summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2010-10-21Merge branch 'core-rcu-for-linus' of ↵Linus Torvalds60-474/+1454
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (52 commits) sched: fix RCU lockdep splat from task_group() rcu: using ACCESS_ONCE() to observe the jiffies_stall/rnp->qsmask value sched: suppress RCU lockdep splat in task_fork_fair net: suppress RCU lockdep false positive in sock_update_classid rcu: move check from rcu_dereference_bh to rcu_read_lock_bh_held rcu: Add advice to PROVE_RCU_REPEATEDLY kernel config parameter rcu: Add tracing data to support queueing models rcu: fix sparse errors in rcutorture.c rcu: only one evaluation of arg in rcu_dereference_check() unless sparse kernel: Remove undead ifdef CONFIG_DEBUG_LOCK_ALLOC rcu: fix _oddness handling of verbose stall warnings rcu: performance fixes to TINY_PREEMPT_RCU callback checking rcu: upgrade stallwarn.txt documentation for CPU-bound RT processes vhost: add __rcu annotations rcu: add comment stating that list_empty() applies to RCU-protected lists rcu: apply TINY_PREEMPT_RCU read-side speedup to TREE_PREEMPT_RCU rcu: combine duplicate code, courtesy of CONFIG_PREEMPT_RCU rcu: Upgrade srcu_read_lock() docbook about SRCU grace periods rcu: document ways of stalling updates in low-memory situations rcu: repair code-duplication FIXMEs ...
2010-10-21Merge branch 'core-locking-for-linus' of ↵Linus Torvalds22-56/+69
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: lockdep: Check the depth of subclass lockdep: Add improved subclass caching affs: Use sema_init instead of init_MUTEX hfs: Convert tree_lock to mutex arm: Bcmring: semaphore cleanup printk: Make console_sem a semaphore not a pseudo mutex drivers/macintosh/adb: Do not claim that the semaphore is a mutex parport: Semaphore cleanup irda: Semaphore cleanup net: Wan/cosa.c: Convert "mutex" to semaphore net: Ppp_async: semaphore cleanup hamradio: Mkiss: semaphore cleanup hamradio: 6pack: semaphore cleanup net: 3c527: semaphore cleanup input: Serio/hp_sdc: semaphore cleanup input: Serio/hil_mlc: semaphore cleanup input: Misc/hp_sdc_rtc: semaphore cleanup lockup_detector: Make callback function static lockup detector: Fix grammar by adding a missing "to" in the comments lockdep: Remove __debug_show_held_locks
2010-10-21Merge branch 'core-iommu-for-linus' of ↵Linus Torvalds10-38/+158
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86/amd-iommu: Update copyright headers x86/amd-iommu: Reenable AMD IOMMU if it's mysteriously vanished over suspend AGP: Warn when GATT memory cannot be set to UC x86, GART: Disable GART table walk probes x86, GART: Remove superfluous AMD64_GARTEN
2010-10-21Merge branch 'for-linus' of ↵Linus Torvalds38-246/+1805
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (26 commits) selinux: include vmalloc.h for vmalloc_user secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set selinux: implement mmap on /selinux/policy SELinux: allow userspace to read policy back out of the kernel SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE SELinux: deterministic ordering of range transition rules kernel: roundup should only reference arguments once kernel: rounddown helper function secmark: export secctx, drop secmark in procfs conntrack: export lsm context rather than internal secid via netlink security: secid_to_secctx returns len when data is NULL secmark: make secmark object handling generic secmark: do not return early if there was no error AppArmor: Ensure the size of the copy is < the buffer allocated to hold it TOMOYO: Print URL information before panic(). security: remove unused parameter from security_task_setscheduler() tpm: change 'tpm_suspend_pcr' to be module parameter selinux: fix up style problem on /selinux/status selinux: change to new flag variable selinux: really fix dependency causing parallel compile failure. ...
2010-10-21Merge branch 'virtio' of ↵Linus Torvalds2-48/+209
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus * 'virtio' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: virtio_blk: remove BKL leftovers virtio: console: Disable lseek(2) for port file operations virtio: console: Send SIGIO in case of port unplug virtio: console: Send SIGIO on new data arrival on ports virtio: console: Send SIGIO to processes that request it for host events virtio: console: Reference counting portdev structs is not needed virtio: console: Add reference counting for port struct virtio: console: Use cdev_alloc() instead of cdev_init() virtio: console: Add a find_port_by_devt() function virtio: console: Add a list of portdevs that are active virtio: console: open: Use a common path for error handling virtio: console: remove_port() should return void virtio: console: Make write() return -ENODEV on hot-unplug virtio: console: Make read() return -ENODEV on hot-unplug virtio: console: Unblock poll on port hot-unplug virtio: console: Un-block reads on chardev close virtio: console: Check if portdev is valid in send_control_msg() virtio: console: Remove control vq data only if using multiport support virtio: console: Reset vdev before removing device
2010-10-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmwLinus Torvalds28-395/+617
* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw: (22 commits) GFS2: fixed typo GFS2: Fix type mapping for demote_rq interface GFS2 fatal: filesystem consistency error on rename GFS2: Improve journal allocation via sysfs GFS2: Add "norecovery" mount option as a synonym for "spectator" GFS2: Fix spectator umount issue GFS2: Fix compiler warning from previous patch GFS2: reserve more blocks for transactions GFS2: Fix journal check for spectator mounts GFS2: Remove upgrade mount option GFS2: Remove localcaching mount option GFS2: Remove ignore_local_fs mount argument GFS2: Make . and .. qstrs constant GFS2: Use new workqueue scheme GFS2: Update handling of DLM return codes to match reality GFS2: Don't enforce min hold time when two demotes occur in rapid succession GFS2: Fix whitespace in previous patch GFS2: fallocate support GFS2: Add a bug trap in allocation code GFS2: No longer experimental ...
2010-10-21Merge branch 'for-linus' of ↵Linus Torvalds79-2046/+5380
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: (22 commits) ceph: do not carry i_lock for readdir from dcache fs/ceph/xattr.c: Use kmemdup rbd: passing wrong variable to bvec_kunmap_irq() rbd: null vs ERR_PTR ceph: fix num_pages_free accounting in pagelist ceph: add CEPH_MDS_OP_SETDIRLAYOUT and associated ioctl. ceph: don't crash when passed bad mount options ceph: fix debugfs warnings block: rbd: removing unnecessary test block: rbd: fixed may leaks ceph: switch from BKL to lock_flocks() ceph: preallocate flock state without locks held ceph: add pagelist_reserve, pagelist_truncate, pagelist_set_cursor ceph: use mapping->nrpages to determine if mapping is empty ceph: only invalidate on check_caps if we actually have pages ceph: do not hide .snap in root directory rbd: introduce rados block device (rbd), based on libceph ceph: factor out libceph from Ceph file system ceph-rbd: osdc support for osd call and rollback operations ceph: messenger and osdc changes for rbd ...
2010-10-21Merge branch 'for-next' of ↵Linus Torvalds16-649/+765
git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus: (29 commits) hfsplus: fix getxattr return value hfsplus: remove the unused hfsplus_kmap/hfsplus_kunmap helpers hfsplus: create correct initial catalog entries for device files hfsplus: remove superflous rootflags field in hfsplus_inode_info hfsplus: fix link corruption hfsplus: validate btree flags hfsplus: handle more on-disk corruptions without oopsing hfsplus: hfs_bnode_find() can fail, resulting in hfs_bnode_split() breakage hfsplus: fix oops on mount with corrupted btree extent records hfsplus: fix rename over directories hfsplus: convert tree_lock to mutex hfsplus: add missing extent locking in hfsplus_write_inode hfsplus: protect readdir against removals from open_dir_list hfsplus: use atomic bitops for the superblock flags hfsplus: add per-superblock lock for volume header updates hfsplus: remove the rsrc_inodes list hfsplus: do not cache and write next_alloc hfsplus: fix error handling in hfsplus_symlink hfsplus: merge mknod/mkdir/creat hfsplus: clean up hfsplus_write_inode ...
2010-10-21virtio_blk: remove BKL leftoversChristoph Hellwig1-15/+2
Remove the BKL usage added in "block: push down BKL into .locked_ioctl". Virtio-blk doesn't use the BKL for anything, and doesn't implement any ioctl command by itself, but only uses the generic scsi_cmd_ioctl which is fine without the BKL. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Disable lseek(2) for port file operationsAmit Shah1-0/+3
The ports are char devices; do not have seeking capabilities. Calling nonseekable_open() from the fops_open() call and setting the llseek fops pointer to no_llseek ensures an lseek() call from userspace returns -ESPIPE. Signed-off-by: Amit Shah <amit.shah@redhat.com> CC: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Send SIGIO in case of port unplugAmit Shah1-0/+3
If a port has registered for SIGIO signals, let the application know that the port is getting unplugged. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Send SIGIO on new data arrival on portsAmit Shah1-0/+3
Send a SIGIO signal when new data arrives on a port. This is sent only when the process has requested for the signal to be sent using fcntl(). Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Send SIGIO to processes that request it for host eventsAmit Shah1-0/+25
A process can request for SIGIO on host connect / disconnect events using the O_ASYNC file flag using fcntl(). If that's requested, and if the guest-side connection for the port is open, any host-side open/close events for that port will raise a SIGIO. The process can then use poll() within the signal handler to find out which port triggered the signal. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Reference counting portdev structs is not neededAmit Shah1-0/+8
Explain in a comment why there's no need to reference-count the portdev struct: when a device is yanked out, we can't do anything more with it anyway so just give up doing anything more with the data or the vqs and exit cleanly. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Add reference counting for port structAmit Shah1-16/+64
When a port got hot-unplugged, when a port was open, any file operation after the unplugging resulted in a crash. This is fixed by ref-counting the port structure, and releasing it only when the file is closed. This splits the unplug operation in two parts: first marks the port as unavailable, removes all the buffers in the vqs and removes the port from the per-device list of ports. The second stage, invoked when all references drop to zero, releases the chardev and frees all other memory. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Use cdev_alloc() instead of cdev_init()Amit Shah1-7/+13
This moves to using cdev on the heap instead of it being embedded in the ports struct. This helps individual refcounting and will allow us to properly remove cdev structs after hot-unplugs and close operations. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Add a find_port_by_devt() functionAmit Shah1-1/+36
To convert to using cdev as a pointer to avoid kref troubles, we have to use a different method to get to a port from an inode than the current container_of method. Add find_port_by_devt() that looks up all portdevs and ports with those portdevs to find the right port. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Add a list of portdevs that are activeAmit Shah1-0/+15
The virtio_console.c driver is capable of handling multiple devices at a time. Maintain a list of devices for future traversal. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: open: Use a common path for error handlingAmit Shah1-3/+9
Just re-arrange code for future patches. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: remove_port() should return voidAmit Shah1-2/+1
When a port is removed, we have to assume the port is gone. So a success/failure return value doesn't make sense. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Make write() return -ENODEV on hot-unplugAmit Shah1-0/+3
When a port is hot-unplugged while an app was blocked on a write() call, the call was unblocked but would not get an error returned. Return -ENODEV to ensure the app knows the port has gone away. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Make read() return -ENODEV on hot-unplugAmit Shah1-0/+3
When a port is hot-unplugged while an app was blocked on a read() call, the call was unblocked but would not get an error returned. Return -ENODEV to ensure the app knows the port has gone away. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Unblock poll on port hot-unplugAmit Shah1-0/+4
When a port is hot-unplugged while an app is blocked on poll(), unblock the poll() and return. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Un-block reads on chardev closeAmit Shah1-0/+4
If a chardev is closed, any blocked read / poll calls should just return and not attempt to use other state. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Check if portdev is valid in send_control_msg()Amit Shah1-1/+4
A portdev may have been hot-unplugged while a port was open()ed. Skip sending control messages when the portdev isn't valid. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Remove control vq data only if using multiport supportAmit Shah1-6/+9
If a portdev isn't using multiport support, it won't have any control vq data to remove. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21virtio: console: Reset vdev before removing deviceAmit Shah1-0/+3
The virtqueues should be disabled before attempting to remove the device. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-10-21selinux: include vmalloc.h for vmalloc_userStephen Rothwell1-0/+1
Include vmalloc.h for vmalloc_user (fixes ppc build warning). Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not setEric Paris1-0/+2
When CONFIG_NF_CONNTRACK_SECMARK is not set we accidentally attempt to use the secmark fielf of struct nf_conn. Problem is when that config isn't set the field doesn't exist. whoops. Wrap the incorrect usage in the config. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: implement mmap on /selinux/policyEric Paris2-1/+45
/selinux/policy allows a user to copy the policy back out of the kernel. This patch allows userspace to actually mmap that file and use it directly. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21SELinux: allow userspace to read policy back out of the kernelEric Paris12-3/+1256
There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21SELinux: drop useless (and incorrect) AVTAB_MAX_SIZEEric Paris2-3/+2
AVTAB_MAX_SIZE was a define which was supposed to be used in userspace to define a maximally sized avtab when userspace wasn't sure how big of a table it needed. It doesn't make sense in the kernel since we always know our table sizes. The only place it is used we have a more appropiately named define called AVTAB_MAX_HASH_BUCKETS, use that instead. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21SELinux: deterministic ordering of range transition rulesEric Paris1-3/+13
Range transition rules are placed in the hash table in an (almost) arbitrary order. This patch inserts them in a fixed order to make policy retrival more predictable. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21kernel: roundup should only reference arguments onceEric Paris1-1/+6
Currently the roundup macro references it's arguments more than one time. This patch changes it so it will only use its arguments once. Suggested-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21kernel: rounddown helper functionEric Paris1-0/+6
The roundup() helper function will round a given value up to a multiple of another given value. aka roundup(11, 7) would give 14 = 7 * 2. This new function does the opposite. It will round a given number down to the nearest multiple of the second number: rounddown(11, 7) would give 7. I need this in some future SELinux code and can carry the macro myself, but figured I would put it in the core kernel so others might find and use it if need be. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21secmark: export secctx, drop secmark in procfsEric Paris2-6/+50
The current secmark code exports a secmark= field which just indicates if there is special labeling on a packet or not. We drop this field as it isn't particularly useful and instead export a new field secctx= which is the actual human readable text label. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21conntrack: export lsm context rather than internal secid via netlinkEric Paris2-11/+45
The conntrack code can export the internal secid to userspace. These are dynamic, can change on lsm changes, and have no meaning in userspace. We should instead be sending lsm contexts to userspace instead. This patch sends the secctx (rather than secid) to userspace over the netlink socket. We use a new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did not send particularly useful information. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21security: secid_to_secctx returns len when data is NULLEric Paris3-4/+16
With the (long ago) interface change to have the secid_to_secctx functions do the string allocation instead of having the caller do the allocation we lost the ability to query the security server for the length of the upcoming string. The SECMARK code would like to allocate a netlink skb with enough length to hold the string but it is just too unclean to do the string allocation twice or to do the allocation the first time and hold onto the string and slen. This patch adds the ability to call security_secid_to_secctx() with a NULL data pointer and it will just set the slen pointer. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21secmark: make secmark object handling genericEric Paris10-141/+104
Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21secmark: do not return early if there was no errorEric Paris1-1/+1
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for netfilter errors. In xt_SECMARK.c however the patch screwed up and returned on 0 (aka no error) early and didn't finish setting up secmark. This results in a kernel BUG if you use SECMARK. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21AppArmor: Ensure the size of the copy is < the buffer allocated to hold itJohn Johansen1-1/+3
Actually I think in this case the appropriate thing to do is to BUG as there is currently a case (remove) where the alloc_size needs to be larger than the copy_size, and if copy_size is ever greater than alloc_size there is a mistake in the caller code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21TOMOYO: Print URL information before panic().Tetsuo Handa1-1/+10
Configuration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2. But current panic() message is too unfriendly and is confusing users. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21security: remove unused parameter from security_task_setscheduler()KOSAKI Motohiro8-26/+17
All security modules shouldn't change sched_param parameter of security_task_setscheduler(). This is not only meaningless, but also make a harmful result if caller pass a static variable. This patch remove policy and sched_param parameter from security_task_setscheduler() becuase none of security module is using it. Cc: James Morris <jmorris@namei.org> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21tpm: change 'tpm_suspend_pcr' to be module parameterDmitry Torokhov1-12/+10
Fix the following warning: drivers/char/tpm/tpm.c:1085: warning: `tpm_suspend_setup' defined but not used and make the workaround operable in case when TPM is compiled as a module. As a side-effect the option will be called tpm.suspend_pcr. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: David Safford <safford@watson.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: Debora Velarde <debora@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: fix up style problem on /selinux/statusKaiGai Kohei2-11/+7
This patch fixes up coding-style problem at this commit: 4f27a7d49789b04404eca26ccde5f527231d01d5 selinux: fast status update interface (/selinux/status) Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: change to new flag variablematt mooney1-1/+1
Replace EXTRA_CFLAGS with ccflags-y. Signed-off-by: matt mooney <mfm@muteddisk.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: really fix dependency causing parallel compile failure.Paul Gortmaker2-20/+6
While the previous change to the selinux Makefile reduced the window significantly for this failure, it is still possible to see a compile failure where cpp starts processing selinux files before the auto generated flask.h file is completed. This is easily reproduced by adding the following temporary change to expose the issue everytime: - cmd_flask = scripts/selinux/genheaders/genheaders ... + cmd_flask = sleep 30 ; scripts/selinux/genheaders/genheaders ... This failure happens because the creation of the object files in the ss subdir also depends on flask.h. So simply incorporate them into the parent Makefile, as the ss/Makefile really doesn't do anything unique. With this change, compiling of all selinux files is dependent on completion of the header file generation, and this test case with the "sleep 30" now confirms it is functioning as expected. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: fix parallel compile errorPaul Gortmaker1-1/+1
Selinux has an autogenerated file, "flask.h" which is included by two other selinux files. The current makefile has a single dependency on the first object file in the selinux-y list, assuming that will get flask.h generated before anyone looks for it, but that assumption breaks down in a "make -jN" situation and you get: selinux/selinuxfs.c:35: fatal error: flask.h: No such file or directory compilation terminated. remake[9]: *** [security/selinux/selinuxfs.o] Error 1 Since flask.h is included by security.h which in turn is included nearly everywhere, make the dependency apply to all of the selinux-y list of objs. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21selinux: fast status update interface (/selinux/status)KaiGai Kohei5-1/+210
This patch provides a new /selinux/status entry which allows applications read-only mmap(2). This region reflects selinux_kernel_status structure in kernel space. struct selinux_kernel_status { u32 length; /* length of this structure */ u32 sequence; /* sequence number of seqlock logic */ u32 enforcing; /* current setting of enforcing mode */ u32 policyload; /* times of policy reloaded */ u32 deny_unknown; /* current setting of deny_unknown */ }; When userspace object manager caches access control decisions provided by SELinux, it needs to invalidate the cache on policy reload and setenforce to keep consistency. However, the applications need to check the kernel state for each accesses on userspace avc, or launch a background worker process. In heuristic, frequency of invalidation is much less than frequency of making access control decision, so it is annoying to invoke a system call to check we don't need to invalidate the userspace cache. If we can use a background worker thread, it allows to receive invalidation messages from the kernel. But it requires us an invasive coding toward the base application in some cases; E.g, when we provide a feature performing with SELinux as a plugin module, it is unwelcome manner to launch its own worker thread from the module. If we could map /selinux/status to process memory space, application can know updates of selinux status; policy reload or setenforce. A typical application checks selinux_kernel_status::sequence when it tries to reference userspace avc. If it was changed from the last time when it checked userspace avc, it means something was updated in the kernel space. Then, the application can reset userspace avc or update current enforcing mode, without any system call invocations. This sequence number is updated according to the seqlock logic, so we need to wait for a while if it is odd number. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eric Paris <eparis@redhat.com> -- security/selinux/include/security.h | 21 ++++++ security/selinux/selinuxfs.c | 56 +++++++++++++++ security/selinux/ss/Makefile | 2 +- security/selinux/ss/services.c | 3 + security/selinux/ss/status.c | 129 +++++++++++++++++++++++++++++++++++ 5 files changed, 210 insertions(+), 1 deletions(-) Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21.gitignore: ignore apparmor/rlim_names.hYong Zhang1-0/+1
Signed-off-by: Yong Zhang <yong.zhang0@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>