security_inode_init_security previously returned -EOPNOTSUPP, for S_PRIVATE
inodes, and relied on the callers to change it to 0. As the callers do not
change the return code anymore, return 0, intead of -EOPNOTSUPP.
Mimi Zohar [Sun, 28 Aug 2011 12:57:11 +0000 (08:57 -0400)]
evm: remove TCG_TPM dependency
All tristates selected by EVM(boolean) are forced to be builtin, except
in the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the
Kconfig bug as, "So it would seem direct dependency state influence the
state of reverse dependencies.." For a detailed explanation, refer to
Arnaud Lacombe's posting http://lkml.org/lkml/2011/8/23/498.
With the "encrypted-keys: remove trusted-keys dependency" patch, EVM
can now be built without a dependency on TCG_TPM. The trusted-keys
dependency requires trusted-keys to either be builtin or not selected.
This dependency will prevent the boolean/tristate mismatch from
occuring.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>,
Randy Dunlap <rdunlap@xenotimenet> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Mimi Zohar [Sun, 28 Aug 2011 02:21:26 +0000 (22:21 -0400)]
encrypted-keys: remove trusted-keys dependency
Encrypted keys are decrypted/encrypted using either a trusted-key or,
for those systems without a TPM, a user-defined key. This patch
removes the trusted-keys and TCG_TPM dependencies.
TOMOYO: Avoid race when retrying "file execute" permission check.
There was a race window that the pathname which is subjected to "file execute"
permission check when retrying via supervisor's decision because the pathname
was recalculated upon retry. Though, there is an inevitable race window even
without supervisor, for we have to calculate the symbolic link's pathname from
"struct linux_binprm"->filename rather than from "struct linux_binprm"->file
because we cannot back calculate the symbolic link's pathname from the
dereferenced pathname.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
To be able to split permissions for Apache's CGI programs which are executed
without execve(), add special domain transition which is performed by writing
a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface.
This is an API for TOMOYO-aware userland applications. However, since I expect
TOMOYO and other LSM modules to run in parallel, this patch does not use
/proc/self/attr/ interface in order to avoid conflicts with other LSM modules
when it became possible to run multiple LSM modules in parallel.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
TOMOYO: Add environment variable name restriction support.
This patch adds support for checking environment variable's names.
Although TOMOYO already provides ability to check argv[]/envp[] passed to
execve() requests,
will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
administrators have to specify like
. Since there are many environment variables whereas conditional checks are
applied as "&&", it is difficult to cover all combinations. Therefore, this
patch supports conditional checks that are applied as "||", by specifying like
James Morris [Tue, 30 Aug 2011 00:19:50 +0000 (10:19 +1000)]
ima: sparse fix: include linux/ima.h in ima_main.c
Fixes sparse warnings:
security/integrity/ima/ima_main.c:105:6: warning: symbol 'ima_file_free' was not declared. Should it be static?
security/integrity/ima/ima_main.c:167:5: warning: symbol 'ima_file_mmap' was not declared. Should it be static?
security/integrity/ima/ima_main.c:192:5: warning: symbol 'ima_bprm_check' was not declared. Should it be static?
security/integrity/ima/ima_main.c:211:5: warning: symbol 'ima_file_check' was not declared. Should it be static?
James Morris [Mon, 29 Aug 2011 01:45:44 +0000 (11:45 +1000)]
apparmor: sparse fix: include procattr.h in procattr.c
Fix sparse warnings:
security/apparmor/procattr.c:35:5: warning: symbol 'aa_getprocattr' was not declared. Should it be static?
security/apparmor/procattr.c:113:5: warning: symbol 'aa_setprocattr_changehat' was not declared. Should it be static?
security/apparmor/procattr.c:158:5: warning: symbol 'aa_setprocattr_changeprofile' was not declared. Should it be static?
security/apparmor/procattr.c:166:5: warning: symbol 'aa_setprocattr_permipc' was not declared. Should it be static?
Signed-off-by: James Morris <jmorris@namei.org> Acked-by: John Johansen <john.johansen@canonical.com>
James Morris [Mon, 29 Aug 2011 01:43:02 +0000 (11:43 +1000)]
apparmor: sparse fix: rename shadowed variables in policy_unpack.c
Fix the following warnings:
security/apparmor/policy_unpack.c:384:35: warning: symbol 'size' shadows an earlier one
security/apparmor/policy_unpack.c:370:24: originally declared here
security/apparmor/policy_unpack.c:443:29: warning: symbol 'tmp' shadows an earlier one
security/apparmor/policy_unpack.c:434:21: originally declared here
Signed-off-by: James Morris <jmorris@namei.org> Acked-by: John Johansen <john.johansen@canonical.com>
James Morris [Mon, 29 Aug 2011 01:15:25 +0000 (11:15 +1000)]
apparmor: sparse fix: add apparmor.h to lib.c
Fix the following sparse warnings:
security/apparmor/lib.c:37:6: warning: symbol 'aa_split_fqname' was not declared. Should it be static?
security/apparmor/lib.c:63:6: warning: symbol 'aa_info_message' was not declared. Should it be static?
security/apparmor/lib.c:83:6: warning: symbol 'kvmalloc' was not declared. Should it be static?
security/apparmor/lib.c:123:6: warning: symbol 'kvfree' was not declared. Should it be static?
James Morris [Mon, 29 Aug 2011 00:40:54 +0000 (10:40 +1000)]
apparmor: sparse fix: include ipc.h
Include ipc.h to eliminate sparse warnings.
security/apparmor/ipc.c:61:5: warning: symbol 'aa_may_ptrace' was not declared. Should it be static?
security/apparmor/ipc.c:83:5: warning: symbol 'aa_ptrace' was not declared. Should it be static
Signed-off-by: James Morris <jmorris@namei.org> Acked-by: John Johansen <john.johansen@canonical.com>
Tetsuo Handa [Thu, 25 Aug 2011 12:15:00 +0000 (21:15 +0900)]
TOMOYO: Fix incorrect enforce mode.
In tomoyo_get_mode() since 2.6.36, CONFIG::file::execute was by error used in
place of CONFIG::file if CONFIG::file::execute was set to other than default.
As a result, enforcing mode was not applied in a way documentation says.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Stefan Berger [Tue, 23 Aug 2011 12:52:10 +0000 (08:52 -0400)]
tpm: suppress durations sysfs output if not read
Suppress the output in the 'durations' sysfs entry if they were not read
during driver initialization. This is similar to other sysfs entries
that return nothing if for some reason sending the commands to the TPM
fails.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Axel Lin [Tue, 23 Aug 2011 07:23:51 +0000 (15:23 +0800)]
CRED: fix build error due to 'tgcred' undeclared
This patch adds CONFIG_KEYS guard for tgcred to fix below build error
if CONFIG_KEYS is not configured.
CC kernel/cred.o
kernel/cred.c: In function 'prepare_kernel_cred':
kernel/cred.c:657: error: 'tgcred' undeclared (first use in this function)
kernel/cred.c:657: error: (Each undeclared identifier is reported only once
kernel/cred.c:657: error: for each function it appears in.)
make[1]: *** [kernel/cred.o] Error 1
make: *** [kernel] Error 2
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 22 Aug 2011 13:09:36 +0000 (14:09 +0100)]
KEYS: Correctly destroy key payloads when their keytype is removed
unregister_key_type() has code to mark a key as dead and make it unavailable in
one loop and then destroy all those unavailable key payloads in the next loop.
However, the loop to mark keys dead renders the key undetectable to the second
loop by changing the key type pointer also.
Fix this by the following means:
(1) The key code has two garbage collectors: one deletes unreferenced keys and
the other alters keyrings to delete links to old dead, revoked and expired
keys. They can end up holding each other up as both want to scan the key
serial tree under spinlock. Combine these into a single routine.
(2) Move the dead key marking, dead link removal and dead key removal into the
garbage collector as a three phase process running over the three cycles
of the normal garbage collection procedure. This is tracked by the
KEY_GC_REAPING_DEAD_1, _2 and _3 state flags.
unregister_key_type() then just unlinks the key type from the list, wakes
up the garbage collector and waits for the third phase to complete.
(3) Downgrade the key types sem in unregister_key_type() once it has deleted
the key type from the list so that it doesn't block the keyctl() syscall.
(4) Dead keys that cannot be simply removed in the third phase have their
payloads destroyed with the key's semaphore write-locked to prevent
interference by the keyctl() syscall. There should be no in-kernel users
of dead keys of that type by the point of unregistration, though keyctl()
may be holding a reference.
(5) Only perform timer recalculation in the GC if the timer actually expired.
If it didn't, we'll get another cycle when it goes off - and if the key
that actually triggered it has been removed, it's not a problem.
(6) Only garbage collect link if the timer expired or if we're doing dead key
clean up phase 2.
(7) As only key_garbage_collector() is permitted to use rb_erase() on the key
serial tree, it doesn't need to revalidate its cursor after dropping the
spinlock as the node the cursor points to must still exist in the tree.
(8) Drop the spinlock in the GC if there is contention on it or if we need to
reschedule. After dealing with that, get the spinlock again and resume
scanning.
This has been tested in the following ways:
(1) Run the keyutils testsuite against it.
(2) Using the AF_RXRPC and RxKAD modules to test keytype removal:
Load the rxrpc_s key type:
# insmod /tmp/af-rxrpc.ko
# insmod /tmp/rxkad.ko
Create a key (http://people.redhat.com/~dhowells/rxrpc/listen.c):
Link it to a session keyring, preferably one with a higher serial number:
# keyctl link 0x20e36251 @s
Kill the process (the key should remain as it's linked to another place):
# fg
/tmp/listen
^C
Remove the key type:
rmmod rxkad
rmmod af-rxrpc
This can be made a more effective test by altering the following part of
the patch:
if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2)) {
/* Make sure everyone revalidates their keys if we marked a
* bunch as being dead and make sure all keyring ex-payloads
* are destroyed.
*/
kdebug("dead sync");
synchronize_rcu();
To call synchronize_rcu() in GC phase 1 instead. That causes that the
keyring's old payload content to hang around longer until it's RCU
destroyed - which usually happens after GC phase 3 is complete. This
allows the destroy_dead_key branch to be tested.
Reported-by: Benjamin Coddington <bcodding@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 22 Aug 2011 13:09:28 +0000 (14:09 +0100)]
KEYS: The dead key link reaper should be non-reentrant
The dead key link reaper should be non-reentrant as it relies on global state
to keep track of where it's got to when it returns to the work queue manager to
give it some air.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 22 Aug 2011 13:09:20 +0000 (14:09 +0100)]
KEYS: Make the key reaper non-reentrant
Make the key reaper non-reentrant by sticking it on the appropriate system work
queue when we queue it. This will allow it to have global state and drop
locks. It should probably be non-reentrant already as it may spend a long time
holding the key serial spinlock, and so multiple entrants can spend long
periods of time just sitting there spinning, waiting to get the lock.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 22 Aug 2011 13:09:00 +0000 (14:09 +0100)]
CRED: Fix prepare_kernel_cred() to provide a new thread_group_cred struct
Fix prepare_kernel_cred() to provide a new, separate thread_group_cred struct
otherwise when using request_key() ____call_usermodehelper() calls
umh_keys_init() with the new creds pointing to init_tgcred, which
umh_keys_init() then blithely alters.
which causes the old _req keyring to go away and a new one to take its place.
This is a consequence of the changes in:
commit 879669961b11e7f40b518784863a259f735a72bf
Author: David Howells <dhowells@redhat.com>
Date: Fri Jun 17 11:25:59 2011 +0100
KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring
and:
commit 17f60a7da150fdd0cfb9756f86a262daa72c835f
Author: Eric Paris <eparis@redhat.com>
Date: Fri Apr 1 17:07:50 2011 -0400
capabilites: allow the application of capability limits to usermode helpers
After this patch is applied, the _req keyring and the .request_key key are
cleaned up.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Mon, 22 Aug 2011 13:08:51 +0000 (14:08 +0100)]
KEYS: __key_link() should use the RCU deref wrapper for keyring payloads
__key_link() should use the RCU deref wrapper rcu_dereference_locked_keyring()
for accessing keyring payloads rather than calling rcu_dereference_protected()
directly.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
should create a session keyring if the process doesn't have one of its own
because the create flag argument is set - rather than subscribing to and
returning the user-session keyring as:
As can be seen, the session keyring starts off the same as the user-session
keyring each time, but with the patch a new session keyring is created when
the create flag is set.
Reported-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: James Morris <jmorris@namei.org>
now always creates a new session keyring and thus the check whether the session
keyring and the user-session keyring are the same is always false. This leads
pam_keyinit to conclude that a session keyring is installed and it shouldn't be
revoked by pam_keyinit here if 'revoke' is specified.
Any system that specifies 'force' against pam_keyinit in the PAM configuration
files for login methods (login, ssh, su -l, kdm, etc.) is not affected since
that bypasses the broken check and forces the creation of a new session keyring
anyway (for which the revoke flag is not cleared) - and any subsequent call to
pam_keyinit really does have a session keyring already installed, and so the
check works correctly there.
Reverting to the previous behaviour will cause the kernel to subscribe the
process to the user-session keyring as its session keyring if it doesn't have a
session keyring of its own. pam_keyinit will detect this and install a new
session keyring anyway (and won't clear the revert flag).
This can be tested by commenting out pam_keyinit in the /etc/pam.d files and
running the following program a couple of times in a row:
As can be seen, with the patch, the session keyring is the same as the
user-session keyring each time; without the patch a new session keyring is
generated each time.
Reported-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: James Morris <jmorris@namei.org>
Mimi Zohar [Wed, 17 Aug 2011 22:51:36 +0000 (18:51 -0400)]
evm: add Kconfig TCG_TPM dependency
Although the EVM encrypted-key should be encrypted/decrypted using a
trusted-key, a user-defined key could be used instead. When using a user-
defined key, a TCG_TPM dependency should not be required. Unfortunately,
the encrypted-key code needs to be refactored a bit in order to remove
this dependency.
This patch adds the TCG_TPM dependency.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>,
Randy Dunlap <rdunlap@xenotimenet> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Mimi Zohar [Mon, 15 Aug 2011 13:09:16 +0000 (09:09 -0400)]
evm: fix build problems
- Make the previously missing security_old_inode_init_security() stub
function definition static inline.
- The stub security_inode_init_security() function previously returned
-EOPNOTSUPP and relied on the callers to change it to 0. The stub
security/security_old_inode_init_security() functions now return 0.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Serge Hallyn [Mon, 15 Aug 2011 13:29:50 +0000 (08:29 -0500)]
capabilities: initialize has_cap
Initialize has_cap in cap_bprm_set_creds()
Reported-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Zhi Li [Thu, 11 Aug 2011 05:27:50 +0000 (13:27 +0800)]
capabilities: do not grant full privs for setuid w/ file caps + no effective caps
A task (when !SECURE_NOROOT) which executes a setuid-root binary will
obtain root privileges while executing that binary. If the binary also
has effective capabilities set, then only those capabilities will be
granted. The rationale is that the same binary can carry both setuid-root
and the minimal file capability set, so that on a filesystem not
supporting file caps the binary can still be executed with privilege,
while on a filesystem supporting file caps it will run with minimal
privilege.
This special case currently does NOT happen if there are file capabilities
but no effective capabilities. Since capability-aware programs can very
well start with empty pE but populated pP and move those caps to pE when
needed. In other words, if the file has file capabilities but NOT
effective capabilities, then we should do the same thing as if there
were file capabilities, and not grant full root privileges.
This patchset does that.
(Changelog by Serge Hallyn).
Signed-off-by: Zhi Li <lizhi1215@gmail.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Mimi Zohar [Thu, 11 Aug 2011 20:00:47 +0000 (16:00 -0400)]
CIFS: remove local xattr definitions
Local XATTR_TRUSTED_PREFIX_LEN and XATTR_SECURITY_PREFIX_LEN definitions
redefined ones in 'linux/xattr.h'. This was caused by commit 9d8f13ba3f48
("security: new security_inode_init_security API adds function callback")
including 'linux/xattr.h' in 'linux/security.h'.
In file included from include/linux/security.h:39,
from include/net/sock.h:54,
from fs/cifs/cifspdu.h:25,
from fs/cifs/xattr.c:26:
This patch removes the local definitions.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Mimi Zohar [Thu, 11 Aug 2011 04:22:51 +0000 (00:22 -0400)]
evm: building without EVM enabled fixes
- Missing 'inline' on evm_inode_setattr() definition.
Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent
updating an invalid security.evm").
- Missing security_old_inode_init_security() stub function definition.
Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security
API adds function callback").
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
James Morris [Tue, 9 Aug 2011 01:33:36 +0000 (11:33 +1000)]
EVM: ensure trusted and encypted key symbols are available to EVM
Select trusted and encrypted keys if EVM is selected, to ensure
the requisite symbols are available. Otherwise, these can be
selected as modules while EVM is static, leading to a kernel
build failure.
Commit d006199e72a9 ("serial: sh-sci: Regtype probing doesn't need to be
fatal.") made sci_init_single() return when sci_probe_regmap() succeeds,
although it should return when sci_probe_regmap() fails. This causes
systems using the serial sh-sci driver to crash during boot.
Fix the problem by using the right return condition.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 7 Aug 2011 21:07:03 +0000 (14:07 -0700)]
arm: remove "optimized" SHA1 routines
Since commit 1eb19a12bd22 ("lib/sha1: use the git implementation of
SHA-1"), the ARM SHA1 routines no longer work. The reason? They
depended on the larger 320-byte workspace, and now the sha1 workspace is
just 16 words (64 bytes). So the assembly version would overwrite the
stack randomly.
The optimized asm version is also probably slower than the new improved
C version, so there's no reason to keep it around. At least that was
the case in git, where what appears to be the same assembly language
version was removed two years ago because the optimized C BLK_SHA1 code
was faster.
Reported-and-tested-by: Joachim Eastwood <manabian@gmail.com> Cc: Andreas Schwab <schwab@linux-m68k.org> Cc: Nicolas Pitre <nico@fluxnic.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Sun, 7 Aug 2011 17:55:11 +0000 (18:55 +0100)]
fix rcu annotations noise in cred.h
task->cred is declared as __rcu, and access to other tasks' ->cred is,
indeed, protected. Access to current->cred does not need rcu_dereference()
at all, since only the task itself can change its ->cred. sparse, of
course, has no way of knowing that...
Add force-cast in current_cred(), make current_fsuid() et.al. use it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 7 Aug 2011 16:53:20 +0000 (09:53 -0700)]
vfs: rename 'do_follow_link' to 'should_follow_link'
Al points out that the do_follow_link() helper function really is
misnamed - it's about whether we should try to follow a symlink or not,
not about actually doing the following.
Ari Savolainen [Sat, 6 Aug 2011 16:43:07 +0000 (19:43 +0300)]
Fix POSIX ACL permission check
After commit 3567866bf261: "RCUify freeing acls, let check_acl() go ahead in
RCU mode if acl is cached" posix_acl_permission is being called with an
unsupported flag and the permission check fails. This patch fixes the issue.
Signed-off-by: Ari Savolainen <ari.m.savolainen@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Sun, 7 Aug 2011 05:56:03 +0000 (22:56 -0700)]
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
* 'for-linus' of git://git.open-osd.org/linux-open-osd:
ore: Make ore its own module
exofs: Rename raid engine from exofs/ios.c => ore
exofs: ios: Move to a per inode components & device-table
exofs: Move exofs specific osd operations out of ios.c
exofs: Add offset/length to exofs_get_io_state
exofs: Fix truncate for the raid-groups case
exofs: Small cleanup of exofs_fill_super
exofs: BUG: Avoid sbi realloc
exofs: Remove pnfs-osd private definitions
nfs_xdr: Move nfs4_string definition out of #ifdef CONFIG_NFS_V4
Linus Torvalds [Sun, 7 Aug 2011 05:45:50 +0000 (22:45 -0700)]
vfs: optimize inode cache access patterns
The inode structure layout is largely random, and some of the vfs paths
really do care. The path lookup in particular is already quite D$
intensive, and profiles show that accessing the 'inode->i_op->xyz'
fields is quite costly.
We already optimized the dcache to not unnecessarily load the d_op
structure for members that are often NULL using the DCACHE_OP_xyz bits
in dentry->d_flags, and this does something very similar for the inode
ops that are used during pathname lookup.
It also re-orders the fields so that the fields accessed by 'stat' are
together at the beginning of the inode structure, and roughly in the
order accessed.
The effect of this seems to be in the 1-2% range for an empty kernel
"make -j" run (which is fairly kernel-intensive, mostly in filename
lookup), so it's visible. The numbers are fairly noisy, though, and
likely depend a lot on exact microarchitecture. So there's more tuning
to be done.
Linus Torvalds [Sun, 7 Aug 2011 05:41:50 +0000 (22:41 -0700)]
vfs: renumber DCACHE_xyz flags, remove some stale ones
Gcc tends to generate better code with small integers, including the
DCACHE_xyz flag tests - so move the common ones to be first in the list.
Also just remove the unused DCACHE_INOTIFY_PARENT_WATCHED and
DCACHE_AUTOFS_PENDING values, their users no longer exists in the source
tree.
And add a "unlikely()" to the DCACHE_OP_COMPARE test, since we want the
common case to be a nice straight-line fall-through.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
net: Compute protocol sequence numbers and fragment IDs using MD5.
crypto: Move md5_transform to lib/md5.c
Boaz Harrosh [Sun, 7 Aug 2011 02:26:31 +0000 (19:26 -0700)]
exofs: Rename raid engine from exofs/ios.c => ore
ORE stands for "Objects Raid Engine"
This patch is a mechanical rename of everything that was in ios.c
and its API declaration to an ore.c and an osd_ore.h header. The ore
engine will later be used by the pnfs objects layout driver.
* File ios.c => ore.c
* Declaration of types and API are moved from exofs.h to a new
osd_ore.h
* All used types are prefixed by ore_ from their exofs_ name.
* Shift includes from exofs.h to osd_ore.h so osd_ore.h is
independent, include it from exofs.h.
Other than a pure rename there are no other changes. Next patch
will move the ore into it's own module and will export the API
to be used by exofs and later the layout driver
Boaz Harrosh [Fri, 5 Aug 2011 22:06:04 +0000 (15:06 -0700)]
exofs: ios: Move to a per inode components & device-table
Exofs raid engine was saving on memory space by having a single layout-info,
single pid, and a single device-table, global to the filesystem. Then passing
a credential and object_id info at the io_state level, private for each
inode. It would also devise this contraption of rotating the device table
view for each inode->ino to spread out the device usage.
This is not compatible with the pnfs-objects standard, demanding that
each inode can have it's own layout-info, device-table, and each object
component it's own pid, oid and creds.
So: Bring exofs raid engine to be usable for generic pnfs-objects use by:
* Define an exofs_comp structure that holds obj_id and credential info.
* Break up exofs_layout struct to an exofs_components structure that holds a
possible array of exofs_comp and the array of devices + the size of the
arrays.
* Add a "comps" parameter to get_io_state() that specifies the ids creds
and device array to use for each IO.
This enables to keep the layout global, but the device-table view, creds
and IDs at the inode level. It only adds two 64bit to each inode, since
some of these members already existed in another form.
* ios raid engine now access layout-info and comps-info through the passed
pointers. Everything is pre-prepared by caller for generic access of
these structures and arrays.
At the exofs Level:
* Super block holds an exofs_components struct that holds the device
array, previously in layout. The devices there are in device-table
order. The device-array is twice bigger and repeats the device-table
twice so now each inode's device array can point to a random device
and have a round-robin view of the table, making it compatible to
previous exofs versions.
* Each inode has an exofs_components struct that is initialized at
load time, with it's own view of the device table IDs and creds.
When doing IO this gets passed to the io_state together with the
layout.
While preforming this change. Bugs where found where credentials with the
wrong IDs where used to access the different SB objects (super.c). As well
as some dead code. It was never noticed because the target we use does not
check the credentials.
Boaz Harrosh [Tue, 16 Nov 2010 18:09:58 +0000 (20:09 +0200)]
exofs: Add offset/length to exofs_get_io_state
In future raid code we will need to know the IO offset/length
and if it's a read or write to determine some of the array
sizes we'll need.
So add a new exofs_get_rw_state() API for use when
writeing/reading. All other simple cases are left using the
old way.
The major change to this is that now we need to call
exofs_get_io_state later at inode.c::read_exec and
inode.c::write_exec when we actually know these things. So this
patch is kept separate so I can test things apart from other
changes.
David S. Miller [Thu, 4 Aug 2011 03:50:44 +0000 (20:50 -0700)]
net: Compute protocol sequence numbers and fragment IDs using MD5.
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.
MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)
Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation. So the periodic
regeneration and 8-bit counter have been removed. We compute and
use a full 32-bit sequence number.
For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.
Reported-by: Dan Kaminsky <dan@doxpara.com> Tested-by: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: cope with negative dentries in cifs_get_root
cifs: convert prefixpath delimiters in cifs_build_path_to_root
CIFS: Fix missing a decrement of inFlight value
cifs: demote DFS referral lookup errors to cFYI
Revert "cifs: advertise the right receive buffer size to the server"
Linus Torvalds [Sat, 6 Aug 2011 19:22:30 +0000 (12:22 -0700)]
Merge branch 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
* 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen/trace: Fix compile error when CONFIG_XEN_PRIVILEGED_GUEST is not set
xen: Fix misleading WARN message at xen_release_chunk
xen: Fix printk() format in xen/setup.c
xen/tracing: it looks like we wanted CONFIG_FTRACE
xen/self-balloon: Add dependency on tmem.
xen/balloon: Fix compile errors - missing header files.
xen/grant: Fix compile warning.
xen/pciback: remove duplicated #include
John Stanley [Thu, 4 Aug 2011 00:41:00 +0000 (20:41 -0400)]
savagedb: Fix typo causing regression in savage4 series video chip detection
Two additional savage4 variants were added, but the S3_SAVAGE4_SERIES
macro was incompletely modified, resulting in a false positive detection
of a savage4 card regardless of which savage card is actually present.
For non-savage4 series cards, such as a Savage/IX-MV card, this results
in garbled video and/or a hard-hang at boot time. Fix this by changing
an '||' to an '&&' in the S3_SAVAGE4_SERIES macro.
Signed-off-by: John P. Stanley <jpsinthemix@verizon.net> Reviewed-by: Tormod Volden <debian.tormod@gmail.com>
[ The macros have incomplete parenthesis too, but whatever .. -Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Josh Triplett [Wed, 3 Aug 2011 19:19:07 +0000 (12:19 -0700)]
CodingStyle: Document the exception of not splitting user-visible strings, for grepping
Patch reviewers now recommend not splitting long user-visible strings,
such as printk messages, even if they exceed 80 columns. This avoids
breaking grep. However, that recommendation did not actually appear
anywhere in Documentation/CodingStyle.
See, for example, the thread at
http://news.gmane.org/find-root.php?message_id=%3c1312215262.11635.15.camel%40Joe%2dLaptop%3e
Linus Torvalds [Sat, 6 Aug 2011 18:51:33 +0000 (11:51 -0700)]
vfs: show O_CLOEXE bit properly in /proc/<pid>/fdinfo/<fd> files
The CLOEXE bit is magical, and for performance (and semantic) reasons we
don't actually maintain it in the file descriptor itself, but in a
separate bit array. Which means that when we show f_flags, the CLOEXE
status is shown incorrectly: we show the status not as it is now, but as
it was when the file was opened.
Fix that by looking up the bit properly in the 'fdt->close_on_exec' bit
array.
Uli needs this in order to re-implement the pfiles program:
"For normal file descriptors (not sockets) this was the last piece of
information which wasn't available. This is all part of my 'give
Solaris users no reason to not switch' effort. I intend to offer the
code to the util-linux-ng maintainers."
Linus Torvalds [Sat, 6 Aug 2011 18:43:08 +0000 (11:43 -0700)]
oom_ajd: don't use WARN_ONCE, just use printk_once
WARN_ONCE() is very annoying, in that it shows the stack trace that we
don't care about at all, and also triggers various user-level "kernel
oopsed" logic that we really don't care about. And it's not like the
user can do anything about the applications (sshd) in question, it's a
distro issue.
For ChromiumOS, we use SHA-1 to verify the integrity of the root
filesystem. The speed of the kernel sha-1 implementation has a major
impact on our boot performance.
To improve boot performance, we investigated using the heavily optimized
sha-1 implementation used in git. With the git sha-1 implementation, we
see a 11.7% improvement in boot time.
10 reboots, remove slowest/fastest.
Before:
Mean: 6.58 seconds Stdev: 0.14
After (with git sha-1, this patch):
Mean: 5.89 seconds Stdev: 0.07
The other cool thing about the git SHA-1 implementation is that it only
needs 64 bytes of stack for the workspace while the original kernel
implementation needed 320 bytes.
Signed-off-by: Mandeep Singh Baines <msb@chromium.org> Cc: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Cc: Nicolas Pitre <nico@cam.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: David S. Miller <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch introduces separate lock to struct acpi_battery to
grab in sysfs_remove_battery() instead of battery->lock.
So fix by Lan Tianyu is still there, we just grab independent lock.
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Tested-by: Lan Tianyu <tianyu.lan@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
Kevin Hilman [Fri, 5 Aug 2011 19:45:20 +0000 (21:45 +0200)]
PM / Runtime: Allow _put_sync() from interrupts-disabled context
Currently the use of pm_runtime_put_sync() is not safe from
interrupts-disabled context because rpm_idle() will release the
spinlock and enable interrupts for the idle callbacks. This enables
interrupts during a time where interrupts were expected to be
disabled, and can have strange side effects on drivers that expected
interrupts to be disabled.
This is not a bug since the documentation clearly states that only
_put_sync_suspend() is safe in IRQ-safe mode.
However, pm_runtime_put_sync() could be made safe when in IRQ-safe
mode by releasing the spinlock but not re-enabling interrupts, which
is what this patch aims to do.
Problem was found when using some buggy drivers that set
pm_runtime_irq_safe() and used _put_sync() in interrupts-disabled
context.
Reported-by: Colin Cross <ccross@google.com> Tested-by: Nishanth Menon <nm@ti.com> Signed-off-by: Kevin Hilman <khilman@ti.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
The local variable ret is defined twice in pm_genpd_poweron(), which
causes this function to always return 0, even if the PM domain's
.power_on() callback fails, in which case an error code should be
returned.
Remove the wrong second definition of ret and additionally remove an
unnecessary definition of wait from pm_genpd_poweron().
The AMW0 function in acer-wmi works on Lenovo ideapad S205 for control
the wifi hardware state. We also found there have a 0x78 EC register
exposes the state of wifi hardware switch on the machine.
So, add this patch to support Lenovo ideapad S205 wifi hardware switch
in acer-wmi driver.
When enabling turbo, we need to set both the TDC and TDP bits. IIRC
only the TDC one actually matters, but fix it up anyway since the
current code is confusing.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Matthew Garrett <mjg@redhat.com>
Thomas Courbon [Wed, 20 Jul 2011 20:57:44 +0000 (22:57 +0200)]
Platform: fix samsung-laptop DMI identification for N150/N210/220/N230
Some samsung latop of the N150/N2{10,20,30} serie are badly detected by the samsung-laptop platform driver, see bug # 36082.
It appears that N230 identifies itself as N150/N210/N220/N230 whereas the other identify themselves as N150/N210/220.
This patch attemtp fix #36082 allowing correct identification for all the said netbook model.
Reported-by: Daniel Eklöf <daniel@ekloef.se> Signed-off-by: Thomas Courbon <thcourbon@gmail.com> Signed-off-by: Matthew Garrett <mjg@redhat.com>
Seth Forshee [Mon, 1 Aug 2011 20:46:10 +0000 (15:46 -0500)]
dell-wmi: Add keys for Dell XPS L502X
All of these keys are being reported on the keyboard
controller but are also generating WMI events. Add them
to the legacy keymap to silence the noise.
BugLink: http://bugs.launchpad.net/bugs/815914 Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Matthew Garrett <mjg@redhat.com>
Axel Lin [Mon, 18 Jul 2011 08:08:21 +0000 (16:08 +0800)]
platform-drivers-x86: samsung-q10: make dmi_check_callback return 1
We only care about if there is any successful match from the dmi table
or no match at all, we can make dmi_check_system return immediately if
we have a successful match instead of iterate thorough the whole table.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Matthew Garrett <mjg@redhat.com>
The memory for td_info which is allocated in initialize_sensor()
should be properly kfreed in mid_thermal_probe() error patch and
mid_thermal_remove().
Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Matthew Garrett <mjg@redhat.com>