Hello,
According to my understanding there is an off-by-one bug in the
function:
audit_string_contains_control()
in:
kernel/audit.c
Patch is included.
I do not know from how many places the function is called from, but for
example, SELinux Access Vector Cache tries to log untrusted filenames via
call path:
avc_audit()
audit_log_untrustedstring()
audit_log_n_untrustedstring()
audit_string_contains_control()
If audit_string_contains_control() detects control characters, then the
string is hex-encoded. But the hex=0x7f dec=127, DEL-character, is not
detected.
I guess this could have at least some minor security implications, since a
user can create a filename with 0x7f in it, causing logged filename to
possibly look different when someone reads it on the terminal.
Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Makes the kernel audit subsystem collect information about the sending
process when that process sends SIGUSR2 to the userspace audit daemon.
SIGUSR2 is a new interesting signal to auditd telling auditd that it
should try to start logging to disk again and the error condition which
caused it to stop logging to disk (usually out of space) has been
rectified.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
proc doesn't use "associate pointer with id" feature of IDR, so switch
to IDA.
NOTE, NOTE, NOTE:
Do not apply if release_inode_number() still mantions MAX_ID_MASK!
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Id which proc gets from IDR for inode number and id which proc removes
from IDR do not match. E.g. 0x11a transforms into 0x8000011a.
Which stayed unnoticed for a long time because, surprise, idr_remove()
masks out that high bit before doing anything.
All of this due to "| ~MAX_ID_MASK" in release_inode_number().
I still don't understand how it's supposed to work, because "| ~MASK"
is not an inversion for "& MAX" operation.
So, use just one nice, working addition. Make start offset unsigned int,
while I'm at it. It's longness is not used anywhere.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* new helper: vfs_quota_on_path(); equivalent of vfs_quota_on() sans the
pathname resolution.
* callers of vfs_quota_on() that do their own pathname resolution and
checks based on it are switched to vfs_quota_on_path(); that way we
avoid the races.
* reiserfs leaked dentry/vfsmount references on several failure exits.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
New primitive: alloc_fd(start, flags). get_unused_fd() and
get_unused_fd_flags() become wrappers on top of it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
for July 17: early crash on x86-64)
SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The planned move of include/asm-s390 to arch/s390/include/asm
requires that all includes for asm headers use include/asm and
not include/asm-s390.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Since git commit 3da1c84c00
"workqueues: make get_online_cpus() useable for work->func()"
it is safe to call get_online_cpus() from workqueue context.
So remove the kthread workaround again.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Fix these two false positive warnings:
WARNING: vmlinux.o(.text+0x2e1cc4): Section mismatch in reference from the function s390_virtio_console_init() to the function .init.text:early_put_chars()
The function s390_virtio_console_init() references
the function __init early_put_chars().
This is often because s390_virtio_console_init lacks a __init
annotation or the annotation of early_put_chars is wrong.
WARNING: vmlinux.o(.text+0x2e1cd0): Section mismatch in reference from the function s390_virtio_console_init() to the function .init.text:virtio_cons_early_init()
The function s390_virtio_console_init() references
the function __init virtio_cons_early_init().
This is often because s390_virtio_console_init lacks a __init
annotation or the annotation of virtio_cons_early_init is wrong.
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
schid.h needs string.h for memset and memcmp.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Fix the two section mismatch warnings below.
This fixes two real bugs since the code which has __exit annotations
may already be gone when it is called.
WARNING: vmlinux.o(.init.text+0x1cc4a): Section mismatch in reference from the function init_QDIO() to the function .exit.text:qdio_setup_exit()
The function __init init_QDIO() references
a function __exit qdio_setup_exit().
This is often seen when error handling in the init function
uses functionality in the exit path.
The fix is often to remove the __exit annotation of
qdio_setup_exit() so it may be used outside an exit section.
WARNING: vmlinux.o(.init.text+0x1cc7a): Section mismatch in reference from the function init_QDIO() to the function .exit.text:qdio_remove_perf_stats()
The function __init init_QDIO() references
a function __exit qdio_remove_perf_stats().
This is often seen when error handling in the init function
uses functionality in the exit path.
The fix is often to remove the __exit annotation of
qdio_remove_perf_stats() so it may be used outside an exit section.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Fix these two (false positive) warnings by adding an __init annoation:
WARNING: vmlinux.o(.text+0x7e6a): Section mismatch in reference from the function stp_reset() to the function .init.text:__alloc_bootmem()
The function stp_reset() references
the function __init __alloc_bootmem().
This is often because stp_reset lacks a __init
annotation or the annotation of __alloc_bootmem is wrong.
WARNING: vmlinux.o(.text+0x7ece): Section mismatch in reference from the function stp_reset() to the function .init.text:free_bootmem()
The function stp_reset() references
the function __init free_bootmem().
This is often because stp_reset lacks a __init
annotation or the annotation of free_bootmem is wrong.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The result of the diag 0x260 call is not always what one would expect.
So just remove it.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
kzalloc does not guarantee the required alignment of qdr to page size,
use get_zeroed_page instead.
Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Memory allocation for the quite huge idset changed from
kzalloc to vmalloc.
Signed-off-by: Michael Ernst <mernst@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
For hiper socket devices this patch will economize the reallocation
of the tx skb data segment by allocating separate memory for the qdio
transport information (qeth header).
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
For anonymous pages without a swap cache backing the check in
page_remove_rmap for the physical dirty bit in page_remove_rmap is
unnecessary. The instructions that are used to check and reset the dirty
bit are expensive. Removing the check noticably speeds up process exit.
In addition the clearing of the dirty bit in __SetPageUptodate is
pointless as well. With these two changes there is no storage key
operation for an anonymous page anymore if it does not hit the swap
space.
The micro benchmark which repeatedly executes an empty shell script
gets about 5% faster.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
sclp_sync_wait wait synchronously for an sclp interrupt and disables
timer interrupts. However on the irq enter paths there is an extra
check if a timer interrupt would be due and calls the timer callback.
This would schedule softirqs in the wrong context.
So introduce local_tick_enable/disable which prevents this.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
During startup we check if diag308 works using diag 308 subcode 6,
which stores the actual ipl information. This fails with rc = 0x102, if
the system has been ipled from the HMC using load from CD or load from file.
In the case of rc = 0x102 we have to assume that diag 308 is working,
since it still can be used to ipl from an alternative device.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When z/VM provides two virtual devices (minidisks) that reside on the
same real device, both will receive the configuration data from the
real device and thus get the same uid. To fix this problem, z/VM
provides an additional configuration data record that allows to
distinguish between minidisks.
z/VM APAR VM64273 needs be installed so this fix has an effect.
Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
drivers/mtd/nand/nandsim.c: In function 'divide':
drivers/mtd/nand/nandsim.c:462: error: implicit declaration of function 'do_div'
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
The command "info threads" did not work correctly with kgdb. It would
result in a silent kernel hang if used.
This patach addresses several problems.
- Fix use of deprecated NR_CPUS
- Fix kgdb to not walk linearly through the pid space
- Correctly implement shadow pids
- Change the threads per query to a #define
- Fix kgdb_hex2long to work with negated values
The threads 0 and -1 are reserved to represent the current task. That
means that CPU 0 will start with a shadow thread id of -2, and CPU 1
will have a shadow thread id of -3, etc...
From the debugger you can switch to a shadow thread to see what one of
the other cpus was doing, however it is not possible to execute run
control operations on any other cpu execept the cpu executing the
kgdb_handle_exception().
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
A regression to the kgdb core was found in the case of using the
CONFIG_DEBUG_RODATA kernel option. When this option is on, a breakpoint
cannot be written into any readonly memory page. When an external
debugger requests a breakpoint to get set, the
kgdb_validate_break_address() was only checking to see if the address
to place the breakpoint was readable and lacked a write check.
This patch changes the validate routine to try reading (via the
breakpoint set request) and also to try immediately writing the break
point. If either fails, an error is correctly returned and the
debugger behaves correctly. Then an end user can make the
descision to use hardware breakpoints.
Also update the documentation to reflect that using
CONFIG_DEBUG_RODATA will inhibit the use of software breakpoints.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
There is no technical reason that the kgdb core requires frame
pointers. It is up to the end user of KGDB to decide if they need
them or not.
[ anemo@mba.ocn.ne.jp: removed frame pointers on mips ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
We can't use vmalloc for the buffer we use for writing summaries,
because some drivers may want to DMA from it. So limit the size to 64KiB
and use kmalloc for it instead.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Structs called at91_nand_data where renamed to atmel_nand_data
and configs called *MTD_NAND_AT91* where renamed to
*MTD_NAND_ATMEL*. This was unfortunately not done consistently,
causing NAND chips not being initialised on several ARM boards.
I am aware that the author of the original change did not rename
MTD_NAND_AT91_BUSWIDTH to MTD_NAND_ATMEL_BUSWIDTH, for example.
All *MTD_NAND_AT91* where renamed to *MTD_NAND_ATMEL* in order
to keep naming consistency.
This patch was only tested on a MACH_SAM9_L9260, as this is the
only ARM board I have to my disposal.
Before this patch:
$ git-ls-files |xargs grep atmel_nand |wc -l
105
$ git-ls-files |xargs grep at91_nand |wc -l
4
$ git-ls-files |xargs grep MTD_NAND_ATMEL |wc -l
8
$ git-ls-files |xargs grep MTD_NAND_AT91 |wc -l
47
After this patch:
$ git-ls-files |xargs grep atmel_nand |wc -l
109
$ git-ls-files |xargs grep at91_nand |wc -l
0
$ git-ls-files |xargs grep MTD_NAND_ATMEL |wc -l
55
$ git-ls-files |xargs grep MTD_NAND_AT91 |wc -l
0
Signed-off-by: Pieter du Preez <pdupreez@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reported by Stefanos Harhalakis; although 2.6.27-rc1 talks to itself using IPv6
TCP MD5 packets just fine, Stefanos noted that tcpdump claimed that the
signatures were invalid.
I broke this in 49a72dfb88 ("tcp: Fix MD5
signatures for non-linear skbs"), it was just a typo.
Note that tcpdump will still sometimes claim that the signatures are incorrect.
A patch to tcpdump has been submitted for this[1].
[1] http://tinyurl.com/6a4fl2
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add missing kernel-doc notation to sk_buff:
Warning(linux-2.6.27-rc1-git2//include/linux/skbuff.h:345): No description found for parameter 'do_not_encrypt'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
fix:
net/ipv4/route.c: In function 'ip_static_sysctl_init':
net/ipv4/route.c:3225: error: 'ipv4_route_path' undeclared (first use in this function)
net/ipv4/route.c:3225: error: (Each undeclared identifier is reported only once
net/ipv4/route.c:3225: error: for each function it appears in.)
net/ipv4/route.c:3225: error: 'ipv4_route_table' undeclared (first use in this function)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>