Linux kernel source tree https://git.amat.us/linux/atom/security?h=v3.1.1 2011-10-19T03:36:43Z 2011-10-19T03:36:43Z Paul Moore pmoore@redhat.com 2011-10-07T09:40:59Z urn:sha1:6230c9b4f8957c8938ee4cf2d03166d3c2dc89de The Bluetooth stack has internal connection handlers for all of the various Bluetooth protocols, and unfortunately, they are currently lacking the LSM hooks found in the core network stack's connection handlers. I say unfortunately, because this can cause problems for users who have have an LSM enabled and are using certain Bluetooth devices. See one problem report below: * http://bugzilla.redhat.com/show_bug.cgi?id=741703 In order to keep things simple at this point in time, this patch fixes the problem by cloning the parent socket's LSM attributes to the newly created child socket. If we decide we need a more elaborate LSM marking mechanism for Bluetooth (I somewhat doubt this) we can always revisit this decision in the future. Reported-by: James M. Cape <jcape@ignore-your.tv> Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-08-08T03:13:45Z Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2011-08-06T14:38:30Z urn:sha1:4d81897139ffb738ee14b6f84f63f93ecda1136b Commit bd03a3e4 "TOMOYO: Add policy namespace support." forgot to set EOF flag and forgot to print namespace at PREFERENCE line. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org> 2011-08-02T00:58:33Z Paul Moore paul.moore@hp.com 2011-08-01T11:10:33Z urn:sha1:82c21bfab41a77bc01affe21bea9727d776774a7 My @hp.com will no longer be valid starting August 5, 2011 so an update is necessary. My new email address is employer independent so we don't have to worry about doing this again any time soon. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-07-28T02:26:38Z Linus Torvalds torvalds@linux-foundation.org 2011-07-28T02:26:38Z urn:sha1:95b6886526bb510b8370b625a49bc0ab3b8ff10f * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (54 commits) tpm_nsc: Fix bug when loading multiple TPM drivers tpm: Move tpm_tis_reenable_interrupts out of CONFIG_PNP block tpm: Fix compilation warning when CONFIG_PNP is not defined TOMOYO: Update kernel-doc. tpm: Fix a typo tpm_tis: Probing function for Intel iTPM bug tpm_tis: Fix the probing for interrupts tpm_tis: Delay ACPI S3 suspend while the TPM is busy tpm_tis: Re-enable interrupts upon (S3) resume tpm: Fix display of data in pubek sysfs entry tpm_tis: Add timeouts sysfs entry tpm: Adjust interface timeouts if they are too small tpm: Use interface timeouts returned from the TPM tpm_tis: Introduce durations sysfs entry tpm: Adjust the durations if they are too small tpm: Use durations returned from TPM TOMOYO: Enable conditional ACL. TOMOYO: Allow using argv[]/envp[] of execve() as conditions. TOMOYO: Allow using executable's realpath and symlink's target as conditions. TOMOYO: Allow using owner/group etc. of file objects as conditions. ... Fix up trivial conflict in security/tomoyo/realpath.c 2011-07-27T01:30:20Z Linus Torvalds torvalds@linux-foundation.org 2011-07-27T01:30:20Z urn:sha1:e371d46ae45488bcb112a99a7de462e9e3aa6764 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: merge fchmod() and fchmodat() guts, kill ancient broken kludge xfs: fix misspelled S_IS...() xfs: get rid of open-coded S_ISREG(), etc. vfs: document locking requirements for d_move, __d_move and d_materialise_unique omfs: fix (mode & S_IFDIR) abuse btrfs: S_ISREG(mode) is not mode & S_IFREG... ima: fmode_t misspelled as mode_t... pci-label.c: size_t misspelled as mode_t jffs2: S_ISLNK(mode & S_IFMT) is pointless snd_msnd ->mode is fmode_t, not mode_t v9fs_iop_get_acl: get rid of unused variable vfs: dont chain pipe/anon/socket on superblock s_inodes list Documentation: Exporting: update description of d_splice_alias fs: add missing unlock in default_llseek() 2011-07-26T23:49:47Z Arun Sharma asharma@fb.com 2011-07-26T23:09:06Z urn:sha1:60063497a95e716c9a689af3be2687d261f115b4 This allows us to move duplicated code in <asm/atomic.h> (atomic_inc_not_zero() for now) to <linux/atomic.h> Signed-off-by: Arun Sharma <asharma@fb.com> Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: David Miller <davem@davemloft.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-07-26T17:04:32Z Al Viro viro@zeniv.linux.org.uk 2011-07-26T08:30:35Z urn:sha1:4b2a2c67415f1ab128f1d0b340fe6d13363335e5 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2011-07-25T20:56:39Z Linus Torvalds torvalds@linux-foundation.org 2011-07-25T20:56:39Z urn:sha1:d3ec4844d449cf7af9e749f73ba2052fb7b72fc2 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (43 commits) fs: Merge split strings treewide: fix potentially dangerous trailing ';' in #defined values/expressions uwb: Fix misspelling of neighbourhood in comment net, netfilter: Remove redundant goto in ebt_ulog_packet trivial: don't touch files that are removed in the staging tree lib/vsprintf: replace link to Draft by final RFC number doc: Kconfig: `to be' -> `be' doc: Kconfig: Typo: square -> squared doc: Konfig: Documentation/power/{pm => apm-acpi}.txt drivers/net: static should be at beginning of declaration drivers/media: static should be at beginning of declaration drivers/i2c: static should be at beginning of declaration XTENSA: static should be at beginning of declaration SH: static should be at beginning of declaration MIPS: static should be at beginning of declaration ARM: static should be at beginning of declaration rcu: treewide: Do not use rcu_read_lock_held when calling rcu_dereference_check Update my e-mail address PCIe ASPM: forcedly -> forcibly gma500: push through device driver tree ... Fix up trivial conflicts: - arch/arm/mach-ep93xx/dma-m2p.c (deleted) - drivers/gpio/gpio-ep93xx.c (renamed and context nearby) - drivers/net/r8169.c (just context changes) 2011-07-24T14:08:32Z Tim Chen tim.c.chen@linux.intel.com 2011-07-19T16:32:38Z urn:sha1:423e0ab086ad8b33626e45fa94ac7613146b7ffa For a number of file systems that don't have a mount point (e.g. sockfs and pipefs), they are not marked as long term. Therefore in mntput_no_expire, all locks in vfs_mount lock are taken instead of just local cpu's lock to aggregate reference counts when we release reference to file objects. In fact, only local lock need to have been taken to update ref counts as these file systems are in no danger of going away until we are ready to unregister them. The attached patch marks file systems using kern_mount without mount point as long term. The contentions of vfs_mount lock is now eliminated. Before un-registering such file system, kern_unmount should be called to remove the long term flag and make the mount point ready to be freed. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2011-07-23T02:02:39Z Linus Torvalds torvalds@linux-foundation.org 2011-07-23T02:02:39Z urn:sha1:bbd9d6f7fbb0305c9a592bf05a32e87eb364a4ff * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (107 commits) vfs: use ERR_CAST for err-ptr tossing in lookup_instantiate_filp isofs: Remove global fs lock jffs2: fix IN_DELETE_SELF on overwriting rename() killing a directory fix IN_DELETE_SELF on overwriting rename() on ramfs et.al. mm/truncate.c: fix build for CONFIG_BLOCK not enabled fs:update the NOTE of the file_operations structure Remove dead code in dget_parent() AFS: Fix silly characters in a comment switch d_add_ci() to d_splice_alias() in "found negative" case as well simplify gfs2_lookup() jfs_lookup(): don't bother with . or .. get rid of useless dget_parent() in btrfs rename() and link() get rid of useless dget_parent() in fs/btrfs/ioctl.c fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers drivers: fix up various ->llseek() implementations fs: handle SEEK_HOLE/SEEK_DATA properly in all fs's that define their own llseek Ext4: handle SEEK_HOLE/SEEK_DATA generically Btrfs: implement our own ->llseek fs: add SEEK_HOLE and SEEK_DATA flags reiserfs: make reiserfs default to barrier=flush ... Fix up trivial conflicts in fs/xfs/linux-2.6/xfs_super.c due to the new shrinker callout for the inode cache, that clashed with the xfs code to start the periodic workers later.