1. 30 7月, 2007 1 次提交
  2. 25 7月, 2007 1 次提交
  3. 23 7月, 2007 1 次提交
    • M
      x86: i386-show-unhandled-signals-v3 · abd4f750
      Masoud Asgharifard Sharbiani 提交于
      This patch makes the i386 behave the same way that x86_64 does when a
      segfault happens.  A line gets printed to the kernel log so that tools
      that need to check for failures can behave more uniformly between
      debug.show_unhandled_signals sysctl variable to 0 (or by doing echo 0 >
      /proc/sys/debug/exception-trace)
      
      Also, all of the lines being printed are now using printk_ratelimit() to
      deny the ability of DoS from a local user with a program like the
      following:
      
      main()
      {
             while (1)
                     if (!fork()) *(int *)0 = 0;
      }
      
      This new revision also includes the fix that Andrew did which got rid of
      new sysctl that was added to the system in earlier versions of this.
      Also, 'show-unhandled-signals' sysctl has been renamed back to the old
      'exception-trace' to avoid breakage of people's scripts.
      
      AK: Enabling by default for i386 will be likely controversal, but let's see what happens
      AK: Really folks, before complaining just fix your segfaults
      AK: I bet this will find a lot of silent issues
      Signed-off-by: NMasoud Sharbiani <masouds@google.com>
      Signed-off-by: NAndi Kleen <ak@suse.de>
      [ Personally, I've found the complaints useful on x86-64, so I'm all for
        this. That said, I wonder if we could do it more prettily..   -Linus ]
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      abd4f750
  4. 20 7月, 2007 5 次提交
    • A
      kernel/sysctl.c: finish off the warning comments · ed2c12f3
      Andrew Morton 提交于
      I've been chasing these comments around this file all week.  Hopefully we're
      straight now.
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ed2c12f3
    • P
      lockstat: core infrastructure · f20786ff
      Peter Zijlstra 提交于
      Introduce the core lock statistics code.
      
      Lock statistics provides lock wait-time and hold-time (as well as the count
      of corresponding contention and acquisitions events). Also, the first few
      call-sites that encounter contention are tracked.
      
      Lock wait-time is the time spent waiting on the lock. This provides insight
      into the locking scheme, that is, a heavily contended lock is indicative of
      a too coarse locking scheme.
      
      Lock hold-time is the duration the lock was held, this provides a reference for
      the wait-time numbers, so they can be put into perspective.
      
        1)
          lock
        2)
          ... do stuff ..
          unlock
        3)
      
      The time between 1 and 2 is the wait-time. The time between 2 and 3 is the
      hold-time.
      
      The lockdep held-lock tracking code is reused, because it already collects locks
      into meaningful groups (classes), and because it is an existing infrastructure
      for lock instrumentation.
      
      Currently lockdep tracks lock acquisition with two hooks:
      
        lock()
          lock_acquire()
          _lock()
      
       ... code protected by lock ...
      
        unlock()
          lock_release()
          _unlock()
      
      We need to extend this with two more hooks, in order to measure contention.
      
        lock_contended() - used to measure contention events
        lock_acquired()  - completion of the contention
      
      These are then placed the following way:
      
        lock()
          lock_acquire()
          if (!_try_lock())
            lock_contended()
            _lock()
            lock_acquired()
      
       ... do locked stuff ...
      
        unlock()
          lock_release()
          _unlock()
      
      (Note: the try_lock() 'trick' is used to avoid instrumenting all platform
             dependent lock primitive implementations.)
      
      It is also possible to toggle the two lockdep features at runtime using:
      
        /proc/sys/kernel/prove_locking
        /proc/sys/kernel/lock_stat
      
      (esp. turning off the O(n^2) prove_locking functionaliy can help)
      
      [akpm@linux-foundation.org: build fixes]
      [akpm@linux-foundation.org: nuke unneeded ifdefs]
      Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: NIngo Molnar <mingo@elte.hu>
      Acked-by: NJason Baron <jbaron@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f20786ff
    • K
      coredump masking: bound suid_dumpable sysctl · 76fdbb25
      Kawai, Hidehiro 提交于
      This patch series is version 5 of the core dump masking feature, which
      controls which VMAs should be dumped based on their memory types and
      per-process flags.
      
      I adopted most of Andrew's suggestion at the previous version.  He also
      suggested using system call instead of /proc/<pid>/ interface, I decided to
      use the latter continuously because adding new system call with pid argument
      will give a big impact on the kernel.
      
      You can access the per-process flags via /proc/<pid>/coredump_filter
      interface.  coredump_filter represents a bitmask of memory types, and if a bit
      is set, VMAs of corresponding memory type are written into a core file when
      the process is dumped.  The bitmask is inherited from the parent process when
      a process is created.
      
      The original purpose is to avoid longtime system slowdown when a number of
      processes which share a huge shared memory are dumped at the same time.  To
      achieve this purpose, this patch series adds an ability to suppress dumping
      anonymous shared memory for specified processes.  In this version, three other
      memory types are also supported.
      
      Here are the coredump_filter bits:
        bit 0: anonymous private memory
        bit 1: anonymous shared memory
        bit 2: file-backed private memory
        bit 3: file-backed shared memory
      
      The default value of coredump_filter is 0x3.  This means the new core dump
      routine has the same behavior as conventional behavior by default.
      
      In this version, coredump_filter bits and mm.dumpable are merged into
      mm.flags, and it is accessed by atomic bitops.
      
      The supported core file formats are ELF and ELF-FDPIC.  ELF has been tested,
      but ELF-FDPIC has not been built and tested because I don't have the test
      environment.
      
      This patch limits a value of suid_dumpable sysctl to the range of 0 to 2.
      Signed-off-by: NHidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Hugh Dickins <hugh@veritas.com>
      Cc: Nick Piggin <nickpiggin@yahoo.com.au>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      76fdbb25
    • P
      audit: rework execve audit · bdf4c48a
      Peter Zijlstra 提交于
      The purpose of audit_bprm() is to log the argv array to a userspace daemon at
      the end of the execve system call.  Since user-space hasn't had time to run,
      this array is still in pristine state on the process' stack; so no need to
      copy it, we can just grab it from there.
      
      In order to minimize the damage to audit_log_*() copy each string into a
      temporary kernel buffer first.
      
      Currently the audit code requires that the full argument vector fits in a
      single packet.  So currently it does clip the argv size to a (sysctl) limit,
      but only when execve auditing is enabled.
      
      If the audit protocol gets extended to allow for multiple packets this check
      can be removed.
      Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
      Signed-off-by: NOllie Wild <aaw@google.com>
      Cc: <linux-audit@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      bdf4c48a
    • P
      PM: Integrate beeping flag with existing acpi_sleep flags · 77afcf78
      Pavel Machek 提交于
      Move "debug during resume from s2ram" into the variable we already use
      for real-mode flags to simplify code. It also closes nasty trap for
      the user in acpi_sleep_setup; order of parameters actually mattered there,
      acpi_sleep=s3_bios,s3_mode doing something different from
      acpi_sleep=s3_mode,s3_bios.
      Signed-off-by: NPavel Machek <pavel@suse.cz>
      Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      77afcf78
  5. 18 7月, 2007 3 次提交
    • J
      Add common orderly_poweroff() · 10a0a8d4
      Jeremy Fitzhardinge 提交于
      Various pieces of code around the kernel want to be able to trigger an
      orderly poweroff.  This pulls them together into a single
      implementation.
      
      By default the poweroff command is /sbin/poweroff, but it can be set
      via sysctl: kernel/poweroff_cmd.  This is split at whitespace, so it
      can include command-line arguments.
      
      This patch replaces four other instances of invoking either "poweroff"
      or "shutdown -h now": two sbus drivers, and acpi thermal
      management.
      
      sparc64 has its own "powerd"; still need to determine whether it should
      be replaced by orderly_poweroff().
      Signed-off-by: NJeremy Fitzhardinge <jeremy@xensource.com>
      Acked-by: NLen Brown <lenb@kernel.org>
      Signed-off-by: NChris Wright <chrisw@sous-sol.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      Cc: Andi Kleen <ak@suse.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: David S. Miller <davem@davemloft.net>
      10a0a8d4
    • A
      proper prototype for proc_nr_files() · 62239ac2
      Adrian Bunk 提交于
      Add a proper prototype for proc_nr_files() in include/linux/fs.h
      Signed-off-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      62239ac2
    • M
      Allow huge page allocations to use GFP_HIGH_MOVABLE · 396faf03
      Mel Gorman 提交于
      Huge pages are not movable so are not allocated from ZONE_MOVABLE.  However,
      as ZONE_MOVABLE will always have pages that can be migrated or reclaimed, it
      can be used to satisfy hugepage allocations even when the system has been
      running a long time.  This allows an administrator to resize the hugepage pool
      at runtime depending on the size of ZONE_MOVABLE.
      
      This patch adds a new sysctl called hugepages_treat_as_movable.  When a
      non-zero value is written to it, future allocations for the huge page pool
      will use ZONE_MOVABLE.  Despite huge pages being non-movable, we do not
      introduce additional external fragmentation of note as huge pages are always
      the largest contiguous block we care about.
      
      [akpm@linux-foundation.org: various fixes]
      Signed-off-by: NMel Gorman <mel@csn.ul.ie>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      396faf03
  6. 17 7月, 2007 4 次提交
    • L
      Remove duplicate comments from sysctl.c · 7144521f
      Linus Torvalds 提交于
      Randy Dunlap noticed that the recent comment clarifications from Andrew
      had somehow gotten duplicated.  Quoth Andrew: "hm, that could have been
      some late-night reject-fixing."
      
      Fix it up.
      
      Cc: From: Andrew Morton <akpm@linux-foundation.org>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7144521f
    • A
      sysctl.c: add text telling people to use CTL_UNNUMBERED · 2be7fe07
      Andrew Morton 提交于
      Hopefully this will help people to understand the new regime.
      
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2be7fe07
    • I
      vdso: print fatal signals · 45807a1d
      Ingo Molnar 提交于
      Add the print-fatal-signals=1 boot option and the
      /proc/sys/kernel/print-fatal-signals runtime switch.
      
      This feature prints some minimal information about userspace segfaults to
      the kernel console.  This is useful to find early bootup bugs where
      userspace debugging is very hard.
      
      Defaults to off.
      
      [akpm@linux-foundation.org: Don't add new sysctl numbers]
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      Signed-off-by: NArjan van de Ven <arjan@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      45807a1d
    • K
      change zonelist order: zonelist order selection logic · f0c0b2b8
      KAMEZAWA Hiroyuki 提交于
      Make zonelist creation policy selectable from sysctl/boot option v6.
      
      This patch makes NUMA's zonelist (of pgdat) order selectable.
      Available order are Default(automatic)/ Node-based / Zone-based.
      
      [Default Order]
      The kernel selects Node-based or Zone-based order automatically.
      
      [Node-based Order]
      This policy treats the locality of memory as the most important parameter.
      Zonelist order is created by each zone's locality. This means lower zones
      (ex. ZONE_DMA) can be used before higher zone (ex. ZONE_NORMAL) exhausion.
      IOW. ZONE_DMA will be in the middle of zonelist.
      current 2.6.21 kernel uses this.
      
      Pros.
       * A user can expect local memory as much as possible.
      Cons.
       * lower zone will be exhansted before higher zone. This may cause OOM_KILL.
      
      Maybe suitable if ZONE_DMA is relatively big and you never see OOM_KILL
      because of ZONE_DMA exhaution and you need the best locality.
      
      (example)
      assume 2 node NUMA. node(0) has ZONE_DMA/ZONE_NORMAL, node(1) has ZONE_NORMAL.
      
      *node(0)'s memory allocation order:
      
       node(0)'s NORMAL -> node(0)'s DMA -> node(1)'s NORMAL.
      
      *node(1)'s memory allocation order:
      
       node(1)'s NORMAL -> node(0)'s NORMAL -> node(0)'s DMA.
      
      [Zone-based order]
      This policy treats the zone type as the most important parameter.
      Zonelist order is created by zone-type order. This means lower zone
      never be used bofere higher zone exhaustion.
      IOW. ZONE_DMA will be always at the tail of zonelist.
      
      Pros.
       * OOM_KILL(bacause of lower zone) occurs only if the whole zones are exhausted.
      Cons.
       * memory locality may not be best.
      
      (example)
      assume 2 node NUMA. node(0) has ZONE_DMA/ZONE_NORMAL, node(1) has ZONE_NORMAL.
      
      *node(0)'s memory allocation order:
      
       node(0)'s NORMAL -> node(1)'s NORMAL -> node(0)'s DMA.
      
      *node(1)'s memory allocation order:
      
       node(1)'s NORMAL -> node(0)'s NORMAL -> node(0)'s DMA.
      
      bootoption "numa_zonelist_order=" and proc/sysctl is supporetd.
      
      command:
      %echo N > /proc/sys/vm/numa_zonelist_order
      
      Will rebuild zonelist in Node-based order.
      
      command:
      %echo Z > /proc/sys/vm/numa_zonelist_order
      
      Will rebuild zonelist in Zone-based order.
      
      Thanks to Lee Schermerhorn, he gives me much help and codes.
      
      [Lee.Schermerhorn@hp.com: add check_highest_zone to build_zonelists_in_zone_order]
      [akpm@linux-foundation.org: build fix]
      Signed-off-by: NKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
      Cc: Christoph Lameter <clameter@sgi.com>
      Cc: Andi Kleen <ak@suse.de>
      Cc: "jesse.barnes@intel.com" <jesse.barnes@intel.com>
      Signed-off-by: NLee Schermerhorn <lee.schermerhorn@hp.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f0c0b2b8
  7. 12 7月, 2007 1 次提交
    • E
      security: Protection for exploiting null dereference using mmap · ed032189
      Eric Paris 提交于
      Add a new security check on mmap operations to see if the user is attempting
      to mmap to low area of the address space.  The amount of space protected is
      indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
      0, preserving existing behavior.
      
      This patch uses a new SELinux security class "memprotect."  Policy already
      contains a number of allow rules like a_t self:process * (unconfined_t being
      one of them) which mean that putting this check in the process class (its
      best current fit) would make it useless as all user processes, which we also
      want to protect against, would be allowed. By taking the memprotect name of
      the new class it will also make it possible for us to move some of the other
      memory protect permissions out of 'process' and into the new class next time
      we bump the policy version number (which I also think is a good future idea)
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: NChris Wright <chrisw@sous-sol.org>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      ed032189
  8. 10 7月, 2007 1 次提交
  9. 17 5月, 2007 1 次提交
  10. 10 5月, 2007 1 次提交
  11. 09 5月, 2007 1 次提交
    • K
      proc: maps protection · 5096add8
      Kees Cook 提交于
      The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive
      information about the memory location and usage of processes.  Issues:
      
      - maps should not be world-readable, especially if programs expect any
        kind of ASLR protection from local attackers.
      - maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc
        check the maps when %n is in a *printf call, and a setuid(getuid())
        process wouldn't be able to read its own maps file.  (For reference
        see http://lkml.org/lkml/2006/1/22/150)
      - a system-wide toggle is needed to allow prior behavior in the case of
        non-root applications that depend on access to the maps contents.
      
      This change implements a check using "ptrace_may_attach" before allowing
      access to read the maps contents.  To control this protection, the new knob
      /proc/sys/kernel/maps_protect has been added, with corresponding updates to
      the procfs documentation.
      
      [akpm@linux-foundation.org: build fixes]
      [akpm@linux-foundation.org: New sysctl numbers are old hat]
      Signed-off-by: NKees Cook <kees@outflux.net>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5096add8
  12. 24 4月, 2007 1 次提交
  13. 05 3月, 2007 1 次提交
  14. 02 3月, 2007 1 次提交
  15. 15 2月, 2007 11 次提交
  16. 12 2月, 2007 5 次提交
    • O
      [PATCH] _proc_do_string(): fix short reads · 8d060877
      Oleg Nesterov 提交于
      If you try to read things like /proc/sys/kernel/osrelease with single-byte
      reads, you get just one byte and then EOF.  This is because _proc_do_string()
      assumes that the caller is read()ing into a buffer which is large enough to
      fit the whole string in a single hit.
      
      Fix.
      
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Michael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8d060877
    • A
      [PATCH] sysctl warning fix · cb799b89
      Andrew Morton 提交于
      kernel/sysctl.c:2816: warning: 'sysctl_ipc_data' defined but not used
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      cb799b89
    • T
      [PATCH] Add TAINT_USER and ability to set taint flags from userspace · 34f5a398
      Theodore Ts'o 提交于
      Allow taint flags to be set from userspace by writing to
      /proc/sys/kernel/tainted, and add a new taint flag, TAINT_USER, to be used
      when userspace has potentially done something dangerous that might
      compromise the kernel.  This will allow support personnel to ask further
      questions about what may have caused the user taint flag to have been set.
      
      For example, they might examine the logs of the realtime JVM to see if the
      Java program has used the really silly, stupid, dangerous, and
      completely-non-portable direct access to physical memory feature which MUST
      be implemented according to the Real-Time Specification for Java (RTSJ).
      Sigh.  What were those silly people at Sun thinking?
      
      [akpm@osdl.org: build fix]
      [bunk@stusta.de: cleanup]
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      34f5a398
    • A
      [PATCH] sysctl_{,ms_}jiffies: fix oldlen semantics · 3ee75ac3
      Alexey Dobriyan 提交于
      currently it's
      1) if *oldlenp == 0,
      	don't writeback anything
      
      2) if *oldlenp >= table->maxlen,
      	don't writeback more than table->maxlen bytes and rewrite *oldlenp
      	don't look at underlying type granularity
      
      3) if 0 < *oldlenp < table->maxlen,
      		*cough*
      	string sysctls don't writeback more than *oldlenp bytes.
      	OK, that's because sizeof(char) == 1
      
      	int sysctls writeback anything in (0, table->maxlen] range
      	Though accept integers divisible by sizeof(int) for writing.
      
      sysctl_jiffies and sysctl_ms_jiffies don't writeback anything but
      sizeof(int), which violates 1) and 2).
      
      So, make sysctl_jiffies and sysctl_ms_jiffies accept
      a) *oldlenp == 0, not doing writeback
      b) *oldlenp >= sizeof(int), writing one integer.
      
      -EINVAL still returned for *oldlenp == 1, 2, 3.
      Signed-off-by: NAlexey Dobriyan <adobriyan@openvz.org>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3ee75ac3
    • E
      [PATCH] make reading /proc/sys/kernel/cap-bould not require CAP_SYS_MODULE · 6ff1b442
      Eric Paris 提交于
      Reading /proc/sys/kernel/cap-bound requires CAP_SYS_MODULE.  (see
      proc_dointvec_bset in kernel/sysctl.c)
      
      sysctl appears to drive all over proc reading everything it can get it's
      hands on and is complaining when it is being denied access to read
      cap-bound.  Clearly writing to cap-bound should be a sensitive operation
      but requiring CAP_SYS_MODULE to read cap-bound seems a bit to strong.  I
      believe the information could with reasonable certainty be obtained by
      looking at a bunch of the output of /proc/pid/status which has very low
      security protection, so at best we are just getting a little obfuscation of
      information.
      
      Currently SELinux policy has to 'dontaudit' capability checks for
      CAP_SYS_MODULE for things like sysctl which just want to read cap-bound.
      In doing so we also as a byproduct have to hide warnings of potential
      exploits such as if at some time that sysctl actually tried to load a
      module.  I wondered if anyone would have a problem opening cap-bound up to
      read from anyone?
      Acked-by: NChris Wright <chrisw@sous-sol.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6ff1b442
  17. 14 12月, 2006 1 次提交