<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-toradex.git/net/unix, branch v2.6.20.4</title>
<subtitle>Linux kernel for Apalis and Colibri modules</subtitle>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/'/>
<entry>
<title>[PATCH] struct path: convert unix</title>
<updated>2006-12-08T16:28:50+00:00</updated>
<author>
<name>Josef Sipek</name>
<email>jsipek@fsl.cs.sunysb.edu</email>
</author>
<published>2006-12-08T10:37:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=592ccbf9fba665031765d9bb0f6c1ede1fa62f96'/>
<id>592ccbf9fba665031765d9bb0f6c1ede1fa62f96</id>
<content type='text'>
Signed-off-by: Josef Sipek &lt;jsipek@fsl.cs.sunysb.edu&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Josef Sipek &lt;jsipek@fsl.cs.sunysb.edu&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[NET]: Annotate csum_partial() callers in net/*</title>
<updated>2006-12-03T05:23:32+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2006-11-15T05:36:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=44bb93633f57a55979f3c2589b10fd6a2bfc7c08'/>
<id>44bb93633f57a55979f3c2589b10fd6a2bfc7c08</id>
<content type='text'>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly</title>
<updated>2006-09-22T22:18:42+00:00</updated>
<author>
<name>Brian Haley</name>
<email>brian.haley@hp.com</email>
</author>
<published>2006-08-31T22:03:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=18adaf067cf013fc2690d3830eba99ff800795b4'/>
<id>18adaf067cf013fc2690d3830eba99ff800795b4</id>
<content type='text'>
Signed-off-by: Brian Haley &lt;brian.haley@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Brian Haley &lt;brian.haley@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[NET]: Use BUILD_BUG_ON() for checking size of skb-&gt;cb.</title>
<updated>2006-09-22T22:18:15+00:00</updated>
<author>
<name>YOSHIFUJI Hideaki</name>
<email>yoshfuji@linux-ipv6.org</email>
</author>
<published>2006-09-01T07:29:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=ef047f5e1085d6393748d1ee27d6327905f098dc'/>
<id>ef047f5e1085d6393748d1ee27d6327905f098dc</id>
<content type='text'>
Signed-off-by: YOSHIFUJI Hideaki &lt;yoshfuji@linux-ipv6.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: YOSHIFUJI Hideaki &lt;yoshfuji@linux-ipv6.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch</title>
<updated>2006-08-02T21:12:06+00:00</updated>
<author>
<name>Catherine Zhang</name>
<email>cxzhang@watson.ibm.com</email>
</author>
<published>2006-08-02T21:12:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=dc49c1f94e3469d94b952e8f5160dd4ccd791d79'/>
<id>dc49c1f94e3469d94b952e8f5160dd4ccd791d79</id>
<content type='text'>
From: Catherine Zhang &lt;cxzhang@watson.ibm.com&gt;

This patch implements a cleaner fix for the memory leak problem of the
original unix datagram getpeersec patch.  Instead of creating a
security context each time a unix datagram is sent, we only create the
security context when the receiver requests it.

This new design requires modification of the current
unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
secid_to_secctx and release_secctx.  The former retrieves the security
context and the latter releases it.  A hook is required for releasing
the security context because it is up to the security module to decide
how that's done.  In the case of Selinux, it's a simple kfree
operation.

Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
From: Catherine Zhang &lt;cxzhang@watson.ibm.com&gt;

This patch implements a cleaner fix for the memory leak problem of the
original unix datagram getpeersec patch.  Instead of creating a
security context each time a unix datagram is sent, we only create the
security context when the receiver requests it.

This new design requires modification of the current
unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
secid_to_secctx and release_secctx.  The former retrieves the security
context and the latter releases it.  A hook is required for releasing
the security context because it is up to the security module to decide
how that's done.  In the case of Selinux, it's a simple kfree
operation.

Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[NET]: Conversions from kmalloc+memset to k(z|c)alloc.</title>
<updated>2006-07-21T21:51:30+00:00</updated>
<author>
<name>Panagiotis Issaris</name>
<email>takis@issaris.org</email>
</author>
<published>2006-07-21T21:51:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=0da974f4f303a6842516b764507e3c0a03f41e5a'/>
<id>0da974f4f303a6842516b764507e3c0a03f41e5a</id>
<content type='text'>
Signed-off-by: Panagiotis Issaris &lt;takis@issaris.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Panagiotis Issaris &lt;takis@issaris.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>[AF_UNIX]: datagram getpeersec fix</title>
<updated>2006-07-04T02:26:15+00:00</updated>
<author>
<name>Andrew Morton</name>
<email>akpm@osdl.org</email>
</author>
<published>2006-07-04T02:26:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=882d02d6fb040a246b005305ffeb790bb5ce80ad'/>
<id>882d02d6fb040a246b005305ffeb790bb5ce80ad</id>
<content type='text'>
The unix_get_peersec_dgram() stub should have been inlined so that it
disappears.

Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The unix_get_peersec_dgram() stub should have been inlined so that it
disappears.

Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] lockdep: annotate af_unix locking</title>
<updated>2006-07-03T22:27:07+00:00</updated>
<author>
<name>Ingo Molnar</name>
<email>mingo@elte.hu</email>
</author>
<published>2006-07-03T07:25:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=a09785a2414afb261d9f719d544742af4300df22'/>
<id>a09785a2414afb261d9f719d544742af4300df22</id>
<content type='text'>
Teach special (recursive) locking code to the lock validator.  Also splits
af_unix's sk_receive_queue.lock class from the other networking skb-queue
locks.  Has no effect on non-lockdep kernels.

Signed-off-by: Ingo Molnar &lt;mingo@elte.hu&gt;
Signed-off-by: Arjan van de Ven &lt;arjan@linux.intel.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Teach special (recursive) locking code to the lock validator.  Also splits
af_unix's sk_receive_queue.lock class from the other networking skb-queue
locks.  Has no effect on non-lockdep kernels.

Signed-off-by: Ingo Molnar &lt;mingo@elte.hu&gt;
Signed-off-by: Arjan van de Ven &lt;arjan@linux.intel.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Signed-off-by: Andrew Morton &lt;akpm@osdl.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Remove obsolete #include &lt;linux/config.h&gt;</title>
<updated>2006-06-30T17:25:36+00:00</updated>
<author>
<name>Jörn Engel</name>
<email>joern@wohnheim.fh-wedel.de</email>
</author>
<published>2006-06-30T17:25:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=6ab3d5624e172c553004ecc862bfeac16d9d68b7'/>
<id>6ab3d5624e172c553004ecc862bfeac16d9d68b7</id>
<content type='text'>
Signed-off-by: Jörn Engel &lt;joern@wohnheim.fh-wedel.de&gt;
Signed-off-by: Adrian Bunk &lt;bunk@stusta.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Jörn Engel &lt;joern@wohnheim.fh-wedel.de&gt;
Signed-off-by: Adrian Bunk &lt;bunk@stusta.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[AF_UNIX]: Datagram getpeersec</title>
<updated>2006-06-29T23:58:06+00:00</updated>
<author>
<name>Catherine Zhang</name>
<email>cxzhang@watson.ibm.com</email>
</author>
<published>2006-06-29T19:27:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=877ce7c1b3afd69a9b1caeb1b9964c992641f52a'/>
<id>877ce7c1b3afd69a9b1caeb1b9964c992641f52a</id>
<content type='text'>
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.

Patch purpose:

This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket.  The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.

Patch design and implementation:

The design and implementation is very similar to the UDP case for INET
sockets.  Basically we build upon the existing Unix domain socket API for
retrieving user credentials.  Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).  To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt.  Then the application
retrieves the security context using the auxiliary data mechanism.

An example server application for Unix datagram socket should look like this:

toggle = 1;
toggle_len = sizeof(toggle);

setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &amp;toggle, &amp;toggle_len);
recvmsg(sockfd, &amp;msg_hdr, 0);
if (msg_hdr.msg_controllen &gt; sizeof(struct cmsghdr)) {
    cmsg_hdr = CMSG_FIRSTHDR(&amp;msg_hdr);
    if (cmsg_hdr-&gt;cmsg_len &lt;= CMSG_LEN(sizeof(scontext)) &amp;&amp;
        cmsg_hdr-&gt;cmsg_level == SOL_SOCKET &amp;&amp;
        cmsg_hdr-&gt;cmsg_type == SCM_SECURITY) {
        memcpy(&amp;scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
    }
}

sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.

Testing:

We have tested the patch by setting up Unix datagram client and server
applications.  We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.

Signed-off-by: Catherine Zhang &lt;cxzhang@watson.ibm.com&gt;
Acked-by: Acked-by: James Morris &lt;jmorris@namei.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.

Patch purpose:

This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket.  The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.

Patch design and implementation:

The design and implementation is very similar to the UDP case for INET
sockets.  Basically we build upon the existing Unix domain socket API for
retrieving user credentials.  Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).  To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt.  Then the application
retrieves the security context using the auxiliary data mechanism.

An example server application for Unix datagram socket should look like this:

toggle = 1;
toggle_len = sizeof(toggle);

setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &amp;toggle, &amp;toggle_len);
recvmsg(sockfd, &amp;msg_hdr, 0);
if (msg_hdr.msg_controllen &gt; sizeof(struct cmsghdr)) {
    cmsg_hdr = CMSG_FIRSTHDR(&amp;msg_hdr);
    if (cmsg_hdr-&gt;cmsg_len &lt;= CMSG_LEN(sizeof(scontext)) &amp;&amp;
        cmsg_hdr-&gt;cmsg_level == SOL_SOCKET &amp;&amp;
        cmsg_hdr-&gt;cmsg_type == SCM_SECURITY) {
        memcpy(&amp;scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
    }
}

sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.

Testing:

We have tested the patch by setting up Unix datagram client and server
applications.  We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.

Signed-off-by: Catherine Zhang &lt;cxzhang@watson.ibm.com&gt;
Acked-by: Acked-by: James Morris &lt;jmorris@namei.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
