1. 24 Apr, 2007 1 commit
  2. 04 Mar, 2007 1 commit
  3. 01 Mar, 2007 1 commit
  4. 14 Feb, 2007 11 commits
  5. 11 Feb, 2007 5 commits
    • Oleg Nesterov's avatar
      [PATCH] _proc_do_string(): fix short reads · 8d060877
      Oleg Nesterov authored
      If you try to read things like /proc/sys/kernel/osrelease with single-byte
      reads, you get just one byte and then EOF.  This is because _proc_do_string()
      assumes that the caller is read()ing into a buffer which is large enough to
      fit the whole string in a single hit.
      
      Fix.
      
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Michael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8d060877
    • Andrew Morton's avatar
      [PATCH] sysctl warning fix · cb799b89
      Andrew Morton authored
      kernel/sysctl.c:2816: warning: 'sysctl_ipc_data' defined but not used
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cb799b89
    • Theodore Ts'o's avatar
      [PATCH] Add TAINT_USER and ability to set taint flags from userspace · 34f5a398
      Theodore Ts'o authored
      Allow taint flags to be set from userspace by writing to
      /proc/sys/kernel/tainted, and add a new taint flag, TAINT_USER, to be used
      when userspace has potentially done something dangerous that might
      compromise the kernel.  This will allow support personnel to ask further
      questions about what may have caused the user taint flag to have been set.
      
      For example, they might examine the logs of the realtime JVM to see if the
      Java program has used the really silly, stupid, dangerous, and
      completely-non-portable direct access to physical memory feature which MUST
      be implemented according to the Real-Time Specification for Java (RTSJ).
      Sigh.  What were those silly people at Sun thinking?
      
      [akpm@osdl.org: build fix]
      [bunk@stusta.de: cleanup]
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      34f5a398
    • Alexey Dobriyan's avatar
      [PATCH] sysctl_{,ms_}jiffies: fix oldlen semantics · 3ee75ac3
      Alexey Dobriyan authored
      currently it's
      1) if *oldlenp == 0,
      	don't writeback anything
      
      2) if *oldlenp >= table->maxlen,
      	don't writeback more than table->maxlen bytes and rewrite *oldlenp
      	don't look at underlying type granularity
      
      3) if 0 < *oldlenp < table->maxlen,
      		*cough*
      	string sysctls don't writeback more than *oldlenp bytes.
      	OK, that's because sizeof(char) == 1
      
      	int sysctls writeback anything in (0, table->maxlen] range
      	Though accept integers divisible by sizeof(int) for writing.
      
      sysctl_jiffies and sysctl_ms_jiffies don't writeback anything but
      sizeof(int), which violates 1) and 2).
      
      So, make sysctl_jiffies and sysctl_ms_jiffies accept
      a) *oldlenp == 0, not doing writeback
      b) *oldlenp >= sizeof(int), writing one integer.
      
      -EINVAL still returned for *oldlenp == 1, 2, 3.
      Signed-off-by: default avatarAlexey Dobriyan <adobriyan@openvz.org>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3ee75ac3
    • Eric Paris's avatar
      [PATCH] make reading /proc/sys/kernel/cap-bould not require CAP_SYS_MODULE · 6ff1b442
      Eric Paris authored
      Reading /proc/sys/kernel/cap-bound requires CAP_SYS_MODULE.  (see
      proc_dointvec_bset in kernel/sysctl.c)
      
      sysctl appears to drive all over proc reading everything it can get it's
      hands on and is complaining when it is being denied access to read
      cap-bound.  Clearly writing to cap-bound should be a sensitive operation
      but requiring CAP_SYS_MODULE to read cap-bound seems a bit to strong.  I
      believe the information could with reasonable certainty be obtained by
      looking at a bunch of the output of /proc/pid/status which has very low
      security protection, so at best we are just getting a little obfuscation of
      information.
      
      Currently SELinux policy has to 'dontaudit' capability checks for
      CAP_SYS_MODULE for things like sysctl which just want to read cap-bound.
      In doing so we also as a byproduct have to hide warnings of potential
      exploits such as if at some time that sysctl actually tried to load a
      module.  I wondered if anyone would have a problem opening cap-bound up to
      read from anyone?
      Acked-by: default avatarChris Wright <chrisw@sous-sol.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6ff1b442
  6. 13 Dec, 2006 1 commit
  7. 10 Dec, 2006 3 commits
  8. 08 Dec, 2006 5 commits
  9. 07 Dec, 2006 3 commits
    • Helge Deller's avatar
      [PATCH] struct seq_operations and struct file_operations constification · 15ad7cdc
      Helge Deller authored
       - move some file_operations structs into the .rodata section
      
       - move static strings from policy_types[] array into the .rodata section
      
       - fix generic seq_operations usages, so that those structs may be defined
         as "const" as well
      
      [akpm@osdl.org: couple of fixes]
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      15ad7cdc
    • BP, Praveen's avatar
      [PATCH] sysctl: string length calculated is wrong if it contains negative numbers · bd9b0bac
      BP, Praveen authored
      In the functions do_proc_dointvec() and do_proc_doulongvec_minmax(),
      there seems to be a bug in string length calculation if string contains
      negative integer.
      
      The console log given below explains the bug. Setting negative values
      may not be a right thing to do for "console log level" but then the test
      (given below) can be used to demonstrate the bug in the code.
      
      # echo "-1 -1 -1 -123456" > /proc/sys/kernel/printk
      # cat /proc/sys/kernel/printk
      -1      -1      -1      -1234
      #
      # echo "-1 -1 -1 123456" > /proc/sys/kernel/printk
      # cat /proc/sys/kernel/printk
      -1      -1      -1      1234
      #
      
      (akpm: the bug is that 123456 gets truncated)
      
      It works as expected if string contains all +ve integers
      
      # echo "1 2 3 4" > /proc/sys/kernel/printk
      # cat /proc/sys/kernel/printk
      1       2       3       4
      #
      
      The patch given below fixes the issue.
      Signed-off-by: default avatarPraveen BP <praveenbp@ti.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      bd9b0bac
    • Ashwin Chaugule's avatar
      [PATCH] new scheme to preempt swap token · 7602bdf2
      Ashwin Chaugule authored
      The new swap token patches replace the current token traversal algo.  The old
      algo had a crude timeout parameter that was used to handover the token from
      one task to another.  This algo, transfers the token to the tasks that are in
      need of the token.  The urgency for the token is based on the number of times
      a task is required to swap-in pages.  Accordingly, the priority of a task is
      incremented if it has been badly affected due to swap-outs.  To ensure that
      the token doesnt bounce around rapidly, the token holders are given a priority
      boost.  The priority of tasks is also decremented, if their rate of swap-in's
      keeps reducing.  This way, the condition to check whether to pre-empt the swap
      token, is a matter of comparing two task's priority fields.
      
      [akpm@osdl.org: cleanups]
      Signed-off-by: default avatarAshwin Chaugule <ashwin.chaugule@celunite.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      7602bdf2
  10. 06 Dec, 2006 1 commit
  11. 06 Nov, 2006 2 commits
    • Eric W. Biederman's avatar
      [PATCH] sysctl: allow a zero ctl_name in the middle of a sysctl table · d99f160a
      Eric W. Biederman authored
      Since it is becoming clear that there are just enough users of the binary
      sysctl interface that completely removing the binary interface from the kernel
      will not be an option for foreseeable future, we need to find a way to address
      the sysctl maintenance issues.
      
      The basic problem is that sysctl requires one central authority to allocate
      sysctl numbers, or else conflicts and ABI breakage occur.  The proc interface
      to sysctl does not have that problem, as names are not densely allocated.
      
      By not terminating a sysctl table until I have neither a ctl_name nor a
      procname, it becomes simple to add sysctl entries that don't show up in the
      binary sysctl interface.  Which allows people to avoid allocating a binary
      sysctl value when not needed.
      
      I have audited the kernel code and in my reading I have not found a single
      sysctl table that wasn't terminated by a completely zero filled entry.  So
      this change in behavior should not affect anything.
      
      I think this mechanism eases the pain enough that combined with a little
      disciple we can solve the reoccurring sysctl ABI breakage.
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      Acked-by: default avatarAlan Cox <alan@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      d99f160a
    • Eric W. Biederman's avatar
      [PATCH] Improve the removed sysctl warnings · 0e009be8
      Eric W. Biederman authored
      Don't warn about libpthread's access to kernel.version.  When it receives
      -ENOSYS it will read /proc/sys/kernel/version.
      
      If anything else shows up print the sysctl number string.
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      Cc: Cal Peake <cp@absolutedigital.net>
      Cc: Alan Cox <alan@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      0e009be8
  12. 20 Oct, 2006 1 commit
  13. 02 Oct, 2006 5 commits