summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [AF_UNIX]: Datagram getpeersecCatherine Zhang2006-06-3026-3/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the auxiliary data mechanism of recvmsg. Patch purpose: This patch enables a security-aware application to retrieve the security context of the peer of a Unix datagram socket. The application can then use this security context to determine the security context for processing on behalf of the peer who sent the packet. Patch design and implementation: The design and implementation is very similar to the UDP case for INET sockets. Basically we build upon the existing Unix domain socket API for retrieving user credentials. Linux offers the API for obtaining user credentials via ancillary messages (i.e., out of band/control messages that are bundled together with a normal message). To retrieve the security context, the application first indicates to the kernel such desire by setting the SO_PASSSEC option via getsockopt. Then the application retrieves the security context using the auxiliary data mechanism. An example server application for Unix datagram socket should look like this: toggle = 1; toggle_len = sizeof(toggle); setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len); recvmsg(sockfd, &msg_hdr, 0); if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) { cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr); if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) && cmsg_hdr->cmsg_level == SOL_SOCKET && cmsg_hdr->cmsg_type == SCM_SECURITY) { memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext)); } } sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow a server socket to receive security context of the peer. Testing: We have tested the patch by setting up Unix datagram client and server applications. We verified that the server can retrieve the security context using the auxiliary data mechanism of recvmsg. Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com> Acked-by: Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix logical error in skb_gso_okHerbert Xu2006-06-301-2/+2
| | | | | | | | | The test in skb_gso_ok is backwards. Noticed by Michael Chan <mchan@broadcom.com>. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED]: PSCHED_TADD() and PSCHED_TADD2() can result,tv_usec >= 1000000Shuya MAEDA2006-06-301-6/+12
| | | | | Signed-off-by: Shuya MAEDA <maeda-sxb@necst.nec.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Make illegal_highdma more analHerbert Xu2006-06-301-4/+2
| | | | | | | | | Rather than having illegal_highdma as a macro when HIGHMEM is off, we can turn it into an inline function that returns zero. This will catch callers that give it bad arguments. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Export accept queue len of a TCP listening socket via rx_queueSridhar Samudrala2006-06-303-3/+8
| | | | | | | | | | | | | While debugging a TCP server hang issue, we noticed that currently there is no way for a user to get the acceptq backlog value for a TCP listen socket. All the standard networking utilities that display socket info like netstat, ss and /proc/net/tcp have 2 fields called rx_queue and tx_queue. These fields do not mean much for listening sockets. This patch uses one of these unused fields(rx_queue) to export the accept queue len for listening sockets. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Encapsulate eff_cap usage within security framework.Darrel Goeddel2006-06-3012-34/+35
| | | | | | | | | | | | | | | | This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Added GSO header verificationHerbert Xu2006-06-3010-27/+59
| | | | | | | | | | | | | | | | | | | | | | When GSO packets come from an untrusted source (e.g., a Xen guest domain), we need to verify the header integrity before passing it to the hardware. Since the first step in GSO is to verify the header, we can reuse that code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this bit set can only be fed directly to devices with the corresponding bit NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb is fed to the GSO engine which will allow the packet to be sent to the hardware if it passes the header check. This patch changes the sg flag to a full features flag. The same method can be used to implement TSO ECN support. We simply have to mark packets with CWR set with SKB_GSO_ECN so that only hardware with a corresponding NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment the packet, or segment the first MTU and pass the rest to the hardware for further segmentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: statistic match: add missing Kconfig help textPatrick McHardy2006-06-301-1/+4
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev ↵Patrick McHardy2006-06-302-4/+20
| | | | | | | | | | | disappears When a device that is acting as a bridge port is unregistered, the ip_queue/nfnetlink_queue notifier doesn't check if its one of physindev/physoutdev and doesn't release the references if it is. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: xt_sctp: fix --chunk-types matchingJorge Matias2006-06-301-1/+1
| | | | | | | | xt_sctp uses an incorrect header offset when --chunk-types is used. Signed-off-by: Jorge Matias <jorge.matias@motorola.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: xt_tcpudp: fix double unregistration in error pathYuri Gushin2006-06-301-1/+1
| | | | | | | | | | "xt_unregister_match(AF_INET, &tcp_matchstruct)" is called twice, leaving "udp_matchstruct" registered, in case of a failure in the registration of the udp6 structure. Signed-off-by: Yuri Gushin <yuri@ecl-labs.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: Fix undefined references to local_bh_*Yasuyuki Kozakai2006-06-302-0/+3
| | | | | | | | | | | | | | | | | CC net/netfilter/nf_conntrack_proto_sctp.o net/netfilter/nf_conntrack_proto_sctp.c: In function `sctp_print_conntrack': net/netfilter/nf_conntrack_proto_sctp.c:206: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_proto_sctp.c:208: warning: implicit declaration of function `local_bh_enable' CC net/netfilter/nf_conntrack_netlink.o net/netfilter/nf_conntrack_netlink.c: In function `ctnetlink_dump_table': net/netfilter/nf_conntrack_netlink.c:429: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_netlink.c:452: warning: implicit declaration of function `local_bh_enable' Spotted by Toralf Förster Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: fix xt_register_table error propagationPatrick McHardy2006-06-303-3/+6
| | | | | | | | When xt_register_table fails the error is not properly propagated back. Based on patch by Lepton Wu <ytht.net@gmail.com>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] usb gadget: fixup pxa2xx_udc to include asm/arch/udc.h againMilan Svoboda2006-06-291-1/+1
| | | | | | | | | | This fixes pxa2xx_udc.c to include asm/arch/udc.h again to fix current build breakage. Signed-off-by: Milan Svoboda <msvoboda@ra.rockwell.com> [ forwarded by David Brownell <david-b@pacbell.net> ] [ fixed to apply properly by Linus ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6Linus Torvalds2006-06-29197-8271/+96
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6: (22 commits) [PATCH] devfs: Remove it from the feature_removal.txt file [PATCH] devfs: Last little devfs cleanups throughout the kernel tree. [PATCH] devfs: Rename TTY_DRIVER_NO_DEVFS to TTY_DRIVER_DYNAMIC_DEV [PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer needed [PATCH] devfs: Remove the line_driver devfs_name field as it's no longer needed [PATCH] devfs: Remove the videodevice devfs_name field as it's no longer needed [PATCH] devfs: Remove the gendisk devfs_name field as it's no longer needed [PATCH] devfs: Remove the miscdevice devfs_name field as it's no longer needed [PATCH] devfs: Remove the devfs_fs_kernel.h file from the tree [PATCH] devfs: Remove devfs_remove() function from the kernel tree [PATCH] devfs: Remove devfs_mk_cdev() function from the kernel tree [PATCH] devfs: Remove devfs_mk_bdev() function from the kernel tree [PATCH] devfs: Remove devfs_mk_symlink() function from the kernel tree [PATCH] devfs: Remove devfs_mk_dir() function from the kernel tree [PATCH] devfs: Remove devfs_*_tape() functions from the kernel tree [PATCH] devfs: Remove devfs support from the sound subsystem [PATCH] devfs: Remove devfs support from the ide subsystem. [PATCH] devfs: Remove devfs support from the serial subsystem [PATCH] devfs: Remove devfs from the init code [PATCH] devfs: Remove devfs from the partition code ...
| * [PATCH] devfs: Remove it from the feature_removal.txt fileGreg Kroah-Hartman2006-06-261-11/+0
| | | | | | | | | | | | | | | | This file was created due to the issue regarding how to notify people that devfs was going to be removed. Finally remove the entry as it has served its purpose. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Last little devfs cleanups throughout the kernel tree.Greg Kroah-Hartman2006-06-2610-52/+18
| | | | | | | | | | | | | | Just removes a few unused #defines and fixes some comments due to devfs now being gone. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Rename TTY_DRIVER_NO_DEVFS to TTY_DRIVER_DYNAMIC_DEVGreg Kroah-Hartman2006-06-2618-25/+32
| | | | | | | | | | | | | | | | | | | | I've always found this flag confusing. Now that devfs is no longer around, it has been renamed, and the documentation for when this flag should be used has been updated. Also fixes all drivers that use this flag. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer neededGreg Kroah-Hartman2006-06-2632-42/+5
| | | | | | | | | | | | Also fixes all drivers that set this field. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the line_driver devfs_name field as it's no longer neededGreg Kroah-Hartman2006-06-264-4/+0
| | | | | | | | | | | | Also fixes all drivers that set this field. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the videodevice devfs_name field as it's no longer neededGreg Kroah-Hartman2006-06-262-3/+1
| | | | | | | | | | | | Also fixes all drivers that set this field. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the gendisk devfs_name field as it's no longer neededGreg Kroah-Hartman2006-06-2629-47/+5
| | | | | | | | | | | | | | And remove the now unneeded number field. Also fixes all drivers that set these fields. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the miscdevice devfs_name field as it's no longer neededGreg Kroah-Hartman2006-06-2611-14/+0
| | | | | | | | | | | | Also fixes all drivers that set this field. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove the devfs_fs_kernel.h file from the treeGreg Kroah-Hartman2006-06-2670-83/+0
| | | | | | | | | | | | Also fixes up all files that #include it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_remove() function from the kernel treeGreg Kroah-Hartman2006-06-2647-161/+9
| | | | | | | | | | | | Removes the devfs_remove() function and all callers of it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_mk_cdev() function from the kernel treeGreg Kroah-Hartman2006-06-2635-202/+8
| | | | | | | | | | | | Removes the devfs_mk_cdev() function and all callers of it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_mk_bdev() function from the kernel treeGreg Kroah-Hartman2006-06-265-54/+0
| | | | | | | | | | | | Removes the devfs_mk_bdev() function and all callers of it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_mk_symlink() function from the kernel treeGreg Kroah-Hartman2006-06-262-11/+0
| | | | | | | | | | | | Removes the devfs_mk_symlink() function and all callers of it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_mk_dir() function from the kernel treeGreg Kroah-Hartman2006-06-2633-55/+1
| | | | | | | | | | | | Removes the devfs_mk_dir() function and all callers of it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs_*_tape() functions from the kernel treeGreg Kroah-Hartman2006-06-262-10/+0
| | | | | | | | | | | | | | Removes the devfs_register_tape() and devfs_unregister_tape() functions and all callers of them. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs support from the sound subsystemGreg Kroah-Hartman2006-06-264-45/+2
| | | | | | | | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs support from the ide subsystem.Greg Kroah-Hartman2006-06-267-38/+1
| | | | | | | | | | | | Also removes the ide drive devfs_name field as it's no longer needed Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs support from the serial subsystemGreg Kroah-Hartman2006-06-2624-34/+1
| | | | | | | | | | | | Also fixes all serial drivers. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs from the init codeGreg Kroah-Hartman2006-06-268-172/+10
| | | | | | | | | | | | This patch removes the devfs code from the init/ directory. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs from the partition codeGreg Kroah-Hartman2006-06-264-162/+5
| | | | | | | | | | | | This patch removes the devfs code from the fs/partitions/ directory. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs documentation from the kernel treeGreg Kroah-Hartman2006-06-264-4041/+0
| | | | | | | | | | | | Removes the Documentaiton/filesystems/devfs/ directory Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] devfs: Remove devfs from the kernel treeGreg Kroah-Hartman2006-06-268-3007/+0
| | | | | | | | | | | | | | | | This is the first patch in a series of patches that removes devfs support from the kernel. This patch removes the core devfs code, and its private header file. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgartLinus Torvalds2006-06-294-17/+46
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart: [AGPGART] Make AGP depend on PCI [AGPGART] remove unused variable [AGPGART] Fix pci_register_driver checking in amd64-agp [AGPGART] Compile fix for ati-agp [AGPGART] Suspend/Resume support for nVidia nForce AGP. [AGPGART] Suspend/Resume improvements for ATI AGP [AGPGART] Whitespace cleanups for ati-agp
| * \ Merge ../linusDave Jones2006-06-295026-138028/+233217
| |\ \ | | | | | | | | | | | | | | | | | | | | Conflicts: drivers/char/agp/Kconfig
| * | | [AGPGART] Make AGP depend on PCIDave Jones2006-06-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes possible compile error in amd64 with pci=n pointed out by Adrian Bunk. Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] remove unused variableAdrian Bunk2006-06-241-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes an unused variable. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Fix pci_register_driver checking in amd64-agpDave Jones2006-06-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | pci_register_driver() never returns a positive number. Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Compile fix for ati-agpDave Jones2006-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Suspend/Resume support for nVidia nForce AGP.Dave Jones2006-06-201-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on a patch from the Ubuntu kernel. Signed-off-by: Ben Collins <bcollins@ubuntu.com> Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Suspend/Resume improvements for ATI AGPDave Jones2006-06-201-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on patches in the Ubuntu kernel. Signed-off-by: Ben Collins <bcollins@ubuntu.com> Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Whitespace cleanups for ati-agpDave Jones2006-06-201-9/+8
| | | | | | | | | | | | | | | | Signed-off-by: Dave Jones <davej@redhat.com>
* | | | Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds2006-06-2958-470/+572
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (33 commits) [MIPS] Add missing backslashes to macro definitions. [MIPS] Death list of board support to be removed after 2.6.18. [MIPS] Remove BSD and Sys V compat data types. [MIPS] ioc3.h: Uses u8, so include <linux/types.h>. [MIPS] 74K: Assume it will also have an AR bit in config7 [MIPS] Treat CPUs with AR bit as physically indexed. [MIPS] Oprofile: Support VSMP on 34K. [MIPS] MIPS32/MIPS64 S-cache fix and cleanup [MIPS] excite: PCI makefile needs to use += if it wants a chance to work. [MIPS] excite: plat_setup -> plat_mem_setup. [MIPS] au1xxx: export dbdma functions [MIPS] au1xxx: dbdma, no sleeping under spin_lock [MIPS] au1xxx: fix PSC_SMBTXRX_RSR. [MIPS] Early printk for IP27. [MIPS] Fix handling of 0 length I & D caches. [MIPS] Typo fixes. [MIPS] MIPS32/MIPS64 secondary cache management [MIPS] Fix FIXADDR_TOP for TX39/TX49. [MIPS] Remove first timer interrupt setup in wrppmc_timer_setup() [MIPS] Fix configuration of R2 CPU features and multithreading. ...
| * | | [MIPS] Add missing backslashes to macro definitions.Ralf Baechle2006-06-291-2/+2
| | | | | | | | | | | | | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | | [MIPS] Death list of board support to be removed after 2.6.18.Ralf Baechle2006-06-291-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | As usual fixes would be prefered. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | | [MIPS] Remove BSD and Sys V compat data types.Ralf Baechle2006-06-2912-47/+47
| | | | | | | | | | | | | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org>