Thursday, December 17, 2009

linux.kernel - 25 new messages in 15 topics - digest

linux.kernel
http://groups.google.com/group/linux.kernel?hl=en

linux.kernel@googlegroups.com

Today's topics:

* Security: Add prctl(PR_{GET,SET}_NETWORK) interface. - 4 messages, 2 authors
http://groups.google.com/group/linux.kernel/t/a960a1b4696443c0?hl=en
* e100 REGRESSION in 2.6.32 (PATCH v2) - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/9ff8ff31b48f75a1?hl=en
* tracing: gcc for x86 calling mcount with -fomit-frame-pointer - 1 messages,
1 author
http://groups.google.com/group/linux.kernel/t/92e289eb33004f02?hl=en
* Introduce register_user_hbp_by_pid() and unregister_user_hbp_by_pid() - 1
messages, 1 author
http://groups.google.com/group/linux.kernel/t/197d4e49668b93ac?hl=en
* omap build fixes - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/1f7247377100c84f?hl=en
* Enable user-space breakpoint requests using PID - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/cf97a07f8969d0be?hl=en
* drm: random hang since 620f378 "drm: prune modes when ..." - 2 messages, 2
authors
http://groups.google.com/group/linux.kernel/t/d582be66e5a0785a?hl=en
* xfs and block fixes for virtually indexed arches - 5 messages, 3 authors
http://groups.google.com/group/linux.kernel/t/f6cf95c5b7d8e318?hl=en
* [PATCH 1/2] Wrong ADT7462_VOLT_COUNT for linux-2.6.30 adt7462 hwmon driver -
1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/7a1d6ad661241e51?hl=en
* Crypto: Talitos: Support for Async_tx XOR offload - 2 messages, 2 authors
http://groups.google.com/group/linux.kernel/t/8032eb3dcb84d048?hl=en
* ext4: return correct wbc.nr_to_write in ext4_da_writepages - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/b1b71ffd35cdb9d3?hl=en
* linux-next: Tree for December 17 (pci/quirks) - 2 messages, 1 author
http://groups.google.com/group/linux.kernel/t/1fd9bec043d44ee2?hl=en
* x86/apic: check global clockevent in lapic timer setup - 1 messages, 1
author
http://groups.google.com/group/linux.kernel/t/cfb9d293e3cc671c?hl=en
* [RFC][PATCH 0/11] mm accessor updates. - 1 messages, 1 author
http://groups.google.com/group/linux.kernel/t/cdcb6aebedcd9a6d?hl=en
* sh: fix DMA driver's descriptor chaining and cookie assignment - 1 messages,
1 author
http://groups.google.com/group/linux.kernel/t/5d16dd49bd7e1022?hl=en

==============================================================================
TOPIC: Security: Add prctl(PR_{GET,SET}_NETWORK) interface.
http://groups.google.com/group/linux.kernel/t/a960a1b4696443c0?hl=en
==============================================================================

== 1 of 4 ==
Date: Thurs, Dec 17 2009 9:20 am
From: Andi Kleen


> This is not very good because in some situations it is useful to disable
> connect() and bind() while still allowing ptracing of other processes. For
> example, Plash creates a new UID for each sandbox and it is possible to use
> strace and gdb inside a sandbox. Currently Plash is not able to block
> network access or allow only limited network access. If you treat ptrace()
> this way we won't have the ability to use strace and gdb while limiting
> network access.

No that's not what the hunk does. I first thought the same. But it actually
just limits these processes from initiating ptracing themselves. You can still
attach gdb/strace to them.

Now I'm not sure if that's closing all holes, but at least I can't come
up with any obvious ones currently. I think I would still prefer a more
general security container in general.

-Andi
--
ak@linux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


== 2 of 4 ==
Date: Thurs, Dec 17 2009 9:30 am
From: Randy Dunlap


On Wed, 16 Dec 2009 10:32:43 -0500 Michael Stone wrote:


> ---
> include/linux/prctl.h | 7 +++++++
> include/linux/prctl_network.h | 7 +++++++
> include/linux/sched.h | 2 ++
> kernel/Makefile | 2 +-
> kernel/prctl_network.c | 37 +++++++++++++++++++++++++++++++++++++
> kernel/sys.c | 7 +++++++
> 6 files changed, 61 insertions(+), 1 deletions(-)
> create mode 100644 include/linux/prctl_network.h
> create mode 100644 kernel/prctl_network.c
>

> diff --git a/kernel/prctl_network.c b/kernel/prctl_network.c
> new file mode 100644
> index 0000000..d173716
> --- /dev/null
> +++ b/kernel/prctl_network.c
> @@ -0,0 +1,37 @@
> +/*
> + * linux/kernel/prctl_network.c
> + *
> + * Copyright 2009 Michael Stone <michael@laptop.org>
> + *
> + * Turn off a process's ability to access new networks.
> + * See Documentation/prctl_network.txt for details.
> + */

Where is Documentation/prctl_network.txt ?
and it should probably be Documentation/prctl/network.txt .

thanks,
---
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


== 3 of 4 ==
Date: Thurs, Dec 17 2009 9:30 am
From: Randy Dunlap


On Thu, 17 Dec 2009 09:23:26 -0800 Randy Dunlap wrote:

> On Wed, 16 Dec 2009 10:32:43 -0500 Michael Stone wrote:
>
>
> > ---
> > include/linux/prctl.h | 7 +++++++
> > include/linux/prctl_network.h | 7 +++++++
> > include/linux/sched.h | 2 ++
> > kernel/Makefile | 2 +-
> > kernel/prctl_network.c | 37 +++++++++++++++++++++++++++++++++++++
> > kernel/sys.c | 7 +++++++
> > 6 files changed, 61 insertions(+), 1 deletions(-)
> > create mode 100644 include/linux/prctl_network.h
> > create mode 100644 kernel/prctl_network.c
> >
>
> > diff --git a/kernel/prctl_network.c b/kernel/prctl_network.c
> > new file mode 100644
> > index 0000000..d173716
> > --- /dev/null
> > +++ b/kernel/prctl_network.c
> > @@ -0,0 +1,37 @@
> > +/*
> > + * linux/kernel/prctl_network.c
> > + *
> > + * Copyright 2009 Michael Stone <michael@laptop.org>
> > + *
> > + * Turn off a process's ability to access new networks.
> > + * See Documentation/prctl_network.txt for details.
> > + */
>
> Where is Documentation/prctl_network.txt ?
> and it should probably be Documentation/prctl/network.txt .

gag, I see it. Sorry about that.
I think that the file name still needs to be changed.

---
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


== 4 of 4 ==
Date: Thurs, Dec 17 2009 10:00 am
From: Andi Kleen


> Solve that with an unused uid. That ptrace_may_access check is
> completely non-intuitive, and a problem if we ever remove the current
> == task security module bug avoidance.

I thought he wanted to do that without suid?

If he can change uids he can as well just use full network namespaces.

-Andi

--
ak@linux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

==============================================================================
TOPIC: e100 REGRESSION in 2.6.32 (PATCH v2)
http://groups.google.com/group/linux.kernel/t/9ff8ff31b48f75a1?hl=en
==============================================================================

== 1 of 1 ==
Date: Thurs, Dec 17 2009 9:30 am
From: "Brandeburg, Jesse"

On Thu, 17 Dec 2009, Roger Oksanen wrote:
> e100: Fix broken cbs accounting due to missing memset.
>
> Alan Stern noticed that e100 caused slab corruption.
> commit 98468efddb101f8a29af974101c17ba513b07be1 changed
> the allocation of cbs to use dma pools that don't return zeroed memory,
> especially the cb->status field used to track which cb to clean, causing
> (the visible) double freeing of skbs and a wrong free cbs count.
>
> Now the cbs are explicitly zeroed at allocation time.
>
> Reported-by: Alan Stern <stern@rowland.harvard.edu>
> Tested-by: Alan Stern <stern@rowland.harvard.edu>
> Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>

Change looks reasonable, ACK.

should we also consider a followon patch to zero memory allocated with
pci_pools? Seems useful.

Acked-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

==============================================================================
TOPIC: tracing: gcc for x86 calling mcount with -fomit-frame-pointer
http://groups.google.com/group/linux.kernel/t/92e289eb33004f02?hl=en
==============================================================================

== 1 of 1 ==
Date: Thurs, Dec 17 2009 9:30 am
From: John Reiser


On x86 and x86_64, current "gcc -pg -fomit-frame-pointer" is not allowed.
This experimental patch against:
http://mirrors.kernel.org/fedora/releases/12/Fedora/source/SRPMS/gcc-4.4.2-7.fc12.src.rpm
allows such a combination, via the command line options:
gcc --profile-before-prolog -fomit-frame-pointer
This turns on profiling (as if -pg), moves the "call mcount" to be the
very first instruction of a profiled routine, and omits the frame pointer
(unless some condition other than profiling requires a frame pointer.)
Placing the "call mcount" first, before any other code, has some advantages.
For instance, a postprocessor easily can modify a CALL whose destination
is known, to skip past the "call mcount" at the entry point.

The current glibc implementation of mcount relies on a frame pointer.
At least one recent change to Linux kernel traceback for tracing also relies
on a frame pointer. So still there are conflicts, but they are different.

diff --git a/gcc/c-opts.c b/gcc/c-opts.c
index 28bdc31..aa8df9e 100644
--- a/gcc/c-opts.c
+++ b/gcc/c-opts.c
@@ -746,6 +746,10 @@ c_common_handle_option (size_t scode, const char *arg, int value)
cpp_opts->preprocessed = value;
break;

+ case OPT_fprofile_before_prolog:
+ flag_profile_before_prolog = value;
+ break;
+
case OPT_freplace_objc_classes:
flag_replace_objc_classes = value;
break;
diff --git a/gcc/c.opt b/gcc/c.opt
index 711710b..63cd8b6 100644
--- a/gcc/c.opt
+++ b/gcc/c.opt
@@ -720,6 +720,10 @@ fpreprocessed
C ObjC C++ ObjC++
Treat the input file as already preprocessed

+fprofile-before-prolog
+C ObjC C++ ObjC++
+Generate profiling code before the function prolog
+
freplace-objc-classes
ObjC ObjC++
Used in Fix-and-Continue mode to indicate that object files may be swapped in at runtime
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index c7a36f4..80bac96 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -7496,7 +7496,7 @@ ix86_frame_pointer_required (void)
|| ix86_current_function_calls_tls_descriptor))
return 1;

- if (crtl->profile)
+ if (crtl->profile && !crtl->profile_before_prolog)
return 1;

return 0;
diff --git a/gcc/config/i386/linux.h b/gcc/config/i386/linux.h
index 39b8746..11008e8 100644
--- a/gcc/config/i386/linux.h
+++ b/gcc/config/i386/linux.h
@@ -55,7 +55,7 @@ along with GCC; see the file COPYING3. If not see
frame, so we cannot allow profiling without a frame pointer. */

#undef SUBTARGET_FRAME_POINTER_REQUIRED
-#define SUBTARGET_FRAME_POINTER_REQUIRED crtl->profile
+#define SUBTARGET_FRAME_POINTER_REQUIRED (crtl->profile && !crtl->profile_before_prolog)

#undef SIZE_TYPE
#define SIZE_TYPE "unsigned int"
diff --git a/gcc/final.c b/gcc/final.c
index 5d717e1..8479245 100644
--- a/gcc/final.c
+++ b/gcc/final.c
@@ -1512,12 +1512,8 @@ final_start_function (rtx first ATTRIBUTE_UNUSED, FILE *file,
leaf_renumber_regs (first);

posted by twitter @ 10:01 AM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate