Kernel-Log – Was 2.6.29 bringt (6): Schneller starten und andere Änderungen unter der Haube
Seite 2: Virtualisierung, Security und mehr
Virtualisierung und Security
Besonders fleißig waren wieder einmal die KVM-Entwickler, die zirka 150 Patches eingebracht haben, die unter anderem Verbesserungen für NMI-, MSI-, und Kdump-Unterstützung bringen sowie schnelleren Zugriff auf die MMU ermöglichen. Einige Änderungen im IOMMU-Subsystem optimieren die Unterstützung zum Weiterreichen von PCI-/PCIe-Geräten an Gast-Systeme. Zahlreiche Patches verbessern ferner die Unterstützung für Container-Virtualisierung; das neue Xenfs soll ferner die Interaktion zwischen Userspace und Xen verbessern.
Aufgenommen wurden auch die Task Credentials Patches, die die Kernel-interne Handhabung prozess-spezifischer Informationen (User- und Group-ID, Berechtigungen und Co.) umstrukturieren (LWN.net-Artikel, Kernel-Dokumentation). Die LSM (Linux Security Modules) bieten nun Eingreifpunkte für Security-Frameworks wie AppArmor und Tomoyo, die beim Erkennen von Programmen teilweise auf Dateinamen zurückgreifen, während Lösungen wie SELinux oder Smack auf Erweiterte Attribute setzen. Der Crypto-Code des Kernel wird ab 2.6.29 shash beherrschen.
Unter der Haube
Durch die maßgeblich von Rusty Russell vorangetriebenen Cpumask-Änderungen können Distributoren ihre Kernel nun mit Unterstützung für bis zu 4096 CPU-Kerne übersetzen, ohne dass es größere Performance-Einbußen auf Dual- oder Quad-Core-Systemen geben sollte; der Entwickler erklärt die Hintergründe der Änderungen sowie die Funktionsweise des Code grob in seinem Blog.
Durch die eingepflegten Tree RCU Patches soll der Kernel auf Systemen mit "ein paar hundert Prozessoren" besser skalieren (u. a. 1); eine detaillierte Erklärung der Funktionsweise des neuen Codes finden Interessierte in dem von einem bei IBM angestellten Patch-Autor geschriebenen LWN.net-Artikel.
Einen Haufen Änderungen gab es auch rund um die Tracing-Infrastruktur ftrace. Eingepflegt haben die Kernel-Hacker zudem Patches, durch die die poll()-Funktion schlafen kann, sowie Funktionen, die den exklusiven Zugriff auf I/O-Memory sicherstellen (LWN.net-Artikel). Durch letzteres können Treiber die zur Kommunikation mit Hardware benutzten I/O-Speicherbereiche vor ungewollten Schreibzugriffen durch Userspace-Programme schützen, da solche im dümmsten Fall die Hardware unbrauchbar machen können – ähnlich wie es bei dem ein Kernel-interner Fehler während der 2.6.27-Entwicklung der Fall war, der Intel-Netzwerkkarten lahmlegte ("e1000e-Problem").
Der Kernel lässt sich nicht mehr mit den GCC-Versionen 3.0 und 3.1 sowie 4.1.0 und 4.1.1 korrekt übersetzen.
Noch mehr Änderungen
Neben den im Artikel bereits beschriebenen Neuerungen haben die Kernel-Entwickler noch eine große Zahl weiterer Patches für 2.6.29 aufgenommen – die Kernel-Hacker legten etwa die Verzeichnisse mit dem Code zur Unterstützung von SPARC und SPARC64 zusammen und erweiterten den ARM-Code um Unterstützung für den i.MX31. Details zu diesen und zahlreichen anderen weniger wichtigen, aber keineswegs unbedeutenden Änderungen finden sich in der folgenden Liste. Die einzelnen Einträge verweisen auf den jeweiligen Commit im Quellcodeverwaltungssystem von Linux, wo sich weiterführende Informationen zur Änderung sowie der jeweilige Patch finden.
Fastboot
- ahci: add a module parameter to ignore the SSS flags for async scanning
- async: don't do the initcall stuff post boot
- async: make async a command line option for now
- async: make the final inode deletion an asynchronous event
- bootchart: improve output based on Dave Jones' feedback
- bootgraph: make the bootgraph script show async waiting time
- fastboot: Make libata initialization even more async
- fastboot: make scsi probes asynchronous
- fastboot: make the libata port scan asynchronous
- libata: Add a per-host flag to opt-in into parallel port probes
- libata: only ports >= 0 need to synchronize
- partial revert of asynchronous inode delete
Tracing
- blktrace: port to tracepoints
- ftrace: add function tracing to single thread
- ftrace: add quick function trace stop
- tracing: add a tracer to catch execution time of kernel functions
- tracing: add "power-tracer": C/P state tracer to help power optimization
- tracing/function-graph-tracer: enabled by default
- tracing/function-graph-tracer: support for x86-64
- tracing/function-return-tracer: change the name into function-graph-tracer
- tracing/function-return-tracer: set a more human readable output
- tracing: likely/unlikely branch annotation tracer
- tracing: profile likely and unlikely annotations
- tracing, x86: add low level support for ftrace return tracing
Crypto/Security
- CRED: Documentation
- CRED: Inaugurate COW credentials
- CRED: Make execve() take advantage of copy-on-write credentials
- CRED: Separate task security context from task_struct
- CRED: Use RCU to access another task's creds and to release a task's own creds
- crypto: aes - Precompute tables
- introduce new LSM hooks where vfsmount is available.
- libcrc32c: Move implementation to crypto crc32c
- netlabel: Update kernel configuration API
- selinux: Deprecate and schedule the removal of the the compat_net functionality
- smack: Add support for unlabeled network hosts and networks
- user namespaces: document CFS behavior
Virtualisierung
- Add DEVPTS_MULTIPLE_INSTANCES config token
- Add domain flag DOMAIN_FLAG_VIRTUAL_MACHINE
- Add domain_flush_cache
- add frontend implementation for the IOMMU API
- Add global iommu list
- Add/remove domain device info for virtual machine domain
- AMD IOMMU: add domain map function for IOMMU API
- AMD IOMMU: add Kconfig entry for statistic collection code
- AMD IOMMU: add protection domain flags
- cgroups: add a per-subsystem hierarchy_mutex
- cgroups: clean up Kconfig
- cgroups: consolidate cgroup documents
- cgroups: documentation updates
- cgroups: make cgroup config a submenu
- Document usage of multiple-instances of devpts
- Enable multiple instances of devpts
- introcude linux/iommu.h for an iommu api
- KVM: change KVM to use IOMMU API
- KVM: Enable MSI for device assignment
- KVM: Enable MTRR for EPT
- KVM: ia64: Re-organize data sturure of guests' data area
- KVM: MSI to INTx translate
- KVM: ppc: Implement in-kernel exit timing statistics
- KVM: support device deassignment
- KVM: use the new intel iommu APIs
- KVM: VMX: Add PAT support for EPT
- KVM: VMX: Provide support for user space injected NMIs
- KVM: x86 emulator: add Src2 decode set
- KVM: x86 emulator: Extend the opcode descriptor
- KVM: x86: Support for user space injected NMIs
- select IOMMU_API when DMAR and/or AMD_IOMMU is selected
- x86: vmware: look for DMI string in the product serial key
Architektur-Code
Generic
- CVE-2009-0029: Convert all system calls to return a long
- CVE-2009-0029: Make sys_pselect7 static
- CVE-2009-0029: Make sys_syslog a conditional system call
- CVE-2009-0029: Move compat system call declarations to compat header file
- CVE-2009-0029: powerpc: Enable syscall wrappers for 64-bit
- CVE-2009-0029: Remove __attribute__((weak)) from sys_pipe/sys_pipe2
- CVE-2009-0029: Rename old_readdir to sys_old_readdir
- CVE-2009-0029: s390: enable system call wrappers
- CVE-2009-0029: s390 specific system call wrappers
- CVE-2009-0029: sparc: Enable syscall wrappers for 64-bit
- CVE-2009-0029: System call wrapper infrastructure
- CVE-2009-0029: System call wrappers part 01
- CVE-2009-0029: System call wrappers part 02
- CVE-2009-0029: System call wrappers part 03
- CVE-2009-0029: System call wrappers part 04
- CVE-2009-0029: System call wrappers part 05
- CVE-2009-0029: System call wrappers part 06
- CVE-2009-0029: System call wrappers part 07
- CVE-2009-0029: System call wrappers part 08
- CVE-2009-0029: System call wrappers part 09
- CVE-2009-0029: System call wrappers part 10
- CVE-2009-0029: System call wrappers part 11
- CVE-2009-0029: System call wrappers part 12
- CVE-2009-0029: System call wrappers part 13
- CVE-2009-0029: System call wrappers part 14
- CVE-2009-0029: System call wrappers part 15
- CVE-2009-0029: System call wrappers part 16
- CVE-2009-0029: System call wrappers part 17
- CVE-2009-0029: System call wrappers part 18
- CVE-2009-0029: System call wrappers part 19
- CVE-2009-0029: System call wrappers part 20
- CVE-2009-0029: System call wrappers part 21
- CVE-2009-0029: System call wrappers part 22
- CVE-2009-0029: System call wrappers part 23
- CVE-2009-0029: System call wrappers part 24
- CVE-2009-0029: System call wrappers part 25
- CVE-2009-0029: System call wrappers part 26
- CVE-2009-0029: System call wrappers part 27
- CVE-2009-0029: System call wrappers part 28
- CVE-2009-0029: System call wrappers part 29
- CVE-2009-0029: System call wrappers part 30
- CVE-2009-0029: System call wrappers part 31
- CVE-2009-0029: System call wrappers part 32
- CVE-2009-0029: System call wrappers part 33
- CVE-2009-0029: System call wrapper special cases
- byteorder: make swab.h include asm/swab.h like a regular header
Generic – Cpumasks
- cpumask: Add alloc_cpumask_var_node()
- cpumask: Add CONFIG_CPUMASK_OFFSTACK
- cpumask: add sysfs displays for configured and disabled cpu maps
- cpumask: centralize cpu_online_map and cpu_possible_map
- cpumask: CONFIG_DISABLE_OBSOLETE_CPUMASK_FUNCTIONS
- cpumask: convert shared_cpu_map in acpi_processor* structs to cpumask_var_t
- cpumask: documentation for cpumask_var_t
- cpumask: fix CONFIG_NUMA=y sched.c
- cpumask: Introduce cpumask_of_{node,pcibus} to replace {node,pcibus}_to_cpumask
- cpumask: Introduce topology_core_cpumask()/topology_thread_cpumask(): ia64
- cpumask: Introduce topology_core_cpumask()/topology_thread_cpumask(): powerpc
- cpumask: Introduce topology_core_cpumask()/topology_thread_cpumask(): s390
- cpumask: Introduce topology_core_cpumask()/topology_thread_cpumask(): sparc
- cpumask: make CONFIG_NR_CPUS always valid.
- cpumask: sh: Introduce cpumask_of_{node,pcibus} to replace {node,pcibus}_to_cpumask
- cpumask: switch over to cpu_online/possible/active/present_mask: core
- cpumask: Use accessors code in core
- sysfs: add documentation to cputopology.txt for system cpumasks
- x86 smp: modify send_IPI_mask interface to accept cpumask_t pointers
- x86: Update io_apic.c to use new cpumask API
ARM
- Add basic support for MX31PDK board.
- Add default configuration for MX31PDK board.
- ARM: 5290/1: [AT91 Add support for the Adeneo NeoCore 926 board]
- ARM: 5319/1: AT91: support AT91CAP9 revC CPUs
- ARM: 5338/1: Add Nuvoton W90P910 Platform support
- ARM: Arrange for platforms to select appropriate CPU support
- ARM: clps7500: remove support
- ARM: CPUFREQ: S3C24XX serial CPU frequency scaling support.
- ARM: DSM320: Add support for the DSM320
- ARM: MX2 pcm038: add 1-wire master support
- ARM: MX31: basic support for mx31moboard platform
- ARM: OMAP3: Add basic support for Pandora handheld console
- ARM: OMAP3: LDP: Add Ethernet device support to make ldp boot succeess
- ARM: pcm037: add 1wire support
- ARM: pcm037: add support for the on-board LAN9217 network controller
- ARM: pxa: add basic support for HP iPAQ h5000
- ARM: pxa/MioA701: add camera support for Mio A701 board.
- ARM: S3C64XX: Basic CPU detection and map initialisation
- i.MX31: framebuffer driver
- i.MX31: Image Processing Unit DMA and IRQ drivers
Blackfin
- Blackfin arch: Add BF537-STAMP platform support for ENC28J60 SPI Ethernet MAC
- Blackfin arch: Add document about bfin-gpio
- Blackfin arch: add support for Blackfin latest processor family BF51x
- Blackfin arch: BF538/9 Linux kernel Support
- Blackfin arch: change HWTRACE Kconfig and set it on default
- Blackfin arch: Cleanup and unify Blackfin IRQ and GPIO IRQ handling
- Blackfin arch: Enable ISP1760 USB Host Driver in platform device initialization code.
- Blackfin arch: Faster C implementation of no-MPU CPLB handler
- Blackfin arch: merge adeos blackfin part to arch/blackfin/
- Blackfin arch: smp patch cleanup from LKML review
- Blackfin arch: SMP supporting patchset: BF561 related code
- Blackfin arch: SMP supporting patchset: Blackfin CPLB related code
- Blackfin arch: SMP supporting patchset: Blackfin header files and machine common code
- Blackfin arch: SMP supporting patchset: Blackfin kernel and memory management code
- Blackfin arch: SMP supporting patchset: some other misc code
MIPS
- MIPS: Add Cavium OCTEON cop2/cvmseg state entries to processor.h.
- MIPS: Add Cavium OCTEON processor constants and CPU probe.
- MIPS: Add Cavium OCTEON processor CSR definitions
- MIPS: Add Cavium OCTEON processor support files to arch/mips/cavium-octeon.
- MIPS: Add Cavium OCTEON processor support files to arch/mips/cavium-octeon/executive and asm/octeon.
- MIPS: Add Cavium OCTEON slot into proper tlb category.
- MIPS: Add Cavium OCTEON specific register definitions to mipsregs.h
- MIPS: Add Cavium OCTEON specific registers to ptrace.h and asm-offsets.c
- MIPS: Add Cavium OCTEON to arch/mips/Kconfig
- MIPS: Add defconfig for Cavium OCTEON.
- MIPS: Add SMP_ICACHE_FLUSH for the Cavium CPU family.
- MIPS: Alchemy: devboards: consolidate files
- MIPS: Alchemy: Move development board code to common subdirectory
- MIPS: Alchemy: new userspace suspend interface for development boards.
- MIPS: Alchemy: RTC counter clocksource / clockevent support.
- MIPS: Alchemy: update core interrupt code.
- MIPS: IP27: Switch from DMA_IP27 to DMA_COHERENT
- MIPS: Use hardware watchpoints on all R1 and R2 CPUs.
Power
- powerpc/85xx: Enable SMP support
- powerpc: Change u64/s64 to a long long integer type
- powerpc/mm: Introduce MMU features
- powerpc/oprofile: IBM CELL: add SPU event profiling support
- powerpc: Rewrite sysfs processor cache info code
- Update powerpc maintainers
S390
- S390: hvc_iucv: Update function documentation
- S390: improve idle cputime accounting
- S390: introduce vdso on s390
- S390: update documentation for hvc_iucv kernel parameter.
SH
- doc: Update sh cpufreq documentation.
- sh: Add platform-specific constants for SH7709
- sh: Add support for SH7201 CPU subtype.
- sh: allow CONFIG_CPU_IDLE
- sh: allow CONFIG_PM
- sh: Generic kgdb stub support.
- sh: sh7760fb: Add support SH7720/SH7721 of Renesas
SPARC
- MAINTAINERS: update sparc maintainer
- sparc64: Use unsigned long long for u64.
- sparc,sparc64: unify Kconfig files
- sparc,sparc64: unify kernel/
- sparc,sparc64: unify Makefile
- sparc: Use 64BIT config entry
x86
- Documentation/x86/boot.txt: payload length was changed to payload_length
- pci: add PCI IDs for devices that need boot irq quirks
- x86, 64-bit: update address space documentation
- x86-64: seccomp: fix 32/64 syscall hole
- x86-64: syscall-audit: fix 32/64 syscall hole
- x86: add cache descriptors for Intel Core i7
- x86: add Dell XPS710 reboot quirk
- x86: add memory hotremove config option
- x86: add X86_FEATURE_HYPERVISOR feature bit
- x86: APIC: enable workaround on AMD Fam10h CPUs
- x86, apm: remove CONFIG_APM_REAL_MODE_POWER_OFF in favor of a kernel parameter
- x86, bts: base in-kernel ds interface on handles
- x86, bts: provide in-kernel branch-trace interface
- x86: change OPTIMIZE_INLINING help to say enabling makes smaller kernels
- x86: cleanup remaining cpumask_t ops in smpboot code
- x86: default to SWIOTLB=y on x86_64
- x86: enable cpus display of kernel_max and offlined cpus
- x86: enable MAXSMP
- x86, mm: enable GBPAGES option by default
- x86: MSI start irq numbering from nr_irqs_gsi
- x86: offer frame pointers in all build modes
- x86: only scan the root bus in early PCI quirks
- x86/oprofile: fix pci_dev use count for AMD northbridge devices
- x86: PAT: update documentation to cover pgprot and remap_pfn related changes - v3
- x86, pci: introduce config option for pci reroute quirks (was: PATCH 0/3 Boot IRQ quirks for Broadcom and AMD/ATI)
- x86, pci: introduce pci=ioapicreroute kernel cmdline option
- x86, pci: introduce pci=noioapicquirk kernel cmdline option
- x86: remove init_mm export as planned for 2.6.26
- x86: Set CONFIG_NR_CPUS even on UP
- x86: some lock annotations for user copy paths
- x86: some lock annotations for user copy paths, v2
- x86: some lock annotations for user copy paths, v3
- x86, sparseirq: clean up Kconfig entry
- x86: support always running TSC on Intel CPUs
- x86: turn CONFIG_SPARSE_IRQ off by default
- x86: update CONFIG_NUMA description
- x86: use NR_IRQS_LEGACY
- x86: use possible_cpus=NUM to extend the possible cpus allowed
Miscellaneous
- avr32: Hammerhead board support
- IA64: enable setting DMAR on by default
- xtensa: Add xt2000 support files.
mm
- Fix page writeback thinko, causing Berkeley DB slowdown
- memcg: explain details and test document
- memcg: fix swap accounting leak
- memcg: handle swap caches
- memcg: introduce charge-commit-cancel style of functions
- memcg: memory cgroup hierarchy documentation
- memcg: mem+swap controller core
- memcg: mem+swap controller Kconfig
- memcg: move all acccounting to parent at rmdir()
- memcg: new force_empty to free pages under group
- memcg: show reclaim stat
- memcg: swappiness
- memcg: synchronized LRU
- mm: add_active_or_unevictable into rmap
- mm: add add_to_swap stub
- mm: add dirty_background_bytes and dirty_bytes sysctls
- mm: add Set,ClearPageSwapCache stubs
- mm: direct IO starvation improvement
- mm: further cleanup page_add_new_anon_rmap
- mm: OOM documentation update
- mm: optimize get_scan_ratio for no swap
- mm: remove gfp_mask from add_to_swap
- mm: remove try_to_munlock from vmscan
- mm: report the MMU pagesize in /proc/pid/smaps
- mm: report the pagesize backing a VMA in /proc/pid/smaps
- mm: show node to memory section relationship with symlinks in sysfs
- mm: vmalloc make lazy unmapping configurable
- NOMMU: Make mmap allocation page trimming behaviour configurable.
- NOMMU: Make VMAs per MM as for MMU-mode linux
- NOMMU: Support XIP on initramfs
- Remove obsolete CONFIG_RESOURCES_64BIT
- shmem: unify regular and tiny shmem
- vmscan: improve reclaim throughput to bail out patch
Miscellaneous
- allow stripping of generated symbols under CONFIG_KALLSYMS_ALL
- bitmap: find_last_bit()
- checkpatch: Add warning for p0-patches
- debug: add notifier chain debugging
- debugobjects: add boot parameter default value
- do_mounts: add device info to mount message
- driver core: add root_device_register()
- file capabilities: add no_file_caps switch (v4)
- fix modules_install via NFS
- $(LEhttp://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5410ecc0def8955ab99810c5626cc7e156991896:kbuild: introduce $(kecho) convenience echo|_blank)$
- kbuild: reintroduce ALLSOURCE_ARCHS support for tags/cscope
- kbuild: strip generated symbols from *.ko
- kbuild: use KECHO convenience echo
- kconfig: add script to manipulate .config files on the command line
- kconfig: improve error messages for bad source statements
- LOCKD: Make lockd_up() and lockd_down() exported GPL-only
- lockstat: contend with points
- module: add MODULE_STATE_LIVE notify
- modules: Use a better scheme for refcounting
- NFS: add "no resvport" mount option
- NFS: "no resvport" mount option changes mountd client too
- oops: increment the oops UUID every time we oops
- PATCH: fast vdso implementation for CLOCK_THREAD_CPUTIME_ID
- PATCH: idle cputime accounting
- PATCH: improve precision of idle time detection.
- PATCH: improve precision of process accounting.
- proc: add /proc/*/stack
- proc: stop using BKL
- regulator: sysfs attribute reduction (v2)
- resource: allow MMIO exclusivity for device drivers
- RTC: Remove the BKL.
- Sanitize gcc version header includes
- scripts: script from kerneloops.org to pretty print oops dumps
- setlocalversion: add git-svn support
- slab: introduce kzfree()
- SLUB: failslab support
- softlockup: increase hung tasks check from 2 minutes to 8 minutes
- sparse irq_desc array: core kernel and x86 changes
- swiotlb: add support for systems with highmem
- sysfs: clarify SYSFS_DEPRECATED help text
- timers: split process wide cpu clocks/timers
- trivial: Update MAINTAINERS entry
- UIO: Pass information about ioports to userspace (V2)