| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The current approach to labeling Security Associations for SELinux
purposes uses a one-to-one mapping between xfrm policy rules and
security associations.
This doesn't address the needs of real world MLS (Multi-level System,
traditional Bell-LaPadula) environments where a single xfrm policy
rule (pertaining to a range, classified to secret for example) might
need to map to multiple Security Associations (one each for
classified, secret, top secret and all the compartments applicable to
these security levels).
This patch set addresses the above problem by allowing for the mapping
of a single xfrm policy rule to multiple security associations, with
each association used in the security context it is defined for. It
also includes the security context to be used in IKE negotiation in
the acquire messages sent to the IKE daemon so that a unique SA can be
negotiated for each unique security context. A couple of bug fixes are
also included; checks to make sure the SAs used by a packet match
policy (security context-wise) on the inbound and also that the bundle
used for the outbound matches the security context of the flow. This
patch set also makes the use of the SELinux sid in flow cache lookups
seemless by including the sid in the flow key itself. Also, open
requests as well as connection-oriented child sockets are labeled
automatically to be at the same level as the peer to allow for use of
appropriately labeled IPSec associations.
Description of changes:
A "sid" member has been added to the flow cache key resulting in the
sid being available at all needed locations and the flow cache lookups
automatically using the sid. The flow sid is derived from the socket
on the outbound and the SAs (unlabeled where an SA was not used) on
the inbound.
Outbound case:
1. Find policy for the socket.
2. OLD: Find an SA that matches the policy.
NEW: Find an SA that matches BOTH the policy and the flow/socket.
This is necessary since not every SA that matches the policy
can be used for the flow/socket. Consider policy range Secret-TS,
and SAs each for Secret and TS. We don't want a TS socket to
use the Secret SA. Hence the additional check for the SA Vs. flow/socket.
3. NEW: When looking thru bundles for a policy, make sure the
flow/socket can use the bundle. If a bundle is not found,
create one, calling for IKE if necessary. If using IKE,
include the security context in the acquire message to the IKE
daemon.
Inbound case:
1. OLD: Find policy for the socket.
NEW: Find policy for the incoming packet based on the sid of the
SA(s) it used or the unlabeled sid if no SAs were
used. (Consider a case where a socket is "authorized" for two
policies (unclassified-confidential, secret-top_secret). If the
packet has come in using a secret SA, we really ought to be
using the latter policy (secret-top_secret).)
2. OLD: BUG: No check to see if the SAs used by the packet agree with
the policy sec_ctx-wise.
(It was indicated in selinux_xfrm_sock_rcv_skb() that
this was being accomplished by
(x->id.spi == tmpl->id.spi || !tmpl->id.spi) in xfrm_state_ok,
but it turns out tmpl->id.spi
would normally be zero (unless xfrm policy rules specify one
at the template level, which they usually don't).
NEW: The socket is checked for access to the SAs used (based on the
sid of the SAs) in selinux_xfrm_sock_rcv_skb().
Forward case:
This would be Step 1 from the Inbound case, followed by Steps 2 and 3
from the Outbound case.
Outstanding items/issues:
- Timewait acknowledgements and such are generated in the
current/upstream implementation using a NULL socket resulting in the
any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed
by this patch set.
This patch: Add new flask definitions to SELinux
Adds a new avperm "polmatch" to arbitrate flow/state access to a xfrm
policy rule.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
This reverts commit 668040fcd1e06fc3e68a92708cbdfa5a52c37d3c.
The 'flags' field of the struct request is 'unsigned long'. Quite
how Randy came to see 'long int format, different type arg' I don't
know, but it doesn't seem to be the case any more.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Signed-off-by: Claudio Lanconelli <lanconelli.claudio@eptar.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Use pci_resource_start for getting start of regions and pci_iomap to not
doing this directly by using dev->resource... (Thanks to Rolf Eike Beer)
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Use kzalloc instad of kmalloc+memset(0).
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Spaces were used for indent, there was more than 80 columns per line. Get
rid of that stuff.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
The iq80310 mtd map driver depends on ARCH_IQ80310, which isn't
defined anywhere in the tree (as we don't have 80310 support), and
furthermore, everything the driver does can be done with physmap
instead.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Due to this typo, a wrong ECC layout table is chosen.
Signed-off-by: Frank Haverkamp <haver@vnet.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Implement PM handling for physmap. Idea from Steven Scholz, patch
by David Anders.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
ioremap must be balanced by an iounmap and failing to do so can result
in a memory leak.
Tested (compilation only) with:
- allmodconfig
- Modifying drivers/mtd/maps/Kconfig and drivers/mtd/nand/Kconfig to
make sure that the changed file is compiling without warning
Signed-off-by: Amol Lad <amol@verismonetworks.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Fix printk format warning(s):
drivers/mtd/mtd_blkdevs.c:72: warning: long int format, different type arg (arg 2)
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
If the amount of flash is not divisible by 2 then the mask in
parse_mtd_partitions would fail to work as designed. Passing in the base
address corrects this problem.
Signed-off-by: Brian Walsh <brian@walsh.ws>
Cc: Deepak Sanexa <dsanexa@mvista.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
We certainly don't need the check for Linux version > 2.5.2, and in fact
we can also live without the __ECOS check, since we can just add it back
in the eCos git tree which is automatically derived from the Linux fs/jffs2
subdirectory in the upstream git tree.
Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Introduce the MTD_STUPID_LOCK flag which indicates that the flash chip is
always locked after power-up, so all sectors need to be unlocked before it
is usable.
If this flag is set, and the chip provides an unlock() operation,
mtd_add_device will unlock the whole MTD device if it's writeable. This
means that non-writeable partitions will stay locked.
Set MTD_STUPID_LOCK in fixup_use_atmel_lock() so that these chips will work
as expected.
Signed-off-by: Håvard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
|
Looks like a workaround for old bogus OF bitrot... This fixes it and
hence fixes boot on some performa machines.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
On detection of an EEH error, some Power4 systems seem to occasionally
want to be reset twice before they report themselves as fully recovered.
This patch re-arranges the code to attempt additional resets if the first
one doesn't take.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This patch causes fsl_soc.h to import the definition of phys_addr_t
itself, rather than relying on its includer to do so.
Signed-off-by: Scott Wood <scott@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Noticed that the U3_*CFA macros have some typos:
#define U3_HT_CFA0(devfn, off) \
((((unsigned long)devfn) << 8) | offset)
(refers to offset rather than off)
#define U3_AGP_CFA0(devfn, off) \
((1 << (unsigned long)PCI_SLOT(dev_fn)) \
| (((unsigned long)PCI_FUNC(dev_fn)) << 8) \
(refers to dev_fn rather than devfn)
Things happen to work, but there doesn't seem to be any reason these
shouldn't be functions. Overall behavior should be unchanged.
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
When there is a PCI-X mode 2 capable device behind the HT<->PCI-X
bridge, the pci core decides that the device has the extended 4K
config space, even though the bus is not operating in mode 2. This is
because the u3_ht pci ops silently accept offsets greater than 255 but
use only the 8 least significant bits, which means reading at offset
0x100 gets the data at offset 0x0, and causes confusion for lspci.
Reject accesses to configuration space offsets greater than 255.
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This patch fixes the assignment of pending registers to IRQ numbers for
the IPIC; the code previously assigned all IRQs to the high pending word
regardless of which word the interrupt belonged to.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Ulrich Weigand found a bug with the current version of the
asm-powerpc/ptrace.h that prevents building at least the
SPU target version of gdb, since some ptrace opcodes are
not defined.
The problem seems to have originated in the merging of 32 and
64 bit versions of that file, the problem is that some opcodes
are only valid on 64 bit kernels, but are also used by 32 bit
programs, so they can't depends on the __powerpc64__ symbol.
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This looks like cruft to me, these functions don't exist AFAICT,
and I can't see that it's possible to even enable DISCONTIGMEM on
powerpc anymore. CC'ing some folks who might know better, based on
the who-touched-it-last principle.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This patch changes the io operations so that they are out of line if
CONFIG_PPC_ISERIES is set and includes a firmware feature check in
that case.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This fixes some debug register defines on PPC 40x that were incorrect.
Signed-off-by: Josh Boyer <jdub@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
The following fixes compile errors in sbc8560.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Update to the PowerPC PCI error recovery code.
Add code to enable MMIO if a device driver reports that it is capable
of recovering on its own. One anticipated use of this having a device
driver enable MMIO so that it can take a register dump, which might
then be followed by the device driver requesting a full reset.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Add wrapper around the rtas call to enable MMIO or DMA on a frozen pci
slot.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Clean up subroutine documentation; mostly formatting changes, with
some new content.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
This corrects a pci_dev get/put imbalance that can occur only in
highly unlikely situations (kmalloc failures, pci devices with
overlapping resource addresses). No actual failures seen, this was
spotted during code review.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
The stack frame address was being printed incorrectly in the backtrace
option of XMON on PPC. This patch fixes it to print the actual stack
address instead of the address of the local variable that contains it.
Signed-off-by: Josh Boyer <jdub@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Jakub noticed the cputable.c entry for Xilinx Virtex-4 FX was missing
a .platform value, so the AT_PLATFORM value wouldn't be set correctly.
This adds it.
Signed-off-by: Peter Bergner <bergner@vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
Just some minor comment nits.
- little-endian is better than low-endian
- and since it is called essiv everywere it should also be essiv
in the comments (and not ess_iv)
Signed-off-by: Rik Snel <rsnel@cube.dyndns.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch marks the crypto_digest_* functions and crypto_alg_available
as deprecated. They've been replaced by crypto_hash_* and crypto_has_*
respectively.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch converts padlock-sha to use crypto_hash for its fallback.
It also changes the fallback selection to use selection by type instead
of name. This is done through the new CRYPTO_ALG_NEED_FALLBACK bit,
which is set if and only if an algorithm needs a fallback of the same
type.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch adds the crypto_comp type to complete the compile-time checking
conversion. The functions crypto_has_alg and crypto_has_cipher, etc. are
also added to replace crypto_alg_available.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch converts all remaining crypto_digest users to use the new
crypto_hash interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch converts ISCSI to use the new crypto_hash interface instead
of crypto_digest. It's a fairly straightforward substitution.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch removes the old HMAC implementation now that nobody uses it
anymore.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch updates the documentation to reflect the switch from digest
to hash. It also replaces notes about emailing James Morris to refer
to me instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch converts SCTP to use the new HMAC template and hash interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch converts IPsec to use the new HMAC template. The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.
The same structure can be used by other MACs such as AES-XCBC-MAC.
This patch also switches from the digest interface to hash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch converts tcrypt to use the new HMAC template rather than the
hard-coded version of HMAC. It also converts all digest users to use
the new cipher interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch rewrites HMAC as a crypto template. This means that HMAC is no
longer a hard-coded part of the API. It's now a template that generates
standard digest algorithms like any other.
The old HMAC is preserved until all current users are converted.
The same structure can be used by other MACs such as AES-XCBC-MAC.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The existing digest user interface is inadequate for support asynchronous
operations. For one it doesn't return a value to indicate success or
failure, nor does it take a per-operation descriptor which is essential
for the issuing of requests while other requests are still outstanding.
This patch is the first in a series of steps to remodel the interface
for asynchronous operations.
For the ease of transition the new interface will be known as "hash"
while the old one will remain as "digest".
This patch also changes sg_next to allow chaining.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Mark the parts of the cipher interface that have been replaced by
block ciphers as deprecated. Thanks to Andrew Morton for suggesting
doing this before removing them completely.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This patch adds a const modifier to the buf argument of sg_set_buf and
sg_init_one. This lets people call it with pointers that are const.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
Venkat Yekkirala
David Woodhouse
Claudio Lanconelli
Jiri Slaby
Lennert Buytenhek
Frank Haverkamp
Amol Lad
Alan Cox
Randy Dunlap
Brian Walsh
Michal Piotrowski
Håvard Skinnemoen
Benjamin Herrenschmidt
Linas Vepstas
Scott Wood
Nathan Lynch
Arnd Bergmann
Michael Ellerman
Stephen Rothwell
Josh Boyer
Amy Fong
Peter Bergner
Rik Snel
Herbert Xu