rpms/kernel/FC-3 linux-2.6-appletouch-update.patch, NONE, 1.1 linux-2.6-compile-fixes.patch, NONE, 1.1 linux-2.6-nfs-enoent.patch, NONE, 1.1 linux-2.6-procfs-i_nlink-miscalculate.patch, NONE, 1.1 linux-2.6-selinux-addrlen-checks.patch, NONE, 1.1 linux-2.6-usbhid-wireless-security-lock.patch, NONE, 1.1 linux-2.6-usbmon-deficiency-workaround.patch, NONE, 1.1 linux-2.6-windtunnel-printk.patch, NONE, 1.1 linux-2.6.12-nfsd-ctlbits.patch, NONE, 1.1 linux-2.6.13-rc3-audit-git.patch, NONE, 1.1 .cvsignore, 1.125, 1.126 sources, 1.128, 1.129
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Aug 5 23:17:05 UTC 2005
Author: davej
Update of /cvs/dist/rpms/kernel/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv7876
Modified Files:
.cvsignore sources
Added Files:
linux-2.6-appletouch-update.patch
linux-2.6-compile-fixes.patch linux-2.6-nfs-enoent.patch
linux-2.6-procfs-i_nlink-miscalculate.patch
linux-2.6-selinux-addrlen-checks.patch
linux-2.6-usbhid-wireless-security-lock.patch
linux-2.6-usbmon-deficiency-workaround.patch
linux-2.6-windtunnel-printk.patch
linux-2.6.12-nfsd-ctlbits.patch
linux-2.6.13-rc3-audit-git.patch
Log Message:
new bits from FC4
linux-2.6-appletouch-update.patch:
Documentation/input/appletouch.txt | 84 ++++++
drivers/usb/input/Kconfig | 19 +
drivers/usb/input/Makefile | 1
drivers/usb/input/appletouch.c | 472 ++++++++++++++++++++++++++++++++++++-
4 files changed, 575 insertions(+), 1 deletion(-)
--- NEW FILE linux-2.6-appletouch-update.patch ---
Le lundi 11 juillet 2005 à 13:21 +0200, Vojtech Pavlik a écrit :
> > > This could be quite useful, too, for right and middle button taps (2 and
> > > 3 fingers) - since the Macs lack these buttons.
> >
> > Indeed. But this can be a later improvement, let's make one finger work
> > for now :)
Thanks to Peter Osterlund, I now have 2 and 3 finger tap working.
Please apply the attached patch.
Thanks,
Stelian.
Changes:
* implement detection of 2 and 3 finger tap (thanks to Peter Osterlund)
* moved the static variables into the atp device structure
* print the timestamp in debug messages
Signed-off-by: Stelian Pop <stelian at popies.net>
Documentation/input/appletouch.txt | 84 ++++++
drivers/usb/input/Kconfig | 19 +
drivers/usb/input/Makefile | 1
drivers/usb/input/appletouch.c | 471 +++++++++++++++++++++++++++++++++++++
4 files changed, 575 insertions(+)
Index: linux-2.6.git/drivers/usb/input/Makefile
===================================================================
--- linux-2.6.git.orig/drivers/usb/input/Makefile 2005-07-12 09:47:53.000000000 +0200
+++ linux-2.6.git/drivers/usb/input/Makefile 2005-07-12 09:49:17.000000000 +0200
@@ -39,3 +39,4 @@
obj-$(CONFIG_USB_WACOM) += wacom.o
obj-$(CONFIG_USB_ACECAD) += acecad.o
obj-$(CONFIG_USB_XPAD) += xpad.o
+obj-$(CONFIG_USB_APPLETOUCH) += appletouch.o
Index: linux-2.6.git/drivers/usb/input/Kconfig
===================================================================
--- linux-2.6.git.orig/drivers/usb/input/Kconfig 2005-07-12 09:47:53.000000000 +0200
+++ linux-2.6.git/drivers/usb/input/Kconfig 2005-07-12 09:49:17.000000000 +0200
@@ -259,3 +259,22 @@
To compile this driver as a module, choose M here: the module will be
called ati_remote.
+config USB_APPLETOUCH
+ tristate "Apple USB Touchpad support"
+ depends on USB && INPUT
+ ---help---
+ Say Y here if you want to use an Apple USB Touchpad.
+
+ These are the touchpads that can be found on post-February 2005
+ Apple Powerbooks (prior models have a Synaptics touchpad connected
+ to the ADB bus).
+
+ This driver provides a basic mouse driver but can be interfaced
+ with the synaptics X11 driver to provide acceleration and
+ scrolling in X11.
+
+ For further information, see
+ <file:Documentation/input/appletouch.txt>.
+
+ To compile this driver as a module, choose M here: the
+ module will be called appletouch.
Index: linux-2.6.git/Documentation/input/appletouch.txt
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.git/Documentation/input/appletouch.txt 2005-07-12 10:22:23.000000000 +0200
@@ -0,0 +1,84 @@
+Apple Touchpad Driver (appletouch)
+----------------------------------
+ Copyright (C) 2005 Stelian Pop <stelian at popies.net>
+
+appletouch is a Linux kernel driver for the USB touchpad found on post
+February 2005 Apple Alu Powerbooks.
+
+This driver is derived from Johannes Berg's appletrackpad driver[1], but it has
+been improved in some areas:
+ * appletouch is a full kernel driver, no userspace program is necessary
+ * appletouch can be interfaced with the synaptics X11 driver, in order
+ to have touchpad acceleration, scrolling, etc.
+
+Credits go to Johannes Berg for reverse-engineering the touchpad protocol,
+Frank Arnold for further improvements, and Alex Harper for some additional
+information about the inner workings of the touchpad sensors.
+
+Usage:
+------
+
+In order to use the touchpad in the basic mode, compile the driver and load
+the module. A new input device will be detected and you will be able to read
+the mouse data from /dev/input/mice (using gpm, or X11).
+
+In X11, you can configure the touchpad to use the synaptics X11 driver, which
+will give additional functionalities, like acceleration, scrolling, 2 finger
+tap for middle button mouse emulation, 3 finger tap for right button mouse
+emulation, etc. In order to do this, make sure you're using a recent version of
+the synaptics driver (tested with 0.14.2, available from [2]), and configure a
+new input device in your X11 configuration file (take a look below for an
+example). For additional configuration, see the synaptics driver documentation.
+
+ Section "InputDevice"
+ Identifier "Synaptics Touchpad"
+ Driver "synaptics"
+ Option "SendCoreEvents" "true"
+ Option "Device" "/dev/input/mice"
+ Option "Protocol" "auto-dev"
+ Option "LeftEdge" "0"
+ Option "RightEdge" "850"
+ Option "TopEdge" "0"
+ Option "BottomEdge" "645"
+ Option "MinSpeed" "0.4"
+ Option "MaxSpeed" "1"
+ Option "AccelFactor" "0.02"
+ Option "FingerLow" "0"
+ Option "FingerHigh" "30"
+ Option "MaxTapMove" "20"
+ Option "MaxTapTime" "100"
+ Option "HorizScrollDelta" "0"
+ Option "VertScrollDelta" "30"
+ Option "SHMConfig" "on"
+ EndSection
+
+ Section "ServerLayout"
+ ...
+ InputDevice "Mouse"
+ InputDevice "Synaptics Touchpad"
+ ...
+ EndSection
+
+Fuzz problems:
+--------------
+
+The touchpad sensors are very sensitive to heat, and will generate a lot of
+noise when the temperature changes. This is especially true when you power-on
+the laptop for the first time.
+
+The appletouch driver tries to handle this noise and auto adapt itself, but it
+is not perfect. If finger movements are not recognized anymore, try reloading
+the driver.
+
+You can activate debugging using the 'debug' module parameter. A value of 0
+deactivates any debugging, 1 activates tracing of invalid samples, 2 activates
+full tracing (each sample is being traced):
+ modprobe appletouch debug=1
+ or
+ echo "1" > /sys/module/appletouch/parameters/debug
+
+Links:
+------
+
+[1]: http://johannes.sipsolutions.net/PowerBook/touchpad/
+[2]: http://web.telia.com/~u89404340/touchpad/index.html
Index: linux-2.6.git/drivers/usb/input/appletouch.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.git/drivers/usb/input/appletouch.c 2005-07-12 10:44:56.000000000 +0200
@@ -0,0 +1,471 @@
+/*
+ * Apple USB Touchpad (for post-February 2005 PowerBooks) driver
+ *
+ * Copyright (C) 2001-2004 Greg Kroah-Hartman (greg at kroah.com)
+ * Copyright (C) 2005 Johannes Berg (johannes at sipsolutions.net)
+ * Copyright (C) 2005 Stelian Pop (stelian at popies.net)
+ * Copyright (C) 2005 Frank Arnold (frank at scirocco-5v-turbo.de)
+ * Copyright (C) 2005 Peter Osterlund (petero2 at telia.com)
+ *
+ * Thanks to Alex Harper <basilisk at foobox.net> for his inputs.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/module.h>
+#include <linux/usb.h>
+#include <linux/input.h>
+
+/* Apple has powerbooks which have the keyboard with different Product IDs */
+#define APPLE_VENDOR_ID 0x05AC
+#define ATP_12INCH_ID1 0x030A
+#define ATP_15INCH_ID1 0x020E
+#define ATP_15INCH_ID2 0x020F
+#define ATP_17INCH_ID1 0xFFFF /* XXX need a tester !!! */
+
+#define ATP_DRIVER_VERSION 0x0007 /* 00.07 */
+
+#define ATP_DEVICE(prod) \
+ .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \
+ USB_DEVICE_ID_MATCH_INT_CLASS | \
+ USB_DEVICE_ID_MATCH_INT_PROTOCOL, \
+ .idVendor = APPLE_VENDOR_ID, \
+ .idProduct = (prod), \
+ .bInterfaceClass = 0x03, \
+ .bInterfaceProtocol = 0x02
+
+/* table of devices that work with this driver */
+static struct usb_device_id atp_table [] = {
+ { ATP_DEVICE(ATP_12INCH_ID1) },
+ { ATP_DEVICE(ATP_15INCH_ID1) },
+ { ATP_DEVICE(ATP_15INCH_ID2) },
+#if 0
+ Disabled until someone gives us the real USB id and tests the driver
+ { ATP_DEVICE(ATP_17INCH_ID1) },
+#endif
+ { } /* Terminating entry */
+};
+MODULE_DEVICE_TABLE (usb, atp_table);
+
+/* size of a USB urb transfer */
+#define ATP_DATASIZE 81
+
+/*
+ * number of sensors. Note that only 16 instead of 26 X (horizontal)
+ * sensors exist on 12" and 15" PowerBooks. All models have 16 Y
+ * (vertical) sensors.
+ */
+#define ATP_XSENSORS 26
+#define ATP_YSENSORS 16
+
+/* amount of fuzz this touchpad generates */
+#define ATP_FUZZ 16
+
+/* maximum pressure this driver will report */
+#define ATP_PRESSURE 300
+/*
+ * multiplication factor for the X and Y coordinates.
+ * We try to keep the touchpad aspect ratio while still doing only simple
+ * arithmetics.
+ * The factors below give coordinates like:
+ * 0 <= x < 960 on 12" and 15" Powerbooks
+ * 0 <= x < 1600 on 17" Powerbooks
+ * 0 <= y < 646
+ */
+#define ATP_XFACT 64
+#define ATP_YFACT 43
+
+/*
+ * Threshold for the touchpad sensors. Any change less than ATP_THRESHOLD is
+ * ignored.
+ */
+#define ATP_THRESHOLD 5
+
+/* Structure to hold all of our device specific stuff */
+struct atp {
+ struct usb_device * udev; /* usb device */
+ struct urb * urb; /* usb request block */
+ signed char * data; /* transferred data */
+ int open; /* non-zero if opened */
+ struct input_dev input; /* input dev */
+ int valid; /* are the sensors valid ? */
+ int x_old; /* last reported x/y, */
+ int y_old; /* used for smoothing */
+ /* current value of the sensors */
+ signed char xy_cur[ATP_XSENSORS + ATP_YSENSORS];
+ /* last value of the sensors */
+ signed char xy_old[ATP_XSENSORS + ATP_YSENSORS];
+ /* accumulated sensors */
+ int xy_acc[ATP_XSENSORS + ATP_YSENSORS];
+};
+
+#define dbg_dump(msg, tab) \
+ if (debug > 1) { \
+ int i; \
+ printk("appletouch: %s %lld", msg, (long long)jiffies); \
+ for (i = 0; i < ATP_XSENSORS + ATP_YSENSORS; i++) \
+ printk("%02x ", tab[i]); \
+ printk("\n"); \
+ }
+
+#define dprintk(format, a...) \
+ do { \
+ if (debug) printk(format, ##a); \
+ } while (0)
+
+MODULE_AUTHOR("Johannes Berg, Stelian Pop, Frank Arnold");
+MODULE_DESCRIPTION("Apple PowerBooks USB touchpad driver");
+MODULE_LICENSE("GPL");
+
+static int debug = 1;
+module_param(debug, int, 0644);
+MODULE_PARM_DESC(debug, "Activate debugging output");
+
+static int atp_calculate_abs(int *xy_sensors, int nb_sensors, int fact,
+ int *z, int *fingers)
+{
+ int i;
+ /* values to calculate mean */
+ int pcum = 0, psum = 0;
+
+ *fingers = 0;
+
+ for (i = 0; i < nb_sensors; i++) {
+ if (xy_sensors[i] < ATP_THRESHOLD)
+ continue;
+ if ((i - 1 < 0) || (xy_sensors[i - 1] < ATP_THRESHOLD))
+ (*fingers)++;
+ pcum += xy_sensors[i] * i;
+ psum += xy_sensors[i];
+ }
+
+ if (psum > 0) {
+ *z = psum;
+ return pcum * fact / psum;
+ }
+
+ return 0;
+}
+
+static inline void atp_report_fingers(struct input_dev *input, int fingers)
+{
+ input_report_key(input, BTN_TOOL_FINGER, fingers == 1);
+ input_report_key(input, BTN_TOOL_DOUBLETAP, fingers == 2);
+ input_report_key(input, BTN_TOOL_TRIPLETAP, fingers > 2);
+}
+
+static void atp_complete(struct urb* urb, struct pt_regs* regs)
+{
+ int x, y, x_z, y_z, x_f, y_f;
+ int retval, i;
+ struct atp *dev = urb->context;
+
+ switch (urb->status) {
+ case 0:
+ /* success */
+ break;
+ case -ECONNRESET:
+ case -ENOENT:
+ case -ESHUTDOWN:
+ /* This urb is terminated, clean up */
+ dbg("%s - urb shutting down with status: %d",
+ __FUNCTION__, urb->status);
+ return;
+ default:
+ dbg("%s - nonzero urb status received: %d",
+ __FUNCTION__, urb->status);
+ goto exit;
+ }
+
+ /* drop incomplete datasets */
+ if (dev->urb->actual_length != ATP_DATASIZE) {
+ dprintk("appletouch: incomplete data package.\n");
+ goto exit;
+ }
+
+ /* reorder the sensors values */
+ for (i = 0; i < 8; i++) {
+ /* X values */
+ dev->xy_cur[i ] = dev->data[5 * i + 2];
+ dev->xy_cur[i + 8] = dev->data[5 * i + 4];
+ dev->xy_cur[i + 16] = dev->data[5 * i + 42];
+ if (i < 2)
+ dev->xy_cur[i + 24] = dev->data[5 * i + 44];
+
+ /* Y values */
+ dev->xy_cur[i + 26] = dev->data[5 * i + 1];
+ dev->xy_cur[i + 34] = dev->data[5 * i + 3];
+ }
+
+ dbg_dump("sample", dev->xy_cur);
+
+ if (!dev->valid) {
+ /* first sample */
+ dev->valid = 1;
+ dev->x_old = dev->y_old = -1;
+ memcpy(dev->xy_old, dev->xy_cur, sizeof(dev->xy_old));
+ goto exit;
+ }
+
+ for (i = 0; i < ATP_XSENSORS + ATP_YSENSORS; i++) {
+ /* accumulate the change */
+ signed char change = dev->xy_old[i] - dev->xy_cur[i];
+ dev->xy_acc[i] -= change;
+
+ /* prevent down drifting */
+ if (dev->xy_acc[i] < 0)
+ dev->xy_acc[i] = 0;
+ }
+
+ memcpy(dev->xy_old, dev->xy_cur, sizeof(dev->xy_old));
+
+ dbg_dump("accumulator", dev->xy_acc);
+
+ x = atp_calculate_abs(dev->xy_acc, ATP_XSENSORS,
+ ATP_XFACT, &x_z, &x_f);
+ y = atp_calculate_abs(dev->xy_acc + ATP_XSENSORS, ATP_YSENSORS,
+ ATP_YFACT, &y_z, &y_f);
+
+ if (x && y) {
+ if (dev->x_old != -1) {
+ x = (dev->x_old * 3 + x) >> 2;
+ y = (dev->y_old * 3 + y) >> 2;
+ dev->x_old = x;
+ dev->y_old = y;
+
+ if (debug > 1)
+ printk("appletouch: X: %3d Y: %3d "
+ "Xz: %3d Yz: %3d\n",
+ x, y, x_z, y_z);
+
+ input_report_key(&dev->input, BTN_TOUCH, 1);
+ input_report_abs(&dev->input, ABS_X, x);
+ input_report_abs(&dev->input, ABS_Y, y);
+ input_report_abs(&dev->input, ABS_PRESSURE,
+ min(ATP_PRESSURE, x_z + y_z));
+ atp_report_fingers(&dev->input, max(x_f, y_f));
+ }
+ dev->x_old = x;
+ dev->y_old = y;
+ }
+ else if (!x && !y) {
+
+ dev->x_old = dev->y_old = -1;
+ input_report_key(&dev->input, BTN_TOUCH, 0);
+ input_report_abs(&dev->input, ABS_PRESSURE, 0);
+ atp_report_fingers(&dev->input, 0);
+
+ /* reset the accumulator on release */
+ memset(dev->xy_acc, 0, sizeof(dev->xy_acc));
+ }
+
+ input_report_key(&dev->input, BTN_LEFT, !!dev->data[80]);
+
+ input_sync(&dev->input);
+
+exit:
+ retval = usb_submit_urb(dev->urb, GFP_ATOMIC);
+ if (retval) {
+ err("%s - usb_submit_urb failed with result %d",
+ __FUNCTION__, retval);
+ }
+}
+
+static int atp_open(struct input_dev *input)
+{
+ struct atp *dev = input->private;
+
+ if (usb_submit_urb(dev->urb, GFP_ATOMIC))
+ return -EIO;
+
+ dev->open = 1;
+ return 0;
+}
+
+static void atp_close(struct input_dev *input)
+{
+ struct atp *dev = input->private;
+
+ usb_kill_urb(dev->urb);
+ dev->open = 0;
+}
+
+static int atp_probe(struct usb_interface *iface, const struct usb_device_id *id)
+{
+ struct atp *dev = NULL;
+ struct usb_host_interface *iface_desc;
+ struct usb_endpoint_descriptor *endpoint;
+ int int_in_endpointAddr = 0;
+ int i, retval = -ENOMEM;
+
+ /* allocate memory for our device state and initialize it */
+ dev = kmalloc(sizeof(struct atp), GFP_KERNEL);
+ if (dev == NULL) {
+ err("Out of memory");
+ goto err_kmalloc;
+ }
+ memset(dev, 0, sizeof(struct atp));
+
+ dev->udev = interface_to_usbdev(iface);
+
+ /* set up the endpoint information */
+ /* use only the first interrupt-in endpoint */
+ iface_desc = iface->cur_altsetting;
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
+ endpoint = &iface_desc->endpoint[i].desc;
+ if (!int_in_endpointAddr &&
+ (endpoint->bEndpointAddress & USB_DIR_IN) &&
+ ((endpoint->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
+ == USB_ENDPOINT_XFER_INT)) {
+ /* we found an interrupt in endpoint */
+ int_in_endpointAddr = endpoint->bEndpointAddress;
+ break;
+ }
+ }
+ if (!int_in_endpointAddr) {
+ retval = -EIO;
+ err("Could not find int-in endpoint");
+ goto err_endpoint;
+ }
+
+ /* save our data pointer in this interface device */
+ usb_set_intfdata(iface, dev);
+
+ dev->urb = usb_alloc_urb(0, GFP_KERNEL);
+ if (!dev->urb) {
+ retval = -ENOMEM;
+ goto err_usballoc;
+ }
+ dev->data = usb_buffer_alloc(dev->udev, ATP_DATASIZE, GFP_KERNEL,
+ &dev->urb->transfer_dma);
+ if (!dev->data) {
+ retval = -ENOMEM;
+ goto err_usbbufalloc;
+ }
+ usb_fill_int_urb(dev->urb, dev->udev,
+ usb_rcvintpipe(dev->udev, int_in_endpointAddr),
+ dev->data, ATP_DATASIZE, atp_complete, dev, 1);
+
+ init_input_dev(&dev->input);
+ dev->input.name = "appletouch";
+ dev->input.dev = &iface->dev;
+ dev->input.private = dev;
+ dev->input.open = atp_open;
+ dev->input.close = atp_close;
+
+ dev->input.id.bustype = BUS_USB;
+ dev->input.id.vendor = id->idVendor;
+ dev->input.id.product = id->idProduct;
+ dev->input.id.version = ATP_DRIVER_VERSION;
+
+ set_bit(EV_ABS, dev->input.evbit);
+ if (id->idProduct == ATP_17INCH_ID1)
+ input_set_abs_params(&dev->input, ABS_X, 0,
+ (ATP_XSENSORS - 1) * ATP_XFACT - 1,
+ ATP_FUZZ, 0);
+ else
+ /* 12" and 15" Powerbooks only have 16 x sensors */
+ input_set_abs_params(&dev->input, ABS_X, 0,
+ (16 - 1) * ATP_XFACT - 1,
+ ATP_FUZZ, 0);
+ input_set_abs_params(&dev->input, ABS_Y, 0,
+ (ATP_YSENSORS - 1) * ATP_YFACT - 1,
+ ATP_FUZZ, 0);
+ input_set_abs_params(&dev->input, ABS_PRESSURE, 0, ATP_PRESSURE, 0, 0);
+
+ set_bit(EV_KEY, dev->input.evbit);
+ set_bit(BTN_TOUCH, dev->input.keybit);
+ set_bit(BTN_TOOL_FINGER, dev->input.keybit);
+ set_bit(BTN_TOOL_DOUBLETAP, dev->input.keybit);
+ set_bit(BTN_TOOL_TRIPLETAP, dev->input.keybit);
+ set_bit(BTN_LEFT, dev->input.keybit);
+
+ input_register_device(&dev->input);
+
+ printk(KERN_INFO "input: appletouch connected\n");
+
+ return 0;
+
+err_usbbufalloc:
+ usb_free_urb(dev->urb);
+err_usballoc:
+ usb_set_intfdata(iface, NULL);
+err_endpoint:
+ kfree(dev);
+err_kmalloc:
+ return retval;
+}
+
+static void atp_disconnect(struct usb_interface *iface)
+{
+ struct atp *dev = usb_get_intfdata(iface);
+
+ usb_set_intfdata(iface, NULL);
+ if (dev) {
+ usb_kill_urb(dev->urb);
+ input_unregister_device(&dev->input);
+ usb_free_urb(dev->urb);
+ usb_buffer_free(dev->udev, ATP_DATASIZE,
+ dev->data, dev->urb->transfer_dma);
+ kfree(dev);
+ }
+ printk(KERN_INFO "input: appletouch disconnected\n");
+}
+
+static int atp_suspend(struct usb_interface *iface, pm_message_t message)
+{
+ struct atp *dev = usb_get_intfdata(iface);
+ usb_kill_urb(dev->urb);
+ dev->valid = 0;
+ return 0;
+}
+
+static int atp_resume(struct usb_interface *iface)
+{
+ struct atp *dev = usb_get_intfdata(iface);
+ if (dev->open && usb_submit_urb(dev->urb, GFP_ATOMIC))
+ return -EIO;
+
+ return 0;
+}
+
+static struct usb_driver atp_driver = {
+ .owner = THIS_MODULE,
+ .name = "appletouch",
+ .probe = atp_probe,
+ .disconnect = atp_disconnect,
+ .suspend = atp_suspend,
+ .resume = atp_resume,
+ .id_table = atp_table,
+};
+
+static int __init atp_init(void)
+{
+ return usb_register(&atp_driver);
+}
+
+static void __exit atp_exit(void)
+{
+ usb_deregister(&atp_driver);
+}
+
+module_init(atp_init);
+module_exit(atp_exit);
--
Stelian Pop <stelian at popies.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
--=-UyUB6X7u3ml4bhTm6k8n--
linux-2.6-compile-fixes.patch:
linux-10001/arch/ppc/Makefile | 1 +
linux-10001/arch/ppc/kernel/head.S | 2 +-
linux-10001/arch/ppc/kernel/misc.S | 2 +-
linux-10001/arch/ppc/mm/hashtable.S | 4 ++--
linux-10001/arch/ppc/platforms/pmac_sleep.S | 2 +-
linux-10001/arch/ppc64/Makefile | 2 +-
linux-10001/arch/ppc64/boot/main.c | 1 +
linux-10001/crypto/Makefile | 2 ++
linux-10001/drivers/md/Makefile | 2 ++
linux-10001/include/asm-ppc/ppc_asm.h | 2 +-
linux-10001/include/linux/config.h | 2 +-
linux-10001/scripts/kconfig/Makefile | 2 +-
linux-10001/scripts/reference_discarded.pl | 1 +
linux-10001/sound/core/oss/Makefile | 1 +
linux-2.6.11/drivers/char/agp/hp-agp.c | 3 +--
linux-2.6.11/drivers/firmware/pcdp.c | 1 +
linux-2.6.12/drivers/net/sk98lin/skge.c | 2 ++
17 files changed, 21 insertions(+), 11 deletions(-)
--- NEW FILE linux-2.6-compile-fixes.patch ---
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc/kernel/head.S linux-10001/arch/ppc/kernel/head.S
--- linux-10000/arch/ppc/kernel/head.S
+++ linux-10001/arch/ppc/kernel/head.S
@@ -1512,7 +1512,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_HIGH_B
flush_tlbs:
lis r10, 0x40
1: addic. r10, r10, -0x1000
- tlbie r10
+ tlbie r10,0
blt 1b
sync
blr
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc/kernel/misc.S linux-10001/arch/ppc/kernel/misc.S
--- linux-10000/arch/ppc/kernel/misc.S
+++ linux-10001/arch/ppc/kernel/misc.S
@@ -565,7 +565,7 @@ _GLOBAL(_tlbie)
SYNC_601
isync
#else /* CONFIG_SMP */
- tlbie r3
+ tlbie r3,0
sync
#endif /* CONFIG_SMP */
#endif /* ! CONFIG_40x */
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc/Makefile linux-10001/arch/ppc/Makefile
--- linux-10000/arch/ppc/Makefile
+++ linux-10001/arch/ppc/Makefile
@@ -78,6 +78,7 @@ CPPFLAGS_vmlinux.lds := -Upowerpc
# All the instructions talk about "make bzImage".
bzImage: zImage
+ cp vmlinux arch/ppc/boot/bzImage
boot := arch/$(ARCH)/boot
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc/mm/hashtable.S linux-10001/arch/ppc/mm/hashtable.S
--- linux-10000/arch/ppc/mm/hashtable.S
+++ linux-10001/arch/ppc/mm/hashtable.S
@@ -375,7 +375,7 @@ _GLOBAL(hash_page_patch_A)
*/
andi. r6,r6,_PAGE_HASHPTE
beq+ 10f /* no PTE: go look for an empty slot */
- tlbie r4
+ tlbie r4,0
addis r4,r7,htab_hash_searches at ha
lwz r6,htab_hash_searches at l(r4)
@@ -616,7 +616,7 @@ _GLOBAL(flush_hash_patch_B)
3: li r0,0
STPTE r0,0(r12) /* invalidate entry */
4: sync
- tlbie r4 /* in hw tlb too */
+ tlbie r4,0 /* in hw tlb too */
sync
8: ble cr1,9f /* if all ptes checked */
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc/platforms/pmac_sleep.S linux-10001/arch/ppc/platforms/pmac_sleep.S
--- linux-10000/arch/ppc/platforms/pmac_sleep.S
+++ linux-10001/arch/ppc/platforms/pmac_sleep.S
@@ -340,7 +340,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_HIGH_B
/* Flush all TLBs */
lis r4,0x1000
1: addic. r4,r4,-0x1000
- tlbie r4
+ tlbie r4, 0
blt 1b
sync
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc64/boot/main.c linux-10001/arch/ppc64/boot/main.c
--- linux-10000/arch/ppc64/boot/main.c
+++ linux-10001/arch/ppc64/boot/main.c
@@ -8,6 +8,7 @@
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
+#define __KERNGLUE__
#include "ppc32-types.h"
#include "zlib.h"
#include <linux/elf.h>
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/arch/ppc64/Makefile linux-10001/arch/ppc64/Makefile
--- linux-10000/arch/ppc64/Makefile
+++ linux-10001/arch/ppc64/Makefile
@@ -68,7 +68,7 @@ endif
# Enable unit-at-a-time mode when possible. It shrinks the
# kernel considerably.
-CFLAGS += $(call cc-option,-funit-at-a-time)
+CFLAGS += $(call cc-option,-fno-unit-at-a-time)
head-y := arch/ppc64/kernel/head.o
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/crypto/Makefile linux-10001/crypto/Makefile
--- linux-10000/crypto/Makefile
+++ linux-10001/crypto/Makefile
@@ -35,3 +35,5 @@ obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
obj-$(CONFIG_CRYPTO_SIGNATURE) += signature/
obj-$(CONFIG_CRYPTO_MPILIB) += mpi/
+
+CFLAGS_twofish.o += -fno-schedule-insns
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/drivers/md/Makefile linux-10001/drivers/md/Makefile
--- linux-10000/drivers/md/Makefile
+++ linux-10001/drivers/md/Makefile
@@ -15,6 +15,8 @@ raid6-objs := raid6main.o raid6algos.o r
raid6mmx.o raid6sse1.o raid6sse2.o
hostprogs-y := mktables
+CFLAGS_raid6int8.o += -O2
+
# Note: link order is important. All raid personalities
# and xor.o must come before md.o, as they each initialise
# themselves, and md.o may use the personalities when it
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/include/asm-ppc/ppc_asm.h linux-10001/include/asm-ppc/ppc_asm.h
--- linux-10000/include/asm-ppc/ppc_asm.h
+++ linux-10001/include/asm-ppc/ppc_asm.h
@@ -116,7 +116,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_601)
li r4,1024; \
mtctr r4; \
lis r4,KERNELBASE at h; \
-0: tlbie r4; \
+0: tlbie r4, 0; \
addi r4,r4,0x1000; \
bdnz 0b
#endif
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/include/linux/config.h linux-10001/include/linux/config.h
--- linux-10000/include/linux/config.h
+++ linux-10001/include/linux/config.h
@@ -2,7 +2,7 @@
#define _LINUX_CONFIG_H
#include <linux/autoconf.h>
-#ifndef __KERNEL__
+#if !defined (__KERNEL__) && !defined(__KERNGLUE__)
#error including kernel header in userspace; use the glibc headers instead!
#endif
#endif
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/scripts/kconfig/Makefile linux-10001/scripts/kconfig/Makefile
--- linux-10000/scripts/kconfig/Makefile
+++ linux-10001/scripts/kconfig/Makefile
@@ -126,7 +126,7 @@ QTLIBPATH = $(QTDIR)/lib
# QT needs some extra effort...
$(obj)/.tmp_qtcheck:
- @set -e; for d in $$QTDIR /usr/share/qt* /usr/lib/qt*; do \
+ @set -e; for d in $$QTDIR /usr/share/qt* /usr/lib/qt* /usr/lib64/qt* ; do \
if [ -f $$d/include/qconfig.h ]; then DIR=$$d; break; fi; \
done; \
if [ -z "$$DIR" ]; then \
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/scripts/reference_discarded.pl linux-10001/scripts/reference_discarded.pl
--- linux-10000/scripts/reference_discarded.pl
+++ linux-10001/scripts/reference_discarded.pl
@@ -96,6 +96,7 @@ foreach $object (keys(%object)) {
$from !~ /\.debug_aranges$/ &&
$from !~ /\.debug_ranges$/ &&
$from !~ /\.debug_line$/ &&
+ $from !~ /\.debug_loc$/ &&
$from !~ /\.debug_frame$/ &&
$from !~ /\.exitcall\.exit$/ &&
$from !~ /\.eh_frame$/ &&
diff -urNp --exclude-from=/home/davej/.exclude linux-10000/sound/core/oss/Makefile linux-10001/sound/core/oss/Makefile
--- linux-10000/sound/core/oss/Makefile
+++ linux-10001/sound/core/oss/Makefile
@@ -3,6 +3,7 @@
# Copyright (c) 1999 by Jaroslav Kysela <perex at suse.cz>
#
+CFLAGS_pcm_plugin.o += -g0
snd-mixer-oss-objs := mixer_oss.o
snd-pcm-oss-objs := pcm_oss.o pcm_plugin.o \
--- linux-2.6.11/drivers/firmware/pcdp.c~ 2005-05-28 19:12:41.000000000 -0400
+++ linux-2.6.11/drivers/firmware/pcdp.c 2005-05-28 19:12:51.000000000 -0400
@@ -15,6 +15,7 @@
#include <linux/console.h>
#include <linux/efi.h>
#include <linux/serial.h>
+#include <acpi/actypes.h>
#include "pcdp.h"
static int __init
--- linux-2.6.11/drivers/char/agp/hp-agp.c~ 2005-05-28 19:13:50.000000000 -0400
+++ linux-2.6.11/drivers/char/agp/hp-agp.c 2005-05-28 19:14:14.000000000 -0400
@@ -14,9 +14,8 @@
#include <linux/pci.h>
#include <linux/init.h>
#include <linux/agp_backend.h>
-
+#include <acpi/acpixf.h>
#include <asm/acpi-ext.h>
-
#include "agp.h"
#ifndef log2
--- linux-2.6.12/drivers/net/sk98lin/skge.c~ 2005-08-05 18:52:38.000000000 -0400
+++ linux-2.6.12/drivers/net/sk98lin/skge.c 2005-08-05 18:52:53.000000000 -0400
@@ -5220,8 +5220,10 @@ static struct pci_driver skge_driver = {
.id_table = skge_pci_tbl,
.probe = skge_probe_one,
.remove = __devexit_p(skge_remove_one),
+#ifdef CONFIG_PM
.suspend = skge_suspend,
.resume = skge_resume,
+#endif
};
static int __init skge_init(void)
linux-2.6-nfs-enoent.patch:
namei.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-nfs-enoent.patch ---
The 2.6.10 ext3_get_parent attempts to use ext3_find_entry to look up the
entry "..", which fails for dx directories since ".." is not present in
the directory hash table.
cf https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150759
and https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144556
ext3_get_parent() is IMHO the wrong place to fix this bug as it introduces
a lot of internals from htree into that function. Instead, I think this
should be fixed in ext3_find_entry() as in the below patch. This has the
added advantage that it works for any callers of ext3_find_entry() and not
just ext3_lookup_parent().
I thought I submitted this patch to l-k at one point, but now I can't find
any mention of that in the archives...
Signed-off-by: Andreas Dilger <adilger at clusterfs.com>
Signed-off-by: Stephen Tweedie <sct at redhat.com>
--- linux-2.6.9/fs/ext3/namei.c.=K0000=.orig
+++ linux-2.6.9/fs/ext3/namei.c
@@ -927,8 +927,16 @@ static struct buffer_head * ext3_dx_find
struct inode *dir = dentry->d_parent->d_inode;
sb = dir->i_sb;
- if (!(frame = dx_probe(dentry, NULL, &hinfo, frames, err)))
- return NULL;
+ /* NFS may look up ".." - look at dx_root directory block */
+ if (namelen > 2 || name[0] != '.'||(name[1] != '.' && name[1] != '\0')){
+ if (!(frame = dx_probe(dentry, NULL, &hinfo, frames, err)))
+ return NULL;
+ } else {
+ frame = frames;
+ frame->bh = NULL; /* for dx_release() */
+ frame->at = (struct dx_entry *)frames; /* hack for zero entry*/
+ dx_set_block(frame->at, 0); /* dx_root block is 0 */
+ }
hash = hinfo.hash;
do {
block = dx_get_block(frame->at);
linux-2.6-procfs-i_nlink-miscalculate.patch:
inode.c | 4 ----
root.c | 17 +++++++++--------
2 files changed, 9 insertions(+), 12 deletions(-)
--- NEW FILE linux-2.6-procfs-i_nlink-miscalculate.patch ---
diff -urN linux-2.6.12/fs/proc/inode.c linux-2.6.12-fix/fs/proc/inode.c
--- linux-2.6.12/fs/proc/inode.c 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12-fix/fs/proc/inode.c 2005-07-28 06:55:40.000000000 -0400
@@ -199,10 +199,6 @@
root_inode = proc_get_inode(s, PROC_ROOT_INO, &proc_root);
if (!root_inode)
goto out_no_root;
- /*
- * Fixup the root inode's nlink value
- */
- root_inode->i_nlink += nr_processes();
root_inode->i_uid = 0;
root_inode->i_gid = 0;
s->s_root = d_alloc_root(root_inode);
diff -urN linux-2.6.12/fs/proc/root.c linux-2.6.12-fix/fs/proc/root.c
--- linux-2.6.12/fs/proc/root.c 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12-fix/fs/proc/root.c 2005-07-28 06:54:51.000000000 -0400
@@ -79,16 +79,16 @@
proc_bus = proc_mkdir("bus", NULL);
}
-static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
+static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
+)
{
- /*
- * nr_threads is actually protected by the tasklist_lock;
- * however, it's conventional to do reads, especially for
- * reporting, without any locking whatsoever.
- */
- if (dir->i_ino == PROC_ROOT_INO) /* check for safety... */
- dir->i_nlink = proc_root.nlink + nr_threads;
+ generic_fillattr(dentry->d_inode, stat);
+ stat->nlink = proc_root.nlink + nr_processes();
+ return 0;
+}
+static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
+{
if (!proc_lookup(dir, dentry, nd)) {
return NULL;
}
@@ -133,6 +133,7 @@
*/
static struct inode_operations proc_root_inode_operations = {
.lookup = proc_root_lookup,
+ .getattr = proc_root_getattr,
};
/*
linux-2.6-selinux-addrlen-checks.patch:
hooks.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-selinux-addrlen-checks.patch ---
Index: linux-2.6/security/selinux/hooks.c
===================================================================
RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v
retrieving revision 1.168
diff -u -p -r1.168 hooks.c
--- linux-2.6/security/selinux/hooks.c 20 Jun 2005 15:19:44 -0000 1.168
+++ linux-2.6/security/selinux/hooks.c 28 Jul 2005 13:24:25 -0000
@@ -3123,12 +3123,12 @@ static int selinux_socket_connect(struct
if (sk->sk_family == PF_INET) {
addr4 = (struct sockaddr_in *)address;
- if (addrlen != sizeof(struct sockaddr_in))
+ if (addrlen < sizeof(struct sockaddr_in))
return -EINVAL;
snum = ntohs(addr4->sin_port);
} else {
addr6 = (struct sockaddr_in6 *)address;
- if (addrlen != sizeof(struct sockaddr_in6))
+ if (addrlen < SIN6_LEN_RFC2133)
return -EINVAL;
snum = ntohs(addr6->sin6_port);
}
linux-2.6-usbhid-wireless-security-lock.patch:
hid-core.c | 4 ++++
1 files changed, 4 insertions(+)
--- NEW FILE linux-2.6-usbhid-wireless-security-lock.patch ---
diff -ur linux-2.6.11.orig/drivers/usb/input/hid-core.c linux-2.6.11/drivers/usb/input/hid-core.c
--- linux-2.6.11.orig/drivers/usb/input/hid-core.c 2005-03-02 08:38:10.000000000 +0100
+++ linux-2.6.11/drivers/usb/input/hid-core.c 2005-07-24 19:25:35.000000000 +0200
@@ -1494,6 +1494,9 @@
#define USB_VENDOR_ID_DELORME 0x1163
#define USB_DEVICE_ID_DELORME_EARTHMATE 0x0100
+#define USB_VENDOR_ID_CYPRES 0x04b4
+#define USB_DEVICE_ID_SITECOM_WSL 0x7417
+
static struct hid_blacklist {
__u16 idVendor;
__u16 idProduct;
@@ -1586,6 +1589,7 @@
{ USB_VENDOR_ID_DELORME, USB_DEVICE_ID_DELORME_EARTHMATE, HID_QUIRK_IGNORE },
+ { USB_VENDOR_ID_CYPRESS, USB_DEVICE_ID_SITECOM_WSL, HID_QUIRK_IGNORE },
{ 0, 0 }
};
linux-2.6-usbmon-deficiency-workaround.patch:
transport.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
--- NEW FILE linux-2.6-usbmon-deficiency-workaround.patch ---
We have usbmon enabled now and it's good, but usb-storage moved away
from under me a little bit. It now maps everything for DMA beforehand,
which makes usbmon to miss the SCSI commands and replies.
I am going to address this problem in usbmon, where it belongs, but
it requires some work which is not done.
What do you think about carrying the attached patch for a few months
(I hope to turn around sooner, but you know how that works!)
-- Pete
diff -urp -X dontdiff linux-2.6.12/drivers/usb/storage/transport.c linux-2.6.12-lem/drivers/usb/storage/transport.c
--- linux-2.6.12/drivers/usb/storage/transport.c 2005-06-21 12:58:48.000000000 -0700
+++ linux-2.6.12-lem/drivers/usb/storage/transport.c 2005-07-06 14:00:30.000000000 -0700
@@ -948,8 +948,9 @@ int usb_stor_Bulk_max_lun(struct us_data
int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us)
{
- struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf;
- struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf;
+ /* Offset into iobuf a little in order to defeat pre-set DMA */
+ struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) (us->iobuf + 4);
+ struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) (us->iobuf + 4);
unsigned int transfer_length = srb->request_bufflen;
unsigned int residue;
int result;
@@ -960,7 +961,7 @@ int usb_stor_Bulk_transport(struct scsi_
/* Take care of BULK32 devices; set extra byte to 0 */
if ( unlikely(us->flags & US_FL_BULK32)) {
cbwlen = 32;
- us->iobuf[31] = 0;
+ ((unsigned char *)bcb)[31] = 0;
}
/* set up the command wrapper */
linux-2.6-windtunnel-printk.patch:
therm_windtunnel.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-windtunnel-printk.patch ---
diff -ru kernel-2.6.12.orig/linux-2.6.12/drivers/macintosh/therm_windtunnel.c kernel-2.6.12/linux-2.6.12/drivers/macintosh/therm_windtunnel.c
--- linux-2.6.12/drivers/macintosh/therm_windtunnel.c 2005-07-16 09:26:50.000000000 +0200
+++ linux-2.6.12/drivers/macintosh/therm_windtunnel.c 2005-07-16 09:32:31.000000000 +0200
@@ -168,7 +168,7 @@
/* write_reg( x.fan, 0x24, val, 1 ); */
write_reg( x.fan, 0x25, val, 1 );
write_reg( x.fan, 0x20, 0, 1 );
- print_temp("CPU-temp: ", x.temp );
+ print_temp(KERN_DEBUG "CPU-temp: ", x.temp );
if( x.casetemp )
print_temp(", Case: ", x.casetemp );
printk(", Fan: %d (tuned %+d)\n", 11-fan_setting, x.fan_level-fan_setting );
@@ -191,7 +191,7 @@
casetemp |= (read_reg(x.fan, 0x06, 1) & 0x7) << 5;
if( LOG_TEMP && x.temp != temp ) {
- print_temp("CPU-temp: ", temp );
+ print_temp(KERN_DEBUG "CPU-temp: ", temp );
print_temp(", Case: ", casetemp );
printk(", Fan: %d\n", 11-x.fan_level );
}
linux-2.6.12-nfsd-ctlbits.patch:
fs/nfsd/nfs4state.c | 3 +
fs/nfsd/nfsctl.c | 111 ++++++++++++++++++++++++++++++++++++++++++-
fs/nfsd/nfssvc.c | 92 +++++++++++++++++++++++------------
include/linux/nfsd/syscall.h | 19 +++++++
4 files changed, 192 insertions(+), 33 deletions(-)
--- NEW FILE linux-2.6.12-nfsd-ctlbits.patch ---
--- linux-2.6.12/fs/nfsd/nfs4state.c.orig 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12/fs/nfsd/nfs4state.c 2005-07-25 13:18:04.000000000 -0400
@@ -3256,6 +3256,9 @@ __nfs4_state_shutdown(void)
void
nfs4_state_shutdown(void)
{
+ if (!nfs4_init)
+ return;
+
nfs4_lock_state();
nfs4_release_reclaim();
__nfs4_state_shutdown();
--- linux-2.6.12/fs/nfsd/nfsctl.c.orig 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12/fs/nfsd/nfsctl.c 2005-07-26 06:58:54.000000000 -0400
@@ -23,6 +23,7 @@
#include <linux/seq_file.h>
#include <linux/pagemap.h>
#include <linux/init.h>
+#include <linux/string.h>
#include <linux/nfs.h>
#include <linux/nfsd_idmap.h>
@@ -35,6 +36,10 @@
#include <asm/uaccess.h>
+int nfsd_port = 2049;
+unsigned int nfsd_portbits = 0;
+unsigned int nfsd_versbits = 0;
+
/*
* We have a single directory with 9 nodes in it.
*/
@@ -51,6 +56,8 @@ enum {
NFSD_Fh,
NFSD_Threads,
NFSD_Leasetime,
+ NFSD_Ports,
+ NFSD_Versions,
};
/*
@@ -66,6 +73,8 @@ static ssize_t write_getfs(struct file *
static ssize_t write_filehandle(struct file *file, char *buf, size_t size);
static ssize_t write_threads(struct file *file, char *buf, size_t size);
static ssize_t write_leasetime(struct file *file, char *buf, size_t size);
+static ssize_t write_ports(struct file *file, char *buf, size_t size);
+static ssize_t write_versions(struct file *file, char *buf, size_t size);
static ssize_t (*write_op[])(struct file *, char *, size_t) = {
[NFSD_Svc] = write_svc,
@@ -78,6 +87,8 @@ static ssize_t (*write_op[])(struct file
[NFSD_Fh] = write_filehandle,
[NFSD_Threads] = write_threads,
[NFSD_Leasetime] = write_leasetime,
+ [NFSD_Ports] = write_ports,
+ [NFSD_Versions] = write_versions,
};
static ssize_t nfsctl_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
@@ -256,7 +267,7 @@ static ssize_t write_filehandle(struct f
* qword quoting is used, so filehandle will be \x....
*/
char *dname, *path;
- int maxsize;
+ int maxsize = 0;
char *mesg = buf;
int len;
struct auth_domain *dom;
@@ -325,6 +336,102 @@ static ssize_t write_threads(struct file
sprintf(buf, "%d\n", nfsd_nrthreads());
return strlen(buf);
}
+static ssize_t write_ports(struct file *file, char *buf, size_t size)
+{
+ /*
+ * Format:
+ * family proto proto address port
+ */
+ char *mesg = buf;
+ char *family, *udp, *tcp, *addr;
+ int len, port = 0;
+ ssize_t tlen = 0;
+
+ if (buf[size-1] != '\n')
+ return -EINVAL;
+ buf[size-1] = 0;
+
+ family = mesg;
+ len = qword_get(&mesg, family, size);
+ if (len <= 0) return -EINVAL;
+
+ tlen += len;
+ udp = family+len+1;
+ len = qword_get(&mesg, udp, size);
+ if (len <= 0) return -EINVAL;
+
+ tlen += len;
+ tcp = udp+len+1;
+ len = qword_get(&mesg, tcp, size);
+ if (len <= 0) return -EINVAL;
+
+ tlen += len;
+ addr = tcp+len+1;
+ len = qword_get(&mesg, addr, size);
+ if (len <= 0) return -EINVAL;
+
+ len = get_int(&mesg, &port);
+ if (len)
+ return len;
+
+ tlen += sizeof(port);
+ if (port)
+ nfsd_port = port;
+
+ if (strcmp(tcp, "tcp") == 0 || strcmp(tcp, "TCP") == 0)
+ NFSCTL_TCPSET(nfsd_portbits);
+ else
+ NFSCTL_TCPUNSET(nfsd_portbits);
+
+ if (strcmp(udp, "udp") == 0 || strcmp(udp, "UDP") == 0)
+ NFSCTL_UDPSET(nfsd_portbits);
+ else
+ NFSCTL_UDPUNSET(nfsd_portbits);
+
+ return tlen;
+}
+static ssize_t write_versions(struct file *file, char *buf, size_t size)
+{
+ /*
+ * Format:
+ * [-/+]vers [-/+]vers ...
+ */
+ char *mesg = buf;
+ char *vers, sign;
+ int len, num;
+ ssize_t tlen = 0;
+
+ if (buf[size-1] != '\n')
+ return -EINVAL;
+ buf[size-1] = 0;
+
+ vers = mesg;
+ len = qword_get(&mesg, vers, size);
+ if (len <= 0) return -EINVAL;
+ do {
+ sign = *vers;
+ if (sign == '+' || sign == '-')
+ num = simple_strtol((vers+1), NULL, 0);
+ else
+ num = simple_strtol(vers, NULL, 0);
+ switch(num) {
+ case 2:
+ case 3:
+ case 4:
+ if (sign != '-')
+ NFSCTL_VERSET(nfsd_versbits, num);
+ else
+ NFSCTL_VERUNSET(nfsd_versbits, num);
+ break;
+ default:
+ return -EINVAL;
+ }
+ vers += len + 1;
+ tlen += len;
+ } while ((len = qword_get(&mesg, vers, size)) > 0);
+
+ return tlen;
+}
extern time_t nfs4_leasetime(void);
@@ -370,6 +477,8 @@ static int nfsd_fill_super(struct super_
#ifdef CONFIG_NFSD_V4
[NFSD_Leasetime] = {"nfsv4leasetime", &transaction_ops, S_IWUSR|S_IRUSR},
#endif
+ [NFSD_Ports] = {"ports", &transaction_ops, S_IWUSR|S_IRUSR},
+ [NFSD_Versions] = {"versions", &transaction_ops, S_IWUSR|S_IRUSR},
/* last one */ {""}
};
return simple_fill_super(sb, 0x6e667364, nfsd_files);
--- linux-2.6.12/fs/nfsd/nfssvc.c.orig 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12/fs/nfsd/nfssvc.c 2005-07-25 13:18:04.000000000 -0400
@@ -30,6 +30,7 @@
#include <linux/nfsd/nfsd.h>
#include <linux/nfsd/stats.h>
#include <linux/nfsd/cache.h>
+#include <linux/nfsd/syscall.h>
#include <linux/lockd/bind.h>
#define NFSDDBG_FACILITY NFSDDBG_SVC
@@ -62,6 +63,33 @@ struct nfsd_list {
};
static struct list_head nfsd_list = LIST_HEAD_INIT(nfsd_list);
+extern struct svc_version nfsd_version2, nfsd_version3, nfsd_version4;
+
+static struct svc_version * nfsd_version[] = {
+ [2] = &nfsd_version2,
+#if defined(CONFIG_NFSD_V3)
+ [3] = &nfsd_version3,
+#endif
+#if defined(CONFIG_NFSD_V4)
+ [4] = &nfsd_version4,
+#endif
+};
+
+#define NFSD_MINVERS 2
+#define NFSD_NRVERS (sizeof(nfsd_version)/sizeof(nfsd_version[0]))
+static struct svc_version *nfsd_versions[NFSD_NRVERS];
+
+struct svc_program nfsd_program = {
+ .pg_prog = NFS_PROGRAM, /* program number */
+ .pg_nvers = NFSD_NRVERS, /* nr of entries in nfsd_version */
+ .pg_vers = nfsd_versions, /* version table */
+ .pg_name = "nfsd", /* program name */
+ .pg_class = "nfsd", /* authentication class */
+ .pg_stats = &nfsd_svcstats, /* version table */
+ .pg_authenticate = &svc_set_client, /* export authentication */
+
+};
+
/*
* Maximum number of nfsd processes
*/
@@ -79,16 +107,36 @@ int
nfsd_svc(unsigned short port, int nrservs)
{
int error;
- int none_left;
+ int none_left, found_one, i;
struct list_head *victim;
lock_kernel();
- dprintk("nfsd: creating service\n");
+ dprintk("nfsd: creating service: port %d vers 0x%x proto 0x%x\n",
+ nfsd_port, nfsd_versbits, nfsd_portbits);
error = -EINVAL;
if (nrservs <= 0)
nrservs = 0;
if (nrservs > NFSD_MAXSERVS)
nrservs = NFSD_MAXSERVS;
+
+ /*
+ * If set, use the nfsd_ctlbits to define which
+ * versions that will be advertised
+ */
+ found_one = 0;
+ if (nfsd_versbits) {
+ for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++) {
+ if (NFSCTL_VERISSET(nfsd_versbits, i)) {
+ nfsd_program.pg_vers[i] = nfsd_version[i];
+ found_one = 1;
+ } else
+ nfsd_program.pg_vers[i] = NULL;
+ }
+ }
+ if (!found_one) {
+ for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++)
+ nfsd_program.pg_vers[i] = nfsd_version[i];
+ }
/* Readahead param cache - will no-op if it already exists */
error = nfsd_racache_init(2*nrservs);
@@ -103,14 +151,17 @@ nfsd_svc(unsigned short port, int nrserv
nfsd_serv = svc_create(&nfsd_program, NFSD_BUFSIZE);
if (nfsd_serv == NULL)
goto out;
- error = svc_makesock(nfsd_serv, IPPROTO_UDP, port);
- if (error < 0)
- goto failure;
-
+ if (!nfsd_portbits || NFSCTL_UDPISSET(nfsd_portbits)) {
+ error = svc_makesock(nfsd_serv, IPPROTO_UDP, nfsd_port);
+ if (error < 0)
+ goto failure;
+ }
#ifdef CONFIG_NFSD_TCP
- error = svc_makesock(nfsd_serv, IPPROTO_TCP, port);
- if (error < 0)
- goto failure;
+ if (!nfsd_portbits || NFSCTL_TCPISSET(nfsd_portbits)) {
+ error = svc_makesock(nfsd_serv, IPPROTO_TCP, nfsd_port);
+ if (error < 0)
+ goto failure;
+ }
#endif
do_gettimeofday(&nfssvc_boot); /* record boot time */
} else
@@ -362,26 +413,3 @@ nfsd_dispatch(struct svc_rqst *rqstp, u3
return 1;
}
-extern struct svc_version nfsd_version2, nfsd_version3, nfsd_version4;
-
-static struct svc_version * nfsd_version[] = {
- [2] = &nfsd_version2,
-#if defined(CONFIG_NFSD_V3)
- [3] = &nfsd_version3,
-#endif
-#if defined(CONFIG_NFSD_V4)
- [4] = &nfsd_version4,
-#endif
-};
-
-#define NFSD_NRVERS (sizeof(nfsd_version)/sizeof(nfsd_version[0]))
-struct svc_program nfsd_program = {
- .pg_prog = NFS_PROGRAM, /* program number */
- .pg_nvers = NFSD_NRVERS, /* nr of entries in nfsd_version */
- .pg_vers = nfsd_version, /* version table */
- .pg_name = "nfsd", /* program name */
- .pg_class = "nfsd", /* authentication class */
- .pg_stats = &nfsd_svcstats, /* version table */
- .pg_authenticate = &svc_set_client, /* export authentication */
-
-};
--- linux-2.6.12/include/linux/nfsd/syscall.h.orig 2005-06-17 15:48:29.000000000 -0400
+++ linux-2.6.12/include/linux/nfsd/syscall.h 2005-07-25 13:18:04.000000000 -0400
@@ -39,6 +39,22 @@
#define NFSCTL_GETFD 7 /* get an fh by path (used by mountd) */
#define NFSCTL_GETFS 8 /* get an fh by path with max FH len */
+/*
+ * Macros used to set version and protocol
+ */
+#define NFSCTL_VERSET(_cltbits, _v) ((_cltbits) |= (1 << ((_v) - 1)))
+#define NFSCTL_VERUNSET(_cltbits, _v) ((_cltbits) &= ~(1 << ((_v) - 1)))
+#define NFSCTL_VERISSET(_cltbits, _v) ((_cltbits) & (1 << ((_v) - 1)))
+
+#define NFSCTL_UDPSET(_cltbits) ((_cltbits) |= (1 << (17 - 1)))
+#define NFSCTL_UDPUNSET(_cltbits) ((_cltbits) &= ~(1 << (17 - 1)))
+#define NFSCTL_UDPISSET(_cltbits) ((_cltbits) & (1 << (17 - 1)))
+
+#define NFSCTL_TCPSET(_cltbits) ((_cltbits) |= (1 << (18 - 1)))
+#define NFSCTL_TCPUNSET(_cltbits) ((_cltbits) &= ~(1 << (18 - 1)))
+#define NFSCTL_TCPISSET(_cltbits) ((_cltbits) & (1 << (18 - 1)))
+
+
/* SVC */
struct nfsctl_svc {
unsigned short svc_port;
@@ -120,6 +136,9 @@ extern int exp_delclient(struct nfsctl_
extern int exp_export(struct nfsctl_export *nxp);
extern int exp_unexport(struct nfsctl_export *nxp);
+extern int nfsd_port;
+extern unsigned int nfsd_versbits, nfsd_portbits;
+
#endif /* __KERNEL__ */
#endif /* NFSD_SYSCALL_H */
linux-2.6.13-rc3-audit-git.patch:
MAINTAINERS | 8 +
fs/namei.c | 2
include/linux/audit.h | 36 ++++--
kernel/audit.c | 123 ++++++++++++++-------
kernel/auditsc.c | 231 +++++++++++++++++++++++++++++------------
security/selinux/avc.c | 4
security/selinux/hooks.c | 2
security/selinux/ss/services.c | 4
8 files changed, 285 insertions(+), 125 deletions(-)
--- NEW FILE linux-2.6.13-rc3-audit-git.patch ---
diff --git a/MAINTAINERS b/MAINTAINERS
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -371,3 +371,11 @@ W: http://atmelwlandriver.sourceforge.ne
S: Maintained
+AUDIT SUBSYSTEM
+L: linux-audit at redhat.com (subscribers-only)
+P: David Woodhouse
+M: dwmw2 at infradead.org
+L: linux-audit at redhat.com
+W: http://people.redhat.com/sgrubb/audit/
+S: Maintained
+
AX.25 NETWORK LAYER
diff --git a/fs/namei.c b/fs/namei.c
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1043,7 +1043,7 @@ int fastcall path_lookup(const char *nam
out:
if (unlikely(current->audit_context
&& nd && nd->dentry && nd->dentry->d_inode))
- audit_inode(name, nd->dentry->d_inode);
+ audit_inode(name, nd->dentry->d_inode, flags);
return retval;
}
diff --git a/include/linux/audit.h b/include/linux/audit.h
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -51,7 +51,8 @@
#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
-#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
+#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
+#define AUDIT_USER_AVC 1107 /* We filter this differently */
#define AUDIT_LAST_USER_MSG 1199
#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
@@ -75,10 +76,15 @@
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
/* Rule flags */
-#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */
-#define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */
-#define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */
-#define AUDIT_PREPEND 0x10 /* Prepend to front of list */
+#define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */
+#define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */
+#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
+#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
+#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
+
+#define AUDIT_NR_FILTERS 5
+
+#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
/* Rule actions */
#define AUDIT_NEVER 0 /* Do not build context if rule matches */
@@ -199,6 +205,7 @@ struct audit_sig_info {
struct audit_buffer;
struct audit_context;
struct inode;
+struct netlink_skb_parms;
#define AUDITSC_INVALID 0
#define AUDITSC_SUCCESS 1
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct t
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
extern void audit_getname(const char *name);
extern void audit_putname(const char *name);
-extern void audit_inode(const char *name, const struct inode *inode);
+extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
/* Private API (for audit.c only) */
extern int audit_receive_filter(int type, int pid, int uid, int seq,
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, u
extern int audit_sockaddr(int len, void *addr);
extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
extern void audit_signal_info(int sig, struct task_struct *t);
+extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
#else
#define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0)
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, s
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
-#define audit_inode(n,i) do { ; } while (0)
+#define audit_inode(n,i,f) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; })
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, s
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0)
+#define audit_filter_user(cb,t) ({ 1; })
#endif
#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
/* Public API */
-extern void audit_log(struct audit_context *ctx, int type,
- const char *fmt, ...)
- __attribute__((format(printf,3,4)));
+extern void audit_log(struct audit_context *ctx, int gfp_mask,
+ int type, const char *fmt, ...)
+ __attribute__((format(printf,4,5)));
-extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type);
+extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask, int type);
extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...)
__attribute__((format(printf,2,3)));
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pi
int done, int multi,
void *payload, int size);
extern void audit_log_lost(const char *message);
+extern struct semaphore audit_netlink_sem;
#else
-#define audit_log(c,t,f,...) do { ; } while (0)
-#define audit_log_start(c,t) ({ NULL; })
+#define audit_log(c,g,t,f,...) do { ; } while (0)
+#define audit_log_start(c,g,t) ({ NULL; })
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
diff --git a/kernel/audit.c b/kernel/audit.c
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -79,6 +79,8 @@ static int audit_rate_limit;
/* Number of outstanding audit_buffers allowed. */
static int audit_backlog_limit = 64;
+static int audit_backlog_wait_time = 60 * HZ;
+static int audit_backlog_wait_overflow = 0;
/* The identity of the user shutting down the audit system. */
uid_t audit_sig_uid = -1;
@@ -106,18 +108,12 @@ static LIST_HEAD(audit_freelist);
static struct sk_buff_head audit_skb_queue;
static struct task_struct *kauditd_task;
static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
-
-/* There are three lists of rules -- one to search at task creation
- * time, one to search at syscall entry time, and another to search at
- * syscall exit time. */
-static LIST_HEAD(audit_tsklist);
-static LIST_HEAD(audit_entlist);
-static LIST_HEAD(audit_extlist);
+static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
/* The netlink socket is only to be read by 1 CPU, which lets us assume
* that list additions and deletions never happen simultaneously in
* auditsc.c */
-static DECLARE_MUTEX(audit_netlink_sem);
+DECLARE_MUTEX(audit_netlink_sem);
/* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting
* audit records. Since printk uses a 1024 byte buffer, this buffer
@@ -137,6 +133,7 @@ struct audit_buffer {
struct list_head list;
struct sk_buff *skb; /* formatted skb ready to send */
struct audit_context *ctx; /* NULL or associated context */
+ int gfp_mask;
};
static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
@@ -233,7 +230,7 @@ static int audit_set_rate_limit(int limi
{
int old = audit_rate_limit;
audit_rate_limit = limit;
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"audit_rate_limit=%d old=%d by auid=%u",
audit_rate_limit, old, loginuid);
return old;
@@ -243,7 +240,7 @@ static int audit_set_backlog_limit(int l
{
int old = audit_backlog_limit;
audit_backlog_limit = limit;
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"audit_backlog_limit=%d old=%d by auid=%u",
audit_backlog_limit, old, loginuid);
return old;
@@ -255,7 +252,7 @@ static int audit_set_enabled(int state,
if (state != 0 && state != 1)
return -EINVAL;
audit_enabled = state;
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"audit_enabled=%d old=%d by auid=%u",
audit_enabled, old, loginuid);
return old;
@@ -269,7 +266,7 @@ static int audit_set_failure(int state,
&& state != AUDIT_FAIL_PANIC)
return -EINVAL;
audit_failure = state;
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"audit_failure=%d old=%d by auid=%u",
audit_failure, old, loginuid);
return old;
@@ -281,6 +278,7 @@ int kauditd_thread(void *dummy)
while (1) {
skb = skb_dequeue(&audit_skb_queue);
+ wake_up(&audit_backlog_wait);
if (skb) {
if (audit_pid) {
int err = netlink_unicast(audit_sock, skb, audit_pid, 0);
@@ -290,7 +288,7 @@ int kauditd_thread(void *dummy)
audit_pid = 0;
}
} else {
- printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0));
+ printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
kfree_skb(skb);
}
} else {
@@ -423,7 +421,7 @@ static int audit_receive_msg(struct sk_b
if (status_get->mask & AUDIT_STATUS_PID) {
int old = audit_pid;
audit_pid = status_get->pid;
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"audit_pid=%d old=%d by auid=%u",
audit_pid, old, loginuid);
}
@@ -435,15 +433,21 @@ static int audit_receive_msg(struct sk_b
break;
case AUDIT_USER:
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
- ab = audit_log_start(NULL, msg_type);
- if (!ab)
- break; /* audit_panic has been called */
- audit_log_format(ab,
- "user pid=%d uid=%u auid=%u"
- " msg='%.1024s'",
- pid, uid, loginuid, (char *)data);
- audit_set_pid(ab, pid);
- audit_log_end(ab);
+ if (!audit_enabled && msg_type != AUDIT_USER_AVC)
+ return 0;
+
+ err = audit_filter_user(&NETLINK_CB(skb), msg_type);
+ if (err == 1) {
+ err = 0;
+ ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
+ if (ab) {
+ audit_log_format(ab,
+ "user pid=%d uid=%u auid=%u msg='%.1024s'",
+ pid, uid, loginuid, (char *)data);
+ audit_set_pid(ab, pid);
+ audit_log_end(ab);
+ }
+ }
break;
case AUDIT_ADD:
case AUDIT_DEL:
@@ -522,7 +526,7 @@ static int __init audit_init(void)
skb_queue_head_init(&audit_skb_queue);
audit_initialized = 1;
audit_enabled = audit_default;
- audit_log(NULL, AUDIT_KERNEL, "initialized");
+ audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
return 0;
}
__initcall(audit_init);
@@ -560,7 +564,7 @@ static void audit_buffer_free(struct aud
}
static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
- int gfp_mask, int type)
+ unsigned int __nocast gfp_mask, int type)
{
unsigned long flags;
struct audit_buffer *ab = NULL;
@@ -586,6 +590,7 @@ static struct audit_buffer * audit_buffe
goto err;
ab->ctx = ctx;
+ ab->gfp_mask = gfp_mask;
nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
nlh->nlmsg_type = type;
nlh->nlmsg_flags = 0;
@@ -605,26 +610,27 @@ err:
* (timestamp,serial) tuple is unique for each syscall and is live from
* syscall entry to syscall exit.
*
- * Atomic values are only guaranteed to be 24-bit, so we count down.
- *
* NOTE: Another possibility is to store the formatted records off the
* audit context (for those records that have a context), and emit them
* all at syscall exit. However, this could delay the reporting of
* significant errors until syscall exit (or never, if the system
* halts). */
+
unsigned int audit_serial(void)
{
- static atomic_t serial = ATOMIC_INIT(0xffffff);
- unsigned int a, b;
+ static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
+ static unsigned int serial = 0;
+
+ unsigned long flags;
+ unsigned int ret;
+ spin_lock_irqsave(&serial_lock, flags);
do {
- a = atomic_read(&serial);
- if (atomic_dec_and_test(&serial))
- atomic_set(&serial, 0xffffff);
- b = atomic_read(&serial);
- } while (b != a - 1);
+ ret = ++serial;
+ } while (unlikely(!ret));
+ spin_unlock_irqrestore(&serial_lock, flags);
- return 0xffffff - b;
+ return ret;
}
static inline void audit_get_stamp(struct audit_context *ctx,
@@ -644,17 +650,43 @@ static inline void audit_get_stamp(struc
* syscall, then the syscall is marked as auditable and an audit record
* will be written at syscall exit. If there is no associated task, tsk
* should be NULL. */
-struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
+
+struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask,
+ int type)
{
struct audit_buffer *ab = NULL;
struct timespec t;
unsigned int serial;
+ int reserve;
+ unsigned long timeout_start = jiffies;
if (!audit_initialized)
return NULL;
- if (audit_backlog_limit
- && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
+ if (gfp_mask & __GFP_WAIT)
+ reserve = 0;
+ else
+ reserve = 5; /* Allow atomic callers to go up to five
+ entries over the normal backlog limit */
+
+ while (audit_backlog_limit
+ && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
+ if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time
+ && time_before(jiffies, timeout_start + audit_backlog_wait_time)) {
+
+ /* Wait for auditd to drain the queue a little */
+ DECLARE_WAITQUEUE(wait, current);
+ set_current_state(TASK_INTERRUPTIBLE);
+ add_wait_queue(&audit_backlog_wait, &wait);
+
+ if (audit_backlog_limit &&
+ skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
+ schedule_timeout(timeout_start + audit_backlog_wait_time - jiffies);
+
+ __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&audit_backlog_wait, &wait);
+ continue;
+ }
if (audit_rate_check())
printk(KERN_WARNING
"audit: audit_backlog=%d > "
@@ -662,10 +694,12 @@ struct audit_buffer *audit_log_start(str
skb_queue_len(&audit_skb_queue),
audit_backlog_limit);
audit_log_lost("backlog limit exceeded");
+ audit_backlog_wait_time = audit_backlog_wait_overflow;
+ wake_up(&audit_backlog_wait);
return NULL;
}
- ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);
+ ab = audit_buffer_alloc(ctx, gfp_mask, type);
if (!ab) {
audit_log_lost("out of memory in audit_log_start");
return NULL;
@@ -689,7 +723,7 @@ static inline int audit_expand(struct au
{
struct sk_buff *skb = ab->skb;
int ret = pskb_expand_head(skb, skb_headroom(skb), extra,
- GFP_ATOMIC);
+ ab->gfp_mask);
if (ret < 0) {
audit_log_lost("out of memory in audit_expand");
return 0;
@@ -808,7 +842,7 @@ void audit_log_d_path(struct audit_buffe
audit_log_format(ab, " %s", prefix);
/* We will allow 11 spaces for ' (deleted)' to be appended */
- path = kmalloc(PATH_MAX+11, GFP_KERNEL);
+ path = kmalloc(PATH_MAX+11, ab->gfp_mask);
if (!path) {
audit_log_format(ab, "<no memory>");
return;
@@ -840,7 +874,7 @@ void audit_log_end(struct audit_buffer *
ab->skb = NULL;
wake_up_interruptible(&kauditd_wait);
} else {
- printk("%s\n", ab->skb->data + NLMSG_SPACE(0));
+ printk(KERN_NOTICE "%s\n", ab->skb->data + NLMSG_SPACE(0));
}
}
audit_buffer_free(ab);
@@ -849,12 +883,13 @@ void audit_log_end(struct audit_buffer *
/* Log an audit record. This is a convenience function that calls
* audit_log_start, audit_log_vformat, and audit_log_end. It may be
* called in any context. */
-void audit_log(struct audit_context *ctx, int type, const char *fmt, ...)
+void audit_log(struct audit_context *ctx, int gfp_mask, int type,
+ const char *fmt, ...)
{
struct audit_buffer *ab;
va_list args;
- ab = audit_log_start(ctx, type);
+ ab = audit_log_start(ctx, gfp_mask, type);
if (ab) {
va_start(args, fmt);
audit_log_vformat(ab, fmt, args);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -39,6 +39,9 @@
#include <linux/audit.h>
#include <linux/personality.h>
#include <linux/time.h>
+#include <linux/kthread.h>
+#include <linux/netlink.h>
+#include <linux/compiler.h>
#include <asm/unistd.h>
/* 0 = no checking
@@ -95,6 +98,7 @@ struct audit_names {
uid_t uid;
gid_t gid;
dev_t rdev;
+ unsigned flags;
};
struct audit_aux_data {
@@ -167,9 +171,16 @@ struct audit_context {
/* There are three lists of rules -- one to search at task creation
* time, one to search at syscall entry time, and another to search at
* syscall exit time. */
-static LIST_HEAD(audit_tsklist);
-static LIST_HEAD(audit_entlist);
-static LIST_HEAD(audit_extlist);
+static struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
+ LIST_HEAD_INIT(audit_filter_list[0]),
+ LIST_HEAD_INIT(audit_filter_list[1]),
+ LIST_HEAD_INIT(audit_filter_list[2]),
+ LIST_HEAD_INIT(audit_filter_list[3]),
+ LIST_HEAD_INIT(audit_filter_list[4]),
+#if AUDIT_NR_FILTERS != 5
+#error Fix audit_filter_list initialiser
+#endif
+};
struct audit_entry {
struct list_head list;
@@ -210,16 +221,15 @@ static int audit_compare_rule(struct aud
/* Note that audit_add_rule and audit_del_rule are called via
* audit_receive() in audit.c, and are protected by
* audit_netlink_sem. */
-static inline int audit_add_rule(struct audit_entry *entry,
- struct list_head *list)
+static inline void audit_add_rule(struct audit_entry *entry,
+ struct list_head *list)
{
- if (entry->rule.flags & AUDIT_PREPEND) {
- entry->rule.flags &= ~AUDIT_PREPEND;
+ if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
+ entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
list_add_rcu(&entry->list, list);
} else {
list_add_tail_rcu(&entry->list, list);
}
- return 0;
}
static void audit_free_rule(struct rcu_head *head)
@@ -245,7 +255,7 @@ static inline int audit_del_rule(struct
return 0;
}
}
- return -EFAULT; /* No matching rule */
+ return -ENOENT; /* No matching rule */
}
/* Copy rule from user-space to kernel-space. Called during
@@ -260,6 +270,8 @@ static int audit_copy_rule(struct audit_
return -1;
if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS)
return -1;
+ if ((s->flags & ~AUDIT_FILTER_PREPEND) >= AUDIT_NR_FILTERS)
+ return -1;
d->flags = s->flags;
d->action = s->action;
@@ -272,27 +284,60 @@ static int audit_copy_rule(struct audit_
return 0;
}
+static int audit_list_rules(void *_dest)
+{
+ int pid, seq;
+ int *dest = _dest;
+ struct audit_entry *entry;
+ int i;
+
+ pid = dest[0];
+ seq = dest[1];
+ kfree(dest);
+
+ down(&audit_netlink_sem);
+
+ /* The *_rcu iterators not needed here because we are
+ always called with audit_netlink_sem held. */
+ for (i=0; i<AUDIT_NR_FILTERS; i++) {
+ list_for_each_entry(entry, &audit_filter_list[i], list)
+ audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
+ &entry->rule, sizeof(entry->rule));
+ }
+ audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
+
+ up(&audit_netlink_sem);
+ return 0;
+}
+
int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
uid_t loginuid)
{
- u32 flags;
struct audit_entry *entry;
+ struct task_struct *tsk;
+ int *dest;
int err = 0;
+ unsigned listnr;
switch (type) {
case AUDIT_LIST:
- /* The *_rcu iterators not needed here because we are
- always called with audit_netlink_sem held. */
- list_for_each_entry(entry, &audit_tsklist, list)
- audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
- &entry->rule, sizeof(entry->rule));
- list_for_each_entry(entry, &audit_entlist, list)
- audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
- &entry->rule, sizeof(entry->rule));
- list_for_each_entry(entry, &audit_extlist, list)
- audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
- &entry->rule, sizeof(entry->rule));
- audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
+ /* We can't just spew out the rules here because we might fill
+ * the available socket buffer space and deadlock waiting for
+ * auditctl to read from it... which isn't ever going to
+ * happen if we're actually running in the context of auditctl
+ * trying to _send_ the stuff */
+
+ dest = kmalloc(2 * sizeof(int), GFP_KERNEL);
+ if (!dest)
+ return -ENOMEM;
+ dest[0] = pid;
+ dest[1] = seq;
+
+ tsk = kthread_run(audit_list_rules, dest, "audit_list_rules");
+ if (IS_ERR(tsk)) {
+ kfree(dest);
+ err = PTR_ERR(tsk);
+ }
break;
case AUDIT_ADD:
if (!(entry = kmalloc(sizeof(*entry), GFP_KERNEL)))
@@ -301,26 +346,20 @@ int audit_receive_filter(int type, int p
kfree(entry);
return -EINVAL;
}
- flags = entry->rule.flags;
- if (!err && (flags & AUDIT_PER_TASK))
- err = audit_add_rule(entry, &audit_tsklist);
- if (!err && (flags & AUDIT_AT_ENTRY))
- err = audit_add_rule(entry, &audit_entlist);
- if (!err && (flags & AUDIT_AT_EXIT))
- err = audit_add_rule(entry, &audit_extlist);
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
+ listnr = entry->rule.flags & ~AUDIT_FILTER_PREPEND;
+ audit_add_rule(entry, &audit_filter_list[listnr]);
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"auid=%u added an audit rule\n", loginuid);
break;
case AUDIT_DEL:
- flags =((struct audit_rule *)data)->flags;
- if (!err && (flags & AUDIT_PER_TASK))
- err = audit_del_rule(data, &audit_tsklist);
- if (!err && (flags & AUDIT_AT_ENTRY))
- err = audit_del_rule(data, &audit_entlist);
- if (!err && (flags & AUDIT_AT_EXIT))
- err = audit_del_rule(data, &audit_extlist);
- audit_log(NULL, AUDIT_CONFIG_CHANGE,
- "auid=%u removed an audit rule\n", loginuid);
+ listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND;
+ if (listnr >= AUDIT_NR_FILTERS)
+ return -EINVAL;
+
+ err = audit_del_rule(data, &audit_filter_list[listnr]);
+ if (!err)
+ audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+ "auid=%u removed an audit rule\n", loginuid);
break;
default:
return -EINVAL;
@@ -454,7 +493,7 @@ static enum audit_state audit_filter_tas
enum audit_state state;
rcu_read_lock();
- list_for_each_entry_rcu(e, &audit_tsklist, list) {
+ list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) {
if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
rcu_read_unlock();
return state;
@@ -478,6 +517,9 @@ static enum audit_state audit_filter_sys
int word = AUDIT_WORD(ctx->major);
int bit = AUDIT_BIT(ctx->major);
+ if (audit_pid && tsk->tgid == audit_pid)
+ return AUDIT_DISABLED;
+
rcu_read_lock();
list_for_each_entry_rcu(e, list, list) {
if ((e->rule.mask[word] & bit) == bit
@@ -490,6 +532,64 @@ static enum audit_state audit_filter_sys
return AUDIT_BUILD_CONTEXT;
}
+static int audit_filter_user_rules(struct netlink_skb_parms *cb,
+ struct audit_rule *rule,
+ enum audit_state *state)
+{
+ int i;
+
+ for (i = 0; i < rule->field_count; i++) {
+ u32 field = rule->fields[i] & ~AUDIT_NEGATE;
+ u32 value = rule->values[i];
+ int result = 0;
+
+ switch (field) {
+ case AUDIT_PID:
+ result = (cb->creds.pid == value);
+ break;
+ case AUDIT_UID:
+ result = (cb->creds.uid == value);
+ break;
+ case AUDIT_GID:
+ result = (cb->creds.gid == value);
+ break;
+ case AUDIT_LOGINUID:
+ result = (cb->loginuid == value);
+ break;
+ }
+
+ if (rule->fields[i] & AUDIT_NEGATE)
+ result = !result;
+ if (!result)
+ return 0;
+ }
+ switch (rule->action) {
+ case AUDIT_NEVER: *state = AUDIT_DISABLED; break;
+ case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT; break;
+ case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break;
+ }
+ return 1;
+}
+
+int audit_filter_user(struct netlink_skb_parms *cb, int type)
+{
+ struct audit_entry *e;
+ enum audit_state state;
+ int ret = 1;
+
+ rcu_read_lock();
+ list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
+ if (audit_filter_user_rules(cb, &e->rule, &state)) {
+ if (state == AUDIT_DISABLED)
+ ret = 0;
+ break;
+ }
+ }
+ rcu_read_unlock();
+
+ return ret; /* Audit by default */
+}
+
/* This should be called with task_lock() held. */
static inline struct audit_context *audit_get_context(struct task_struct *tsk,
int return_valid,
@@ -504,7 +604,7 @@ static inline struct audit_context *audi
if (context->in_syscall && !context->auditable) {
enum audit_state state;
- state = audit_filter_syscall(tsk, context, &audit_extlist);
+ state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]);
if (state == AUDIT_RECORD_CONTEXT)
context->auditable = 1;
}
@@ -679,13 +779,13 @@ static void audit_log_task_info(struct a
up_read(&mm->mmap_sem);
}
-static void audit_log_exit(struct audit_context *context)
+static void audit_log_exit(struct audit_context *context, unsigned int gfp_mask)
{
int i;
struct audit_buffer *ab;
struct audit_aux_data *aux;
- ab = audit_log_start(context, AUDIT_SYSCALL);
+ ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "arch=%x syscall=%d",
@@ -717,7 +817,7 @@ static void audit_log_exit(struct audit_
for (aux = context->aux; aux; aux = aux->next) {
- ab = audit_log_start(context, aux->type);
+ ab = audit_log_start(context, GFP_KERNEL, aux->type);
if (!ab)
continue; /* audit_panic has been called */
@@ -754,14 +854,14 @@ static void audit_log_exit(struct audit_
}
if (context->pwd && context->pwdmnt) {
- ab = audit_log_start(context, AUDIT_CWD);
+ ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
if (ab) {
audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
audit_log_end(ab);
}
}
for (i = 0; i < context->name_count; i++) {
- ab = audit_log_start(context, AUDIT_PATH);
+ ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
if (!ab)
continue; /* audit_panic has been called */
@@ -770,6 +870,8 @@ static void audit_log_exit(struct audit_
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, context->names[i].name);
}
+ audit_log_format(ab, " flags=%x\n", context->names[i].flags);
+
if (context->names[i].ino != (unsigned long)-1)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
" ouid=%u ogid=%u rdev=%02x:%02x",
@@ -799,9 +901,11 @@ void audit_free(struct task_struct *tsk)
return;
/* Check for system calls that do not go through the exit
- * function (e.g., exit_group), then free context block. */
- if (context->in_syscall && context->auditable && context->pid != audit_pid)
- audit_log_exit(context);
+ * function (e.g., exit_group), then free context block.
+ * We use GFP_ATOMIC here because we might be doing this
+ * in the context of the idle thread */
+ if (context->in_syscall && context->auditable)
+ audit_log_exit(context, GFP_ATOMIC);
audit_free_context(context);
}
@@ -876,11 +980,11 @@ void audit_syscall_entry(struct task_str
state = context->state;
if (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT)
- state = audit_filter_syscall(tsk, context, &audit_entlist);
+ state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]);
if (likely(state == AUDIT_DISABLED))
return;
- context->serial = audit_serial();
+ context->serial = 0;
context->ctime = CURRENT_TIME;
context->in_syscall = 1;
context->auditable = !!(state == AUDIT_RECORD_CONTEXT);
@@ -905,8 +1009,8 @@ void audit_syscall_exit(struct task_stru
if (likely(!context))
return;
- if (context->in_syscall && context->auditable && context->pid != audit_pid)
- audit_log_exit(context);
+ if (context->in_syscall && context->auditable)
+ audit_log_exit(context, GFP_KERNEL);
context->in_syscall = 0;
context->auditable = 0;
@@ -996,7 +1100,7 @@ void audit_putname(const char *name)
/* Store the inode and device from a lookup. Called from
* fs/namei.c:path_lookup(). */
-void audit_inode(const char *name, const struct inode *inode)
+void audit_inode(const char *name, const struct inode *inode, unsigned flags)
{
int idx;
struct audit_context *context = current->audit_context;
@@ -1022,17 +1126,20 @@ void audit_inode(const char *name, const
++context->ino_count;
#endif
}
- context->names[idx].ino = inode->i_ino;
- context->names[idx].dev = inode->i_sb->s_dev;
- context->names[idx].mode = inode->i_mode;
- context->names[idx].uid = inode->i_uid;
- context->names[idx].gid = inode->i_gid;
- context->names[idx].rdev = inode->i_rdev;
+ context->names[idx].flags = flags;
+ context->names[idx].ino = inode->i_ino;
+ context->names[idx].dev = inode->i_sb->s_dev;
+ context->names[idx].mode = inode->i_mode;
+ context->names[idx].uid = inode->i_uid;
+ context->names[idx].gid = inode->i_gid;
+ context->names[idx].rdev = inode->i_rdev;
}
void auditsc_get_stamp(struct audit_context *ctx,
struct timespec *t, unsigned int *serial)
{
+ if (!ctx->serial)
+ ctx->serial = audit_serial();
t->tv_sec = ctx->ctime.tv_sec;
t->tv_nsec = ctx->ctime.tv_nsec;
*serial = ctx->serial;
@@ -1044,7 +1151,7 @@ int audit_set_loginuid(struct task_struc
if (task->audit_context) {
struct audit_buffer *ab;
- ab = audit_log_start(NULL, AUDIT_LOGIN);
+ ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
if (ab) {
audit_log_format(ab, "login pid=%d uid=%u "
"old auid=%u new auid=%u",
@@ -1153,7 +1260,7 @@ void audit_signal_info(int sig, struct t
extern pid_t audit_sig_pid;
extern uid_t audit_sig_uid;
- if (unlikely(audit_pid && t->pid == audit_pid)) {
+ if (unlikely(audit_pid && t->tgid == audit_pid)) {
if (sig == SIGTERM || sig == SIGHUP) {
struct audit_context *ctx = current->audit_context;
audit_sig_pid = current->pid;
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
0, SLAB_PANIC, NULL, NULL);
- audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
+ audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
}
int avc_get_hash_stats(char *page)
@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
return;
}
- ab = audit_log_start(current->audit_context, AUDIT_AVC);
+ ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3441,7 +3441,7 @@ static int selinux_nlmsg_perm(struct soc
err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
if (err) {
if (err == -EINVAL) {
- audit_log(current->audit_context, AUDIT_SELINUX_ERR,
+ audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu\n",
nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fa
goto out;
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
- audit_log(current->audit_context, AUDIT_SELINUX_ERR,
+ audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_co
goto out;
if (context_struct_to_string(newcontext, &n, &nlen) < 0)
goto out;
- audit_log(current->audit_context, AUDIT_SELINUX_ERR,
+ audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_compute_sid: invalid context %s"
" for scontext=%s"
" tcontext=%s"
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-3/.cvsignore,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- .cvsignore 13 Jul 2005 04:16:28 -0000 1.125
+++ .cvsignore 5 Aug 2005 23:17:02 -0000 1.126
@@ -7,3 +7,5 @@
kernel-2.6.12
linux-2.6.12.tar.bz2
patch-2.6.12.2.bz2
+linux-2.6-acpi-20050729.patch.bz2
+patch-2.6.12.4.bz2
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-3/sources,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -r1.128 -r1.129
--- sources 13 Jul 2005 04:16:28 -0000 1.128
+++ sources 5 Aug 2005 23:17:02 -0000 1.129
@@ -1,2 +1,4 @@
c5d2a1b62e1dad502c871bba267337d5 linux-2.6.12.tar.bz2
3a4225e9dff9d6d03da41327e972f161 patch-2.6.12.2.bz2
+36a0aef15ffc4857b3ca0f8c4cf4e916 linux-2.6-acpi-20050729.patch.bz2
+7084f2e6ff4f507db1ee57e472261585 patch-2.6.12.4.bz2
More information about the fedora-cvs-commits
mailing list