Commit Graph

41535 Commits

Author SHA1 Message Date
Venkat Yekkirala
67f83cbf08 SELinux: Fix SA selection semantics
Fix the selection of an SA for an outgoing packet to be at the same
context as the originating socket/flow. This eliminates the SELinux
policy's ability to use/sendto SAs with contexts other than the socket's.

With this patch applied, the SELinux policy will require one or more of the
following for a socket to be able to communicate with/without SAs:

1. To enable a socket to communicate without using labeled-IPSec SAs:

allow socket_t unlabeled_t:association { sendto recvfrom }

2. To enable a socket to communicate with labeled-IPSec SAs:

allow socket_t self:association { sendto };
allow socket_t peer_sa_t:association { recvfrom };

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:34 -08:00
Venkat Yekkirala
6b877699c6 SELinux: Return correct context for SO_PEERSEC
Fix SO_PEERSEC for tcp sockets to return the security context of
the peer (as represented by the SA from the peer) as opposed to the
SA used by the local/source socket.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:33 -08:00
Venkat Yekkirala
c1a856c964 SELinux: Various xfrm labeling fixes
Since the upstreaming of the mlsxfrm modification a few months back,
testing has resulted in the identification of the following issues/bugs that
are resolved in this patch set.

1. Fix the security context used in the IKE negotiation to be the context
   of the socket as opposed to the context of the SPD rule.

2. Fix SO_PEERSEC for tcp sockets to return the security context of
   the peer as opposed to the source.

3. Fix the selection of an SA for an outgoing packet to be at the same
   context as the originating socket/flow.

The following would be the result of applying this patchset:

- SO_PEERSEC will now correctly return the peer's context.

- IKE deamons will receive the context of the source socket/flow
  as opposed to the SPD rule's context so that the negotiated SA
  will be at the same context as the source socket/flow.

- The SELinux policy will require one or more of the
  following for a socket to be able to communicate with/without SAs:

  1. To enable a socket to communicate without using labeled-IPSec SAs:

     allow socket_t unlabeled_t:association { sendto recvfrom }

  2. To enable a socket to communicate with labeled-IPSec SAs:

     allow socket_t self:association { sendto };
     allow socket_t peer_sa_t:association { recvfrom };

This Patch: Pass correct security context to IKE for use in negotiation

Fix the security context passed to IKE for use in negotiation to be the
context of the socket as opposed to the context of the SPD rule so that
the SA carries the label of the originating socket/flow.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:31 -08:00
Al Viro
e8db8c9910 [BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wire
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:30 -08:00
Al Viro
6ba9c755e5 [BLUETOOTH]: rfcomm endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:29 -08:00
Al Viro
1bc5d4483a [BLUETOOTH]: bnep endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:28 -08:00
Al Viro
e41d216973 [BLUETOOTH] bnep endianness bug: filtering by packet type
<= and => don't work well on net-endian...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:27 -08:00
Al Viro
ae08e1f092 [IPV6]: ip6_output annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:26 -08:00
Al Viro
98a4a86128 [NETFILTER]: trivial annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:25 -08:00
Al Viro
0e11c91e1e [AF_PACKET]: annotate
Weirdness: the third argument of socket() is net-endian
here.  Oh, well - it's documented in packet(7).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:24 -08:00
Al Viro
3fbd418acc [LLC]: anotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:23 -08:00
Al Viro
fede70b986 [IPV6]: annotate inet6_csk_search_req()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:22 -08:00
Al Viro
90bcaf7b4a [IPV6]: flowlabels are net-endian
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:21 -08:00
Al Viro
92d9ece7af [INET]: annotate inet_ecn.h
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:20 -08:00
Al Viro
8a9ae2110b [NET]: annotate dsfield.h
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:19 -08:00
Al Viro
5d36b1803d [XFRM]: annotate ->new_mapping()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:18 -08:00
Al Viro
d29ef86b0a [AF_KEY]: annotate
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:18 -08:00
Al Viro
d5a0a1e310 [IPV4]: encapsulation annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:17 -08:00
Al Viro
4806126d78 [SUNRPC]: annotate hash_ip()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:16 -08:00
Al Viro
8a74ff7770 [IPV6]: annotate ipv6 mcast
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:15 -08:00
Al Viro
44473a6b27 [IPV6]: annotate struct frag_hdr
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:14 -08:00
Al Viro
a27ee7a4dd [IPV6]: annotate icmpv6 headers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:13 -08:00
Al Viro
04ce69093f [IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:12 -08:00
Al Viro
8c689a6eae [XFRM]: misc annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:11 -08:00
Al Viro
d2ecd9ccd0 [IPV6]: annotate inet6_hashtables
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:10 -08:00
Al Viro
5a874db4d9 [NET]: ipconfig and nfsroot annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:09 -08:00
Al Viro
3e6c8cd566 [TIPC]: endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:08 -08:00
David S. Miller
d54a81d341 [IPV6] NDISC: Calculate packet length correctly for allocation.
MAX_HEADER does not include the ipv6 header length in it,
so we need to add it in explicitly.

With help from YOSHIFUJI Hideaki.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:06:31 -08:00
Linus Torvalds
97be852f81 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (118 commits)
  [netdrvr] skge: build fix
  [PATCH] NetXen: driver cleanup, removed unnecessary __iomem type casts
  [PATCH] PHY: Add support for configuring the PHY connection interface
  [PATCH] chelesio: transmit locking (plus bug fix).
  [PATCH] chelsio: statistics improvement
  [PATCH] chelsio: add MSI support
  [PATCH] chelsio: use standard CRC routines
  [PATCH] chelsio: cleanup pm3393 code
  [PATCH] chelsio: add 1G swcixw aupport
  [PATCH] chelsio: add support for other 10G boards
  [PATCH] chelsio: remove unused mutex
  [PATCH] chelsio: use kzalloc
  [PATCH] chelsio: whitespace fixes
  [PATCH] amd8111e use standard CRC lib
  [PATCH] sky2: msi enhancements.
  [PATCH] sky2: kfree_skb_any needed
  [PATCH] sky2: fixes for Yukon EC_U chip revisions
  [PATCH] sky2: add Dlink 560SX id
  [PATCH] sky2: receive error handling fix
  [PATCH] skge: don't clear MC state on link down
  ...
2006-12-02 15:08:32 -08:00
Linus Torvalds
cdb54fac35 Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/drzeus/mmc
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/drzeus/mmc:
  mmc: correct request error handling
  mmc: Flush block queue when removing card
  mmc: sdhci high speed support
  mmc: Support for high speed SD cards
  mmc: Fix mmc_delay() function
  mmc: Add support for mmc v4 wide-bus modes
  [PATCH] mmc: Add support for mmc v4 high speed mode
  trivial change for mmc/Kconfig: MMC_PXA does not mean only PXA255
  Make general code cleanups
  Add MMC_CAP_{MULTIWRITE,BYTEBLOCK} flags
  Platform device error handling cleanup
  Move register definitions away from the header file
  Change OMAP_MMC_{READ,WRITE} macros to use the host pointer
  Replace base with virt_base and phys_base
  mmc: constify mmc_host_ops vectors
  mmc: remove kernel_thread()
2006-12-02 08:29:04 -08:00
Linus Torvalds
37043318b1 Merge branch 'release' of master.kernel.org:/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of master.kernel.org:/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
  Revert "ACPI: SCI interrupt source override"
2006-12-02 08:28:28 -08:00
Jeff Garzik
aae343d493 [netdrvr] skge: build fix
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 07:14:39 -05:00
Len Brown
7bdd21cef9 Revert "ACPI: SCI interrupt source override"
This reverts commit 281ea49b0c,
which broke ACPI Interrupt source overrides that move
the SCI from one IRQ in PIC mode to another in IOAPIC mode.

If the SCI shared an interrupt line with another device,
this would result in a "irq 18: nobody cared" type failure.

http://bugzilla.kernel.org/show_bug.cgi?id=7601

Signed-off-by: Len Brown <len.brown@intel.com>
2006-12-02 02:27:46 -05:00
Amit S. Kale
71bd7877d4 [PATCH] NetXen: driver cleanup, removed unnecessary __iomem type casts
Signed-off-by: Amit S. Kale <amitkale@netxen.com>

 netxen_nic.h         |   38 ++++++++------------------------------
 netxen_nic_ethtool.c |    5 ++---
 netxen_nic_hw.c      |   12 +++++-------
 netxen_nic_main.c    |    8 +++-----
 4 files changed, 18 insertions(+), 45 deletions(-)
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:33:11 -05:00
Andy Fleming
e8a2b6a420 [PATCH] PHY: Add support for configuring the PHY connection interface
Most PHYs connect to an ethernet controller over a GMII or MII
interface.  However, a growing number are connected over
different interfaces, such as RGMII or SGMII.

The ethernet driver will tell the PHY what type of connection it
is by setting it manually, or passing it in through phy_connect
(or phy_attach).

Changes include:
* Updates to documentation
* Updates to PHY Lib consumers
* Changes to PHY Lib to add interface support
* Some minor changes to whitespace in phy.h
* gianfar driver now detects interface and passes appropriate
  value to PHY Lib
Signed-off-by: Andrew Fleming <afleming@freescale.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:33:11 -05:00
Stephen Hemminger
cabdfb373a [PATCH] chelesio: transmit locking (plus bug fix).
If transmit lock is contended on, then push return code back
and retry at higher level.

Bugfix: If buffer is reallocated because of lack of headroom
and the send is blocked, then drop packet. This is necessary
because caller would end up requeuing a freed skb.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:50 -05:00
Stephen Hemminger
56f643c28c [PATCH] chelsio: statistics improvement
Cleanup statistics management:
 * Get rid of duplicate or unused statistics
 * Convert high volume stats to per-cpu and 64 bit

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:50 -05:00
Stephen Hemminger
325dde4891 [PATCH] chelsio: add MSI support
Using MSI can avoid sharing IRQ and associated overhead.
Tested on PCI-X.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:50 -05:00
Stephen Hemminger
57834ca152 [PATCH] chelsio: use standard CRC routines
Replace driver crc calculation with existing library.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
a7377a50b8 [PATCH] chelsio: cleanup pm3393 code
Replace macro with function for updating RMON values

Cleanups:
	* remove unused enum's
	* Fix comment format

Signed-off-by: Stephen HEmminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
352c417ddb [PATCH] chelsio: add 1G swcixw aupport
Add support for 1G versions of Chelsio devices.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
f1d3d38af7 [PATCH] chelsio: add support for other 10G boards
Add support for other versions of the 10G Chelsio boards.
This is basically a port of the vendor driver with the
TOE features removed.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
415294ecbb [PATCH] chelsio: remove unused mutex
This mutex is unused in current (non TOE) code.

Signed-off-by: Stephen Hemminger<shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
1270266cf9 [PATCH] chelsio: use kzalloc
Use kzalloc in several places.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
11e5a202ca [PATCH] chelsio: whitespace fixes
Fix indentation and blank/tab issues.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:24:49 -05:00
Stephen Hemminger
6b4bdde61b [PATCH] amd8111e use standard CRC lib
I noticed this driver (and several others) reinvent their own copy of the
existing CRC library. Don't have the hardware, but tested by extracting
code and comparing result.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:22:30 -05:00
Stephen Hemminger
b0a20ded56 [PATCH] sky2: msi enhancements.
If using Message Signaled Interrupts (MSI) then the IRQ will never
be shared. Don't call pci_disable_msi() unless using MSI.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:22:30 -05:00
Stephen Hemminger
794b2bd20f [PATCH] sky2: kfree_skb_any needed
It is possible for the sky2 driver NAPI poll routine to be called with
IRQ's disabled if netpoll is trying to make space in the tx queue. This
is an obscure path, but if it happens, the kfree_skb needs to happen
via softirq. Calling kfree_skb with IRQ's disabled is a not allowed.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:22:29 -05:00
Stephen Hemminger
8df9a87604 [PATCH] sky2: fixes for Yukon EC_U chip revisions
Update workarounds for 88E803X based on the latest SysKonnect vendor
driver version (8.41). Tested on EC_U rev A1, only.
These up the receive performance.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:22:29 -05:00
Stephen Hemminger
508f89e75a [PATCH] sky2: add Dlink 560SX id
Add new PCI ID for DLink 560SX.
This from the latest SysKonnect vendor driver (version 8.41).

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02 00:22:29 -05:00