diff options
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 187 | ||||
| -rw-r--r-- | init/do_mounts.c | 7 | ||||
| -rw-r--r-- | init/do_mounts_initrd.c | 41 | ||||
| -rw-r--r-- | init/main.c | 37 |
4 files changed, 135 insertions, 137 deletions
diff --git a/init/Kconfig b/init/Kconfig index 73e4adf..6fdd6e3 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -496,6 +496,12 @@ config RCU_USER_QS excluded from the global RCU state machine and thus doesn't to keep the timer tick on for RCU. + Unless you want to hack and help the development of the full + tickless feature, you shouldn't enable this option. It adds + unnecessary overhead. + + If unsure say N + config RCU_USER_QS_FORCE bool "Force userspace extended QS by default" depends on RCU_USER_QS @@ -504,6 +510,12 @@ config RCU_USER_QS_FORCE test this feature that treats userspace as an extended quiescent state until we have a real user like a full adaptive nohz option. + Unless you want to hack and help the development of the full + tickless feature, you shouldn't enable this option. It adds + unnecessary overhead. + + If unsure say N + config RCU_FANOUT int "Tree-based hierarchical RCU fanout value" range 2 64 if 64BIT @@ -986,113 +998,24 @@ config UIDGID_CONVERTED bool default y - # List of kernel pieces that need user namespace work - # Features - depends on SYSVIPC = n - depends on IMA = n - depends on EVM = n - depends on KEYS = n - depends on AUDIT = n - depends on AUDITSYSCALL = n - depends on TASKSTATS = n - depends on TRACING = n - depends on FS_POSIX_ACL = n - depends on QUOTA = n - depends on QUOTACTL = n - depends on DEBUG_CREDENTIALS = n - depends on BSD_PROCESS_ACCT = n - depends on DRM = n - depends on PROC_EVENTS = n - # Networking - depends on NET = n depends on NET_9P = n - depends on IPX = n - depends on PHONET = n - depends on NET_CLS_FLOW = n - depends on NETFILTER_XT_MATCH_OWNER = n - depends on NETFILTER_XT_MATCH_RECENT = n - depends on NETFILTER_XT_TARGET_LOG = n - depends on NETFILTER_NETLINK_LOG = n - depends on INET = n - depends on IPV6 = n - depends on IP_SCTP = n - depends on AF_RXRPC = n - depends on LLC2 = n - depends on NET_KEY = n - depends on INET_DIAG = n - depends on DNS_RESOLVER = n - depends on AX25 = n - depends on ATALK = n # Filesystems - depends on USB_DEVICEFS = n - depends on USB_GADGETFS = n - depends on USB_FUNCTIONFS = n - depends on DEVTMPFS = n - depends on XENFS = n - depends on 9P_FS = n - depends on ADFS_FS = n - depends on AFFS_FS = n depends on AFS_FS = n depends on AUTOFS4_FS = n - depends on BEFS_FS = n - depends on BFS_FS = n - depends on BTRFS_FS = n depends on CEPH_FS = n depends on CIFS = n depends on CODA_FS = n - depends on CONFIGFS_FS = n - depends on CRAMFS = n - depends on DEBUG_FS = n - depends on ECRYPT_FS = n - depends on EFS_FS = n - depends on EXOFS_FS = n - depends on FAT_FS = n depends on FUSE_FS = n depends on GFS2_FS = n - depends on HFS_FS = n - depends on HFSPLUS_FS = n - depends on HPFS_FS = n - depends on HUGETLBFS = n - depends on ISO9660_FS = n - depends on JFFS2_FS = n - depends on JFS_FS = n - depends on LOGFS = n - depends on MINIX_FS = n depends on NCP_FS = n depends on NFSD = n depends on NFS_FS = n - depends on NILFS2_FS = n - depends on NTFS_FS = n depends on OCFS2_FS = n - depends on OMFS_FS = n - depends on QNX4FS_FS = n - depends on QNX6FS_FS = n - depends on REISERFS_FS = n - depends on SQUASHFS = n - depends on SYSV_FS = n - depends on UBIFS_FS = n - depends on UDF_FS = n - depends on UFS_FS = n - depends on VXFS_FS = n depends on XFS_FS = n - depends on !UML || HOSTFS = n - - # The rare drivers that won't build - depends on AIRO = n - depends on AIRO_CS = n - depends on TUN = n - depends on INFINIBAND_QIB = n - depends on BLK_DEV_LOOP = n - depends on ANDROID_BINDER_IPC = n - - # Security modules - depends on SECURITY_TOMOYO = n - depends on SECURITY_APPARMOR = n - config UIDGID_STRICT_TYPE_CHECKS bool "Require conversions between uid/gids and their internal representation" depends on UIDGID_CONVERTED @@ -1214,10 +1137,12 @@ menuconfig EXPERT environments which can tolerate a "non-standard" kernel. Only use this if you really know what you are doing. +config HAVE_UID16 + bool + config UID16 bool "Enable 16-bit UID system calls" if EXPERT - depends on ARM || BLACKFIN || CRIS || FRV || H8300 || X86_32 || M68K || (S390 && !64BIT) || SUPERH || SPARC32 || (SPARC64 && COMPAT) || UML || (X86_64 && IA32_EMULATION) \ - || AARCH32_EMULATION + depends on HAVE_UID16 default y help This enables the legacy 16-bit UID syscall wrappers. @@ -1239,6 +1164,11 @@ config SYSCTL_SYSCALL If unsure say N here. +config SYSCTL_EXCEPTION_TRACE + bool + help + Enable support for /proc/sys/debug/exception-trace. + config KALLSYMS bool "Load all symbols for debugging/ksymoops" if EXPERT default y @@ -1288,6 +1218,7 @@ config BUG Just say Y. config ELF_CORE + depends on COREDUMP default y bool "Enable ELF core dumps" if EXPERT help @@ -1643,6 +1574,66 @@ config MODULE_SRCVERSION_ALL the version). With this option, such a "srcversion" field will be created for all modules. If unsure, say N. +config MODULE_SIG + bool "Module signature verification" + depends on MODULES + select KEYS + select CRYPTO + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select PUBLIC_KEY_ALGO_RSA + select ASN1 + select OID_REGISTRY + select X509_CERTIFICATE_PARSER + help + Check modules for valid signatures upon load: the signature + is simply appended to the module. For more information see + Documentation/module-signing.txt. + + !!!WARNING!!! If you enable this option, you MUST make sure that the + module DOES NOT get stripped after being signed. This includes the + debuginfo strip done by some packagers (such as rpmbuild) and + inclusion into an initramfs that wants the module size reduced. + +config MODULE_SIG_FORCE + bool "Require modules to be validly signed" + depends on MODULE_SIG + help + Reject unsigned modules or signed modules for which we don't have a + key. Without this, such modules will simply taint the kernel. + +choice + prompt "Which hash algorithm should modules be signed with?" + depends on MODULE_SIG + help + This determines which sort of hashing algorithm will be used during + signature generation. This algorithm _must_ be built into the kernel + directly so that signature verification can take place. It is not + possible to load a signed module containing the algorithm to check + the signature on that module. + +config MODULE_SIG_SHA1 + bool "Sign modules with SHA-1" + select CRYPTO_SHA1 + +config MODULE_SIG_SHA224 + bool "Sign modules with SHA-224" + select CRYPTO_SHA256 + +config MODULE_SIG_SHA256 + bool "Sign modules with SHA-256" + select CRYPTO_SHA256 + +config MODULE_SIG_SHA384 + bool "Sign modules with SHA-384" + select CRYPTO_SHA512 + +config MODULE_SIG_SHA512 + bool "Sign modules with SHA-512" + select CRYPTO_SHA512 + +endchoice + endif # MODULES config INIT_ALL_POSSIBLE @@ -1670,4 +1661,18 @@ config PADATA depends on SMP bool +# Can be selected by architectures with broken toolchains +# that get confused by correct const<->read_only section +# mappings +config BROKEN_RODATA + bool + +config ASN1 + tristate + help + Build a simple ASN.1 grammar compiler that produces a bytecode output + that can be interpreted by the ASN.1 stream decoder and used to + inform it as to what tags are to be expected in a stream and what + functions to call on what tags. + source "kernel/Kconfig.locks" diff --git a/init/do_mounts.c b/init/do_mounts.c index d3f0aee..f8a6642 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -353,8 +353,9 @@ static int __init do_mount_root(char *name, char *fs, int flags, void *data) void __init mount_block_root(char *name, int flags) { - char *fs_names = __getname_gfp(GFP_KERNEL - | __GFP_NOTRACK_FALSE_POSITIVE); + struct page *page = alloc_page(GFP_KERNEL | + __GFP_NOTRACK_FALSE_POSITIVE); + char *fs_names = page_address(page); char *p; #ifdef CONFIG_BLOCK char b[BDEVNAME_SIZE]; @@ -406,7 +407,7 @@ retry: #endif panic("VFS: Unable to mount root fs on %s", b); out: - putname(fs_names); + put_page(page); } #ifdef CONFIG_ROOT_NFS diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c index 135959a2..5e4ded5 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c @@ -16,13 +16,13 @@ #include <linux/initrd.h> #include <linux/sched.h> #include <linux/freezer.h> +#include <linux/kmod.h> #include "do_mounts.h" unsigned long initrd_start, initrd_end; int initrd_below_start_ok; unsigned int real_root_dev; /* do_proc_dointvec cannot handle kdev_t */ -static int __initdata old_fd, root_fd; static int __initdata mount_initrd = 1; static int __init no_initrd(char *str) @@ -33,33 +33,29 @@ static int __init no_initrd(char *str) __setup("noinitrd", no_initrd); -static int __init do_linuxrc(void *_shell) +static int init_linuxrc(struct subprocess_info *info, struct cred *new) { - static const char *argv[] = { "linuxrc", NULL, }; - extern const char *envp_init[]; - const char *shell = _shell; - - sys_close(old_fd);sys_close(root_fd); + sys_unshare(CLONE_FS | CLONE_FILES); + /* move initrd over / and chdir/chroot in initrd root */ + sys_chdir("/root"); + sys_mount(".", "/", NULL, MS_MOVE, NULL); + sys_chroot("."); sys_setsid(); - return kernel_execve(shell, argv, envp_init); + return 0; } static void __init handle_initrd(void) { + static char *argv[] = { "linuxrc", NULL, }; + extern char *envp_init[]; int error; - int pid; real_root_dev = new_encode_dev(ROOT_DEV); create_dev("/dev/root.old", Root_RAM0); /* mount initrd on rootfs' /root */ mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); sys_mkdir("/old", 0700); - root_fd = sys_open("/", 0, 0); - old_fd = sys_open("/old", 0, 0); - /* move initrd over / and chdir/chroot in initrd root */ - sys_chdir("/root"); - sys_mount(".", "/", NULL, MS_MOVE, NULL); - sys_chroot("."); + sys_chdir("/old"); /* * In case that a resume from disk is carried out by linuxrc or one of @@ -67,27 +63,22 @@ static void __init handle_initrd(void) */ current->flags |= PF_FREEZER_SKIP; - pid = kernel_thread(do_linuxrc, "/linuxrc", SIGCHLD); - if (pid > 0) - while (pid != sys_wait4(-1, NULL, 0, NULL)) - yield(); + call_usermodehelper_fns("/linuxrc", argv, envp_init, UMH_WAIT_PROC, + init_linuxrc, NULL, NULL); current->flags &= ~PF_FREEZER_SKIP; /* move initrd to rootfs' /old */ - sys_fchdir(old_fd); - sys_mount("/", ".", NULL, MS_MOVE, NULL); + sys_mount("..", ".", NULL, MS_MOVE, NULL); /* switch root and cwd back to / of rootfs */ - sys_fchdir(root_fd); - sys_chroot("."); - sys_close(old_fd); - sys_close(root_fd); + sys_chroot(".."); if (new_decode_dev(real_root_dev) == Root_RAM0) { sys_chdir("/old"); return; } + sys_chdir("/"); ROOT_DEV = new_decode_dev(real_root_dev); mount_root(); diff --git a/init/main.c b/init/main.c index db34c0e..e33e09d 100644 --- a/init/main.c +++ b/init/main.c @@ -69,6 +69,7 @@ #include <linux/slab.h> #include <linux/perf_event.h> #include <linux/file.h> +#include <linux/ptrace.h> #include <asm/io.h> #include <asm/bugs.h> @@ -86,7 +87,6 @@ extern void init_IRQ(void); extern void fork_init(unsigned long); extern void mca_init(void); extern void sbus_init(void); -extern void prio_tree_init(void); extern void radix_tree_init(void); #ifndef CONFIG_DEBUG_RODATA static inline void mark_rodata_ro(void) { } @@ -442,9 +442,11 @@ void __init __weak smp_setup_processor_id(void) { } +# if THREAD_SIZE >= PAGE_SIZE void __init __weak thread_info_cache_init(void) { } +#endif /* * Set up kernel memory allocators @@ -547,7 +549,6 @@ asmlinkage void __init start_kernel(void) /* init some links before init_ISA_irqs() */ early_irq_init(); init_IRQ(); - prio_tree_init(); init_timers(); hrtimers_init(); softirq_init(); @@ -793,17 +794,17 @@ static void __init do_pre_smp_initcalls(void) do_one_initcall(*fn); } -static void run_init_process(const char *init_filename) +static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; - kernel_execve(init_filename, argv_init, envp_init); + return kernel_execve(init_filename, argv_init, envp_init); } -/* This is a non __init function. Force it to be noinline otherwise gcc - * makes it inline to init() and it becomes part of init.text section - */ -static noinline int init_post(void) +static void __init kernel_init_freeable(void); + +static int __ref kernel_init(void *unused) { + kernel_init_freeable(); /* need to finish all async __init code before freeing the memory */ async_synchronize_full(); free_initmem(); @@ -815,7 +816,8 @@ static noinline int init_post(void) flush_delayed_fput(); if (ramdisk_execute_command) { - run_init_process(ramdisk_execute_command); + if (!run_init_process(ramdisk_execute_command)) + return 0; printk(KERN_WARNING "Failed to execute %s\n", ramdisk_execute_command); } @@ -827,20 +829,22 @@ static noinline int init_post(void) * trying to recover a really broken machine. */ if (execute_command) { - run_init_process(execute_command); + if (!run_init_process(execute_command)) + return 0; printk(KERN_WARNING "Failed to execute %s. Attempting " "defaults...\n", execute_command); } - run_init_process("/sbin/init"); - run_init_process("/etc/init"); - run_init_process("/bin/init"); - run_init_process("/bin/sh"); + if (!run_init_process("/sbin/init") || + !run_init_process("/etc/init") || + !run_init_process("/bin/init") || + !run_init_process("/bin/sh")) + return 0; panic("No init found. Try passing init= option to kernel. " "See Linux Documentation/init.txt for guidance."); } -static int __init kernel_init(void * unused) +static void __init kernel_init_freeable(void) { /* * Wait until kthreadd is all set-up. @@ -895,7 +899,4 @@ static int __init kernel_init(void * unused) * we're essentially up and running. Get rid of the * initmem segments and start the user-mode stuff.. */ - - init_post(); - return 0; } |
