Commit Graph

26541 Commits

Author SHA1 Message Date
Paolo 'Blaisorblade' Giarrusso
275e6e1ee2 [PATCH] uml: fix compilation and execution with hardened GCC
To make some half-assembly stubs compile, disable various "hardened" GCC
features:

*) we can't make it build PIC code as we need %ebx to do syscalls and GCC
   wants it free for PIC

*) we can't leave stack protection as the stub is moved (not relocated!) in
   memory so the RIP-relative access to the canary tries reading from an
   unmapped address and causes a segfault, since we move the stub of various
   megabytes (the exact amount will be decided at runtime) away from the
   link-time address.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:45 -07:00
Paolo 'Blaisorblade' Giarrusso
cb8aa3d29b [PATCH] uml: use Kbuild tracking for all files and fix compilation output
Move the build of user-offsets to arch/um/sys-$(SUBARCH), where it's located.
So we can also build it via Kbuild with its dependency tracking rather than by
hand.  While hacking here, fix also a lot of little cosmetic things.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:45 -07:00
Mattia Dongili
cb98cdcd0d [PATCH] uml: search from uml_net in a more reasonable PATH
Append /usr/lib/uml to the existing PATH environment variable to let execvp()
search uml_net in FHS compliant locations.

Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:45 -07:00
Paolo 'Blaisorblade' Giarrusso
b15fb6b157 [PATCH] uml: fix patch mismerge
I sent a patch, it was applied as cda402b283,
then it was applied again as 181ae4005d by
mistake.  But while the 1st time it modified (correctly) cow_header_v3, the
2nd it modified cow_header_v3_broken.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:44 -07:00
Jeff Dike
2ace87b950 [PATCH] uml: error handling fixes
Blairsorblade noticed some confusion between our use of a system
call's return value and errno.  This patch fixes a number of related
bugs -
	using errno instead of a return value
	using a return value instead of errno
	forgetting to negate a error return to get a positive error code

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:44 -07:00
Jeff Dike
347b3dc2fa [PATCH] uml: update defconfig
Bring defconfig up to date.

Also disable CONFIG_BLK_DEV_UBD_SYNC by default.  By performing synchronous
I/O to the host, it slows things down, only protects against host crashes, and
can make a UML appear to hang while it waits for the host's disk.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:44 -07:00
Jeff Dike
e3104f50d8 [PATCH] uml: clean up after MADVISE_REMOVE
The MADVISE_REMOVE-checking code didn't clean up after itself.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:44 -07:00
Jesper Juhl
191ef966ac [PATCH] uml: remove NULL checks and add some CodingStyle
Remove redundant NULL checks before [kv]free + small CodingStyle cleanup for
arch/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:44 -07:00
Joris van Rantwijk
893bb96a29 [PATCH] uml: skas0 support for 2G/2G hosts
A quick hack to allow skas0 mode to run on 2G/2G hosts.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Victor V. Vengerov
c39e50b4ba [PATCH] uml: fix iomem list traversal
We need to walk the region list properly.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Andrew Morton
f3a19cb45f [PATCH] silence initcall warnings
Suppress the initcall-return-value warnings unless initcall_debug was
specified.

They do find bugs, but they're extremely small ones and as Andi points out,
people get distressed.

Cc: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Andi Kleen
42e4c8585f [PATCH] i386: Remove apic= warning
The apic= option can be used to set the APIC driver too.  When that is done
this code would always produce bogus warnings.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Andi Kleen
5871aa6d5a [PATCH] i386: Fix overflow in e820_all_mapped
The 32bit version of e820_all_mapped() needs to use u64 to avoid overflows on
PAE systems.  Pointed out by Jan Beulich

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Andi Kleen
32828546b3 [PATCH] i386/x86-64: Fix ACPI disabled LAPIC handling mismerge
The patch I submitted earlier to fix disabled LAPIC handling in ACPI was
mismerged for some reason I still don't quite understand.  Parts of it was
applied to the wrong function.

This patch fixes it up.

Cc: <len.brown@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
Andi Kleen
d261020229 [PATCH] x86_64: Add compat_sys_vmsplice and use it in x86-64
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:43 -07:00
NeilBrown
5e7dd2ab6b [PATCH] md: Fix 'rdev->nr_pending' count when retrying barrier requests
When retrying a failed BIO_RW_BARRIER request, we need to keep the reference
in ->nr_pending over the whole retry.  Currently, we only hold the reference
if the failed request is the *last* one to finish - which is silly, because it
would normally be the first to finish.

So move the rdev_dec_pending call up into the didn't-fail branch.  As the rdev
isn't used in the later code, calling rdev_dec_pending earlier doesn't hurt.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
NeilBrown
62de608da0 [PATCH] md: Improve detection of lack of barrier support in raid1
Move the test for 'do barrier work' down a bit so that if the first write to a
raid1 is a BIO_RW_BARRIER write, the checking done by superblock writes will
cause the right thing to happen.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
NeilBrown
bea2771871 [PATCH] md: Change ENOTSUPP to EOPNOTSUPP
Because that is what you get if a BIO_RW_BARRIER isn't supported!

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
NeilBrown
e0a33270ed [PATCH] md: Fixed refcounting/locking when attempting read error correction in raid10
We need to hold a reference to rdevs while reading and writing to attempt to
correct read errors.  This reference must be taken under an rcu lock.

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
NeilBrown
df30d0f4ca [PATCH] md: Avoid oops when attempting to fix read errors on raid10
We should add to the counter for the rdev *after* checking if the rdev is
NULL!!!

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
Bastian Blank
235acec78e [PATCH] s390: make qeth buildable
Signed-off-by: Bastian Blank <bastian@waldi.eu.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Jeff Garzik <jeff@garzik.org>
Acked-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01 18:17:42 -07:00
Bryan O'Sullivan
f6f0413e10 IB/ipath: tidy up white space in a few files
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:23 -07:00
Bryan O'Sullivan
d562a5ae69 IB/ipath: fix label name in interrupt handler
Names that are the opposite of their intended meanings are not so helpful.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:22 -07:00
Bryan O'Sullivan
ae15f540cc IB/ipath: improve sparse annotation
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:21 -07:00
Bryan O'Sullivan
9b2017f1e1 IB/ipath: simplify IB timer usage
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:21 -07:00
Bryan O'Sullivan
76f0dd141b IB/ipath: simplify RC send posting
Remove some unnecessarily complicated tests.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:20 -07:00
Bryan O'Sullivan
c71c30dcba IB/ipath: prevent hardware from being accessed during reset
The reset code now turns off the PRESENT flag during a reset, so that
other code won't attempt to access a device that's in mid-reset.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:16 -07:00
Bryan O'Sullivan
fccea66364 IB/ipath: fix verbs registration
Remember when the verbs layer unregisters from the lower-level code.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:15 -07:00
Bryan O'Sullivan
52e7fad825 IB/ipath: change handling of PIO buffers
Different ipath hardware types have different numbers of buffers
available, so we decide on the counts ourselves unless we are specifically
overridden with a module parameter.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:14 -07:00
Bryan O'Sullivan
23e86a4584 IB/ipath: iterate over correct number of ports during reset
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:13 -07:00
Bryan O'Sullivan
68dd43a162 IB/ipath: set up 32-bit DMA mask if 64-bit setup fails
Some systems do not set up 64-bit maps on systems with 2GB or less of
memory installed, so we have to fall back to trying a 32-bit setup.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:12 -07:00
Bryan O'Sullivan
755e4ca4a9 IB/ipath: fix race with exposing reset file
We were accidentally exposing the "reset" sysfs file more than once
per device.

Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 12:14:11 -07:00
Jens Axboe
7afa6fd037 [PATCH] vmsplice: allow user to pass in gift pages
If SPLICE_F_GIFT is set, the user is basically giving this pages away to
the kernel. That means we can steal them for eg page cache uses instead
of copying it.

The data must be properly page aligned and also a multiple of the page size
in length.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 20:02:33 +02:00
Jens Axboe
f6762b7ad8 [PATCH] pipe: enable atomic copying of pipe data to/from user space
The pipe ->map() method uses kmap() to virtually map the pages, which
is both slow and has known scalability issues on SMP. This patch enables
atomic copying of pipe pages, by pre-faulting data and using kmap_atomic()
instead.

lmbench bw_pipe and lat_pipe measurements agree this is a Good Thing. Here
are results from that on a UP machine with highmem (1.5GiB of RAM), running
first a UP kernel, SMP kernel, and SMP kernel patched.

Vanilla-UP:
Pipe bandwidth: 1622.28 MB/sec
Pipe bandwidth: 1610.59 MB/sec
Pipe bandwidth: 1608.30 MB/sec
Pipe latency: 7.3275 microseconds
Pipe latency: 7.2995 microseconds
Pipe latency: 7.3097 microseconds

Vanilla-SMP:
Pipe bandwidth: 1382.19 MB/sec
Pipe bandwidth: 1317.27 MB/sec
Pipe bandwidth: 1355.61 MB/sec
Pipe latency: 9.6402 microseconds
Pipe latency: 9.6696 microseconds
Pipe latency: 9.6153 microseconds

Patched-SMP:
Pipe bandwidth: 1578.70 MB/sec
Pipe bandwidth: 1579.95 MB/sec
Pipe bandwidth: 1578.63 MB/sec
Pipe latency: 9.1654 microseconds
Pipe latency: 9.2266 microseconds
Pipe latency: 9.1527 microseconds

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 20:02:05 +02:00
Jens Axboe
e27dedd84c [PATCH] splice: call handle_ra_miss() on failure to lookup page
Notify the readahead logic of the missing page. Suggested by
Oleg Nesterov.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 19:59:54 +02:00
Jens Axboe
7f9c51f0d9 [PATCH] Add ->splice_read/splice_write to def_blk_fops
It can use the generic handlers.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 19:59:32 +02:00
Jens Axboe
f84d751994 [PATCH] pipe: introduce ->pin() buffer operation
The ->map() function is really expensive on highmem machines right now,
since it has to use the slower kmap() instead of kmap_atomic(). Splice
rarely needs to access the virtual address of a page, so it's a waste
of time doing it.

Introduce ->pin() to take over the responsibility of making sure the
page data is valid. ->map() is then reduced to just kmap(). That way we
can also share a most of the pipe buffer ops between pipe.c and splice.c

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 19:59:03 +02:00
Jens Axboe
0568b409c7 [PATCH] splice: fix bugs in pipe_to_file()
Found by Oleg Nesterov <oleg@tv-sign.ru>, fixed by me.

- Only allow full pages to go to the page cache.
- Check page != buf->page instead of using PIPE_BUF_FLAG_STOLEN.
- Remember to clear 'stolen' if add_to_page_cache() fails.

And as a cleanup on that:

- Make the bottom fall-through logic a little less convoluted. Also make
  the steal path hold an extra reference to the page, so we don't have
  to differentiate between stolen and non-stolen at the end.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01 19:50:48 +02:00
Roland Dreier
254abfd33a IB/mthca: Fix offset in query_gid method
GuidInfo records have 8 byte GUIDs in them, so an index should be
multiplied by 8 to get an offset.  mthca_query_gid() was incorrectly
multiplying by 16.

Noticed by Leonid Keller <leonid@mellanox.co.il>.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-01 10:40:23 -07:00
Linus Torvalds
1f4a90670b Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [TG3]: Update version and reldate
  [TG3]: Fix bug in nvram write
  [TG3]: Add reset_phy parameter to chip reset functions
  [TG3]: Reset chip when changing MAC address
  [TG3]: Add phy workaround
  [TG3]: Call netif_carrier_off() during phy reset
  [IPV6]: Fix race in route selection.
  [XFRM]: fix incorrect xfrm_policy_afinfo_lock use
  [XFRM]: fix incorrect xfrm_state_afinfo_lock use
  [TCP]: Fix unlikely usage in tcp_transmit_skb()
  [XFRM]: fix softirq-unsafe xfrm typemap->lock use
  [IPSEC]: Fix IP ID selection
  [NET]: use hlist_unhashed()
  [IPV4]: inet_init() -> fs_initcall
  [NETLINK]: cleanup unused macro in net/netlink/af_netlink.c
  [PKT_SCHED] netem: fix loss
  [X25]: fix for spinlock recurse and spinlock lockup with timer handler
2006-05-01 08:14:03 -07:00
Linus Torvalds
0d262424b0 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Disable preemption during flush_tlb_pending().
  [SPARC64]: Kill __flush_tlb_page() prototype.
2006-05-01 08:12:39 -07:00
Linus Torvalds
9f29333dae Merge git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: make EVIOCGSND return meaningful data
  Input: ressurect EVIOCGREP and EVIOCSREP
  Input: psmouse - fix new device detection logic
  Input: move input_device_id to mod_devicetable.h
  Input: allow using several chords for braille
  Input: allow passing NULL to input_free_device()
  Input: spitzkbd - fix the reversed Address and Calender keys
  Input: ads7846 - improve filtering for thumb press accuracy
  Input: ads7846 - report 0 pressure value along with pen up event
  Input: ads7846 - handle IRQs that were latched during disabled IRQs
  Input: ads7846 - miscellaneous fixes
  Input: ads7846 - use msleep() instead of udelay() in suspend
  Input: ads7846 - debouncing and rudimentary sample filtering
  Input: ads7846 - power down ADC a bit later
  Input: ads7846 - add pen_down sysfs attribute
  Input: wistron - add support for Fujitsu N3510
  Input: wistron - add signature for Amilo M7400
2006-05-01 07:48:38 -07:00
Linus Torvalds
494b9aea6d Merge git://git.kernel.org/pub/scm/linux/kernel/git/perex/alsa
* git://git.kernel.org/pub/scm/linux/kernel/git/perex/alsa: (22 commits)
  [ALSA] via82xx - Use DXS_SRC as default for VIA8235/8237/8251 chips
  [ALSA] hda-codec - Add model entry for ASUS Z62F
  [ALSA] PCMCIA sound devices shouldn't depend on ISA
  [ALSA] hda-codec - Fix capture from line-in on VAIO SZ/FE laptops
  [ALSA] Fix Oops at rmmod with CONFIG_SND_VERBOSE_PROCFS=n
  [ALSA] PCM core - introduce CONFIG_SND_PCM_XRUN_DEBUG
  [ALSA] adding __devinitdata to pci_device_id
  [ALSA] add __devinitdata to all pci_device_id
  [ALSA] hda-codec - Add codec id for AD1988B codec chip
  [ALSA] hda-codec - Add model entry for ASUS M9 laptop
  [ALSA] pcxhr - Fix a compiler warning on 64bit architectures
  [ALSA] via82xx: tweak VT8251 workaround
  [ALSA] intel8x0 - Disable ALI5455 SPDIF-input
  [ALSA] via82xx: add support for VIA VT8251 (AC'97)
  [ALSA] Fix typos and add information about Jack support to Audiophile-Usb.txt
  [ALSA] Fix double free in error path of miro driver
  [ALSA] hda-codec - Add entry for Epox EP-5LDA+ GLi
  [ALSA] sound/pci/: remove duplicate #include's
  [ALSA] hda-codec - Use model 'hp' for all HP laptops with AD1981HD
  [ALSA] continue on IS_ERR from platform device registration
  ...
2006-05-01 07:46:46 -07:00
Steve Grubb
2ad312d209 [PATCH] Audit Filter Performance
While testing the watch performance, I noticed that selinux_task_ctxid()
was creeping into the results more than it should. Investigation showed
that the function call was being called whether it was needed or not. The
below patch fixes this.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:10:07 -04:00
Steve Grubb
073115d6b2 [PATCH] Rework of IPC auditing
1) The audit_ipc_perms() function has been split into two different
functions:
        - audit_ipc_obj()
        - audit_ipc_set_perm()

There's a key shift here...  The audit_ipc_obj() collects the uid, gid,
mode, and SElinux context label of the current ipc object.  This
audit_ipc_obj() hook is now found in several places.  Most notably, it
is hooked in ipcperms(), which is called in various places around the
ipc code permforming a MAC check.  Additionally there are several places
where *checkid() is used to validate that an operation is being
performed on a valid object while not necessarily having a nearby
ipcperms() call.  In these locations, audit_ipc_obj() is called to
ensure that the information is captured by the audit system.

The audit_set_new_perm() function is called any time the permissions on
the ipc object changes.  In this case, the NEW permissions are recorded
(and note that an audit_ipc_obj() call exists just a few lines before
each instance).

2) Support for an AUDIT_IPC_SET_PERM audit message type.  This allows
for separate auxiliary audit records for normal operations on an IPC
object and permissions changes.  Note that the same struct
audit_aux_data_ipcctl is used and populated, however there are separate
audit_log_format statements based on the type of the message.  Finally,
the AUDIT_IPC block of code in audit_free_aux() was extended to handle
aux messages of this new type.  No more mem leaks I hope ;-)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:10:04 -04:00
Steve Grubb
ce29b682e2 [PATCH] More user space subject labels
Hi,

The patch below builds upon the patch sent earlier and adds subject label to
all audit events generated via the netlink interface. It also cleans up a few
other minor things.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:10:01 -04:00
Steve Grubb
e7c3497013 [PATCH] Reworked patch for labels on user space messages
The below patch should be applied after the inode and ipc sid patches.
This patch is a reworking of Tim's patch that has been updated to match
the inode and ipc patches since its similar.

[updated:
>  Stephen Smalley also wanted to change a variable from isec to tsec in the
>  user sid patch.                                                              ]

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:09:58 -04:00
Steve Grubb
9c7aa6aa74 [PATCH] change lspp ipc auditing
Hi,

The patch below converts IPC auditing to collect sid's and convert to context
string only if it needs to output an audit record. This patch depends on the
inode audit change patch already being applied.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:09:56 -04:00
Steve Grubb
1b50eed9ca [PATCH] audit inode patch
Previously, we were gathering the context instead of the sid. Now in this patch,
we gather just the sid and convert to context only if an audit event is being
output.

This patch brings the performance hit from 146% down to 23%

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:09:53 -04:00
Darrel Goeddel
3dc7e3153e [PATCH] support for context based audit filtering, part 2
This patch provides the ability to filter audit messages based on the
elements of the process' SELinux context (user, role, type, mls sensitivity,
and mls clearance).  It uses the new interfaces from selinux to opaquely
store information related to the selinux context and to filter based on that
information.  It also uses the callback mechanism provided by selinux to
refresh the information when a new policy is loaded.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-05-01 06:09:36 -04:00