]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/log
mirror_ubuntu-eoan-kernel.git
14 years agoMerge branch 'core-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Thu, 21 Oct 2010 19:49:15 +0000 (12:49 -0700)]
Merge branch 'core-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'core-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86/amd-iommu: Update copyright headers
  x86/amd-iommu: Reenable AMD IOMMU if it's mysteriously vanished over suspend
  AGP: Warn when GATT memory cannot be set to UC
  x86, GART: Disable GART table walk probes
  x86, GART: Remove superfluous AMD64_GARTEN

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Thu, 21 Oct 2010 19:41:19 +0000 (12:41 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (26 commits)
  selinux: include vmalloc.h for vmalloc_user
  secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set
  selinux: implement mmap on /selinux/policy
  SELinux: allow userspace to read policy back out of the kernel
  SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE
  SELinux: deterministic ordering of range transition rules
  kernel: roundup should only reference arguments once
  kernel: rounddown helper function
  secmark: export secctx, drop secmark in procfs
  conntrack: export lsm context rather than internal secid via netlink
  security: secid_to_secctx returns len when data is NULL
  secmark: make secmark object handling generic
  secmark: do not return early if there was no error
  AppArmor: Ensure the size of the copy is < the buffer allocated to hold it
  TOMOYO: Print URL information before panic().
  security: remove unused parameter from security_task_setscheduler()
  tpm: change 'tpm_suspend_pcr' to be module parameter
  selinux: fix up style problem on /selinux/status
  selinux: change to new flag variable
  selinux: really fix dependency causing parallel compile failure.
  ...

14 years agoMerge branch 'virtio' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux...
Linus Torvalds [Thu, 21 Oct 2010 19:40:33 +0000 (12:40 -0700)]
Merge branch 'virtio' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus

* 'virtio' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
  virtio_blk: remove BKL leftovers
  virtio: console: Disable lseek(2) for port file operations
  virtio: console: Send SIGIO in case of port unplug
  virtio: console: Send SIGIO on new data arrival on ports
  virtio: console: Send SIGIO to processes that request it for host events
  virtio: console: Reference counting portdev structs is not needed
  virtio: console: Add reference counting for port struct
  virtio: console: Use cdev_alloc() instead of cdev_init()
  virtio: console: Add a find_port_by_devt() function
  virtio: console: Add a list of portdevs that are active
  virtio: console: open: Use a common path for error handling
  virtio: console: remove_port() should return void
  virtio: console: Make write() return -ENODEV on hot-unplug
  virtio: console: Make read() return -ENODEV on hot-unplug
  virtio: console: Unblock poll on port hot-unplug
  virtio: console: Un-block reads on chardev close
  virtio: console: Check if portdev is valid in send_control_msg()
  virtio: console: Remove control vq data only if using multiport support
  virtio: console: Reset vdev before removing device

14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw
Linus Torvalds [Thu, 21 Oct 2010 19:39:53 +0000 (12:39 -0700)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw

* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw: (22 commits)
  GFS2: fixed typo
  GFS2: Fix type mapping for demote_rq interface
  GFS2 fatal: filesystem consistency error on rename
  GFS2: Improve journal allocation via sysfs
  GFS2: Add "norecovery" mount option as a synonym for "spectator"
  GFS2: Fix spectator umount issue
  GFS2: Fix compiler warning from previous patch
  GFS2: reserve more blocks for transactions
  GFS2: Fix journal check for spectator mounts
  GFS2: Remove upgrade mount option
  GFS2: Remove localcaching mount option
  GFS2: Remove ignore_local_fs mount argument
  GFS2: Make . and .. qstrs constant
  GFS2: Use new workqueue scheme
  GFS2: Update handling of DLM return codes to match reality
  GFS2: Don't enforce min hold time when two demotes occur in rapid succession
  GFS2: Fix whitespace in previous patch
  GFS2: fallocate support
  GFS2: Add a bug trap in allocation code
  GFS2: No longer experimental
  ...

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Thu, 21 Oct 2010 19:38:28 +0000 (12:38 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: (22 commits)
  ceph: do not carry i_lock for readdir from dcache
  fs/ceph/xattr.c: Use kmemdup
  rbd: passing wrong variable to bvec_kunmap_irq()
  rbd: null vs ERR_PTR
  ceph: fix num_pages_free accounting in pagelist
  ceph: add CEPH_MDS_OP_SETDIRLAYOUT and associated ioctl.
  ceph: don't crash when passed bad mount options
  ceph: fix debugfs warnings
  block: rbd: removing unnecessary test
  block: rbd: fixed may leaks
  ceph: switch from BKL to lock_flocks()
  ceph: preallocate flock state without locks held
  ceph: add pagelist_reserve, pagelist_truncate, pagelist_set_cursor
  ceph: use mapping->nrpages to determine if mapping is empty
  ceph: only invalidate on check_caps if we actually have pages
  ceph: do not hide .snap in root directory
  rbd: introduce rados block device (rbd), based on libceph
  ceph: factor out libceph from Ceph file system
  ceph-rbd: osdc support for osd call and rollback operations
  ceph: messenger and osdc changes for rbd
  ...

14 years agoMerge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus
Linus Torvalds [Thu, 21 Oct 2010 19:33:45 +0000 (12:33 -0700)]
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus: (29 commits)
  hfsplus: fix getxattr return value
  hfsplus: remove the unused hfsplus_kmap/hfsplus_kunmap helpers
  hfsplus: create correct initial catalog entries for device files
  hfsplus: remove superflous rootflags field in hfsplus_inode_info
  hfsplus: fix link corruption
  hfsplus: validate btree flags
  hfsplus: handle more on-disk corruptions without oopsing
  hfsplus: hfs_bnode_find() can fail, resulting in hfs_bnode_split() breakage
  hfsplus: fix oops on mount with corrupted btree extent records
  hfsplus: fix rename over directories
  hfsplus: convert tree_lock to mutex
  hfsplus: add missing extent locking in hfsplus_write_inode
  hfsplus: protect readdir against removals from open_dir_list
  hfsplus: use atomic bitops for the superblock flags
  hfsplus: add per-superblock lock for volume header updates
  hfsplus: remove the rsrc_inodes list
  hfsplus: do not cache and write next_alloc
  hfsplus: fix error handling in hfsplus_symlink
  hfsplus: merge mknod/mkdir/creat
  hfsplus: clean up hfsplus_write_inode
  ...

14 years agovirtio_blk: remove BKL leftovers
Christoph Hellwig [Tue, 14 Sep 2010 23:27:23 +0000 (01:27 +0200)]
virtio_blk: remove BKL leftovers

Remove the BKL usage added in "block: push down BKL into .locked_ioctl".
Virtio-blk doesn't use the BKL for anything, and doesn't implement any
ioctl command by itself, but only uses the generic scsi_cmd_ioctl
which is fine without the BKL.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Disable lseek(2) for port file operations
Amit Shah [Thu, 16 Sep 2010 09:13:09 +0000 (14:43 +0530)]
virtio: console: Disable lseek(2) for port file operations

The ports are char devices; do not have seeking capabilities.  Calling
nonseekable_open() from the fops_open() call and setting the llseek fops
pointer to no_llseek ensures an lseek() call from userspace returns
-ESPIPE.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
CC: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Send SIGIO in case of port unplug
Amit Shah [Thu, 2 Sep 2010 13:17:54 +0000 (18:47 +0530)]
virtio: console: Send SIGIO in case of port unplug

If a port has registered for SIGIO signals, let the application
know that the port is getting unplugged.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Send SIGIO on new data arrival on ports
Amit Shah [Thu, 2 Sep 2010 13:17:53 +0000 (18:47 +0530)]
virtio: console: Send SIGIO on new data arrival on ports

Send a SIGIO signal when new data arrives on a port. This is sent only
when the process has requested for the signal to be sent using fcntl().

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Send SIGIO to processes that request it for host events
Amit Shah [Thu, 2 Sep 2010 13:17:52 +0000 (18:47 +0530)]
virtio: console: Send SIGIO to processes that request it for host events

A process can request for SIGIO on host connect / disconnect events
using the O_ASYNC file flag using fcntl().

If that's requested, and if the guest-side connection for the port is
open, any host-side open/close events for that port will raise a SIGIO.
The process can then use poll() within the signal handler to find out
which port triggered the signal.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Reference counting portdev structs is not needed
Amit Shah [Thu, 2 Sep 2010 13:08:30 +0000 (18:38 +0530)]
virtio: console: Reference counting portdev structs is not needed

Explain in a comment why there's no need to reference-count the portdev
struct: when a device is yanked out, we can't do anything more with it
anyway so just give up doing anything more with the data or the vqs and
exit cleanly.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Add reference counting for port struct
Amit Shah [Thu, 2 Sep 2010 13:08:29 +0000 (18:38 +0530)]
virtio: console: Add reference counting for port struct

When a port got hot-unplugged, when a port was open, any file operation
after the unplugging resulted in a crash. This is fixed by ref-counting
the port structure, and releasing it only when the file is closed.

This splits the unplug operation in two parts: first marks the port
as unavailable, removes all the buffers in the vqs and removes the port
from the per-device list of ports. The second stage, invoked when all
references drop to zero, releases the chardev and frees all other memory.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Use cdev_alloc() instead of cdev_init()
Amit Shah [Thu, 2 Sep 2010 12:50:59 +0000 (18:20 +0530)]
virtio: console: Use cdev_alloc() instead of cdev_init()

This moves to using cdev on the heap instead of it being embedded in the
ports struct. This helps individual refcounting and will allow us to
properly remove cdev structs after hot-unplugs and close operations.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Add a find_port_by_devt() function
Amit Shah [Thu, 2 Sep 2010 12:50:58 +0000 (18:20 +0530)]
virtio: console: Add a find_port_by_devt() function

To convert to using cdev as a pointer to avoid kref troubles, we have to
use a different method to get to a port from an inode than the current
container_of method.

Add find_port_by_devt() that looks up all portdevs and ports with those
portdevs to find the right port.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Add a list of portdevs that are active
Amit Shah [Thu, 2 Sep 2010 12:41:49 +0000 (18:11 +0530)]
virtio: console: Add a list of portdevs that are active

The virtio_console.c driver is capable of handling multiple devices at a
time. Maintain a list of devices for future traversal.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: open: Use a common path for error handling
Amit Shah [Thu, 2 Sep 2010 12:41:48 +0000 (18:11 +0530)]
virtio: console: open: Use a common path for error handling

Just re-arrange code for future patches.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: remove_port() should return void
Amit Shah [Thu, 2 Sep 2010 12:41:47 +0000 (18:11 +0530)]
virtio: console: remove_port() should return void

When a port is removed, we have to assume the port is gone. So a
success/failure return value doesn't make sense.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Make write() return -ENODEV on hot-unplug
Amit Shah [Thu, 2 Sep 2010 12:41:46 +0000 (18:11 +0530)]
virtio: console: Make write() return -ENODEV on hot-unplug

When a port is hot-unplugged while an app was blocked on a write() call,
the call was unblocked but would not get an error returned.

Return -ENODEV to ensure the app knows the port has gone away.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Make read() return -ENODEV on hot-unplug
Amit Shah [Thu, 2 Sep 2010 12:41:45 +0000 (18:11 +0530)]
virtio: console: Make read() return -ENODEV on hot-unplug

When a port is hot-unplugged while an app was blocked on a read() call,
the call was unblocked but would not get an error returned.

Return -ENODEV to ensure the app knows the port has gone away.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Unblock poll on port hot-unplug
Amit Shah [Thu, 2 Sep 2010 12:41:44 +0000 (18:11 +0530)]
virtio: console: Unblock poll on port hot-unplug

When a port is hot-unplugged while an app is blocked on poll(), unblock
the poll() and return.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Un-block reads on chardev close
Amit Shah [Thu, 2 Sep 2010 12:41:43 +0000 (18:11 +0530)]
virtio: console: Un-block reads on chardev close

If a chardev is closed, any blocked read / poll calls should just return
and not attempt to use other state.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Check if portdev is valid in send_control_msg()
Amit Shah [Thu, 2 Sep 2010 12:41:42 +0000 (18:11 +0530)]
virtio: console: Check if portdev is valid in send_control_msg()

A portdev may have been hot-unplugged while a port was open()ed.  Skip
sending control messages when the portdev isn't valid.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Remove control vq data only if using multiport support
Amit Shah [Thu, 2 Sep 2010 12:41:41 +0000 (18:11 +0530)]
virtio: console: Remove control vq data only if using multiport support

If a portdev isn't using multiport support, it won't have any control vq
data to remove.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agovirtio: console: Reset vdev before removing device
Amit Shah [Thu, 2 Sep 2010 12:41:40 +0000 (18:11 +0530)]
virtio: console: Reset vdev before removing device

The virtqueues should be disabled before attempting to remove the
device.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
14 years agoselinux: include vmalloc.h for vmalloc_user
Stephen Rothwell [Wed, 20 Oct 2010 05:08:00 +0000 (16:08 +1100)]
selinux: include vmalloc.h for vmalloc_user

Include vmalloc.h for vmalloc_user (fixes ppc build warning).
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set
Eric Paris [Tue, 19 Oct 2010 22:17:32 +0000 (18:17 -0400)]
secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set

When CONFIG_NF_CONNTRACK_SECMARK is not set we accidentally attempt to use
the secmark fielf of struct nf_conn.  Problem is when that config isn't set
the field doesn't exist.  whoops.  Wrap the incorrect usage in the config.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: implement mmap on /selinux/policy
Eric Paris [Wed, 13 Oct 2010 21:50:31 +0000 (17:50 -0400)]
selinux: implement mmap on /selinux/policy

/selinux/policy allows a user to copy the policy back out of the kernel.
This patch allows userspace to actually mmap that file and use it directly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoSELinux: allow userspace to read policy back out of the kernel
Eric Paris [Wed, 13 Oct 2010 21:50:25 +0000 (17:50 -0400)]
SELinux: allow userspace to read policy back out of the kernel

There is interest in being able to see what the actual policy is that was
loaded into the kernel.  The patch creates a new selinuxfs file
/selinux/policy which can be read by userspace.  The actual policy that is
loaded into the kernel will be written back out to userspace.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoSELinux: drop useless (and incorrect) AVTAB_MAX_SIZE
Eric Paris [Wed, 13 Oct 2010 21:50:19 +0000 (17:50 -0400)]
SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE

AVTAB_MAX_SIZE was a define which was supposed to be used in userspace to
define a maximally sized avtab when userspace wasn't sure how big of a table
it needed.  It doesn't make sense in the kernel since we always know our table
sizes.  The only place it is used we have a more appropiately named define
called AVTAB_MAX_HASH_BUCKETS, use that instead.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoSELinux: deterministic ordering of range transition rules
Eric Paris [Wed, 13 Oct 2010 21:50:14 +0000 (17:50 -0400)]
SELinux: deterministic ordering of range transition rules

Range transition rules are placed in the hash table in an (almost)
arbitrary order.  This patch inserts them in a fixed order to make policy
retrival more predictable.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agokernel: roundup should only reference arguments once
Eric Paris [Wed, 13 Oct 2010 21:50:08 +0000 (17:50 -0400)]
kernel: roundup should only reference arguments once

Currently the roundup macro references it's arguments more than one time.
This patch changes it so it will only use its arguments once.

Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agokernel: rounddown helper function
Eric Paris [Wed, 13 Oct 2010 21:50:02 +0000 (17:50 -0400)]
kernel: rounddown helper function

The roundup() helper function will round a given value up to a multiple of
another given value.  aka  roundup(11, 7) would give 14 = 7 * 2.  This new
function does the opposite.  It will round a given number down to the
nearest multiple of the second number: rounddown(11, 7) would give 7.

I need this in some future SELinux code and can carry the macro myself, but
figured I would put it in the core kernel so others might find and use it
if need be.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecmark: export secctx, drop secmark in procfs
Eric Paris [Wed, 13 Oct 2010 20:25:00 +0000 (16:25 -0400)]
secmark: export secctx, drop secmark in procfs

The current secmark code exports a secmark= field which just indicates if
there is special labeling on a packet or not.  We drop this field as it
isn't particularly useful and instead export a new field secctx= which is
the actual human readable text label.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoconntrack: export lsm context rather than internal secid via netlink
Eric Paris [Wed, 13 Oct 2010 20:24:54 +0000 (16:24 -0400)]
conntrack: export lsm context rather than internal secid via netlink

The conntrack code can export the internal secid to userspace.  These are
dynamic, can change on lsm changes, and have no meaning in userspace.  We
should instead be sending lsm contexts to userspace instead.  This patch sends
the secctx (rather than secid) to userspace over the netlink socket.  We use a
new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
not send particularly useful information.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecurity: secid_to_secctx returns len when data is NULL
Eric Paris [Wed, 13 Oct 2010 20:24:48 +0000 (16:24 -0400)]
security: secid_to_secctx returns len when data is NULL

With the (long ago) interface change to have the secid_to_secctx functions
do the string allocation instead of having the caller do the allocation we
lost the ability to query the security server for the length of the
upcoming string.  The SECMARK code would like to allocate a netlink skb
with enough length to hold the string but it is just too unclean to do the
string allocation twice or to do the allocation the first time and hold
onto the string and slen.  This patch adds the ability to call
security_secid_to_secctx() with a NULL data pointer and it will just set
the slen pointer.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecmark: make secmark object handling generic
Eric Paris [Wed, 13 Oct 2010 20:24:41 +0000 (16:24 -0400)]
secmark: make secmark object handling generic

Right now secmark has lots of direct selinux calls.  Use all LSM calls and
remove all SELinux specific knowledge.  The only SELinux specific knowledge
we leave is the mode.  The only point is to make sure that other LSMs at
least test this generic code before they assume it works.  (They may also
have to make changes if they do not represent labels as strings)

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecmark: do not return early if there was no error
Eric Paris [Tue, 12 Oct 2010 15:40:08 +0000 (11:40 -0400)]
secmark: do not return early if there was no error

Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors.  In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark.  This results
in a kernel BUG if you use SECMARK.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoAppArmor: Ensure the size of the copy is < the buffer allocated to hold it
John Johansen [Sat, 9 Oct 2010 07:47:53 +0000 (00:47 -0700)]
AppArmor: Ensure the size of the copy is < the buffer allocated to hold it

Actually I think in this case the appropriate thing to do is to BUG as there
is currently a case (remove) where the alloc_size needs to be larger than
the copy_size, and if copy_size is ever greater than alloc_size there is
a mistake in the caller code.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoTOMOYO: Print URL information before panic().
Tetsuo Handa [Fri, 8 Oct 2010 05:43:22 +0000 (14:43 +0900)]
TOMOYO: Print URL information before panic().

Configuration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2.
But current panic() message is too unfriendly and is confusing users.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agosecurity: remove unused parameter from security_task_setscheduler()
KOSAKI Motohiro [Thu, 14 Oct 2010 19:21:18 +0000 (04:21 +0900)]
security: remove unused parameter from security_task_setscheduler()

All security modules shouldn't change sched_param parameter of
security_task_setscheduler().  This is not only meaningless, but also
make a harmful result if caller pass a static variable.

This patch remove policy and sched_param parameter from
security_task_setscheduler() becuase none of security module is
using it.

Cc: James Morris <jmorris@namei.org>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agotpm: change 'tpm_suspend_pcr' to be module parameter
Dmitry Torokhov [Fri, 1 Oct 2010 21:16:39 +0000 (14:16 -0700)]
tpm: change 'tpm_suspend_pcr' to be module parameter

Fix the following warning:

drivers/char/tpm/tpm.c:1085: warning: `tpm_suspend_setup' defined but not used

and make the workaround operable in case when TPM is compiled as a module.
As a side-effect the option will be called tpm.suspend_pcr.

Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: David Safford <safford@watson.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: Debora Velarde <debora@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: fix up style problem on /selinux/status
KaiGai Kohei [Thu, 30 Sep 2010 02:49:55 +0000 (11:49 +0900)]
selinux: fix up style problem on /selinux/status

This patch fixes up coding-style problem at this commit:

 4f27a7d49789b04404eca26ccde5f527231d01d5
 selinux: fast status update interface (/selinux/status)

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: change to new flag variable
matt mooney [Thu, 23 Sep 2010 06:50:06 +0000 (23:50 -0700)]
selinux: change to new flag variable

Replace EXTRA_CFLAGS with ccflags-y.

Signed-off-by: matt mooney <mfm@muteddisk.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: really fix dependency causing parallel compile failure.
Paul Gortmaker [Thu, 16 Sep 2010 00:14:53 +0000 (20:14 -0400)]
selinux: really fix dependency causing parallel compile failure.

While the previous change to the selinux Makefile reduced the window
significantly for this failure, it is still possible to see a compile
failure where cpp starts processing selinux files before the auto
generated flask.h file is completed.  This is easily reproduced by
adding the following temporary change to expose the issue everytime:

-      cmd_flask = scripts/selinux/genheaders/genheaders ...
+      cmd_flask = sleep 30 ; scripts/selinux/genheaders/genheaders ...

This failure happens because the creation of the object files in the ss
subdir also depends on flask.h.  So simply incorporate them into the
parent Makefile, as the ss/Makefile really doesn't do anything unique.

With this change, compiling of all selinux files is dependent on
completion of the header file generation, and this test case with
the "sleep 30" now confirms it is functioning as expected.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: fix parallel compile error
Paul Gortmaker [Mon, 9 Aug 2010 21:34:25 +0000 (17:34 -0400)]
selinux: fix parallel compile error

Selinux has an autogenerated file, "flask.h" which is included by
two other selinux files.  The current makefile has a single dependency
on the first object file in the selinux-y list, assuming that will get
flask.h generated before anyone looks for it, but that assumption breaks
down in a "make -jN" situation and you get:

   selinux/selinuxfs.c:35: fatal error: flask.h: No such file or directory
   compilation terminated.
   remake[9]: *** [security/selinux/selinuxfs.o] Error 1

Since flask.h is included by security.h which in turn is included
nearly everywhere, make the dependency apply to all of the selinux-y
list of objs.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: fast status update interface (/selinux/status)
KaiGai Kohei [Tue, 14 Sep 2010 09:28:39 +0000 (18:28 +0900)]
selinux: fast status update interface (/selinux/status)

This patch provides a new /selinux/status entry which allows applications
read-only mmap(2).
This region reflects selinux_kernel_status structure in kernel space.
  struct selinux_kernel_status
  {
          u32     length;         /* length of this structure */
          u32     sequence;       /* sequence number of seqlock logic */
          u32     enforcing;      /* current setting of enforcing mode */
          u32     policyload;     /* times of policy reloaded */
          u32     deny_unknown;   /* current setting of deny_unknown */
  };

When userspace object manager caches access control decisions provided
by SELinux, it needs to invalidate the cache on policy reload and setenforce
to keep consistency.
However, the applications need to check the kernel state for each accesses
on userspace avc, or launch a background worker process.
In heuristic, frequency of invalidation is much less than frequency of
making access control decision, so it is annoying to invoke a system call
to check we don't need to invalidate the userspace cache.
If we can use a background worker thread, it allows to receive invalidation
messages from the kernel. But it requires us an invasive coding toward the
base application in some cases; E.g, when we provide a feature performing
with SELinux as a plugin module, it is unwelcome manner to launch its own
worker thread from the module.

If we could map /selinux/status to process memory space, application can
know updates of selinux status; policy reload or setenforce.

A typical application checks selinux_kernel_status::sequence when it tries
to reference userspace avc. If it was changed from the last time when it
checked userspace avc, it means something was updated in the kernel space.
Then, the application can reset userspace avc or update current enforcing
mode, without any system call invocations.
This sequence number is updated according to the seqlock logic, so we need
to wait for a while if it is odd number.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Eric Paris <eparis@redhat.com>
--
 security/selinux/include/security.h |   21 ++++++
 security/selinux/selinuxfs.c        |   56 +++++++++++++++
 security/selinux/ss/Makefile        |    2 +-
 security/selinux/ss/services.c      |    3 +
 security/selinux/ss/status.c        |  129 +++++++++++++++++++++++++++++++++++
 5 files changed, 210 insertions(+), 1 deletions(-)
Signed-off-by: James Morris <jmorris@namei.org>
14 years ago.gitignore: ignore apparmor/rlim_names.h
Yong Zhang [Sat, 28 Aug 2010 02:25:09 +0000 (10:25 +0800)]
.gitignore: ignore apparmor/rlim_names.h

Signed-off-by: Yong Zhang <yong.zhang0@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoLSM: Fix security_module_enable() error.
Tetsuo Handa [Sat, 28 Aug 2010 05:58:44 +0000 (14:58 +0900)]
LSM: Fix security_module_enable() error.

We can set default LSM module to DAC (which means "enable no LSM module").
If default LSM module was set to DAC, security_module_enable() must return 0
unless overridden via boot time parameter.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoselinux: type_bounds_sanity_check has a meaningless variable declaration
Eric Paris [Tue, 3 Aug 2010 19:26:05 +0000 (15:26 -0400)]
selinux: type_bounds_sanity_check has a meaningless variable declaration

type is not used at all, stop declaring and assigning it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agotomoyo: cleanup. don't store bogus pointer
Dan Carpenter [Sat, 7 Aug 2010 22:17:51 +0000 (00:17 +0200)]
tomoyo: cleanup. don't store bogus pointer

If domain is NULL then &domain->list is a bogus address.  Let's leave
head->r.domain NULL instead of saving an unusable pointer.

This is just a cleanup.  The current code always checks head->r.eof
before dereferencing head->r.domain.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
14 years agoceph: do not carry i_lock for readdir from dcache
Sage Weil [Mon, 18 Oct 2010 21:04:31 +0000 (14:04 -0700)]
ceph: do not carry i_lock for readdir from dcache

We were taking dcache_lock inside of i_lock, which introduces a dependency
not found elsewhere in the kernel, complicationg the vfs locking
scalability work.  Since we don't actually need it here anyway, remove
it.

We only need i_lock to test for the I_COMPLETE flag, so be careful to do
so without dcache_lock held.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agofs/ceph/xattr.c: Use kmemdup
Julia Lawall [Sun, 17 Oct 2010 19:55:21 +0000 (21:55 +0200)]
fs/ceph/xattr.c: Use kmemdup

Convert a sequence of kmalloc and memcpy to use kmemdup.

The semantic patch that performs this transformation is:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression a,flag,len;
expression arg,e1,e2;
statement S;
@@

  a =
-  \(kmalloc\|kzalloc\)(len,flag)
+  kmemdup(arg,len,flag)
  <... when != a
  if (a == NULL || ...) S
  ...>
- memcpy(a,arg,len+1);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agorbd: passing wrong variable to bvec_kunmap_irq()
Dan Carpenter [Mon, 11 Oct 2010 19:15:11 +0000 (21:15 +0200)]
rbd: passing wrong variable to bvec_kunmap_irq()

We should be passing "buf" here insead of "bv".  This is tricky because
it's not the same as kmap() and kunmap().  GCC does warn about it if you
compile on i386 with CONFIG_HIGHMEM.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agorbd: null vs ERR_PTR
Dan Carpenter [Mon, 11 Oct 2010 19:14:23 +0000 (21:14 +0200)]
rbd: null vs ERR_PTR

ceph_alloc_page_vector() returns ERR_PTR(-ENOMEM) on errors.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix num_pages_free accounting in pagelist
Sage Weil [Tue, 5 Oct 2010 19:03:23 +0000 (12:03 -0700)]
ceph: fix num_pages_free accounting in pagelist

Decrement the free page counter when removing a page from the free_list.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: add CEPH_MDS_OP_SETDIRLAYOUT and associated ioctl.
Greg Farnum [Fri, 24 Sep 2010 21:56:40 +0000 (14:56 -0700)]
ceph: add CEPH_MDS_OP_SETDIRLAYOUT and associated ioctl.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: don't crash when passed bad mount options
Yehuda Sadeh [Thu, 30 Sep 2010 18:58:31 +0000 (11:58 -0700)]
ceph: don't crash when passed bad mount options

This only happened when parse_extra_token was not passed
to ceph_parse_option() (hence, only happened in rbd).

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
14 years agoceph: fix debugfs warnings
Randy Dunlap [Tue, 28 Sep 2010 16:53:10 +0000 (09:53 -0700)]
ceph: fix debugfs warnings

Include "super.h" outside of CONFIG_DEBUG_FS to eliminate a compiler warning:

fs/ceph/debugfs.c:266: warning: 'struct ceph_fs_client' declared inside parameter list
fs/ceph/debugfs.c:266: warning: its scope is only this definition or declaration, which is probably not what you want
fs/ceph/debugfs.c:271: warning: 'struct ceph_fs_client' declared inside parameter list

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
14 years agoblock: rbd: removing unnecessary test
Yehuda Sadeh [Mon, 27 Sep 2010 17:51:53 +0000 (10:51 -0700)]
block: rbd: removing unnecessary test

rbd_get_segment() can't return a negative value, we don't need to check
the return output.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
14 years agoblock: rbd: fixed may leaks
Vasiliy Kulikov [Sun, 26 Sep 2010 08:59:37 +0000 (12:59 +0400)]
block: rbd: fixed may leaks

rbd_client_create() doesn't free rbdc, this leads to many leaks.

seg_len in rbd_do_op() is unsigned, so (seg_len < 0) makes no sense.
Also if fixed check fails then seg_name is leaked.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
14 years agoceph: switch from BKL to lock_flocks()
Sage Weil [Thu, 23 Sep 2010 02:57:10 +0000 (19:57 -0700)]
ceph: switch from BKL to lock_flocks()

Switch from using the BKL explicitly to the new lock_flocks() interface.
Eventually this will turn into a spinlock.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: preallocate flock state without locks held
Greg Farnum [Fri, 17 Sep 2010 17:24:02 +0000 (10:24 -0700)]
ceph: preallocate flock state without locks held

When the lock_kernel() turns into lock_flocks() and a spinlock, we won't
be able to do allocations with the lock held.  Preallocate space without
the lock, and retry if the lock state changes out from underneath us.

Signed-off-by: Greg Farnum <gregf@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: add pagelist_reserve, pagelist_truncate, pagelist_set_cursor
Greg Farnum [Fri, 17 Sep 2010 17:10:55 +0000 (10:10 -0700)]
ceph: add pagelist_reserve, pagelist_truncate, pagelist_set_cursor

These facilitate preallocation of pages so that we can encode into the pagelist
in an atomic context.

Signed-off-by: Greg Farnum <gregf@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: use mapping->nrpages to determine if mapping is empty
Sage Weil [Fri, 17 Sep 2010 17:46:44 +0000 (10:46 -0700)]
ceph: use mapping->nrpages to determine if mapping is empty

This is simpler and faster.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: only invalidate on check_caps if we actually have pages
Sage Weil [Fri, 17 Sep 2010 15:38:25 +0000 (08:38 -0700)]
ceph: only invalidate on check_caps if we actually have pages

The i_rdcache_gen value only implies we MAY have cached pages; actually
check the mapping to see if it's worth bothering with an invalidate.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: do not hide .snap in root directory
Sage Weil [Tue, 24 Aug 2010 23:27:36 +0000 (16:27 -0700)]
ceph: do not hide .snap in root directory

Snaps in the root directory are now supported by the MDS, and harmless on
older versions.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agorbd: introduce rados block device (rbd), based on libceph
Yehuda Sadeh [Thu, 12 Aug 2010 23:11:25 +0000 (16:11 -0700)]
rbd: introduce rados block device (rbd), based on libceph

The rados block device (rbd), based on osdblk, creates a block device
that is backed by objects stored in the Ceph distributed object storage
cluster.  Each device consists of a single metadata object and data
striped over many data objects.

The rbd driver supports read-only snapshots.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: factor out libceph from Ceph file system
Yehuda Sadeh [Tue, 6 Apr 2010 22:14:15 +0000 (15:14 -0700)]
ceph: factor out libceph from Ceph file system

This factors out protocol and low-level storage parts of ceph into a
separate libceph module living in net/ceph and include/linux/ceph.  This
is mostly a matter of moving files around.  However, a few key pieces
of the interface change as well:

 - ceph_client becomes ceph_fs_client and ceph_client, where the latter
   captures the mon and osd clients, and the fs_client gets the mds client
   and file system specific pieces.
 - Mount option parsing and debugfs setup is correspondingly broken into
   two pieces.
 - The mon client gets a generic handler callback for otherwise unknown
   messages (mds map, in this case).
 - The basic supported/required feature bits can be expanded (and are by
   ceph_fs_client).

No functional change, aside from some subtle error handling cases that got
cleaned up in the refactoring process.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph-rbd: osdc support for osd call and rollback operations
Yehuda Sadeh [Tue, 18 May 2010 23:38:08 +0000 (16:38 -0700)]
ceph-rbd: osdc support for osd call and rollback operations

This will be used for rbd snapshots administration.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
14 years agoceph: messenger and osdc changes for rbd
Yehuda Sadeh [Tue, 6 Apr 2010 22:01:27 +0000 (15:01 -0700)]
ceph: messenger and osdc changes for rbd

Allow the messenger to send/receive data in a bio.  This is added
so that we wouldn't need to copy the data into pages or some other buffer
when doing IO for an rbd block device.

We can now have trailing variable sized data for osd
ops.  Also osd ops encoding is more modular.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: refactor osdc requests creation functions
Yehuda Sadeh [Tue, 6 Apr 2010 21:51:47 +0000 (14:51 -0700)]
ceph: refactor osdc requests creation functions

The osd requests creation are being decoupled from the
vino parameter, allowing clients using the osd to use
other arbitrary object names that are not necessarily
vino based. Also, calc_raw_layout now takes a snap id.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: lookup pool in osdmap by name
Yehuda Sadeh [Mon, 17 May 2010 19:31:35 +0000 (12:31 -0700)]
ceph: lookup pool in osdmap by name

Implement a pool lookup by name.  This will be used by rbd.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoLinux 2.6.36
Linus Torvalds [Wed, 20 Oct 2010 20:30:22 +0000 (13:30 -0700)]
Linux 2.6.36

14 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Wed, 20 Oct 2010 20:18:21 +0000 (13:18 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus

* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus:
  MIPS: O32 compat/N32: Fix to use compat syscall wrappers for AIO syscalls.
  MAINTAINERS: Change list for ioc_serial to linux-serial.
  SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure
  MIPS: jz4740: Fix Kbuild Platform file.
  MIPS: Repair Kbuild make clean breakage.

14 years agovirtio: console: Don't block entire guest if host doesn't read data
Amit Shah [Wed, 20 Oct 2010 03:15:43 +0000 (13:45 +1030)]
virtio: console: Don't block entire guest if host doesn't read data

If the host is slow in reading data or doesn't read data at all,
blocking write calls not only blocked the program that called write()
but the entire guest itself.

To overcome this, let's not block till the host signals it has given
back the virtio ring element we passed it.  Instead, send the buffer to
the host and return to userspace.  This operation then becomes similar
to how non-blocking writes work, so let's use the existing code for this
path as well.

This code change also ensures blocking write calls do get blocked if
there's not enough room in the virtio ring as well as they don't return
-EAGAIN to userspace.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
CC: stable@kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
Linus Torvalds [Wed, 20 Oct 2010 20:13:09 +0000 (13:13 -0700)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] bsg: fix incorrect device_status value
  [SCSI] Fix VPD inquiry page wrapper

14 years agoMerge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Wed, 20 Oct 2010 16:00:44 +0000 (09:00 -0700)]
Merge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm

* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: Fix fs/gs reload oops with invalid ldt

14 years agoMIPS: O32 compat/N32: Fix to use compat syscall wrappers for AIO syscalls.
Michel Thebeau [Tue, 28 Sep 2010 18:15:37 +0000 (14:15 -0400)]
MIPS: O32 compat/N32: Fix to use compat syscall wrappers for AIO syscalls.

[Ralf: Michel's original patch only fixed N32; I replicated the same fix
for O32.]

Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
Cc: paul.gortmaker@windriver.com
Cc: bruce.ashfield@windriver.com
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMAINTAINERS: Change list for ioc_serial to linux-serial.
Ralf Baechle [Tue, 19 Oct 2010 17:32:41 +0000 (18:32 +0100)]
MAINTAINERS: Change list for ioc_serial to linux-serial.

IOC3 is also being used on SGI MIPS systems but this particular driver is
only being used on IA64 systems so linux-mips made no sense as a list.  Pat
also thinks linux-serial@vger.kernel.org is the better list.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoSERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure
Julia Lawall [Fri, 15 Oct 2010 13:00:09 +0000 (15:00 +0200)]
SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure

In this code, 0 is returned on memory allocation failure, even though other
failures return -ENOMEM or other similar values.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression ret;
expression x,e1,e2,e3;
@@

ret = 0
... when != ret = e1
*x = \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != ret = e2
if (x == NULL) { ... when != ret = e3
  return ret;
}
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
To: Pat Gefre <pfg@sgi.com>
Cc: kernel-janitors@vger.kernel.org
Cc: linux-ia64@vger.kernel.org
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1704/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: jz4740: Fix Kbuild Platform file.
David Daney [Tue, 19 Oct 2010 01:05:49 +0000 (18:05 -0700)]
MIPS: jz4740: Fix Kbuild Platform file.

The platform specific files should be included via the platform-y
variable.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Patchwork: https://patchwork.linux-mips.org/patch/1719/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Repair Kbuild make clean breakage.
David Daney [Tue, 19 Oct 2010 00:51:26 +0000 (17:51 -0700)]
MIPS: Repair Kbuild make clean breakage.

When running make clean, Kbuild doesn't process the .config file, so nothing
generates a platform-y variable.  We can get it to descend into the platform
directories by setting $(obj-).

The dec Platform file was unconditionally setting platform-, obliterating
its previous contents and preventing some directories from being cleaned.
This is change to an append operation '+=' to allow cavium-octeon to be
cleaned.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Patchwork: https://patchwork.linux-mips.org/patch/1718/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMerge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Tue, 19 Oct 2010 17:10:20 +0000 (10:10 -0700)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: avivo cursor workaround applies to evergreen as well

14 years agoKVM: Fix fs/gs reload oops with invalid ldt
Avi Kivity [Tue, 19 Oct 2010 14:46:55 +0000 (16:46 +0200)]
KVM: Fix fs/gs reload oops with invalid ldt

kvm reloads the host's fs and gs blindly, however the underlying segment
descriptors may be invalid due to the user modifying the ldt after loading
them.

Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
of home grown unsafe versions.

This is CVE-2010-3698.

KVM-Stable-Tag.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Mon, 18 Oct 2010 20:10:36 +0000 (13:10 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus

* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus:
  MIPS: Enable ISA_DMA_API config to fix build failure
  MIPS: 32-bit: Fix build failure in asm/fcntl.h
  MIPS: Remove all generated vmlinuz* files on "make clean"
  MIPS: do_sigaltstack() expects userland pointers
  MIPS: Fix error values in case of bad_stack
  MIPS: Sanitize restart logics
  MIPS: secure_computing, syscall audit: syscall number should in r2, not r0.
  MIPS: Don't block signals if we'd failed to setup a sigframe

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Mon, 18 Oct 2010 20:10:08 +0000 (13:10 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: evdev - fix EVIOCSABS regression
  Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394...
Linus Torvalds [Mon, 18 Oct 2010 20:09:26 +0000 (13:09 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: ohci: fix TI TSB82AA2 regression since 2.6.35

14 years agomxc_nand: do not depend on disabling the irq in the interrupt handler
Sascha Hauer [Mon, 18 Oct 2010 08:16:26 +0000 (10:16 +0200)]
mxc_nand: do not depend on disabling the irq in the interrupt handler

This patch reverts the driver to enabling/disabling the NFC interrupt
mask rather than enabling/disabling the system interrupt.  This cleans
up the driver so that it doesn't rely on interrupts being disabled
within the interrupt handler.

For i.MX21 we keep the current behaviour, that is calling
enable_irq/disable_irq_nosync to enable/disable interrupts.  This patch
is based on earlier work by John Ogness.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: John Ogness <john.ogness@linutronix.de>
Tested-by: John Ogness <john.ogness@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge branch 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux
Linus Torvalds [Mon, 18 Oct 2010 20:05:10 +0000 (13:05 -0700)]
Merge branch 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux

* 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux:
  i2c-imx: do not allow interruptions when waiting for I2C to complete
  i2c-davinci: Fix TX setup for more SoCs

14 years agoMerge branch 'fixes'
Linus Torvalds [Mon, 18 Oct 2010 20:04:33 +0000 (13:04 -0700)]
Merge branch 'fixes'

* fixes:
  v4l1: fix 32-bit compat microcode loading translation
  De-pessimize rds_page_copy_user

14 years agoMIPS: Enable ISA_DMA_API config to fix build failure
Namhyung Kim [Mon, 18 Oct 2010 03:55:21 +0000 (12:55 +0900)]
MIPS: Enable ISA_DMA_API config to fix build failure

Add ISA_DMA_API config item and select it when GENERIC_ISA_DMA enabled.
This fixes build failure on allmodconfig like following:

  CC      sound/isa/es18xx.o
sound/isa/es18xx.c: In function 'snd_es18xx_playback1_prepare':
sound/isa/es18xx.c:501:9: error: implicit declaration of function 'snd_dma_program'
sound/isa/es18xx.c: In function 'snd_es18xx_playback_pointer':
sound/isa/es18xx.c:818:3: error: implicit declaration of function 'snd_dma_pointer'
make[3]: *** [sound/isa/es18xx.o] Error 1
make[2]: *** [sound/isa/es18xx.o] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1717/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: 32-bit: Fix build failure in asm/fcntl.h
Namhyung Kim [Sun, 17 Oct 2010 16:41:39 +0000 (01:41 +0900)]
MIPS: 32-bit: Fix build failure in asm/fcntl.h

  CC      security/integrity/ima/ima_fs.o
In file included from linux/include/linux/fcntl.h:4:0,
                 from linux/security/integrity/ima/ima_fs.c:18:
linux/arch/mips/include/asm/fcntl.h:63:2: error: expected specifier-qualifier-list before 'off_t'
make[3]: *** [security/integrity/ima/ima_fs.o] Error 1
make[2]: *** [security/integrity/ima/ima_fs.o] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1715/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Remove all generated vmlinuz* files on "make clean"
Wu Zhangjin [Wed, 22 Sep 2010 06:03:57 +0000 (14:03 +0800)]
MIPS: Remove all generated vmlinuz* files on "make clean"

[Ralf: I changed the patch to explicitly list all files to be deleted out
of paranoia.]

Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Patchwork: http://patchwork.linux-mips.org/patch/1590/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: do_sigaltstack() expects userland pointers
Al Viro [Tue, 28 Sep 2010 17:50:57 +0000 (18:50 +0100)]
MIPS: do_sigaltstack() expects userland pointers

o32 compat does the right thing, native and n32 compat do not...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1700/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Fix error values in case of bad_stack
Al Viro [Tue, 28 Sep 2010 17:50:47 +0000 (18:50 +0100)]
MIPS: Fix error values in case of bad_stack

We want EFAULT, not -<syscall number>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1699/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Sanitize restart logics
Al Viro [Tue, 28 Sep 2010 17:50:37 +0000 (18:50 +0100)]
MIPS: Sanitize restart logics

Put the original syscall number into ->regs[0] when we leave syscall
with error.  Use it in restart logics.  Everything else will have
it 0 since we pass through SAVE_SOME on all the ways in.  Note that
in places like bad_stack and inllegal_syscall we leave it 0 - it's not
restartable.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1698/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: secure_computing, syscall audit: syscall number should in r2, not r0.
Al Viro [Tue, 28 Sep 2010 17:50:27 +0000 (18:50 +0100)]
MIPS: secure_computing, syscall audit: syscall number should in r2, not r0.

As it is, audit_syscall_entry() and secure_computing() get the
bogus value (0, in fact)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1697/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Don't block signals if we'd failed to setup a sigframe
Al Viro [Tue, 28 Sep 2010 17:50:17 +0000 (18:50 +0100)]
MIPS: Don't block signals if we'd failed to setup a sigframe

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1696/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoInput: evdev - fix EVIOCSABS regression
Daniel Mack [Mon, 18 Oct 2010 15:43:50 +0000 (08:43 -0700)]
Input: evdev - fix EVIOCSABS regression

448cd16 ("Input: evdev - rearrange ioctl handling") broke EVIOCSABS by
checking for the wrong direction bit.

Signed-off-by: Daniel Mack <zonque@gmail.com>
Reported-by: Sven Neumann <s.neumann@raumfeld.com>
Tested-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>