1. 25 9月, 2012 1 次提交
  2. 23 9月, 2012 1 次提交
  3. 14 9月, 2012 1 次提交
    • P
      ima: audit log hashes · e7c568e0
      Peter Moody 提交于
      This adds an 'audit' policy action which audit logs file measurements.
      
      Changelog v6:
       - use new action flag handling (Dmitry Kasatkin).
       - removed whitespace (Mimi)
      
      Changelog v5:
       - use audit_log_untrustedstring.
      
      Changelog v4:
       - cleanup digest -> hash conversion.
       - use filename rather than d_path in ima_audit_measurement.
      
      Changelog v3:
       - Use newly exported audit_log_task_info for logging pid/ppid/uid/etc.
       - Update the ima_policy ABI documentation.
      
      Changelog v2:
       - Use 'audit' action rather than 'measure_and_audit' to permit
       auditing in the absence of measuring..
      
      Changelog v1:
       - Initial posting.
      Signed-off-by: NPeter Moody <pmoody@google.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      e7c568e0
  4. 11 9月, 2012 2 次提交
  5. 10 9月, 2012 2 次提交
    • M
      regulator: core: Support bypass mode · f59c8f9f
      Mark Brown 提交于
      Many regulators support a bypass mode where they simply switch their
      input supply to the output. This is mainly used in low power retention
      states where power consumption is extremely low so higher voltage or
      less clean supplies can be used.
      
      Support this by providing ops for the drivers and a consumer API which
      allows the device to be put into bypass mode if all consumers enable it
      and the machine enables permission for this.
      
      This is not supported as a mode since the existing modes are rarely used
      due to fuzzy definition and mostly redundant with modern hardware which is
      able to respond promptly to load changes.
      Signed-off-by: NMark Brown <broonie@opensource.wolfsonmicro.com>
      Reviewed-by: NGraeme Gregory <gg@slimlogic.co.uk>
      f59c8f9f
    • A
      acpi-cpufreq: Add support for disabling dynamic overclocking · 615b7300
      Andre Przywara 提交于
      One feature present in powernow-k8 that isn't present in acpi-cpufreq
      is support for enabling or disabling AMD's core performance boost
      technology. This patch adds support to acpi-cpufreq, but also
      includes support for Intel's dynamic acceleration.
      
      The original boost disabling sysfs file was per CPU, but acted
      globally. Also the naming (cpb) was at least not intuitive.
      So lets introduce a single file simply called "boost", which sits
      once in /sys/devices/system/cpu/cpufreq.
      This should be the only way of using this feature, so add
      documentation about the rationale and the usage.
      
      A following patch will re-introduce the cpb knob for compatibility
      reasons on AMD CPUs.
      
      Per-CPU boost switching is possible, but not trivial and is thus
      postponed to a later patch series.
      Signed-off-by: NAndre Przywara <andre.przywara@amd.com>
      Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
      615b7300
  6. 08 9月, 2012 1 次提交
    • M
      ima: add appraise action keywords and default rules · 07f6a794
      Mimi Zohar 提交于
      Unlike the IMA measurement policy, the appraise policy can not be dependent
      on runtime process information, such as the task uid, as the 'security.ima'
      xattr is written on file close and must be updated each time the file changes,
      regardless of the current task uid.
      
      This patch extends the policy language with 'fowner', defines an appraise
      policy, which appraises all files owned by root, and defines 'ima_appraise_tcb',
      a new boot command line option, to enable the appraise policy.
      
      Changelog v3:
      - separate the measure from the appraise rules in order to support measuring
        without appraising and appraising without measuring.
      - change appraisal default for filesystems without xattr support to fail
      - update default appraise policy for cgroups
      
      Changelog v1:
      - don't appraise RAMFS (Dmitry Kasatkin)
      - merged rest of "ima: ima_must_appraise_or_measure API change" commit
        (Dmtiry Kasatkin)
      
        ima_must_appraise_or_measure() called ima_match_policy twice, which
        searched the policy for a matching rule.  Once for a matching measurement
        rule and subsequently for an appraisal rule. Searching the policy twice
        is unnecessary overhead, which could be noticeable with a large policy.
      
        The new version of ima_must_appraise_or_measure() does everything in a
        single iteration using a new version of ima_match_policy().  It returns
        IMA_MEASURE, IMA_APPRAISE mask.
      
        With the use of action mask only one efficient matching function
        is enough.  Removed other specific versions of matching functions.
      
      Changelog:
      - change 'owner' to 'fowner' to conform to the new LSM conditions posted by
        Roberto Sassu.
      - fix calls to ima_log_string()
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@intel.com>
      07f6a794
  7. 07 9月, 2012 1 次提交
  8. 06 9月, 2012 1 次提交
  9. 23 8月, 2012 1 次提交
  10. 22 8月, 2012 1 次提交
  11. 21 8月, 2012 1 次提交
  12. 17 8月, 2012 1 次提交
    • Z
      ext4: make the zero-out chunk size tunable · 67a5da56
      Zheng Liu 提交于
      Currently in ext4 the length of zero-out chunk is set to 7 file system
      blocks.  But if an inode has uninitailized extents from using
      fallocate to preallocate space, and the workload issues many random
      writes, this can cause a fragmented extent tree that will
      unnecessarily grow the extent tree.
      
      So create a new sysfs tunable, extent_max_zeroout_kb, which controls
      the maximum size where blocks will be zeroed out instead of creating a
      new uninitialized extent.  The default of this has been sent to 32kb.
      
      CC: Zach Brown <zab@zabbo.net>
      CC: Andreas Dilger <adilger@dilger.ca>
      Signed-off-by: NZheng Liu <wenqing.lz@taobao.com>
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      67a5da56
  13. 15 8月, 2012 1 次提交
  14. 31 7月, 2012 2 次提交
    • J
      [media] Documentation: Add newline at end-of-file to files lacking one · 79980d9c
      Jesper Juhl 提交于
      This patch simply adds a newline character at end-of-file to those
      files in Documentation/ that currently lack one.
      
      This is done for a few different reasons:
      
      A) It's rather annoying when you do "cat some_file.txt" that your
         prompt/cursor ends up at the end of the last line of output rather
         than on a new line.
      
      B) Some tools that process files line-by-line may get confused by the
         lack of a newline on the last line.
      
      C) The "\ No newline at end of file" line in diffs annoys me for some
         reason.
      
      So, let's just add the missing newline once and for all.
      Signed-off-by: NJesper Juhl <jj@chaosbits.net>
      Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
      79980d9c
    • A
      rbd: create pool_id device attribute · 9bb2f334
      Alex Elder 提交于
      Add an entry under /sys/bus/rbd/devices/<N>/ named "pool_id" that
      provides the id for the pool the rbd image is assocatied with.  This
      is in addition to the pool name already provided.
      
      Rename the "poolid" field in struct rbd_device  to be "pool_id".
      
      Update the documentation to reflect the addition of this new entry.
      Signed-off-by: NAlex Elder <elder@inktank.com>
      Reviewed-by: NJosh Durgin <josh.durgin@inktank.com>
      9bb2f334
  15. 28 7月, 2012 1 次提交
    • A
      asus-wmi: enable resume on lid open · c0b91b6d
      AceLan Kao 提交于
      According to the ASUS WMI spec., to enable resume on lid open should
      use the device ID(0x00120032), but it doesn't work indeed.
      
      After discussing with ASUS' BIOS engineer, they say wake on lid open
      doesn't have a uniq device ID(0x00120032) in the BIOS. It shares the same
      device ID with deep S3(0x00120031), and the deep S3(resume on lid open)
      is disable by default.
      
      Adding this option in asus wmi sysfs
         /sys/devices/platform/<platform>/lid_resume
      so that userspace apps can enable/disable this feature by themselves.
      Signed-off-by: NAceLan Kao <acelan.kao@canonical.com>
      Signed-off-by: NCorentin Chary <corentin.chary@gmail.com>
      Signed-off-by: NMatthew Garrett <mjg@redhat.com>
      c0b91b6d
  16. 21 7月, 2012 1 次提交
    • J
      Documentation: Add newline at end-of-file to files lacking one · f9028317
      Jesper Juhl 提交于
      This patch simply adds a newline character at end-of-file to those
      files in Documentation/ that currently lack one.
      
      This is done for a few different reasons:
      
      A) It's rather annoying when you do "cat some_file.txt" that your
         prompt/cursor ends up at the end of the last line of output rather
         than on a new line.
      
      B) Some tools that process files line-by-line may get confused by the
         lack of a newline on the last line.
      
      C) The "\ No newline at end of file" line in diffs annoys me for some
         reason.
      
      So, let's just add the missing newline once and for all.
      Signed-off-by: NJesper Juhl <jj@chaosbits.net>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      f9028317
  17. 20 7月, 2012 2 次提交
  18. 17 7月, 2012 1 次提交
    • K
      kmsg - export "continuation record" flag to /dev/kmsg · d39f3d77
      Kay Sievers 提交于
      In some cases we are forced to store individual records for a continuation
      line print.
      
      Export a flag to allow the external re-construction of the line. The flag
      allows us to apply a similar logic externally which is used internally when
      the console, /proc/kmsg or the syslog() output is printed.
      
        $ cat /dev/kmsg
        4,165,0,-;Free swap  = 0kB
        4,166,0,-;Total swap = 0kB
        6,167,0,c;[
        4,168,0,+;0
        4,169,0,+;1
        4,170,0,+;2
        4,171,0,+;3
        4,172,0,+;]
        6,173,0,-;[0 1 2 3 ]
        6,174,0,-;Console: colour VGA+ 80x25
        6,175,0,-;console [tty0] enabled
      Signed-off-by: NKay Sievers <kay@vrfy.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d39f3d77
  19. 11 7月, 2012 1 次提交
  20. 08 7月, 2012 1 次提交
  21. 06 7月, 2012 1 次提交
  22. 01 7月, 2012 1 次提交
  23. 28 6月, 2012 1 次提交
  24. 25 6月, 2012 1 次提交
    • A
      iommu: IOMMU Groups · d72e31c9
      Alex Williamson 提交于
      IOMMU device groups are currently a rather vague associative notion
      with assembly required by the user or user level driver provider to
      do anything useful.  This patch intends to grow the IOMMU group concept
      into something a bit more consumable.
      
      To do this, we first create an object representing the group, struct
      iommu_group.  This structure is allocated (iommu_group_alloc) and
      filled (iommu_group_add_device) by the iommu driver.  The iommu driver
      is free to add devices to the group using it's own set of policies.
      This allows inclusion of devices based on physical hardware or topology
      limitations of the platform, as well as soft requirements, such as
      multi-function trust levels or peer-to-peer protection of the
      interconnects.  Each device may only belong to a single iommu group,
      which is linked from struct device.iommu_group.  IOMMU groups are
      maintained using kobject reference counting, allowing for automatic
      removal of empty, unreferenced groups.  It is the responsibility of
      the iommu driver to remove devices from the group
      (iommu_group_remove_device).
      
      IOMMU groups also include a userspace representation in sysfs under
      /sys/kernel/iommu_groups.  When allocated, each group is given a
      dynamically assign ID (int).  The ID is managed by the core IOMMU group
      code to support multiple heterogeneous iommu drivers, which could
      potentially collide in group naming/numbering.  This also keeps group
      IDs to small, easily managed values.  A directory is created under
      /sys/kernel/iommu_groups for each group.  A further subdirectory named
      "devices" contains links to each device within the group.  The iommu_group
      file in the device's sysfs directory, which formerly contained a group
      number when read, is now a link to the iommu group.  Example:
      
      $ ls -l /sys/kernel/iommu_groups/26/devices/
      total 0
      lrwxrwxrwx. 1 root root 0 Apr 17 12:57 0000:00:1e.0 ->
      		../../../../devices/pci0000:00/0000:00:1e.0
      lrwxrwxrwx. 1 root root 0 Apr 17 12:57 0000:06:0d.0 ->
      		../../../../devices/pci0000:00/0000:00:1e.0/0000:06:0d.0
      lrwxrwxrwx. 1 root root 0 Apr 17 12:57 0000:06:0d.1 ->
      		../../../../devices/pci0000:00/0000:00:1e.0/0000:06:0d.1
      
      $ ls -l  /sys/kernel/iommu_groups/26/devices/*/iommu_group
      [truncating perms/owner/timestamp]
      /sys/kernel/iommu_groups/26/devices/0000:00:1e.0/iommu_group ->
      					../../../kernel/iommu_groups/26
      /sys/kernel/iommu_groups/26/devices/0000:06:0d.0/iommu_group ->
      					../../../../kernel/iommu_groups/26
      /sys/kernel/iommu_groups/26/devices/0000:06:0d.1/iommu_group ->
      					../../../../kernel/iommu_groups/26
      
      Groups also include several exported functions for use by user level
      driver providers, for example VFIO.  These include:
      
      iommu_group_get(): Acquires a reference to a group from a device
      iommu_group_put(): Releases reference
      iommu_group_for_each_dev(): Iterates over group devices using callback
      iommu_group_[un]register_notifier(): Allows notification of device add
              and remove operations relevant to the group
      iommu_group_id(): Return the group number
      
      This patch also extends the IOMMU API to allow attaching groups to
      domains.  This is currently a simple wrapper for iterating through
      devices within a group, but it's expected that the IOMMU API may
      eventually make groups a more integral part of domains.
      
      Groups intentionally do not try to manage group ownership.  A user
      level driver provider must independently acquire ownership for each
      device within a group before making use of the group as a whole.
      This may change in the future if group usage becomes more pervasive
      across both DMA and IOMMU ops.
      
      Groups intentionally do not provide a mechanism for driver locking
      or otherwise manipulating driver matching/probing of devices within
      the group.  Such interfaces are generic to devices and beyond the
      scope of IOMMU groups.  If implemented, user level providers have
      ready access via iommu_group_for_each_dev and group notifiers.
      
      iommu_device_group() is removed here as it has no users.  The
      replacement is:
      
      	group = iommu_group_get(dev);
      	id = iommu_group_id(group);
      	iommu_group_put(group);
      
      AMD-Vi & Intel VT-d support re-added in following patches.
      Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
      Acked-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: NJoerg Roedel <joerg.roedel@amd.com>
      d72e31c9
  25. 20 6月, 2012 1 次提交
  26. 16 6月, 2012 2 次提交
  27. 13 6月, 2012 1 次提交
  28. 12 6月, 2012 2 次提交
  29. 08 6月, 2012 1 次提交
  30. 05 6月, 2012 5 次提交