search for: mm_

...ould be handled by the forked sshd process while it's still root, and then change to the user before going further. Perhaps you might want to lump all the stuff like this into a routine child_root_sensitive_setup() to make it clear. The PRIVSEP macro is: #define PRIVSEP(x) (use_privsep ? mm_##x : x) As far as I can tell, this merely calls different routines, depending on use_privsep. I don't see how the user's sshd process can revert to being root. If that were so, then the whole idea of privilege separation is bogus. David Potterveld Argonne National Laboratory

...paravirt_ops.io_delay(); + PVOP_VCALL0(io_delay); #ifdef REALLY_SLOW_IO - paravirt_ops.io_delay(); - paravirt_ops.io_delay(); - paravirt_ops.io_delay(); + PVOP_VCALL0(io_delay); + PVOP_VCALL0(io_delay); + PVOP_VCALL0(io_delay); #endif } @@ -824,8 +838,7 @@ static inline void set_pte_at(struct mm_ static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pteval) { - /* 5 arg words */ - paravirt_ops.set_pte_at(mm, addr, ptep, pteval); + PVOP_VCALL5(mm, addr, ptep, pteval.pte_low, pteval.pte_high); } static inline void set_pte_atomic(pte_t *ptep...

...paravirt_ops.io_delay(); + PVOP_VCALL0(io_delay); #ifdef REALLY_SLOW_IO - paravirt_ops.io_delay(); - paravirt_ops.io_delay(); - paravirt_ops.io_delay(); + PVOP_VCALL0(io_delay); + PVOP_VCALL0(io_delay); + PVOP_VCALL0(io_delay); #endif } @@ -824,8 +838,7 @@ static inline void set_pte_at(struct mm_ static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pteval) { - /* 5 arg words */ - paravirt_ops.set_pte_at(mm, addr, ptep, pteval); + PVOP_VCALL5(mm, addr, ptep, pteval.pte_low, pteval.pte_high); } static inline void set_pte_atomic(pte_t *ptep...

...c 2006-01-07 18:52:24.000000000 +0000 @@ -175,8 +175,10 @@ input_userauth_request(int type, u_int32 use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; +#ifdef USE_PRIVSEP if (use_privsep) mm_inform_authserv(service, style); +#endif } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { packet_disconnect("Change of username or service not allowed: " --- openssh-4.2p1/config.h.in~ 2005-09-01 10:15:22.000000000 +0100 +++ openss...

...; break; + case 0x80000001: + /* Here we should fix nx cap depending on host. */ + /* For this version of PAE, we just clear NX bit. */ + *dx &= ~(1 << 20); + break; } } @@ -528,25 +535,52 @@ static void lguest_write_cr4(unsigned long val) static void lguest_pte_update(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { +#ifdef CONFIG_X86_PAE + lazy_hcall4(LHCALL_SET_PTE, __pa(mm->pgd), addr, + ptep->pte_low, ptep->pte_high); +#else lazy_hcall3(LHCALL_SET_PTE, __pa(mm->pgd), addr, ptep->pte_low); +#endif } static void lguest_set_pt...

...; break; + case 0x80000001: + /* Here we should fix nx cap depending on host. */ + /* For this version of PAE, we just clear NX bit. */ + *dx &= ~(1 << 20); + break; } } @@ -528,25 +535,52 @@ static void lguest_write_cr4(unsigned long val) static void lguest_pte_update(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { +#ifdef CONFIG_X86_PAE + lazy_hcall4(LHCALL_SET_PTE, __pa(mm->pgd), addr, + ptep->pte_low, ptep->pte_high); +#else lazy_hcall3(LHCALL_SET_PTE, __pa(mm->pgd), addr, ptep->pte_low); +#endif } static void lguest_set_pt...

...MPX diff -adurN openssh-3.7.1p2.privsep/auth-bsdauth.c openssh-3.7.1p2/auth-bsdauth.c --- openssh-3.7.1p2.privsep/auth-bsdauth.c Thu Jul 4 04:14:18 2002 +++ openssh-3.7.1p2/auth-bsdauth.c Sat Oct 4 23:52:37 2003 @@ -115,6 +115,7 @@ bsdauth_free_ctx }; +#ifndef DISABLE_PRIVSEP KbdintDevice mm_bsdauth_device = { "bsdauth", bsdauth_init_ctx, @@ -122,4 +123,5 @@ mm_bsdauth_respond, bsdauth_free_ctx }; +#endif /* DISABLE_PRIVSEP */ #endif diff -adurN openssh-3.7.1p2.privsep/auth-options.c openssh-3.7.1p2/auth-options.c --- openssh-3.7.1p2.privsep/auth-options.c Tue Jun 3...

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, - .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .time_init = xen_time_init, + .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cpu_khz = xen_cpu_khz, .sched_clock = xen_sched_clock, - +}; + +static const struct pv_cpu_ops xen_cpu_ops...

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, - .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .time_init = xen_time_init, + .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cpu_khz = xen_cpu_khz, .sched_clock = xen_sched_clock, - +}; + +static const struct pv_cpu_ops xen_cpu_ops...

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, - .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .time_init = xen_time_init, + .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cpu_khz = xen_cpu_khz, .sched_clock = xen_sched_clock, - +}; + +static const struct pv_cpu_ops xen_cpu_ops...

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, - .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .time_init = xen_time_init, + .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cpu_khz = xen_cpu_khz, .sched_clock = xen_sched_clock, - +}; + +static const struct pv_cpu_ops xen_cpu_ops...

The netfilter code had very good documentation: the Netfilter Hacking HOWTO. Noone ever read it. So this time I'm trying something different, using a bit of Knuthiness. Start with drivers/lguest/README. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> --- Documentation/lguest/extract | 58 +++++++++++++++++++++++++++++++++ Documentation/lguest/lguest.c | 9

The netfilter code had very good documentation: the Netfilter Hacking HOWTO. Noone ever read it. So this time I'm trying something different, using a bit of Knuthiness. Start with drivers/lguest/README. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> --- Documentation/lguest/extract | 58 +++++++++++++++++++++++++++++++++ Documentation/lguest/lguest.c | 9

The netfilter code had very good documentation: the Netfilter Hacking HOWTO. Noone ever read it. So this time I'm trying something different, using a bit of Knuthiness. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> --- Documentation/lguest/extract | 58 +++++++++++++++++++++++++++++++++ Documentation/lguest/lguest.c | 9 +++-- drivers/lguest/Makefile

The netfilter code had very good documentation: the Netfilter Hacking HOWTO. Noone ever read it. So this time I'm trying something different, using a bit of Knuthiness. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> --- Documentation/lguest/extract | 58 +++++++++++++++++++++++++++++++++ Documentation/lguest/lguest.c | 9 +++-- drivers/lguest/Makefile

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - .time_init = xen_time_init, + + .pagetable_setup_start = xen_pagetable_setup_start, + .pagetable_setup_done = xen_pagetable_setup_done, +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cp...

...name = "Xen", +}; + +static const struct pv_init_ops xen_init_ops __initdata = { + .patch = xen_patch, + .banner = xen_banner, - - .patch = xen_patch, - .memory_setup = xen_memory_setup, .arch_setup = xen_arch_setup, .init_IRQ = xen_init_IRQ, .post_allocator_init = xen_mark_init_mm_pinned, - .time_init = xen_time_init, + + .pagetable_setup_start = xen_pagetable_setup_start, + .pagetable_setup_done = xen_pagetable_setup_done, +}; + +static const struct pv_time_ops xen_time_ops __initdata = { .set_wallclock = xen_set_wallclock, .get_wallclock = xen_get_wallclock, .get_cp...

...=================== RCS file: /cvs/src/usr.bin/ssh/monitor.c,v retrieving revision 1.89 diff -u -r1.89 monitor.c --- monitor.c 7 Nov 2006 10:31:31 -0000 1.89 +++ monitor.c 15 Nov 2006 14:14:35 -0000 @@ -797,6 +797,17 @@ if (key != NULL && authctxt->valid) { switch (type) { + case MM_CERTKEY: { + u_char *cert; + u_int clen; + + cert = buffer_get_string(m, &clen); + key->cert = xstrdup(cert); + allowed = options.certkey_authentication && + user_cert_key_allowed(authctxt->pw, key); + auth_method = "certkey"; + break; + } case MM_...

Hi Linus, Here's a set of patches to update paravirt_ops and Xen for 2.6.24 A quick overview of the patchset: paravirt_ops: Remove the monolithic paravirt_ops structure, and replace it with smaller structures of related functions. Also, clean up the handling of lazy mode to make it easier to implement. x86/mm/init.c: remove a chunk of dead code Xen: - remove duplicate includes -

Hi Linus, Here's a set of patches to update paravirt_ops and Xen for 2.6.24 A quick overview of the patchset: paravirt_ops: Remove the monolithic paravirt_ops structure, and replace it with smaller structures of related functions. Also, clean up the handling of lazy mode to make it easier to implement. x86/mm/init.c: remove a chunk of dead code Xen: - remove duplicate includes -