Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes. The three choices for the
policy flags are
0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access
The policy's choice is exported through 2 booleans in
selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.
(see http://marc.info/?l=selinux&m=118972995207740&w=2)
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
This patch reduces memory usage of SELinux by tuning avtab. Number of hash
slots in avtab was 32768. Unused slots used memory when number of rules is
fewer. This patch decides number of hash slots dynamically based on number
of rules. (chain length)^2 is also printed out in avtab_hash_eval to see
standard deviation of avtab hash table.
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
This duplicates the read cycle timer feature of raw1394 (added in Linux
2.6.21) in firewire-core's userspace ABI. The argument to the ioctl is
reordered though to ensure 32/64 bit compatibility.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
Check NodeID.nodeNumber as per OHCI 1.1 clause 7.2.3.2. See also IEEE
1394a table 5B-1.
Also, demote the "node ID not valid" message from error to notification
as it is not an error condition.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
at_context_queue_packet() didn't clean up in an early exit path.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
It seems unlikely, but access to self_id_cpu[0] could at least in theory
be deferred until after the loop over self_id_cpu[1..n] or even after
the subsequent reg_read. Enforce the desired order by a read barrier.
Also prevent the reg_read from being reordered relative to the for loop.
This isn't necessary if the loop's conditional printk counts as an
implicit barrier, but better make it explicit.
(self_id_cpu[] is a coherent DMA buffer.)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Firewire-sbp2 did very uncooperative things in the kernel's shared
workqueue: Sleeping until reception of management status from the
target for up to 2 seconds, and performing SCSI inquiry and all of the
setup of SCSI command set drivers via scsi_add_device. If there were
transient or permanent error conditions, this caused long blockage of
the kernel's events process, noticeable e.g. by blocked keyboard input.
We now allocate a workqueue process exclusive to fw-sbp2. As a side
effect, this also increases parallelism of fw-sbp2's login and reconnect
work versus fw-core's device discovery and device update work which is
performed in the shared workqueue.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
On rare occasions, the ability to set one of the workaround flags at
runtime may save the day.
People who experience I/O errors with firewire-sbp2 while the old sbp2
driver worked for them should try workarounds=1 and report to the devel
mailinglist whether that improves things. Firewire-sbp2 defaults to the
SCSI stack's maximum transfer size per command, while sbp2 limits them
to 128 kBytes. Flag 1 accomplishes just that.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
On IOMMU-less noncoherent architectures, orb->callback will memcpy the
whole SCSI command buffer for READ-like SCSI commands. It is therefore
friendlier to enable IRQs before the call, like before patch "Add
ref-counting for sbp2 orbs".
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Kristian Høgsberg <krh@redhat.com>
Sparse warned about it although it was apparently harmless:
drivers/firewire/fw-cdev.c:624:23: warning: symbol 'interrupt' shadows an earlier one
include/asm/hw_irq.h:29:13: originally declared here
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
drivers/ieee1394/ieee1394_core.c: Define spinlock using
DEFINE_SPINLOCK instead of assignment to SPIN_LOCK_UNLOCKED
Signed-off-by: Matthias Kaehlcke <matthias.kaehlcke@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
At least since nodemgr got rid of coarse global locking, accesses to
struct csr1212_keyval's reference counter should be atomic and coupled
with proper barriers. Also, calls to csr1212_keep_keyval(kv) should
occur before kv is being used.
(We probably should convert refcnt to struct kref, but how to keep
csr1212_destroy_keyval's implementation non-recursively then?)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
csr1212_keep_keyval(kv) in nodemgr_process_root_directory was
unbalanced if ne->vendor_name_kv already exists. This happens for
example if eth1394 or raw1394 modify the local config ROM and it is
parsed again.
As a bonus, the attempt to add the vendor_name_kv sysfs attribute
when it already exists is now fixed for good.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
* Delete optional and empty i2c client_register and client_unregister
callbacks.
* Use the proper i2c adapter ID.
* Don't use a template to initialize the i2c_adapter structure, it's
inefficient.
* Update a misleading comment on why we use i2c_transfer rather than
higher level i2c functions.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
The nodemgr host thread can exit on its own even when kthread_should_stop
is not true, on receiving a signal (might never happen in practice, as
it ignores signals). But considering kthread_stop() must not be mixed with
kthreads that can exit on their own, I think changing the code like this
is clearer. This change means the thread can cut its sleep short when
receive a signal but looking at the code around, that sounds okay (and
again, it might never actually recieve a signal in practice).
Signed-off-by: Satyam Sharma <satyam@infradead.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
sbp2_host_reset and sbp2_handle_status_write are not serialized against
sbp2_alloc_device and sbp2_remove_device.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
x86 uses target specific assignment of EXTRA_AFLAGS,
EXTRA_CFLAGS - this caused troubles with
introducing asflags-y, ccflags-y.
Fixed the target specific assignments in arch/x86/boot/Makefile
and auditted the rest of the kernel for similar usage.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
This belongs to user-space (and only if really needed).
text data bss dec hex filename
6723 2000 28 8751 222f drivers/ide/pci/amd74xx.o.before
3833 2000 16 5849 16d9 drivers/ide/pci/amd74xx.o.after
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
drive->dn is initialized by ide-probe.c::probe_hwif() so no need to do it
in ->init_hwif method.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
This belongs to user-space (and only if really needed).
text data bss dec hex filename
7129 404 8 7541 1d75 drivers/ide/pci/sis5513.o.before
3916 404 1 4321 10e1 drivers/ide/pci/sis5513.o.after
Additionaly to being bloat the code contained two bugs:
- wrong cable bit was checked (0x0001 instead of 0x8000) on ATA_133 chipsets
- incorrect UDMA cycle time was reported on ATA_100a/ATA_133 chipsets
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
ATAPI devices with broken DMA support should be handled by DMA blacklist
and for debugging purposes we have new shiny "hdx=nodma" kernel paremeter.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add "hdx=nodma" option allowing user to disallow DMA for a given device.
* Obsolete "ide=nodma" option.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* hpt34x.c: disable DMA masks for HPT345
(hwif->autodma is zero so DMA won't be enabled anyway).
* trm290.c: disable IDE_HFLAG_TRUST_BIOS_FOR_DMA flag
(hwif->autodma is zero so DMA won't be enabled anyway).
* Check noautodma global variable instead of drive->autodma in ide_tune_dma().
This fixes handling of "ide=nodma" kernel parameter for icside, ide-cris,
au1xxx-ide, pmac, it821x, jmicron, sgiioc4 and siimage host drivers.
* Remove hwif->autodma (it was not checked by IDE core code anyway) and
drive->autodma (was set by all host drivers - except HPT345/TRM290 special
cases - unless "ide=nodma" was used).
While at it:
- remove needless printk() from icside.c
- remove stale FIXME/comment from ide-probe.c
- don't force DMA off if PCI bus-mastering had to be enabled in setup-pci.c
(this setting was always later over-ridden by host drivers anyway)
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
It has been obsoleted since 1 Nov 2004, is valid only when used together with
"ide=nodma" kernel parameter (which makes no sense) and only for aec62xx,
cmd64x, cs5220, generic, hpt366, sl82c105, tc86c001 and triflex host drivers.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
This code doesn't use pci_assign_resource() and ide_get_or_set_dma_base() uses
pci_resource_start() to get DMA base address so it has no chance of working.
Moreover this belongs to PCI quirks (in case somebody would like to fix it).
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
While at it:
- make struct pci_device_id tables const
- use PCI_DEVICE_ID_ITE_8213 define in it8213.c
- fix comment in generic.c
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Clear prefetch and postwrite for ATAPI devices instead of depending on BIOS.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Don't force PIO4 when programming UDMA mode (suggested by Sergei).
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
noautodma can now be unexported.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add IDE_HFLAG_TRUST_BIOS_FOR_DMA host flag for host drivers that depend
on BIOS for programming device/controller for DMA. Set it in cy82c693,
generic, ns87415, opti621 and trm290 host drivers.
* Add IDE_HFLAG_VDMA host flag for host drivers using VDMA. Set it in cs5520
host driver.
* Teach ide_tune_dma() about IDE_HFLAG_TRUST_BIOS_FOR_DMA flag.
* Add generic ide_dma_check() helper and remove all open coded ->ide_dma_check
implementations. Fix all places checking for presence of ->ide_dma_check
hook to check for ->ide_dma_on instead.
* Remove no longer needed code from config_drive_for_dma().
* Make ide_tune_dma() static.
v2:
* Fix config_drive_for_dma() return values.
* Fix ide-dma.c build for CONFIG_BLK_DEV_IDEDMA_PCI=n by adding
dummy config_drive_for_dma() inline.
* Fix IDE_HFLAG_TRUST_BIOS_FOR_DMA handling in ide_dma_check().
* Fix init_hwif_it8213() comment.
There should be no functionality changes caused by this patch.
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Since ide-pmac allows separate PIO and DMA timings, and ide-pmac always sets
->autotune this change shouldn't have any other effect than bringing ide-pmac
driver in-line with other host drivers wrt ->ide_dma_check implementation.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Since ide-cris allows separate PIO and DMA timings, and ide-cris always sets
->autotune this change shouldn't have any other effect than bringing ide-cris
driver in-line with other host drivers wrt ->ide_dma_check implementation.
Cc: Mikael Starvik <starvik@axis.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Since sl82c105 re-programs DMA/PIO timings for DMA enable/disable, and sets
->autotune this change shouldn't have any other effect than bringing sl82c105
driver in-line with other host drivers wrt ->ide_dma_check implementation.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add PIO autotune fallback to ->ide_dma_check.
Since cs5530/sc1200 allow separate PIO and DMA timings, and cs5530/sc1200
always set ->autotune this change shouldn't have any other effect than
bringing these drivers in-line with other host drivers wrt ->ide_dma_check
implementations.
* Fix ->ide_dma_check to return "-1" if DMA cannot be set.
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Remove ide_use_fast_pio() and just re-tune PIO unconditionally if DMA tuning
has failed in ->ide_dma_check. All host drivers using ide_use_fast_pio() set
drive->autotune so PIO is always tuned anyway and in some cases we _really_
need to re-tune PIO because PIO and DMA timings are shared.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Several host drivers used to reset drive->init_speed in their ->ide_dma_check
implementations which resulted in incorrect init speed being reported to the
user, fix it.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Remove needless setting of drive->using_dma from auide_dma_check().
* Split off auide_mdma_filter() from auide_dma_check().
* Use ide_tune_dma() in auide_dma_check(), this fixes following issues:
- device's DMA capability bit not being checked
- device not being checked against generic DMA blacklist
- transfer mode not being set on device/host
* Add PIO autotune fallback to auide_dma_check().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>