1. 13 6月, 2013 3 次提交
    • K
      kmsg: honor dmesg_restrict sysctl on /dev/kmsg · 637241a9
      Kees Cook 提交于
      The dmesg_restrict sysctl currently covers the syslog method for access
      dmesg, however /dev/kmsg isn't covered by the same protections.  Most
      people haven't noticed because util-linux dmesg(1) defaults to using the
      syslog method for access in older versions.  With util-linux dmesg(1)
      defaults to reading directly from /dev/kmsg.
      
      To fix /dev/kmsg, let's compare the existing interfaces and what they
      allow:
      
       - /proc/kmsg allows:
        - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
          single-reader interface (SYSLOG_ACTION_READ).
        - everything, after an open.
      
       - syslog syscall allows:
        - anything, if CAP_SYSLOG.
        - SYSLOG_ACTION_READ_ALL and SYSLOG_ACTION_SIZE_BUFFER, if
          dmesg_restrict==0.
        - nothing else (EPERM).
      
      The use-cases were:
       - dmesg(1) needs to do non-destructive SYSLOG_ACTION_READ_ALLs.
       - sysklog(1) needs to open /proc/kmsg, drop privs, and still issue the
         destructive SYSLOG_ACTION_READs.
      
      AIUI, dmesg(1) is moving to /dev/kmsg, and systemd-journald doesn't
      clear the ring buffer.
      
      Based on the comments in devkmsg_llseek, it sounds like actions besides
      reading aren't going to be supported by /dev/kmsg (i.e.
      SYSLOG_ACTION_CLEAR), so we have a strict subset of the non-destructive
      syslog syscall actions.
      
      To this end, move the check as Josh had done, but also rename the
      constants to reflect their new uses (SYSLOG_FROM_CALL becomes
      SYSLOG_FROM_READER, and SYSLOG_FROM_FILE becomes SYSLOG_FROM_PROC).
      SYSLOG_FROM_READER allows non-destructive actions, and SYSLOG_FROM_PROC
      allows destructive actions after a capabilities-constrained
      SYSLOG_ACTION_OPEN check.
      
       - /dev/kmsg allows:
        - open if CAP_SYSLOG or dmesg_restrict==0
        - reading/polling, after open
      
      Addresses https://bugzilla.redhat.com/show_bug.cgi?id=903192
      
      [akpm@linux-foundation.org: use pr_warn_once()]
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Reported-by: NChristian Kujau <lists@nerdbynature.de>
      Tested-by: NJosh Boyer <jwboyer@redhat.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      637241a9
    • R
      reboot: rigrate shutdown/reboot to boot cpu · cf7df378
      Robin Holt 提交于
      We recently noticed that reboot of a 1024 cpu machine takes approx 16
      minutes of just stopping the cpus.  The slowdown was tracked to commit
      f96972f2 ("kernel/sys.c: call disable_nonboot_cpus() in
      kernel_restart()").
      
      The current implementation does all the work of hot removing the cpus
      before halting the system.  We are switching to just migrating to the
      boot cpu and then continuing with shutdown/reboot.
      
      This also has the effect of not breaking x86's command line parameter
      for specifying the reboot cpu.  Note, this code was shamelessly copied
      from arch/x86/kernel/reboot.c with bits removed pertaining to the
      reboot_cpu command line parameter.
      Signed-off-by: NRobin Holt <holt@sgi.com>
      Tested-by: NShawn Guo <shawn.guo@linaro.org>
      Cc: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Russ Anderson <rja@sgi.com>
      Cc: Robin Holt <holt@sgi.com>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      cf7df378
    • S
      CPU hotplug: provide a generic helper to disable/enable CPU hotplug · 16e53dbf
      Srivatsa S. Bhat 提交于
      There are instances in the kernel where we would like to disable CPU
      hotplug (from sysfs) during some important operation.  Today the freezer
      code depends on this and the code to do it was kinda tailor-made for
      that.
      
      Restructure the code and make it generic enough to be useful for other
      usecases too.
      Signed-off-by: NSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: NRobin Holt <holt@sgi.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Russ Anderson <rja@sgi.com>
      Cc: Robin Holt <holt@sgi.com>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      16e53dbf
  2. 12 6月, 2013 2 次提交
    • L
      Merge branch 'fixes-3.10' of git://git.infradead.org/users/willy/linux-nvme · 77293e21
      Linus Torvalds 提交于
      Pull NVMe fixes from Matthew Wilcox.
      
      * 'fixes-3.10' of git://git.infradead.org/users/willy/linux-nvme:
        NVMe: Add MSI support
        NVMe: Use dma_set_mask() correctly
        Return the result from user admin command IOCTL even in case of failure
        NVMe: Do not cancel command multiple times
        NVMe: fix error return code in nvme_submit_bio_queue()
        NVMe: check for integer overflow in nvme_map_user_pages()
        MAINTAINERS: update NVM EXPRESS DRIVER file list
        NVMe: Fix a signedness bug in nvme_trans_modesel_get_mp
        NVMe: Remove redundant version.h header include
      77293e21
    • L
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm · af180b81
      Linus Torvalds 提交于
      Pull kvm bugfixes from Gleb Natapov:
       "There is one more fix for MIPS KVM ABI here, MIPS and PPC build
        breakage fixes and a couple of PPC bug fixes"
      
      * 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm/ppc/booke64: Fix lazy ee handling in kvmppc_handle_exit()
        kvm/ppc/booke: Hold srcu lock when calling gfn functions
        kvm/ppc/booke64: Disable e6500 support
        kvm/ppc/booke64: Fix AltiVec interrupt numbers and build breakage
        mips/kvm: Use KVM_REG_MIPS and proper size indicators for *_ONE_REG
        kvm: Add definition of KVM_REG_MIPS
        KVM: add kvm_para_available to asm-generic/kvm_para.h
      af180b81
  3. 11 6月, 2013 12 次提交
  4. 10 6月, 2013 12 次提交
  5. 09 6月, 2013 11 次提交