Commit Graph

101011 Commits

Author SHA1 Message Date
Martin Schwidefsky 63506c4198 [S390] Introduce user_regset accessors for s390
Add the user_regset definitions for normal and compat processes, replace
the dump_regs core dump cruft with the generic CORE_DUMP_USER_REGSET and
replace binfmt_elf32.c with the generic compat_binfmt_elf.c implementation.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:09 +02:00
Sebastian Ott ae437a452e [S390] cio: remove lock from ccw_device_oper_notify.
Remove unnecessary ccw device locking inside ccw_device_oper_notify.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:08 +02:00
Peter Oberparleiter 23f6268947 [S390] cio: provide helper functions for fcx enabled I/O
Provide functions which can be used to incrementally construct fcx
enabled I/O control blocks.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:08 +02:00
Peter Oberparleiter 83262d6349 [S390] cio: provide functions for fcx enabled I/O
Provide functions for assembling and starting fcx enabled I/O request
blocks.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:08 +02:00
Peter Oberparleiter 23d805b647 [S390] cio: introduce fcx enabled scsw format
Extend the scsw data structure to the format required by fcx. Also
provide helper functions for easier access to fields which are present
in both the traditional as well as the modified format.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:07 +02:00
Peter Oberparleiter 4f2bd92e3b [S390] cio: introduce fcx bit to chsc characteristics
Introduce fcx bit to chsc characteristics.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:07 +02:00
Cornelia Huck b3a686f47a [S390] cio: Base message subchannel handling.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:06 +02:00
Cornelia Huck 44a1c19e3b [S390] cio: Export some symbols for modular css drivers.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:06 +02:00
Cornelia Huck c11561897a [S390] cio: Cleanup crw interface.
Eliminate the need for the machine check handler to call into
the common I/O layer directly by introducing an interface to
register handlers for crws per rsc.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:06 +02:00
Cornelia Huck c820de39bd [S390] cio: Rework css driver.
Rework the css driver methods to provide sane callbacks for
subchannels of all types.

As a bonus, this cleans up and simplyfies the machine check
handling for I/O subchannels a lot.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:05 +02:00
Cornelia Huck 7e9db9eaef [S390] cio: Introduce modalias for css bus.
Add modalias and subchannel type attributes for all subchannels.
I/O subchannel specific attributes are now created in
io_subchannel_probe(). modalias and subchannel type are also
added to the uevent for the css bus. Also make the css modalias
known.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:05 +02:00
Cornelia Huck 0ae7a7b250 [S390] cio: Register all subchannels.
Register all valid subchannels, not only I/O subchannels.
Move I/O subchannel specific initialization to io_subchannel_probe().

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:05 +02:00
Heiko Carstens b4a33acb69 [S390] Remove ipldelay kernel parameter.
Using the ipldelay kernel parameter leads to a crash at IPL time.
Since this is broken since a long time it looks like nobody is using
it anymore. So remove it instead of fixing it.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-07-14 10:02:01 +02:00
Heiko Carstens b9732ca1cb [S390] sclp: fix possible deadlock on cpu rescan.
smp_rescan_cpus() calls get_online_cpus() from a multithreaded
workqueue context. This may deadlock. This is the same bug as in
arch/s390/kernel/topology.c. This patch can be reverted as soon as
Oleg's patch gets merged.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-07-14 10:02:01 +02:00
Gerald Schaefer 0c3252d58c [S390] make appldata compile w/o CONFIG_SWAP
Avoid compile error by using EXPORT_SYMBOL_GPL(si_swapinfo) only if
CONFIG_SWAP is set.

Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:02:00 +02:00
Heiko Carstens 887d935a84 [S390] sclp: keep facility mask up to date.
In case the supported sclp facilities change
the new mask should be saved.

Cc: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-07-14 10:02:00 +02:00
Ursula Braun bb0ca330a7 [S390] qdio: Repair timeout handling for qdio_shutdown
If qdio shutdown runs in parallel with a channel error,
the qdio_timeout_handler might not be triggered.
In this case neither state INACTIVE nor state ERR
is reached and the following wait_event hangs forever.
Solution: do not make use of ccw_device_set_timeout(),
but add a timeout to the following wait_event.
And make sure, wake_up is called in case of an
i/o error on the qdio-device.

Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:01:59 +02:00
Michael Ernst b1c02d9110 [S390] cio: Use locks when accessing /sys/firmware/cpi data.
Mutex locks are used to avoid problems when /sys/firmware/cpi data
are accessed to in parallel.

Signed-off-by: Michael Ernst <mernst@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:01:59 +02:00
Cornelia Huck 9689b336e1 [S390] cio: Clear correct bit in cio_release_console().
Fallout from the console isc 7 -> 1 change.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2008-07-14 10:01:59 +02:00
Larry Finger 727c6742c2 pcmcia: Fix ide-cs sparse warning
Sparse shows the following warning:

  CHECK   drivers/ide/legacy/ide-cs.c
drivers/ide/legacy/ide-cs.c:378:6: warning: symbol 'ide_release' was
not declared. Should it be static?

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
CC: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2008-07-14 09:57:41 +02:00
Jaroslav Kysela fe0a3fe324 ALSA: Release v1.0.17
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:54:43 +02:00
Yinghai Lu 2387ce57a8 x86: make 64bit hpet_set_mapping to use ioremap too, v2
keep the one for VSYSCALL_HPET

Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-14 09:24:17 +02:00
Yinghai Lu 87a1c441e1 x86: get x86_phys_bits early
when try to make hpet_enable use io_remap instead fixmap got

ioremap: invalid physical address fed00000
------------[ cut here ]------------
WARNING: at arch/x86/mm/ioremap.c:161 __ioremap_caller+0x8c/0x2f3()
Modules linked in:
Pid: 0, comm: swapper Not tainted 2.6.26-rc9-tip-01873-ga9827e7-dirty #358

Call Trace:
 [<ffffffff8026615e>] warn_on_slowpath+0x6c/0xa7
 [<ffffffff802e2313>] ? __slab_alloc+0x20a/0x3fb
 [<ffffffff802d85c5>] ? mpol_new+0x88/0x17d
 [<ffffffff8022a4f4>] ? mcount_call+0x5/0x31
 [<ffffffff8022a4f4>] ? mcount_call+0x5/0x31
 [<ffffffff8024b0d2>] __ioremap_caller+0x8c/0x2f3
 [<ffffffff80e86dbd>] ? hpet_enable+0x39/0x241
 [<ffffffff8022a4f4>] ? mcount_call+0x5/0x31
 [<ffffffff8024b466>] ioremap_nocache+0x2a/0x40
 [<ffffffff80e86dbd>] hpet_enable+0x39/0x241
 [<ffffffff80e7a1f6>] hpet_time_init+0x21/0x4e
 [<ffffffff80e730e9>] start_kernel+0x302/0x395
 [<ffffffff80e722aa>] x86_64_start_reservations+0xb9/0xd4
 [<ffffffff80e722fe>] ? x86_64_init_pda+0x39/0x4f
 [<ffffffff80e72400>] x86_64_start_kernel+0xec/0x107

---[ end trace a7919e7f17c0a725 ]---

it seems for amd system that is set later...
try to move setting early in early_identify_cpu.
and remove same code for intel and centaur.

Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-14 09:24:16 +02:00
Yinghai Lu 32b23e9a73 x86: max_low_pfn_mapped fix #4
only add direct mapping for aperture

Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-14 09:24:16 +02:00
Milton Miller 80ca9a706b ALSA: correct kcalloc usage
kcalloc is supposed to be called with the count as its first argument and the
element size as the second.

Both arguments are size_t so does not affect correctness.  This callsite is
during module_init and therefore not performance critical.  Another patch will
optimize the case when the count is variable but the size is fixed.

Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:01:09 +02:00
Thomas Bogendoerfer 862c2c0a61 ALSA: ALSA driver for SGI O2 audio board
This patch adds a new ALSA driver for the audio device found inside
most of the SGI O2 workstation. The hardware uses a SGI custom chip,
which feeds a AD codec chip.

Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:01:02 +02:00
Liam Girdwood 1e066322c2 ALSA: asoc: kbuild - only show menus for the current ASoC CPU platform.
We don't want to see ASoC platform menus for other non selected
architectures in our config.

Signed-off-by: Liam Girdwood <lg@opensource.wolfsonmicro.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:01:01 +02:00
Thomas Bogendoerfer 787dba37a6 ALSA: ALSA driver for SGI HAL2 audio device
This patch adds a new ALSA driver for the audio device found inside
many older SGI workstation (Indy, Indigo2). The hardware uses a SGI
custom chip, which feeds two codec chips, an IEC chip and a synth chip.
Currently only one of the codecs is supported. This driver already has
the same functionality as the HAL2 OSS driver and will replace it.

Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:00:57 +02:00
Takashi Iwai 9e4641541e ALSA: hda - Fix FSC V5505 model
model=laptop-hpmicsense matches better to FSC V5505 laptop.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:00:51 +02:00
Takashi Iwai 86376df6ad ALSA: hda - Fix missing init for unsol events on micsense model
Fixed the missing initialization for unsolicited events on
Cx5045 micsense model.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:00:37 +02:00
Takashi Iwai 4090dffb14 ALSA: hda - Fix internal mic vref pin setup
Set the vref80 to the internal mic pin 0x12 for Cx5045.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:00:33 +02:00
Matthew Ranostay f7c5dda23a ALSA: hda: 92hd71bxx PC Beep
Added volume controls for the analog PC Beep on 92hd71bxx codecs.

Signed-off-by: Matthew Ranostay <mranostay@embeddedalley.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-07-14 09:00:26 +02:00
James Morris 6f0f0fd496 security: remove register_security hook
The register security hook is no longer required, as the capability
module is always registered.  LSMs wishing to stack capability as
a secondary module should do so explicitly.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-07-14 15:04:06 +10:00
Miklos Szeredi 93cbace7a0 security: remove dummy module fix
Fix small oversight in "security: remove dummy module":
CONFIG_SECURITY_FILE_CAPABILITIES doesn't depend on CONFIG_SECURITY

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:03:41 +10:00
Miklos Szeredi 5915eb5386 security: remove dummy module
Remove the dummy module and make the "capability" module the default.

Compile and boot tested.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:03:04 +10:00
Miklos Szeredi b478a9f988 security: remove unused sb_get_mnt_opts hook
The sb_get_mnt_opts() hook is unused, and is superseded by the
sb_show_options() hook.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Acked-by: James Morris <jmorris@namei.org>
2008-07-14 15:02:05 +10:00
Eric Paris 2069f45784 LSM/SELinux: show LSM mount options in /proc/mounts
This patch causes SELinux mount options to show up in /proc/mounts.  As
with other code in the area seq_put errors are ignored.  Other LSM's
will not have their mount options displayed until they fill in their own
security_sb_show_options() function.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:02:05 +10:00
Eric Paris 811f379927 SELinux: allow fstype unknown to policy to use xattrs if present
Currently if a FS is mounted for which SELinux policy does not define an
fs_use_* that FS will either be genfs labeled or not labeled at all.
This decision is based on the existence of a genfscon rule in policy and
is irrespective of the capabilities of the filesystem itself.  This
patch allows the kernel to check if the filesystem supports security
xattrs and if so will use those if there is no fs_use_* rule in policy.
An fstype with a no fs_use_* rule but with a genfs rule will use xattrs
if available and will follow the genfs rule.

This can be particularly interesting for things like ecryptfs which
actually overlays a real underlying FS.  If we define excryptfs in
policy to use xattrs we will likely get this wrong at times, so with
this path we just don't need to define it!

Overlay ecryptfs on top of NFS with no xattr support:
SELinux: initialized (dev ecryptfs, type ecryptfs), uses genfs_contexts
Overlay ecryptfs on top of ext4 with xattr support:
SELinux: initialized (dev ecryptfs, type ecryptfs), uses xattr

It is also useful as the kernel adds new FS we don't need to add them in
policy if they support xattrs and that is how we want to handle them.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:02:04 +10:00
James Morris 65fc766800 security: fix return of void-valued expressions
Fix several warnings generated by sparse of the form
"returning void-valued expression".

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
2008-07-14 15:02:03 +10:00
James Morris 2baf06df85 SELinux: use do_each_thread as a proper do/while block
Use do_each_thread as a proper do/while block.  Sparse complained.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2008-07-14 15:02:02 +10:00
James Morris e399f98224 SELinux: remove unused and shadowed addrlen variable
Remove unused and shadowed addrlen variable.  Picked up by sparse.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul.moore@hp.com>
2008-07-14 15:02:01 +10:00
Eric Paris 6cbe27061a SELinux: more user friendly unknown handling printk
I've gotten complaints and reports about people not understanding the
meaning of the current unknown class/perm handling the kernel emits on
every policy load.  Hopefully this will make make it clear to everyone
the meaning of the message and won't waste a printk the user won't care
about anyway on systems where the kernel and the policy agree on
everything.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:02:00 +10:00
Stephen Smalley 22df4adb04 selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)
On Mon, 2008-06-09 at 01:24 -0700, Andrew Morton wrote:
> Getting a few of these with FC5:
>
> SELinux: context_struct_compute_av:  unrecognized class 69
> SELinux: context_struct_compute_av:  unrecognized class 69
>
> one came out when I logged in.
>
> No other symptoms, yet.

Change handling of invalid classes by SELinux, reporting class values
unknown to the kernel as errors (w/ ratelimit applied) and handling
class values unknown to policy as normal denials.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:59 +10:00
Eric Paris 89abd0acf0 SELinux: drop load_mutex in security_load_policy
We used to protect against races of policy load in security_load_policy
by using the load_mutex.  Since then we have added a new mutex,
sel_mutex, in sel_write_load() which is always held across all calls to
security_load_policy we are covered and can safely just drop this one.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:58 +10:00
Eric Paris cea78dc4ca SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
The class_to_string array is referenced by tclass.  My code mistakenly
was using tclass - 1.  If the proceeding class is a userspace class
rather than kernel class this may cause a denial/EINVAL even if unknown
handling is set to allow.  The bug shouldn't be allowing excess
privileges since those are given based on the contents of another array
which should be correctly referenced.

At this point in time its pretty unlikely this is going to cause
problems.  The most recently added kernel classes which could be
affected are association, dccp_socket, and peer.  Its pretty unlikely
any policy with handle_unknown=allow doesn't have association and
dccp_socket undefined (they've been around longer than unknown handling)
and peer is conditionalized on a policy cap which should only be defined
if that class exists in policy.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:58 +10:00
James Morris bdd581c143 SELinux: open code sidtab lock
Open code sidtab lock to make Andrew Morton happy.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2008-07-14 15:01:57 +10:00
James Morris 972ccac2b2 SELinux: open code load_mutex
Open code load_mutex as suggested by Andrew Morton.

Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:56 +10:00
James Morris 0804d1133c SELinux: open code policy_rwlock
Open code policy_rwlock, as suggested by Andrew Morton.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2008-07-14 15:01:55 +10:00
Stephen Smalley 59dbd1ba98 selinux: fix endianness bug in network node address handling
Fix an endianness bug in the handling of network node addresses by
SELinux.  This yields no change on little endian hardware but fixes
the incorrect handling on big endian hardware.  The network node
addresses are stored in network order in memory by checkpolicy, not in
cpu/host order, and thus should not have cpu_to_le32/le32_to_cpu
conversions applied upon policy write/read unlike other data in the
policy.

Bug reported by John Weeks of Sun, who noticed that binary policy
files built from the same policy source on x86 and sparc differed and
tracked it down to the ipv4 address handling in checkpolicy.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:54 +10:00
Stephen Smalley 242631c49d selinux: simplify ioctl checking
Simplify and improve the robustness of the SELinux ioctl checking by
using the "access mode" bits of the ioctl command to determine the
permission check rather than dealing with individual command values.
This removes any knowledge of specific ioctl commands from SELinux
and follows the same guidance we gave to Smack earlier.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-14 15:01:53 +10:00