aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
Commit message (Collapse)AuthorAge
* [NETLINK]: Synchronous message processing.Herbert Xu2005-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's recap the problem. The current asynchronous netlink kernel message processing is vulnerable to these attacks: 1) Hit and run: Attacker sends one or more messages and then exits before they're processed. This may confuse/disable the next netlink user that gets the netlink address of the attacker since it may receive the responses to the attacker's messages. Proposed solutions: a) Synchronous processing. b) Stream mode socket. c) Restrict/prohibit binding. 2) Starvation: Because various netlink rcv functions were written to not return until all messages have been processed on a socket, it is possible for these functions to execute for an arbitrarily long period of time. If this is successfully exploited it could also be used to hold rtnl forever. Proposed solutions: a) Synchronous processing. b) Stream mode socket. Firstly let's cross off solution c). It only solves the first problem and it has user-visible impacts. In particular, it'll break user space applications that expect to bind or communicate with specific netlink addresses (pid's). So we're left with a choice of synchronous processing versus SOCK_STREAM for netlink. For the moment I'm sticking with the synchronous approach as suggested by Alexey since it's simpler and I'd rather spend my time working on other things. However, it does have a number of deficiencies compared to the stream mode solution: 1) User-space to user-space netlink communication is still vulnerable. 2) Inefficient use of resources. This is especially true for rtnetlink since the lock is shared with other users such as networking drivers. The latter could hold the rtnl while communicating with hardware which causes the rtnetlink user to wait when it could be doing other things. 3) It is still possible to DoS all netlink users by flooding the kernel netlink receive queue. The attacker simply fills the receive socket with a single netlink message that fills up the entire queue. The attacker then continues to call sendmsg with the same message in a loop. Point 3) can be countered by retransmissions in user-space code, however it is pretty messy. In light of these problems (in particular, point 3), we should implement stream mode netlink at some point. In the mean time, here is a patch that implements synchronous processing. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] make lots of things staticAdrian Bunk2005-05-01
| | | | | | | | Another large rollup of various patches from Adrian which make things static where they were needlessly exported. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] DocBook: fix some descriptionsMartin Waitz2005-05-01
| | | | | | | | | Some KernelDoc descriptions are updated to match the current code. No code changes. Signed-off-by: Martin Waitz <tali@admingilde.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] DocBook: changes and extensions to the kernel documentationPavel Pisa2005-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have recompiled Linux kernel 2.6.11.5 documentation for me and our university students again. The documentation could be extended for more sources which are equipped by structured comments for recent 2.6 kernels. I have tried to proceed with that task. I have done that more times from 2.6.0 time and it gets boring to do same changes again and again. Linux kernel compiles after changes for i386 and ARM targets. I have added references to some more files into kernel-api book, I have added some section names as well. So please, check that changes do not break something and that categories are not too much skewed. I have changed kernel-doc to accept "fastcall" and "asmlinkage" words reserved by kernel convention. Most of the other changes are modifications in the comments to make kernel-doc happy, accept some parameters description and do not bail out on errors. Changed <pid> to @pid in the description, moved some #ifdef before comments to correct function to comments bindings, etc. You can see result of the modified documentation build at http://cmp.felk.cvut.cz/~pisa/linux/lkdb-2.6.11.tar.gz Some more sources are ready to be included into kernel-doc generated documentation. Sources has been added into kernel-api for now. Some more section names added and probably some more chaos introduced as result of quick cleanup work. Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz> Signed-off-by: Martin Waitz <tali@admingilde.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] convert that currently tests _NSIG directly to use valid_signal()Jesper Juhl2005-05-01
| | | | | | | | | Convert most of the current code that uses _NSIG directly to instead use valid_signal(). This avoids gcc -W warnings and off-by-one errors. Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] consolidate sys_shmatStephen Rothwell2005-05-01
| | | | | | Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Change synchronize_kernel to _rcu and _schedPaul E. McKenney2005-05-01
| | | | | | | | | | This patch changes calls to synchronize_kernel(), deprecated in the earlier "Deprecate synchronize_kernel, GPL replacement" patch to instead call the new synchronize_rcu() and synchronize_sched() APIs. Signed-off-by: Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Deprecate synchronize_kernel, GPL replacementPaul E. McKenney2005-05-01
| | | | | | | | | | | | | | | | The synchronize_kernel() primitive is used for quite a few different purposes: waiting for RCU readers, waiting for NMIs, waiting for interrupts, and so on. This makes RCU code harder to read, since synchronize_kernel() might or might not have matching rcu_read_lock()s. This patch creates a new synchronize_rcu() that is to be used for RCU readers and a new synchronize_sched() that is used for the rest. These two new primitives currently have the same implementation, but this is might well change with additional real-time support. Both new primitives are GPL-only, the old primitive is deprecated. Signed-off-by: Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] kernel/rcupdate.c: make the exports EXPORT_SYMBOL_GPLPaul E. McKenney2005-05-01
| | | | | | | | | | | | | | | | | | | The gpl exports need to be put back. Moving them to GPL -- but in a measured manner, as I proposed on this list some months ago -- is fine. Changing these particular exports precipitously is most definitely -not- fine. Here is my earlier proposal: http://marc.theaimsgroup.com/?l=linux-kernel&m=110520930301813&w=2 See below for a patch that puts the exports back, along with an updated version of my earlier patch that starts the process of moving them to GPL. I will also be following this message with RFC patches that introduce two (EXPORT_SYMBOL_GPL) interfaces to replace synchronize_kernel(), which then becomes deprecated. Signed-off-by: <paulmck@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] clean up kernel messagesMatt Mackall2005-05-01
| | | | | | | | | | | | Arrange for all kernel printks to be no-ops. Only available if CONFIG_EMBEDDED. This patch saves about 375k on my laptop config and nearly 100k on minimal configs. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] nice and rt-prio rlimitsMatt Mackall2005-05-01
| | | | | | | | | | | | | | | | | | | | Add a pair of rlimits for allowing non-root tasks to raise nice and rt priorities. Defaults to traditional behavior. Originally written by Chris Wright. The patch implements a simple rlimit ceiling for the RT (and nice) priorities a task can set. The rlimit defaults to 0, meaning no change in behavior by default. A value of 50 means RT priority levels 1-50 are allowed. A value of 100 means all 99 privilege levels from 1 to 99 are allowed. CAP_SYS_NICE is blanket permission. (akpm: see http://www.uwsg.iu.edu/hypermail/linux/kernel/0503.1/1921.html for tips on integrating this with PAM). Signed-off-by: Matt Mackall <mpm@selenic.com> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] use smp_mb/wmb/rmb where possibleakpm@osdl.org2005-05-01
| | | | | | | | | Replace a number of memory barriers with smp_ variants. This means we won't take the unnecessary hit on UP machines. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Remove bogus BUG() in kernel/exit.cLinus Torvalds2005-04-29
| | | | | | | It's old sanity checking that may have been useful for debugging, but is just bogus these days. Noticed by Mattia Belletti.
* [PATCH] time interpolator: Fix settimeofday inaccuracyChristoph Lameter2005-04-28
| | | | | | | | | | | | | | | | settimeofday will set the time a little bit too early on systems using time interpolation since it subtracts the current interpolator offset from the time. This used to be necessary with the code in 2.6.9 and earlier but the new code resets the time interpolator after setting the time. Thus the time is set too early and gettimeofday will return a time slightly before the time specified with settimeofday if invoked immeditely after settimeofday. This removes the obsolete subtraction of the time interpolator offset and makes settimeofday set the time accurately. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [SPARC]: Stop-A printk cleanupTom 'spot' Callaway2005-04-24
| | | | | | | | | | | | This patch is incredibly trivial, but it does resolve some of the user confusion as to what "L1-A" actually is. Clarify printk message to refer to Stop-A (L1-A). Gentoo has a virtually identical patch in their kernel sources. Signed-off-by: Tom 'spot' Callaway <tcallawa@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] sched: fix signed comparisons of long longIngo Molnar2005-04-18
| | | | | | | Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] SELinux: fix deadlock on dcache lockStephen Smalley2005-04-18
| | | | | | | | | | | | | | | | | | | | This fixes a deadlock on the dcache lock detected during testing at IBM by moving the logging of the current executable information from the SELinux avc_audit function to audit_log_exit (via an audit_log_task_info helper) for processing upon syscall exit. For consistency, the patch also removes the logging of other task-related information from avc_audit, deferring handling to audit_log_exit instead. This allows simplification of the avc_audit code, allows the exe information to be obtained more reliably, always includes the comm information (useful for scripts), and avoids including bogus task information for checks performed from irq or softirq. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] reparent_to_init cleanupCoywolf Qi Hunt2005-04-16
| | | | | | | | | This patch hides reparent_to_init(). reparent_to_init() should only be called by daemonize(). Signed-off-by: Coywolf Qi Hunt <coywolf@lovecn.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] cpuset: remove function attribute constBenoit Boissinot2005-04-16
| | | | | | | | | | | | | | | | | | | | | | | | gcc-4 warns with include/linux/cpuset.h:21: warning: type qualifiers ignored on function return type cpuset_cpus_allowed is declared with const extern const cpumask_t cpuset_cpus_allowed(const struct task_struct *p); First const should be __attribute__((const)), but the gcc manual explains that: "Note that a function that has pointer arguments and examines the data pointed to must not be declared const. Likewise, a function that calls a non-const function usually must not be const. It does not make sense for a const function to return void." The following patch remove const from the function declaration. Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org> Acked-by: Paul Jackson <pj@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] pci enumeration on ixp2000: overflow in kernel/resource.cLennert Buytenhek2005-04-16
| | | | | | | | | | | | | | IXP2000 (ARM-based) platforms use a separate 'struct resource' for PCI MEM space. Resource allocation for PCI BARs always fails because the 'root' resource (the IXP2000 PCI MEM resource) always has the entire address space (00000000-ffffffff) free, and find_resource() calculates the size of that range as ffffffff-00000000+1=0, so all allocations fail because it thinks there is no space. (akpm: pls. double-check) Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] kill #ifndef HAVE_ARCH_GET_SIGNAL_TO_DELIVER in signal.cChristoph Hellwig2005-04-16
| | | | | | | | Now that no architectures defines HAVE_ARCH_GET_SIGNAL_TO_DELIVER anymore this can go away. It was a transitional hack only. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] kernel/param.c: don't use .max when .num is NULL in param_array_set()Bert Wesarg2005-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | there seems to be a bug, at least for me, in kernel/param.c for arrays with .num == NULL. If .num == NULL, the function param_array_set() uses &.max for the call to param_array(), wich alters the .max value to the number of arguments. The result is, you can't set more array arguments as the last time you set the parameter. example: # a module 'example' with # static int array[10] = { 0, }; # module_param_array(array, int, NULL, 0644); $ insmod example.ko array=1,2,3 $ cat /sys/module/example/parameters/array 1,2,3 $ echo "4,3,2,1" > /sys/module/example/parameters/array $ dmesg | tail -n 1 kernel: array: can take only 3 arguments Signed-off-by: Bert Wesarg <wesarg@informatik.uni-halle.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] swsusp: SMP fixAlexander Nyberg2005-04-16
| | | | | | | Fix some smp_processor_id-in-preemptible warnings Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Fix get_compat_sigevent()David S. Miller2005-04-16
| | | | | | | | | I have no idea how a bug like this lasted so long. Anyways, obvious memset()'ing of incorrect pointer. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] re-export cancel_rearming_delayed_workqueueJames Bottomley2005-04-16
| | | | | | | | | | | | | | This was unexported by Arjan because we have no current users. However, during a conversion from tasklets to workqueues of the parisc led functions, we ran across a case where this was needed. In particular, the open coded equivalent of cancel_rearming_delayed_workqueue was implemented incorrectly, which is, I think, all the evidence necessary that this is a useful API. Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-16
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!