| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux: kills warnings in Improve SELinux performance when AVC misses
SELinux: improve performance when AVC misses.
SELinux: policy selectable handling of unknown classes and perms
SELinux: Improve read/write performance
SELinux: tune avtab to reduce memory usage
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: (25 commits)
firewire: fw-cdev: reorder wakeup vs. spinlock
firewire: in-code doc updates.
firewire: a header cleanup
firewire: adopt read cycle timer ABI from raw1394
firewire: fw-ohci: check for misconfigured bus (phyID == 63)
firewire: fw-ohci: missing dma_unmap_single
firewire: fw-ohci: log posted write errors
firewire: fw-ohci: reorder includes
firewire: fw-ohci: fix includes
firewire: fw-ohci: enforce read order for selfID generation
firewire: fw-sbp2: use an own workqueue (fix system responsiveness)
firewire: fw-sbp2: expose module parameter for workarounds
firewire: fw-sbp2: add support for multiple logical units per target
firewire: fw-sbp2: always enable IRQs before calling command ORB callback
firewire: fw-core: local variable shadows a global one
firewire: optimize fw_core_add_address_handler
ieee1394: ieee1394_core.c: use DEFINE_SPINLOCK for spinlock definition
ieee1394: csr1212: proper refcounting
ieee1394: nodemgr: fix leak of struct csr1212_keyval
ieee1394: pcilynx: I2C cleanups
...
|
|
* ssh://master.kernel.org/pub/scm/linux/kernel/git/sam/kbuild:
x86: fix boot error introduced by kbuild
|
|
ssh://master.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of ssh://master.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Fix build for CONFIG_SMP=n
|
|
This patch kills ugly warnings when the "Improve SELinux performance
when ACV misses" patch.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
* We add ebitmap_for_each_positive_bit() which enables to walk on
any positive bit on the given ebitmap, to improve its performance
using common bit-operations defined in linux/bitops.h.
In the previous version, this logic was implemented using a combination
of ebitmap_for_each_bit() and ebitmap_node_get_bit(), but is was worse
in performance aspect.
This logic is most frequestly used to compute a new AVC entry,
so this patch can improve SELinux performance when AVC misses are happen.
* struct ebitmap_node is redefined as an array of "unsigned long", to get
suitable for using find_next_bit() which is fasted than iteration of
shift and logical operation, and to maximize memory usage allocated
from general purpose slab.
* Any ebitmap_for_each_bit() are repleced by the new implementation
in ss/service.c and ss/mls.c. Some of related implementation are
changed, however, there is no incompatibility with the previous
version.
* The width of any new line are less or equal than 80-chars.
The following benchmark shows the effect of this patch, when we
access many files which have different security context one after
another. The number is more than /selinux/avc/cache_threshold, so
any access always causes AVC misses.
selinux-2.6 selinux-2.6-ebitmap
AVG: 22.763 [s] 8.750 [s]
STD: 0.265 0.019
------------------------------------------
1st: 22.558 [s] 8.786 [s]
2nd: 22.458 [s] 8.750 [s]
3rd: 22.478 [s] 8.754 [s]
4th: 22.724 [s] 8.745 [s]
5th: 22.918 [s] 8.748 [s]
6th: 22.905 [s] 8.764 [s]
7th: 23.238 [s] 8.726 [s]
8th: 22.822 [s] 8.729 [s]
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes. The three choices for the
policy flags are
0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access
The policy's choice is exported through 2 booleans in
selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.
(see http://marc.info/?l=selinux&m=118972995207740&w=2)
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
This patch reduces memory usage of SELinux by tuning avtab. Number of hash
slots in avtab was 32768. Unused slots used memory when number of rules is
fewer. This patch decides number of hash slots dynamically based on number
of rules. (chain length)^2 is also printed out in avtab_hash_eval to see
standard deviation of avtab hash table.
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Prompted by https://bugzilla.redhat.com/show_bug.cgi?id=323411
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Signed-off-by: Yann Dirson <ydirson@altern.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (update)
|
|
fw_node() is not used (and not useful) outside fw-topology.c.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
This duplicates the read cycle timer feature of raw1394 (added in Linux
2.6.21) in firewire-core's userspace ABI. The argument to the ioctl is
reordered though to ensure 32/64 bit compatibility.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
|
|
Check NodeID.nodeNumber as per OHCI 1.1 clause 7.2.3.2. See also IEEE
1394a table 5B-1.
Also, demote the "node ID not valid" message from error to notification
as it is not an error condition.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
at_context_queue_packet() didn't clean up in an early exit path.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
|
|
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Add used includes, remove unused includes.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
It seems unlikely, but access to self_id_cpu[0] could at least in theory
be deferred until after the loop over self_id_cpu[1..n] or even after
the subsequent reg_read. Enforce the desired order by a read barrier.
Also prevent the reg_read from being reordered relative to the for loop.
This isn't necessary if the loop's conditional printk counts as an
implicit barrier, but better make it explicit.
(self_id_cpu[] is a coherent DMA buffer.)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Firewire-sbp2 did very uncooperative things in the kernel's shared
workqueue: Sleeping until reception of management status from the
target for up to 2 seconds, and performing SCSI inquiry and all of the
setup of SCSI command set drivers via scsi_add_device. If there were
transient or permanent error conditions, this caused long blockage of
the kernel's events process, noticeable e.g. by blocked keyboard input.
We now allocate a workqueue process exclusive to fw-sbp2. As a side
effect, this also increases parallelism of fw-sbp2's login and reconnect
work versus fw-core's device discovery and device update work which is
performed in the shared workqueue.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
|
|
On rare occasions, the ability to set one of the workaround flags at
runtime may save the day.
People who experience I/O errors with firewire-sbp2 while the old sbp2
driver worked for them should try workarounds=1 and report to the devel
mailinglist whether that improves things. Firewire-sbp2 defaults to the
SCSI stack's maximum transfer size per command, while sbp2 limits them
to 128 kBytes. Flag 1 accomplishes just that.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Fixes "New firewire stack only recognizing half of a chain of drives",
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242254
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
On IOMMU-less noncoherent architectures, orb->callback will memcpy the
whole SCSI command buffer for READ-like SCSI commands. It is therefore
friendlier to enable IRQs before the call, like before patch "Add
ref-counting for sbp2 orbs".
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Kristian Høgsberg <krh@redhat.com>
|
|
Sparse warned about it although it was apparently harmless:
drivers/firewire/fw-cdev.c:624:23: warning: symbol 'interrupt' shadows an earlier one
include/asm/hw_irq.h:29:13: originally declared here
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Potentially avoids unnecessary loop runs.
Guarantee quadlet-aligned starts of address regions.
Document the return values.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
drivers/ieee1394/ieee1394_core.c: Define spinlock using
DEFINE_SPINLOCK instead of assignment to SPIN_LOCK_UNLOCKED
Signed-off-by: Matthias Kaehlcke <matthias.kaehlcke@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
At least since nodemgr got rid of coarse global locking, accesses to
struct csr1212_keyval's reference counter should be atomic and coupled
with proper barriers. Also, calls to csr1212_keep_keyval(kv) should
occur before kv is being used.
(We probably should convert refcnt to struct kref, but how to keep
csr1212_destroy_keyval's implementation non-recursively then?)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
csr1212_keep_keyval(kv) in nodemgr_process_root_directory was
unbalanced if ne->vendor_name_kv already exists. This happens for
example if eth1394 or raw1394 modify the local config ROM and it is
parsed again.
As a bonus, the attempt to add the vendor_name_kv sysfs attribute
when it already exists is now fixed for good.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
* Delete optional and empty i2c client_register and client_unregister
callbacks.
* Use the proper i2c adapter ID.
* Don't use a template to initialize the i2c_adapter structure, it's
inefficient.
* Update a misleading comment on why we use i2c_transfer rather than
higher level i2c functions.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The nodemgr host thread can exit on its own even when kthread_should_stop
is not true, on receiving a signal (might never happen in practice, as
it ignores signals). But considering kthread_stop() must not be mixed with
kthreads that can exit on their own, I think changing the code like this
is clearer. This change means the thread can cut its sleep short when
receive a signal but looking at the code around, that sounds okay (and
again, it might never actually recieve a signal in practice).
Signed-off-by: Satyam Sharma <satyam@infradead.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
sbp2_host_reset and sbp2_handle_status_write are not serialized against
sbp2_alloc_device and sbp2_remove_device.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
bad_proto can be reached from points which did not take priv->lock.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
x86 uses target specific assignment of EXTRA_AFLAGS,
EXTRA_CFLAGS - this caused troubles with
introducing asflags-y, ccflags-y.
Fixed the target specific assignments in arch/x86/boot/Makefile
and auditted the rest of the kernel for similar usage.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
|
|
d5a7430ddcdb598261d70f7eb1bf450b5be52085 missed a spot where we
use cpu_sibling_map and cpu_core_map. These don't exist on a
uni-processor build. Wrap #ifdef CONFIG_SMP ... #endif around it.
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
|
htab_bolt_mapping takes another argument now the 1TB code has been
merged. Update vmemmap_populate to match.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Commit 78bdc3106a877cfa50439fa66b52acbc4e7868df ("PPC: sg chaining
support") looks to have removed some unrelated ppc code. Lets put it
back in.
Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild: (40 commits)
kbuild: introduce ccflags-y, asflags-y and ldflags-y
kbuild: enable 'make CPPFLAGS=...' to add additional options to CPP
kbuild: enable use of AFLAGS and CFLAGS on commandline
kbuild: enable 'make AFLAGS=...' to add additional options to AS
kbuild: fix AFLAGS use in h8300 and m68knommu
kbuild: check for wrong use of CFLAGS
kbuild: enable 'make CFLAGS=...' to add additional options to CC
kbuild: fix up CFLAGS usage
kbuild: make modpost detect unterminated device id lists
kbuild: call export_report from the Makefile
kbuild: move Kai Germaschewski to CREDITS
kconfig/menuconfig: distinguish between selected-by-another options and comments
kconfig: tristate choices with mixed tristate and boolean values
include/linux/Kbuild: remove duplicate entries
kbuild: kill backward compatibility checks
kbuild: kill EXTRA_ARFLAGS
kbuild: fix documentation in makefiles.txt
kbuild: call make once for all targets when O=.. is used
kbuild: pass -g to assembler under CONFIG_DEBUG_INFO
kbuild: update _shipped files for kconfig syntax cleanup
...
Fix up conflicts in arch/um/sys-{x86_64,i386}/Makefile manually.
|
|
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Increase cp0 compare clockevent min_delta_ns from 0x30 to 0x300.
[MIPS] Cache: Provide more information on cache policy on bootup.
[MIPS] Fix aliasing bug in copy_user_highpage, take 2.
[MIPS] VPE loader: convert from struct class_ device to struct device
[MIPS] MIPSsim: Fix booting from NFS root
[MIPS] Alchemy: Get rid of au1xxx_irq_map_t.
[MIPS] Alchemy: Get rid of au_ffz().
[MIPS] Alchemy: Get rid of au_ffs().
[MIPS] Alchemy: cleanup interrupt code.
[MIPS] Lasat: Fix build by conversion to irq_cpu.c.
[MIPS] Lasat: Add #ifndef ... #endif include warpper to lasatint.h.
[MIPS] IP22: Enable -Werror.
[MIPS] IP22: Fix warning.
[MIPS] IP22: Complain if requesting the front panel irq failed.
[MIPS] vmlinux.lds.S: Handle KPROBES_TEXT.
[MIPS] vmlinux.lds.S: Fix handling of .notes in final link.
[MIPS] vmlinux.lds.S: Remove duplicate comment.
[MIPS] MSP71XX: Add workarounds file.
[MIPS] IP32: Fix build by conversion to irq_cpu.c.
|
|
Extremly low values are of dubious usefulness anyway but in this case
they actually were killing Qemu which simply wasn't able to complete
mips_next_event() within 0x30 100MHz cycles even on fast hosts.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This should help making bug reports for the gadzillion of cores with all
their configuration and synthesis options more useful.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Turns out b868868ae0f7272228c95cc760338ffe35bb739d wasn't quite right.
When called for a page that isn't marked dirty it would artificially
create an alias instead of doing the obvious thing and access the page
via KSEG0.
The same issue also exists in copy_to_user_page and copy_from_user_page
which was causing the machine to die under rare circumstances for example
when running ps if the BUG_ON() assertion added by the earlier fix was
getting triggered.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
MIPSsim probably doesn't have any sort of environment, but writing
a zero in it kills even the compiled in command line. This prevents
booting via NFS root.
Signed-Off-By: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
There were no users - and why have a private version anyway.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
It was plain a bad idea ...
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
