aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2008-01-31Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: security: compile capabilities by default selinux: make selinux_set_mnt_opts() static SELinux: Add warning messages on network denial due to error SELinux: Add network ingress and egress control permission checks NetLabel: Add auditing to the static labeling mechanism NetLabel: Introduce static network labels for unlabeled connections SELinux: Allow NetLabel to directly cache SIDs SELinux: Enable dynamic enable/disable of the network access checks SELinux: Better integration between peer labeling subsystems SELinux: Add a new peer class and permissions to the Flask definitions SELinux: Add a capabilities bitmap to SELinux policy version 22 SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions SELinux: Only store the network interface's ifindex SELinux: Convert the netif code to use ifindex values NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function NetLabel: Add secid token support to the NetLabel secattr struct NetLabel: Consolidate the LSM domain mapping/hashing locks NetLabel: Cleanup the LSM domain hash functions NetLabel: Remove unneeded RCU read locks
2008-01-31Merge git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: (890 commits) x86: fix nodemap_size according to nodeid bits x86: fix overlap between pagetable with bss section x86: add PCI IDs to k8topology_64.c x86: fix early_ioremap pagetable ops x86: use the same pgd_list for PAE and 64-bit x86: defer cr3 reload when doing pud_clear() x86: early boot debugging via FireWire (ohci1394_dma=early) x86: don't special-case pmd allocations as much x86: shrink some ifdefs in fault.c x86: ignore spurious faults x86: remove nx_enabled from fault.c x86: unify fault_32|64.c x86: unify fault_32|64.c with ifdefs x86: unify fault_32|64.c by ifdef'd function bodies x86: arch/x86/mm/init_32.c printk fixes x86: arch/x86/mm/init_32.c cleanup x86: arch/x86/mm/init_64.c printk fixes x86: unify ioremap x86: fixes some bugs about EFI memory map handling x86: use reboot_type on EFI 32 ...
2008-01-31Make !NETFILTER_ADVANCED enable IP6_NF_MATCH_IPV6HEADERLinus Torvalds
We want IPV6HEADER matching for the non-advanced default netfilter configuration, since it's part of the standard netfilter setup of at least some distributions (eg Fedora). Otherwise NETFILTER_ADVANCED loses much of its point, since even non-advanced users would have to enable all the advanced options just to get a working IPv6 netfilter setup. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-01-30x86: change NR_CPUS arrays in numa_64travis@sgi.com
Change the following static arrays sized by NR_CPUS to per_cpu data variables: char cpu_to_node_map[NR_CPUS]; Signed-off-by: Mike Travis <travis@sgi.com> Reviewed-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-01-30SUNRPC: Don't bother changing the sigmask for asynchronous RPC callsTrond Myklebust
The caller will never sleep in rpc_execute, so don't bother setting the sigmask. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: rpcb_getport_sync() passes incorrect address size to rpc_create()Chuck Lever
The variable "sin" is a pointer, so sizeof(sin) is the size of a pointer, not the size of thing that sin points to. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Clean up block comment preceding rpcb_getport_sync()Chuck Lever
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Use appropriate argument types in rpcb clientChuck Lever
Clean up: Follow recommendations of Chapter 5 of Documentation/CodingStyle and use "u32" instead of "__u32" for types in definitions that are not shared with user space. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: rpcb_getport_sync() should use built-in hostname generatorChuck Lever
rpc_create() can already fill in the hostname with a string representation of the server's IP address, so remove redundant logic in in rpcb_getport_sync() that does that. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Clean up functions that free address_strings arrayChuck Lever
Clean up: document the rule (kfree) and the exceptions (RPC_DISPLAY_PROTO and RPC_DISPLAY_NETID) when freeing the objects in a transport's address_strings array. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix up constant string declarations in struct rpcbind_argsTrond Myklebust
...and eliminate an unnecessary cast. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: fewer conditionals in the format_ip_address routinesChuck Lever
Clean up: have the set up routines explicitly pass the strings to be used for the transport name and NETID. This removes a number of conditionals and dependencies on rpc_xprt.prot, which is overloaded. Tighten up type checking on the address_strings array while we're at it. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix use of copy_to_user() in gss_pipe_upcall()Chuck Lever
The gss_pipe_upcall() function expects the copy_to_user() function to return a negative error value if the call fails, but copy_to_user() returns an unsigned long number of bytes that couldn't be copied. Can rpc_pipefs actually retry a partially completed upcall read? If not, then gss_pipe_upcall() should punt any partial read, just like the upcall logic in net/sunrpc/cache.c. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Add support for per-client timeout valuesTrond Myklebust
In order to be able to support setting the timeo and retrans parameters on a per-mountpoint basis, we move the rpc_timeout structure into the rpc_clnt. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Clean up the transport timeout initialisationTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: cleanup for rpc_new_client()Trond Myklebust
There is no reason why we shouldn't just pass the rpc_create_args. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Move universal address definitions to global headerChuck Lever
Universal addresses are defined in RFC 1833 and clarified in RFC 3530. We need to use them in several places in the NFS and RPC clients, so move the relevant definition and block comment to an appropriate global include file. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: RPC version numbers are u32Chuck Lever
Clean up: use correct type for RPC version numbers in rpcbind client. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix socket address handling in rpcb_clntChuck Lever
Make sure rpcb_clnt passes the correct address length to rpc_create(). Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: rpc_create() default hostname should support AF_INET6 addressesChuck Lever
If the ULP doesn't pass a hostname string to rpc_create(), it manufactures one based on the passed-in address. Be smart enough to handle an AF_INET6 address properly in this case. Move the default servername logic before the xprt_create_transport() call to simplify error handling in rpc_create(). Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Remove an unneeded implicit type cast when calling rpc_depopulate()Chuck Lever
The two arguments of rpc_depopulate() that pass in inode numbers should use the same type as inode->i_ino: unsigned long. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: temp var should match return type of xdr_skb_read_actorChuck Lever
The return type of xdr_skb_read_actor functions is size_t. This fixes a nit I unwittingly overlooked in commit dd456471. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Check a return resultChuck Lever
Minor: Replace an empty if statement with a debugging dprintk. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: Thomas Talpey <Thomas.Talpey@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix an unnecessary implicit type cast in rpcrdma_count_chunks()Chuck Lever
Nit: rl_nchunks is an unsigned integer, so pass it into rpcrdma_count_chunks() via an unsigned integer argument. This eliminates a harmless mixed sign comparison in rpcrdma_count_chunks() Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: Thomas Talpey <Thomas.Talpey@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Prevent mixed sign comparisons in rpcrdma_convert_iovs()Chuck Lever
Keep the type of the buffer position the same during iovec conversion to reduce the likelihood of unexpected results from comparisons and length computations. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: Thomas Talpey <Thomas.Talpey@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Cleanup to remove the last users of the RPC_WAITQ declarationTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Unexport rpc_init_task() and rpc_execute()Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: allow the caller of rpc_run_task to preallocate the struct rpc_taskTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Remove the now unused function rpc_call_setup()Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30NFS/SUNRPC: Convert all users of rpc_call_setup()Trond Myklebust
Replace use of rpc_call_setup() with rpc_init_task(), and in cases where we need to initialise task->tk_action, with rpc_call_start(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Allow rpc_init_task() to initialise the rpc_task->tk_msgTrond Myklebust
In preparation for the removal of rpc_call_setup(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Add a helper rpc_call_start() that initialises task->tk_actionTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Mask signals across the call to rpc_call_setup() in rpc_run_taskTrond Myklebust
To ensure that the RPCSEC_GSS upcall is performed with the correct sigmask. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Clean up the initialisation of priority queue scheduling info.Trond Myklebust
We want the default scheduling priority (priority == 0) to remain RPC_PRIORITY_NORMAL. Also ensure that the priority wait queue scheduling is per process id instead of sometimes being per thread, and sometimes being per inode. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Clean up rpc_run_taskTrond Myklebust
Make it use the new task initialiser structure instead of acting as a wrapper. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Cleanup of rpc_task initialisationTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Restrict sunrpc client exportsTrond Myklebust
The sunrpc client exports are not meant to be part of any official kernel API: they can change at the drop of a hat. Mark them as internal functions using EXPORT_SYMBOL_GPL. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Move exported declarations to the function declarationsTrond Myklebust
Do this for all RPC client related functions and XDR functions. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30sunrpc: document the rpc_pipefs kernel apiJ. Bruce Fields
Add kerneldoc comments for the rpc_pipefs.c functions that are exported. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Reconnect immediately whenever the server isn't refusing it.Trond Myklebust
If we've disconnected from the server, rather than the other way round, then it makes little sense to wait 3 seconds before reconnecting. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Rename xprt_disconnect()Trond Myklebust
xprt_disconnect() should really only be called when the transport shutdown is completed, and it is time to wake up any pending tasks. Rename it to xprt_disconnect_done() in order to reflect the semantical change. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Make call_status()/call_decode() call xprt_force_disconnect()Trond Myklebust
Move the calls to xprt_disconnect() over to xprt_force_disconnect() in order to enable the transport layer to manage the state of the XPRT_CONNECTED flag. Ditto in xs_tcp_read_fraghdr(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: xprt_autoclose() should not call xprt_disconnect()Trond Myklebust
The transport layer should do that itself whenever appropriate. Note that the RDMA transport already assumes that it needs to call xprt_disconnect in xprt_rdma_close(). For TCP sockets, we want to call xprt_disconnect() only after the connection has been closed by both ends. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Use shutdown() instead of close() when disconnecting a TCP socketTrond Myklebust
By using shutdown() rather than close() we allow the RPC client to wait for the TCP close handshake to complete before we start trying to reconnect using the same port. We use shutdown(SHUT_WR) only instead of shutting down both directions, however we wait until the server has closed the connection on its side. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: TCP clear XPRT_CLOSE_WAIT when the socket is closed for writesTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Allow the client to detect if the TCP connection is closedTrond Myklebust
Add an xprt->state bit to enable the TCP ->state_change() method to signal whether or not the TCP connection is in the process of closing down. This will to be used by the reconnection logic in a separate patch. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix TCP rebinding logicTrond Myklebust
Currently the TCP rebinding logic assumes that if we're not using a reserved port, then we don't need to reconnect on the same port if a disconnection event occurs. This breaks most RPC duplicate reply cache implementations. Also take into account the fact that xprt_min_resvport and xprt_max_resvport may change while we're reconnecting, since the user may change them at any time via the sysctls. Ensure that we check the port boundaries every time we loop in xs_bind4/xs_bind6. Also ensure that if the boundaries change, we only scan the ports a maximum of 2 times. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30SUNRPC: Fix a race in xs_tcp_state_change()Trond Myklebust
When scheduling the autoclose RPC call, we want to ensure that we don't race against the test_bit() call in xprt_clear_locked(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-01-30NetLabel: Add auditing to the static labeling mechanismPaul Moore
This patch adds auditing support to the NetLabel static labeling mechanism. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
2008-01-30NetLabel: Introduce static network labels for unlabeled connectionsPaul Moore
Most trusted OSs, with the exception of Linux, have the ability to specify static security labels for unlabeled networks. This patch adds this ability to the NetLabel packet labeling framework. If the NetLabel subsystem is called to determine the security attributes of an incoming packet it first checks to see if any recognized NetLabel packet labeling protocols are in-use on the packet. If none can be found then the unlabled connection table is queried and based on the packets incoming interface and address it is matched with a security label as configured by the administrator using the netlabel_tools package. The matching security label is returned to the caller just as if the packet was explicitly labeled using a labeling protocol. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>