kernel August 2010

kernel@lists.fedoraproject.org

19 participants
12 discussions

[PATCH] nx-emu: clean up nx-emu for ia32-only
by Kees Cook 30 Aug '10

30 Aug '10

The NX-emulation should only exist for the 32 bit case, and should not be visible under any other situation. This removes the exec-shield parameter when not running on 32-bit x86, standardizes the x86_report_nx strings, and sets a min/max proc handler for the exec_shield parameter. Signed-off-by: Kees Cook <kees.cook(a)canonical.com> --- arch/x86/mm/setup_nx.c | 12 ++++++++++-- include/linux/sched.h | 2 ++ kernel/sysctl.c | 6 +++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c index e0d9cce..f068676 100644 --- a/arch/x86/mm/setup_nx.c +++ b/arch/x86/mm/setup_nx.c @@ -24,7 +24,9 @@ static int __init noexec_setup(char *str) disable_nx = 0; } else if (!strncmp(str, "off", 3)) { disable_nx = 1; +#ifdef CONFIG_X86_32 exec_shield = 0; +#endif } x86_configure_nx(); return 0; @@ -42,12 +44,18 @@ void __cpuinit x86_configure_nx(void) void __init x86_report_nx(void) { if (!cpu_has_nx) { +#ifdef CONFIG_X86_32 if (exec_shield) - printk(KERN_INFO "Using x86 segment limits to approximate NX protection\n"); + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximated by x86 segment limits\n"); else - + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximation disabled by kernel command " + "line option\n"); +#else printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " "missing in CPU or disabled in BIOS!\n"); +#endif } else { #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) if (disable_nx) { diff --git a/include/linux/sched.h b/include/linux/sched.h index 2102309..5606aa7 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,7 +101,9 @@ struct bio_list; struct fs_struct; struct perf_event_context; +#ifdef CONFIG_X86_32 extern int exec_shield; +#endif extern int print_fatal_signals; /* diff --git a/kernel/sysctl.c b/kernel/sysctl.c index c7f0d4a..68f020f 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -104,6 +104,7 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max; extern int sysctl_nr_trim_pages; #endif +#ifdef CONFIG_X86_32 int exec_shield = 1; static int __init setup_exec_shield(char *str) @@ -113,6 +114,7 @@ static int __init setup_exec_shield(char *str) return 1; } __setup("exec-shield=", setup_exec_shield); +#endif #ifdef CONFIG_BLOCK extern int blk_iopoll_enabled; @@ -447,7 +449,9 @@ static struct ctl_table kern_table[] = { .data = &exec_shield, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = &proc_dointvec, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &one, }, #endif -- 1.7.1 -- Kees Cook Ubuntu Security Team

3 3

[PATCH] exec-randomization: brk away from exec rand area
by Kees Cook 28 Aug '10

28 Aug '10

This is a fix for the NX emulation patch to force the brk area well outside of the exec randomization area to avoid future allocation or brk growth collisions. Normally this isn't a problem, except when the text region has been loaded from a PIE binary and the CS limit can't be put just above bss. A test-case that will show failures without this patch can be found here: http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master… Signed-off-by: Kees Cook <kees.cook(a)canonical.com> --- arch/x86/kernel/process.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 57d1868..29c0c35 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -669,6 +669,16 @@ unsigned long arch_align_stack(unsigned long sp) unsigned long arch_randomize_brk(struct mm_struct *mm) { unsigned long range_end = mm->brk + 0x02000000; - return randomize_range(mm->brk, range_end, 0) ? : mm->brk; + unsigned long bump = 0; +#ifdef CONFIG_X86_32 + /* in the case of NX emulation, shove the brk segment way out of the + way of the exec randomization area, since it can collide with + future allocations if not. */ + if ( (mm->get_unmapped_exec_area == arch_get_unmapped_exec_area) && + (mm->brk < 0x08000000) ) { + bump = (TASK_SIZE/6); + } +#endif + return bump + (randomize_range(mm->brk, range_end, 0) ? : mm->brk); } -- 1.7.1 -- Kees Cook Ubuntu Security Team

1 0

up'ing /proc/sys/fs/inotify/max_user_watches ?
by Rex Dieter 27 Aug '10

27 Aug '10

kde packagers received a request to consider shipping systems with a higher (default) value of /proc/sys/fs/inotify/max_user_watches to allow for a better experience for noticing changes (notably when using nepomuk indexing of content in users' homedir). The suggested value was something like 524288 (seems the default on f13 is 8192). A recent kde-sig meeting discussed the topic, http://fedoraproject.org/wiki/SIGs/KDE/Meetings/2010-07-27 where mjg59 also agreed "It's probably justifiable to increase it". So, any comments or objections implementing this (for f14)? -- Rex

4 8

Re: kernel problem
by Eric Sandeen 26 Aug '10

26 Aug '10

Jose Feliciano Benitez wrote: > Hi Eric, > Can you please point me to instructions on how to fill out a detailed > bug report and how to try intermediate kernels. > I dont know how to tackle this problem since the computer does not > respond at all after suspending. > I am upgrading to Fedora 13 and hopefully the problem will be gone. FWIW, this list is more for development issues, rather than user questions. But: http://www.google.com/search?q=filing+a+fedora+bug+report yields http://fedoraproject.org/wiki/BugsAndFeatureRequests and http://fedoraproject.org/wiki/How_to_file_a_bug_report for starters. There are kernels built, between your two problematic kernels at: http://kojipkgs.fedoraproject.org/packages/kernel/2.6.32.16/ <subdirs> http://kojipkgs.fedoraproject.org/packages/kernel/2.6.32.17/156.fc12/ http://kojipkgs.fedoraproject.org/packages/kernel/2.6.32.18/159.fc12/ http://kojipkgs.fedoraproject.org/packages/kernel/2.6.32.19/ <subdirs> but if you're unfamiliar with installing rpms manually I don't know that you should go down that route. I'd start by testing F13 and if that fails too, just file a bug against that kernel with all the information you have. -Eric > Jose > > > > Eric Sandeen wrote: >> Benitez, Jose wrote: >> >>> Hello, >>> I am a Fedora Core 12 user and the kernel recently updated to >>> 2.6.32.19-163.fc12.i686 >>> from the previous kernel: 2.6.32.16-150.fc12.i686 >>> >>> With the new kernel my Dell Inspiron 6000 laptop does not return >>> after Suspending or Hibernating. >>> Can this be fixed somehow? >>> >> >> Filing a detailed bug is the best first step. >> >> Testing intermediate kernels (if there are some, maybe in koji) to >> narrow it down >> might help too. >> >> -Eric >> >

1 0

kernel problem
by Benitez, Jose 26 Aug '10

26 Aug '10

Hello, I am a Fedora Core 12 user and the kernel recently updated to 2.6.32.19-163.fc12.i686 from the previous kernel: 2.6.32.16-150.fc12.i686 With the new kernel my Dell Inspiron 6000 laptop does not return after Suspending or Hibernating. Can this be fixed somehow? Thanks, Jose

2 1

CONFIG_LOCKDEP
by John Hartgraves 17 Aug '10

17 Aug '10

I'm trying to rebuild my kernel without debugging, I set the %define debugbuildsenabled to 1 and in the kernel.spec file before building with rpmbuild but I am still getting CONFIG_LOCKDEP=y in my kernel config file in my /boot directory after I install the built kernel. How do I fully disable this? -John Hartgraves

4 3

Re-compiling kernel-2.6.33.6-147.2.4
by JD 16 Aug '10

16 Aug '10

During build of this kernel, I got the following compilation error: I needed to add another kernel feature (added full preemption) CONFIG_PREEMPT=y so.... After make oldconfig, and make xconfig, ran make all . . . CC [M] drivers/video/console/fbcon.o drivers/video/console/fbcon.c:3537: error: expected declaration specifiers or ‘...’ before string constant drivers/video/console/fbcon.c:3537: error: expected declaration specifiers or ‘...’ before ‘quiet_logo’ drivers/video/console/fbcon.c:3537: warning: data definition has no type or storage class drivers/video/console/fbcon.c:3537: warning: type defaults to ‘int’ in declaration of ‘early_param’ drivers/video/console/fbcon.c:3537: warning: function declaration isn’t a prototype make[3]: *** [drivers/video/console/fbcon.o] Error 1 make[2]: *** [drivers/video/console] Error 2 make[1]: *** [drivers/video] Error 2 make: *** [drivers] Error 2 The folks at kernel.org told me this is not their bug, but fedora's added code. Is there a bugzilla for fedora kernel?

3 2

private branches under fedpkg/git
by M A Young 07 Aug '10

07 Aug '10

I would like to re-establish a private branch that I had under CVS (private-myoung-dom0-branch) which I used to build pvops enabled kernels so that the more adventurous could use a Fedora based Domain-0 kernel with xen. Are there any policies I should follow? I asked this on the devel list and Roland McGrath suggested naming convention of user/<username>/whatever-you-want for rawhide forks and fN/user/... for release branch forks. If I follow this pattern I would choose the name f12/user/myoung/xendom0 (I am following f12 at the moment because currently most of the xen development is on based on the 2.6.32 kernel). Are there any other opinions before I create this branch? Michael Young

4 14

2.6.35-1 kernel/sched.c:616 invoked rcu_dereference_check() without protection
by Michał Piotrowski 04 Aug '10

04 Aug '10

Hi, I downloaded and build this kernel http://koji.fedoraproject.org/koji/buildinfo?buildID=187678 on my F13 box. I am getting an error on boot. You might be interested in this =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- kernel/sched.c:616 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 3 locks held by swapper/1: #0: (cpu_add_remove_lock){+.+.+.}, at: [<ffffffff8105292e>] cpu_maps_update_begin+0x17/0x19 #1: (cpu_hotplug.lock){+.+.+.}, at: [<ffffffff81052973>] cpu_hotplug_begin+0x2c/0x53 #2: (&rq->lock){-.-...}, at: [<ffffffff814943a9>] init_idle+0x30/0x136 stack backtrace: Pid: 1, comm: swapper Not tainted 2.6.35-1.fc13.x86_64 #1 Call Trace: [<ffffffff8107bb7a>] lockdep_rcu_dereference+0xaa/0xb2 [<ffffffff8104012f>] task_group+0x80/0x8f [<ffffffff814943a9>] ? init_idle+0x30/0x136 [<ffffffff81040155>] set_task_rq+0x17/0x73 [<ffffffff81494468>] init_idle+0xef/0x136 [<ffffffff81494885>] fork_idle+0xbd/0xce [<ffffffff8107c243>] ? mark_held_locks+0x52/0x70 [<ffffffff81492e6a>] do_fork_idle+0x1c/0x2d [<ffffffff81492283>] do_boot_cpu+0x145/0xa3b [<ffffffff811127ec>] ? alloc_page_interleave+0x79/0x86 [<ffffffff81492e4e>] ? do_fork_idle+0x0/0x2d [<ffffffff81492c74>] native_cpu_up+0xfb/0x1ce [<ffffffff81494966>] _cpu_up+0xa0/0x115 [<ffffffff81494ab1>] cpu_up+0xd6/0xe8 [<ffffffff81d78695>] kernel_init+0x105/0x2c9 [<ffffffff8100aaa4>] kernel_thread_helper+0x4/0x10 [<ffffffff8149bfd0>] ? restore_args+0x0/0x30 [<ffffffff81d78590>] ? kernel_init+0x0/0x2c9 [<ffffffff8100aaa0>] ? kernel_thread_helper+0x0/0x10 Booting Node 0, Processors #1lockdep: fixing up alternatives. #2lockdep: fixing up alternatives. #3 Ok. Regards, M

1 0

Was kernel-2.6.35-0.fc14 supposed to be kernel-2.6.35-1.fc14a?
by Bruno Wolff III 03 Aug '10

03 Aug '10

kernel-2.6.35-0.fc14 seems to be a lower version than the versions of previous builds and isn't getting installed by yum update (from a local repo).

3 6

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

kernel August 2010