summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* powerpc: fix strncasecmp prototypeLinus Torvalds2006-03-252-2/+4
| | | | | | It takes a size_t, not an int, as its third argument. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'audit.b3' of ↵Linus Torvalds2006-03-2522-546/+1580
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current * 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
| * [PATCH] fix audit_init failure pathAmy Griffis2006-03-201-1/+2
| | | | | | | | | | | | | | | | | | | | Make audit_init() failure path handle situations where the audit_panic() action is not AUDIT_FAIL_PANIC (default is AUDIT_FAIL_PRINTK). Other uses of audit_sock are not reached unless audit's netlink message handler is properly registered. Bug noticed by Peter Staubach. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end ↵lorenzo@gnu.org2006-03-201-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and audit_format Hi, This is a trivial patch that enables the possibility of using some auditing functions within loadable kernel modules (ie. inside a Linux Security Module). _ Make the audit_log_start, audit_log_end, audit_format and audit_log interfaces available to Loadable Kernel Modules, thus making possible the usage of the audit framework inside LSMs, etc. Signed-off-by: <Lorenzo Hernández García-Hierro <lorenzo@gnu.org>> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] sem2mutex: audit_netlink_semIngo Molnar2006-03-203-12/+13
| | | | | | | | | | | | | | | | | | | | | | | | Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] simplify audit_free() lockingIngo Molnar2006-03-201-3/+7
| | | | | | | | | | | | | | | | | | | | | | Simplify audit_free()'s locking: no need to lock a task that we are tearing down. [the extra locking also caused false positives in the lock validator] Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Fix audit operatorsDustin Kirkland2006-03-201-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Darrel Goeddel initiated a discussion on IRC regarding the possibility of audit_comparator() returning -EINVAL signaling an invalid operator. It is possible when creating the rule to assure that the operator is one of the 6 sane values. Here's a snip from include/linux/audit.h Note that 0 (nonsense) and 7 (all operators) are not valid values for an operator. ... /* These are the supported operators. * 4 2 1 * = > < * ------- * 0 0 0 0 nonsense * 0 0 1 1 < * 0 1 0 2 > * 0 1 1 3 != * 1 0 0 4 = * 1 0 1 5 <= * 1 1 0 6 >= * 1 1 1 7 all operators */ ... Furthermore, prior to adding these extended operators, flagging the AUDIT_NEGATE bit implied !=, and otherwise == was assumed. The following code forces the operator to be != if the AUDIT_NEGATE bit was flipped on. And if no operator was specified, == is assumed. The only invalid condition is if the AUDIT_NEGATE bit is off and all of the AUDIT_EQUAL, AUDIT_LESS_THAN, and AUDIT_GREATER_THAN bits are on--clearly a nonsensical operator. Now that this is handled at rule insertion time, the default -EINVAL return of audit_comparator() is eliminated such that the function can only return 1 or 0. If this is acceptable, let's get this applied to the current tree. :-Dustin -- Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from 9bf0a8e137040f87d1b563336d4194e38fb2ba1a commit)
| * [PATCH] promiscuous modeSteve Grubb2006-03-202-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hi, When a network interface goes into promiscuous mode, its an important security issue. The attached patch is intended to capture that action and send an event to the audit system. The patch carves out a new block of numbers for kernel detected anomalies. These are events that may indicate suspicious activity. Other examples of potential kernel anomalies would be: exceeding disk quota, rlimit violations, changes to syscall entry table. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Add tty to syscall audit recordsSteve Grubb2006-03-201-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hi, >From the RBAC specs: FAU_SAR.1.1 The TSF shall provide the set of authorized RBAC administrators with the capability to read the following audit information from the audit records: <snip> (e) The User Session Identifier or Terminal Type A patch adding the tty for all syscalls is included in this email. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] add/remove rule updateSteve Grubb2006-03-202-8/+10
| | | | | | | | | | | | | | | | | | | | Hi, The following patch adds a little more information to the add/remove rule message emitted by the kernel. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] audit string fields interface + consumerAmy Griffis2006-03-206-145/+448
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated patch to dynamically allocate audit rule fields in kernel's internal representation. Added unlikely() calls for testing memory allocation result. Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST] > Modify audit's kernel-userspace interface to allow the specification > of string fields in audit rules. > > Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
| * [PATCH] SE Linux audit eventsSteve Grubb2006-03-203-6/+23
| | | | | | | | | | | | | | | | | | Attached is a patch that hardwires important SE Linux events to the audit system. Please Apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.cDavid Woodhouse2006-03-201-7/+4
| | | | | | | | Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALLDavid Woodhouse2006-03-206-390/+459
| | | | | | | | | | | | | | | | | | | | This fixes the per-user and per-message-type filtering when syscall auditing isn't enabled. [AV: folded followup fix from the same author] Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Fix IA64 success/failure indication in syscall auditing.David Woodhouse2006-03-201-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | Original 2.6.9 patch and explanation from somewhere within HP via bugzilla... ia64 stores a success/failure code in r10, and the return value (normal return, or *positive* errno) in r8. The patch also sets the exit code to negative errno if it's a failure result for consistency with other architectures. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Miscellaneous bug and warning fixesDustin Kirkland2006-03-204-15/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a couple of bugs revealed in new features recently added to -mm1: * fixes warnings due to inconsistent use of const struct inode *inode * fixes bug that prevent a kernel from booting with audit on, and SELinux off due to a missing function in security/dummy.c * fixes a bug that throws spurious audit_panic() messages due to a missing return just before an error_path label * some reasonable house cleaning in audit_ipc_context(), audit_inode_context(), and audit_log_task_context() Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Capture selinux subject/object context information.Dustin Kirkland2006-03-209-69/+226
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch extends existing audit records with subject/object context information. Audit records associated with filesystem inodes, ipc, and tasks now contain SELinux label information in the field "subj" if the item is performing the action, or in "obj" if the item is the receiver of an action. These labels are collected via hooks in SELinux and appended to the appropriate record in the audit code. This additional information is required for Common Criteria Labeled Security Protection Profile (LSPP). [AV: fixed kmalloc flags use] [folded leak fixes] [folded cleanup from akpm (kfree(NULL)] [folded audit_inode_context() leak fix] [folded akpm's fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT] Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Exclude messages by message typeDustin Kirkland2006-03-203-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add a new, 5th filter called "exclude". - And add a new field AUDIT_MSGTYPE. - Define a new function audit_filter_exclude() that takes a message type as input and examines all rules in the filter. It returns '1' if the message is to be excluded, and '0' otherwise. - Call the audit_filter_exclude() function near the top of audit_log_start() just after asserting audit_initialized. If the message type is not to be audited, return NULL very early, before doing a lot of work. [combined with followup fix for bug in original patch, Nov 4, same author] [combined with later renaming AUDIT_FILTER_EXCLUDE->AUDIT_FILTER_TYPE and audit_filter_exclude() -> audit_filter_type()] Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Collect more inode information during syscall processing.Amy Griffis2006-03-206-28/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch augments the collection of inode info during syscall processing. It represents part of the functionality that was provided by the auditfs patch included in RHEL4. Specifically, it: - Collects information for target inodes created or removed during syscalls. Previous code only collects information for the target inode's parent. - Adds the audit_inode() hook to syscalls that operate on a file descriptor (e.g. fchown), enabling audit to do inode filtering for these calls. - Modifies filtering code to check audit context for either an inode # or a parent inode # matching a given rule. - Modifies logging to provide inode # for both parent and child. - Protect debug info from NULL audit_names.name. [AV: folded a later typo fix from the same author] Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] Pass dentry, not just name, in fsnotify creation hooks.Amy Griffis2006-03-203-10/+11
| | | | | | | | | | | | | | | | The audit hooks (to be added shortly) will want to see dentry->d_inode too, not just the name. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Define new range of userspace messages.Steve Grubb2006-03-203-6/+21
| | | | | | | | | | | | | | | | The attached patch updates various items for the new user space messages. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] Filter rule comparatorsDustin Kirkland2006-03-202-43/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, audit only supports the "=" and "!=" operators in the -F filter rules. This patch reworks the support for "=" and "!=", and adds support for ">", ">=", "<", and "<=". This turned out to be a pretty clean, and simply process. I ended up using the high order bits of the "field", as suggested by Steve and Amy. This allowed for no changes whatsoever to the netlink communications. See the documentation within the patch in the include/linux/audit.h area, where there is a table that explains the reasoning of the bitmask assignments clearly. The patch adds a new function, audit_comparator(left, op, right). This function will perform the specified comparison (op, which defaults to "==" for backward compatibility) between two values (left and right). If the negate bit is on, it will negate whatever that result was. This value is returned. Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] AUDIT: kerneldoc for kernel/audit*.cRandy Dunlap2006-03-202-46/+238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - add kerneldoc for non-static functions; - don't init static data to 0; - limit lines to < 80 columns; - fix long-format style; - delete whitespace at end of some lines; (chrisw: resend and update to current audit-2.6 tree) Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * [PATCH] make vm86 call audit_syscall_exitJason Baron2006-03-202-7/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hi, The motivation behind the patch below was to address messages in /var/log/messages such as: Jan 31 10:54:15 mets kernel: audit(:0): major=252 name_count=0: freeing multiple contexts (1) Jan 31 10:54:15 mets kernel: audit(:0): major=113 name_count=0: freeing multiple contexts (2) I can reproduce by running 'get-edid' from: http://john.fremlin.de/programs/linux/read-edid/. These messages come about in the log b/c the vm86 calls do not exit via the normal system call exit paths and thus do not call 'audit_syscall_exit'. The next system call will then free the context for itself and for the vm86 context, thus generating the above messages. This patch addresses the issue by simply adding a call to 'audit_syscall_exit' from the vm86 code. Besides fixing the above error messages the patch also now allows vm86 system calls to become auditable. This is useful since strace does not appear to properly record the return values from sys_vm86. I think this patch is also a step in the right direction in terms of cleaning up some core auditing code. If we can correct any other paths that do not properly call the audit exit and entries points, then we can also eliminate the notion of context chaining. I've tested this patch by verifying that the log messages no longer appear, and that the audit records for sys_vm86 appear to be correct. Also, 'read_edid' produces itentical output. thanks, -Jason Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/aoe-2.6Linus Torvalds2006-03-259-120/+238
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/gregkh/aoe-2.6: [PATCH] aoe [3/3]: update version to 22 [PATCH] aoe [2/3]: don't request ATA device ID on ATA error [PATCH] aoe [1/3]: support multiple AoE listeners [PATCH] aoe: do not stop retransmit timer when device goes down [PATCH] aoe [8/8]: update driver version number [PATCH] aoe [7/8]: update driver compatibility string [PATCH] aoe [6/8]: update device information on last close [PATCH] aoe [5/8]: allow network interface migration on packet retransmit [PATCH] aoe [4/8]: use less confusing driver name [PATCH] aoe [3/8]: increase allowed outstanding packets [PATCH] aoe [2/8]: support dynamic resizing of AoE devices [PATCH] aoe [1/8]: zero packet data after skb allocation
| * | [PATCH] aoe [3/3]: update version to 22Ed L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | Increase version number to 22. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * | [PATCH] aoe [2/3]: don't request ATA device ID on ATA errorEd L. Cashin2006-03-231-1/+2
| | | | | | | | | | | | | | | | | | | | | On an ATA error response, take the device down instead of sending another ATA device identify command. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * | [PATCH] aoe [1/3]: support multiple AoE listenersEd L. Cashin2006-03-231-17/+5
| | | | | | | | | | | | | | | | | | | | | | | | Always clone incoming skbs, allowing other AoE listeners to exist in the kernel. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe: do not stop retransmit timer when device goes downEd L. Cashin2006-03-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This patch is a bugfix that follows and depends on the eight aoe driver patches sent January 19th. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [8/8]: update driver version numberEd L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | Update aoe driver version number. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [7/8]: update driver compatibility stringEd L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The aoe driver is not compatible with 2.6 kernels older than 2.6.2. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [6/8]: update device information on last closeEd L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of making the user wait or do it manually, refresh device information on its last close by issuing a config query to the device. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [5/8]: allow network interface migration on packet retransmitEd L. Cashin2006-03-231-0/+2
| | | | | | | | | | | | | | | | | | Retransmit to the current network interface for an AoE device. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * | [PATCH] aoe [4/8]: use less confusing driver nameEd L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Users were confused by the driver being called "aoe-2.6-$version". This form looks less like a Linux kernel version number. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [3/8]: increase allowed outstanding packetsEd L. Cashin2006-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Increase the number of AoE packets per device that can be outstanding at one time, increasing performance. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [2/8]: support dynamic resizing of AoE devicesEd L. Cashin2006-03-237-97/+223
| | | | | | | | | | | | | | | | | | | | | | | | | | | Allow the driver to recognize AoE devices that have changed size. Devices not in use are updated automatically, and devices that are in use are updated at user request. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * | [PATCH] aoe [1/8]: zero packet data after skb allocationEd L. Cashin2006-03-231-0/+1
| | | | | | | | | | | | | | | | | | | | | Zero the data in new socket buffers to prevent leaking information. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | Merge git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds2006-03-2569-1869/+2825
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.linux-nfs.org/pub/linux/nfs-2.6: (103 commits) SUNRPC,RPCSEC_GSS: spkm3--fix config dependencies SUNRPC,RPCSEC_GSS: spkm3: import contexts using NID_cast5_cbc LOCKD: Make nlmsvc_traverse_shares return void LOCKD: nlmsvc_traverse_blocks return is unused SUNRPC,RPCSEC_GSS: fix krb5 sequence numbers. NFSv4: Dont list system.nfs4_acl for filesystems that don't support it. SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksum SUNRPC: Ensure rpc_call_async() always calls tk_ops->rpc_release() SUNRPC: Fix memory barriers for req->rq_received NFS: Fix a race in nfs_sync_inode() NFS: Clean up nfs_flush_list() NFS: Fix a race with PG_private and nfs_release_page() NFSv4: Ensure the callback daemon flushes signals SUNRPC: Fix a 'Busy inodes' error in rpc_pipefs NFS, NLM: Allow blocking locks to respect signals NFS: Make nfs_fhget() return appropriate error values NFSv4: Fix an oops in nfs4_fill_super lockd: blocks should hold a reference to the nlm_file NFSv4: SETCLIENTID_CONFIRM should handle NFS4ERR_DELAY/NFS4ERR_RESOURCE NFSv4: Send the delegation stateid for SETATTR calls ...
| * \ \ Merge branch 'linus'Trond Myklebust2006-03-232612-99861/+133272
| |\ \ \
| * \ \ \ Merge branch 'linus'Trond Myklebust2006-03-21318-9982/+20896
| |\ \ \ \
| * | | | | SUNRPC,RPCSEC_GSS: spkm3--fix config dependenciesJ. Bruce Fields2006-03-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add default selection of CRYPTO_CAST5 when selecting RPCSEC_GSS_SPKM3. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | SUNRPC,RPCSEC_GSS: spkm3: import contexts using NID_cast5_cbcJ. Bruce Fields2006-03-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Import the NID_cast5_cbc from the userland context. Not used. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | LOCKD: Make nlmsvc_traverse_shares return voidJ. Bruce Fields2006-03-203-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The nlmsvc_traverse_shares return value is always zero, hence useless. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | LOCKD: nlmsvc_traverse_blocks return is unusedJ. Bruce Fields2006-03-203-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note that we never return non-zero. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | SUNRPC,RPCSEC_GSS: fix krb5 sequence numbers.J. Bruce Fields2006-03-203-6/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a spinlock to ensure unique sequence numbers when creating krb5 gss tokens. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | NFSv4: Dont list system.nfs4_acl for filesystems that don't support it.J. Bruce Fields2006-03-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks to Frank Filz for pointing out that we list system.nfs4_acl extended attribute even on filesystems where we don't actually support nfs4_acl. This is inconsistent with the e.g. ext3 POSIX ACL behaviour, and seems to annoy cp. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksumJ. Bruce Fields2006-03-205-17/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove unnecessary kmalloc of temporary space to hold the md5 result; it's small enough to just put on the stack. This code may be called to process rpc's necessary to perform writes, so there's a potential deadlock whenever we kmalloc() here. After this a couple kmalloc()'s still remain, to be removed soon. This also fixes a rare double-free on error noticed by coverity. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | SUNRPC: Ensure rpc_call_async() always calls tk_ops->rpc_release()Trond Myklebust2006-03-203-21/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently this will not happen if we exit before rpc_new_task() was called. Also fix up rpc_run_task() to do the same (for consistency). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | SUNRPC: Fix memory barriers for req->rq_receivedTrond Myklebust2006-03-202-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to ensure that all writes to the XDR buffers are done before req->rq_received is visible to other processors. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | | | NFS: Fix a race in nfs_sync_inode()Trond Myklebust2006-03-203-30/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kudos to Neil Brown for spotting the problem: "in nfs_sync_inode, there is effectively the sequence: nfs_wait_on_requests nfs_flush_inode nfs_commit_inode This seems a bit racy to me as if the only requests are on the ->commit list, and nfs_commit_inode is called separately after nfs_wait_on_requests completes, and before nfs_commit_inode start (say: by nfs_write_inode) then none of these function will return >0, yet there will be some pending request that aren't waited for." The solution is to search for requests to wait upon, search for dirty requests, and search for uncommitted requests while holding the nfsi->req_lock The patch also cleans up nfs_sync_inode(), getting rid of the redundant FLUSH_WAIT flag. It turns out that we were always setting it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>