Commit Graph

31305 Commits

Author SHA1 Message Date
Catherine Zhang
877ce7c1b3 [AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.

Patch purpose:

This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket.  The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.

Patch design and implementation:

The design and implementation is very similar to the UDP case for INET
sockets.  Basically we build upon the existing Unix domain socket API for
retrieving user credentials.  Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).  To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt.  Then the application
retrieves the security context using the auxiliary data mechanism.

An example server application for Unix datagram socket should look like this:

toggle = 1;
toggle_len = sizeof(toggle);

setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
    cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
    if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
        cmsg_hdr->cmsg_level == SOL_SOCKET &&
        cmsg_hdr->cmsg_type == SCM_SECURITY) {
        memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
    }
}

sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.

Testing:

We have tested the patch by setting up Unix datagram client and server
applications.  We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.

Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:58:06 -07:00
Herbert Xu
d6b4991ad5 [NET]: Fix logical error in skb_gso_ok
The test in skb_gso_ok is backwards.  Noticed by Michael Chan
<mchan@broadcom.com>.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:58:04 -07:00
Shuya MAEDA
4ee303dfea [PKT_SCHED]: PSCHED_TADD() and PSCHED_TADD2() can result,tv_usec >= 1000000
Signed-off-by: Shuya MAEDA <maeda-sxb@necst.nec.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:58:01 -07:00
Herbert Xu
3d3a853379 [NET]: Make illegal_highdma more anal
Rather than having illegal_highdma as a macro when HIGHMEM is off, we
can turn it into an inline function that returns zero.  This will catch
callers that give it bad arguments.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:59 -07:00
Sridhar Samudrala
47da8ee681 [TCP]: Export accept queue len of a TCP listening socket via rx_queue
While debugging a TCP server hang issue, we noticed that currently there is
no way for a user to get the acceptq backlog value for a TCP listen socket.

All the standard networking utilities that display socket info like netstat,
ss and /proc/net/tcp have 2 fields called rx_queue and tx_queue. These
fields do not mean much for listening sockets. This patch uses one of these
unused fields(rx_queue) to export the accept queue len for listening sockets.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:57 -07:00
Darrel Goeddel
c7bdb545d2 [NETLINK]: Encapsulate eff_cap usage within security framework.
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within
the security framework by extending security_netlink_recv to include a required
capability parameter and converting all direct usage of eff_caps outside
of the lsm modules to use the interface.  It also updates the SELinux
implementation of the security_netlink_send and security_netlink_recv
hooks to take advantage of the sid in the netlink_skb_params struct.
This also enables SELinux to perform auditing of netlink capability checks.
Please apply, for 2.6.18 if possible.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by:  James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:55 -07:00
Herbert Xu
576a30eb64 [NET]: Added GSO header verification
When GSO packets come from an untrusted source (e.g., a Xen guest domain),
we need to verify the header integrity before passing it to the hardware.

Since the first step in GSO is to verify the header, we can reuse that
code by adding a new bit to gso_type: SKB_GSO_DODGY.  Packets with this
bit set can only be fed directly to devices with the corresponding bit
NETIF_F_GSO_ROBUST.  If the device doesn't have that bit, then the skb
is fed to the GSO engine which will allow the packet to be sent to the
hardware if it passes the header check.

This patch changes the sg flag to a full features flag.  The same method
can be used to implement TSO ECN support.  We simply have to mark packets
with CWR set with SKB_GSO_ECN so that only hardware with a corresponding
NETIF_F_TSO_ECN can accept them.  The GSO engine can either fully segment
the packet, or segment the first MTU and pass the rest to the hardware for
further segmentation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:53 -07:00
Patrick McHardy
68c1692e3e [NETFILTER]: statistic match: add missing Kconfig help text
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:50 -07:00
Patrick McHardy
ef47c6a7b8 [NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev disappears
When a device that is acting as a bridge port is unregistered, the
ip_queue/nfnetlink_queue notifier doesn't check if its one of
physindev/physoutdev and doesn't release the references if it is.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:48 -07:00
Jorge Matias
1c7e47726a [NETFILTER]: xt_sctp: fix --chunk-types matching
xt_sctp uses an incorrect header offset when --chunk-types is used.

Signed-off-by: Jorge Matias <jorge.matias@motorola.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:46 -07:00
Yuri Gushin
9abdcf6b6c [NETFILTER]: xt_tcpudp: fix double unregistration in error path
"xt_unregister_match(AF_INET, &tcp_matchstruct)" is called twice,
leaving "udp_matchstruct" registered, in case of a failure in the
registration of the udp6 structure.

Signed-off-by: Yuri Gushin <yuri@ecl-labs.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:44 -07:00
Yasuyuki Kozakai
40a839fdbd [NETFILTER]: nf_conntrack: Fix undefined references to local_bh_*
CC      net/netfilter/nf_conntrack_proto_sctp.o
net/netfilter/nf_conntrack_proto_sctp.c: In function `sctp_print_conntrack':
net/netfilter/nf_conntrack_proto_sctp.c:206: warning: implicit declaration of function `local_bh_disable'
net/netfilter/nf_conntrack_proto_sctp.c:208: warning: implicit declaration of function `local_bh_enable'
  CC      net/netfilter/nf_conntrack_netlink.o
net/netfilter/nf_conntrack_netlink.c: In function `ctnetlink_dump_table':
net/netfilter/nf_conntrack_netlink.c:429: warning: implicit declaration of function `local_bh_disable'
net/netfilter/nf_conntrack_netlink.c:452: warning: implicit declaration of function `local_bh_enable'

Spotted by Toralf Förster

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:42 -07:00
Patrick McHardy
da298d3a4f [NETFILTER]: x_tables: fix xt_register_table error propagation
When xt_register_table fails the error is not properly propagated back.
Based on patch by Lepton Wu <ytht.net@gmail.com>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:57:40 -07:00
Milan Svoboda
bf7e851108 [PATCH] usb gadget: fixup pxa2xx_udc to include asm/arch/udc.h again
This fixes pxa2xx_udc.c to include asm/arch/udc.h again to fix current
build breakage.

Signed-off-by: Milan Svoboda <msvoboda@ra.rockwell.com>
[ forwarded by David Brownell <david-b@pacbell.net> ]
[ fixed to apply properly by Linus ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-29 14:27:22 -07:00
Linus Torvalds
602cada851 Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6: (22 commits)
  [PATCH] devfs: Remove it from the feature_removal.txt file
  [PATCH] devfs: Last little devfs cleanups throughout the kernel tree.
  [PATCH] devfs: Rename TTY_DRIVER_NO_DEVFS to TTY_DRIVER_DYNAMIC_DEV
  [PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer needed
  [PATCH] devfs: Remove the line_driver devfs_name field as it's no longer needed
  [PATCH] devfs: Remove the videodevice devfs_name field as it's no longer needed
  [PATCH] devfs: Remove the gendisk devfs_name field as it's no longer needed
  [PATCH] devfs: Remove the miscdevice devfs_name field as it's no longer needed
  [PATCH] devfs: Remove the devfs_fs_kernel.h file from the tree
  [PATCH] devfs: Remove devfs_remove() function from the kernel tree
  [PATCH] devfs: Remove devfs_mk_cdev() function from the kernel tree
  [PATCH] devfs: Remove devfs_mk_bdev() function from the kernel tree
  [PATCH] devfs: Remove devfs_mk_symlink() function from the kernel tree
  [PATCH] devfs: Remove devfs_mk_dir() function from the kernel tree
  [PATCH] devfs: Remove devfs_*_tape() functions from the kernel tree
  [PATCH] devfs: Remove devfs support from the sound subsystem
  [PATCH] devfs: Remove devfs support from the ide subsystem.
  [PATCH] devfs: Remove devfs support from the serial subsystem
  [PATCH] devfs: Remove devfs from the init code
  [PATCH] devfs: Remove devfs from the partition code
  ...
2006-06-29 14:19:21 -07:00
Linus Torvalds
82991c6f2c Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart
* master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart:
  [AGPGART] Make AGP depend on PCI
  [AGPGART] remove unused variable
  [AGPGART] Fix pci_register_driver checking in amd64-agp
  [AGPGART] Compile fix for ati-agp
  [AGPGART] Suspend/Resume support for nVidia nForce AGP.
  [AGPGART] Suspend/Resume improvements for ATI AGP
  [AGPGART] Whitespace cleanups for ati-agp
2006-06-29 13:49:29 -07:00
Linus Torvalds
8d231c11fd Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (33 commits)
  [MIPS] Add missing backslashes to macro definitions.
  [MIPS] Death list of board support to be removed after 2.6.18.
  [MIPS] Remove BSD and Sys V compat data types.
  [MIPS] ioc3.h: Uses u8, so include <linux/types.h>.
  [MIPS] 74K: Assume it will also have an AR bit in config7
  [MIPS] Treat CPUs with AR bit as physically indexed.
  [MIPS] Oprofile: Support VSMP on 34K.
  [MIPS] MIPS32/MIPS64 S-cache fix and cleanup
  [MIPS] excite: PCI makefile needs to use += if it wants a chance to work.
  [MIPS] excite: plat_setup -> plat_mem_setup.
  [MIPS] au1xxx: export dbdma functions
  [MIPS] au1xxx: dbdma, no sleeping under spin_lock
  [MIPS] au1xxx: fix PSC_SMBTXRX_RSR.
  [MIPS] Early printk for IP27.
  [MIPS] Fix handling of 0 length I & D caches.
  [MIPS] Typo fixes.
  [MIPS] MIPS32/MIPS64 secondary cache management
  [MIPS] Fix FIXADDR_TOP for TX39/TX49.
  [MIPS] Remove first timer interrupt setup in wrppmc_timer_setup()
  [MIPS] Fix configuration of R2 CPU features and multithreading.
  ...
2006-06-29 13:44:45 -07:00
Ralf Baechle
8db089c6b5 [MIPS] Add missing backslashes to macro definitions.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:55 +01:00
Ralf Baechle
127fe6af38 [MIPS] Death list of board support to be removed after 2.6.18.
As usual fixes would be prefered.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
fc103349bb [MIPS] Remove BSD and Sys V compat data types.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
89e22d1591 [MIPS] ioc3.h: Uses u8, so include <linux/types.h>.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
2e78ae3f48 [MIPS] 74K: Assume it will also have an AR bit in config7
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
beab375a48 [MIPS] Treat CPUs with AR bit as physically indexed.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
92c7b62fd1 [MIPS] Oprofile: Support VSMP on 34K.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Atsushi Nemoto
a2c2bc4b26 [MIPS] MIPS32/MIPS64 S-cache fix and cleanup
Use blast_scache_range, blast_inv_scache_range for mips32/mips64 scache
routine.  Also initialize waybit for MIPS32/MIPS64 S-cache.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
86165879a2 [MIPS] excite: PCI makefile needs to use += if it wants a chance to work.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Ralf Baechle
ec52d7bff0 [MIPS] excite: plat_setup -> plat_mem_setup.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:54 +01:00
Domen Puncer
3e2c6ef3c6 [MIPS] au1xxx: export dbdma functions
These are needed for au1550_ac97 module.

Signed-off-by: Domen Puncer <domen.puncer@ultra.si>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:53 +01:00
Domen Puncer
c06138941c [MIPS] au1xxx: dbdma, no sleeping under spin_lock
kmalloc under spin_lock can't sleep.

Signed-off-by: Domen Puncer <domen.puncer@ultra.si>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:53 +01:00
Domen Puncer
38e9156147 [MIPS] au1xxx: fix PSC_SMBTXRX_RSR.
Signed-off-by: Domen Puncer <domen.puncer@ultra.si>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:53 +01:00
Ralf Baechle
a3d4539186 [MIPS] Early printk for IP27.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:53 +01:00
Chris Dearman
73f403527b [MIPS] Fix handling of 0 length I & D caches.
Don't ask.

Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:53 +01:00
Chris Dearman
c09b47d8a9 [MIPS] Typo fixes.
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:52 +01:00
Chris Dearman
9318c51acd [MIPS] MIPS32/MIPS64 secondary cache management
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:52 +01:00
Atsushi Nemoto
f7a849153b [MIPS] Fix FIXADDR_TOP for TX39/TX49.
FIXADDR_TOP is used for HIGHMEM and for upper limit of vmalloc area on
32bit kernel.  TX39XX and TX49XX have "reserved" segment in CKSEG3
area.  0xff000000-0xff3fffff on TX49XX and 0xff000000-0xfffeffff on
TX39XX are reserved (unmapped, uncached) therefore can not be used as
mapped area.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:52 +01:00
Yoichi Yuasa
6feb6efaec [MIPS] Remove first timer interrupt setup in wrppmc_timer_setup()
The first timer interrupt setup already happens in time_init().

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:52 +01:00
Ralf Baechle
f41ae0b2b9 [MIPS] Fix configuration of R2 CPU features and multithreading.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:51 +01:00
Ralf Baechle
e73ea273ef [MIPS] Fix build error: don't offer SMP on systems that don't have SMP.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:51 +01:00
Ralf Baechle
a620dbe378 [MIPS] Limit MIPS_MT to MIPS32R2 only.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:51 +01:00
Yoichi Yuasa
08aecfb9ea [MIPS] Remove set_c0_status(ST0_IM) from wrppmc's irq.c.
mips_cpu_irq_init() does clear_c0_status(ST0_IM) first, so
set_c0_status(ST0_IM) isn't necessary.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:51 +01:00
Yoichi Yuasa
1500b9a0f4 [MIPS] Remove unused system type name for DDB5074 and DDB5476.
This patch removes unused system type name.
DDB5074 and DDB5476 were already removed.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:50 +01:00
Ralf Baechle
7ae7cdab97 elf-em.h: Define and explain both EM_MIPS_RS3_LE and EM_MIPS_RS4_BE.
They have been obsoleted by the ELF header EI_CLASS and EI_DATA fields
in combination with e_flags.  Afaics EM_MIPS_RS3_LE and EM_MIPS_RS4_BE
never had any practical relevance.  Binutils will not produce such
binaries and the kernel will not accept them as MIPS binaries.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:50 +01:00
Yoichi Yuasa
0ef831b1ff [MIPS] Removes unused functions for GT64120
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:49 +01:00
Ralf Baechle
4277ff5ee5 [MIPS] Fix use of ehb instruction for non-R2 configurations.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:49 +01:00
Ralf Baechle
b4ab24e1c8 [MIPS] Define ARCH_HAS_IRQ_PER_CPU for all SMP systems.
Without SMTC on non-Malta will blow up.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:48 +01:00
Ralf Baechle
14cd801501 [MIPS] Consistent formatting for Qemu makefile segment. 2006-06-29 21:10:47 +01:00
Ralf Baechle
136d47d3e1 [MIPS] Wire up tee(2).
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:47 +01:00
Ralf Baechle
10edd8b9d5 Remove au1x00_uart from feature-removal-schedule.txt.
The driver has been removed a while ago already.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:46 +01:00
Ralf Baechle
6adb5fe702 [MIPS] Only register RAM as resources if UNCAC_BASE != IO_BASE.
This fixes a resource collision of RAM and I/O memory on systems that
use the physical address space multiple times.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:34 +01:00
Mark.Zhan
9247857f5a [MIPS] Fix the build error of Wind River PPMC board, rewrite irq code to C
o Fix the build error Wind River PPMC board caused by the change of
   plat_setup hook interface.
 o Rewrite first level interrupt dispatch code to C.

Signed-off-by: Rongkai.Zhan <rongkai.zhan@windriver.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-06-29 21:10:34 +01:00