support for MCP67, MCP73, MCP78S and MCP79 i2c: Clarify which clients are auto-removed i2c: Let checkpatch shout on users of the legacy model i2c: Document the different ways to instantiate i2c devices
| * | | | | | | | i2c-core: Some style cleanupsZhenwen Xu2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some lines over 80. The printk(KERN_ERR ... ) should be dev_err. And some blankspace should be deleted. Signed-off-by: Zhenwen Xu <helight.xu@gmail.com> Signed-off-by: Jean Delvare <khlai@linux-fr.org>
| * | | | | | | | i2c-piix4: Add support for the Broadcom HT1100 chipsetFlavio Leitner2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for the Broadcom HT1100 LD chipset (SMBus function.) Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | | | | | | | i2c-piix4: Add support to SB800 SMBus changesShane Huang2009-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for the AMD SB800 Family series of products. Major changes include the changes to addressing the SMBus registers at different location from the locations in the previous compatible parts from AMD such as SB400/SB600/SB700. For SB800, the main features and register definitions of SMBus and other interfaces are still compatible with the previous products with the only change being in how to access the internal registers for these blocks. Signed-off-by: Shane Huang <shane.huang@amd.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>