kernel September 2007

kernel@lists.fedoraproject.org

18 participants
15 discussions

enable CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
by Eric Paris 12 Sep '07

12 Sep '07

I want to enable CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT in the fedora kernel series. First let me say there are almost no users at all of the SELinux networking controls at all (old=netif or new=secmark) and we do provide a flag (/selinux/compat_net) for userspace to turn it back to the old stuff if a user needs. What few users I do know who use the network controls run RHEL not fedora. RHEL5 actually shipped with this enabled. I made that choice namely because there is a performance hit with the 'old style' network controls and the new secmark controls have a much smaller penalty. I just can't see a reason to make everyone who uses Fedora pay a performance hit for network controls which never enforce any security goal, are probably going to be removed upstream, and noone uses anyway. -Eric --- tmp/config-2.6.23-0.174.rc6.fc8 2007-09-13 00:18:00.000000000 -0400 +++ tmp/config-2.6.23-0.174.rc6.fc8.new 2007-09-13 00:18:39.000000000 -0400 @@ -3330,7 +3330,7 @@ CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 -# CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT is not set +CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set CONFIG_XOR_BLOCKS=m CONFIG_ASYNC_CORE=m

1 0

more utrace updates committed
by Roland McGrath 11 Sep '07

11 Sep '07

I committed another utrace update to both devel/ and F-7/. (There were multiple updates over the course of Tuesday.) The 2.6.22 backport is in now fully in synch with the tip. The current code is believed to fix outstanding F-7 bugs #248532, #267161, and #284311. Thanks, Roland P.S. I rewrote scripts/pull-upstream.sh as follows and used the same for F-7 with s/2.6-current/2.6.22/. I haven't checked these in. #!/bin/bash url=http://people.redhat.com/roland/utrace/2.6-current wget -q -O /dev/stdout $url/series | grep 'patch$' | while read i do rm -f linux-2.6-$i wget -nv -O linux-2.6-$i $url/$i done

1 0

[PATCH] Add iSCSI iBFT patch to the kernel.
by Konrad Rzeszutek 10 Sep '07

10 Sep '07

The patch below has been tested on a bunch of HP, Dell, NEC, and IBM machines by me and works without trouble. I was humbly wondering if Fedora kernel community would be OK picking this patch it up so that it can be tested on some other platforms before I go forth on LKML with it? And obviously, any comments on the patch are much appreciated. The testing is to make sure that this patch does not panic the box when it scans the memory (find_ibft function). For those that don't know what iSCSI is, here is a nice description: http://en.wikipedia.org/wiki/ISCSI and here http://linux-iscsi.sourceforge.net/ The issue at hand is to support iSCSI boot automatically. Right now when Fedora Core is installed on a iSCSI target and booted up from a NIC that supports software iSCSI initiator (the NIC firmware "exports" a disk) all the connection information (IQN, IP, CHAP password, etc) are all hard-coded in the initrd. This is OK, except when the password changes (and programmed in the NIC) the initrd can't boot anymore (unless the system admin also logged in the machine and changed the settings and re-created the initrd before rebooting the box). The goal is to have the initrd able to extract the iSCSI information from the NIC and use them. The patch below is one step in making this goal. The other necessary parts for this are to have iscsi-initirator-utils support this (upstream has the patches for this), and anaconda (not yet there). Thank you for your time. ----- PATCH: ----- This patch adds a /sysfs/firmware/ibft/table binary blob which exports the iSCSI Boot Firmware Table (iBFT) structure. What is iSCSI Boot Firmware Table? It is a mechanism for the iSCSI tools to extract from the machine NICs the iSCSI connection information so that they can automagically mount the iSCSI share/target. Currently the iSCSI information is hard-coded in the initrd. To enable this please set CONFIG_ISCSI_IBFT to m. The full details of the structure are located at: ftp://ftp.software.ibm.com/systems/support/system_x_pdf/ibm_iscsi_boot_firm… Signed-off-by: Konrad Rzeszutek <konradr(a)linux.vnet.ibm.com> Signed-off-by: Peter Jones <pjones(a)redhat.com> diff --git a/arch/i386/kernel/setup.c b/arch/i386/kernel/setup.c index d474cd6..11d700f 100644 --- a/arch/i386/kernel/setup.c +++ b/arch/i386/kernel/setup.c @@ -46,7 +46,7 @@ #include <linux/kexec.h> #include <linux/crash_dump.h> #include <linux/dmi.h> #include <linux/pfn.h> - +#include <linux/iscsi_ibft.h> #include <video/edid.h> #include <asm/apic.h> @@ -150,6 +150,9 @@ static inline void copy_edd(void) } #endif +void *ibft_phys; +EXPORT_SYMBOL(ibft_phys); + int __initdata user_defined_memmap = 0; /* @@ -456,6 +459,15 @@ #ifdef CONFIG_KEXEC reserve_bootmem(crashk_res.start, crashk_res.end - crashk_res.start + 1); #endif + + /* Scan for an iBFT (iSCSI Boot Firmware Table) */ + { + unsigned int ibft_len = find_ibft(); + if (ibft_len) + /* The specs says to scan for the table between 512k to 1MB. + We reserve it n case it is in the e820 RAM section. */ + reserve_bootmem(ibft_phys, PAGE_ALIGN(ibft_len)); + } } /* diff --git a/arch/x86_64/kernel/setup.c b/arch/x86_64/kernel/setup.c index af838f6..0d12775 100644 --- a/arch/x86_64/kernel/setup.c +++ b/arch/x86_64/kernel/setup.c @@ -44,6 +44,7 @@ #include <linux/cpufreq.h> #include <linux/dmi.h> #include <linux/dma-mapping.h> #include <linux/ctype.h> +#include <linux/iscsi_ibft.h> #include <asm/mtrr.h> #include <asm/uaccess.h> @@ -196,6 +197,9 @@ static inline void copy_edd(void) } #endif +void *ibft_phys; +EXPORT_SYMBOL(ibft_phys); + #define EBDA_ADDR_POINTER 0x40E unsigned __initdata ebda_addr; @@ -365,6 +369,15 @@ #ifdef CONFIG_KEXEC crashk_res.end - crashk_res.start + 1); } #endif + /* Scan for an iBFT (iSCSI Boot Firmware Table) */ + { + unsigned int ibft_len = find_ibft(); + if (ibft_len) + /* The specs says to scan for the table between 512k to 1MB. + We reserve it in case it is in the e820 RAM section. */ + reserve_bootmem_generic((unsigned long)ibft_phys, + PAGE_ALIGN(ibft_len)); + } paging_init(); diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig index 05f02a3..2d9f01a 100644 --- a/drivers/firmware/Kconfig +++ b/drivers/firmware/Kconfig @@ -93,4 +93,14 @@ config DMIID information from userspace through /sys/class/dmi/id/ or if you want DMI-based module auto-loading. +config ISCSI_IBFT + tristate "iSCSI Boot Firmware Table Attributes" + depends on X86 + default n + help + This option enables support for detection of an iSCSI + Boot Firmware Table (iBFT). If you wish to detect iSCSI boot + parameters dynamically during system boot, say Y. + Otherwise, say N. + endmenu diff --git a/drivers/firmware/Makefile b/drivers/firmware/Makefile index 8d4ebc8..b6319f7 100644 --- a/drivers/firmware/Makefile +++ b/drivers/firmware/Makefile @@ -8,3 +8,4 @@ obj-$(CONFIG_EFI_PCDP) += pcdp.o obj-$(CONFIG_DELL_RBU) += dell_rbu.o obj-$(CONFIG_DCDBAS) += dcdbas.o obj-$(CONFIG_DMIID) += dmi-id.o +obj-$(CONFIG_ISCSI_IBFT) += iscsi_ibft.o diff --git a/drivers/firmware/iscsi_ibft.c b/drivers/firmware/iscsi_ibft.c new file mode 100644 index 0000000..b3767fe --- /dev/null +++ b/drivers/firmware/iscsi_ibft.c @@ -0,0 +1,201 @@ +/* + * drivers/firmware/iscsi_ibft.c + * Copyright 2007 Red Hat, Inc. + * by Peter Jones <pjones(a)redhat.com> + * Copyright 2007 IBM + * by Konrad Rzeszutek <konradr(a)us.ibm.com> + * + * This code exposes the the iSCSI Boot Format Table to userland via sysfs. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License v2.0 as published by + * the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <linux/module.h> +#include <linux/string.h> +#include <linux/types.h> +#include <linux/init.h> +#include <linux/stat.h> +#include <linux/err.h> +#include <linux/ctype.h> +#include <linux/slab.h> +#include <linux/limits.h> +#include <linux/device.h> +#include <linux/pci.h> +#include <linux/blkdev.h> + +#include <linux/iscsi_ibft.h> + +#define ISCSI_IBFT_VERSION "0.2" +#define ISCSI_IBFT_DATE "2007-Aug-29" + +MODULE_AUTHOR +("Peter Jones <pjones(a)redhat.com> and Konrad Rzeszutek <konradr(a)us.ibm.com>"); +MODULE_DESCRIPTION("sysfs interface to BIOS iBFT information"); +MODULE_LICENSE("GPL"); +MODULE_VERSION(ISCSI_IBFT_VERSION); + + +static void ibft_release(struct kobject *kobj) +{ + struct ibft_device *ibft = container_of(kobj, struct ibft_device, kobj); + kfree(ibft->hdr); + kfree(ibft); +} + +static ssize_t +ibft_read_binary(struct kobject *kobj, struct bin_attribute *attr, char *buf, + loff_t off, size_t count) +{ + + struct ibft_device *ibft = container_of(kobj, struct ibft_device, kobj); + ssize_t len = ibft->hdr->length; + + if (off > len) + return 0; + + if (off + count > len) + count = len - off; + + memcpy(buf, ibft->hdr + off, count); + + return count; +} +static int +ibft_mmap_binary(struct kobject *kobj, struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + struct ibft_device *ibft = container_of(kobj, struct ibft_device, kobj); + ssize_t len = ibft->hdr->length; + unsigned long start = vma->vm_start; + unsigned long size = vma->vm_end - vma->vm_start; + unsigned long off = vma->vm_pgoff << PAGE_SHIFT; + unsigned long pos; + unsigned long pfn; + int i; + + pos = (unsigned long)ibft->hdr; + + if (off > len) + return -EINVAL; + + if (vma->vm_flags & VM_WRITE) + return -EPERM; + + for (i = 0; i < len; i += PAGE_SIZE) { + pfn = virt_to_phys((void *)(pos + off)) >> PAGE_SHIFT; + if (remap_pfn_range + (vma, start, pfn, PAGE_SIZE, vma->vm_page_prot)) + return -EAGAIN; + start += PAGE_SIZE; + if (size <= PAGE_SIZE) + break; + size -= PAGE_SIZE; + } + return 0; +} +static struct bin_attribute ibft_attribute_binary = { + .attr = { + .name = "binary", + .mode = S_IRUSR, + .owner = THIS_MODULE, + }, + .read = ibft_read_binary, + .write = NULL, + .mmap = ibft_mmap_binary +}; +static struct kobj_type ktype_ibft = { + .release = ibft_release, +}; + +static decl_subsys(ibft, &ktype_ibft, NULL); + +static int ibft_device_register(struct ibft_device *idev) +{ + int error = 0; + int len = 0; + struct ibft_header *hdr; + + if (!idev) + return 1; + + /* Copy over the data */ + hdr = (struct ibft_header *)phys_to_virt((unsigned long)ibft_phys); + len = hdr->length; + + /* Need PAGE_ALING for mmap functionality. */ + idev->hdr = kzalloc(PAGE_ALIGN(len), GFP_KERNEL); + if (!idev->hdr) + return -ENOMEM; + + memcpy(idev->hdr, hdr, len); + + /* This is firmware/ibft */ + kobject_set_name(&idev->kobj, "table"); + kobj_set_kset_s(idev, ibft_subsys); + error = kobject_register(&idev->kobj); + + if (!error) { + ibft_attribute_binary.size = idev->hdr->length; + error = + sysfs_create_bin_file(&idev->kobj, &ibft_attribute_binary); + } + + /* The de-allocation part is done by module_exit() */ + return error; +} + +static struct ibft_device *ibft_idev; +/* + * ibft_init() - creates sysfs tree entry for ibft data + */ +static int __init ibft_init(void) +{ + int rc = 0; + + printk(KERN_INFO "BIOS iBFT facility v%s %s\n", ISCSI_IBFT_VERSION, + ISCSI_IBFT_DATE); + + if (!ibft_phys) + find_ibft(); + + /* What if the ibft_subsys is underneath another struct? */ + rc = firmware_register(&ibft_subsys); + if (rc) + return rc; + + if (ibft_phys) { + printk(KERN_INFO "iBFT detected at 0x%lx.\n", + (unsigned long)ibft_phys); + ibft_idev = kzalloc(sizeof(*ibft_idev), GFP_KERNEL); + if (!ibft_idev) + return -ENOMEM; + + rc = ibft_device_register(ibft_idev); + if (rc) { + kfree(ibft_idev); + return rc; + } + } else { + printk(KERN_INFO "No iBFT detected.\n"); + } + return rc; +} + +static void __exit ibft_exit(void) +{ + if (ibft_idev) + kobject_unregister(&ibft_idev->kobj); + + firmware_unregister(&ibft_subsys); + printk(KERN_INFO "BIOS iBFT unloaded.\n"); +} + +module_init(ibft_init); +module_exit(ibft_exit); diff --git a/include/linux/iscsi_ibft.h b/include/linux/iscsi_ibft.h new file mode 100644 index 0000000..5e7b267 --- /dev/null +++ b/include/linux/iscsi_ibft.h @@ -0,0 +1,58 @@ +#ifndef ISCSI_IBFT_H +#define ISCSI_IBFT_H + +extern void *ibft_phys; + +struct ibft_header { + char signature[4]; + u32 length; + u8 revision; + u8 checksum; + char oem_id[6]; + char oem_table_id[8]; + char reserved[24]; +}; + +struct ibft_device { + struct ibft_header *hdr; + struct kobject kobj; +}; + +#if defined(CONFIG_ISCSI_IBFT) || defined(CONFIG_ISCSI_IBFT_MODULES) + +#define IBFT_SIGN "iBFT" +#define IBFT_SIGN_LEN 4 +#define IBFT_START 0x80000 /* 512kB */ +#define IBFT_END 0x100000 /* 1MB */ +#define VGA_MEM 0xA0000 /* VGA buffer */ +#define VGA_SIZE 0x20000 /* 132kB */ +static inline ssize_t find_ibft(void) +{ + unsigned long pos; + for (pos = IBFT_START; pos < IBFT_END; pos += 16) { + void *virt; + /* The table can't be inside the VGA BIOS reserved space, + * so skip that area */ + if (pos == VGA_MEM-PAGE_SIZE) + pos += VGA_SIZE+PAGE_SIZE; + virt = phys_to_virt(pos); + if (memcmp(virt, IBFT_SIGN, IBFT_SIGN_LEN) == 0) { + unsigned long *addr = + (unsigned long *)phys_to_virt(pos + 4); + unsigned int len = *addr; + /* if the length of the table extends past 1M, + * the table cannot be valid. */ + if (pos + len <= (IBFT_END-1)) { + ibft_phys = (void *)pos; + return len; + } + } + } + return 0; +} + +#else + +static inline ssize_t find_ibft(void) { return 0; }; +#endif +#endif /* ISCSI_IBFT_H */ -- Konrad Rzeszutek 1-(978)-392-3903 or 1-(617)-693-1718 IBM on-site partner.

1 0

Re: 2.6.23 and newer kernel and option ACPI_PROC_EVENT.
by David Zeuthen 08 Sep '07

08 Sep '07

(Moving from fedora-devel-list to fedora-kernel-list) On Wed, 2007-08-29 at 17:14 -0400, Dave Jones wrote: > On Wed, Aug 29, 2007 at 11:38:04AM +0200, Zdenek Prikryl wrote: > > > > > I think acpid will have to be ported to this new ABI. > > > > > Yes, acpid will have to be ported, but it takes some time. But > > meanwhile, I think it is useful to enable old code. > > Yes, I'll turn it back on for F8. I disabled it to find out > just how much stuff is depending on it. Seems just acpid :-) Also hal. We still need /proc/acpi/event as the ACPI battery and ac_adapter drivers in the kernel haven't been ported to use sysfs. Hence, without the /proc/acpi/event socket we don't get change notifications [1]. Actually I'm unsure what the sysfs interfaces will end up looking like and how change notification will work. Does anyone know? I know dwmw2 did some work here (for OLPC) defining a sysfs class but I've also seen other patches with different interfaces fly by. Richard added support in hal for at least one of these [2] so maybe it will just work out of the box. dwmw2? David [1] : Actually we do poll all battery and ac_adapter devices every 30 secs (because some hardware is broken) so the changes are propagated to policy agents like gnome-power-manager with a 0-30 sec delay. [2] : http://gitweb.freedesktop.org/?p=hal.git;a=commitdiff;h=356ccdfa3bbf64648c4…

2 1

kernel spec changes for custom mm builds
by Nicolas Mailhot 02 Sep '07

02 Sep '07

Hi, Are the following changes totally insane, or could they be considered for merging? (partially build-tested, got to the point the -mm build didn't like me, I need to tweak my config file) Regards, -- Nicolas Mailhot

1 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

kernel September 2007