1. 22 Jan, 2013 3 commits
    • Mimi Zohar's avatar
      ima: per hook cache integrity appraisal status · d79d72e0
      Mimi Zohar authored
      With the new IMA policy 'appraise_type=' option, different hooks
      can require different methods for appraising a file's integrity.
      
      For example, the existing 'ima_appraise_tcb' policy defines a
      generic rule, requiring all root files to be appraised, without
      specfying the appraisal method.  A more specific rule could require
      all kernel modules, for example, to be signed.
      
      appraise fowner=0 func=MODULE_CHECK appraise_type=imasig
      appraise fowner=0
      
      As a result, the integrity appraisal results for the same inode, but
      for different hooks, could differ.  This patch caches the integrity
      appraisal results on a per hook basis.
      
      Changelog v2:
      - Rename ima_cache_status() to ima_set_cache_status()
      - Rename and move get_appraise_status() to ima_get_cache_status()
      Changelog v0:
      - include IMA_APPRAISE/APPRAISED_SUBMASK in IMA_DO/DONE_MASK (Dmitry)
      - Support independent MODULE_CHECK appraise status.
      - fixed IMA_XXXX_APPRAISE/APPRAISED flags
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      d79d72e0
    • Mimi Zohar's avatar
      ima: increase iint flag size · f578c08e
      Mimi Zohar authored
      In preparation for hook specific appraise status results, increase
      the iint flags size.
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      f578c08e
    • Dmitry Kasatkin's avatar
      ima: added policy support for 'security.ima' type · 0e5a247c
      Dmitry Kasatkin authored
      The 'security.ima' extended attribute may contain either the file data's
      hash or a digital signature.  This patch adds support for requiring a
      specific extended attribute type.  It extends the IMA policy with a new
      keyword 'appraise_type=imasig'.  (Default is hash.)
      
      Changelog v2:
      - Fixed Documentation/ABI/testing/ima_policy option syntax
      Changelog v1:
      - Differentiate between 'required' vs. 'actual' extended attribute
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      0e5a247c
  2. 16 Jan, 2013 9 commits
  3. 07 Jan, 2013 1 commit
  4. 03 Jan, 2013 10 commits
  5. 02 Jan, 2013 8 commits
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 5439ca6b
      Linus Torvalds authored
      Pull ext4 bug fixes from Ted Ts'o:
       "Various bug fixes for ext4.  Perhaps the most serious bug fixed is one
        which could cause file system corruptions when performing file punch
        operations."
      
      * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: avoid hang when mounting non-journal filesystems with orphan list
        ext4: lock i_mutex when truncating orphan inodes
        ext4: do not try to write superblock on ro remount w/o journal
        ext4: include journal blocks in df overhead calcs
        ext4: remove unaligned AIO warning printk
        ext4: fix an incorrect comment about i_mutex
        ext4: fix deadlock in journal_unmap_buffer()
        ext4: split off ext4_journalled_invalidatepage()
        jbd2: fix assertion failure in jbd2_journal_flush()
        ext4: check dioread_nolock on remount
        ext4: fix extent tree corruption caused by hole punch
      5439ca6b
    • Hugh Dickins's avatar
      mempolicy: remove arg from mpol_parse_str, mpol_to_str · a7a88b23
      Hugh Dickins authored
      Remove the unused argument (formerly no_context) from mpol_parse_str()
      and from mpol_to_str().
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a7a88b23
    • Hugh Dickins's avatar
      tmpfs mempolicy: fix /proc/mounts corrupting memory · f2a07f40
      Hugh Dickins authored
      Recently I suggested using "mount -o remount,mpol=local /tmp" in NUMA
      mempolicy testing.  Very nasty.  Reading /proc/mounts, /proc/pid/mounts
      or /proc/pid/mountinfo may then corrupt one bit of kernel memory, often
      in a page table (causing "Bad swap" or "Bad page map" warning or "Bad
      pagetable" oops), sometimes in a vm_area_struct or rbnode or somewhere
      worse.  "mpol=prefer" and "mpol=prefer:Node" are equally toxic.
      
      Recent NUMA enhancements are not to blame: this dates back to 2.6.35,
      when commit e17f74af "mempolicy: don't call mpol_set_nodemask() when
      no_context" skipped mpol_parse_str()'s call to mpol_set_nodemask(),
      which used to initialize v.preferred_node, or set MPOL_F_LOCAL in flags.
      With slab poisoning, you can then rely on mpol_to_str() to set the bit
      for node 0x6b6b, probably in the next page above the caller's stack.
      
      mpol_parse_str() is only called from shmem_parse_options(): no_context
      is always true, so call it unused for now, and remove !no_context code.
      Set v.nodes or v.preferred_node or MPOL_F_LOCAL as mpol_to_str() might
      expect.  Then mpol_to_str() can ignore its no_context argument also,
      the mpol being appropriately initialized whether contextualized or not.
      Rename its no_context unused too, and let subsequent patch remove them
      (that's not needed for stable backporting, which would involve rejects).
      
      I don't understand why MPOL_LOCAL is described as a pseudo-policy:
      it's a reasonable policy which suffers from a confusing implementation
      in terms of MPOL_PREFERRED with MPOL_F_LOCAL.  I believe this would be
      much more robust if MPOL_LOCAL were recognized in switch statements
      throughout, MPOL_F_LOCAL deleted, and MPOL_PREFERRED use the (possibly
      empty) nodes mask like everyone else, instead of its preferred_node
      variant (I presume an optimization from the days before MPOL_LOCAL).
      But that would take me too long to get right and fully tested.
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f2a07f40
    • Eric Wong's avatar
      epoll: prevent missed events on EPOLL_CTL_MOD · 128dd175
      Eric Wong authored
      EPOLL_CTL_MOD sets the interest mask before calling f_op->poll() to
      ensure events are not missed.  Since the modifications to the interest
      mask are not protected by the same lock as ep_poll_callback, we need to
      ensure the change is visible to other CPUs calling ep_poll_callback.
      
      We also need to ensure f_op->poll() has an up-to-date view of past
      events which occured before we modified the interest mask.  So this
      barrier also pairs with the barrier in wq_has_sleeper().
      
      This should guarantee either ep_poll_callback or f_op->poll() (or both)
      will notice the readiness of a recently-ready/modified item.
      
      This issue was encountered by Andreas Voellmy and Junchang(Jason) Wang in:
      http://thread.gmane.org/gmane.linux.kernel/1408782/Signed-off-by: default avatarEric Wong <normalperson@yhbt.net>
      Cc: Hans Verkuil <hans.verkuil@cisco.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Davide Libenzi <davidel@xmailserver.org>
      Cc: Hans de Goede <hdegoede@redhat.com>
      Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
      Cc: David Miller <davem@davemloft.net>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andreas Voellmy <andreas.voellmy@yale.edu>
      Tested-by: default avatar"Junchang(Jason) Wang" <junchang.wang@yale.edu>
      Cc: netdev@vger.kernel.org
      Cc: linux-fsdevel@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      128dd175
    • Aaro Koskinen's avatar
      watchdog: twl4030_wdt: add DT support · 8899b8d9
      Aaro Koskinen authored
      Add DT support for twl4030_wdt. This is needed to get twl4030_wdt to
      probe when booting with DT.
      Signed-off-by: default avatarAaro Koskinen <aaro.koskinen@iki.fi>
      Signed-off-by: default avatarWim Van Sebroeck <wim@iguana.be>
      8899b8d9
    • Aaro Koskinen's avatar
      watchdog: omap_wdt: eliminate unused variable and a compiler warning · 412b3729
      Aaro Koskinen authored
      We forgot to delete this in the commit 4f4753d9 (watchdog: omap_wdt:
      convert to devm_ functions), and as a result the following compilation
      warning was introduced:
      
      drivers/watchdog/omap_wdt.c: In function 'omap_wdt_remove':
      drivers/watchdog/omap_wdt.c:299:19: warning: unused variable 'res' [-Wunused-variable]
      Signed-off-by: default avatarAaro Koskinen <aaro.koskinen@iki.fi>
      Reviewed-by: default avatarPaul Walmsley <paul@pwsan.com>
      Signed-off-by: default avatarWim Van Sebroeck <wim@iguana.be>
      412b3729
    • Axel Lin's avatar
      watchdog: da9055: Don't update wdt_dev->timeout in da9055_wdt_set_timeout error path · 98e4a293
      Axel Lin authored
      Otherwise, WDIOC_GETTIMEOUT returns wrong value if set_timeout fails.
      This patch also removes unnecessary ret variable in da9055_wdt_ping function.
      Signed-off-by: default avatarAxel Lin <axel.lin@ingics.com>
      Signed-off-by: default avatarWim Van Sebroeck <wim@iguana.be>
      98e4a293
    • Axel Lin's avatar
      watchdog: da9055: Fix invalid free of devm_ allocated data · ee8c94ad
      Axel Lin authored
      It is not required to free devm_ allocated data. Since kref_put
      needs a valid release function, da9055_wdt_release_resources()
      is not deleted.
      Signed-off-by: default avatarAxel Lin <axel.lin@ingics.com>
      Signed-off-by: default avatarWim Van Sebroeck <wim@iguana.be>
      ee8c94ad
  6. 30 Dec, 2012 9 commits
    • Linus Torvalds's avatar
      Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux · 4a490b78
      Linus Torvalds authored
      Pull DRM update from Dave Airlie:
       "This is a bit larger due to me not bothering to do anything since
        before Xmas, and other people working too hard after I had clearly
        given up.
      
        It's got the 3 main x86 driver fixes pulls, and a bunch of tegra
        fixes, doesn't fix the Ironlake bug yet, but that does seem to be
        getting closer.
      
         - radeon: gpu reset fixes and userspace packet support
         - i915: watermark fixes, workarounds, i830/845 fix,
         - nouveau: nvd9/kepler microcode fixes, accel is now enabled and
           working, gk106 support
         - tegra: misc fixes."
      
      * 'drm-next' of git://people.freedesktop.org/~airlied/linux: (34 commits)
        Revert "drm: tegra: protect DC register access with mutex"
        drm: tegra: program only one window during modeset
        drm: tegra: clean out old gem prototypes
        drm: tegra: remove redundant tegra2_tmds_config entry
        drm: tegra: protect DC register access with mutex
        drm: tegra: don't leave clients host1x member uninitialized
        drm: tegra: fix front_porch <-> back_porch mixup
        drm/nve0/graph: fix fuc, and enable acceleration on all known chipsets
        drm/nvc0/graph: fix fuc, and enable acceleration on GF119
        drm/nouveau/bios: cache ramcfg strap on later chipsets
        drm/nouveau/mxm: silence output if no bios data
        drm/nouveau/bios: parse/display extra version component
        drm/nouveau/bios: implement opcode 0xa9
        drm/nouveau/bios: update gpio parsing apis to match current design
        drm/nouveau: initial support for GK106
        drm/radeon: add WAIT_UNTIL to evergreen VM safe reg list
        drm/i915: disable shrinker lock stealing for create_mmap_offset
        drm/i915: optionally disable shrinker lock stealing
        drm/i915: fix flags in dma buf exporting
        drm/radeon: add support for MEM_WRITE packet
        ...
      4a490b78
    • Linus Torvalds's avatar
      Merge tag 'omap-late-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 8d91a42e
      Linus Torvalds authored
      Pull late ARM cleanups for omap from Olof Johansson:
       "From Tony Lindgren:
      
        Here are few more patches to finish the omap changes for multiplatform
        conversion that are not strictly fixes, but were too complex to do
        with the dependencies during the merge window.  Those are to move of
        serial-omap.h to platform_data, and the removal of remaining
        cpu_is_omap macro usage outside mach-omap2.
      
        Then there are several trivial fixes for typos and few minimal
        omap2plus_defconfig updates."
      
      * tag 'omap-late-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        arch/arm/mach-omap2/dpll3xxx.c: drop if around WARN_ON
        OMAP2: Fix a typo - replace regist with register.
        ARM/omap: use module_platform_driver macro
        ARM: OMAP2+: PMU: Remove unused header
        ARM: OMAP4: remove duplicated include from omap_hwmod_44xx_data.c
        ARM: OMAP2+: omap2plus_defconfig: enable twl4030 SoC audio
        ARM: OMAP2+: omap2plus_defconfig: Add tps65217 support
        ARM: OMAP2+: enable devtmpfs and devtmpfs automount
        ARM: OMAP2+: omap_twl: Change TWL4030_MODULE_PM_RECEIVER to TWL_MODULE_PM_RECEIVER
        ARM: OMAP2+: Drop plat/cpu.h for omap2plus
        ARM: OMAP: Split fb.c to remove last remaining cpu_is_omap usage
        MAINTAINERS: Add an entry for omap related .dts files
      8d91a42e
    • Linus Torvalds's avatar
      Merge tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 4fe2dfab
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "It's been quiet over the holidays, but we have had a couple of trivial
        fixes coming in for the newly introduced sunxi platform; one to add it
        to the multiplatform defconfig for build coverage, and one fixup for
        device tree strings."
      
      * tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        sunxi: Change the machine compatible string.
        ARM: multi_v7_defconfig: Add ARCH_SUNXI
      4fe2dfab
    • Dave Airlie's avatar
      Revert "drm: tegra: protect DC register access with mutex" · d5757dbe
      Dave Airlie authored
      This reverts commit 83c0bcb6.
      
      Lucas pointed out this was a mistake, and I missed the discussion,
      so just revert it out to save a rebase.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      d5757dbe
    • Lucas Stach's avatar
      drm: tegra: program only one window during modeset · 500df2e5
      Lucas Stach authored
      The intention is to program exactly WIN_A, not WIN_A and possibly
      others.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      500df2e5
    • Lucas Stach's avatar
      drm: tegra: clean out old gem prototypes · e39250aa
      Lucas Stach authored
      There is no gem.c anymore, those functions are implemented by the
      drm_cma_helpers now.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      e39250aa
    • Lucas Stach's avatar
      drm: tegra: remove redundant tegra2_tmds_config entry · fa416ddc
      Lucas Stach authored
      The 720p and 1080p entries are completely redundant, as we are matching
      the table entries against <=pclk.
      Also generalize the comment, as we are using those table entries even
      when driving other modes than the standard TV ones.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      fa416ddc
    • Lucas Stach's avatar
      drm: tegra: protect DC register access with mutex · 83c0bcb6
      Lucas Stach authored
      Window properties are programmed through a shared aperture and have to
      happen atomically. Also we do the read-update-write dance on some of the
      shared regs.
      To make sure that different functions don't stumble over each other
      protect the register access with a mutex.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      83c0bcb6
    • Lucas Stach's avatar
      drm: tegra: don't leave clients host1x member uninitialized · 4026bfb3
      Lucas Stach authored
      No real problem for now, as nothing is using this, but leaving it
      unitialized is asking for trouble later on.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      4026bfb3