subject:"2.6.19\-rc6\-rt5"

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Ingo Molnar


* Mark Knecht <[EMAIL PROTECTED]> wrote:

> Forwarding it off list.
> 
> Thanks Ingo. I'm very interested if it works for you to do this.

i've integrated it into -rt (see the patch below), but i marked it 
obsolete and i might not be able to carry it for long - we'll see. The 
preferred solution is to use newer PAM and its rt-limits features. But 
to ease migration i'll keep the realtime-lsm for a while.

Ingo
---
 security/Kconfig   |9 +++
 security/Makefile  |1 
 security/realcap.c |  147 +
 3 files changed, 157 insertions(+)

Index: linux/security/Kconfig
===
--- linux.orig/security/Kconfig
+++ linux/security/Kconfig
@@ -80,6 +80,15 @@ config SECURITY_CAPABILITIES
  This enables the "default" Linux capabilities functionality.
  If you are unsure how to answer this question, answer Y.
 
+config REALTIME_CAPABILITIES
+   tristate "Real-Time LSM (Obsolete)"
+   depends on SECURITY && EXPERIMENTAL
+   help
+ This is an obsolete LSM - use newer PAM and rt-limites
+ to manage your real-time apps.
+
+ If you are unsure how to answer this question, answer N.
+
 config SECURITY_ROOTPLUG
tristate "Root Plug Support"
depends on USB && SECURITY
Index: linux/security/Makefile
===
--- linux.orig/security/Makefile
+++ linux/security/Makefile
@@ -15,4 +15,5 @@ obj-$(CONFIG_SECURITY)+= security.o d
 # Must precede capability.o in order to stack properly.
 obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)+= commoncap.o capability.o
+obj-$(COMMON_REALTIME_CAPABILITIES)+= commoncap.o realcap.o
 obj-$(CONFIG_SECURITY_ROOTPLUG)+= commoncap.o root_plug.o
Index: linux/security/realcap.c
===
--- /dev/null
+++ linux/security/realcap.c
@@ -0,0 +1,147 @@
+/*
+ * Realtime Capabilities Linux Security Module
+ *
+ *  Copyright (C) 2003 Torben Hohn
+ *  Copyright (C) 2003, 2004 Jack O'Quin
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#include 
+#include 
+
+#define RT_LSM "Realtime LSM " /* syslog module name prefix */
+#define RT_ERR "Realtime: "/* syslog error message prefix */
+
+#include 
+MODULE_INFO(vermagic,VERMAGIC_STRING);
+
+/* module parameters
+ *
+ *  These values could change at any time due to some process writing
+ *  a new value in /sys/module/realtime/parameters.  This is OK,
+ *  because each is referenced only once in each function call.
+ *  Nothing depends on parameters having the same value every time.
+ */
+
+/* if TRUE, any process is realtime */
+static int rt_any;
+module_param_named(any, rt_any, int, 0644);
+MODULE_PARM_DESC(any, " grant realtime privileges to any process.");
+
+/* realtime group id, or NO_GROUP */
+static int rt_gid = -1;
+module_param_named(gid, rt_gid, int, 0644);
+MODULE_PARM_DESC(gid, " the group ID with access to realtime privileges.");
+
+/* enable mlock() privileges */
+static int rt_mlock = 1;
+module_param_named(mlock, rt_mlock, int, 0644);
+MODULE_PARM_DESC(mlock, " enable memory locking privileges.");
+
+/* helper function for testing group membership */
+static inline int gid_ok(int gid)
+{
+   if (gid == -1)
+   return 0;
+
+   if (gid == current->gid)
+   return 1;
+
+   return in_egroup_p(gid);
+}
+
+static void realtime_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
+{
+   cap_bprm_apply_creds(bprm, unsafe);
+
+   /*  If a non-zero `any' parameter was specified, we grant
+*  realtime privileges to every process.  If the `gid'
+*  parameter was specified and it matches the group id of the
+*  executable, of the current process or any supplementary
+*  groups, we grant realtime capabilites.
+*/
+
+   if (rt_any || gid_ok(rt_gid)) {
+   cap_raise(current->cap_effective, CAP_SYS_NICE);
+   if (rt_mlock) {
+   cap_raise(current->cap_effective, CAP_IPC_LOCK);
+   cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+   }
+   }
+}
+
+static struct security_operations capability_ops = {
+   .ptrace =   cap_ptrace,
+   .capget =   cap_capget,
+   .capset_check = cap_capset_check,
+   .capset_set =   cap_capset_set,
+   .capable =  cap_capable,
+   .netlink_send = cap_netlink_send,
+   .netlink_recv =

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Mark Knecht


Forwarding it off list.

Thanks Ingo. I'm very interested if it works for you to do this.

Cheers,
Mark

On 11/28/06, Ingo Molnar <[EMAIL PROTECTED]> wrote:


* Lee Revell <[EMAIL PROTECTED]> wrote:

> >I know there were some comments awhile back about being required
> > to switch to PAM. Has that occurred?
> >
> >If not then there is a regression issue for realtime-lsm.
>
> As Realtime LSM is an out of tree module and there's no stable kernel
> module API it's impossible to prevent regressions.
>
> That being said, the realtime LSM patch is so simple that it should
> work - how exactly does it fail?

i can include it in -rt if it's simple enough - if someone's interested
then please send me a patch.

Ingo


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Ingo Molnar


* Lee Revell <[EMAIL PROTECTED]> wrote:

> >I know there were some comments awhile back about being required 
> > to switch to PAM. Has that occurred?
> > 
> >If not then there is a regression issue for realtime-lsm.
> 
> As Realtime LSM is an out of tree module and there's no stable kernel 
> module API it's impossible to prevent regressions.
> 
> That being said, the realtime LSM patch is so simple that it should 
> work - how exactly does it fail?

i can include it in -rt if it's simple enough - if someone's interested 
then please send me a patch.

Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Lee Revell

On Tue, 2006-11-28 at 11:53 -0800, Mark Knecht wrote:
> I know you've pushed
> me to move to PAM telling me realtime-lsm wasn't going to work in the
> future. I really just wanted to know that PAM was now a requirement
> instead of only best practice. 

I said it was not guaranteed to work.  It should work as long as someone
maintains it.

I don't think anyone expected it to take so long for distros to update
their PAM packages so as to make patching the kernel unnecessary.

Lee

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Mark Knecht

On 11/28/06, Lee Revell <[EMAIL PROTECTED]> wrote:

On Wed, 2006-11-22 at 06:06 -0800, Mark Knecht wrote:
> Ingo,
>I started building the new kernels a few days ago with your
> 2.6.19-rc6-rt0 announcement. The kernels have built fine but so far I
> am unable to build the realtime-lsm package against them so no reason
> to reboot.
>
>I know there were some comments awhile back about being required to
> switch to PAM. Has that occurred?
>
>If not then there is a regression issue for realtime-lsm.

As Realtime LSM is an out of tree module and there's no stable kernel
module API it's impossible to prevent regressions.

That being said, the realtime LSM patch is so simple that it should work
- how exactly does it fail?

Lee

Hi Lee,
  The failure is a Gentoo sandbax failure. On the surface of it I
didn't really think it was a kernel problem but I know you've pushed
me to move to PAM telling me realtime-lsm wasn't going to work in the
future. I really just wanted to know that PAM was now a requirement
instead of only best practice.

Thanks,
Mark
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Lee Revell

On Wed, 2006-11-22 at 06:06 -0800, Mark Knecht wrote:
> Ingo,
>I started building the new kernels a few days ago with your
> 2.6.19-rc6-rt0 announcement. The kernels have built fine but so far I
> am unable to build the realtime-lsm package against them so no reason
> to reboot.
> 
>I know there were some comments awhile back about being required to
> switch to PAM. Has that occurred?
> 
>If not then there is a regression issue for realtime-lsm. 

As Realtime LSM is an out of tree module and there's no stable kernel
module API it's impossible to prevent regressions.

That being said, the realtime LSM patch is so simple that it should work
- how exactly does it fail?

Lee

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-28 Thread Ingo Molnar


* Karsten Wiese <[EMAIL PROTECTED]> wrote:

> this fixes issues like rmmod hanging and inodes leaking.

thanks ... i have reverted the other dcache.c changes as well.

Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-26 Thread Karsten Wiese

> i've released the 2.6.19-rc6-rt5 tree, which can be downloaded from the 

Hi

this fixes issues like rmmod hanging and inodes leaking.

  Karsten

--- fs/dcache.c~2006-11-21 11:25:11.0 +0100
+++ fs/dcache.c 2006-11-26 15:20:31.0 +0100
@@ -150,7 +150,7 @@ void dput(struct dentry *dentry)
 repeat:
if (atomic_read(&dentry->d_count) == 1)
might_sleep();
-   if (atomic_dec_and_test(&dentry->d_count))
+   if (!atomic_dec_and_test(&dentry->d_count))
return;
 
spin_lock(&dentry->d_lock);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.19-rc6-rt5

2006-11-25 Thread Thomas

Something is really wrong with page alloc on this one. Compiled 2.6.19-rc6-rt5
with the one patch to page_alloc.c as posted on the list here.

Kernel uses around 50% mem and 30% swap without doing anything.
I get a lot of these:

X invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0
 [] out_of_memory+0x176/0x1d0
 [] __alloc_pages+0x286/0x2f0
 [] __get_free_pages+0x46/0x60
 [] __pollwait+0xb0/0x100
 [] unix_poll+0xc6/0xd0
 [] sock_poll+0x23/0x30
 [] do_select+0x288/0x4c0
 [] __pollwait+0x0/0x100
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] default_wake_function+0x0/0x20
 [] core_sys_select+0x223/0x360
 [] __schedule+0x2e9/0x6b0
 [] convert_fxsr_from_user+0x22/0xf0
 [] sys_select+0xff/0x1e0
 [] sys_gettimeofday+0x3b/0x90
 [] sysenter_past_esp+0x56/0x79
 ===
Mem-info:
DMA per-cpu:
CPU0: Hot: hi:0, btch:   1 usd:   0   Cold: hi:0, btch:   1 usd:   0
Normal per-cpu:
CPU0: Hot: hi:  186, btch:  31 usd:  31   Cold: hi:   62, btch:  15 usd:  58
HighMem per-cpu:
CPU0: Hot: hi:  186, btch:  31 usd:  66   Cold: hi:   62, btch:  15 usd:  14
Active:111463 inactive:36109 dirty:0 writeback:0 unstable:0 free:4018
slab:163934 mapped:26114 pagetables:874
DMA free:3560kB min:68kB low:84kB high:100kB active:396kB inactive:356kB
present:16256kB pages_scanned:1370 all_unreclaimable? yes
lowmem_reserve[]: 0 873 1254
Normal free:3720kB min:3744kB low:4680kB high:5616kB active:111304kB
inactive:108296kB present:894080kB pages_scanned:339028 all_unreclaimable? yes
lowmem_reserve[]: 0 0 3047
HighMem free:8792kB min:380kB low:788kB high:1196kB active:334152kB
inactive:35784kB present:390084kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA: 0*4kB 1*8kB 0*16kB 1*32kB 1*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB
0*4096kB = 3560kB
Normal: 0*4kB 5*8kB 0*16kB 1*32kB 1*64kB 0*128kB 0*256kB 1*512kB 1*1024kB
1*2048kB 0*4096kB = 3720kB
HighMem: 924*4kB 517*8kB 40*16kB 2*32kB 0*64kB 0*128kB 1*256kB 0*512kB 0*1024kB
0*2048kB 0*4096kB = 8792kB
Swap cache: add 107141, delete 56933, find 4493/5856, race 0+0
Free swap  = 113440kB
Total swap = 488336kB
Free swap:   113440kB
327664 pages of RAM
98288 pages of HIGHMEM
4383 reserved pages
94253 pages shared
50208 pages swap cached
0 pages dirty
0 pages writeback
26114 pages mapped
163934 pages slab
874 pages pagetables
327664 pages of RAM
98288 pages of HIGHMEM
4383 reserved pages
94253 pages shared
50208 pages swap cached
0 pages dirty
0 pages writeback
26114 pages mapped
163934 pages slab
874 pages pagetables
audacious invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0
 [] out_of_memory+0x176/0x1d0
 [] __alloc_pages+0x286/0x2f0
 [] cache_alloc_refill+0x30e/0x5d0
 [] kmem_cache_alloc+0x57/0x60
 [] sock_alloc_inode+0x19/0x60
 [] alloc_inode+0x19/0x190
 [] fget_light+0x85/0xa0
 [] new_inode+0x16/0x90
 [] sock_alloc+0x14/0x70
 [] sys_accept+0x56/0x270
 [] do_notify_resume+0x402/0x750
 [] convert_fxsr_from_user+0x22/0xf0
 [] sys_socketcall+0xd1/0x280
 [] sysenter_past_esp+0x56/0x79
 ===
Mem-info:
DMA per-cpu:
CPU0: Hot: hi:0, btch:   1 usd:   0   Cold: hi:0, btch:   1 usd:   0
Normal per-cpu:
CPU0: Hot: hi:  186, btch:  31 usd:  31   Cold: hi:   62, btch:  15 usd:  58
HighMem per-cpu:
CPU0: Hot: hi:  186, btch:  31 usd:  66   Cold: hi:   62, btch:  15 usd:  14
Active:111494 inactive:36078 dirty:0 writeback:0 unstable:0 free:4018
slab:163934 mapped:26114 pagetables:874
DMA free:3560kB min:68kB low:84kB high:100kB active:396kB inactive:356kB
present:16256kB pages_scanned:1370 all_unreclaimable? yes
lowmem_reserve[]: 0 873 1254
Normal free:3720kB min:3744kB low:4680kB high:5616kB active:111420kB
inactive:108180kB present:894080kB pages_scanned:339127 all_unreclaimable? yes
lowmem_reserve[]: 0 0 3047
HighMem free:8792kB min:380kB low:788kB high:1196kB active:334160kB
inactive:35776kB present:390084kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA: 0*4kB 1*8kB 0*16kB 1*32kB 1*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB
0*4096kB = 3560kB
Normal: 0*4kB 5*8kB 0*16kB 1*32kB 1*64kB 0*128kB 0*256kB 1*512kB 1*1024kB
1*2048kB 0*4096kB = 3720kB
HighMem: 924*4kB 517*8kB 40*16kB 2*32kB 0*64kB 0*128kB 1*256kB 0*512kB 0*1024kB
0*2048kB 0*4096kB = 8792kB
Swap cache: add 107141, delete 56933, find 4493/5856, race 0+0
Free swap  = 113440kB
Total swap = 488336kB
Free swap

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

Re: 2.6.19-rc6-rt5

9 matches

Site Navigation

Mail list logo

Footer information