- 14 4月, 2012 1 次提交
-
-
由 Will Drewry 提交于
[This patch depends on luto@mit.edu's no_new_privs patch: https://lkml.org/lkml/2012/1/30/264 The whole series including Andrew's patches can be found here: https://github.com/redpig/linux/tree/seccomp Complete diff here: https://github.com/redpig/linux/compare/1dc65fed...seccomp ] This patch adds support for seccomp mode 2. Mode 2 introduces the ability for unprivileged processes to install system call filtering policy expressed in terms of a Berkeley Packet Filter (BPF) program. This program will be evaluated in the kernel for each system call the task makes and computes a result based on data in the format of struct seccomp_data. A filter program may be installed by calling: struct sock_fprog fprog = { ... }; ... prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &fprog); The return value of the filter program determines if the system call is allowed to proceed or denied. If the first filter program installed allows prctl(2) calls, then the above call may be made repeatedly by a task to further reduce its access to the kernel. All attached programs must be evaluated before a system call will be allowed to proceed. Filter programs will be inherited across fork/clone and execve. However, if the task attaching the filter is unprivileged (!CAP_SYS_ADMIN) the no_new_privs bit will be set on the task. This ensures that unprivileged tasks cannot attach filters that affect privileged tasks (e.g., setuid binary). There are a number of benefits to this approach. A few of which are as follows: - BPF has been exposed to userland for a long time - BPF optimization (and JIT'ing) are well understood - Userland already knows its ABI: system call numbers and desired arguments - No time-of-check-time-of-use vulnerable data accesses are possible. - system call arguments are loaded on access only to minimize copying required for system call policy decisions. Mode 2 support is restricted to architectures that enable HAVE_ARCH_SECCOMP_FILTER. In this patch, the primary dependency is on syscall_get_arguments(). The full desired scope of this feature will add a few minor additional requirements expressed later in this series. Based on discussion, SECCOMP_RET_ERRNO and SECCOMP_RET_TRACE seem to be the desired additional functionality. No architectures are enabled in this patch. Signed-off-by: NWill Drewry <wad@chromium.org> Acked-by: NSerge Hallyn <serge.hallyn@canonical.com> Reviewed-by: NIndan Zupancic <indan@nul.nu> Acked-by: NEric Paris <eparis@redhat.com> Reviewed-by: NKees Cook <keescook@chromium.org> v18: - rebase to v3.4-rc2 - s/chk/check/ (akpm@linux-foundation.org,jmorris@namei.org) - allocate with GFP_KERNEL|__GFP_NOWARN (indan@nul.nu) - add a comment for get_u32 regarding endianness (akpm@) - fix other typos, style mistakes (akpm@) - added acked-by v17: - properly guard seccomp filter needed headers (leann@ubuntu.com) - tighten return mask to 0x7fff0000 v16: - no change v15: - add a 4 instr penalty when counting a path to account for seccomp_filter size (indan@nul.nu) - drop the max insns to 256KB (indan@nul.nu) - return ENOMEM if the max insns limit has been hit (indan@nul.nu) - move IP checks after args (indan@nul.nu) - drop !user_filter check (indan@nul.nu) - only allow explicit bpf codes (indan@nul.nu) - exit_code -> exit_sig v14: - put/get_seccomp_filter takes struct task_struct (indan@nul.nu,keescook@chromium.org) - adds seccomp_chk_filter and drops general bpf_run/chk_filter user - add seccomp_bpf_load for use by net/core/filter.c - lower max per-process/per-hierarchy: 1MB - moved nnp/capability check prior to allocation (all of the above: indan@nul.nu) v13: - rebase on to 88ebdda6 v12: - added a maximum instruction count per path (indan@nul.nu,oleg@redhat.com) - removed copy_seccomp (keescook@chromium.org,indan@nul.nu) - reworded the prctl_set_seccomp comment (indan@nul.nu) v11: - reorder struct seccomp_data to allow future args expansion (hpa@zytor.com) - style clean up, @compat dropped, compat_sock_fprog32 (indan@nul.nu) - do_exit(SIGSYS) (keescook@chromium.org, luto@mit.edu) - pare down Kconfig doc reference. - extra comment clean up v10: - seccomp_data has changed again to be more aesthetically pleasing (hpa@zytor.com) - calling convention is noted in a new u32 field using syscall_get_arch. This allows for cross-calling convention tasks to use seccomp filters. (hpa@zytor.com) - lots of clean up (thanks, Indan!) v9: - n/a v8: - use bpf_chk_filter, bpf_run_filter. update load_fns - Lots of fixes courtesy of indan@nul.nu: -- fix up load behavior, compat fixups, and merge alloc code, -- renamed pc and dropped __packed, use bool compat. -- Added a hidden CONFIG_SECCOMP_FILTER to synthesize non-arch dependencies v7: (massive overhaul thanks to Indan, others) - added CONFIG_HAVE_ARCH_SECCOMP_FILTER - merged into seccomp.c - minimal seccomp_filter.h - no config option (part of seccomp) - no new prctl - doesn't break seccomp on systems without asm/syscall.h (works but arg access always fails) - dropped seccomp_init_task, extra free functions, ... - dropped the no-asm/syscall.h code paths - merges with network sk_run_filter and sk_chk_filter v6: - fix memory leak on attach compat check failure - require no_new_privs || CAP_SYS_ADMIN prior to filter installation. (luto@mit.edu) - s/seccomp_struct_/seccomp_/ for macros/functions (amwang@redhat.com) - cleaned up Kconfig (amwang@redhat.com) - on block, note if the call was compat (so the # means something) v5: - uses syscall_get_arguments (indan@nul.nu,oleg@redhat.com, mcgrathr@chromium.org) - uses union-based arg storage with hi/lo struct to handle endianness. Compromises between the two alternate proposals to minimize extra arg shuffling and account for endianness assuming userspace uses offsetof(). (mcgrathr@chromium.org, indan@nul.nu) - update Kconfig description - add include/seccomp_filter.h and add its installation - (naive) on-demand syscall argument loading - drop seccomp_t (eparis@redhat.com) v4: - adjusted prctl to make room for PR_[SG]ET_NO_NEW_PRIVS - now uses current->no_new_privs (luto@mit.edu,torvalds@linux-foundation.com) - assign names to seccomp modes (rdunlap@xenotime.net) - fix style issues (rdunlap@xenotime.net) - reworded Kconfig entry (rdunlap@xenotime.net) v3: - macros to inline (oleg@redhat.com) - init_task behavior fixed (oleg@redhat.com) - drop creator entry and extra NULL check (oleg@redhat.com) - alloc returns -EINVAL on bad sizing (serge.hallyn@canonical.com) - adds tentative use of "always_unprivileged" as per torvalds@linux-foundation.org and luto@mit.edu v2: - (patch 2 only) Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 01 4月, 2012 1 次提交
-
-
由 Thierry Reding 提交于
Since the on-disk format has been stable for quite some time, users should either use the headers provided by libext2fs or keep a private copy of this header. For the full discussion, see this thread: https://lkml.org/lkml/2012/3/21/516 While at it, this commit removes all __KERNEL__ guards, which are now unnecessary. Signed-off-by: NThierry Reding <thierry.reding@avionic-design.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jan Kara <jack@suse.cz> Cc: Ted Ts'o <tytso@mit.edu> Cc: Artem Bityutskiy <dedekind1@gmail.com> Cc: Andreas Dilger <aedilger@gmail.com> Cc: linux-ext4@vger.kernel.org
-
- 05 3月, 2012 1 次提交
-
-
由 Paul Mackerras 提交于
This moves the definitions of the ioctls, constants and structures relating to the ppp_generic interface to userspace out from if_ppp.h to a new file, ppp-ioctl.h. The new file has my copyright since I designed and implemented the ppp_generic interface in the late 1990s. None of the contents of this file comes from the original if_ppp.h published by Carnegie Mellon University. Of the remainder of if_ppp.h, only the PPP_MTU definition was being used, and this replaces the uses of it with PPP_MRU (which is identical). Therefore, this replaces the entire file with the single line #include <linux/ppp-ioctl.h> which clearly doesn't contain any CMU code. Thus I have removed the CMU copyright notice with its problematic advertising clause, and in fact since it's only one trivial line I have not added any other copyright notice. Signed-off-by: NPaul Mackerras <paulus@samba.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 02 3月, 2012 1 次提交
-
-
由 Ben Hutchings 提交于
The ID packing definitions are needed by userland and the register definitions may also be useful there. Do not export mdio_phy_id_{is_c45,prtad,devad}() as the use of bool is problematic and it's not that useful to export only a subset of these. Do not export MDIO_SUPPORTS_{C22,C45} directly; these flags are only exposed to userland through struct ethtool_cmd so they should be defined alongside that with appropriate names. Signed-off-by: NBen Hutchings <bhutchings@solarflare.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 21 2月, 2012 1 次提交
-
-
由 H. Peter Anvin 提交于
struct sysinfo is just about the only thing exported to userspace from <linux/kernel.h>, so move it into a separate header file with a residual #include in <linux/kernel.h>. Originally-by: NH. J. Lu <hjl.tools@gmail.com> Signed-off-by: NH. Peter Anvin <hpa@zytor.com> Link: http://lkml.kernel.org/n/tip-4pr1xnnksprt7t0h3w5fw4rv@git.kernel.org
-
- 05 1月, 2012 1 次提交
-
-
由 Andras Domokos 提交于
Add HSI character device kernel configuration Signed-off-by: NAndras Domokos <andras.domokos@nokia.com> Signed-off-by: NCarlos Chinea <carlos.chinea@nokia.com>
-
- 31 12月, 2011 2 次提交
-
-
由 Pavel Emelyanov 提交于
The headers check complains it should include the linux/types.h withing, thus add this one. Signed-off-by: NPavel Emelyanov <xemul@parallels.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
Properly toss existing components around the ifdef __KERNEL__ and include the header into the header-y target. Signed-off-by: NPavel Emelyanov <xemul@parallels.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 14 11月, 2011 1 次提交
-
-
由 Jiri Pirko 提交于
This patch introduces new network device called team. It supposes to be very fast, simple, userspace-driven alternative to existing bonding driver. Userspace library called libteam with couple of demo apps is available here: https://github.com/jpirko/libteam Note it's still in its dipers atm. team<->libteam use generic netlink for communication. That and rtnl suppose to be the only way to configure team device, no sysfs etc. Python binding of libteam was recently introduced. Daemon providing arpmon/miimon active-backup functionality will be introduced shortly. All what's necessary is already implemented in kernel team driver. v7->v8: - check ndo_ndo_vlan_rx_[add/kill]_vid functions before calling them. - use dev_kfree_skb_any() instead of dev_kfree_skb() v6->v7: - transmit and receive functions are not checked in hot paths. That also resolves memory leak on transmit when no port is present v5->v6: - changed couple of _rcu calls to non _rcu ones in non-readers v4->v5: - team_change_mtu() uses team->lock while travesing though port list - mac address changes are moved completely to jurisdiction of userspace daemon. This way the daemon can do FOM1, FOM2 and possibly other weird things with mac addresses. Only round-robin mode sets up all ports to bond's address then enslaved. - Extended Kconfig text v3->v4: - remove redundant synchronize_rcu from __team_change_mode() - revert "set and clear of mode_ops happens per pointer, not per byte" - extend comment of function __team_change_mode() v2->v3: - team_change_mtu() uses rcu version of list traversal to unwind - set and clear of mode_ops happens per pointer, not per byte - port hashlist changed to be embedded into team structure - error branch in team_port_enter() does cleanup now - fixed rtln->rtnl v1->v2: - modes are made as modules. Makes team more modular and extendable. - several commenters' nitpicks found on v1 were fixed - several other bugs were fixed. - note I ignored Eric's comment about roundrobin port selector as Eric's way may be easily implemented as another mode (mode "random") in future. Signed-off-by: NJiri Pirko <jpirko@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 08 7月, 2011 1 次提交
-
-
由 Timur Tabi 提交于
Add the drivers/virt directory, which houses drivers that support virtualization environments, and add the Freescale hypervisor management driver. The Freescale hypervisor management driver provides several services to drivers and applications related to the Freescale hypervisor: 1. An ioctl interface for querying and managing partitions 2. A file interface to reading incoming doorbells 3. An interrupt handler for shutting down the partition upon receiving the shutdown doorbell from a manager partition 4. A kernel interface for receiving callbacks when a managed partition shuts down. Signed-off-by: NTimur Tabi <timur@freescale.com> Acked-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NKumar Gala <galak@kernel.crashing.org>
-
- 25 5月, 2011 1 次提交
-
-
由 John Calixto 提交于
Allows appropriately-privileged applications to send CMD (normal) and ACMD (application-specific; preceded with CMD55) commands to cards/devices on the mmc bus. This is primarily useful for enabling the security functionality built in to every SD card. It can also be used as a generic passthrough (e.g. to enable virtual machines to control mmc bus devices directly). However, this use case has not been tested rigorously. Generic passthrough testing was only conducted for a few non-security opcodes to prove the feasibility of the passthrough. Since any opcode can be sent using this passthrough, it is very possible to render the card/device unusable. Applications that use this ioctl must have CAP_SYS_RAWIO. Security commands tested on TI PCIxx12 (SDHCI), Sigma Designs SMP8652 SoC, TI OMAP3621/OMAP3630 SoC, Samsung S5PC110 SoC, Qualcomm MSM7200A SoC. Signed-off-by: NJohn Calixto <john.calixto@modsystems.com> Reviewed-by: NAndrei Warkentin <andreiw@motorola.com> Reviewed-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NChris Ball <cjb@laptop.org>
-
- 24 5月, 2011 1 次提交
-
-
由 Richard Cochran 提交于
This patch adds an infrastructure for hardware clocks that implement IEEE 1588, the Precision Time Protocol (PTP). A class driver offers a registration method to particular hardware clock drivers. Each clock is presented as a standard POSIX clock. The ancillary clock features are exposed in two different ways, via the sysfs and by a character device. Signed-off-by: NRichard Cochran <richard.cochran@omicron.at> Acked-by: NArnd Bergmann <arnd@arndb.de> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NJohn Stultz <john.stultz@linaro.org>
-
- 20 5月, 2011 1 次提交
-
-
由 Laurent Pinchart 提交于
Move the public API definitions to include/linux/uvcvideo.h and bump the version number to 1.1.0. Compatibility with the old API is kept, application can still be compiled against the private header and will not break. Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
- 22 3月, 2011 4 次提交
-
-
由 Laurent Pinchart 提交于
Add the OMAP3 ISP driver to the kernel build system. Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
由 Laurent Pinchart 提交于
Add a userspace API to get, set and enumerate the media format on a subdev pad. The format at the output of a subdev usually depends on the format at its input(s). The try format operation is thus not suitable for probing format at individual pads, as it can't modify the device state and thus can't remember the format tried at the input to compute the output format. To fix the problem, pass an extra argument to the get/set format operations to select the 'try' or 'active' format. The try format is used when probing the subdev. Setting the try format must not change the device configuration but can store data for later reuse. Data storage is provided at the file-handle level so applications probing the subdev concurently won't interfere with each other. The active format is used when configuring the subdev. It's identical to the format handled by the usual get/set operations. Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: NStanimir Varbanov <svarbanov@mm-sol.com> Signed-off-by: NSakari Ailus <sakari.ailus@iki.fi> Acked-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
由 Laurent Pinchart 提交于
The header defines the v4l2_mbus_framefmt structure which will be used by the V4L2 subdevs userspace API. Change the type of the v4l2_mbus_framefmt::code field to __u32, as enum sizes can differ between different ABIs on the same architectures. Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
由 Laurent Pinchart 提交于
Create the following ioctl and implement it at the media device level to query device information. - MEDIA_IOC_DEVICE_INFO: Query media device information The ioctl and its data structure are defined in the new kernel header linux/media.h available to userspace applications. Signed-off-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
- 01 2月, 2011 2 次提交
-
-
由 Greg Kroah-Hartman 提交于
This reverts commit a6238f21 Appletalk got some patches to fix up the BLK usage in it in the network tree, so this removal isn't needed. Cc: Arnd Bergmann <arnd@arndb.de> Cc: <acme@ghostprotocols.net> Cc: netdev@vger.kernel.org, Cc: David Miller <davem@davemloft.net> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Arnd Bergmann 提交于
For all I know, Appletalk is dead, the only reasonable use right now would be nostalgia, and that can be served well enough by old kernels. The code is largely not in a bad shape, but it still uses the big kernel lock, and nobody seems motivated to change that. FWIW, the last release of MacOS that supported Appletalk was MacOS X 10.5, made in 2007, and it has been abandoned by Apple with 10.6. Using TCP/IP instead of Appletalk has been supported since MacOS 7.6, which was released in 1997 and is able to run on most of the legacy hardware. Signed-off-by: NArnd Bergmann <arnd@arndb.de> Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Cc: netdev@vger.kernel.org Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 30 1月, 2011 1 次提交
-
-
Add caif_socket.h and if_caif.h to the kernel header files exported for use by userspace. Signed-off-by: NSjur Braendeland <sjur.brandeland@stericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 29 12月, 2010 1 次提交
-
-
由 Mauro Carvalho Chehab 提交于
There's no sense on keeping it on 2.6.38, as nobody is using it anymore, at the kernel tree, and installing it at the userspace API. As two deprecated drivers still need it, move it to their internal directories. Reviewed-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
- 15 12月, 2010 1 次提交
-
-
由 Kirill A. Shutemov 提交于
Export linux/a.out.h, linux/kvm.h and linux/kvm_para.h on headers_install_all if at least one architecture has appropriate files in arch-dependent headers. Signed-off-by: NKirill A. Shutemov <kirill@shutemov.name> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 03 12月, 2010 1 次提交
-
-
由 Miloslav Trmač 提交于
Signed-off-by: NMiloslav Trmač <mitr@redhat.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 29 10月, 2010 1 次提交
-
-
由 Eric Paris 提交于
We disabled the ability to build fanotify in commit 7c534773. This reverts that commit and allows people to build fanotify. Signed-off-by: NEric Paris <eparis@redhat.com>
-
- 21 10月, 2010 1 次提交
-
-
由 Hans Verkuil 提交于
Remove the vtx (aka videotext aka teletext) API from the v4l2 core. This API was scheduled for removal in kernel 2.6.35. The vtx device nodes have been superseded by vbi device nodes for many years. No applications exist that use the vtx support. Of the two i2c drivers that actually support this API the saa5249 has been impossible to use for a year now and no known hardware that supports this device exists. The saa5246a is theoretically supported by the old mxb boards, but it never actually worked. In summary: there is no hardware that can use this API and there are no applications actually implementing this API. The vtx support still reserves minors 192-223 and we would really like to reuse those for upcoming new functionality. In the unlikely event that new hardware appears that wants to use the functionality provided by the vtx API, then that functionality should be build around the sliced VBI API instead. Signed-off-by: NHans Verkuil <hverkuil@xs4all.nl> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
- 12 10月, 2010 1 次提交
-
-
由 Eric Paris 提交于
This patch disables the fanotify syscalls by just not building them and letting the cond_syscall() statements in kernel/sys_ni.c redirect them to sys_ni_syscall(). It was pointed out by Tvrtko Ursulin that the fanotify interface did not include an explicit prioritization between groups. This is necessary for fanotify to be usable for hierarchical storage management software, as they must get first access to the file, before inotify-like notifiers see the file. This feature can be added in an ABI compatible way in the next release (by using a number of bits in the flags field to carry the info) but it was suggested by Alan that maybe we should just hold off and do it in the next cycle, likely with an (new) explicit argument to the syscall. I don't like this approach best as I know people are already starting to use the current interface, but Alan is all wise and noone on list backed me up with just using what we have. I feel this is needlessly ripping the rug out from under people at the last minute, but if others think it needs to be a new argument it might be the best way forward. Three choices: Go with what we got (and implement the new feature next cycle). Add a new field right now (and implement the new feature next cycle). Wait till next cycle to release the ABI (and implement the new feature next cycle). This is number 3. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 06 10月, 2010 1 次提交
-
-
由 Arnd Bergmann 提交于
smbfs has been scheduled for removal in 2.6.27, so maybe we can now move it to drivers/staging on the way out. smbfs still uses the big kernel lock and nobody is going to fix that, so we should be getting rid of it soon. This removes the 32 bit compat mount and ioctl handling code, which is implemented in common fs code, and moves all smbfs related files into drivers/staging/smbfs. Signed-off-by: NArnd Bergmann <arnd@arndb.de> Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 09 9月, 2010 1 次提交
-
-
由 Andy Grover 提交于
Also, a number of changes were made based on the assumption that rds.h wasn't exported, so roll these back. Signed-off-by: NAndy Grover <andy.grover@oracle.com>
-
- 15 8月, 2010 1 次提交
-
-
由 Sam Ravnborg 提交于
unifdef-y and header-y has same semantic. So there is no need to have both. Drop the unifdef-y variant and sort all lines again Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
-
- 08 8月, 2010 1 次提交
-
-
由 Jens Axboe 提交于
Stephen reports: After merging the block tree, today's linux-next build (x86_64 allmodconfig) failed like this: usr/include/linux/fs.h:11: included file 'linux/blk_types.h' is not exported Caused by commit 9d3dbbcd9a84518ff5e32ffe671d06a48cf84fd9 ("bio, fs: separate out bio_types.h and define READ/WRITE constants in terms of BIO_RW_* flags"). Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NJens Axboe <jaxboe@fusionio.com>
-
- 03 8月, 2010 1 次提交
-
-
由 James Chapman 提交于
The header file l2tp.h should be exported to the installed include/linux/ tree for userspace programs. This patch fixes compilation errors in L2TP userspace apps which want to use the new L2TP support introduced in 2.6.35. Signed-off-by: NJames Chapman <jchapman@katalix.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 28 7月, 2010 1 次提交
-
-
由 Eric Paris 提交于
fanotify is a novel file notification system which bases notification on giving userspace both an event type (open, close, read, write) and an open file descriptor to the object in question. This should address a number of races and problems with other notification systems like inotify and dnotify and should allow the future implementation of blocking or access controlled notification. These are useful for on access scanners or hierachical storage management schemes. This patch just implements the basics of the fsnotify functions. Signed-off-by: NEric Paris <eparis@redhat.com>
-
- 23 4月, 2010 1 次提交
-
-
由 Andrew Hendry 提交于
V2 Feedback from John Hughes. - Add header for userspace implementations such as xot/xoe to use - Use explicit values for interface stability - No changes to driver patches V1 - Use identifiers instead of magic numbers for X25 layer 3 to device interface. - Also fixed checkpatch notes on updated code. [ Add new user header to include/linux/Kbuild -DaveM ] Signed-off-by: NAndrew Hendry <andrew.hendry@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 01 3月, 2010 1 次提交
-
-
由 Ville Syrjälä 提交于
omapfb has several custom ioctls so user space needs the header in order to utilize them. Signed-off-by: NVille Syrjälä <ville.syrjala@nokia.com> Signed-off-by: NTomi Valkeinen <tomi.valkeinen@nokia.com>
-
- 23 2月, 2010 1 次提交
-
-
由 dann frazier 提交于
'make headers_check' began to fail after cciss_defs.h was introduced in: 429c42c9 usr/include/linux/cciss_ioctl.h:6: included file 'linux/cciss_defs.h' is not exported Fix this by exporting cciss_defs.h Signed-off-by: Ndann frazier <dannf@hp.com> Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
-
- 15 1月, 2010 1 次提交
-
-
由 Michael S. Tsirkin 提交于
What it is: vhost net is a character device that can be used to reduce the number of system calls involved in virtio networking. Existing virtio net code is used in the guest without modification. There's similarity with vringfd, with some differences and reduced scope - uses eventfd for signalling - structures can be moved around in memory at any time (good for migration, bug work-arounds in userspace) - write logging is supported (good for migration) - support memory table and not just an offset (needed for kvm) common virtio related code has been put in a separate file vhost.c and can be made into a separate module if/when more backends appear. I used Rusty's lguest.c as the source for developing this part : this supplied me with witty comments I wouldn't be able to write myself. What it is not: vhost net is not a bus, and not a generic new system call. No assumptions are made on how guest performs hypercalls. Userspace hypervisors are supported as well as kvm. How it works: Basically, we connect virtio frontend (configured by userspace) to a backend. The backend could be a network device, or a tap device. Backend is also configured by userspace, including vlan/mac etc. Status: This works for me, and I haven't see any crashes. Compared to userspace, people reported improved latency (as I save up to 4 system calls per packet), as well as better bandwidth and CPU utilization. Features that I plan to look at in the future: - mergeable buffers - zero copy - scalability tuning: figure out the best threading model to use Note on RCU usage (this is also documented in vhost.h, near private_pointer which is the value protected by this variant of RCU): what is happening is that the rcu_dereference() is being used in a workqueue item. The role of rcu_read_lock() is taken on by the start of execution of the workqueue item, of rcu_read_unlock() by the end of execution of the workqueue item, and of synchronize_rcu() by flush_workqueue()/flush_work(). In the future we might need to apply some gcc attribute or sparse annotation to the function passed to INIT_WORK(). Paul's ack below is for this RCU usage. (Includes fixes by Alan Cox <alan@linux.intel.com>, David L Stevens <dlstevens@us.ibm.com>, Chris Wright <chrisw@redhat.com>) Acked-by: NRusty Russell <rusty@rustcorp.com.au> Acked-by: NArnd Bergmann <arnd@arndb.de> Acked-by: N"Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 12 12月, 2009 2 次提交
-
-
由 Jie Zhang 提交于
include/linux/net_tstamp.h is userspace API for hardware time stamping of network packets. It should be exported to userspace. Signed-off-by: NJie Zhang <jie.zhang@analog.com> Signed-off-by: NBarry Song <barry.song@analog.com> Signed-off-by: NPatrick Ohly <patrick.ohly@gmx.de> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
由 Alan Cox 提交于
The ESP driver has been marked broken for years. It's an old ISA device that clearly nobody cares about any more. Remove it Signed-off-by: NAlan Cox <alan@linux.intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 30 10月, 2009 1 次提交
-
-
由 Serge E. Hallyn 提交于
Hi James, would you mind taking the following into security-testing? The securebits are used by passing them to prctl with the PR_{S,G}ET_SECUREBITS commands. But the defines must be shifted to be used in prctl, which begs to be confused and misused by userspace. So define some more convenient values for userspace to specify. This way userspace does prctl(PR_SET_SECUREBITS, SECBIT_NOROOT); instead of prctl(PR_SET_SECUREBITS, 1 << SECURE_NOROOT); (Thanks to Michael for the idea) This patch also adds include/linux/securebits to the installed headers. Then perhaps it can be included by glibc's sys/prctl.h. Changelog: Oct 29: Stephen Rothwell points out that issecure can be under __KERNEL__. Oct 14: (Suggestions by Michael Kerrisk): 1. spell out SETUID in SECBIT_NO_SETUID* 2. SECBIT_X_LOCKED does not imply SECBIT_X 3. add definitions for keepcaps Oct 14: As suggested by Michael Kerrisk, don't use SB_* as that convention is already in use. Use SECBIT_ prefix instead. Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com> Acked-by: NAndrew G. Morgan <morgan@kernel.org> Acked-by: NMichael Kerrisk <mtk.manpages@gmail.com> Cc: Ulrich Drepper <drepper@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 22 10月, 2009 1 次提交
-
-
由 Christian Borntraeger 提交于
Rusty, commit 3ca4f5ca virtio: add virtio IDs file moved all device IDs into a single file. While the change itself is a very good one, it can break userspace applications. For example if a userspace tool wanted to get the ID of virtio_net it used to include virtio_net.h. This does no longer work, since virtio_net.h does not include virtio_ids.h. This patch moves all "#include <linux/virtio_ids.h>" from the C files into the header files, making the header files compatible with the old ones. In addition, this patch exports virtio_ids.h to userspace. CC: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-