From 6dba28379edc08327ede01ff41bd3c9dd46a7fa0 Mon Sep 17 00:00:00 2001 From: Henrik Kretzschmar Date: Wed, 6 Sep 2006 00:03:40 -0700 Subject: [PATCH] Documentation for lock_key in struct hrtimer_base Fixes an error message on make xmldocs. Signed-off-by: Henrik Kretzschmar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/hrtimer.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h index e4bccbcc2750..4fc379de6c2f 100644 --- a/include/linux/hrtimer.h +++ b/include/linux/hrtimer.h @@ -80,6 +80,7 @@ struct hrtimer_sleeper { * @get_softirq_time: function to retrieve the current time from the softirq * @curr_timer: the timer which is executing a callback right now * @softirq_time: the time when running the hrtimer queue in the softirq + * @lock_key: the lock_class_key for use with lockdep */ struct hrtimer_base { clockid_t index; -- cgit From 96dd7421a06a5bc6eb731323b95efcb2fd864854 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Sep 2006 00:03:42 -0700 Subject: [PATCH] prevent timespec/timeval to ktime_t overflow Frank v. Waveren pointed out that on 64bit machines the timespec to ktime_t conversion might overflow. This is also true for timeval to ktime_t conversions. This breaks a "sleep inf" on 64bit machines. While a timespec/timeval with tx.sec = MAX_LONG is valid by specification the internal representation of ktime_t is based on nanoseconds. The conversion of seconds to nanoseconds overflows for seconds values >= (MAX_LONG / NSEC_PER_SEC). Check the seconds argument to the conversion and limit it to the maximum time which can be represented by ktime_t. Signed-off-by: Thomas Gleixner Cc: Ingo Molnar Cc: Frank v Waveren Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/ktime.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/ktime.h b/include/linux/ktime.h index ed3396dcc4f7..84eeecd60a02 100644 --- a/include/linux/ktime.h +++ b/include/linux/ktime.h @@ -56,7 +56,8 @@ typedef union { #endif } ktime_t; -#define KTIME_MAX (~((u64)1 << 63)) +#define KTIME_MAX ((s64)~((u64)1 << 63)) +#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) /* * ktime_t definitions when using the 64-bit scalar representation: @@ -73,6 +74,10 @@ typedef union { */ static inline ktime_t ktime_set(const long secs, const unsigned long nsecs) { +#if (BITS_PER_LONG == 64) + if (unlikely(secs >= KTIME_SEC_MAX)) + return (ktime_t){ .tv64 = KTIME_MAX }; +#endif return (ktime_t) { .tv64 = (s64)secs * NSEC_PER_SEC + (s64)nsecs }; } -- cgit From bb98ad77d8451a3ccf9478738ffe7ec63394fcdf Mon Sep 17 00:00:00 2001 From: Ismail Donmez Date: Wed, 6 Sep 2006 00:03:44 -0700 Subject: [PATCH] Move linux/device.h include in linux/atmdev.h to #ifdef __KERNEL__ section linux/device.h header is not included in the David Woodhouse's kernel-headers git tree which is used for userspace kernel headers. Which results in compile errors when building iproute2. Attached patch moves linux/device.h include under the #ifdef __KERNEL__ section. Signed-off-by: Ismail Donmez Signed-off-by: David Woodhouse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/atmdev.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h index 41788a31c438..2096e5c72827 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h @@ -7,7 +7,6 @@ #define LINUX_ATMDEV_H -#include #include #include #include @@ -210,6 +209,7 @@ struct atm_cirange { #ifdef __KERNEL__ +#include #include /* wait_queue_head_t */ #include /* struct timeval */ #include -- cgit From f57b225e432d80ee46f48536cc55ea6cf62c5570 Mon Sep 17 00:00:00 2001 From: David Brownell Date: Sun, 3 Sep 2006 06:43:33 -0700 Subject: [MMC] constify mmc_host_ops Let drivers constify MMC host method operations tables, moving them from ".data" to ".rodata". Signed-off-by: David Brownell Acked-by: Pierre Ossman Signed-off-by: Russell King --- include/linux/mmc/host.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h index c1f021eddffa..ba095aebedff 100644 --- a/include/linux/mmc/host.h +++ b/include/linux/mmc/host.h @@ -77,7 +77,7 @@ struct mmc_host { struct device *dev; struct class_device class_dev; int index; - struct mmc_host_ops *ops; + const struct mmc_host_ops *ops; unsigned int f_min; unsigned int f_max; u32 ocr_avail; -- cgit From d773d7255199a6c8934e197756f54a1115dd127b Mon Sep 17 00:00:00 2001 From: Russell King Date: Thu, 7 Sep 2006 15:57:12 +0100 Subject: [MMC] Cleanup 385e3227d4d83ab13d7767c4bb3593b0256bf246 Rather than having two places which independently calculate the timeout for data transfers, make it a library function instead. Signed-off-by: Russell King Acked-by: Pierre Ossman --- drivers/mmc/mmc.c | 64 ++++++++++++++++++++++++++++++++++++++----------- drivers/mmc/mmc_block.c | 35 +-------------------------- include/linux/mmc/mmc.h | 2 ++ 3 files changed, 53 insertions(+), 48 deletions(-) (limited to 'include/linux') diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c index c0c7ef2a8b28..74eaaee66de0 100644 --- a/drivers/mmc/mmc.c +++ b/drivers/mmc/mmc.c @@ -247,6 +247,55 @@ int mmc_wait_for_app_cmd(struct mmc_host *host, unsigned int rca, EXPORT_SYMBOL(mmc_wait_for_app_cmd); +/** + * mmc_set_data_timeout - set the timeout for a data command + * @data: data phase for command + * @card: the MMC card associated with the data transfer + * @write: flag to differentiate reads from writes + */ +void mmc_set_data_timeout(struct mmc_data *data, const struct mmc_card *card, + int write) +{ + unsigned int mult; + + /* + * SD cards use a 100 multiplier rather than 10 + */ + mult = mmc_card_sd(card) ? 100 : 10; + + /* + * Scale up the multiplier (and therefore the timeout) by + * the r2w factor for writes. + */ + if (write) + mult <<= card->csd.r2w_factor; + + data->timeout_ns = card->csd.tacc_ns * mult; + data->timeout_clks = card->csd.tacc_clks * mult; + + /* + * SD cards also have an upper limit on the timeout. + */ + if (mmc_card_sd(card)) { + unsigned int timeout_us, limit_us; + + timeout_us = data->timeout_ns / 1000; + timeout_us += data->timeout_clks * 1000 / + (card->host->ios.clock / 1000); + + if (write) + limit_us = 250000; + else + limit_us = 100000; + + if (timeout_us > limit_us) { + data->timeout_ns = limit_us * 1000; + data->timeout_clks = 0; + } + } +} +EXPORT_SYMBOL(mmc_set_data_timeout); + static int mmc_select_card(struct mmc_host *host, struct mmc_card *card); /** @@ -908,12 +957,9 @@ static void mmc_read_scrs(struct mmc_host *host) { int err; struct mmc_card *card; - struct mmc_request mrq; struct mmc_command cmd; struct mmc_data data; - unsigned int timeout_us; - struct scatterlist sg; list_for_each_entry(card, &host->cards, node) { @@ -948,17 +994,7 @@ static void mmc_read_scrs(struct mmc_host *host) memset(&data, 0, sizeof(struct mmc_data)); - data.timeout_ns = card->csd.tacc_ns * 100; - data.timeout_clks = card->csd.tacc_clks * 100; - - timeout_us = data.timeout_ns / 1000; - timeout_us += data.timeout_clks * 1000 / - (host->ios.clock / 1000); - - if (timeout_us > 100000) { - data.timeout_ns = 100000000; - data.timeout_clks = 0; - } + mmc_set_data_timeout(&data, card, 0); data.blksz_bits = 3; data.blksz = 1 << 3; diff --git a/drivers/mmc/mmc_block.c b/drivers/mmc/mmc_block.c index 515fb227eba7..d6fcc467b503 100644 --- a/drivers/mmc/mmc_block.c +++ b/drivers/mmc/mmc_block.c @@ -179,40 +179,7 @@ static int mmc_blk_issue_rq(struct mmc_queue *mq, struct request *req) brq.stop.arg = 0; brq.stop.flags = MMC_RSP_R1B | MMC_CMD_AC; - brq.data.timeout_ns = card->csd.tacc_ns * 10; - brq.data.timeout_clks = card->csd.tacc_clks * 10; - - /* - * Scale up the timeout by the r2w factor - */ - if (rq_data_dir(req) == WRITE) { - brq.data.timeout_ns <<= card->csd.r2w_factor; - brq.data.timeout_clks <<= card->csd.r2w_factor; - } - - /* - * SD cards use a 100 multiplier and has a upper limit - */ - if (mmc_card_sd(card)) { - unsigned int limit_us, timeout_us; - - brq.data.timeout_ns *= 10; - brq.data.timeout_clks *= 10; - - if (rq_data_dir(req) == READ) - limit_us = 100000; - else - limit_us = 250000; - - timeout_us = brq.data.timeout_ns / 1000; - timeout_us += brq.data.timeout_clks * 1000 / - (card->host->ios.clock / 1000); - - if (timeout_us > limit_us) { - brq.data.timeout_ns = limit_us * 1000; - brq.data.timeout_clks = 0; - } - } + mmc_set_data_timeout(&brq.data, card, rq_data_dir(req) != READ); if (rq_data_dir(req) == READ) { brq.cmd.opcode = brq.data.blocks > 1 ? MMC_READ_MULTIPLE_BLOCK : MMC_READ_SINGLE_BLOCK; diff --git a/include/linux/mmc/mmc.h b/include/linux/mmc/mmc.h index 03a14a30c46a..627e2c08ce41 100644 --- a/include/linux/mmc/mmc.h +++ b/include/linux/mmc/mmc.h @@ -105,6 +105,8 @@ extern int mmc_wait_for_cmd(struct mmc_host *, struct mmc_command *, int); extern int mmc_wait_for_app_cmd(struct mmc_host *, unsigned int, struct mmc_command *, int); +extern void mmc_set_data_timeout(struct mmc_data *, const struct mmc_card *, int); + extern int __mmc_claim_host(struct mmc_host *host, struct mmc_card *card); static inline void mmc_claim_host(struct mmc_host *host) -- cgit From 47d4b9066df023670a61e74565a75293cf15a441 Mon Sep 17 00:00:00 2001 From: David Wang Date: Fri, 8 Sep 2006 09:47:51 -0700 Subject: [PATCH] sis5513: add SiS south bridge ID 0x966 and 0x968 New SiS south bridge device ID is 0x966. Next coming product will be 0x968. (Will be released in Q4, this year) We don't make any updates to the IDE controller. Signed-off-by: David Wang Cc: Jeff Garzik Cc: Alan Cox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/ide/pci/sis5513.c | 2 ++ include/linux/pci_ids.h | 2 ++ 2 files changed, 4 insertions(+) (limited to 'include/linux') diff --git a/drivers/ide/pci/sis5513.c b/drivers/ide/pci/sis5513.c index 8a6c23ac8cc1..f03196c5db37 100644 --- a/drivers/ide/pci/sis5513.c +++ b/drivers/ide/pci/sis5513.c @@ -86,6 +86,8 @@ static const struct { u8 chipset_family; u8 flags; } SiSHostChipInfo[] = { + { "SiS968", PCI_DEVICE_ID_SI_968, ATA_133 }, + { "SiS966", PCI_DEVICE_ID_SI_966, ATA_133 }, { "SiS965", PCI_DEVICE_ID_SI_965, ATA_133 }, { "SiS745", PCI_DEVICE_ID_SI_745, ATA_100 }, { "SiS735", PCI_DEVICE_ID_SI_735, ATA_100 }, diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h index c91164ea3dec..7a249155ee4e 100644 --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h @@ -648,6 +648,8 @@ #define PCI_DEVICE_ID_SI_962 0x0962 #define PCI_DEVICE_ID_SI_963 0x0963 #define PCI_DEVICE_ID_SI_965 0x0965 +#define PCI_DEVICE_ID_SI_966 0x0966 +#define PCI_DEVICE_ID_SI_968 0x0968 #define PCI_DEVICE_ID_SI_5511 0x5511 #define PCI_DEVICE_ID_SI_5513 0x5513 #define PCI_DEVICE_ID_SI_5517 0x5517 -- cgit From e9f7bee1df223dcf83743b46cb06c08d95497ec0 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Fri, 8 Sep 2006 09:48:54 -0700 Subject: [PATCH] NFS: large non-page-aligned direct I/O clobbers memory The logic in nfs_direct_read_schedule and nfs_direct_write_schedule can allow data->npages to be one larger than rpages. This causes a page pointer to be written beyond the end of the pagevec in nfs_read_data (or nfs_write_data). Fix this by making nfs_(read|write)_alloc() calculate the size of the pagevec array, and initialise data->npages. Also get rid of the redundant argument to nfs_commit_alloc(). Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/nfs/direct.c | 50 ++++++++++++++----------------------------------- fs/nfs/read.c | 24 +++++++++++++----------- fs/nfs/write.c | 37 +++++++++++++++--------------------- include/linux/nfs_fs.h | 6 +++--- include/linux/nfs_xdr.h | 4 ++-- 5 files changed, 47 insertions(+), 74 deletions(-) (limited to 'include/linux') diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index fecd3b095deb..76ca1cbc38f9 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -100,25 +100,6 @@ static inline int put_dreq(struct nfs_direct_req *dreq) return atomic_dec_and_test(&dreq->io_count); } -/* - * "size" is never larger than rsize or wsize. - */ -static inline int nfs_direct_count_pages(unsigned long user_addr, size_t size) -{ - int page_count; - - page_count = (user_addr + size + PAGE_SIZE - 1) >> PAGE_SHIFT; - page_count -= user_addr >> PAGE_SHIFT; - BUG_ON(page_count < 0); - - return page_count; -} - -static inline unsigned int nfs_max_pages(unsigned int size) -{ - return (size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; -} - /** * nfs_direct_IO - NFS address space operation for direct I/O * @rw: direction (read or write) @@ -276,28 +257,24 @@ static ssize_t nfs_direct_read_schedule(struct nfs_direct_req *dreq, unsigned lo struct nfs_open_context *ctx = dreq->ctx; struct inode *inode = ctx->dentry->d_inode; size_t rsize = NFS_SERVER(inode)->rsize; - unsigned int rpages = nfs_max_pages(rsize); unsigned int pgbase; int result; ssize_t started = 0; get_dreq(dreq); - pgbase = user_addr & ~PAGE_MASK; do { struct nfs_read_data *data; size_t bytes; + pgbase = user_addr & ~PAGE_MASK; + bytes = min(rsize,count); + result = -ENOMEM; - data = nfs_readdata_alloc(rpages); + data = nfs_readdata_alloc(pgbase + bytes); if (unlikely(!data)) break; - bytes = rsize; - if (count < rsize) - bytes = count; - - data->npages = nfs_direct_count_pages(user_addr, bytes); down_read(¤t->mm->mmap_sem); result = get_user_pages(current, current->mm, user_addr, data->npages, 1, 0, data->pagevec, NULL); @@ -344,8 +321,10 @@ static ssize_t nfs_direct_read_schedule(struct nfs_direct_req *dreq, unsigned lo started += bytes; user_addr += bytes; pos += bytes; + /* FIXME: Remove this unnecessary math from final patch */ pgbase += bytes; pgbase &= ~PAGE_MASK; + BUG_ON(pgbase != (user_addr & ~PAGE_MASK)); count -= bytes; } while (count != 0); @@ -524,7 +503,7 @@ static void nfs_direct_write_complete(struct nfs_direct_req *dreq, struct inode static void nfs_alloc_commit_data(struct nfs_direct_req *dreq) { - dreq->commit_data = nfs_commit_alloc(0); + dreq->commit_data = nfs_commit_alloc(); if (dreq->commit_data != NULL) dreq->commit_data->req = (struct nfs_page *) dreq; } @@ -605,28 +584,24 @@ static ssize_t nfs_direct_write_schedule(struct nfs_direct_req *dreq, unsigned l struct nfs_open_context *ctx = dreq->ctx; struct inode *inode = ctx->dentry->d_inode; size_t wsize = NFS_SERVER(inode)->wsize; - unsigned int wpages = nfs_max_pages(wsize); unsigned int pgbase; int result; ssize_t started = 0; get_dreq(dreq); - pgbase = user_addr & ~PAGE_MASK; do { struct nfs_write_data *data; size_t bytes; + pgbase = user_addr & ~PAGE_MASK; + bytes = min(wsize,count); + result = -ENOMEM; - data = nfs_writedata_alloc(wpages); + data = nfs_writedata_alloc(pgbase + bytes); if (unlikely(!data)) break; - bytes = wsize; - if (count < wsize) - bytes = count; - - data->npages = nfs_direct_count_pages(user_addr, bytes); down_read(¤t->mm->mmap_sem); result = get_user_pages(current, current->mm, user_addr, data->npages, 0, 0, data->pagevec, NULL); @@ -676,8 +651,11 @@ static ssize_t nfs_direct_write_schedule(struct nfs_direct_req *dreq, unsigned l started += bytes; user_addr += bytes; pos += bytes; + + /* FIXME: Remove this useless math from the final patch */ pgbase += bytes; pgbase &= ~PAGE_MASK; + BUG_ON(pgbase != (user_addr & ~PAGE_MASK)); count -= bytes; } while (count != 0); diff --git a/fs/nfs/read.c b/fs/nfs/read.c index da9cf11c326f..7a9ee00e0c61 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -43,13 +43,15 @@ static mempool_t *nfs_rdata_mempool; #define MIN_POOL_READ (32) -struct nfs_read_data *nfs_readdata_alloc(unsigned int pagecount) +struct nfs_read_data *nfs_readdata_alloc(size_t len) { + unsigned int pagecount = (len + PAGE_SIZE - 1) >> PAGE_SHIFT; struct nfs_read_data *p = mempool_alloc(nfs_rdata_mempool, SLAB_NOFS); if (p) { memset(p, 0, sizeof(*p)); INIT_LIST_HEAD(&p->pages); + p->npages = pagecount; if (pagecount <= ARRAY_SIZE(p->page_array)) p->pagevec = p->page_array; else { @@ -140,7 +142,7 @@ static int nfs_readpage_sync(struct nfs_open_context *ctx, struct inode *inode, int result; struct nfs_read_data *rdata; - rdata = nfs_readdata_alloc(1); + rdata = nfs_readdata_alloc(count); if (!rdata) return -ENOMEM; @@ -336,25 +338,25 @@ static int nfs_pagein_multi(struct list_head *head, struct inode *inode) struct nfs_page *req = nfs_list_entry(head->next); struct page *page = req->wb_page; struct nfs_read_data *data; - unsigned int rsize = NFS_SERVER(inode)->rsize; - unsigned int nbytes, offset; + size_t rsize = NFS_SERVER(inode)->rsize, nbytes; + unsigned int offset; int requests = 0; LIST_HEAD(list); nfs_list_remove_request(req); nbytes = req->wb_bytes; - for(;;) { - data = nfs_readdata_alloc(1); + do { + size_t len = min(nbytes,rsize); + + data = nfs_readdata_alloc(len); if (!data) goto out_bad; INIT_LIST_HEAD(&data->pages); list_add(&data->pages, &list); requests++; - if (nbytes <= rsize) - break; - nbytes -= rsize; - } + nbytes -= len; + } while(nbytes != 0); atomic_set(&req->wb_complete, requests); ClearPageError(page); @@ -402,7 +404,7 @@ static int nfs_pagein_one(struct list_head *head, struct inode *inode) if (NFS_SERVER(inode)->rsize < PAGE_CACHE_SIZE) return nfs_pagein_multi(head, inode); - data = nfs_readdata_alloc(NFS_SERVER(inode)->rpages); + data = nfs_readdata_alloc(NFS_SERVER(inode)->rsize); if (!data) goto out_bad; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index 50774991f8d5..8ab3cf10d792 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -90,22 +90,13 @@ static mempool_t *nfs_commit_mempool; static DECLARE_WAIT_QUEUE_HEAD(nfs_write_congestion); -struct nfs_write_data *nfs_commit_alloc(unsigned int pagecount) +struct nfs_write_data *nfs_commit_alloc(void) { struct nfs_write_data *p = mempool_alloc(nfs_commit_mempool, SLAB_NOFS); if (p) { memset(p, 0, sizeof(*p)); INIT_LIST_HEAD(&p->pages); - if (pagecount <= ARRAY_SIZE(p->page_array)) - p->pagevec = p->page_array; - else { - p->pagevec = kcalloc(pagecount, sizeof(struct page *), GFP_NOFS); - if (!p->pagevec) { - mempool_free(p, nfs_commit_mempool); - p = NULL; - } - } } return p; } @@ -117,13 +108,15 @@ void nfs_commit_free(struct nfs_write_data *p) mempool_free(p, nfs_commit_mempool); } -struct nfs_write_data *nfs_writedata_alloc(unsigned int pagecount) +struct nfs_write_data *nfs_writedata_alloc(size_t len) { + unsigned int pagecount = (len + PAGE_SIZE - 1) >> PAGE_SHIFT; struct nfs_write_data *p = mempool_alloc(nfs_wdata_mempool, SLAB_NOFS); if (p) { memset(p, 0, sizeof(*p)); INIT_LIST_HEAD(&p->pages); + p->npages = pagecount; if (pagecount <= ARRAY_SIZE(p->page_array)) p->pagevec = p->page_array; else { @@ -208,7 +201,7 @@ static int nfs_writepage_sync(struct nfs_open_context *ctx, struct inode *inode, int result, written = 0; struct nfs_write_data *wdata; - wdata = nfs_writedata_alloc(1); + wdata = nfs_writedata_alloc(wsize); if (!wdata) return -ENOMEM; @@ -999,24 +992,24 @@ static int nfs_flush_multi(struct inode *inode, struct list_head *head, int how) struct nfs_page *req = nfs_list_entry(head->next); struct page *page = req->wb_page; struct nfs_write_data *data; - unsigned int wsize = NFS_SERVER(inode)->wsize; - unsigned int nbytes, offset; + size_t wsize = NFS_SERVER(inode)->wsize, nbytes; + unsigned int offset; int requests = 0; LIST_HEAD(list); nfs_list_remove_request(req); nbytes = req->wb_bytes; - for (;;) { - data = nfs_writedata_alloc(1); + do { + size_t len = min(nbytes, wsize); + + data = nfs_writedata_alloc(len); if (!data) goto out_bad; list_add(&data->pages, &list); requests++; - if (nbytes <= wsize) - break; - nbytes -= wsize; - } + nbytes -= len; + } while (nbytes != 0); atomic_set(&req->wb_complete, requests); ClearPageError(page); @@ -1070,7 +1063,7 @@ static int nfs_flush_one(struct inode *inode, struct list_head *head, int how) struct nfs_write_data *data; unsigned int count; - data = nfs_writedata_alloc(NFS_SERVER(inode)->wpages); + data = nfs_writedata_alloc(NFS_SERVER(inode)->wsize); if (!data) goto out_bad; @@ -1378,7 +1371,7 @@ nfs_commit_list(struct inode *inode, struct list_head *head, int how) struct nfs_write_data *data; struct nfs_page *req; - data = nfs_commit_alloc(NFS_SERVER(inode)->wpages); + data = nfs_commit_alloc(); if (!data) goto out_bad; diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h index 247434553ae8..530b1e6173b1 100644 --- a/include/linux/nfs_fs.h +++ b/include/linux/nfs_fs.h @@ -427,7 +427,7 @@ extern int nfs_writeback_done(struct rpc_task *, struct nfs_write_data *); extern void nfs_writedata_release(void *); #if defined(CONFIG_NFS_V3) || defined(CONFIG_NFS_V4) -struct nfs_write_data *nfs_commit_alloc(unsigned int pagecount); +struct nfs_write_data *nfs_commit_alloc(void); void nfs_commit_free(struct nfs_write_data *p); #endif @@ -478,7 +478,7 @@ static inline int nfs_wb_page(struct inode *inode, struct page* page) /* * Allocate nfs_write_data structures */ -extern struct nfs_write_data *nfs_writedata_alloc(unsigned int pagecount); +extern struct nfs_write_data *nfs_writedata_alloc(size_t len); /* * linux/fs/nfs/read.c @@ -492,7 +492,7 @@ extern void nfs_readdata_release(void *data); /* * Allocate nfs_read_data structures */ -extern struct nfs_read_data *nfs_readdata_alloc(unsigned int pagecount); +extern struct nfs_read_data *nfs_readdata_alloc(size_t len); /* * linux/fs/nfs3proc.c diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index db9cbf68e12b..41e5a19199e9 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -729,7 +729,7 @@ struct nfs_read_data { struct list_head pages; /* Coalesced read requests */ struct nfs_page *req; /* multi ops per nfs_page */ struct page **pagevec; - unsigned int npages; /* active pages in pagevec */ + unsigned int npages; /* Max length of pagevec */ struct nfs_readargs args; struct nfs_readres res; #ifdef CONFIG_NFS_V4 @@ -748,7 +748,7 @@ struct nfs_write_data { struct list_head pages; /* Coalesced requests we wish to flush */ struct nfs_page *req; /* multi ops per nfs_page */ struct page **pagevec; - unsigned int npages; /* active pages in pagevec */ + unsigned int npages; /* Max length of pagevec */ struct nfs_writeargs args; /* argument struct */ struct nfs_writeres res; /* result struct */ #ifdef CONFIG_NFS_V4 -- cgit From dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 31 Aug 2006 19:05:56 -0400 Subject: [PATCH] audit: more syscall classes added Signed-off-by: Al Viro --- arch/i386/kernel/audit.c | 12 ++++++++++++ arch/ia64/ia32/audit.c | 10 ++++++++++ arch/ia64/kernel/audit.c | 16 ++++++++++++++++ arch/powerpc/kernel/audit.c | 16 ++++++++++++++++ arch/powerpc/kernel/compat_audit.c | 10 ++++++++++ arch/s390/kernel/audit.c | 16 ++++++++++++++++ arch/s390/kernel/compat_audit.c | 10 ++++++++++ arch/x86_64/ia32/audit.c | 10 ++++++++++ arch/x86_64/kernel/audit.c | 16 ++++++++++++++++ include/asm-generic/audit_read.h | 8 ++++++++ include/asm-generic/audit_write.h | 11 +++++++++++ include/linux/audit.h | 4 ++++ 12 files changed, 139 insertions(+) create mode 100644 include/asm-generic/audit_read.h create mode 100644 include/asm-generic/audit_write.h (limited to 'include/linux') diff --git a/arch/i386/kernel/audit.c b/arch/i386/kernel/audit.c index 5a53c6f371ff..28bbc46f75c2 100644 --- a/arch/i386/kernel/audit.c +++ b/arch/i386/kernel/audit.c @@ -8,6 +8,16 @@ static unsigned dir_class[] = { ~0U }; +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + static unsigned chattr_class[] = { #include ~0U @@ -15,6 +25,8 @@ static unsigned chattr_class[] = { static int __init audit_classes_init(void) { + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); return 0; diff --git a/arch/ia64/ia32/audit.c b/arch/ia64/ia32/audit.c index ab94f2e58cdd..798501994bd9 100644 --- a/arch/ia64/ia32/audit.c +++ b/arch/ia64/ia32/audit.c @@ -9,3 +9,13 @@ unsigned ia32_chattr_class[] = { #include ~0U }; + +unsigned ia32_write_class[] = { +#include +~0U +}; + +unsigned ia32_read_class[] = { +#include +~0U +}; diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c index f2512931ccaf..99488cdbf5cd 100644 --- a/arch/ia64/kernel/audit.c +++ b/arch/ia64/kernel/audit.c @@ -8,6 +8,16 @@ static unsigned dir_class[] = { ~0U }; +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + static unsigned chattr_class[] = { #include ~0U @@ -17,10 +27,16 @@ static int __init audit_classes_init(void) { #ifdef CONFIG_IA32_SUPPORT extern __u32 ia32_dir_class[]; + extern __u32 ia32_write_class[]; + extern __u32 ia32_read_class[]; extern __u32 ia32_chattr_class[]; + audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); + audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); #endif + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); return 0; diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c index caf085a19234..24a65e3724e1 100644 --- a/arch/powerpc/kernel/audit.c +++ b/arch/powerpc/kernel/audit.c @@ -8,6 +8,16 @@ static unsigned dir_class[] = { ~0U }; +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + static unsigned chattr_class[] = { #include ~0U @@ -17,10 +27,16 @@ static int __init audit_classes_init(void) { #ifdef CONFIG_PPC64 extern __u32 ppc32_dir_class[]; + extern __u32 ppc32_write_class[]; + extern __u32 ppc32_read_class[]; extern __u32 ppc32_chattr_class[]; + audit_register_class(AUDIT_CLASS_WRITE_32, ppc32_write_class); + audit_register_class(AUDIT_CLASS_READ_32, ppc32_read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ppc32_dir_class); audit_register_class(AUDIT_CLASS_CHATTR_32, ppc32_chattr_class); #endif + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); return 0; diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c index dbbb8b81f1d9..ddc0a64896a2 100644 --- a/arch/powerpc/kernel/compat_audit.c +++ b/arch/powerpc/kernel/compat_audit.c @@ -10,3 +10,13 @@ unsigned ppc32_chattr_class[] = { #include ~0U }; + +unsigned ppc32_write_class[] = { +#include +~0U +}; + +unsigned ppc32_read_class[] = { +#include +~0U +}; diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c index c26cd6cb2319..cde57039334c 100644 --- a/arch/s390/kernel/audit.c +++ b/arch/s390/kernel/audit.c @@ -8,6 +8,16 @@ static unsigned dir_class[] = { ~0U }; +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + static unsigned chattr_class[] = { #include ~0U @@ -17,10 +27,16 @@ static int __init audit_classes_init(void) { #ifdef CONFIG_COMPAT extern __u32 s390_dir_class[]; + extern __u32 s390_write_class[]; + extern __u32 s390_read_class[]; extern __u32 s390_chattr_class[]; + audit_register_class(AUDIT_CLASS_WRITE_32, s390_write_class); + audit_register_class(AUDIT_CLASS_READ_32, s390_read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE_32, s390_dir_class); audit_register_class(AUDIT_CLASS_CHATTR_32, s390_chattr_class); #endif + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); return 0; diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c index 1a7d34fecf67..d9e5f3540d48 100644 --- a/arch/s390/kernel/compat_audit.c +++ b/arch/s390/kernel/compat_audit.c @@ -10,3 +10,13 @@ unsigned s390_chattr_class[] = { #include ~0U }; + +unsigned s390_write_class[] = { +#include +~0U +}; + +unsigned s390_read_class[] = { +#include +~0U +}; diff --git a/arch/x86_64/ia32/audit.c b/arch/x86_64/ia32/audit.c index ab94f2e58cdd..798501994bd9 100644 --- a/arch/x86_64/ia32/audit.c +++ b/arch/x86_64/ia32/audit.c @@ -9,3 +9,13 @@ unsigned ia32_chattr_class[] = { #include ~0U }; + +unsigned ia32_write_class[] = { +#include +~0U +}; + +unsigned ia32_read_class[] = { +#include +~0U +}; diff --git a/arch/x86_64/kernel/audit.c b/arch/x86_64/kernel/audit.c index a067aa468a85..36840acb6513 100644 --- a/arch/x86_64/kernel/audit.c +++ b/arch/x86_64/kernel/audit.c @@ -8,6 +8,16 @@ static unsigned dir_class[] = { ~0U }; +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + static unsigned chattr_class[] = { #include ~0U @@ -17,10 +27,16 @@ static int __init audit_classes_init(void) { #ifdef CONFIG_IA32_EMULATION extern __u32 ia32_dir_class[]; + extern __u32 ia32_write_class[]; + extern __u32 ia32_read_class[]; extern __u32 ia32_chattr_class[]; + audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); + audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); #endif + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); return 0; diff --git a/include/asm-generic/audit_read.h b/include/asm-generic/audit_read.h new file mode 100644 index 000000000000..0e87464d9847 --- /dev/null +++ b/include/asm-generic/audit_read.h @@ -0,0 +1,8 @@ +__NR_readlink, +__NR_quotactl, +__NR_listxattr, +__NR_llistxattr, +__NR_flistxattr, +__NR_getxattr, +__NR_lgetxattr, +__NR_fgetxattr, diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h new file mode 100644 index 000000000000..f10d367fb2a5 --- /dev/null +++ b/include/asm-generic/audit_write.h @@ -0,0 +1,11 @@ +#include +__NR_acct, +__NR_swapon, +__NR_quotactl, +__NR_truncate, +#ifdef __NR_truncate64 +__NR_truncate64, +#endif +#ifdef __NR_bind +__NR_bind, /* bind can affect fs object only in one way... */ +#endif diff --git a/include/linux/audit.h b/include/linux/audit.h index 64f9f9e56ac5..1077362a2efb 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -132,6 +132,10 @@ #define AUDIT_CLASS_DIR_WRITE_32 1 #define AUDIT_CLASS_CHATTR 2 #define AUDIT_CLASS_CHATTR_32 3 +#define AUDIT_CLASS_READ 4 +#define AUDIT_CLASS_READ_32 5 +#define AUDIT_CLASS_WRITE 6 +#define AUDIT_CLASS_WRITE_32 7 /* This bitmask is used to validate user input. It represents all bits that * are currently used in an audit field constant understood by the kernel. -- cgit From 55669bfa141b488be865341ed12e188967d11308 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 31 Aug 2006 19:26:40 -0400 Subject: [PATCH] audit: AUDIT_PERM support add support for AUDIT_PERM predicate Signed-off-by: Al Viro --- arch/i386/kernel/audit.c | 16 ++++++++++++ arch/ia64/ia32/audit.c | 16 ++++++++++++ arch/ia64/kernel/audit.c | 19 ++++++++++++++ arch/powerpc/kernel/audit.c | 21 ++++++++++++++++ arch/powerpc/kernel/compat_audit.c | 16 ++++++++++++ arch/s390/kernel/audit.c | 21 ++++++++++++++++ arch/s390/kernel/compat_audit.c | 16 ++++++++++++ arch/x86_64/ia32/audit.c | 16 ++++++++++++ arch/x86_64/kernel/audit.c | 19 ++++++++++++++ include/linux/audit.h | 7 ++++++ kernel/audit.h | 1 + kernel/auditfilter.c | 17 +++++++++++++ kernel/auditsc.c | 51 ++++++++++++++++++++++++++++++++++++++ 13 files changed, 236 insertions(+) (limited to 'include/linux') diff --git a/arch/i386/kernel/audit.c b/arch/i386/kernel/audit.c index 28bbc46f75c2..3b97cff41549 100644 --- a/arch/i386/kernel/audit.c +++ b/arch/i386/kernel/audit.c @@ -23,6 +23,22 @@ static unsigned chattr_class[] = { ~0U }; +int audit_classify_syscall(int abi, unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 0; + } +} + static int __init audit_classes_init(void) { audit_register_class(AUDIT_CLASS_WRITE, write_class); diff --git a/arch/ia64/ia32/audit.c b/arch/ia64/ia32/audit.c index 798501994bd9..92d7d0c8d93f 100644 --- a/arch/ia64/ia32/audit.c +++ b/arch/ia64/ia32/audit.c @@ -19,3 +19,19 @@ unsigned ia32_read_class[] = { #include ~0U }; + +int ia32_classify_syscall(unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 1; + } +} diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c index 99488cdbf5cd..04682555a28c 100644 --- a/arch/ia64/kernel/audit.c +++ b/arch/ia64/kernel/audit.c @@ -23,6 +23,25 @@ static unsigned chattr_class[] = { ~0U }; +int audit_classify_syscall(int abi, unsigned syscall) +{ +#ifdef CONFIG_IA32_SUPPORT + extern int ia32_classify_syscall(unsigned); + if (abi == AUDIT_ARCH_I386) + return ia32_classify_syscall(syscall); +#endif + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_execve: + return 5; + default: + return 0; + } +} + static int __init audit_classes_init(void) { #ifdef CONFIG_IA32_SUPPORT diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c index 24a65e3724e1..7fe5e6300e9a 100644 --- a/arch/powerpc/kernel/audit.c +++ b/arch/powerpc/kernel/audit.c @@ -23,6 +23,27 @@ static unsigned chattr_class[] = { ~0U }; +int audit_classify_syscall(int abi, unsigned syscall) +{ +#ifdef CONFIG_PPC64 + extern int ppc32_classify_syscall(unsigned); + if (abi == AUDIT_ARCH_PPC) + return ppc32_classify_syscall(syscall); +#endif + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 0; + } +} + static int __init audit_classes_init(void) { #ifdef CONFIG_PPC64 diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c index ddc0a64896a2..640d4bb29321 100644 --- a/arch/powerpc/kernel/compat_audit.c +++ b/arch/powerpc/kernel/compat_audit.c @@ -20,3 +20,19 @@ unsigned ppc32_read_class[] = { #include ~0U }; + +int ppc32_classify_syscall(unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 1; + } +} diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c index cde57039334c..0741d9193390 100644 --- a/arch/s390/kernel/audit.c +++ b/arch/s390/kernel/audit.c @@ -23,6 +23,27 @@ static unsigned chattr_class[] = { ~0U }; +int audit_classify_syscall(int abi, unsigned syscall) +{ +#ifdef CONFIG_COMPAT + extern int s390_classify_syscall(unsigned); + if (abi == AUDIT_ARCH_S390) + return s390_classify_syscall(syscall); +#endif + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 0; + } +} + static int __init audit_classes_init(void) { #ifdef CONFIG_COMPAT diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c index d9e5f3540d48..16d9436bfa91 100644 --- a/arch/s390/kernel/compat_audit.c +++ b/arch/s390/kernel/compat_audit.c @@ -20,3 +20,19 @@ unsigned s390_read_class[] = { #include ~0U }; + +int s390_classify_syscall(unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 1; + } +} diff --git a/arch/x86_64/ia32/audit.c b/arch/x86_64/ia32/audit.c index 798501994bd9..92d7d0c8d93f 100644 --- a/arch/x86_64/ia32/audit.c +++ b/arch/x86_64/ia32/audit.c @@ -19,3 +19,19 @@ unsigned ia32_read_class[] = { #include ~0U }; + +int ia32_classify_syscall(unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_socketcall: + return 4; + case __NR_execve: + return 5; + default: + return 1; + } +} diff --git a/arch/x86_64/kernel/audit.c b/arch/x86_64/kernel/audit.c index 36840acb6513..21f33387bef3 100644 --- a/arch/x86_64/kernel/audit.c +++ b/arch/x86_64/kernel/audit.c @@ -23,6 +23,25 @@ static unsigned chattr_class[] = { ~0U }; +int audit_classify_syscall(int abi, unsigned syscall) +{ +#ifdef CONFIG_IA32_EMULATION + extern int ia32_classify_syscall(unsigned); + if (abi == AUDIT_ARCH_I386) + return ia32_classify_syscall(syscall); +#endif + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_execve: + return 5; + default: + return 0; + } +} + static int __init audit_classes_init(void) { #ifdef CONFIG_IA32_EMULATION diff --git a/include/linux/audit.h b/include/linux/audit.h index 1077362a2efb..40a6c26294ae 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -181,6 +181,7 @@ #define AUDIT_EXIT 103 #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */ #define AUDIT_WATCH 105 +#define AUDIT_PERM 106 #define AUDIT_ARG0 200 #define AUDIT_ARG1 (AUDIT_ARG0+1) @@ -256,6 +257,11 @@ #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#define AUDIT_PERM_EXEC 1 +#define AUDIT_PERM_WRITE 2 +#define AUDIT_PERM_READ 4 +#define AUDIT_PERM_ATTR 8 + struct audit_status { __u32 mask; /* Bit mask for valid entries */ __u32 enabled; /* 1 = enabled, 0 = disabled */ @@ -318,6 +324,7 @@ struct mqstat; #define AUDITSC_FAILURE 2 #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS ) extern int __init audit_register_class(int class, unsigned *list); +extern int audit_classify_syscall(int abi, unsigned syscall); #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ /* Public API */ diff --git a/kernel/audit.h b/kernel/audit.h index 6aa33b848cf2..a3370232a390 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -104,6 +104,7 @@ static inline int audit_hash_ino(u32 ino) return (ino & (AUDIT_INODE_BUCKETS-1)); } +extern int audit_match_class(int class, unsigned syscall); extern int audit_comparator(const u32 left, const u32 op, const u32 right); extern int audit_compare_dname_path(const char *dname, const char *path, int *dirlen); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e4cafc11c510..a44879b0c72f 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -302,6 +302,15 @@ int __init audit_register_class(int class, unsigned *list) return 0; } +int audit_match_class(int class, unsigned syscall) +{ + if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32))) + return 0; + if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class])) + return 0; + return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall); +} + /* Common user-space to kernel rule translation. */ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) { @@ -414,6 +423,10 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) case AUDIT_ARG2: case AUDIT_ARG3: break; + case AUDIT_PERM: + if (f->val & ~15) + goto exit_free; + break; case AUDIT_INODE: err = audit_to_inode(&entry->rule, f); if (err) @@ -568,6 +581,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f->val; entry->rule.filterkey = str; break; + case AUDIT_PERM: + if (f->val & ~15) + goto exit_free; + break; default: goto exit_free; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index efc1b74bebf3..1bd8827a0102 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -209,6 +209,54 @@ struct audit_context { #endif }; +#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE]) +static inline int open_arg(int flags, int mask) +{ + int n = ACC_MODE(flags); + if (flags & (O_TRUNC | O_CREAT)) + n |= AUDIT_PERM_WRITE; + return n & mask; +} + +static int audit_match_perm(struct audit_context *ctx, int mask) +{ + unsigned n = ctx->major; + switch (audit_classify_syscall(ctx->arch, n)) { + case 0: /* native */ + if ((mask & AUDIT_PERM_WRITE) && + audit_match_class(AUDIT_CLASS_WRITE, n)) + return 1; + if ((mask & AUDIT_PERM_READ) && + audit_match_class(AUDIT_CLASS_READ, n)) + return 1; + if ((mask & AUDIT_PERM_ATTR) && + audit_match_class(AUDIT_CLASS_CHATTR, n)) + return 1; + return 0; + case 1: /* 32bit on biarch */ + if ((mask & AUDIT_PERM_WRITE) && + audit_match_class(AUDIT_CLASS_WRITE_32, n)) + return 1; + if ((mask & AUDIT_PERM_READ) && + audit_match_class(AUDIT_CLASS_READ_32, n)) + return 1; + if ((mask & AUDIT_PERM_ATTR) && + audit_match_class(AUDIT_CLASS_CHATTR_32, n)) + return 1; + return 0; + case 2: /* open */ + return mask & ACC_MODE(ctx->argv[1]); + case 3: /* openat */ + return mask & ACC_MODE(ctx->argv[2]); + case 4: /* socketcall */ + return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND); + case 5: /* execve */ + return mask & AUDIT_PERM_EXEC; + default: + return 0; + } +} + /* Determine if any context name data matches a rule's watch data */ /* Compare a task_struct with an audit_rule. Return 1 on match, 0 * otherwise. */ @@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk, /* ignore this field for filtering */ result = 1; break; + case AUDIT_PERM: + result = audit_match_perm(ctx, f->val); + break; } if (!result) -- cgit