This is a new object class and permission validation scheme that validates
against the defined kernel headers. This scheme allows extra classes
and permissions that do not conflict with the kernel definitions to be
added to the policy. This validation is now done for all policy loads,
not just subsequent loads after the first policy load.
The implementation walks the three structrures containing the defined
object class and permission values and ensures their values are the
same in the policy being loaded. This includes verifying the object
classes themselves, the permissions they contain, and the permissions
they inherit from commons. Classes or permissions that are present in the
kernel but missing from the policy cause a warning (printed to KERN_INFO)
to be printed, but do not stop the policy from loading, emulating current
behavior. Any other inconsistencies cause the load to fail.
Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Makes the key argument passed into hashtab_search and all the functions
it calls constant. These functions include hash table function pointers
hash_value and keycmp. The only implementations of these currently
are symhash and symcmp, which do not modify the key. The key parameter
should never be changed by any of these, so it should be const. This
is necessary to allow calling these functions with keys found in kernel
object class and permission definitions.
Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Moves the definition of the 3 structs containing object class and
permission definitions from avc.c to avc_ss.h so that the security
server can access them for validation on policy load. This also adds
a new struct type, defined_classes_perms_t, suitable for allowing the
security server to access these data structures from the avc.
Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Removes the current SELinux object class and permission validation code,
as the current code makes it impossible to change or remove object classes
and permissions on a running system. Additionally, the current code does
not actually validate that the classes and permissions are correct, but
instead merely validates that they do not change between policy reloads.
Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
You wouldn't think that doing an ALIGN() macro that aligns something up
to a power-of-two boundary would be likely to have bugs, would you?
But hey, in the wonderful world of mixing integer types, you have to be
careful. This just makes sure that the alignment is interpreted in the
same type as the thing to be aligned.
Thanks to Roland Dreier, who noticed that the amso1100 driver got broken
by the previous fix (that just extended the mask to "unsigned long", but
was still broken in "unsigned long long" - it just happened to be the
same on 64-bit architectures).
See commit 4c8bd7eeee for the history of
bugs here...
Acked-by: Roland Dreier <rdreier@cisco.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: David Miller <davem@davemloft.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I still think using BUILD_BUG_ON() is unacceptable, especially given how
vague the error message was.
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
[ And I already removed gthe BUILD_BUG_ON() in the previous commit ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This reverts commit ee3ce191e8, since it
broke on at least ARM, MIPS and PA-RISC due to complicated header file
dependencies.
Conflicts in include/linux/spinlock.h (due to the "nested" variety
fixes) fixed up by hand.
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Kyle McMartin <kyle@parisc-linux.org>
Cc: Russell King <rmk+lkml@arm.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
[NET]: Re-fix of doc-comment in sock.h
[6PACK]: Masking bug in 6pack driver.
[NET]: Fix kfifo_alloc() error check.
[UDP]: Make udp_encap_rcv use pskb_may_pull
[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT
The tda10086 causes an oops (divide by zero) if a zero symbol rate is used;
this prevents this.
Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
The old code would accept any device on the same i2c address as the
saa711x chips as an saa711x. However, this fails with saa717x chips,
which use that same address and so are misdetected as a saa7111. Now
check whether the chip is really a saa711x model.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Sparse noticed a lock imbalance in read_from_buf(). Further inspection shows
that the lock should not be held when the function exits.
This adds a spin_unlock_irqrestore(), so that every exit path of the
read_from_buf() function is consistent. The unlock was missing on an error
path.
Signed-off-by: Ira W. Snyder <devel@irasnyder.com>
Signed-off-by: Hans J. Koch <koch@hjk-az.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
New module parameter diseqc_method for cards with subsystem-id 13c2:1003.
- 0: unreliable method, can be used by all board revisions (default)
- 1: reliable method, works for newer board layouts only
The parameter has no effect for cards with other subsystem-ids.
Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Fixes to DISEQC on these cards inadvertently broke normal tone/voltage
signalling. This restores the necessary function.
Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
When application uses XFRM_MSG_GETSA to get state entry through
netlink socket and kernel has no matching one, the application expects
reply message with error status by kernel.
Kernel doesn't send the message back in the case of Mobile IPv6 route
optimization protocols (i.e. routing header or destination options
header). This is caused by incorrect return code "0" from
net/xfrm/xfrm_user.c(xfrm_user_state_lookup) and it makes kernel skip
to acknowledge at net/netlink/af_netlink.c(netlink_rcv_skb).
This patch fix to reply ESRCH to application.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: TAKAMIYA Noriaki <takamiya@po.ntts.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Restoring old, correct comment for sk_filter_release, moving it to
where it should actually be, and changing new comment into proper
comment for sk_filter_rcu_free, where it actually makes sense.
The original fix submitted for this on Oct 23 mistakenly documented
the wrong function.
Signed-off-by: Paul Bonser <misterpib@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Looks like a broken masking to me, binary not is used where bitwise
not was intended.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The return value of kfifo_alloc() should be checked by IS_ERR().
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make udp_encap_rcv use pskb_may_pull
IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset,
when header split is enabled. When receiving sufficiently large packets, the
driver puts everything up to and including the UDP header into the header
portion of the skb, and the rest goes into the paged part. udp_encap_rcv
forgets to use pskb_may_pull, and fails to decapsulate it. Instead, it
passes it up it to the IKE daemon.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
H.323 connection tracking code calls ip_ct_refresh_acct() when
processing RCFs and URQs but passes NULL as the skb.
When CONFIG_IP_NF_CT_ACCT is enabled, the connection tracking core tries
to derefence the skb, which results in an obvious panic.
A similar fix was applied on the SIP connection tracking code some time
ago.
Signed-off-by: Faidon Liambotis <paravoid@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reimplement execvp for our purposes - after we call fork() it is fundamentally
unsafe to use the kernel allocator - current is not valid there. So we simply
pass to our modified execvp() a preallocated buffer. This fixes a real bug
and works very well in testing (I've seen indirectly warning messages from the
forked thread - they went on the pipe connected to its stdout and where read
as a number by UML, when calling read_output(). I verified the obtained
number corresponded to "BUG:").
The added use of __cant_sleep() is not a new bug since __cant_sleep() is
already used in the same function - passing an atomicity parameter would be
better but it would require huge change, stating that this function must not
be called in atomic context and can sleep is a better idea (will make sure of
this gradually).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This is a bug. When checking for ati_remote->outbuf we free freeing
ati_remote->inbuf so we end up freeing ati_remote->inbuf twice.
Also the checks for 'ati_remote->inbuf != NULL' and 'ati_remote->outbuf !=
NULL' are redundant as usb_buffer_free() does this.
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Make it break or warn if you pass to spin_lock_irqsave() and friends
something different from "unsigned long flags;". Suprisingly large amount
of these was caught by recent commit
c53421b18f and others.
Idea is largely from FRV typechecking. Suggestions from Andrew Morton.
All stupid typos in first version fixed.
Passes allmodconfig on i386, x86_64, alpha, arm as well as my usual config.
Note #1: checking with sparse is still needed, because a driver can save
and pass around flags or something. So far patch is very intrusive.
Note #2: techically, we should break only if
sizeof(flags) < sizeof(unsigned long),
however, the more pain for getting suspicious code into kernel,
the better.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The return value of platform_device_register_simple() should be checked by
IS_ERR().
This patch also fix misc_register() error case. Because misc_register()
returns error code.
Cc: Sebastien Bouchard <sebastien.bouchard@ca.kontron.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The return value of copy_process() should be checked by IS_ERR().
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch removes a module_exit function that sgiioc4 should not have had.
It seems that the IDE layer doesn't support submodule unloading. sgiioc4 was
the only driver in drivers/ide/pci that had an exit function. After an
unload, the devices would stay around and the next attempt to reference would
crash...
Signed-off-by: Jeremy Higdon <jeremy@sgi.com>
Acked-by: "Bartlomiej Zolnierkiewicz" <bzolnier@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
On Mon, 13 Nov 2006, Phil Oester wrote:
> In commit 350b5b7638, the default menuconfig
> color scheme was changed to bluetitle. This breaks the highlighting
> of the selected item for me with TERM=vt100. The only way I can see
> which item is selected is via:
>
> make MENUCONFIG_COLOR=mono menuconfig
>
> Which restores the pre-2.6.19 white on black highlighting.
Fix.
Cc: Phil Oester <kernel@linuxace.com>
Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fixes a segfault reported by Randy.
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
dev->devt_attr is allocated in device_add() but it is never freed in
device_del() in the drivers/base/core.c file (reported by kmemleak).
Signed-off-by: Catalin Marinas <catalin.marinas@gmail.com>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
One reiserfs_warning() call uses %lu, but doesn't supply what to print.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The correct order is: NULL check before dereference
This was a guaranteed NULL dereference with debugging enabled since
rs5c372_sysfs_show_osc() does actually pass NULL...
Spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I got a lockdep warning when running "rtctest" so I though it'd be good
to see what was up.
- The warning was for rtc->irq_task_lock, gotten from rtc_update_irq()
by irq handlerss ... but in a handful of other cases, grabbed without
blocking IRQs.
- Some callers to rtc_update_irq() were not ensuring IRQs were blocked,
yet the routine expects that; make sure all callers block IRQs.
It would appear that RTC API tests haven't been part of anyone's kernel
regression test suite recently, at least not with lockdep running.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The RTC framework has an irq_set_freq() method that should be used to manage
the periodic IRQ frequency, but the current ioctl logic doesn't know how to do
that. This patch teaches it how.
This means that drivers implementing irq_set_freq() will automatically support
RTC_IRQP_{READ,SET} ioctls; that logic doesn't need duplication within the
driver.
[akpm@osdl.org: export rtc_irq_set_freq]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This updates the RTC documentation to summarize the two APIs now available:
the old PC/AT one, and the new RTC class drivers. It also updates the
included "rtctest.c" file to better meet Linux style guidelines, and to work
with the new RTC drivers.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix bug in certain error paths of lookup routines. The request object was
reused for sending FORGET, which is illegal. This bug could cause an Oops
in 2.6.18. In earlier versions it might silently corrupt memory, but this
is very unlikely.
These error paths are never triggered by libfuse, so this wasn't noticed
even with the 2.6.18 kernel, only with a filesystem using the raw kernel
interface.
Thanks to Russ Cox for the bug report and test filesystem.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix bug 7401.
Handle more than one source dir or file list to the initramfs gen scripts.
The Kconfig help for INITRAMFS_SOURCE claims that you can specify multiple
space-separated sources in order to allow unprivileged users to build an
image. There are two bugs in the current implementation that prevent this
from working.
First, we pass "file1 dir2" to the gen_initramfs_list.sh script, which it
obviously can't open.
Second, gen_initramfs_list.sh -l outputs multiple definitions for
deps_initramfs -- one for each argument.
Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
Cc: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
find_min_pfn_for_node() and find_min_pfn_with_active_regions() both
depend on a sorted early_node_map[]. However, sort_node_map() is being
called after fin_min_pfn_with_active_regions() in
free_area_init_nodes().
In most cases, this is ok, but on at least one x86_64, the SRAT table
caused the E820 ranges to be registered out of order. This gave the
wrong values for the min PFN range resulting in some pages not being
initialised.
This patch sorts the early_node_map in find_min_pfn_for_node(). It has
been boot tested on x86, x86_64, ppc64 and ia64.
Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Acked-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
processor_perflib.c::acpi_processor_ppc_notifier() check if the value
returned by the processor's _PPC method is 0 and return failed if so.
This is wrong since 0 indicate that the bios think the processor can go
to the highest frequency. This patch for example fix the HP NX 6125 to
allow its highest frequency to be available.
Signed-off-by: Bruno Ducrot <ducrot@poupinou.org>
Cc: "Pallipadi, Venkatesh" <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 3941/1: [Jornada7xx] - Addition to MAINTAINERS
[ARM] 3942/1: ARM: comment: consistent_sync should not be called directly
[ARM] ebsa110: fix warnings generated by asm/arch/io.h
[ARM] 3933/1: Source drivers/ata/Kconfig
The Au1xx IDE controller driver doesn't compile:
CC drivers/ide/mips/au1xxx-ide.o
/linux-2.6.19-rc6-work/drivers/ide/mips/au1xxx-ide.c:480: error: conflicting types for 'auide_ddma_tx_callback'
include2/asm/mach-au1x00/au1xxx_ide.h:174: error: previous declaration of 'auide_ddma_tx_callback' was here
/linux-2.6.19-rc6-work/drivers/ide/mips/au1xxx-ide.c:486: error: conflicting types for 'auide_ddma_rx_callback'
include2/asm/mach-au1x00/au1xxx_ide.h:176: error: previous declaration of 'auide_ddma_rx_callback' was here
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Removing flush_icache_page a while ago broke SB1 which was using an empty
flush_data_cache_page function. This glues things well enough so a more
efficient but also more intrusive solution can be found later.
Signed-Off-By: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Not all graphic page remappers support physical addresses over the 4GB
mark for remapping, so while some do (the AMD64 GART always did, and I
just fixed the i965 to do so properly), we're safest off just forcing
GFP_DMA32 allocations to make sure graphics pages get allocated in the
low 32-bit address space by default.
AGP sub-drivers that really care, and can do better, could just choose
to implement their own allocator (or we could add another "64-bit safe"
default allocator for their use), but quite frankly, you're not likely
to care in practice.
So for now, this trivial change means that we won't be allocating pages
that we can't map correctly by mistake on x86-64.
[ On traditional 32-bit x86, this could never happen, because GFP_KERNEL
would never allocate any highmem memory anyway ]
Acked-by: Andi Kleen <ak@suse.de>
Acked-by: Dave Jones <davej@redhat.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Adding myself to the MAINTAINERS file.
Signed-off-by: Kristoffer Ericson <Kristoffer_e1@hotmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>