While they were all just simple blobs it made sense to just free them
as we walked through and logged them. Now that there are pointers to
other objects which need refcounting, we might as well revert to
_only_ logging them in audit_log_exit(), and put the code to free them
properly in only one place -- in audit_free_aux().
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
----------------------------------------------------------
Per Steve Grubb's observation that there are some remaining cases where
avc_audit() directly logs untrusted strings without escaping them, here
is a patch that changes avc_audit() to use audit_log_untrustedstring()
or audit_log_hex() as appropriate. Note that d_name.name is nul-
terminated by d_alloc(), and that sun_path is nul-terminated by
unix_mkname(), so it is not necessary for the AVC to create nul-
terminated copies or to alter audit_log_untrustedstring to take a length
argument. In the case of an abstract name, we use audit_log_hex() with
an explicit length.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
These changes make processing of audit logs easier. Based on a patch
from Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Move audit_serial() into audit.c and use it to generate serial numbers
on messages even when there is no audit context from syscall auditing.
This allows us to disambiguate audit records when more than one is
generated in the same millisecond.
Based on a patch by Steve Grubb after he observed the problem.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
When I added the logging of pid= and comm= back to avc_audit() I
screwed it up. Put it back how it should be.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The attached patch changes all occurrences of loginuid to auid. It also
changes everything to %u that is an unsigned type.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The original AVC_USER message wasn't consolidated with the new range of
user messages. The attached patch fixes the kernel so the old messages
work again.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This patch changes the SELinux AVC to defer logging of paths to the audit
framework upon syscall exit, by saving a reference to the (dentry,vfsmount)
pair in an auxiliary audit item on the current audit context for processing
by audit_log_exit.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The limit on the number of outstanding audit messages was inadvertently
removed with the switch to queuing skbs directly for sending by a kernel
thread. Put it back again.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
We turned this all off because the 'exe=' was causing deadlocks on
dcache_lock. There's no need to leave the pid and comm out though.
They'll all be logged correctly if full auditing is enabled, but we
should still print them in case auditing _isn't_ enabled.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
netlink_unicast() will attempt to reallocate and will free messages if
the socket's rcvbuf limit is reached unless we give it an infinite
timeout. So do that, from a kernel thread which is dedicated to spewing
stuff up the netlink socket.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* If vsnprintf returns -1, it will mess up the sk buffer space accounting.
This is fixed by not calling skb_put with bogus len values.
* audit_log_hex was a loop that called audit_log_vformat with %02X for each
character. This is very inefficient since conversion from unsigned character
to Ascii representation is essentially masking, shifting, and byte lookups.
Also, the length of the converted string is well known - it's twice the
original. Fixed by rewriting the function.
* audit_log_untrustedstring had no comments. This makes it hard for
someone to understand what the string format will be.
* audit_log_d_path was never fixed to use untrustedstring. This could mess
up user space parsers. This was fixed to make a temp buffer, call d_path,
and log temp buffer using untrustedstring.
From: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Avoid console spam with ext3 aborted journal.
ext3 usually reports error conditions that it detects in its environment.
But when its journal gets aborted due to such errors, it can sometimes
continue to report that condition forever, spamming the console to such
an extent that the initial first cause of the journal abort can be lost.
When the journal aborts, we put the filesystem into readonly mode. Most
subsequent filesystem operations will get rejected immediately by checks
for MS_RDONLY either in the filesystem or in the VFS. But some paths do
not have such checks --- for example, if we continue to write to a file
handle that was opened before the fs went readonly. (We only check for
the ROFS condition when the file is first opened.) In these cases, we
can continue to generate log errors similar to
EXT3-fs error (device $DEV) in start_transaction: Journal has aborted
for each subsequent write.
There is really no point in generating these errors after the initial
error has been fully reported. Specifically, if we're starting a
completely new filesystem operation, and the filesystem is *already*
readonly (ie. the ext3 layer has already detected and handled the
underlying jbd abort), and we see an EROFS error, then there is simply
no point in reporting it again.
Signed-off-by: Stephen Tweedie <sct@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Don't pass meaningless file handles to block device ioctls.
The recent raw IO ioctl-passthrough fix started passing the raw file
handle into the block device ioctl handler. That's unlikely to be
useful, as the file handle is actually open on a character-mode raw
device, not a block device, so dereferencing it is not going to yield
useful results to a block device ioctl handler.
Previously we just passed NULL; also not a value that can usefully
be dereferenced, but at least if it does happen, we'll oops instead of
silently pretending that the file is a block device, so NULL is the more
defensive option here. This patch reverts to that behaviour.
Noticed by Al Viro.
Signed-off-by: Stephen Tweedie <sct@redhat.com>
Acked-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It's silly to have to add explicit entries for new userspace messages
as we invent them. Just treat all messages in the user range the same.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The driver model has a "detach_state" mechanism that:
- Has never been used by any in-kernel drive;
- Is superfluous, since driver remove() methods can do the same thing;
- Became buggy when the suspend() parameter changed semantics and type;
- Could self-deadlock when called from certain suspend contexts;
- Is effectively wasted documentation, object code, and headspace.
This removes that "detach_state" mechanism; net code shrink, as well
as a per-device saving in the driver model and sysfs.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch includes various tweaks in the messaging that appears during
system pm state transitions:
* Warn about certain illegal calls in the device tree, like resuming
child before parent or suspending parent before child. This could
happen easily enough through sysfs, or in some cases when drivers
use device_pm_set_parent().
* Be more consistent about dev_dbg() tracing ... do it for resume() and
shutdown() too, and never if the driver doesn't have that method.
* Say which type of system sleep state is being entered.
Except for the warnings, these only affect debug messaging.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If my CPCI hotplug update patch is applied, then there are no longer any
in tree users of the pci_visit_dev API, and it and its related code can be
removed.
Signed-off-by: Scott Murray <scottm@somanetworks.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] CPCI: update
I have finally done some work to update the CompactPCI hotplug driver to
fix some of the outstanding issues in 2.6:
- Added adapter and latch status ops so that those files will get created
by the current PCI hotplug core. This used to not be required, but
seems to be now after some of the sysfs rework in the core.
- Replaced slot list spinlock with a r/w semaphore to avoid any potential
issues with sleeping. This quiets all of the runtime warnings.
- Reworked interrupt driven hot extraction handling to remove need for a
polling operator for ENUM# status. There are a lot of boards that only
have an interrupt driven by ENUM#, so this lowers the bar to entry.
- Replaced pci_visit_dev usage with better use of the PCI core functions.
The new code is functionally equivalent to the previous code, but the
use of pci_enable_device on insert needs to be investigated further, as
I need to do some more testing to see if it is still necessary.
Signed-off-by: Scott Murray <scottm@somanetworks.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Here is the updated patch to get pciehp driver to work for downstream
port of a switch and handle the difference in the offset value of PCI
Express capability list item of different ports.
Signed-off-by: Dely Sy <dely.l.sy@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Here is a patch to fix the problem of echoing 1 to "power" file
to enabled slot causing the slot to power down, and echoing 0
to disabled slot causing shpchp_disabled_slot() to be called
twice. This problem was reported by kenji Kaneshige.
Thanks,
Dely
Signed-off-by: Dely Sy <dely.l.sy@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The GET_INDEX() macro should use just the low three bits of the devfn,
otherwise we have a memory scribble in pcie_rootport_aspm_quirk that
overwrites ptype_all
Fix it to be more careful about its arguments while at it.
Acked by Dely Sy <dely.l.sy@intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We need to call parse_early_param() early on to allow usage of
early_param() for command line parsing.
Signed-off-by: Kumar Gala <kumar.gala@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
- remove enable_ci, ci interface is assumed to be present if the saa7113
is not found.
- reduce the delay when checking for saa7113
- clean up the cam reset according to specifications
- turn off Vcc to the cam slot if cam is removed or fails reset
- remove cam reset in ciintf_init
- clean up printks (KERN_)
- move gpio setting into saa7113_init
- clean up unreadable frontend_init
(Kenneth Aafloy)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fix a bug in the module parameter (Dominique Dumont)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fix for descrambling failure (Dominique Dumont, Manu Abraham)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fixed a tuning problem for cards based on the old firmware (Steffen Motzer,
Manu Abraham)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
add support for the old Twinhan 200103A card (Steffen Motzer)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
- reorganize Twinhan DST driver to support CI
- add support for more cards
(Manu Abraham)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Modified dvb_register_adapter() to avoid kmalloc/kfree. Drivers have to embed
struct dvb_adapter into their private data struct from now on. (Andreas
Oberritter)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
misc. minor cleanups, select FW_LOADER and add a help text to DVB_OR51132
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
- make needlessly global code static
- #if 0 the following unused global functions:
- ttpci/av7110_hw.c: av7110_reset_arm
- ttpci/av7110_hw.c: av7110_send_ci_cmd
- frontends/mt352.[ch]: drop mt352_read
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
added support for different tda10046 firmware versions. tested with v20, v21
and v25. (Andreas Oberritter)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
allow N_I2C to be overridden by the card driver (Andreas Oberritter)
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>