Stephen Smalley [Tue, 19 May 2015 17:59:12 +0000 (13:59 -0400)]
selinux: enable per-file labeling for debugfs files.
upstream commit
6f29997f4a3117169eeabd41dbea4c1bd94a739c
Add support for per-file labeling of debugfs files so that
we can distinguish them in policy. This is particularly
important in Android where certain debugfs files have to be writable
by apps and therefore the debugfs directory tree can be read and
searched by all.
Since debugfs is entirely kernel-generated, the directory tree is
immutable by userspace, and the inodes are pinned in memory, we can
simply use the same approach as with proc and label the inodes from
policy based on pathname from the root of the debugfs filesystem.
Generalize the existing labeling support used for proc and reuse it
for debugfs too.
[sds: Back-ported to 3.10. superblock_security_struct flags field
is only unsigned char in 3.10 so we have to redefine SE_SBGENFS.
However, this definition is kernel-private, not exposed to userspace
or stored anywhere persistent.]
Change-Id: I6460fbed6bb6bd36eb8554ac8c4fdd574edf3b07
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Theodore Ts'o [Thu, 14 May 2015 22:37:30 +0000 (18:37 -0400)]
ext4: don't save the error information if the block device is read-only
Google-Bug-Id:
20939131
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Ruchi Kandoi [Thu, 7 May 2015 17:18:55 +0000 (10:18 -0700)]
suspend: Return error when pending wakeup source is found.
If a wakeup source is found to be pending in the last stage of suspend
after syscore suspend then the device doesn't suspend but the error is
not propogated which causes an error in the accounting for the number
of suspend aborts and successful suspends.
Change-Id: Ib63b4ead755127eaf03e3b303aab3c782ad02ed1
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Jin Qian [Tue, 12 May 2015 00:57:52 +0000 (17:57 -0700)]
proc: uid_cputime: fix show_uid_stat permission
Change-Id: Ice9084e39da599261df0be6dc305b817b50cfbbf
Signed-off-by: Jin Qian <jinqian@google.com>
jinqian [Tue, 14 Apr 2015 20:47:35 +0000 (13:47 -0700)]
power: increment wakeup_count when save_wakeup_count failed.
user-space aborts suspend attempt if writing wakeup_count failed.
Count the write failure towards wakeup_count.
Signed-off-by: jinqian <jinqian@google.com>
Change-Id: Ic0123ac7ef31564700b1f6b5f2234275ac104244
jinqian [Mon, 13 Apr 2015 21:12:47 +0000 (14:12 -0700)]
power: validate wakeup source before activating it.
A rogue wakeup source not registered in wakeup_sources list is not visible
from wakeup_sources_stats_show. Check if the wakeup source is registered
properly by looking at the timer struct.
Signed-off-by: jinqian <jinqian@google.com>
Change-Id: Id4b2fdb3cf7fecb2fe7576b2305cd337974665c9
Colin Cross [Wed, 22 Apr 2015 21:38:42 +0000 (14:38 -0700)]
android: fiq_debugger: fix cut-off help message
fiq_debugger_printf has a 256 byte limit, which was causing the help
lines for "kmsg" and "version" to be dropped. Split the long string
into two calls.
Change-Id: I55f9f030247cc16d13ae6236736311a5ef0c7aa0
Signed-off-by: Colin Cross <ccross@android.com>
David S. Miller [Sat, 2 May 2015 02:02:47 +0000 (22:02 -0400)]
ipv4: Missing sk_nulls_node_init() in ping_unhash().
If we don't do that, then the poison value is left in the ->pprev
backlink.
This can cause crashes if we do a disconnect, followed by a connect().
Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Wen Xu <hotdog3645@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug:
20770158
Change-Id: I944eb20fddea190892c2da681d934801d268096b
Greg Hackmann [Thu, 30 Apr 2015 18:05:21 +0000 (11:05 -0700)]
android: base-cfg: add ALSA
base-cfg enables USB gadget support, which includes USB audio, which
depends on ALSA
Change-Id: Icc9a80bebb7e838715d679a096faba761a937333
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Greg Hackmann [Thu, 30 Apr 2015 18:02:44 +0000 (11:02 -0700)]
usb: gadget: add audio dependencies to USB_G_ANDROID
Since the Android gadget is a superset of the audio and MIDI gadgets, it
needs to take on their dependencies too
Change-Id: Ib7444962dcdb197e8b7ad66f7a41f7bc40879d2c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Jeff Vander Stoep [Wed, 29 Apr 2015 18:14:23 +0000 (11:14 -0700)]
SELinux: ss: Fix policy write for ioctl operations
Security server omits the type field when writing out the contents of the
avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact
on the running kernel or its loaded policy. Impacts CTS neverallow tests.
Bug:
20665861
Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Ruchi Kandoi [Thu, 23 Apr 2015 19:09:09 +0000 (12:09 -0700)]
nf: IDLETIMER: Adds the uid field in the msg
Message notifications contains an additional uid field. This field
represents the uid that was responsible for waking the radio. And hence
it is present only in notifications stating that the radio is now
active.
Change-Id: I18fc73eada512e370d7ab24fc9f890845037b729
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Bug:
20264396
Stephen Smalley [Wed, 2 Apr 2014 13:10:44 +0000 (09:10 -0400)]
android: configs: Enable SELinux and its dependencies.
Change-Id: I979813b95c0a9a79913df0913e6888f566da5ff1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Jeff Vander Stoep [Tue, 21 Apr 2015 00:45:42 +0000 (17:45 -0700)]
SELinux: use deletion-safe iterator to free list
This code is not exercised by policy version 26, but will be upon
upgrade to policy version 30.
Bug:
18087110
Change-Id: I07c6f34607713294a6a12c43a64d9936f0602200
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
rahul.khandelwal [Fri, 17 Apr 2015 06:15:23 +0000 (11:45 +0530)]
subsystem: CPU FREQUENCY DRIVERS- Set cpu_load calculation on current frequency
In timer, cpu_load is calcuated on target_freq.
cpu_load = loadadjfreq / pcpu->target_freq;
But cpu is actually running on current freq i.e. pcpu->policy->cur. So cpu_load
should be calculated on current frequency.
cpu_load = loadadjfreq / pcpu->policy->cur;
Change-Id: I89db6b68e9f82aa52077f6bf7d819dab74265790
Signed-off-by: rahul.khandelwal <rahul.khandelwal@spreadtrum.com>
Amit Pundir [Tue, 14 Apr 2015 19:10:21 +0000 (00:40 +0530)]
proc: uid_cputime: create uids from kuids
Create uids from kuids using from_kuid_munged(),
otherwise we run into following build error and warnings:
--------------------
CC drivers/misc/uid_cputime.o
drivers/misc/uid_cputime.c: In function ‘uid_stat_show’:
drivers/misc/uid_cputime.c:90:36: error: incompatible type for argument 1 of ‘find_or_register_uid’
drivers/misc/uid_cputime.c:54:26: note: expected ‘uid_t’ but argument is of type ‘kuid_t’
drivers/misc/uid_cputime.c:94:4: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘kuid_t’ [-Wformat]
drivers/misc/uid_cputime.c: In function ‘process_notifier’:
drivers/misc/uid_cputime.c:194:6: error: incompatible types when assigning to type ‘uid_t’ from type ‘kuid_t’
make[2]: *** [drivers/misc/uid_cputime.o] Error 1
--------------------
Change-Id: Ifecb98001f7fe2fac74d1ef3e1abd03d43fc9059
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit
b0f4decae627cf2d74e6f72c7ecb939c77d48625)
Ruchi Kandoi [Wed, 8 Apr 2015 22:42:29 +0000 (15:42 -0700)]
wakeup: Add last wake up source logging for suspend abort reason.
There is a possibility that a wakeup source event is received after
the device prepares to suspend which might cause the suspend to abort.
This patch adds the functionality of reporting the last active wakeup
source which is currently not active but caused the suspend to abort reason
via the /sys/kernel/power/last_wakeup_reason file.
Change-Id: I1760d462f497b33e425f5565cb6cff5973932ec3
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Paul Moore [Tue, 28 Jan 2014 19:45:41 +0000 (14:45 -0500)]
selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types
commit
6a96e15096da6e7491107321cfa660c7c2aa119d upstream.
The SELinux AF_NETLINK/NETLINK_SOCK_DIAG socket class was missing the
SOCK_DIAG_BY_FAMILY definition which caused SELINUX_ERR messages when
the ss tool was run.
# ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 14189 * 14190
u_str ESTAB 0 0 * 14145 * 14144
u_str ESTAB 0 0 * 14151 * 14150
{...}
# ausearch -m SELINUX_ERR
----
time->Thu Jan 23 11:11:16 2014
type=SYSCALL msg=audit(
1390493476.445:374):
arch=
c000003e syscall=44 success=yes exit=40
a0=3 a1=
7fff03aa11f0 a2=28 a3=0 items=0 ppid=1852 pid=1895
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts0 ses=1 comm="ss" exe="/usr/sbin/ss"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(
1390493476.445:374):
SELinux: unrecognized netlink message type=20 for sclass=32
Change-Id: I22218ec620bc3ee6396145f1c2ad8ed222648309
Signed-off-by: Paul Moore <pmoore@redhat.com>
Nicolas Dichtel [Fri, 10 Apr 2015 14:24:28 +0000 (16:24 +0200)]
selinux/nlmsg: add XFRM_MSG_MAPPING
commit
bd2cba07381a6dba60bc1c87ed8b37931d244da1 upstream (net-next).
This command is missing.
Change-Id: Ida52130382e42355e5f3b39134aa61a1ea98026d
Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink")
CC: Martin Willi <martin@strongswan.org>
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Fri, 10 Apr 2015 14:24:27 +0000 (16:24 +0200)]
selinux/nlmsg: add XFRM_MSG_MIGRATE
commit
8d465bb777179c4bea731b828ec484088cc9fbc1 upstream (net-next).
This command is missing.
Change-Id: Id2c9344ca1ab2c96e0b758ad1efb38e16cf23b86
Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Fri, 10 Apr 2015 14:24:26 +0000 (16:24 +0200)]
selinux/nlmsg: add XFRM_MSG_REPORT
commit
b0b59b0056acd6f157a04cc895f7e24692fb08aa upstream (net-next).
This command is missing.
Change-Id: I8fa3b1b9815296d3b001244d2212f79f5654bd01
Fixes: 97a64b4577ae ("[XFRM]: Introduce XFRM_MSG_REPORT.")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 8 Apr 2015 16:36:42 +0000 (18:36 +0200)]
selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO
commit
5b5800fad072133e4a9c2efbf735baaac83dec86 upstream (net-next).
These commands are missing.
Change-Id: I3fd1d3d700592c653e1a5c5199125805d55aaa95
Fixes: 28d8909bc790 ("[XFRM]: Export SAD info.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 8 Apr 2015 16:36:41 +0000 (18:36 +0200)]
selinux/nlmsg: add XFRM_MSG_GETSPDINFO
commit
5e6deebafb45fb271ae6939d48832e920b8fb74e upstream (net-next).
This command is missing.
Change-Id: Id0a0d9bf7a4af98a8f761fec902d1296138a911f
Fixes: ecfd6b183780 ("[XFRM]: Export SPD info")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 8 Apr 2015 16:36:40 +0000 (18:36 +0200)]
selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
commit
2b7834d3e1b828429faa5dc41a480919e52d3f31 upstream (net-next).
This new command is missing.
Change-Id: If511000c19aa9af7220ff775d88ace9834b35dcb
Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Vander Stoep [Wed, 8 Apr 2015 18:27:46 +0000 (11:27 -0700)]
SELinux: per-command whitelisting of ioctls
Extend the generic ioctl permission check with support for per-command
filtering. Source/target/class sets including the ioctl permission may
additionally include a set of commands. Example:
allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 }
auditallow <source> <target>:<class> 0x892A
When ioctl commands are omitted only the permissions are checked. This
feature is intended to provide finer granularity for the ioctl
permission which may be too imprecise in some circumstances. For
example, the same driver may use ioctls to provide important and
benign functionality such as driver version or socket type as well as
dangerous capabilities such as debugging features, read/write/execute
to physical memory or access to sensitive data. Per-command filtering
provides a mechanism to reduce the attack surface of the kernel, and
limit applications to the subset of commands required.
The format of the policy binary has been modified to include ioctl
commands, and the policy version number has been incremented to
POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change.
Bug:
18087110
Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Jeff Vander Stoep [Sat, 4 Apr 2015 23:15:54 +0000 (16:15 -0700)]
security: lsm_audit: add ioctl specific auditing
Add information about ioctl calls to the LSM audit data. Log the
file path and command number.
Bug:
18087110
Change-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
jinqian [Wed, 25 Mar 2015 23:18:44 +0000 (16:18 -0700)]
Power: Report suspend times from last_suspend_time
This node epxorts two values separated by space.
From left to right:
1. time spent in suspend/resume process
2. time spent sleep in suspend state
Change-Id: I2cb9a9408a5fd12166aaec11b935a0fd6a408c63
Sami Tolvanen [Mon, 23 Mar 2015 14:42:55 +0000 (14:42 +0000)]
arm: crypto: Add optimized SHA-256/224
Add Andy Polyakov's optimized assembly and NEON implementations for
SHA-256/224.
The sha256-armv4.pl script for generating the assembly code is from
OpenSSL commit
51f8d095562f36cdaa6893597b5c609e943b0565.
Compared to sha256-generic these implementations have the following
tcrypt speed improvements on Motorola Nexus 6 (Snapdragon 805):
bs b/u sha256-neon sha256-asm
16 16 x1.32 x1.19
64 16 x1.27 x1.15
64 64 x1.36 x1.20
256 16 x1.22 x1.11
256 64 x1.36 x1.19
256 256 x1.59 x1.23
1024 16 x1.21 x1.10
1024 256 x1.65 x1.23
1024 1024 x1.76 x1.25
2048 16 x1.21 x1.10
2048 256 x1.66 x1.23
2048 1024 x1.78 x1.25
2048 2048 x1.79 x1.25
4096 16 x1.20 x1.09
4096 256 x1.66 x1.23
4096 1024 x1.79 x1.26
4096 4096 x1.82 x1.26
8192 16 x1.20 x1.09
8192 256 x1.67 x1.23
8192 1024 x1.80 x1.26
8192 4096 x1.85 x1.28
8192 8192 x1.85 x1.27
Where bs refers to block size and b/u to bytes per update.
Change-Id: I83938010007660f7f3f77f2946c8d22557e3a327
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
jinqian [Wed, 11 Mar 2015 17:44:50 +0000 (10:44 -0700)]
proc: uid: Adds accounting for the cputimes per uid.
Adds proc files /proc/uid_cputime/show_uid_stat and
/proc/uid_cputime/remove_uid_range.
show_uid_stat lists the total utime and stime for the active as well as
terminated processes for each of the uids.
Writing a range of uids to remove_uid_range will delete the accounting
for all the uids within that range.
Change-Id: I21d9210379da730b33ddc1a0ea663c8c9d2ac15b
Mark Salyzyn [Tue, 24 Mar 2015 19:42:35 +0000 (12:42 -0700)]
USB: gadget: android: Integrate f_midi USB MIDI gadget driver part deux
free_ep_req and alloc_ep_req are static open coded and conflicting
in f_midi.c. The exported versions are present in f_sourcesink.c.
Changed names to protect the innocent.
Change-Id: I4aee40054b5715d0532d433d23dea2bccff7ec30
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Mark Salyzyn [Mon, 23 Mar 2015 21:15:38 +0000 (14:15 -0700)]
android: base-cfg: disable ALARM_DEV
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Change-Id: If8d324ffdb4ebd56e5d68876f8e229547e20eaf5
John Stultz [Tue, 27 Jan 2015 15:22:21 +0000 (07:22 -0800)]
staging: Remove logger and alarm-dev from android Makefile
My previous patches deleting logger and alarm-dev from staging
missed the android Makefile.
This patch cleans up the Makefile to remove the now non-existent
files.
Cc: Rom Lemarchand <romlem@google.com>,
Cc: Mark Salyzyn <salyzyn@google.com>,
Cc: Kees Cook <keescook@chromium.org>,
Cc: Android Kernel Team <kernel-team@android.com>,
Cc: Valentin Rothberg <valentinrothberg@gmail.com>,
Cc: Greg Hackmann <ghackmann@google.com>,
Cc: Elliott Hughes <enh@google.com>,
Cc: Todd Poynor <toddpoynor@google.com>,
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug:
13505761
Change-Id: Id8c027ce51a663ee2e9ea2618612921db7cf7635
John Stultz [Tue, 20 Jan 2015 21:42:34 +0000 (13:42 -0800)]
staging: Remove the Android alarm-dev driver
The functionality provided by the Android alarm-dev driver
should now be present in the timerfd interface (thanks to
Greg Hackmann and Todd Poynor).
As of Lollipop, AOSP can make use of the timerfd if
alarm-dev is not present (though a fixup for setting the
rtc time if rtc0 isn't the backing for _ALARM clockids has
been applied post-Lollipop).
Thus, we should be able to remove alarm-dev from staging.
Cc: Greg Hackmann <ghackmann@google.com>
Cc: Elliott Hughes <enh@google.com>
Cc: Todd Poynor <toddpoynor@google.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Acked-by: Mark Salyzyn <salyzyn@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ia905d4b809cc1614ddde01ccb791fc56ac292fa7
John Stultz [Mon, 26 Jan 2015 20:07:32 +0000 (12:07 -0800)]
staging: Remove the Android logger driver
With the relase of Lollipop, Android no longer
requires the logger driver.
There are three patches which the android dev's
still need before they drop logger on all their
devices:
[PATCH v4 1/5] pstores: use scnprintf
[PATCH v2 2/5] pstore: remove superfluous memory size check
[PATCH 3/5] pstore: handle zero-sized prz in series
[PATCH v4 4/5] pstore: add pmsg
[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs
But these seem to have been acked and are hopefully
queued for upstream.
So this patch removes the logger driver from staging.
Cc: Rom Lemarchand <romlem@google.com>,
Cc: Mark Salyzyn <salyzyn@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug:
13505761
Change-Id: I21b6897f01871851e05b6eb53c7c08a1cb597e3d
Greg Hackmann [Mon, 16 Mar 2015 22:17:05 +0000 (15:17 -0700)]
net: ping: fix constness inconsistency in ipv6_chk_addr
The ipv6_chk_addr declarations and implementations aren't consistent
about the dev parameter's constness.
6bc19fb upstream resolved this in
favor of const, so let's do the same here.
This fixes the following warning:
net/ipv6/ping.c: In function 'pingv6_init':
net/ipv6/ping.c:87:27: warning: assignment from incompatible pointer type
pingv6_ops.ipv6_chk_addr = ipv6_chk_addr;
^
Change-Id: Ibd9efd7d489e661f71ab641c981689bf92258b7c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Mike Lockwood [Thu, 29 Jan 2015 21:52:51 +0000 (13:52 -0800)]
USB: gadget: android: Integrate f_midi USB MIDI gadget driver
Change-Id: I4c4b99f9d54314fc31445cf42b825527ca483af9
Signed-off-by: Mike Lockwood <lockwood@google.com>
Mike Lockwood [Thu, 29 Jan 2015 21:43:01 +0000 (13:43 -0800)]
USB: gadget: f_audio_source: Rename symbols to avoid conflicts with f_midi
Change-Id: I424b942d64c9f818351e49ee2150f466b9cc7f84
Signed-off-by: Mike Lockwood <lockwood@google.com>
Mike Lockwood [Thu, 29 Jan 2015 21:37:06 +0000 (13:37 -0800)]
USB: gadget: midi: Fix deadlock unbinding driver while it is in use
Using snd_card_free_when_closed rather than snd_card_free in f_midi_unbind
makes it safe to disable the driver while a userspace client has the
ALSA device open.
Change-Id: Ibc40c01e7b1ce90fc61d3ea654b4816fadfc7ffd
Signed-off-by: Mike Lockwood <lockwood@google.com>
Amit Pundir [Fri, 13 Mar 2015 08:29:47 +0000 (13:59 +0530)]
fs: ecryptfs: readdir: constify actor
actor is a constant in dir_context struct and
because of that we run into following build failure:
----------
fs/ecryptfs/file.c: In function ‘ecryptfs_readdir’:
fs/ecryptfs/file.c:130:2: error: assignment of read-only member ‘actor’
make[2]: *** [fs/ecryptfs/file.o] Error 1
make[1]: *** [fs/ecryptfs] Error 2
make: *** [fs] Error 2
----------
This fix is based on commit:
b2497fc3057a([readdir] constify ->actor)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Jeff Vander Stoep [Wed, 11 Mar 2015 21:32:24 +0000 (14:32 -0700)]
mm: reorder can_do_mlock to fix audit denial
A userspace call to mmap(MAP_LOCKED) may result in the successful locking
of memory while also producing a confusing audit log denial. can_do_mlock
checks capable and rlimit. If either of these return positive
can_do_mlock returns true. The capable check leads to an LSM hook used by
apparmour and selinux which produce the audit denial. Reordering so
rlimit is checked first eliminates the denial on success, only recording a
denial when the lock is unsuccessful as a result of the denial.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Paul Cassella <cassella@cray.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Sami Tolvanen [Thu, 26 Feb 2015 13:47:41 +0000 (13:47 +0000)]
dm-verity: Add modes and emit uevent on corrupted blocks
Add a device specific mode to dm-verity for handling corrupted
blocks:
DM_VERITY_MODE_EIO is the default behavior, where reading a
corrupted block results in -EIO.
DM_VERITY_MODE_LOGGING only logs corrupted blocks, but does
not block the read.
DM_VERITY_MODE_RESTART calls kernel_restart when a corrupted
block is discovered.
Each mode sends a uevent to notify userspace of corruption and
allow further recovery actions.
Defaults to previous behavior, other modes can be enabled with
an optional parameter added to the verity table.
Change-Id: Ib72ae6ccb865594d28f3553bdcc5a40b1d7af390
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Rom Lemarchand [Sat, 7 Mar 2015 17:38:05 +0000 (09:38 -0800)]
proc: make oom adjustment files user read-only
Make oom_adj and oom_score_adj user read-only.
Bug:
19636629
Change-Id: I055bb172d5b4d3d856e25918f3c5de8edf31e4a3
Signed-off-by: Rom Lemarchand <romlem@google.com>
Rom Lemarchand [Sat, 7 Mar 2015 17:33:41 +0000 (09:33 -0800)]
Revert "Grants system server access to /proc/<pid>/oom_adj for Android applications."
This reverts commit
aa3305f2ba5976a95637c69c63409fdf007e1414.
Bug:
19636629
Change-Id: I8dcd6a12cc591cb410d6a799c7e875726495504f
Petr Cermak [Wed, 18 Feb 2015 10:39:10 +0000 (10:39 +0000)]
fs/proc/task_mmu.c: add user-space support for resetting mm->hiwater_rss (peak RSS)
Peak resident size of a process can be reset back to the process's
current rss value by writing "5" to /proc/pid/clear_refs. The driving
use-case for this would be getting the peak RSS value, which can be
retrieved from the VmHWM field in /proc/pid/status, per benchmark
iteration or test scenario.
Origin:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
695f055936938c674473ea071ca7359a863551e7
[akpm@linux-foundation.org: clarify behaviour in documentation]
Signed-off-by: Petr Cermak <petrcermak@chromium.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Primiano Tucci <primiano@chromium.org>
Cc: Petr Cermak <petrcermak@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I543a7640639d9916e813af875003fe3ee3a6bfe0
Lorenzo Colitti [Tue, 3 Mar 2015 14:16:16 +0000 (23:16 +0900)]
net: ping: Return EAFNOSUPPORT when appropriate.
1. For an IPv4 ping socket, ping_check_bind_addr does not check
the family of the socket address that's passed in. Instead,
make it behave like inet_bind, which enforces either that the
address family is AF_INET, or that the family is AF_UNSPEC and
the address is 0.0.0.0.
2. For an IPv6 ping socket, ping_check_bind_addr returns EINVAL
if the socket family is not AF_INET6. Return EAFNOSUPPORT
instead, for consistency with inet6_bind.
3. Make ping_v4_sendmsg and ping_v6_sendmsg return EAFNOSUPPORT
instead of EINVAL if an incorrect socket address structure is
passed in.
4. Make IPv6 ping sockets be IPv6-only. The code does not support
IPv4, and it cannot easily be made to support IPv4 because
the protocol numbers for ICMP and ICMPv6 are different. This
makes connect(::ffff:192.0.2.1) fail with EAFNOSUPPORT instead
of making the socket unusable.
Among other things, this fixes an oops that can be triggered by:
int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
struct sockaddr_in6 sin6 = {
.sin6_family = AF_INET6,
.sin6_addr = in6addr_any,
};
bind(s, (struct sockaddr *) &sin6, sizeof(sin6));
[backport of net
9145736d4862145684009d6a72a6e61324a9439e]
Change-Id: If06ca86d9f1e4593c0d6df174caca3487c57a241
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sergey Senozhatsky [Wed, 11 Sep 2013 21:26:32 +0000 (14:26 -0700)]
lz4: fix compression/decompression signedness mismatch
LZ4 compression and decompression functions require different in
signedness input/output parameters: unsigned char for compression and
signed char for decompression.
Change decompression API to require "(const) unsigned char *".
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Yann Collet <yann.collet.73@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chanho Min [Mon, 8 Jul 2013 23:01:49 +0000 (16:01 -0700)]
lib: add lz4 compressor module
This patchset is for supporting LZ4 compression and the crypto API using
it.
As shown below, the size of data is a little bit bigger but compressing
speed is faster under the enabled unaligned memory access. We can use
lz4 de/compression through crypto API as well. Also, It will be useful
for another potential user of lz4 compression.
lz4 Compression Benchmark:
Compiler: ARM gcc 4.6.4
ARMv7, 1 GHz based board
Kernel: linux 3.4
Uncompressed data Size: 101 MB
Compressed Size compression Speed
LZO 72.1MB 32.1MB/s, 33.0MB/s(UA)
LZ4 75.1MB 30.4MB/s, 35.9MB/s(UA)
LZ4HC 59.8MB 2.4MB/s, 2.5MB/s(UA)
- UA: Unaligned memory Access support
- Latest patch set for LZO applied
This patch:
Add support for LZ4 compression in the Linux Kernel. LZ4 Compression APIs
for kernel are based on LZ4 implementation by Yann Collet and were changed
for kernel coding style.
LZ4 homepage : http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository : http://code.google.com/p/lz4/
svn revision : r90
Two APIs are added:
lz4_compress() support basic lz4 compression whereas lz4hc_compress()
support high compression or CPU performance get lower but compression
ratio get higher. Also, we require the pre-allocated working memory with
the defined size and destination buffer must be allocated with the size of
lz4_compressbound.
[akpm@linux-foundation.org: make lz4_compresshcctx() static]
Signed-off-by: Chanho Min <chanho.min@lge.com>
Cc: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: Bob Pearson <rpearson@systemfabricworks.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Herbert Xu <herbert@gondor.hengli.com.au>
Cc: Yann Collet <yann.collet.73@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kyungsik Lee [Mon, 8 Jul 2013 23:01:45 +0000 (16:01 -0700)]
decompressor: add LZ4 decompressor module
Add support for LZ4 decompression in the Linux Kernel. LZ4 Decompression
APIs for kernel are based on LZ4 implementation by Yann Collet.
Benchmark Results(PATCH v3)
Compiler: Linaro ARM gcc 4.6.2
1. ARMv7, 1.5GHz based board
Kernel: linux 3.4
Uncompressed Kernel Size: 14MB
Compressed Size Decompression Speed
LZO 6.7MB 20.1MB/s, 25.2MB/s(UA)
LZ4 7.3MB 29.1MB/s, 45.6MB/s(UA)
2. ARMv7, 1.7GHz based board
Kernel: linux 3.7
Uncompressed Kernel Size: 14MB
Compressed Size Decompression Speed
LZO 6.0MB 34.1MB/s, 52.2MB/s(UA)
LZ4 6.5MB 86.7MB/s
- UA: Unaligned memory Access support
- Latest patch set for LZO applied
This patch set is for adding support for LZ4-compressed Kernel. LZ4 is a
very fast lossless compression algorithm and it also features an extremely
fast decoder [1].
But we have five of decompressors already and one question which does
arise, however, is that of where do we stop adding new ones? This issue
had been discussed and came to the conclusion [2].
Russell King said that we should have:
- one decompressor which is the fastest
- one decompressor for the highest compression ratio
- one popular decompressor (eg conventional gzip)
If we have a replacement one for one of these, then it should do exactly
that: replace it.
The benchmark shows that an 8% increase in image size vs a 66% increase
in decompression speed compared to LZO(which has been known as the
fastest decompressor in the Kernel). Therefore the "fast but may not be
small" compression title has clearly been taken by LZ4 [3].
[1] http://code.google.com/p/lz4/
[2] http://thread.gmane.org/gmane.linux.kbuild.devel/9157
[3] http://thread.gmane.org/gmane.linux.kbuild.devel/9347
LZ4 homepage: http://fastcompression.blogspot.com/p/lz4.html
LZ4 source repository: http://code.google.com/p/lz4/
Signed-off-by: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Yann Collet <yann.collet.73@gmail.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Phillip Lougher [Thu, 27 Nov 2014 18:48:44 +0000 (18:48 +0000)]
Squashfs: Add LZ4 compression configuration option
Add the glue code, and also update the documentation.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Thu, 27 Nov 2014 06:49:14 +0000 (06:49 +0000)]
Squashfs: add LZ4 compression support
Add support for reading file systems compressed with the
LZ4 compression algorithm.
This patch adds the LZ4 decompressor wrapper code.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Fabian Frederick [Wed, 6 Aug 2014 23:03:52 +0000 (16:03 -0700)]
fs/squashfs/super.c: logging cleanup
- Convert printk to pr_foo()
- Add pr_fmt for future logging entries
- Coalesce formats
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fabian Frederick [Wed, 6 Aug 2014 23:03:50 +0000 (16:03 -0700)]
fs/squashfs/file_direct.c: replace count*size kmalloc by kmalloc_array
kmalloc_array() manages count*sizeof overflow.
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fabian Frederick [Wed, 4 Jun 2014 23:05:52 +0000 (16:05 -0700)]
fs/squashfs/squashfs.h: replace pr_warning by pr_warn
Update the last pr_warning callsite in fs branch
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Theodore Ts'o [Thu, 13 Mar 2014 14:14:33 +0000 (10:14 -0400)]
fs: push sync_filesystem() down to the file system's remount_fs()
Previously, the no-op "mount -o mount /dev/xxx" operation when the
file system is already mounted read-write causes an implied,
unconditional syncfs(). This seems pretty stupid, and it's certainly
documented or guaraunteed to do this, nor is it particularly useful,
except in the case where the file system was mounted rw and is getting
remounted read-only.
However, it's possible that there might be some file systems that are
actually depending on this behavior. In most file systems, it's
probably fine to only call sync_filesystem() when transitioning from
read-write to read-only, and there are some file systems where this is
not needed at all (for example, for a pseudo-filesystem or something
like romfs).
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: linux-fsdevel@vger.kernel.org
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Artem Bityutskiy <dedekind1@gmail.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Evgeniy Dushistov <dushistov@mail.ru>
Cc: Jan Kara <jack@suse.cz>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Anders Larsen <al@alarsen.net>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
Cc: Petr Vandrovec <petr@vandrovec.name>
Cc: xfs@oss.sgi.com
Cc: linux-btrfs@vger.kernel.org
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Cc: codalist@coda.cs.cmu.edu
Cc: linux-ext4@vger.kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net
Cc: fuse-devel@lists.sourceforge.net
Cc: cluster-devel@redhat.com
Cc: linux-mtd@lists.infradead.org
Cc: jfs-discussion@lists.sourceforge.net
Cc: linux-nfs@vger.kernel.org
Cc: linux-nilfs@vger.kernel.org
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: ocfs2-devel@oss.oracle.com
Cc: reiserfs-devel@vger.kernel.org
Phillip Lougher [Sun, 24 Nov 2013 00:40:49 +0000 (00:40 +0000)]
Squashfs: fix failure to unlock pages on decompress error
Direct decompression into the page cache. If we fall back
to using an intermediate buffer (because we cannot grab all the
page cache pages) and we get a decompress fail, we forgot to
release the pages.
Reported-by: Roman Peniaev <r.peniaev@gmail.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Sun, 10 Nov 2013 00:02:29 +0000 (00:02 +0000)]
Squashfs: Check stream is not NULL in decompressor_multi.c
Fix static checker complaint that stream is not checked in
squashfs_decompressor_destroy().
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Phillip Lougher [Wed, 13 Nov 2013 02:04:19 +0000 (02:04 +0000)]
Squashfs: Directly decompress into the page cache for file data
This introduces an implementation of squashfs_readpage_block()
that directly decompresses into the page cache.
This uses the previously added page handler abstraction to push
down the necessary kmap_atomic/kunmap_atomic operations on the
page cache buffers into the decompressors. This enables
direct copying into the page cache without using the slow
kmap/kunmap calls.
The code detects when multiple threads are racing in
squashfs_readpage() to decompress the same block, and avoids
this regression by falling back to using an intermediate
buffer.
This patch enhances the performance of Squashfs significantly
when multiple processes are accessing the filesystem simultaneously
because it not only reduces memcopying, but it more importantly
eliminates the lock contention on the intermediate buffer.
Using single-thread decompression.
dd if=file1 of=/dev/null bs=4096 &
dd if=file2 of=/dev/null bs=4096 &
dd if=file3 of=/dev/null bs=4096 &
dd if=file4 of=/dev/null bs=4096
Before:
629145600 bytes (629 MB) copied, 45.8046 s, 13.7 MB/s
After:
629145600 bytes (629 MB) copied, 9.29414 s, 67.7 MB/s
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Phillip Lougher [Thu, 31 Oct 2013 19:24:27 +0000 (19:24 +0000)]
Squashfs: Restructure squashfs_readpage()
Restructure squashfs_readpage() splitting it into separate
functions for datablocks, fragments and sparse blocks.
Move the memcpying (from squashfs cache entry) implementation of
squashfs_readpage_block into file_cache.c
This allows different implementations to be supported.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Phillip Lougher [Mon, 18 Nov 2013 02:59:12 +0000 (02:59 +0000)]
Squashfs: Generalise paging handling in the decompressors
Further generalise the decompressors by adding a page handler
abstraction. This adds helpers to allow the decompressors
to access and process the output buffers in an implementation
independant manner.
This allows different types of output buffer to be passed
to the decompressors, with the implementation specific
aspects handled at decompression time, but without the
knowledge being held in the decompressor wrapper code.
This will allow the decompressors to handle Squashfs
cache buffers, and page cache pages.
This patch adds the abstraction and an implementation for
the caches.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Phillip Lougher [Mon, 18 Nov 2013 02:31:36 +0000 (02:31 +0000)]
Squashfs: add multi-threaded decompression using percpu variable
Add a multi-threaded decompression implementation which uses
percpu variables.
Using percpu variables has advantages and disadvantages over
implementations which do not use percpu variables.
Advantages:
* the nature of percpu variables ensures decompression is
load-balanced across the multiple cores.
* simplicity.
Disadvantages: it limits decompression to one thread per core.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Minchan Kim [Mon, 28 Oct 2013 05:26:30 +0000 (14:26 +0900)]
squashfs: Enhance parallel I/O
Now squashfs have used for only one stream buffer for decompression
so it hurts parallel read performance so this patch supports
multiple decompressor to enhance performance parallel I/O.
Four 1G file dd read on KVM machine which has 2 CPU and 4G memory.
dd if=test/test1.dat of=/dev/null &
dd if=test/test2.dat of=/dev/null &
dd if=test/test3.dat of=/dev/null &
dd if=test/test4.dat of=/dev/null &
old : 1m39s -> new : 9s
* From v1
* Change comp_strm with decomp_strm - Phillip
* Change/add comments - Phillip
Signed-off-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Wed, 13 Nov 2013 02:56:26 +0000 (02:56 +0000)]
Squashfs: Refactor decompressor interface and code
The decompressor interface and code was written from
the point of view of single-threaded operation. In doing
so it mixed a lot of single-threaded implementation specific
aspects into the decompressor code and elsewhere which makes it
difficult to seamlessly support multiple different decompressor
implementations.
This patch does the following:
1. It removes compressor_options parsing from the decompressor
init() function. This allows the decompressor init() function
to be dynamically called to instantiate multiple decompressors,
without the compressor options needing to be read and parsed each
time.
2. It moves threading and all sleeping operations out of the
decompressors. In doing so, it makes the decompressors
non-blocking wrappers which only deal with interfacing with
the decompressor implementation.
3. It splits decompressor.[ch] into decompressor generic functions
in decompressor.[ch], and moves the single threaded
decompressor implementation into decompressor_single.c.
The result of this patch is Squashfs should now be able to
support multiple decompressors by adding new decompressor_xxx.c
files with specialised implementations of the functions in
decompressor_single.c
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Phillip Lougher [Wed, 4 Sep 2013 01:58:12 +0000 (02:58 +0100)]
Squashfs: add corruption check for type in squashfs_readdir()
We read the type field from disk. This value should be sanity
checked for correctness to avoid an out of bounds access when
reading the squashfs_filetype_table array.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Tue, 3 Sep 2013 03:52:52 +0000 (04:52 +0100)]
Squashfs: add corruption check in get_dir_index_using_offset()
We read the size (of the name) field from disk. This value should
be sanity checked for correctness to avoid blindly reading
huge amounts of unnecessary data from disk on corruption.
Note, here we're not actually reading the name into a buffer, but
skipping it, and so corruption doesn't cause buffer overflow, merely
lots of unnecessary amounts of data to be read.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Tue, 3 Sep 2013 03:38:43 +0000 (04:38 +0100)]
Squashfs: fix corruption checks in squashfs_readdir()
The dir_count and size fields when read from disk are sanity
checked for correctness. However, the sanity checks only check the
values are not greater than expected. As dir_count and size were
incorrectly defined as signed ints, this can lead to corrupted values
appearing as negative which are not trapped.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Tue, 3 Sep 2013 03:21:52 +0000 (04:21 +0100)]
Squashfs: fix corruption checks in squashfs_lookup()
The dir_count and size fields when read from disk are sanity
checked for correctness. However, the sanity checks only check the
values are not greater than expected. As dir_count and size were
incorrectly defined as signed ints, this can lead to corrupted values
appearing as negative which are not trapped.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Phillip Lougher [Tue, 3 Sep 2013 03:02:53 +0000 (04:02 +0100)]
Squashfs: fix corruption check in get_dir_index_using_name()
Patch "Squashfs: sanity check information from disk" from
Dan Carpenter adds a missing check for corruption in the
"size" field while reading the directory index from disk.
It, however, sets err to -EINVAL, this value is not used later, and
so setting it is completely redundant. So remove it.
Errors in reading the index are deliberately non-fatal. If we
get an error in reading the index we just return the part of the
index we have managed to read - the index isn't essential,
just quicker.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Manish Sharma [Wed, 4 Sep 2013 17:01:23 +0000 (22:31 +0530)]
Squashfs: Optimized uncompressed buffer loop
Merged the two for loops. We might get a little gain by overlapping
wait_on_bh and the memcpy operations.
Signed-off-by: Manish Sharma <manishrma@gmail.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Dan Carpenter [Wed, 17 Jul 2013 12:20:25 +0000 (15:20 +0300)]
Squashfs: sanity check information from disk
We read the size of the name from the disk, but a larger name than
expected would cause memory corruption.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Al Viro [Thu, 23 May 2013 02:22:04 +0000 (22:22 -0400)]
[readdir] constify ->actor
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 15 May 2013 22:49:12 +0000 (18:49 -0400)]
[readdir] introduce ->iterate(), ctx->pos, dir_emit()
New method - ->iterate(file, ctx). That's the replacement for ->readdir();
it takes callback from ctx->actor, uses ctx->pos instead of file->f_pos and
calls dir_emit(ctx, ...) instead of filldir(data, ...). It does *not*
update file->f_pos (or look at it, for that matter); iterate_dir() does the
update.
Note that dir_emit() takes the offset from ctx->pos (and eventually
filldir_t will lose that argument).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Wed, 15 May 2013 17:52:59 +0000 (13:52 -0400)]
[readdir] introduce iterate_dir() and dir_context
iterate_dir(): new helper, replacing vfs_readdir().
struct dir_context: contains the readdir callback (and will get more stuff
in it), embedded into whatever data that callback wants to deal with;
eventually, we'll be passing it to ->readdir() replacement instead of
(data,filldir) pair.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Thu, 16 May 2013 05:17:58 +0000 (01:17 -0400)]
[readdir] convert squashfs
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cong Wang [Tue, 15 Apr 2014 23:25:34 +0000 (16:25 -0700)]
ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif
As suggested by Julian:
Simply, flowi4_iif must not contain 0, it does not
look logical to ignore all ip rules with specified iif.
because in fib_rule_match() we do:
if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
goto out;
flowi4_iif should be LOOPBACK_IFINDEX by default.
We need to move LOOPBACK_IFINDEX to include/net/flow.h:
1) It is mostly used by flowi_iif
2) Fix the following compile error if we use it in flow.h
by the patches latter:
In file included from include/linux/netfilter.h:277:0,
from include/net/netns/netfilter.h:5,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/linux/icmpv6.h:12,
from include/linux/ipv6.h:61,
from include/net/ipv6.h:16,
from include/linux/sunrpc/clnt.h:27,
from include/linux/nfs_fs.h:30,
from init/do_mounts.c:32:
include/net/flow.h: In function ‘flowi4_init_output’:
include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)
[Backport of net-next
6a662719c9868b3d6c7d26b3a085f0cd3cc15e64]
Change-Id: Ib7a0a08d78c03800488afa1b2c170cb70e34cfd9
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Richard Weinberger [Fri, 19 Jul 2013 09:35:32 +0000 (11:35 +0200)]
um: remove dead code
"me" is not used.
[cherry-pick of upstream
9e82d450531c79b18ab18c9b9645cdd9db31ee98]
Change-Id: Ifc3550184931dddf8feebd6c3137e60b97f6a0f1
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Richard Weinberger [Fri, 19 Jul 2013 09:31:36 +0000 (11:31 +0200)]
um: siginfo cleanup
Currently we use both struct siginfo and siginfo_t.
Let's use struct siginfo internally to avoid ongoing
compiler warning. We are allowed to do so because
struct siginfo and siginfo_t are equivalent.
[cherry-pick of upstream
9a8c1359571c5d5e2fbc43cf457a6486b70a70cb]
Change-Id: I564775c9ed515c39ffff7d7d600a85d50291f31d
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Lorenzo Colitti [Thu, 15 May 2014 23:38:41 +0000 (16:38 -0700)]
net: ipv6: make "ip -6 route get mark xyz" work.
Currently, "ip -6 route get mark xyz" ignores the mark passed in
by userspace. Make it honour the mark, just like IPv4 does.
[net-next commit
2e47b291953c35afa4e20a65475954c1a1b9afe1]
Change-Id: Ief6cd1e1b7e43dc0d008b7e692be62cadc5cc7ca
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mark Salyzyn [Mon, 2 Mar 2015 17:04:10 +0000 (09:04 -0800)]
android: base-cfg: turn off /dev/mem and /dev/kmem
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug:
19549480
Change-Id: Icd43da8712efab46aa70590311c0fb170a9e124c
Rom Lemarchand [Fri, 6 Feb 2015 00:07:59 +0000 (16:07 -0800)]
kbuild: make it possible to specify the module output dir
Make modinst_dir user-defined on the command line.
This allows to do things like:
make MODLIB=output/ modinst_dir=. modules_install
to ensure all the .ko are in the output/ directory.
Change-Id: I2bc007eea27ee744d35289e26e4a8ac43ba04151
Signed-off-by: Rom Lemarchand <romlem@android.com>
(cherry picked from commit
ae7f28e5aa168a008c153ccff7cc437066d016c3)
Mohamad Ayyash [Wed, 14 Jan 2015 03:20:44 +0000 (19:20 -0800)]
xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
It prevents a kernel panic when accessing sk->sk_socket fields due to NULLing sk->sk_socket when sock_orphan is called through
sk_common_release.
Change-Id: I4aa46b4e2d8600e4d4ef8dcdd363aa4e6e5f8433
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
(cherry picked from commit
cdea0ebcb8bcfe57688f6cb692b49e550ebd9796)
Sabrina Dubroca [Wed, 10 Sep 2014 21:23:02 +0000 (23:23 +0200)]
ipv6: clean up anycast when an interface is destroyed
If we try to rmmod the driver for an interface while sockets with
setsockopt(JOIN_ANYCAST) are alive, some refcounts aren't cleaned up
and we get stuck on:
unregister_netdevice: waiting for ens3 to become free. Usage count = 1
If we LEAVE_ANYCAST/close everything before rmmod'ing, there is no
problem.
We need to perform a cleanup similar to the one for multicast in
addrconf_ifdown(how == 1).
BUG:
18902601
Change-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Amit Pundir [Fri, 16 Jan 2015 00:11:10 +0000 (05:41 +0530)]
usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[ 136.724761] Unable to handle kernel NULL pointer dereference at virtual address
00000064
[ 136.724809] pgd =
c0204000
[ 136.731924] [
00000064] *pgd=
00000000
[ 136.737830] Internal error: Oops: 5 [#1] SMP ARM
[ 136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
3.18.0-rc4-00400-gf75300e-dirty #76
[ 136.742788] task:
c0fb19d8 ti:
c0fa4000 task.ti:
c0fa4000
[ 136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[ 136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----
This patch adds a test to check if USB Accessory device exists before freeing HIDs.
Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit
32a71bce154cb89a549b9b7d28e8cf03b889d849)
Rom Lemarchand [Sat, 24 Jan 2015 23:08:42 +0000 (15:08 -0800)]
staging: android: ashmem: add missing include
Include <linux/types.h> into ashmem.h to ensure referenced types are defined
Signed-off-by: Rom Lemarchand <romlem@android.com>
Change-Id: Iac18ed86dd47296d02a269607b1514724aaa9958
Jack Pham [Wed, 19 Feb 2014 06:16:19 +0000 (22:16 -0800)]
usb: gadget: android: Save/restore ep0 completion function
The android_setup() function currently gives the f_accessory
setup function first opportunity to handle control requests
in order to support Android Open Accessory (AOA) hosts. That
function makes use of cdev->req and overrides its completion
function, but not in all cases. Thus, if a later request uses
the same request pointer but doesn't (re)set req->complete it
could result in the wrong completion function being called and
causing invalid memory access.
One way to fix this would be to explicitly set req->complete in
all cases but that might require auditing all function drivers
that have ep0 handling. Instead, note that the composite device
had already initially set cdev->req->complete and simply cache
and restore that pointer at the start of android_setup().
Change-Id: I33bcd17bd20687a349d537d1013b52a2afef6996
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Stephen Smalley [Wed, 21 Jan 2015 18:59:39 +0000 (13:59 -0500)]
selinux: Remove obsolete selinux_audit_data initialization.
Commit
899838b25f063a94594b1df6e0100aea1ec57fac eliminated the need
to initialize selinux_audit_data except in the slow path, when it is
handled by slow_avc_audit(). That commit removed all other initializations
of selinux_audit_data but this one remained since the binder security
hooks are not yet upstream (posted them to linux-kernel today).
Change-Id: I735e4500cde23275686cb3208068cbf8dd7bccd7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Paul Moore [Wed, 10 Sep 2014 21:09:57 +0000 (17:09 -0400)]
selinux: make the netif cache namespace aware
While SELinux largely ignores namespaces, for good reason, there are
some places where it needs to at least be aware of namespaces in order
to function correctly. Network namespaces are one example. Basic
awareness of network namespaces are necessary in order to match a
network interface's index number to an actual network device.
This patch corrects a problem with network interfaces added to a
non-init namespace, and can be reproduced with the following commands:
[NOTE: the NetLabel configuration is here only to active the dynamic
networking controls ]
# netlabelctl unlbl add default address:0.0.0.0/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl unlbl add default address:::/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl cipsov4 add pass doi:100 tags:1
# netlabelctl map add domain:lspp_test_netlabel_t \
protocol:cipsov4,100
# ip link add type veth
# ip netns add myns
# ip link set veth1 netns myns
# ip a add dev veth0 10.250.13.100/24
# ip netns exec myns ip a add dev veth1 10.250.13.101/24
# ip l set veth0 up
# ip netns exec myns ip l set veth1 up
# ping -c 1 10.250.13.101
# ip netns exec myns ping -c 1 10.250.13.100
Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Paul Moore [Wed, 19 Mar 2014 20:46:18 +0000 (16:46 -0400)]
selinux: correctly label /proc inodes in use before the policy is loaded
commit
f64410ec665479d7b4b77b7519e814253ed0f686 upstream.
This patch is based on an earlier patch by Eric Paris, he describes
the problem below:
"If an inode is accessed before policy load it will get placed on a
list of inodes to be initialized after policy load. After policy
load we call inode_doinit() which calls inode_doinit_with_dentry()
on all inodes accessed before policy load. In the case of inodes
in procfs that means we'll end up at the bottom where it does:
/* Default to the fs superblock SID. */
isec->sid = sbsec->sid;
if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
if (opt_dentry) {
isec->sclass = inode_mode_to_security_class(...)
rc = selinux_proc_get_sid(opt_dentry,
isec->sclass,
&sid);
if (rc)
goto out_unlock;
isec->sid = sid;
}
}
Since opt_dentry is null, we'll never call selinux_proc_get_sid()
and will leave the inode labeled with the label on the superblock.
I believe a fix would be to mimic the behavior of xattrs. Look
for an alias of the inode. If it can't be found, just leave the
inode uninitialized (and pick it up later) if it can be found, we
should be able to call selinux_proc_get_sid() ..."
On a system exhibiting this problem, you will notice a lot of files in
/proc with the generic "proc_t" type (at least the ones that were
accessed early in the boot), for example:
# ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
system_u:object_r:proc_t:s0 /proc/sys/kernel/shmmax
However, with this patch in place we see the expected result:
# ls -Z /proc/sys/kernel/shmmax | awk '{ print $4 " " $5 }'
system_u:object_r:sysctl_kernel_t:s0 /proc/sys/kernel/shmmax
Change-Id: I7742b4b7e53b45e4dd13d99c39553a927aa4a7e9
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Stephen Smalley [Mon, 6 Oct 2014 20:32:52 +0000 (16:32 -0400)]
selinux: fix inode security list corruption
commit
923190d32de4428afbea5e5773be86bea60a9925 upstream.
sb_finish_set_opts() can race with inode_free_security()
when initializing inode security structures for inodes
created prior to initial policy load or by the filesystem
during ->mount(). This appears to have always been
a possible race, but commit
3dc91d4 ("SELinux: Fix possible
NULL pointer dereference in selinux_inode_permission()")
made it more evident by immediately reusing the unioned
list/rcu element of the inode security structure for call_rcu()
upon an inode_free_security(). But the underlying issue
was already present before that commit as a possible use-after-free
of isec.
Shivnandan Kumar reported the list corruption and proposed
a patch to split the list and rcu elements out of the union
as separate fields of the inode_security_struct so that setting
the rcu element would not affect the list element. However,
this would merely hide the issue and not truly fix the code.
This patch instead moves up the deletion of the list entry
prior to dropping the sbsec->isec_lock initially. Then,
if the inode is dropped subsequently, there will be no further
references to the isec.
Change-Id: I7c56670bddbb896f159701651758d2e7f739dff8
Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Paul Moore [Fri, 28 Feb 2014 12:23:24 +0000 (07:23 -0500)]
selinux: put the mmap() DAC controls before the MAC controls
commit
0909c0ae999c325b9d34c6f4710f40730ae3bc24 upstream.
It turns out that doing the SELinux MAC checks for mmap() before the
DAC checks was causing users and the SELinux policy folks headaches
as users were seeing a lot of SELinux AVC denials for the
memprotect:mmap_zero permission that would have also been denied by
the normal DAC capability checks (CAP_SYS_RAWIO).
Example:
# cat mmap_test.c
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <sys/mman.h>
int main(int argc, char *argv[])
{
int rc;
void *mem;
mem = mmap(0x0, 4096,
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
if (mem == MAP_FAILED)
return errno;
printf("mem = %p\n", mem);
munmap(mem, 4096);
return 0;
}
# gcc -g -O0 -o mmap_test mmap_test.c
# ./mmap_test
mem = (nil)
# ausearch -m AVC | grep mmap_zero
type=AVC msg=audit(...): avc: denied { mmap_zero }
for pid=1025 comm="mmap_test"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=memprotect
This patch corrects things so that when the above example is run by a
user without CAP_SYS_RAWIO the SELinux AVC is no longer generated as
the DAC capability check fails before the SELinux permission check.
Change-Id: Ic3b2ef30d13c15ca7c60adbd3c3b93ebe251c7bc
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Paul Moore [Thu, 26 Jun 2014 18:33:56 +0000 (14:33 -0400)]
selinux: reduce the number of calls to synchronize_net() when flushing caches
commit
615e51fdda6f274e94b1e905fcaf6111e0d9aa20 upstream.
When flushing the AVC, such as during a policy load, the various
network caches are also flushed, with each making a call to
synchronize_net() which has shown to be expensive in some cases.
This patch consolidates the network cache flushes into a single AVC
callback which only calls synchronize_net() once for each AVC cache
flush.
Change-Id: I2a7f020748d1adf2b68246f6ef86d0c871adffb7
Reported-by: Jaejyn Shin <flagon22bass@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Mark Salyzyn [Wed, 7 Jan 2015 17:27:15 +0000 (09:27 -0800)]
[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore and debugfs
- add "pstore" and "debugfs" to list of in-core exceptions
- change fstype checks to boolean equation
- change from strncmp to strcmp for checking
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug:
18917345
Bug:
18935184
Change-Id: Ib648f30ce4b5d6c96f11465836d6fee89bec1c72
Richard Haines [Tue, 19 Nov 2013 22:34:23 +0000 (17:34 -0500)]
SELinux: Update policy version to support constraints info
Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow
holding of policy source info for constraints.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 4/5] pstore: add pmsg
A secured user-space accessible pstore object. Writes
to /dev/pmsg0 are appended to the buffer, on reboot
the persistent contents are available in
/sys/fs/pstore/pmsg-ramoops-[ID].
One possible use is syslogd, or other daemon, can
write messages, then on reboot provides a means to
triage user-space activities leading up to a panic
as a companion to the pstore dmesg or console logs.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
v2: switch from snprintf to scnprintf
v3: split out prz_ok checking into PATCH 3/5
replace pmsg_lseek with noop_llseek
use pr_fmt() macro
make write atomic and use a vmalloc'd bounce buffer
v4: use mutex_lock instead of spin_lock.
Change-Id: I82a2a9a989d7583c5fcb65ff520027dc3a034a4c
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH 3/5] pstore: handle zero-sized prz in series
Corrects a problem wih ramoops_pstore_read failing to
return the next in a prz series after first zero-sized
entry, not venturing to the next non-zero entry.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Change-Id: Iedce3b94c13917da33be44e1d80811757774c793
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v2 2/5] pstore: remove superfluous memory size check
All previous checks will fail with error if memory size
is not sufficient to register a zone, so this legacy
check has become redundant.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Kees Cook <keescook@chromium.org>
v2: renumber pmsg series dependencies
Change-Id: Ie21c988ae0b1ebb0dafa6c0c0b069e9cfe1e8506
Mark Salyzyn [Mon, 8 Dec 2014 23:06:52 +0000 (15:06 -0800)]
[PATCH v4 1/5] pstore: use snprintf
No guarantees that the names will not exceed the
name buffer with future adjustments.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Joe Perches <joe@perches.com>
v2: switch from snprintf to scnprintf
v3: remove embedded space
v4: renumber pmsg series dependencies
Change-Id: I161fe8cadc967d74e18cc09b7d60b5b398c92c86
Liu ShuoX [Mon, 17 Mar 2014 00:24:49 +0000 (11:24 +1100)]
pstore: clarify clearing of _read_cnt in ramoops_context
*_read_cnt in ramoops_context need to be cleared during pstore ->open to
support mutli times getting the records. The patch added missed
ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe.
Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>
Cc: Colin Cross <ccross@android.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Change-Id: I98622b2587ed661884e74a7273cfc92ee99eaae3
Micha Kalfon [Tue, 13 Jan 2015 10:12:57 +0000 (12:12 +0200)]
prctl: make PR_SET_TIMERSLACK_PID pid namespace aware
Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the
target pid in the caller's namespace. Otherwise, calls from pid
namespace other than init would fail or affect the wrong task.
Change-Id: I1da15196abc4096536713ce03714e99d2e63820a
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
Micha Kalfon [Tue, 13 Jan 2015 09:47:20 +0000 (11:47 +0200)]
prctl: fix misplaced PR_SET_TIMERSLACK_PID case
The case clause for the PR_SET_TIMERSLACK_PID option was placed inside
the an internal switch statement for PR_MCE_KILL (see commits
37a591d4
and
8ae872f1) . This commit moves it to the right place.
Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea
Signed-off-by: Micha Kalfon <micha@cellrox.com>
Acked-by: Oren Laadan <orenl@cellrox.com>
Stephen Smalley [Mon, 5 Nov 2012 13:15:34 +0000 (08:15 -0500)]
Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.
Change-Id: I34266b66320b6a3df9ac01833d7f94daf742920e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
projects / firefly-linux-kernel-4.4.55.git / log