Create a new capability CAP_SIGNED which can be given to signed executables.
Signed-off-by: Vivek Goyal
---
include/uapi/linux/capability.h | 12 +++-
kernel/cred.c |7 +++
security/commoncap.c|2 ++
3 files changed, 20 insertions(+), 1
verification only if signature
are of certain type.
Signed-off-by: Vivek Goyal
---
security/integrity/digsig.c | 11 +++
security/integrity/evm/evm_main.c |4 +++-
security/integrity/ima/ima_appraise.c |7 +--
security/integrity/integrity.h| 14
On Tue, Aug 28, 2012 at 10:37:36AM -0700, Kent Overstreet wrote:
> Previously, if we ever try to allocate more than once from the same bio
> set while running under generic_make_request() (i.e. a stacking block
> driver), we risk deadlock.
>
> This is because of the code in generic_make_request()
On Tue, Aug 28, 2012 at 04:01:08PM -0700, Kent Overstreet wrote:
> On Tue, Aug 28, 2012 at 03:28:00PM -0700, Kent Overstreet wrote:
> > On Tue, Aug 28, 2012 at 01:49:10PM -0700, Tejun Heo wrote:
> > > Overall, I *think* this is correct but need to think more about it to
> > > be sure.
> >
> > Plea
On Tue, Aug 28, 2012 at 08:25:58PM -0700, Kent Overstreet wrote:
[..]
> Except that when thread a goes to punt those blocked bios to its
> rescuer, it punts _all_ the bios on current->bio_list. Even those
> generated by/belonging to other bio_sets.
>
> So thread 1 in device b punts bios to its re
On Wed, Aug 29, 2012 at 09:50:06AM -0700, Kent Overstreet wrote:
[..]
> > The problem is that majority of device mapper code assumes that if we
> > submit a bio, that bio will be finished in a finite time. The commit
> > d89d87965dcbe6fe4f96a2a7e8421b3a75f634d1 in 2.6.22 broke this assumption.
>
On Wed, Aug 29, 2012 at 10:13:45AM -0700, Kent Overstreet wrote:
[..]
> > Performance aside, punting submission to per device worker in case of deep
> > stack usage sounds cleaner solution to me.
>
> Agreed, but performance tends to matter in the real world. And either
> way the tricky bits are g
On Thu, Aug 30, 2012 at 06:43:59PM -0700, Kent Overstreet wrote:
> On Thu, Aug 30, 2012 at 06:07:45PM -0400, Vivek Goyal wrote:
> > On Wed, Aug 29, 2012 at 10:13:45AM -0700, Kent Overstreet wrote:
> >
> > [..]
> > > > Performance aside, punting submissio
irectly to call
> throtl_update_dispatch_stats.
>
> Cc: Tejun Heo
> Cc: Vivek Goyal
> Cc: Jens Axboe
> Signed-off-by: Tao Ma
> ---
Simple. Looks good.
Acked-by: Vivek Goyal
Vivek
> block/blk-throttle.c |7 +++
> 1 files changed, 3 insertions(+), 4 deletions(-)
>
On Fri, Aug 31, 2012 at 01:15:09PM +0800, Tao Ma wrote:
[..]
> diff --git a/block/blk-throttle.c b/block/blk-throttle.c
> index 1588c2d..9317d71 100644
> --- a/block/blk-throttle.c
> +++ b/block/blk-throttle.c
> @@ -46,6 +46,8 @@ struct tg_stats_cpu {
> struct blkg_rwstat servic
On Mon, Sep 03, 2012 at 10:49:27AM +1000, Dave Chinner wrote:
> On Thu, Aug 30, 2012 at 06:07:45PM -0400, Vivek Goyal wrote:
> > On Wed, Aug 29, 2012 at 10:13:45AM -0700, Kent Overstreet wrote:
> >
> > [..]
> > > > Performance aside, punting submissio
On Tue, Sep 04, 2012 at 10:12:49PM +0800, Tao Ma wrote:
> On 09/04/2012 09:35 PM, Vivek Goyal wrote:
> > On Fri, Aug 31, 2012 at 01:15:09PM +0800, Tao Ma wrote:
> >
> > [..]
> >> diff --git a/block/blk-throttle.c b/block/blk-throttle.c
> >> index 1588c
On Tue, Sep 04, 2012 at 10:12:49PM +0800, Tao Ma wrote:
> On 09/04/2012 09:35 PM, Vivek Goyal wrote:
> > On Fri, Aug 31, 2012 at 01:15:09PM +0800, Tao Ma wrote:
> >
> > [..]
> >> diff --git a/block/blk-throttle.c b/block/blk-throttle.c
> >> index 1588c
On Fri, Aug 31, 2012 at 07:13:48PM -0700, Tejun Heo wrote:
> Hello, Vivek.
>
> On Thu, Aug 30, 2012 at 06:07:45PM -0400, Vivek Goyal wrote:
> > Here is one quick and dirty proof of concept patch. It checks for stack
> > depth and if remaining space is less than 20% o
On Tue, Sep 04, 2012 at 03:26:19PM -0400, Mikulas Patocka wrote:
[..]
> BTW. can these new-style timerless plugs introduce deadlocks too? What
> happens when some bios are indefinitely delayed because their requests are
> held in a plug and a mempool runs out?
I think they will not deadlock bec
On Mon, Sep 10, 2012 at 04:06:54PM -0700, Tejun Heo wrote:
> Hello, again.
>
> cc'ing Kent and Vivek. The original thread is at
>
> http://thread.gmane.org/gmane.linux.network.drbd.devel/2130
>
> On Mon, Sep 10, 2012 at 03:54:42PM -0700, Tejun Heo wrote:
> > > We can possibly work around that
On Tue, Sep 11, 2012 at 10:25:01AM +0200, Lars Ellenberg wrote:
[..]
> "To enforce write-after-write dependencies, you *have* to drain the
> queue (do we have a generic interface available for that?),
> or at least wait for the completion of all the requests you
> (potentially) depend upon, before
On Tue, Sep 11, 2012 at 07:32:35PM +0900, Takao Indoh wrote:
[..]
> I'll post new patch which clears bus master bit and resets devices in
> second kernel.
>
> As to the boot parameter to enable this function, you suggested using
> reset_devices. I found that on a certain platform resetting device
ter on.
>
> (I tried to document what's broken and how it should be fixed. If I
> got something wrong, please let me know.)
>
> Signed-off-by: Tejun Heo
> Cc: Michal Hocko
> Cc: Li Zefan
> Cc: Glauber Costa
> Cc: Peter Zijlstra
> Cc: Paul Turner
> Cc: Jo
On Tue, Sep 11, 2012 at 10:51:06AM -0400, Vivek Goyal wrote:
> On Mon, Sep 10, 2012 at 03:31:25PM -0700, Tejun Heo wrote:
> > Currently, cgroup hierarchy support is a mess. cpu related subsystems
> > behave correctly - configuration, accounting and control on a parent
> &g
On Tue, Sep 11, 2012 at 10:16:01AM -0700, Tejun Heo wrote:
> Hello, Vivek.
>
> On Tue, Sep 11, 2012 at 10:51:06AM -0400, Vivek Goyal wrote:
> > > * Move users away from using hierarchy on currently non-hierarchical
> > > subsystems, so that implementing proper
On Tue, Sep 11, 2012 at 10:55:15AM -0700, Tejun Heo wrote:
> Hello, Vivek.
>
> On Tue, Sep 11, 2012 at 01:35:25PM -0400, Vivek Goyal wrote:
> > It is kind of strange. First kernel allows creation of hiearchy for
> > non-hierarchical controllers and it also gives warning for
On Tue, Sep 11, 2012 at 11:22:10AM -0700, Tejun Heo wrote:
[..]
> > The point I am trying to make is that deep hierarchies (5-6 levels) are
> > /going to be a reality and if accounting overhead is not manageable then
> > enabling hierarchy by default might not be a practical solution even
> > if y
On Mon, Sep 10, 2012 at 05:22:12PM -0700, Kent Overstreet wrote:
> This adds a pointer to the bvec array to struct bio_integrity_payload,
> instead of the bvecs always being inline; then the bvecs are allocated
> with bvec_alloc_bs().
If you starting allocating bvec from same mempool for bio and
On Wed, Sep 12, 2012 at 10:09:33AM -0700, Tejun Heo wrote:
[..]
> Yeah, it's mostly that cfq was already a hairy monster before blkcg
> was added to it and unfortunately we didn't make it any cleaner in the
> process and blkcg itself has a lot of other issues including being
> completely broken w.
On Thu, Sep 13, 2012 at 03:06:13PM -0700, Tejun Heo wrote:
> Hey, Vivek.
>
> (cc'ing Rakesh and Chad who work on iosched in google).
>
> On Thu, Sep 13, 2012 at 10:53:41AM -0400, Vivek Goyal wrote:
> > Biggest problem with blkcg CFQ implementation is idling on cgrou
On Fri, Sep 14, 2012 at 12:20:42PM +0400, Glauber Costa wrote:
> On 09/14/2012 06:53 AM, Vivek Goyal wrote:
> > On Thu, Sep 13, 2012 at 03:06:13PM -0700, Tejun Heo wrote:
> >> Hey, Vivek.
> >>
> >> (cc'ing Rakesh and Chad who work on iosched in google).
>
On Fri, Sep 14, 2012 at 10:10:32AM +0100, Daniel P. Berrange wrote:
[..]
> > 6. Multiple hierarchies
> >
> > Apart from the apparent whness of it (I think I talked about
> > that enough the last time[1]), there's a basic problem when more
> > than one controllers interact - it's imp
On Thu, Sep 13, 2012 at 01:58:27PM -0700, Tejun Heo wrote:
[..]
> * blkio is the most problematic. It has two sub-controllers - cfq
> and blk-throttle. Both are utterly broken in terms of hierarchy
> support and the former is known to have pretty hairy code base. I
> don't see any
On Fri, Sep 14, 2012 at 04:53:29PM +0200, Peter Zijlstra wrote:
> On Fri, 2012-09-14 at 10:25 -0400, Vivek Goyal wrote:
> > So while % model is more intutive to users, it is hard to implement.
>
> I don't agree with that. The fixed quota thing is counter-intuitive and
> har
On Wed, Sep 12, 2012 at 06:00:55PM +0900, Takao Indoh wrote:
> (2012/09/11 23:43), Vivek Goyal wrote:
> >On Tue, Sep 11, 2012 at 07:32:35PM +0900, Takao Indoh wrote:
> >
> >[..]
> >>I'll post new patch which clears bus master bit and resets devices in
> &g
On Thu, Sep 13, 2012 at 01:58:27PM -0700, Tejun Heo wrote:
[..]
> 6. Multiple hierarchies
>
> Apart from the apparent whness of it (I think I talked about
> that enough the last time[1]), there's a basic problem when more
> than one controllers interact - it's impossible to define a
On Fri, Sep 14, 2012 at 11:53:24AM -0700, Tejun Heo wrote:
[..]
> In addition, for some resources, granularity beyond certain point
> simply doesn't work. Per-service granularity might make sense for cpu
> but applying it by default would be silly for blkio.
Hmm.., In that case how libvirt will
On Thu, Jan 31, 2008 at 08:10:49AM +0530, Srivatsa Vaddagiri wrote:
> Hi,
> As we were implementing multiple-hierarchy support for CPU
> controller, we hit some oddities in its implementation, partly related
> to current cgroups implementation. Peter and I have been debating on the
> exact s
On Mon, Feb 04, 2008 at 09:41:11PM +0530, Sachin P. Sant wrote:
> While trying to configure kdump with 2.6.24-rc8-mm1 [ on a x86-64 box ]
> i ran into this problem. Here is the snippet from dmesg during the
> failure. [ dmesg log attached ]
>
> early_ioremap(040e, 0002) => -0210
On Mon, Oct 01, 2012 at 04:50:37PM -0400, Jeff Moyer wrote:
> Vivek Goyal writes:
>
> > Also at places I have got rid of keyword "serving" as it is obivious.
>
> I don't agree with getting rid of serving. After your patch, it looks
> as though a cfqd has a
On Mon, Oct 01, 2012 at 04:52:13PM -0400, Jeff Moyer wrote:
> Vivek Goyal writes:
>
> > At quite a few places we use the keyword "service_tree" and I feel that
> > names in CFQ are already very long and they need to be shortened a bit
> > where appropriate.
On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
[..]
> Here's the new patch:
>
>
> commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> Author: Kent Overstreet
> Date: Mon Oct 1 14:41:08 2012 -0700
>
> block: Fix a buffer overrun in bio_integrity_split()
>
> bio_in
On Mon, Sep 24, 2012 at 03:34:42PM -0700, Kent Overstreet wrote:
> This adds a pointer to the bvec array to struct bio_integrity_payload,
> instead of the bvecs always being inline; then the bvecs are allocated
> with bvec_alloc_bs().
Ok, you are introducing bio_vec pointer in this patch. May be w
On Mon, Sep 24, 2012 at 03:34:42PM -0700, Kent Overstreet wrote:
[..]
> /**
> * bio_integrity_alloc - Allocate integrity payload and attach it to bio
> * @bio: bio to attach integrity metadata to
> @@ -84,37 +47,39 @@ struct bio_integrity_payload *bio_integrity_alloc(struct
> bio *bio,
>
On Mon, Sep 24, 2012 at 03:34:46PM -0700, Kent Overstreet wrote:
[..]
> diff --git a/include/linux/bio.h b/include/linux/bio.h
> index 4e32be1..d985e90 100644
> --- a/include/linux/bio.h
> +++ b/include/linux/bio.h
> @@ -67,6 +67,7 @@
> #define bio_offset(bio) bio_iovec((bio))->bv_of
On Mon, Sep 24, 2012 at 03:34:44PM -0700, Kent Overstreet wrote:
> Converts it to use bio_advance(), simplifying it quite a bit in the
> process.
>
> Note that req_bio_endio() now always calls bio_advance() - which means
> it always loops over the biovec, not just on partial completions. Don't
> e
On Mon, Sep 24, 2012 at 03:34:49PM -0700, Kent Overstreet wrote:
[..]
> diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
> index 95e52879..24e5cef 100644
> --- a/drivers/block/floppy.c
> +++ b/drivers/block/floppy.c
> @@ -3778,7 +3778,6 @@ static int __floppy_read_block_0(struct block_
On Mon, Sep 24, 2012 at 03:34:51PM -0700, Kent Overstreet wrote:
> Random cleanup - this code was duplicated and it's not really specific
> to md.
>
> Also added the ability to return the actual error code.
Who is going to make use of actual error code and why checking
BIO_UPTODATE is not suffici
On Tue, Oct 02, 2012 at 12:37:44PM -0700, Andi Kleen wrote:
> Takao Indoh writes:
>
> > These patches reset PCIe devices at boot time to address DMA problem on
> > kdump with iommu. When "reset_devices" is specified, a hot reset is
> > triggered on each PCIe root port and downstream port to reset
On Mon, Sep 24, 2012 at 03:34:44PM -0700, Kent Overstreet wrote:
> Converts it to use bio_advance(), simplifying it quite a bit in the
> process.
>
> Note that req_bio_endio() now always calls bio_advance() - which means
> it always loops over the biovec, not just on partial completions. Don't
> e
On Tue, Oct 02, 2012 at 01:10:14PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 02:43:59PM -0400, Vivek Goyal wrote:
> > On Mon, Sep 24, 2012 at 03:34:44PM -0700, Kent Overstreet wrote:
> > > Converts it to use bio_advance(), simplifying it quite a bit in
On Tue, Oct 02, 2012 at 01:11:05PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 03:41:32PM -0400, Vivek Goyal wrote:
> > On Mon, Sep 24, 2012 at 03:34:51PM -0700, Kent Overstreet wrote:
> > > Random cleanup - this code was duplicated and it's not real
On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> >
> > [..]
> > > Here's the ne
On Tue, Oct 02, 2012 at 02:01:43PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 04:32:53PM -0400, Vivek Goyal wrote:
> > On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> > > On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > > &
On Tue, Oct 02, 2012 at 02:00:06PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 11:37:37AM -0400, Vivek Goyal wrote:
> > On Mon, Sep 24, 2012 at 03:34:42PM -0700, Kent Overstreet wrote:
> >
> > [..]
> > > /**
> > > * bio_integrity_alloc - Allo
On Tue, Oct 02, 2012 at 01:52:50PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 11:12:02AM -0400, Vivek Goyal wrote:
> > On Mon, Sep 24, 2012 at 03:34:42PM -0700, Kent Overstreet wrote:
> > > This adds a pointer to the bvec array to struct bio_integrity_payload,
&g
On Wed, Oct 03, 2012 at 09:54:29AM +0900, Tejun Heo wrote:
[..]
> > - return cfqg->service_trees[wl][ASYNC_WORKLOAD].count
> > - + cfqg->service_trees[wl][SYNC_NOIDLE_WORKLOAD].count
> > - + cfqg->service_trees[wl][SYNC_WORKLOAD].count;
> > + return cfqg->service_trees[wl_c
on
top of this series.
I have taken care of comments from last posting and also included
the ACKs.
Thanks
Vivek
Vivek Goyal (6):
cfq-iosched: Properly name all references to IO class
cfq-iosched: More renaming to better represent wl_class and wl_type
cfq-iosched: Rename "service_tre
Use of local varibale "n" seems to be unnecessary. Remove it. This brings
it inline with function __cfq_group_st_add(), which is also doing the
similar operation of adding a group to a rb tree.
No functionality change here.
Signed-off-by: Vivek Goyal
Acked-by: Jeff Moyer
---
ference to RT, BE and IDLE workload are done using keyword
"class" and all references to subclass, SYNC, SYNC-IDLE, ASYNC are made
using keyword "type".
This makes me feel much better while I am reading the code. There is no
functionality change due to this patch.
Signed-off-b
in, just trying to improve upon code uniformity and improve
readability. No functional change.
v2:
- Restored the usage of keyword "service" based on Jeff Moyer's feedback.
Signed-off-by: Vivek Goyal
---
block/cfq-iosched.c | 64 ++-
Reverted most of the service tree name change based on Jeff Moyer's feedback.
Signed-off-by: Vivek Goyal
---
block/cfq-iosched.c | 77 ---
1 files changed, 36 insertions(+), 41 deletions(-)
diff --git a/block/cfq-iosched.c b/block/cfq-iosch
renaming. No functionality change.
Signed-off-by: Vivek Goyal
Acked-by: Jeff Moyer
---
block/cfq-iosched.c |9 +
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 1d45eea..6e6e00f 100644
--- a/block/cfq-iosched.c
+++ b/block
t; sync queus
cfq1234SN --> sync noidle queue
cfq1234A --> Async queue
Previously S/A classification was being printed only if group scheduling
was enabled. This patch also makes sure that this classification is
displayed even if group idling is disabled.
Signed-off-by: Vivek Goyal
Acked-b
On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:
> Matthew Garrett writes:
>
> > On Tue, Oct 23, 2012 at 10:59:20AM -0400, Vivek Goyal wrote:
> >
> >> But what about creation of a new program which can call kexec_load()
> >> and execute a
On Tue, Oct 23, 2012 at 09:19:27AM -0700, Eric W. Biederman wrote:
> Vivek Goyal writes:
>
> > On Tue, Oct 23, 2012 at 09:18:54AM -0400, Vivek Goyal wrote:
> >
> > [..]
> >> > >> There are 3 options for trusting /sbin/kexec. There are IMA and EMA,
&
On Thu, Oct 25, 2012 at 01:43:59AM -0400, Mimi Zohar wrote:
> On Wed, 2012-10-24 at 13:19 -0400, Vivek Goyal wrote:
> > On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:
> > > Matthew Garrett writes:
> > >
> > > > On Tue, Oct 23, 2012
On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote:
[..]
> IMA-appraisal verifies the integrity of file data, while EVM verifies
> the integrity of the file metadata, such as LSM and IMA-appraisal
> labels. Both 'security.ima' and 'security.evm' can contain digital
> signatures.
But the
On Tue, Oct 23, 2012 at 04:41:24PM +0100, Matthew Garrett wrote:
> On Tue, Oct 23, 2012 at 10:59:20AM -0400, Vivek Goyal wrote:
>
> > But what about creation of a new program which can call kexec_load()
> > and execute an unsigned kernel. Doesn't look like that will be
On Thu, Oct 25, 2012 at 02:40:21PM -0400, Mimi Zohar wrote:
> On Thu, 2012-10-25 at 10:10 -0400, Vivek Goyal wrote:
> > On Thu, Oct 25, 2012 at 02:10:01AM -0400, Mimi Zohar wrote:
> >
> > [..]
> > > IMA-appraisal verifies the integrity of file data, while EVM verif
On Tue, Oct 30, 2012 at 09:22:45PM -0700, Tejun Heo wrote:
> All ->pre_destory() implementations return 0 now, which is the only
> allowed return value. Make it return void.
>
> Signed-off-by: Tejun Heo
> Cc: Michal Hocko
> Cc: Balbir Singh
> Cc: KAMEZAWA Hir
On Wed, Oct 31, 2012 at 10:51:55PM +0900, Mitsuhiro Tanino wrote:
> Hi Vivek,
>
> (2012/10/30 23:37), Vivek Goyal wrote:
> > Why to introduce this option "-p"? Until and unless there are serious
> > side effects, this should be default functionality. Isn't
On Fri, Oct 26, 2012 at 02:37:29PM -0400, Mimi Zohar wrote:
> On Fri, 2012-10-26 at 13:06 -0400, Vivek Goyal wrote:
> > On Fri, Oct 26, 2012 at 03:39:16AM +0100, Matthew Garrett wrote:
> > > On Thu, Oct 25, 2012 at 09:15:58PM -0400, Mimi Zohar wrote:
> > >
> > >
On Thu, Nov 01, 2012 at 09:10:03AM -0400, Vivek Goyal wrote:
[..]
> >
> > > - So say we can sign /sbin/kexec at build time and distros can do that.
> > > - Verify the signature at exec time using kernel keyring and if
> > > verification happens successfully, s
On Thu, Nov 01, 2012 at 10:29:19AM -0400, Mimi Zohar wrote:
> On Thu, 2012-11-01 at 09:53 -0400, Vivek Goyal wrote:
> > On Thu, Nov 01, 2012 at 09:10:03AM -0400, Vivek Goyal wrote:
> >
> > [..]
> > > >
> > > > > - So say we can sign /sbin/kexec
On Thu, Nov 01, 2012 at 10:29:19AM -0400, Mimi Zohar wrote:
> On Thu, 2012-11-01 at 09:53 -0400, Vivek Goyal wrote:
> > On Thu, Nov 01, 2012 at 09:10:03AM -0400, Vivek Goyal wrote:
> >
> > [..]
> > > >
> > > > > - So say we can sign /sbin/kexec
On Thu, Nov 01, 2012 at 02:52:25PM +, Matthew Garrett wrote:
> On Thu, Nov 01, 2012 at 10:43:04AM -0400, Vivek Goyal wrote:
>
> > So I think this does satisfy the requirement matthew specified. Isn't it?
> > Matthew, what do you think?
>
> Sure, if you can ensur
On Fri, Nov 02, 2012 at 07:59:15PM +0530, Balbir Singh wrote:
> On Fri, Nov 2, 2012 at 6:53 PM, Vivek Goyal wrote:
> > On Thu, Nov 01, 2012 at 02:52:25PM +, Matthew Garrett wrote:
> >> On Thu, Nov 01, 2012 at 10:43:04AM -0400, Vivek Goyal wrote:
> >>
> >>
On Thu, Nov 01, 2012 at 10:29:17AM -0400, Eric Paris wrote:
> On Thu, Nov 1, 2012 at 5:59 AM, James Bottomley
> wrote:
>
> > But that doesn't really help me: untrusted root is an oxymoron.
>
> Imagine you run windows and you've never heard of Linux. You like
> that only windows kernels can boot
On Wed, Oct 31, 2012 at 03:02:01PM +, Matthew Garrett wrote:
> On Wed, Oct 31, 2012 at 03:50:00PM +0100, Jiri Kosina wrote:
>
> > Reading stored memory image (potentially tampered before reboot) from disk
> > is basically DMA-ing arbitrary data over the whole RAM. I am currently not
> > able
On Thu, Nov 01, 2012 at 03:02:25PM -0600, Chris Friesen wrote:
> On 11/01/2012 02:27 PM, Pavel Machek wrote:
>
> >Could someone write down exact requirements for Linux kernel to be signed by
> >Microsoft?
> >Because thats apparently what you want, and I don't think crippling
> >kexec/suspend is
On Fri, Nov 02, 2012 at 03:42:48PM +, Matthew Garrett wrote:
> On Fri, Nov 02, 2012 at 11:30:48AM -0400, Vivek Goyal wrote:
>
> > "crash" utility has module which allows reading kernel memory. So leaking
> > this private key will be easier then you are thinki
On Fri, Nov 02, 2012 at 10:54:50AM -0600, Chris Friesen wrote:
> On 11/02/2012 09:48 AM, Vivek Goyal wrote:
> >On Thu, Nov 01, 2012 at 03:02:25PM -0600, Chris Friesen wrote:
>
> >>With secure boot enabled, then the kernel should refuse to let an
> >>unsigned ke
On Thu, Nov 01, 2012 at 01:50:08PM -0400, Eric Paris wrote:
[..]
> I've talked with and
> worked with a public cloud operator who wants to prevent even a
> malicious root user from being able to run code in ring 0 inside their
> VM. The hope in that case was that in doing so they can indirectly
>
On Fri, Nov 02, 2012 at 05:22:41PM +0100, Jiri Kosina wrote:
> On Fri, 2 Nov 2012, Vivek Goyal wrote:
>
> > > > "crash" utility has module which allows reading kernel memory. So
> > > > leaking
> > > > this private key will be easier the
> So this patch adds a new interface named blkio.throttle.io_submitted which
> exposes the number of bios that have been sent into blk-throttle therefore the
> user could calculate the difference from throttle.io_serviced to see how many
> IOs are currently throttled.
>
> Cc:
On Fri, Nov 02, 2012 at 05:31:36PM +0800, Robin Dong wrote:
> From: Robin Dong
>
> We don't need to convert tg to blkg and then convert it back in
> throtl_update_dispatch_stats().
>
> Signed-off-by: Robin Dong
> ---
Looks good to me.
Acked-by: Vivek Goyal
Vive
On Mon, Nov 05, 2012 at 04:33:35PM +0100, Jiri Kosina wrote:
> On Mon, 5 Nov 2012, Herton Ronaldo Krzesinski wrote:
>
> > > Fengguang, does the patch below make any difference for you please?
> > >
> > > Thanks.
> >
> > Yes, I saw the same thing here, destroy_workqueue should be done before
> >
On Fri, Nov 02, 2012 at 02:32:48PM -0700, Eric W. Biederman wrote:
> Vivek Goyal writes:
>
> > On Thu, Nov 01, 2012 at 02:52:25PM +, Matthew Garrett wrote:
> >> On Thu, Nov 01, 2012 at 10:43:04AM -0400, Vivek Goyal wrote:
> >>
> >> > So I think
On Mon, Nov 05, 2012 at 09:37:18AM -0600, Chris Friesen wrote:
> On 11/05/2012 09:31 AM, Jiri Kosina wrote:
>
> >I had a naive idea of just putting in-kernel verification of a complete
> >ELF binary passed to kernel by userspace, and if the signature matches,
> >jumping to it.
> >Would work for el
On Mon, Nov 05, 2012 at 11:44:48AM -0800, Eric W. Biederman wrote:
> Vivek Goyal writes:
>
> > On Fri, Nov 02, 2012 at 02:32:48PM -0700, Eric W. Biederman wrote:
> >>
> >> It needs to be checked but /sbin/kexec should not use any functions that
> >> trig
uch users, we need a
> different solution.
>
> Signed-off-by: Tejun Heo
> Reported-by: Joseph Glanville
> Cc: Vivek Goyal
> Cc: sta...@vger.kernel.org
> ---
> Jens, while these are fixes, I think it isn't extremely urgent and
> routing these through 3.7-rc1 should be e
doesn't include BYPASS even though the
> initial bypass is still in effect.
>
> In blk_init_allocated_queue(), or QUEUE_FLAG_DEFAULT to q->queue_flags
> instead of overwriting.
>
> Signed-off-by: Tejun Heo
> Cc: Vivek Goyal
> Cc: sta...@vger.kernel.org
Acked-by:
On Fri, Oct 26, 2012 at 03:39:16AM +0100, Matthew Garrett wrote:
> On Thu, Oct 25, 2012 at 09:15:58PM -0400, Mimi Zohar wrote:
>
> > On a running system, the package installer, after verifying the package
> > integrity, would install each file with the associated 'security.ima'
> > extended attrib
On Fri, Oct 26, 2012 at 12:47:48PM +0800, Robin Dong wrote:
[..]
> @@ -1084,6 +1114,16 @@ static struct cftype throtl_files[] = {
> .private = offsetof(struct tg_stats_cpu, serviced),
> .read_seq_string = tg_print_cpu_rwstat,
> },
> + {
> + .name =
On Thu, Oct 25, 2012 at 06:41:11PM +0900, Jun'ichi Nomura wrote:
> [PATCH] dm: stay in blk_queue_bypass until queue becomes initialized
>
> With 749fefe677 ("block: lift the initial queue bypass mode on
> blk_register_queue() instead of blk_init_allocated_queue()"),
> add_disk() eventually calls b
On Mon, Oct 29, 2012 at 07:15:08PM +0900, Jun'ichi Nomura wrote:
> On 10/27/12 05:21, Vivek Goyal wrote:
> > On Thu, Oct 25, 2012 at 06:41:11PM +0900, Jun'ichi Nomura wrote:
> >> [PATCH] dm: stay in blk_queue_bypass until queue becomes initialized
> >>
&
On Mon, Oct 29, 2012 at 05:45:15PM +0100, Peter Zijlstra wrote:
> On Mon, 2012-10-29 at 12:38 -0400, Vivek Goyal wrote:
> > Ok, so the question is what's wrong with calling synchronize_rcu() inside
> > a mutex with CONFIG_PREEMPT=y. I don't know. Ccing paul mckenney
[] ctl_ioctl+0x1d6/0x236 [dm_mod]
>[] ? table_clear+0xaa/0xaa [dm_mod]
>[] dm_ctl_ioctl+0x13/0x17 [dm_mod]
>[] do_vfs_ioctl+0x3fb/0x441
>[] ? file_has_perm+0x8a/0x99
>[] sys_ioctl+0x5e/0x82
> [] ? trace_hardirqs_on_thunk+0x3a/0x3f
>[] system_
On Tue, Oct 30, 2012 at 11:06:43PM +0900, Mitsuhiro Tanino wrote:
[..]
> These patches introduce a new "-p" option into "makedumpfile" to
> exclude hwpoison page from vmcore.
Why to introduce this option "-p"? Until and unless there are serious
side effects, this should be default functionality.
On Mon, Jul 08, 2013 at 11:28:39AM +0200, Michael Holzheu wrote:
> On Mon, 08 Jul 2013 14:32:09 +0900
> HATAYAMA Daisuke wrote:
>
> > (2013/07/02 4:32), Michael Holzheu wrote:
> > > For zfcpdump we can't map the HSA storage because it is only available
> > > via a read interface. Therefore, for t
On Mon, Jul 08, 2013 at 10:00:47AM -0700, Tejun Heo wrote:
> (cc'ing Vivek and Jens)
>
> Hello,
>
> On Mon, Jul 08, 2013 at 02:01:39PM +0400, Konstantin Khlebnikov wrote:
> > This is proof of concept, just basic functionality for IO controller.
> > This cgroup will control filesystem usage on vfs
On Mon, Jul 08, 2013 at 02:01:39PM +0400, Konstantin Khlebnikov wrote:
> RESEND: fix CC
>
> This is proof of concept, just basic functionality for IO controller.
> This cgroup will control filesystem usage on vfs layer, it's main goal is
> bandwidth control. It's supposed to be much more lightweig
On Tue, Jul 09, 2013 at 06:45:58AM -0700, Tejun Heo wrote:
> On Tue, Jul 09, 2013 at 05:43:10PM +0400, Konstantin Khlebnikov wrote:
> > My concept it cgroup which would control io operation on vfs layer
> > for all filesystems. It will account and manage IO operations. I've
> > found really lightw
101 - 200 of 2045 matches
Mail list logo
