Jeff Dike [Tue, 5 Feb 2008 06:31:12 +0000 (22:31 -0800)]
uml: don't allow processes to call into stub
Kill a process that tries to branch into a stub and execute a system
call. There are no security implications here - a system call in a
stub is treated the same as a system call anywhere else. But if a
process is trying to branch into a stub, either it is trying something
nasty or it has gone haywire, so it's a good idea to get rid of it in
either case.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:11 +0000 (22:31 -0800)]
uml: get rid of syscall counters
Get rid of some syscall counters which haven't been useful in ages.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:10 +0000 (22:31 -0800)]
uml: don't kill pid 0
A bit of defensive programming - during development, it ocassionally
happens that a call to init_new_context is missed, resulting in
context holding a host pid of zero. When that address space is torn
down, destroy_context does a kill(0), which instantly kills the whole
UML without any errors whatsoever.
This patch add a check for pids less than 2, to also catch 1 and
negative pids.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:10 +0000 (22:31 -0800)]
uml: tidy helper code
Style fixes to arch/um/os/helper.c and tidying up the breakpoint fix a
bit.
helper.c gets all the usual style fixes -
updated copyright
all printks get severities
Also -
errval changes to err in helper_child
fixed an obsolete comment
run_helper was killing a child process which is guaranteed to
be dead or dying anyway
Removed the nohang and pname arguments from helper_wait and fixed the
declaration and callers. nohang was used only in the slirp driver and
I don't think it was needed. I think pname was a bit of overkill in
putting out an error message when something goes wrong.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:09 +0000 (22:31 -0800)]
uml: use barrier() instead of mb()
signals_enabled and pending have requirements on the order in which they are
modified. This used to be done by declaring them volatile and putting an mb()
where the ordering requirements were in effect.
After getting a better (I hope) understanding of how to do this correctly, the
volatile declarations are gone and the mb()'s replaced by barrier()'s.
One of the mb()'s was deleted because I see no problematic writes that could
be re-ordered past that point.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:08 +0000 (22:31 -0800)]
uml: install panic notifier earlier
It turns out that if there's a panic early enough, UML will just sit there in
the LED-blinking loop because the panic notifier hadn't been installed yet.
This patch installs it earlier.
It also fixes the problem which exposed the hang, namely that if you give UML
a zero-sized initrd, it will ask alloc_bootmem for zero bytes, and that will
cause the panic.
While I was in initrd.c, I gave it a style makeover.
Prompted by checkpatch, I moved a couple extern declarations of uml_exitcode
to kern_util.h.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:07 +0000 (22:31 -0800)]
uml: eliminate setjmp_wrapper
setjmp_wrapper existed to provide setjmp to kernel code when UML used libc's
setjmp and longjmp. Now that UML has its own implementation, this isn't
needed and kernel code can invoke setjmp directly.
do_buffer_op is massively cleaned up since it is no longer a callback from
setjmp_wrapper and given a va_list from which it must extract its arguments.
The actual setjmp is moved from buffer_op to do_op_one_page because the copy
operation is inside an atomic section (kmap_atomic to kunmap_atomic) and it
shouldn't be longjmp-ed out of.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:07 +0000 (22:31 -0800)]
uml: customize tlb.h
Customize the hooks in tlb.h to optimize TLB flushing some more.
Add start and end fields to tlb_gather_mmu, which are used to limit
the address space range scanned when a region is unmapped.
The interfaces which just free page tables, without actually changing
mappings, don't need to cause a TLB flush.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:06 +0000 (22:31 -0800)]
uml: 64-bit tlb fixes
Some 64-bit tlb fixes -
moved pmd_page_vaddr to pgtable.h since it's the same for both
2-level and 3-level page tables
fixed a bogus cast on pud_page_vaddr
made the address checking in update_*_range more careful
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:05 +0000 (22:31 -0800)]
uml: style fixes in file.c
arch/um/os-Linux/file.c needed some style work -
updated the copyright
cleaned up the includes
CodingStyle fixes
added some missing CATCH_EINTRs
os_set_owner was unused, so it is gone
all printks now have severities
fcntl(F_GETFL) was being called without checking the return
removed an obsolete comment
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:04 +0000 (22:31 -0800)]
uml: miscellaneous code cleanups
Code tidying -
the pid field of struct irq_fd isn't used, so it is removed
os_set_fd_async needed to read flags before changing them, it
doesn't need a pid passed in because it can call getpid itself, and a
block of unused code needed deleting
os_get_exec_close was unused, so it is removed
ptrace_child called _exit for historical reasons which are no
longer valid, so just calls exit instead
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bring back the functionality of stopping user mode linux with the help of
mconsole.
[jdike - the bug being fixed is that the mconsole file descriptor is already
set O_NONBLOCK or not, depending on whether we want no blocking (the normal
case) or we want blocking (when an mconsole stop is in effect), so the
MSG_DONTWAIT is redundant in the normal case, and wrong when we want to
block.]
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: remove duplicate config symbol and unused file and variables
Fix the repetition of the NET symbol. It was once in UML specific options and
once in networking. I removed the first occurrence, as it makes more sense to
me to keep it only in networking.
It also removes a mostly empty file which is not used anymore and some
unused variables.
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:02 +0000 (22:31 -0800)]
uml: syle fixes in arch/um/os-Linux
Style fixes in arch/um/os-Linux/irq.c and arch/um/os-Linux/sigio.c:
Updated copyrights
trimmed includes
added severity indicators to printks
CodingStyle fixes
turned an bunch of panics into printks
call some libc functions directly instead of going through the
os_* wrappers
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:02 +0000 (22:31 -0800)]
uml: fx command-line CFLAGS and LDFLAGS support
UML still needed some work in order to allow CFLAGS to be passed in from the
command line.
USER_CFLAGS is produced from KBUILD_CFLAGS in part by removing all the -I
switches. This is so that kernel headers don't accidentally get pulled into
libc files. However, a common use of command-line CFLAGS would be to add -I
switches to the build. This patch specifically adds any command-line -I flags
back to USER_CFLAGS.
I also corrected the spelling of LFLAGS to LDFLAGS.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:01 +0000 (22:31 -0800)]
uml: cover stubs with a VMA
Give the stubs a VMA. This allows the removal of a truly nasty kludge to make
sure that mm->nr_ptes was correct in exit_mmap. The underlying problem was
always that the stubs, which have ptes, and thus allocated a page table,
weren't covered by a VMA.
This patch fixes that by using install_special_mapping in arch_dup_mmap and
activate_context to create the VMA. The stubs have to be moved, since
shift_arg_pages seems to assume that the stack is the only VMA present at that
point during exec, and uses vma_adjust to fiddle its VMA. However, that
extends the stub VMA by the amount removed from the stack VMA.
To avoid this problem, the stubs were moved to a different fixed location at
the start of the address space.
The init_stub_pte calls were moved from init_new_context to arch_dup_mmap
because I was occasionally seeing arch_dup_mmap not being called, causing
exit_mmap to die. Rather than figure out what was really happening, I decided
it was cleaner to just move the calls so that there's no doubt that both the
pte and VMA creation happen, no matter what. arch_exit_mmap is used to clear
the stub ptes at exit time.
The STUB_* constants in as-layout.h no longer depend on UM_TASK_SIZE, that
that definition is removed, along with the comments complaining about gcc.
Because the stubs are no longer at the top of the address space, some care is
needed while flushing TLBs. update_pte_range checks for addresses in the stub
range and skips them. flush_thread now issues two unmaps, one for the range
before STUB_START and one for the range after STUB_END.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:31:00 +0000 (22:31 -0800)]
uml: clean up TASK_SIZE usage
Clean up the calculation and use of the usable address space size on the host.
task_size is gone, replaced with TASK_SIZE, which is calculated from
CONFIG_TOP_ADDR. get_kmem_end and set_task_sizes_skas are also gone.
host_task_size, which refers to the entire address space usable by the UML
kernel and which may be larger than the address space usable by a UML process,
since that has to end on a pgdir boundary, is replaced by CONFIG_TOP_ADDR.
STACK_TOP is now TASK_SIZE minus the two stub pages.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Tue, 5 Feb 2008 06:30:59 +0000 (22:30 -0800)]
uml: add missing space
Add missing space between merged string constants.
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:58 +0000 (22:30 -0800)]
uml: kill processes instead of panicing kernel
UML was panicing in the case of failures of libc calls which shouldn't happen.
This is an overreaction since a failure from libc doesn't normally mean that
kernel data structures are in an unknown state. Instead, the current process
should just be killed if there is no way to recover.
The case that prompted this was a failure of PTRACE_SETREGS restoring the same
state that was read by PTRACE_GETREGS. It appears that when a process tries
to load a bogus value into a segment register, it segfaults (as expected) and
the value is actually loaded and is seen by PTRACE_GETREGS (not expected).
This case is fixed by forcing a fatal SIGSEGV on the process so that it
immediately dies. fatal_sigsegv was added for this purpose. It was declared
as noreturn, so in order to pursuade gcc that it actually does not return, I
added a call to os_dump_core (and declared it noreturn) so that I get a core
file if somehow the process survives.
All other calls in arch/um/os-Linux/skas/process.c got the same treatment,
with failures causing the process to die instead of a kernel panic, with some
exceptions.
userspace_tramp exits with status 1 if anything goes wrong there. That will
cause start_userspace to return an error. copy_context_skas0 and
map_stub_pages also now return errors instead of panicing. Callers of thes
functions were changed to check for errors and do something appropriate.
Usually that's to return an error to their callers.
check_skas3_ptrace_faultinfo just exits since that's too early to do anything
else.
save_registers, restore_registers, and init_registers now return status
instead of panicing on failure, with their callers doing something
appropriate.
There were also duplicate declarations of save_registers and restore_registers
in os.h - these are gone.
I noticed and fixed up some whitespace damage.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:57 +0000 (22:30 -0800)]
uml: use ptrace directly in libc code
Some register accessor cleanups -
userspace() was calling restore_registers and save_registers for no
reason, since userspace() is on the libc side of the house, and these
add no value over calling ptrace directly
init_thread_registers and get_safe_registers were the same thing,
so init_thread_registers is gone
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:56 +0000 (22:30 -0800)]
uml: simplify SIGSEGV handling
Simplify the page fault stub by not masking signals while it is running. This
allows it to signal that it is done by executing an instruction which will
generate a SIGTRAP (int3 on x86) rather than running sigreturn by hand after
queueing a blocked SIGUSR1.
userspace_tramp now no longer puts anything in the SIGSEGV sa_mask, but it
does add SA_NODEFER to sa_flags so that SIGSEGV is still enabled after the
signal handler fails to run sigreturn.
SIGWINCH is just blocked so that we don't have to deal with it and the signal
masks used by wait_stub_done are updated to reflect the smaller number of
signals that it has to worry about.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:55 +0000 (22:30 -0800)]
uml: add virt_to_pte
Turn um_virt_to_phys into virt_to_pte, cleaning up a horrid interface.
It's also made non-static and declared in pgtable.h because it'll be
needed when the stubs get a vma.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:55 +0000 (22:30 -0800)]
uml: fix page table data sizes
Get the sizes of various pieces of data right when using three-level
page tables. pgd and pmd entries remain at 32 bits in a 32-bit
compilation because page tables will remain in low memory. So,
PGDIR_SHIFT, the PTRS_PER_* values, set_pud, set_pmd are conditional
on 64BIT.
More use of phys_t is made when there are physical memory addresses
floating around.
ObCheckpatchViolationJustification - the new typedef is an alternate
definition of pmd_t, which I can't really live without.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:54 +0000 (22:30 -0800)]
uml: current.h cleanup
Tidy current-related stuff. There was a comment in current.h saying
that current_thread was obsolete, so this patch turns all instances of
current_thread into current_thread_info(). There's some simplifying
of the result in arch/um/sys-i386/signal.c.
current.h and thread_info also get style cleanups.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:53 +0000 (22:30 -0800)]
uml: style cleanup
Style fixes in elf-i386.h and arch/um/kernel/mem.c.
update the copyright
get rid of an emacs formatting comment
some formatting fixes
inclusion trimming
whitespace fixes
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:53 +0000 (22:30 -0800)]
uml: header untangling
Untangle UML headers somewhat and add some includes where they were
needed explicitly, but gotten accidentally via some other header.
arch/um/include/um_uaccess.h loses asm/fixmap.h because it uses no
fixmap stuff and gains elf.h, because it needs FIXADDR_USER_*, and
archsetjmp.h, because it needs jmp_buf.
pmd_alloc_one is uninlined because it needs mm_struct, and that's
inconvenient to provide in asm-um/pgtable-3level.h.
elf_core_copy_fpregs is also uninlined from elf-i386.h and
elf-x86_64.h, which duplicated the code anyway, to
arch/um/kernel/process.c, so that the reference to current_thread
doesn't pull sched.h or anything related into asm/elf.h.
arch/um/sys-i386/ldt.c, arch/um/kernel/tlb.c and
arch/um/kernel/skas/uaccess.c got sched.h because they dereference
task_structs. Its includes of linux and asm headers got turned from
"" to <>.
arch/um/sys-i386/bug.c gets asm/errno.h because it needs errno
constants.
asm/elf-i386 gets asm/user.h because it needs user_regs_struct.
asm/fixmap.h gets page.h because it needs PAGE_SIZE and PAGE_MASK and
system.h for BUG_ON.
asm/pgtable doesn't need sched.h.
asm/processor-generic.h defined mm_segment_t, but didn't use it. So,
that definition is moved to uaccess.h, which defines a bunch of
mm_segment_t-related stuff. thread_info.h uses mm_segment_t, and
includes uaccess.h, which causes a recursion. So, the definition is
placed above the include of thread_info. in uaccess.h. thread_info.h
also gets page.h because it needs PAGE_SIZE.
ObCheckpatchViolationJustification - I'm not adding a typedef; I'm
moving mm_segment_t from one place to another.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:52 +0000 (22:30 -0800)]
uml: move um_virt_to_phys
This patchset makes UML build and run with three-level page tables on
32-bit hosts. This is an uncommon use case, but the code here needed
fixing and cleaning up, so 32-bit three-level pages tables were tested
to make sure the changes are good.
Patch 1 - code movement
Patch 2 - header untangling
Patch 3 - style fixups in files affected so far
Patch 4 - clean up use of current.h
Patch 5 - fix sizes of types that are different between 2 and 3-level
page tables - three-level page table support should build at
this point
Patch 6 - tidy (i.e. eliminate much of) the code that figures out how
big the address space is
Patch 7 - change um_virt_to_phys into virt_to_pte, clean its
interface, and clean its (so far) one caller
Patch 8 - the stub pages are covered with a VMA, allowing some nasty
code to be thrown out - three-level page tables now work
This patch:
um_virt_to_phys only has one user, so it can be moved to the same file
and made static. Its declarations in pgtable.h and ksyms.c are also
gone.
current_cmd was another apparent user, but it itself isn't used, so it
is deleted.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:51 +0000 (22:30 -0800)]
uml: host TLS diagnostics
Add some diagnostics when TLS operations on the host fail. Also spit out more
information about the TLS environment on the host at boot time.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch changes a few functions into returning void. The return values
were not used anyway, so I think it should not be a problem. Also removed a
little leftover bit from TT mode.
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: remove unused variables in the context switcher
This patch removes a variable which was not used in two functions. Yet
another code cleanup, nothing really significant.
Please note that I could not test this on x86_64. I don't have the
hardware for it.
[ jdike - Bits of tidying around the affected code. Also, it's fine on
x86_64 ]
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Lucas Woods [Tue, 5 Feb 2008 06:30:49 +0000 (22:30 -0800)]
arch/um: remove duplicate includes
Signed-off-by: Lucas Woods <woodzy@gmail.com> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:48 +0000 (22:30 -0800)]
uml: reconst a parameter
The previous const-ing patch consted a string which shouldn't have
been, and I didn't notice the gcc warning.
ubd_setup can't take a const char * because its address is assigned to
something which expects a char *arg. Many setups modify the string
they are given, they can't be const.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:47 +0000 (22:30 -0800)]
UML - Fix build in 2.6.24-rc2-mm1
The earlier pgtable.h tidying patch made things a bit too tidy. Add
back a header which is needed in VMALLOC_START and friend. Also add
back a definition of pmd_page_vaddr, which is needed on x86_64.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:47 +0000 (22:30 -0800)]
uml: tidy pgtable.h
Large pieces of include/asm/pgtable.h were unused cruft.
This uncovered arch/um/kernel/trap.c needing skas.h in order to get
ptrace_faultinfo.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:46 +0000 (22:30 -0800)]
uml: tidy kern_util.h
Tidy kern_util.h. It turns out that most of the function declarations
aren't used, so they can go away. os.h no longer includes
kern_util.h, so files which got it through os.h now need to include it
directly. A number of other files never needed it, so these includes
are deleted.
The structure which was used to pass signal handlers from the kernel
side to the userspace side is gone. Instead, the handlers are
declared here, and used directly from libc code. This allows
arch/um/os-Linux/trap.c to be deleted, with its remnants being moved
to arch/um/os-Linux/skas/trap.c.
arch/um/os-Linux/tty.c had its inclusions changed, and it needed some
style attention, so it got tidied.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:45 +0000 (22:30 -0800)]
uml: allow LFLAGS on command line
Allow LFLAGS to be given to make and have the expected effect.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:44 +0000 (22:30 -0800)]
uml: delete some unused headers
Robert Day noticed a few unused headers in UML, so this gets rid of them.
Cc: "Robert P. J. Day" <rpjday@crashcourse.ca> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:44 +0000 (22:30 -0800)]
uml: borrow const.h techniques
Suggested by Geert Uytterhoeven - use const.h to get constants that are usable
in both C and assembly. I can't include it directly since this code can't
include kernel headers. const.h is also for numeric constants that can be
typed by tacking a "UL" or similar on the end. The constants here have to be
typed by casting them.
So, the relevant parts of const.h are copied here and modified in order to
allow the constants to be uncasted in assembly and casted in C.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:43 +0000 (22:30 -0800)]
uml: clone.c tidying
clone.c needed some style attention -
updated copyright
include trimming
coding style
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:42 +0000 (22:30 -0800)]
uml: console driver cleanups
Console driver cleanups -
Changed an instance of foo = bar + foo to foo += bar
Removed checks of tty->stopped - I don't think the low-level
driver has any business looking at that
Removed an annoying warning
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is a short Kconfig fix for a problem in User Mode Linux. Frame pointers
are required for gprof support to work.
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:41 +0000 (22:30 -0800)]
uml: SMP needs to depend on BROKEN for now
SMP still needs to depend on BROKEN for now.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
WANG Cong [Tue, 5 Feb 2008 06:30:41 +0000 (22:30 -0800)]
uml: const and other tidying
This patch also does some improvements for uml code. Improvements include
dropping unnecessary cast, killing some unnecessary code and still some
constifying for pointers etc..
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:40 +0000 (22:30 -0800)]
uml: further bugs.c tidying
bugs.c, for both i386 and x86_64, can undergo further cleaning -
The i386 arch_check_bugs only does one thing, so we might as
well inline the cmov checking.
The i386 includes can be trimmed down a bit.
arch_init_thread wasn't used, so it is deleted.
The panics in arch_handle_signal are turned into printks
because the process is about to get segfaulted anyway, so something is
dying no matter what happens here. Also, the return value was always
the same, so it contained no information, so it can be void instead.
The name is changed to arch_examine_signal because it doesn't handle
anything.
The caller of arch_handle_signal, relay_signal, does things in
a different order. The kernel-mode signal check is now first, which
puts everything else together, making things a bit clearer conceptually.
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch finishes what the previous one started. The code was not used
after my first patch, and now can be removed with ease.
[ jdike - also deleted the #if 0 lcall stuff ]
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch introduces a new way of checking for the cmov instruction. I use
signal handling instead of reading /proc/cpuinfo.
[ jdike - Fiddled the asm to make it obvious that it didn't mess with
any in-use registers and made test_for_host_cmov void ]
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch updates links which broke during the transition to the new UML
website.
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:37 +0000 (22:30 -0800)]
uml: document new ubd flag
The ubd help message didn't document the 'c' flag.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:37 +0000 (22:30 -0800)]
uml: get rid of asmlinkage
Get rid of asmlinkage and remove some old cruft from asm/linkage.h.
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:36 +0000 (22:30 -0800)]
uml: implement get_wchan
Implement get_wchan - the algorithm is similar to x86. It starts with the
stack pointer of the process in question and looks above that for addresses
that are kernel text. The second one which isn't in the scheduler is the one
that's returned. The first one is ignored because that will be UML's own
context switching routine.
Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
WANG Cong [Tue, 5 Feb 2008 06:30:35 +0000 (22:30 -0800)]
uml: code tidying under arch/um/os-Linux
This patch contains varied fixes and improvements for some files under
arch/um/os-Linux/, such as a typo fix in a perror message, a missing
argument fix for a printf, some constifying for pointers and so on.
[ jdike - made sigprocmask failure return -errno instead of -1 ]
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch removes some code which ran at every boot, but does not seem to do
anything anymore. Please test. It works for me but mistakes can happen.
Signed-off-by: Karol Swietlicki <magotari@gmail.com> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff Dike [Tue, 5 Feb 2008 06:30:34 +0000 (22:30 -0800)]
uml: arch/um/include/init.h needs a definition of __used
init.h started breaking now for some reason. It turns out that there wasn't a
definition of __used. Fixed this by copying the relevant stuff from
compiler.h in the userspace case, and including compiler.h in the kernel case.
[xiyou.wangcong@gmail.com: added definition of __section] Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Julia Lawall [Tue, 5 Feb 2008 06:30:32 +0000 (22:30 -0800)]
arch/cris: add a missing iounmap
An extra error handling label is needed for the case where the ioremap has
succeeded.
The problem was detected using the following semantic match
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
type T,T1,T2;
identifier E;
statement S;
expression x1,x2;
constant C;
int ret;
@@
T E;
...
* E = ioremap(...);
if (E == NULL) S
... when != iounmap(E)
when != if (E != NULL) { ... iounmap(E); ...}
when != x1 = (T1)E
if (...) {
... when != iounmap(E)
when != if (E != NULL) { ... iounmap(E); ...}
when != x2 = (T2)E
(
* return;
|
* return C;
|
* return ret;
)
}
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk> Cc: Mikael Starvik <starvik@axis.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The cc-cross-prefix is new and developed on request from Geert Uytterhoeven.
With cc-cross-prefix it is now much easier to have a few default cross compile
prefixes and defaulting to none - if none of them were present. ARCH
maintainers are expected to pick up this feature soon.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Andreas Schwab <schwab@suse.de> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
b43: avoid unregistering device objects during suspend
Modify the b43 driver to avoid deadlocking suspend and resume, which happens
as a result of attempting to unregister device objects locked by the PM core
during suspend/resume cycles. Also, make it use a suspend-safe method of
unregistering device object in the resume error path.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Michael Buesch <mb@bu3sch.de> Cc: Pavel Machek <pavel@ucw.cz> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Len Brown <lenb@kernel.org> Cc: Greg KH <greg@kroah.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
leds: add possibility to remove leds classdevs during suspend/resume
Make it possible to unregister a led classdev object in a safe way during a
suspend/resume cycle.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Michael Buesch <mb@bu3sch.de> Cc: Pavel Machek <pavel@ucw.cz> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Len Brown <lenb@kernel.org> Cc: Greg KH <greg@kroah.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
HWRNG: add possibility to remove hwrng devices during suspend/resume
Make it possible to unregister a Hardware Random Number Generator
device object in a safe way during a suspend/resume cycle.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Michael Buesch <mb@bu3sch.de> Cc: Michael Buesch <mb@bu3sch.de> Cc: Pavel Machek <pavel@ucw.cz> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Len Brown <lenb@kernel.org> Cc: Greg KH <greg@kroah.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Misc: Add possibility to remove misc devices during suspend/resume
Make it possible to unregister a misc device object in a safe way during a
suspend/resume cycle.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Michael Buesch <mb@bu3sch.de> Cc: Pavel Machek <pavel@ucw.cz> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Len Brown <lenb@kernel.org> Cc: Greg KH <greg@kroah.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mark Gross [Tue, 5 Feb 2008 06:30:09 +0000 (22:30 -0800)]
latency.c: use QoS infrastructure
Replace latency.c use with pm_qos_params use.
Signed-off-by: mark gross <mgross@linux.intel.com> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Len Brown <lenb@kernel.org> Cc: Jaroslav Kysela <perex@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Cc: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mark Gross [Tue, 5 Feb 2008 06:30:08 +0000 (22:30 -0800)]
pm qos infrastructure and interface
The following patch is a generalization of the latency.c implementation done
by Arjan last year. It provides infrastructure for more than one parameter,
and exposes a user mode interface for processes to register pm_qos
expectations of processes.
This interface provides a kernel and user mode interface for registering
performance expectations by drivers, subsystems and user space applications on
one of the parameters.
Currently we have {cpu_dma_latency, network_latency, network_throughput} as
the initial set of pm_qos parameters.
The infrastructure exposes multiple misc device nodes one per implemented
parameter. The set of parameters implement is defined by pm_qos_power_init()
and pm_qos_params.h. This is done because having the available parameters
being runtime configurable or changeable from a driver was seen as too easy to
abuse.
For each parameter a list of performance requirements is maintained along with
an aggregated target value. The aggregated target value is updated with
changes to the requirement list or elements of the list. Typically the
aggregated target value is simply the max or min of the requirement values
held in the parameter list elements.
>From kernel mode the use of this interface is simple:
Will insert a named element in the list for that identified PM_QOS
parameter with the target value. Upon change to this list the new target is
recomputed and any registered notifiers are called only if the target value
is now different.
Will search the list identified by the param_id for the named list element
and then update its target value, calling the notification tree if the
aggregated target is changed. with that name is already registered.
pm_qos_remove_requirement(param_id, name):
Will search the identified list for the named element and remove it, after
removal it will update the aggregate target and call the notification tree
if the target was changed as a result of removing the named requirement.
>From user mode:
Only processes can register a pm_qos requirement. To provide for
automatic cleanup for process the interface requires the process to register
its parameter requirements in the following way:
To register the default pm_qos target for the specific parameter, the
process must open one of /dev/[cpu_dma_latency, network_latency,
network_throughput]
As long as the device node is held open that process has a registered
requirement on the parameter. The name of the requirement is
"process_<PID>" derived from the current->pid from within the open system
call.
To change the requested target value the process needs to write a s32
value to the open device node. This translates to a
pm_qos_update_requirement call.
To remove the user mode request for a target value simply close the device
node.
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: fix build again]
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: mark gross <mgross@linux.intel.com> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: Len Brown <lenb@kernel.org> Cc: Jaroslav Kysela <perex@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Cc: Arjan van de Ven <arjan@infradead.org> Cc: Venki Pallipadi <venkatesh.pallipadi@intel.com> Cc: Adam Belay <abelay@novell.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Piggin [Tue, 5 Feb 2008 06:30:04 +0000 (22:30 -0800)]
agp: alpha nopage
Convert AGP alpha driver from nopage to fault.
NULL is NOPAGE_SIGBUS, so we aren't changing behaviour there.
Signed-off-by: Nick Piggin <npiggin@suse.de> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samuel Thibault [Tue, 5 Feb 2008 06:30:03 +0000 (22:30 -0800)]
Alpha doesn't use socketcall
Alpha doesn't use socketcall and doesn't provide __NR_socketcall.
Signed-off-by: Samuel Thibault <samuel.thibault@citrix.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Tue, 5 Feb 2008 06:30:02 +0000 (22:30 -0800)]
alpha: atomic_add_return() should return int
Prevents stuff like
drivers/crypto/hifn_795x.c:2443: warning: format '%d' expects type 'int', but argument 4 has type 'long int'
drivers/crypto/hifn_795x.c:2443: warning: format '%d' expects type 'int', but argument 4 has type 'long int'
(at least).
Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Lucas Woods [Tue, 5 Feb 2008 06:30:01 +0000 (22:30 -0800)]
arch/alpha: remove duplicate includes
Signed-off-by: Lucas Woods <woodzy@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Paul Mundt [Tue, 5 Feb 2008 06:29:59 +0000 (22:29 -0800)]
nommu: add new vmalloc_user() and remap_vmalloc_range() interfaces.
This builds on top of the earlier vmalloc_32_user() work introduced by b50731732f926d6c49fd0724616a7344c31cd5cf, as we now have places in the nommu
allmodconfig that hit up against these missing APIs.
As vmalloc_32_user() is already implemented, this is moved over to
vmalloc_user() and simply made a wrapper. As all current nommu platforms are
32-bit addressable, there's no special casing we have to do for ZONE_DMA and
things of that nature as per GFP_VMALLOC32.
remap_vmalloc_range() needs to check VM_USERMAP in order to figure out whether
we permit the remap or not, which means that we also have to rework the
vmalloc_user() code to grovel for the VMA and set the flag.
Signed-off-by: Paul Mundt <lethal@linux-sh.org> Acked-by: David McCullough <david_mccullough@securecomputing.com> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Greg Ungerer <gerg@snapgear.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
FRV: move DMA macros to scatterlist.h for consistency.
To be consistent with other architectures, these two DMA macros should
be defined in scatterlist.h as opposed to dma-mapping.h
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Tue, 5 Feb 2008 06:29:53 +0000 (22:29 -0800)]
FRV: permit the memory to be located elsewhere in NOMMU mode
Permit the memory to be located somewhere other than address 0xC0000000 in
NOMMU mode. The configuration options are already present, it just
requires wiring up in the linker script.
Note that only a limited set of locations of runtime addresses are available
because of the way the CPU protection registers work.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Casey Schaufler [Tue, 5 Feb 2008 06:29:50 +0000 (22:29 -0800)]
Smack: Simplified Mandatory Access Control Kernel
Smack is the Simplified Mandatory Access Control Kernel.
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC,
and other tasks. Smack is a kernel based scheme that requires
an absolute minimum of application support and a very small
amount of configuration data.
Smack uses extended attributes and
provides a set of general mount options, borrowing technics used
elsewhere. Smack uses netlabel for CIPSO labeling. Smack provides
a pseudo-filesystem smackfs that is used for manipulation of
system Smack attributes.
The patch, patches for ls and sshd, a README, a startup script,
and x86 binaries for ls and sshd are also available on
http://www.schaufler-ca.com
Development has been done using Fedora Core 7 in a virtual machine
environment and on an old Sony laptop.
Smack provides mandatory access controls based on the label attached
to a task and the label attached to the object it is attempting to
access. Smack labels are deliberately short (1-23 characters) text
strings. Single character labels using special characters are reserved
for system use. The only operation applied to Smack labels is equality
comparison. No wildcards or expressions, regular or otherwise, are
used. Smack labels are composed of printable characters and may not
include "/".
A file always gets the Smack label of the task that created it.
1. Any access requested by a task labeled "*" is denied.
2. A read or execute access requested by a task labeled "^"
is permitted.
3. A read or execute access requested on an object labeled "_"
is permitted.
4. Any access requested on an object labeled "*" is permitted.
5. Any access requested by a task on an object with the same
label is permitted.
6. Any access requested that is explicitly defined in the loaded
rule set is permitted.
7. Any other access is denied.
Rules may be explicitly defined by writing subject,object,access
triples to /smack/load.
Smack rule sets can be easily defined that describe Bell&LaPadula
sensitivity, Biba integrity, and a variety of interesting
configurations. Smack rule sets can be modified on the fly to
accommodate changes in the operating environment or even the time
of day.
Some practical use cases:
Hierarchical levels. The less common of the two usual uses
for MLS systems is to define hierarchical levels, often
unclassified, confidential, secret, and so on. To set up smack
to support this, these rules could be defined:
C Unclass rx
S C rx
S Unclass rx
TS S rx
TS C rx
TS Unclass rx
A TS process can read S, C, and Unclass data, but cannot write it.
An S process can read C and Unclass. Note that specifying that
TS can read S and S can read C does not imply TS can read C, it
has to be explicitly stated.
Non-hierarchical categories. This is the more common of the
usual uses for an MLS system. Since the default rule is that a
subject cannot access an object with a different label no
access rules are required to implement compartmentalization.
A case that the Bell & LaPadula policy does not allow is demonstrated
with this Smack access rule:
A case that Bell&LaPadula does not allow that Smack does:
ESPN ABC r
ABC ESPN r
On my portable video device I have two applications, one that
shows ABC programming and the other ESPN programming. ESPN wants
to show me sport stories that show up as news, and ABC will
only provide minimal information about a sports story if ESPN
is covering it. Each side can look at the other's info, neither
can change the other. Neither can see what FOX is up to, which
is just as well all things considered.
Another case that I especially like:
SatData Guard w
Guard Publish w
A program running with the Guard label opens a UDP socket and
accepts messages sent by a program running with a SatData label.
The Guard program inspects the message to ensure it is wholesome
and if it is sends it to a program running with the Publish label.
This program then puts the information passed in an appropriate
place. Note that the Guard program cannot write to a Publish
file system object because file system semanitic require read as
well as write.
The four cases (categories, levels, mutual read, guardbox) here
are all quite real, and problems I've been asked to solve over
the years. The first two are easy to do with traditonal MLS systems
while the last two you can't without invoking privilege, at least
for a while.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: Joshua Brindle <method@manicmethod.com> Cc: Paul Moore <paul.moore@hp.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Cc: James Morris <jmorris@namei.org> Cc: "Ahmed S. Darwish" <darwish.07@gmail.com> Cc: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Paul Moore [Tue, 5 Feb 2008 06:29:47 +0000 (22:29 -0800)]
NetLabel: introduce a new kernel configuration API for NetLabel
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Serge E. Hallyn [Tue, 5 Feb 2008 06:29:47 +0000 (22:29 -0800)]
oom_kill: remove uid==0 checks
Root processes are considered more important when out of memory and killing
proceses. The check for CAP_SYS_ADMIN was augmented with a check for
uid==0 or euid==0.
There are several possible ways to look at this:
1. uid comparisons are unnecessary, trust CAP_SYS_ADMIN
alone. However CAP_SYS_RESOURCE is the one that really
means "give me extra resources" so allow for that as
well.
2. Any privileged code should be protected, but uid is not
an indication of privilege. So we should check whether
any capabilities are raised.
3. uid==0 makes processes on the host as well as in containers
more important, so we should keep the existing checks.
4. uid==0 makes processes only on the host more important,
even without any capabilities. So we should be keeping
the (uid==0||euid==0) check but only when
userns==&init_user_ns.
I'm following number 1 here.
Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Andrew Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Serge E. Hallyn [Tue, 5 Feb 2008 06:29:45 +0000 (22:29 -0800)]
capabilities: introduce per-process capability bounding set
The capability bounding set is a set beyond which capabilities cannot grow.
Currently cap_bset is per-system. It can be manipulated through sysctl,
but only init can add capabilities. Root can remove capabilities. By
default it includes all caps except CAP_SETPCAP.
This patch makes the bounding set per-process when file capabilities are
enabled. It is inherited at fork from parent. Noone can add elements,
CAP_SETPCAP is required to remove them.
One example use of this is to start a safer container. For instance, until
device namespaces or per-container device whitelists are introduced, it is
best to take CAP_MKNOD away from a container.
The bounding set will not affect pP and pE immediately. It will only
affect pP' and pE' after subsequent exec()s. It also does not affect pI,
and exec() does not constrain pI'. So to really start a shell with no way
of regain CAP_MKNOD, you would do
The following test program will get and set the bounding
set (but not pI). For instance
./bset get
(lists capabilities in bset)
./bset drop cap_net_raw
(starts shell with new bset)
(use capset, setuid binary, or binary with
file capabilities to try to increase caps)
Andrew Morgan [Tue, 5 Feb 2008 06:29:43 +0000 (22:29 -0800)]
Remove unnecessary include from include/linux/capability.h
KaiGai Kohei observed that this line in the linux header is not needed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Cc: KaiGai Kohei <kaigai@kaigai.gr.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morgan [Tue, 5 Feb 2008 06:29:42 +0000 (22:29 -0800)]
Add 64-bit capability support to the kernel
The patch supports legacy (32-bit) capability userspace, and where possible
translates 32-bit capabilities to/from userspace and the VFS to 64-bit
kernel space capabilities. If a capability set cannot be compressed into
32-bits for consumption by user space, the system call fails, with -ERANGE.
FWIW libcap-2.00 supports this change (and earlier capability formats)
We want to keep the vfs_cap_data.data[] structure, using two 'data's for
64-bit caps (and later three for 96-bit caps), whereas b68680e4731abbd78863063aaa0dca2a6d8cc723 had gotten rid of the 'data' struct
made its members inline.
The 64-bit caps patch keeps the stack abuse fix at get_file_caps(), which was
the more important part of that patch.
[akpm@linux-foundation.org: coding-style fixes] Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Serge Hallyn <serue@us.ibm.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: James Morris <jmorris@namei.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Andrew Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>