Currently we check for permission before deleting entries from SAD and
SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
However we are not checking for authorization when flushing the SPD and
the SAD completely. It was perhaps missed in the original security hooks
patch.
This patch adds a security check when flushing entries from the SAD and
SPD. It runs the entire database and checks each entry for a denial.
If the process attempting the flush is unable to remove all of the
entries a denial is logged the the flush function returns an error
without removing anything.
This is particularly useful when a process may need to create or delete
its own xfrm entries used for things like labeled networking but that
same process should not be able to delete other entries or flush the
entire database.
Signed-off-by: Joy Latten<latten@austin.ibm.com>
Signed-off-by: Eric Paris <eparis@parisplace.org>
Signed-off-by: James Morris <jmorris@namei.org>
cbq and atm destroy their filters twice when destroying inner classes
during qdisc destruction.
Reported-and-tested-by: Strobl Anton <a.strobl@aws-it.at>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When changing the link state from userspace not affecting any other
flags. Two duplicate notification are being sent, once as action
in the NETDEV_UP/NETDEV_DOWN notification chain and a second time
when comparing old and new device flags after the change has been
completed. Although harmless, the duplicates should be avoided.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts changesets:
6aaf47fa48b7b5f487abde34ed91c4fc038410b4
There are still some correctness issues recently
discovered which do not have a known fix that doesn't
involve doing a full hash table scan on port bind.
So revert for now.
Signed-off-by: David S. Miller <davem@davemloft.net>
A recv() on an AF_UNIX, SOCK_STREAM socket can race with a
send()+close() on the peer, causing recv() to return zero, even though
the sent data should be received.
This happens if the send() and the close() is performed between
skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg():
process A skb_dequeue() returns NULL, there's no data in the socket queue
process B new data is inserted onto the queue by unix_stream_sendmsg()
process B sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock()
process A sk->sk_shutdown is checked, unix_release_sock() returns zero
I'm surprised nobody noticed this, it's not hard to trigger. Maybe
it's just (un)luck with the timing.
It's possible to work around this bug in userspace, by retrying the
recv() once in case of a zero return value.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
The return value from textsearch_prepare() needs to be checked
by IS_ERR(). Because it returns error code as a pointer.
Cc: "Brian J. Murrell" <netfilter@interlinx.bc.ca>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
check_compat_entry_size_and_hooks iterates over the matches and calls
compat_check_calc_match, which loads the match and calculates the
compat offsets, but unlike the non-compat version, doesn't call
->checkentry yet. On error however it calls cleanup_matches, which in
turn calls ->destroy, which can result in crashes if the destroy
function (validly) expects to only get called after the checkentry
function.
Add a compat_release_match function that only drops the module reference
on error and rename compat_check_calc_match to compat_find_calc_match to
reflect the fact that it doesn't call the checkentry function.
Reported by Jan Engelhardt <jengelh@linux01.gwdg.de>
Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When a helper module is unloaded all conntracks refering to it have their
helper pointer NULLed out, leading to lots of races. In most places this
can be fixed by proper use of RCU (they do already check for != NULL,
but in a racy way), additionally nf_conntrack_expect_related needs to
bail out when no helper is present.
Also remove two paranoid BUG_ONs in nf_conntrack_proto_gre that are racy
and not worth fixing.
Signed-off-by: Patrick McHarrdy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
ifindex == 0 does not exist and implies we should do a lookup by name if
one was given.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
GCC doesn't like the way Stephen initially did it:
net/ipv4/tcp_probe.c:83: warning: empty declaration
Signed-off-by: David S. Miller <davem@davemloft.net>
LIMIT_NETDEBUG allows the admin to disable some warning messages (echo 0
>/proc/sys/net/core/warnings).
The "TCP: Treason uncloaked!" message can use this facility.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The rfkill name can be made const safely,
this makes the compiler happy when drivers make
it point to some const string used elsewhere.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Previously inet devices were only constructed when addresses are added
(or rarely in ipmr). Therefore the default config values they get are
the ones at the time of these operations.
Now that we're creating inet devices earlier, this changes the
behaviour of default config values in an incompatible way (see bug
#8519).
This patch creates a compromise by setting the default values at the
same point as before but only for those that have not been explicitly
set by the user since the inet device's creation.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Previously once inetdev_init has been called on a device any changes
made to ipv4_devconf_dflt would have no effect on that device's
configuration.
This creates a problem since we have moved the point where
inetdev_init is called from when an address is added to where the
device is registered.
This patch is the first half of a set that tries to mimic the old
behaviour while still calling inetdev_init.
It propagates any changes to ipv4_devconf_dflt to those devices that
have not had the corresponding attribute set.
The next patch will forcibly set all values at the point where
inetdev_init was previously called.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch converts the ipv4_devconf config members (everything except
sysctl) to an array. This allows easier manipulation which will be
needed later on to provide better management of default config values.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
When I made the inetdev_init call work on all devices I incorrectly
left in the panic call as well. It is obviously undesirable to
panic on an allocation failure for a normal network device. This
patch moves the panic call under the loopback if clause.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
A time_wait socket inherits sk_bound_dev_if from the original socket,
but it is not used when sending ACK packets using ip_send_reply.
Fix by passing the oif to ip_send_reply in struct ip_reply_arg and
use it for output routing.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Update to version 1.5.11.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The statistics block DMA on 5708 can be messed up occasionally on the
average of about once per hour. If the user is reading the counters
within one second after the corruption, the counters will be all
messed up. One second later, the counters will be ok again until the
next corruption occurs.
The workaround is to disable the periodic statistics DMA. Instead,
we manually trigger the DMA once a second in bnx2_timer(). This
manual trigger of the DMA avoids the problem.
As a consequence, we can only allow 0 or 1 second settings for
ethtool -C statistics block.
Thanks to Jean-Daniel Pauget <jd@disjunkt.com> and
CaT <cat@zip.com.au> for reporting this rare problem.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add missing code to enable DMA on 5709 A1. The bit is a no-op on A0
and therefore can be set on all 5709 chips.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
For correctness, we need to wait for the MEM_INIT bit to be cleared
in the BNX2_CTX_COMMAND register before proceeding.
[Added return -EBUSY when the MEM_INIT bit doesn't clear, suggested
by Jeff Garzik.]
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
There's a bug in the driver that only initializes half of the context
memory on the 5708. Surprisingly, this works most of the time except
for some occasional netdev watchdogs when sending a lot of 64-byte
packets. The fix is to add the missing code to initialize the 2nd
halves of all context memory.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
We need to pass the same dev_id to free_irq() and request_irq(). When
using MSI-X, the MLX4_EQ_CATAS interrupt uses a different dev_id from
the other interrupts.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
We may call mlx4_dispatch_event() before mlx4_register_device() is
called for a device, because for example a catastrophic error happens
immediately after we enable interrupts. Therefore priv->ctx_list and
priv->ctx_lock need to be initialized earlier.
This bug was actually exposed by the MSI-X bug that returned IRQ numbers
to drivers in reverse order, so that the first FW command
interrupt looked to mlx4 like a catastrophic error.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
The reserved6 field should be 64 bits, not just 16 bits. Without
this, the structure does not match the hardware layout on 32-bit
architectures: the db_rec_addr field ends up at offset 52 instead of
offset 56. The bug slipped by because the alignment of __be64 members
ends up putting it in the right place on x86-64.
Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[VIDEO] sunxvr500fb: Fix pseudo_palette array size
[VIDEO] sunxvr2500fb: Fix pseudo_palette array size
[VIDEO] ffb: The pseudo_palette is only 16 elements long
[VIDEO]: Fix section mismatch warning in promcon.
[ATA]: Back out bogus (SPARC64 && !PCI) Kconfig depends.
[SPARC64]: Fill in gaps in non-PCI dma_*() NOP implementation.
[SPARC64]: Fix {mc,smt}_capable().
[SPARC64]: Make core and sibling groups equal on UltraSPARC-IV.
[SPARC64]: Proper multi-core scheduling support.
[SPARC64]: Provide mmu statistics via sysfs.
[SPARC64]: Fix service channel hypervisor function names.
[SPARC64]: Export basic cpu properties via sysfs.
[SPARC64]: Move topology init code into new file, sysfs.c
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix building of COFF zImages
[POWERPC] spufs: Fix error handling in spufs_fill_dir()
[POWERPC] Add table of contents to booting-without-of.txt
[POWERPC] spufs: Don't yield nosched context
[POWERPC] Fix typo in booting-without-of-txt section numbering
[POWERPC] scc_sio: Fix link failure
[POWERPC] cbe_cpufreq: Limit frequency via cpufreq notifier chain
[POWERPC] Fix pci_setup_phb_io_dynamic for pci_iomap
[POWERPC] spufs scheduler: Fix wakeup races
[POWERPC] spufs: Synchronize pte invalidation vs ps close
[POWERPC] spufs: Free mm if spufs_fill_dir() failed
[POWERPC] spufs: Fix gang destroy leaks
[POWERPC] spufs: Hook up spufs_release_mem
[POWERPC] spufs: Refuse to load the module when not running on cell
[POWERPC] pasemi: Fix iommu + 64K PAGE_SIZE bug
This patch should get a few birds. It prevents sigaction calls from
clearing TIF_SIGPENDING in other threads, which could leak -ERESTART*.
And It fixes ptrace_stop not to clear it, which done at the syscall exit
stop could leak -ERESTART*. It probably removes the harm from signalfd,
at least assuming it never calls dequeue_signal on kernel threads that
might have used block_all_signals.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
scripts/checkpatch.pl should be executable, make it so.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Joel Schopp <jschopp@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The COFF zImage (for booting oldworld powermacs) wasn't being built
correctly because the procedure descriptor in crt0.S for the zImage
entry point wasn't declared as .globl, and therefore wasn't getting
pulled in from wrapper.a by the linker. This adds the necessary
.globl statement.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Make sure we don't call the switch function on cards too old to
support it. They should just ignore it, but some have been reported
to lock up instead.
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Fix a broken if clause which was causing SD cards to go into
4-bit mode even if the host did not support it.
(Reported by David Brownell and Marc Pignat)
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Fix compilation error by removing command decoding from at91_mci.c driver.
Decoding commands in the host driver is the wrong way.
Signed-off-by: Marc Pignat <marc.pignat@hevs.ch>
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
The error path in spufs_fill_dir() is broken. If d_alloc_name() or
spufs_new_file() fails, spufs_prune_dir() is getting called. At this time
dir->inode is not set and a NULL pointer is dereferenced by mutex_lock().
This bugfix replaces spufs_prune_dir() with a shorter version that does
not touch dir->inode but simply removes all children.
Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Acked-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Nosched context sould never be scheduled out, thus we must not
deactivate them in spu_yield ever.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Fix typo in section numbering.
Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
scc_sio.o should only be built if the txx9 serial driver is actually
built into the kernel.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
--
Signed-off-by: Paul Mackerras <paulus@samba.org>
... and get rid of cpufreq_set_policy call that caused a build
failure due interfering commits.
Signed-off-by: Thomas Renninger <trenn@suse.de>
Signed-off-by: Christian Krafft <krafft@de.ibm.com>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
We had a problem on a system with only dynamically allocated
PCI buses (using of_pci_phb_driver) in combination with libata.
This setup ended up having no "primary" phb, which means
that pci_io_base never got initialized and all IO port
numbers are 64 bit numbers, which is larger than the
PIO_MASK limit.
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Fix the race between checking for contexts on the runqueue and actually
waking them in spu_deactive and spu_yield.
The guts of spu_reschedule are split into a new helper called
grab_runnable_context which shows if there is a runnable thread below
a specified priority and if yes removes if from the runqueue and uses
it. This function is used by the new __spu_deactivate hepler shared
by preemption and spu_yield to grab a new context before deactivating
a specified priority and if yes removes if from the runqueue and uses
it. This function is used by the new __spu_deactivate hepler shared
by preemption and spu_yield to grab a new context before deactivating
the old one.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Make sure the mapping_lock also protects access to the various address_space
pointers used for tearing down the ptes on a spu context switch.
Because unmap_mapping_range can sleep we need to turn mapping_lock from
a spinlock into a sleeping mutex.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
In case spufs_fill_dir() fails only put_spu_context()
gets called for cleanup and the acquired mm_struct never gets freed.
Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Previously, closing a SPE gang that still has contexts would trigger
a WARN_ON, and leak the allocated gang.
This change fixes the problem by using the gang's reference counts to
destroy the gang instead. The gangs will persist until their last
reference (be it context or open file handle) is gone.
Also, avoid using statements with side-effects in a WARN_ON().
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Currently spufs_mem_release and the mem file doesn't have any release
method hooked up, leading to leaks everytime is used.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>