V4 updated to current linux-security#next
Targeted for git://gitorious.org/smack-next/kernel.git
Modern application runtime environments like to use
naming schemes that are structured and generated without
human intervention. Even though the Smack limit of 23
characters for a label name is perfectly rational for
human use there have been complaints that the limit is
a problem in environments where names are composed from
a set or sources, including vendor, author, distribution
channel and application name. Names like
softwarehouse-pgwodehouse-coolappstore-mellowmuskrats
are becoming harder to avoid. This patch introduces long
label support in Smack. Labels are now limited to 255
characters instead of the old 23.
The primary reason for limiting the labels to 23 characters
was so they could be directly contained in CIPSO category sets.
This is still done were possible, but for labels that are too
large a mapping is required. This is perfectly safe for communication
that stays "on the box" and doesn't require much coordination
between boxes beyond what would have been required to keep label
names consistent.
The bulk of this patch is in smackfs, adding and updating
administrative interfaces. Because existing APIs can't be
changed new ones that do much the same things as old ones
have been introduced.
The Smack specific CIPSO data representation has been removed
and replaced with the data format used by netlabel. The CIPSO
header is now computed when a label is imported rather than
on use. This results in improved IP performance. The smack
label is now allocated separately from the containing structure,
allowing for larger strings.
Four new /smack interfaces have been introduced as four
of the old interfaces strictly required labels be specified
in fixed length arrays.
The access interface is supplemented with the check interface:
access "Subject Object rwxat"
access2 "Subject Object rwaxt"
The load interface is supplemented with the rules interface:
load "Subject Object rwxat"
load2 "Subject Object rwaxt"
The load-self interface is supplemented with the self-rules interface:
load-self "Subject Object rwxat"
load-self2 "Subject Object rwaxt"
The cipso interface is supplemented with the wire interface:
cipso "Subject lvl cnt c1 c2 ..."
cipso2 "Subject lvl cnt c1 c2 ..."
The old interfaces are maintained for compatibility.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Dave Chinner wrote:
> Yes, because you have no idea what the calling context is except
> for the fact that is from somewhere inside filesystem code and the
> filesystem could be holding locks. Therefore, GFP_NOFS is really the
> only really safe way to allocate memory here.
I see. Thank you.
I'm not sure, but can call trace happen where somewhere inside network
filesystem or stackable filesystem code with locks held invokes operations that
involves GFP_KENREL memory allocation outside that filesystem?
----------
[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.
new_inode_smack() which can be called from smack_inode_alloc_security() needs
to use GFP_NOFS like SELinux's inode_alloc_security() does, for
security_inode_alloc() is called from inode_init_always() and
inode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.
smack_inode_init_security() needs to use GFP_NOFS like
selinux_inode_init_security() does, for initxattrs() callback function (e.g.
btrfs_initxattrs()) which is called from security_inode_init_security() is
using GFP_NOFS.
smack_audit_rule_match() needs to use GFP_ATOMIC, for
security_audit_rule_match() can be called from audit_filter_user_rules() and
audit_filter_user_rules() is called from audit_filter_user() with RCU read lock
held.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
The transmuting directory feature of Smack requires that
the transmuting attribute be explicitly set in all cases.
It seems the users of this facility would expect that the
transmuting attribute be inherited by subdirectories that
are created in a transmuting directory. This does not seem
to add any additional complexity to the understanding of
how the system works.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Add support for the IB-NAS6210 and IB-NAS 6220. Describe as much as
currently possible in the devicetree files, including the NAND partitions.
Use the partition scheme of the original firmware by default.
Create a board-ib62x0.c for everything else.
Signed-off-by: Simon Baatz <gmbnomis@gmail.com>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
for cyclic dma, dont makr the descriptor as complte. Fix the remaining users of
cyclic dma which do so
Signed-off-by: Vinod Koul <vinod.koul@linux.intel.com>
Tested-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Tested-by: Mika Westerberg <mika.westerberg@iki.fi>
Add support for Iomega Iconnect system.
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Tested-By: Adam Baker <linux@baker-net.org.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
dns323 and (at least) iconnect platforms are using hw led blinking, so,
instead of having 2 identicals .gpio_blink_set gpio-led hooks, move
dns323 code into gpio.c
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Tested-By: Adam Baker <linux@baker-net.org.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
gpio registers are for 32 gpios. Given that orion_gpio_set_blink is called
directly and not through gpiolib, it needs to make sure that the pin value
given to the internal functions are between 0 and 31.
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Tested-By: Adam Baker <linux@baker-net.org.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Use devicetree to define NAND partitions. Use D-link partition scheme by
default, to be vaguely compatible with their userland.
Changes since last submission (V4):-
* Don't add NAND support then throw it away immediately after [Grant Likely]
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Jamie Lentin <jm@lentin.co.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Add default configuration for NAND, to be enabled in your board config. Ensure
clock gating is set appropriately when the NAND is enabled.
Acked-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Jamie Lentin <jm@lentin.co.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Allow a NAND chip using the orion_nand driver to be described using devicetree.
Changes since last submission (V4) [Addressing comments by]:-
* WARN when bank-width is out of range [Andrew Lunn]
Changes since last submission (V3):-
* Document all parameters [Grant Likely]
* Convert bank-width to be in bytes
* Add explicit defaults for cle, ale and bank-width
Signed-off-by: Jamie Lentin <jm@lentin.co.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Add support for the DNS-320 and DNS-325. Describe as much as currently possible
in the devicetree files, create a board-dnskw.c for everything else.
Changes since last submission (V3) [Addressing comments by]:-
* One MACH_DLINK_KIRKWOOD_DT for all dtb files [Grant Likely, Jason Cooper]
* Drop brain-dead select "select CONFIG_MTD_OF_PARTS" [Grant Likely]
* Don't add NAND support then throw it away immediately after [Grant Likely]
* Describe purpose of MPP 41, 42 & 49
Changes since last submission (V2):-
* Use IEEE-compliant "okay", rather than "ok" [Scott Wood]
Signed-off-by: Jamie Lentin <jm@lentin.co.uk>
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
When checking capabilities, the question we want to be asking is "does
current() have the capability in the child's namespace?"
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
The pathname of /usr/sbin/tomoyo-editpolicy seen from Ubuntu 12.04 Live CD is
squashfs:/usr/sbin/tomoyo-editpolicy rather than /usr/sbin/tomoyo-editpolicy .
Therefore, we need to accept manager programs which do not start with / .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Upon resume from standby, there is a possible interrupt
unsafe locking scenario raised when configure the Kernel
with CONFIG_PROVE_LOCKING. So this patch fixes that in
PM driver stuff by calling lock/unlock_irqsave/restore.
Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In mixed burst (MB) mode, the AHB master always initiates
the bursts with fixed-size when the DMA requests transfers
of size less than or equal to 16 beats.
This patch adds the MB support and the flag that can be
passed from the platform to select it.
MB mode can also give some benefits in terms of performances
on some platforms.
v2: fixed Coding Style
Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch is to extend the number of MAC address registers
for 16 to 32. In fact, other new 16 registers are available in new
chips and this can help on perfect filter mode for unicast.
This patch also fixes the perfect filtering mode by setting the
bit 31 in the MAC address registers.
v2: fixed Coding Style.
Signed-off-by: Gianni Antoniazzi <gianni.antoniazzi-ext@st.com>
Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Some coldfire boards (ie m5253demo) have a dm9000 onboard.
Signed-off-by: Steven King <sfking@fdwdc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David pointed out gcc might generate poor code with 31bit fields.
Using u16 is more than enough and permits a better code output.
Also make the code intent more readable using constants, fixed point arithmetic
not being trivial for everybody.
Suggested-by: David Miller <davem@davemloft.net>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* an improvement to avoid to linearise the whole received packet when not needed
* an improvement for client traffic rerouting after roaming
* a fix for the local translation table state-machine
* minor cleanups and fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAABAgAGBQJPsK8NAAoJEFMQTLzJFOZFBCQIAKD9J3BtxOxN5yJkqNu7vEpT
+67KkZiBu5lnVkOT5NX3g/Q9PUCGHUZFE0elOGn5fxLRO2XsUeZuHb1Bm71V9Ogi
WLnxhCYg1c6yHsrMVqY4czNZrE172/r0BMB9gR4ChngYSpzcx2UH7q8MA7eK7F97
hJRAIw7ySX5fPWwdW3VHxqZjc6YhfH8ZzN9FvM8vJYTaP7zZDn8w3himuGhWceI6
nLhdJUIXR5GsH+ImpgFm/+8apEjsvLnPOnRaMfAXyLbwOmzzfO0BAfTMaw6qr/Al
nZ9f1QDS6yEt+iAyMlQOWYICnSk3RsJSfAJxWLdhnBMaMHsAKA3LyQnBLiVOBB8=
=w/0g
-----END PGP SIGNATURE-----
Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge
Included changes:
* an improvement to avoid to linearise the whole received packet when not needed
* an improvement for client traffic rerouting after roaming
* a fix for the local translation table state-machine
* minor cleanups and fixes
This patch addresses a bug in a special case for target core SPC-2 RELEASE
logic where the same physical client (eg: iSCSI InitiatorName) with
differing iSCSI session identifiers (ISID) is allowed to incorrectly release
the same client's SPC-2 reservation from the non reservation holding path.
Note this bug is specific to iscsi-target w/ SPC-2 reservations, and
with the default enforce_pr_isids=1 device attr setting in target-core
controls if a InitiatorName + different ISID reservations are handled
the same as a single iSCSI client entity.
Signed-off-by: Bernhard Kohl <bernhard.kohl@gmx.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Section 15.3.1.2 of the software developer manual has this to say about the
RIPV bit in the IA32_MCG_STATUS register:
RIPV (restart IP valid) flag, bit 0 — Indicates (when set) that program
execution can be restarted reliably at the instruction pointed to by the
instruction pointer pushed on the stack when the machine-check exception
is generated. When clear, the program cannot be reliably restarted at
the pushed instruction pointer.
We need to save the state of this bit in do_machine_check() and use it
in mce_notify_process() to force a signal; even if memory_failure() says
it made a complete recovery ... e.g. replaced a clean LRU page.
Acked-by: Borislav Petkov <bp@amd64.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Fix the following build error:
net/sched/sch_fq_codel.c: In function 'fq_codel_dump_stats':
net/sched/sch_fq_codel.c:464:3: error: unknown field 'qdisc_stats' specified in initializer
net/sched/sch_fq_codel.c:464:3: warning: missing braces around initializer
net/sched/sch_fq_codel.c:464:3: warning: (near initialization for 'st.<anonymous>')
net/sched/sch_fq_codel.c:465:3: error: unknown field 'qdisc_stats' specified in initializer
net/sched/sch_fq_codel.c:465:3: warning: excess elements in struct initializer
net/sched/sch_fq_codel.c:465:3: warning: (near initialization for 'st')
net/sched/sch_fq_codel.c:466:3: error: unknown field 'qdisc_stats' specified in initializer
net/sched/sch_fq_codel.c:466:3: warning: excess elements in struct initializer
net/sched/sch_fq_codel.c:466:3: warning: (near initialization for 'st')
net/sched/sch_fq_codel.c:467:3: error: unknown field 'qdisc_stats' specified in initializer
net/sched/sch_fq_codel.c:467:3: warning: excess elements in struct initializer
net/sched/sch_fq_codel.c:467:3: warning: (near initialization for 'st')
make[1]: *** [net/sched/sch_fq_codel.o] Error 1
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
m68k allmodconfig:
net/sched/sch_codel.c: In function ‘dequeue’:
net/sched/sch_codel.c:70: error: implicit declaration of function ‘prefetch’
make[1]: *** [net/sched/sch_codel.o] Error 1
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use DT_MACHINE_START() on the r8a7740 based armadillo 800 eva board.
Also include a tiny DTS file to describe the board and update the
Kconfig dependencies to select CONFIG_USE_OF.
Signed-off-by: Magnus Damm <damm@opensource.se>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Use DT_MACHINE_START() on the sh73a0 based KZM9G board.
Also include a tiny DTS file to describe the board and
update the Kconfig dependencies to select CONFIG_USE_OF.
Signed-off-by: Magnus Damm <damm@opensource.se>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
- remove all uses of btfixup header
- remove the btfixup header
- remove the btfixup code
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use sparc_config to hold the last two function pointers. There was no
point generating dedicated _ops structures only for these.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
I ended up renaming set_cpu_int to send_ipi to
be consistent all way around.
send_ipi was moved to the *_smp.c files so
we could call the relevant method direct,
without any _ops indirection.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Under most circumstances, the bitmap allocator does not allocate the
same full 24-bit QP number immediately after a QP is destroyed.
This works by using the upper bits of a 24-bit QP number, beyond the
number of QPs that are actually available in the low level driver.
For example, say that the HCA is willing to allocate a maximum of 64K
qps. We use the bits 23..16 as a "counter" which is incremented by 1
at each allocation so that even if the same physical QP is
re-allocated, it will not receive the same 24-bit QP number.
However, we have seen the following scenario:
1. Allocate, say, 255 QPs in succession. This will cause a wrap of the "counter".
2. Destroy the first QP allocated, then allocate a new QP. The new QP,
because of the counter wraparound, will get the same FULL QP number as
the QP just destroyed!
This is a problem because packets in transit can be erroneously
delivered to the new QP when they were meant for the old (destroyed)
QP, because the full QP number of the new QP is identical to the
destroyed QP. (The "counter" mechanism is meant to prevent this by
having the full 24-bit QP numbers differ even if the physical QP on
the HCA is the same. As we see above, however, this mechanism does
not always work).
The best fix for this problem is to allocate QPs in round-robin mode,
so that the physical QP numbers are not immediately re-used.
Found-by: Matthew Finlay <matt@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Roland Dreier <roland@purestorage.com>
This is the last non-trivial user of btfixup.
Like sparc64, use a special patch section to resolve the various
implementations of how to read the current CPU's ID when we don't
have current_thread_info()->cpu necessarily available.
Signed-off-by: David S. Miller <davem@davemloft.net>
Tested-by: Sam Ravnborg <sam@ravnborg.org>
Kukjin Kim <kgene.kim@samsung.com> writes:
As there were discussions, some exynos4 boards have been updated because
current dt cannot support all features for current board files on
exynos4.
Note, this should be merged after next/devel-samsung because some
platform devices are defined in that.
* 'next/board-samsung' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: EXYNOS: Add FIMC device to SMDK4X12
ARM: EXYNOS: Add MFC device to SMDK4X12
ARM: EXYNOS: Add DRM device to SMDKV310
ARM: EXYNOS: Add DRM device to Origen
ARM: EXYNOS: Make BT platform data structure static in mach-origen.c file
ARM: EXYNOS: Add DRM core support for NURI board
ARM: EXYNOS: Add DRM core device support for Universal C210 board
ARM: EXYNOS: Increase framebuffer virtual size for origen
ARM: S3C64XX: Hook up new style regulator-regulator supplies on Cragganmore
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Don't call the ibqp event_handler pointer in the case it wasn't initialized.
Signed-off-by: Tatyana Nikolova <Tatyana.E.Nikolova@intel.com>
Signed-off-by: Donald Wood <Donald.E.Wood@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Set ORD value of the connecting peer to be at least one in order to
accommodate an RDMA READ Request message.
Signed-off-by: Tatyana Nikolova <Tatyana.E.Nikolova@intel.com>
Signed-off-by: Donald Wood <Donald.E.Wood@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
This patch reorganizes the QP and devdata files to be more cache line aware.
qib_qp fields in particular are split into read-mostly, send, and receive fields.
qib_devdata fields are split into read-mostly and read/write fields
Testing has show that bidirectional tests improve by as much as 100%
with this patch.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
If a MAD is sent directly to the local HCA rather than placed on a QP
and the MAD fails M_Key checks, there is no means to generate a
timeout for the client, which may hang. Instead we report
IB_MAD_RESULT_FAILURE, which operates the same for on-the-wire
packets, but will generate a send failure back to the client.
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jim Foraker <foraker1@llnl.gov>
Signed-off-by: Roland Dreier <roland@purestorage.com>
If a port has an M_Key lease set, the M_Key protect bits set to 1, and
a SubnSet arrives with an invalid M_Key, an M_Key mismatch trap is
generated, the lease timer begins as expected, and eventually the
M_Key protect bits will be set back to 0 as per the spec. However, if
any other SMP with an invalid M_Key arrives, the lease timer is expired
and the M_Key protect bits remain in force.
This is not according to to spec. In particular, C14-17 says that
a lease timer that is underway is not affected by protection level
checks (ie, at protection level 1, a SubnGet with a bad M_Key may be
successful, but does not stop the timer), and C14-19 says that the timer
shall stop when a valid M_Key has been received. C14-19 is the only
compliance statement that specifies a stopping condition for the timer.
This behavior is magnified if the port's Master SM LID attribute
points at itself. In that case, the M_Key mismatch trap is sufficient to
expire the timer, and the mkey lease attribute is rendered useless.
Reviewed-by: Ram Vepa <ram.vepa@qlogic.com>
Signed-off-by: Jim Foraker <foraker1@llnl.gov>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@qlogic.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
The SERDES was using the incorrect Frequency Loop Bandwidth setting
causing the link to cycle through the Physical link negotiation state
machine. Fixing the Frequency Loop Bandwidth setting in the SERDES
helps the link come up faster and more reliably.
Signed-off-by: Mitko Haralanov <mitko.haralanov@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
A "fix" for a bug with the number of contexts on a single-port board
caused the calculation to be off by one, which causes problems with
the upper layers. The same problem exists for number of free
contexts, which is also fixed here.
Signed-off-by: Mitko Haralanov <mitko.haralanov@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
When a port first goes active with SMA Set(PortInfo) and reregister
bit set, the driver sends up the reregister event followed by a port
active event.
The problem is that in response to reregister event most apps try to
issue a SA query of some sort, but that fails because port is not
active.
The qib driver needs to a trivial change to correct this behavior.
This issue has been there for a while; however the recent serdes work
has probably made the delay between the reregister event and the
active event larger and hence opened the race far enough so that its
being seen more often.
The patch also changes the clientrereg local to a u8 and saves off the
rereg bit into it. The code following the nested subn_get_portinfo()
now restores that bit per o14-12.2.1 with a logical OR from that copy.
Reviewed-by: Ram Vepa <ram.vepa@qlogic.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@qlogic.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
