1. 09 Oct, 2013 2 commits
  2. 11 Sep, 2013 1 commit
  3. 23 Jun, 2013 1 commit
    • Dave Hansen's avatar
      perf: Drop sample rate when sampling is too slow · 14c63f17
      Dave Hansen authored
      This patch keeps track of how long perf's NMI handler is taking,
      and also calculates how many samples perf can take a second.  If
      the sample length times the expected max number of samples
      exceeds a configurable threshold, it drops the sample rate.
      This way, we don't have a runaway sampling process eating up the
      This patch can tend to drop the sample rate down to level where
      perf doesn't work very well.  *BUT* the alternative is that my
      system hangs because it spends all of its time handling NMIs.
      I'll take a busted performance tool over an entire system that's
      busted and undebuggable any day.
      BTW, my suspicion is that there's still an underlying bug here.
      Using the HPET instead of the TSC is definitely a contributing
      factor, but I suspect there are some other things going on.
      But, I can't go dig down on a bug like that with my machine
      hanging all the time.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Acked-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: paulus@samba.org
      Cc: acme@ghostprotocols.net
      Cc: Dave Hansen <dave@sr71.net>
      [ Prettified it a bit. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
  4. 28 May, 2013 2 commits
  5. 05 Jan, 2013 2 commits
  6. 05 Oct, 2012 1 commit
  7. 07 Feb, 2012 1 commit
  8. 13 Jan, 2012 1 commit
  9. 05 Dec, 2011 1 commit
  10. 01 Nov, 2011 1 commit
    • Dan Ballard's avatar
      kernel/sysctl.c: add cap_last_cap to /proc/sys/kernel · 73efc039
      Dan Ballard authored
      Userspace needs to know the highest valid capability of the running
      kernel, which right now cannot reliably be retrieved from the header files
      only.  The fact that this value cannot be determined properly right now
      creates various problems for libraries compiled on newer header files
      which are run on older kernels.  They assume capabilities are available
      which actually aren't.  libcap-ng is one example.  And we ran into the
      same problem with systemd too.
      Now the capability is exported in /proc/sys/kernel/cap_last_cap.
      [akpm@linux-foundation.org: make cap_last_cap const, per Ulrich]
      Signed-off-by: default avatarDan Ballard <dan@mindstab.net>
      Cc: Randy Dunlap <rdunlap@xenotime.net>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Kay Sievers <kay.sievers@vrfy.org>
      Cc: Ulrich Drepper <drepper@akkadia.org>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  11. 26 Jul, 2011 1 commit
    • Vasiliy Kulikov's avatar
      ipc: introduce shm_rmid_forced sysctl · b34a6b1d
      Vasiliy Kulikov authored
      Add support for the shm_rmid_forced sysctl.  If set to 1, all shared
      memory objects in current ipc namespace will be automatically forced to
      use IPC_RMID.
      The POSIX way of handling shmem allows one to create shm objects and
      call shmdt(), leaving shm object associated with no process, thus
      consuming memory not counted via rlimits.
      With shm_rmid_forced=1 the shared memory object is counted at least for
      one process, so OOM killer may effectively kill the fat process holding
      the shared memory.
      It obviously breaks POSIX - some programs relying on the feature would
      stop working.  So set shm_rmid_forced=1 only if you're sure nobody uses
      "orphaned" memory.  Use shm_rmid_forced=0 by default for compatability
      The feature was previously impemented in -ow as a configure option.
      [akpm@linux-foundation.org: fix documentation, per Randy]
      [akpm@linux-foundation.org: fix warning]
      [akpm@linux-foundation.org: readability/conventionality tweaks]
      [akpm@linux-foundation.org: fix shm_rmid_forced/shm_forced_rmid confusion, use standard comment layout]
      Signed-off-by: default avatarVasiliy Kulikov <segoon@openwall.com>
      Cc: Randy Dunlap <rdunlap@xenotime.net>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: "Serge E. Hallyn" <serge.hallyn@canonical.com>
      Cc: Daniel Lezcano <daniel.lezcano@free.fr>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: Solar Designer <solar@openwall.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  12. 23 Jul, 2011 1 commit
  13. 27 May, 2011 1 commit
    • Jiri Slaby's avatar
      coredump: add support for exe_file in core name · 57cc083a
      Jiri Slaby authored
      Now, exe_file is not proc FS dependent, so we can use it to name core
      file.  So we add %E pattern for core file name cration which extract path
      from mm_struct->exe_file.  Then it converts slashes to exclamation marks
      and pastes the result to the core file name itself.
      This is useful for environments where binary names are longer than 16
      character (the current->comm limitation).  Also where there are binaries
      with same name but in a different path.  Further in case the binery itself
      changes its current->comm after exec.
      So by doing (s/$/#/ -- # is treated as git comment):
        $ sysctl kernel.core_pattern='core.%p.%e.%E'
        $ ln /bin/cat cat45678901234567890
        $ ./cat45678901234567890
        $ rm cat45678901234567890
        $ fg
        ^\Quit (core dumped)
        $ ls core*
      we now get:
        core.2434.cat456789012345.!root!cat45678901234567890 (deleted)
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Reviewed-by: default avatarAndi Kleen <andi@firstfloor.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  14. 11 Feb, 2011 1 commit
  15. 13 Jan, 2011 1 commit
    • Dan Rosenberg's avatar
      kptr_restrict for hiding kernel pointers from unprivileged users · 455cd5ab
      Dan Rosenberg authored
      Add the %pK printk format specifier and the /proc/sys/kernel/kptr_restrict
      The %pK format specifier is designed to hide exposed kernel pointers,
      specifically via /proc interfaces.  Exposing these pointers provides an
      easy target for kernel write vulnerabilities, since they reveal the
      locations of writable structures containing easily triggerable function
      pointers.  The behavior of %pK depends on the kptr_restrict sysctl.
      If kptr_restrict is set to 0, no deviation from the standard %p behavior
      occurs.  If kptr_restrict is set to 1, the default, if the current user
      (intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG
      (currently in the LSM tree), kernel pointers using %pK are printed as 0's.
       If kptr_restrict is set to 2, kernel pointers using %pK are printed as
      0's regardless of privileges.  Replacing with 0's was chosen over the
      default "(null)", which cannot be parsed by userland %p, which expects
      [akpm@linux-foundation.org: check for IRQ context when !kptr_restrict, save an indent level, s/WARN/WARN_ONCE/]
      [akpm@linux-foundation.org: coding-style fixup]
      [randy.dunlap@oracle.com: fix kernel/sysctl.c warning]
      Signed-off-by: default avatarDan Rosenberg <drosenberg@vsecurity.com>
      Signed-off-by: default avatarRandy Dunlap <randy.dunlap@oracle.com>
      Cc: James Morris <jmorris@namei.org>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Thomas Graf <tgraf@infradead.org>
      Cc: Eugene Teo <eugeneteo@kernel.org>
      Cc: Kees Cook <kees.cook@canonical.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Eric Paris <eparis@parisplace.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  16. 08 Dec, 2010 1 commit
  17. 12 Nov, 2010 1 commit
  18. 11 Dec, 2009 1 commit
  19. 09 Nov, 2009 1 commit
  20. 24 Sep, 2009 1 commit
    • Neil Horman's avatar
      exec: let do_coredump() limit the number of concurrent dumps to pipes · a293980c
      Neil Horman authored
      Introduce core pipe limiting sysctl.
      Since we can dump cores to pipe, rather than directly to the filesystem,
      we create a condition in which a user can create a very high load on the
      system simply by running bad applications.
      If the pipe reader specified in core_pattern is poorly written, we can
      have lots of ourstandig resources and processes in the system.
      This sysctl introduces an ability to limit that resource consumption.
      core_pipe_limit defines how many in-flight dumps may be run in parallel,
      dumps beyond this value are skipped and a note is made in the kernel log.
      A special value of 0 in core_pipe_limit denotes unlimited core dumps may
      be handled (this is the default value).
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reported-by: default avatarEarl Chew <earl_chew@agilent.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  21. 23 Sep, 2009 1 commit
  22. 21 Sep, 2009 1 commit
  23. 11 Sep, 2009 1 commit
  24. 03 Apr, 2009 2 commits
    • Shen Feng's avatar
      documentation: update Documentation/filesystem/proc.txt and Documentation/sysctls · 760df93e
      Shen Feng authored
      Now /proc/sys is described in many places and much information is
      redundant.  This patch updates the proc.txt and move the /proc/sys
      desciption out to the files in Documentation/sysctls.
      Details are:
      -  2.1  /proc/sys/fs - File system data
      -  2.11 /proc/sys/fs/mqueue - POSIX message queues filesystem
      -  2.17 /proc/sys/fs/epoll - Configuration options for the epoll interface
      with Documentation/sysctls/fs.txt.
      -  2.2  /proc/sys/fs/binfmt_misc - Miscellaneous binary formats
      since it's not better then the Documentation/binfmt_misc.txt.
      -  2.3  /proc/sys/kernel - general kernel parameters
      with Documentation/sysctls/kernel.txt
      -  2.5  /proc/sys/dev - Device specific parameters
      since it's obsolete the sysfs is used now.
      -  2.6  /proc/sys/sunrpc - Remote procedure calls
      since it's not better then the Documentation/sysctls/sunrpc.txt
      -  2.7  /proc/sys/net - Networking stuff
      -  2.9  Appletalk
      -  2.10 IPX
      to newly created Documentation/sysctls/net.txt.
      -  2.8  /proc/sys/net/ipv4 - IPV4 settings
      since it's not better then the Documentation/networking/ip-sysctl.txt.
      - Chapter 3 Per-Process Parameters
      to descibe /proc/<pid>/xxx parameters.
      Signed-off-by: default avatarShen Feng <shen@cn.fujitsu.com>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Kees Cook's avatar
      modules: sysctl to block module loading · 3d43321b
      Kees Cook authored
      Implement a sysctl file that disables module-loading system-wide since
      there is no longer a viable way to remove CAP_SYS_MODULE after the system
      bounding capability set was removed in 2.6.25.
      Value can only be set to "1", and is tested only if standard capability
      checks allow CAP_SYS_MODULE.  Given existing /dev/mem protections, this
      should allow administrators a one-way method to block module loading
      after initial boot-time module loading has finished.
      Signed-off-by: default avatarKees Cook <kees.cook@canonical.com>
      Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
  25. 29 Oct, 2008 1 commit
  26. 10 Oct, 2008 1 commit
    • Greg Kroah-Hartman's avatar
      Staging: add TAINT_CRAP for all drivers/staging code · 061b1bd3
      Greg Kroah-Hartman authored
      We need to add a flag for all code that is in the drivers/staging/
      directory to prevent all other kernel developers from worrying about
      issues here, and to notify users that the drivers might not be as good
      as they are normally used to.
      Based on code from Andreas Gruenbacher and Jeff Mahoney to provide a
      TAINT flag for the support level of a kernel module in the Novell
      enterprise kernel release.
      This is the kernel portion of this feature, the ability for the flag to
      be set needs to be done in the build process and will happen in a
      follow-up patch.
      Cc: Andreas Gruenbacher <agruen@suse.de>
      Cc: Jeff Mahoney <jeffm@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
  27. 23 Sep, 2008 1 commit
  28. 19 Sep, 2008 1 commit
  29. 14 Feb, 2008 1 commit
  30. 09 Feb, 2008 1 commit
  31. 17 Oct, 2007 1 commit
  32. 09 May, 2007 2 commits
  33. 07 Dec, 2006 1 commit
  34. 11 Oct, 2006 1 commit
  35. 27 Aug, 2006 1 commit