aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/ABI/testing/sysfs-block-rssd21
-rw-r--r--Documentation/ABI/testing/sysfs-bus-iio31
-rw-r--r--Documentation/ABI/testing/sysfs-class-mtd17
-rw-r--r--Documentation/DocBook/media/v4l/controls.xml2
-rw-r--r--Documentation/DocBook/media/v4l/pixfmt.xml4
-rw-r--r--Documentation/DocBook/media/v4l/v4l2.xml2
-rw-r--r--Documentation/DocBook/media/v4l/vidioc-create-bufs.xml5
-rw-r--r--Documentation/DocBook/media/v4l/vidioc-dqevent.xml2
-rw-r--r--Documentation/DocBook/media/v4l/vidioc-g-ext-ctrls.xml7
-rw-r--r--Documentation/arm/SPEAr/overview.txt2
-rw-r--r--Documentation/device-mapper/verity.txt131
-rw-r--r--Documentation/devicetree/bindings/input/fsl-mma8450.txt1
-rw-r--r--Documentation/devicetree/bindings/mfd/mc13xxx.txt4
-rw-r--r--Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt4
-rw-r--r--Documentation/devicetree/bindings/net/fsl-fec.txt2
-rw-r--r--Documentation/devicetree/bindings/pinctrl/fsl,imx6q-pinctrl.txt2
-rw-r--r--Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt4
-rw-r--r--Documentation/devicetree/bindings/vendor-prefixes.txt1
-rw-r--r--Documentation/hwmon/coretemp22
-rw-r--r--Documentation/kdump/kdump.txt2
-rw-r--r--Documentation/networking/stmmac.txt44
-rw-r--r--Documentation/prctl/no_new_privs.txt57
-rw-r--r--Documentation/stable_kernel_rules.txt6
-rw-r--r--Documentation/virtual/kvm/api.txt17
24 files changed, 232 insertions, 158 deletions
diff --git a/Documentation/ABI/testing/sysfs-block-rssd b/Documentation/ABI/testing/sysfs-block-rssd
index 679ce3543122..beef30c046b0 100644
--- a/Documentation/ABI/testing/sysfs-block-rssd
+++ b/Documentation/ABI/testing/sysfs-block-rssd
@@ -1,26 +1,5 @@
1What: /sys/block/rssd*/registers
2Date: March 2012
3KernelVersion: 3.3
4Contact: Asai Thambi S P <asamymuthupa@micron.com>
5Description: This is a read-only file. Dumps below driver information and
6 hardware registers.
7 - S ACTive
8 - Command Issue
9 - Completed
10 - PORT IRQ STAT
11 - HOST IRQ STAT
12 - Allocated
13 - Commands in Q
14
15What: /sys/block/rssd*/status 1What: /sys/block/rssd*/status
16Date: April 2012 2Date: April 2012
17KernelVersion: 3.4 3KernelVersion: 3.4
18Contact: Asai Thambi S P <asamymuthupa@micron.com> 4Contact: Asai Thambi S P <asamymuthupa@micron.com>
19Description: This is a read-only file. Indicates the status of the device. 5Description: This is a read-only file. Indicates the status of the device.
20
21What: /sys/block/rssd*/flags
22Date: May 2012
23KernelVersion: 3.5
24Contact: Asai Thambi S P <asamymuthupa@micron.com>
25Description: This is a read-only file. Dumps the flags in port and driver
26 data structure
diff --git a/Documentation/ABI/testing/sysfs-bus-iio b/Documentation/ABI/testing/sysfs-bus-iio
index 5bc8a476c15e..cfedf63cce15 100644
--- a/Documentation/ABI/testing/sysfs-bus-iio
+++ b/Documentation/ABI/testing/sysfs-bus-iio
@@ -219,6 +219,7 @@ What: /sys/bus/iio/devices/iio:deviceX/in_voltageY_scale
219What: /sys/bus/iio/devices/iio:deviceX/in_voltageY_supply_scale 219What: /sys/bus/iio/devices/iio:deviceX/in_voltageY_supply_scale
220What: /sys/bus/iio/devices/iio:deviceX/in_voltage_scale 220What: /sys/bus/iio/devices/iio:deviceX/in_voltage_scale
221What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_scale 221What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_scale
222What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_scale
222What: /sys/bus/iio/devices/iio:deviceX/in_accel_scale 223What: /sys/bus/iio/devices/iio:deviceX/in_accel_scale
223What: /sys/bus/iio/devices/iio:deviceX/in_accel_peak_scale 224What: /sys/bus/iio/devices/iio:deviceX/in_accel_peak_scale
224What: /sys/bus/iio/devices/iio:deviceX/in_anglvel_scale 225What: /sys/bus/iio/devices/iio:deviceX/in_anglvel_scale
@@ -273,6 +274,7 @@ What: /sys/bus/iio/devices/iio:deviceX/in_accel_scale_available
273What: /sys/.../iio:deviceX/in_voltageX_scale_available 274What: /sys/.../iio:deviceX/in_voltageX_scale_available
274What: /sys/.../iio:deviceX/in_voltage-voltage_scale_available 275What: /sys/.../iio:deviceX/in_voltage-voltage_scale_available
275What: /sys/.../iio:deviceX/out_voltageX_scale_available 276What: /sys/.../iio:deviceX/out_voltageX_scale_available
277What: /sys/.../iio:deviceX/out_altvoltageX_scale_available
276What: /sys/.../iio:deviceX/in_capacitance_scale_available 278What: /sys/.../iio:deviceX/in_capacitance_scale_available
277KernelVersion: 2.635 279KernelVersion: 2.635
278Contact: linux-iio@vger.kernel.org 280Contact: linux-iio@vger.kernel.org
@@ -298,14 +300,19 @@ Description:
298 gives the 3dB frequency of the filter in Hz. 300 gives the 3dB frequency of the filter in Hz.
299 301
300What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_raw 302What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_raw
303What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_raw
301KernelVersion: 2.6.37 304KernelVersion: 2.6.37
302Contact: linux-iio@vger.kernel.org 305Contact: linux-iio@vger.kernel.org
303Description: 306Description:
304 Raw (unscaled, no bias etc.) output voltage for 307 Raw (unscaled, no bias etc.) output voltage for
305 channel Y. The number must always be specified and 308 channel Y. The number must always be specified and
306 unique if the output corresponds to a single channel. 309 unique if the output corresponds to a single channel.
310 While DAC like devices typically use out_voltage,
311 a continuous frequency generating device, such as
312 a DDS or PLL should use out_altvoltage.
307 313
308What: /sys/bus/iio/devices/iio:deviceX/out_voltageY&Z_raw 314What: /sys/bus/iio/devices/iio:deviceX/out_voltageY&Z_raw
315What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY&Z_raw
309KernelVersion: 2.6.37 316KernelVersion: 2.6.37
310Contact: linux-iio@vger.kernel.org 317Contact: linux-iio@vger.kernel.org
311Description: 318Description:
@@ -316,6 +323,8 @@ Description:
316 323
317What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_powerdown_mode 324What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_powerdown_mode
318What: /sys/bus/iio/devices/iio:deviceX/out_voltage_powerdown_mode 325What: /sys/bus/iio/devices/iio:deviceX/out_voltage_powerdown_mode
326What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_powerdown_mode
327What: /sys/bus/iio/devices/iio:deviceX/out_altvoltage_powerdown_mode
319KernelVersion: 2.6.38 328KernelVersion: 2.6.38
320Contact: linux-iio@vger.kernel.org 329Contact: linux-iio@vger.kernel.org
321Description: 330Description:
@@ -330,6 +339,8 @@ Description:
330 339
331What: /sys/.../iio:deviceX/out_votlageY_powerdown_mode_available 340What: /sys/.../iio:deviceX/out_votlageY_powerdown_mode_available
332What: /sys/.../iio:deviceX/out_voltage_powerdown_mode_available 341What: /sys/.../iio:deviceX/out_voltage_powerdown_mode_available
342What: /sys/.../iio:deviceX/out_altvotlageY_powerdown_mode_available
343What: /sys/.../iio:deviceX/out_altvoltage_powerdown_mode_available
333KernelVersion: 2.6.38 344KernelVersion: 2.6.38
334Contact: linux-iio@vger.kernel.org 345Contact: linux-iio@vger.kernel.org
335Description: 346Description:
@@ -338,6 +349,8 @@ Description:
338 349
339What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_powerdown 350What: /sys/bus/iio/devices/iio:deviceX/out_voltageY_powerdown
340What: /sys/bus/iio/devices/iio:deviceX/out_voltage_powerdown 351What: /sys/bus/iio/devices/iio:deviceX/out_voltage_powerdown
352What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_powerdown
353What: /sys/bus/iio/devices/iio:deviceX/out_altvoltage_powerdown
341KernelVersion: 2.6.38 354KernelVersion: 2.6.38
342Contact: linux-iio@vger.kernel.org 355Contact: linux-iio@vger.kernel.org
343Description: 356Description:
@@ -346,6 +359,24 @@ Description:
346 normal operation. Y may be suppressed if all outputs are 359 normal operation. Y may be suppressed if all outputs are
347 controlled together. 360 controlled together.
348 361
362What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_frequency
363KernelVersion: 3.4.0
364Contact: linux-iio@vger.kernel.org
365Description:
366 Output frequency for channel Y in Hz. The number must always be
367 specified and unique if the output corresponds to a single
368 channel.
369
370What: /sys/bus/iio/devices/iio:deviceX/out_altvoltageY_phase
371KernelVersion: 3.4.0
372Contact: linux-iio@vger.kernel.org
373Description:
374 Phase in radians of one frequency/clock output Y
375 (out_altvoltageY) relative to another frequency/clock output
376 (out_altvoltageZ) of the device X. The number must always be
377 specified and unique if the output corresponds to a single
378 channel.
379
349What: /sys/bus/iio/devices/iio:deviceX/events 380What: /sys/bus/iio/devices/iio:deviceX/events
350KernelVersion: 2.6.35 381KernelVersion: 2.6.35
351Contact: linux-iio@vger.kernel.org 382Contact: linux-iio@vger.kernel.org
diff --git a/Documentation/ABI/testing/sysfs-class-mtd b/Documentation/ABI/testing/sysfs-class-mtd
index db1ad7e34fc3..938ef71e2035 100644
--- a/Documentation/ABI/testing/sysfs-class-mtd
+++ b/Documentation/ABI/testing/sysfs-class-mtd
@@ -142,13 +142,14 @@ KernelVersion: 3.4
142Contact: linux-mtd@lists.infradead.org 142Contact: linux-mtd@lists.infradead.org
143Description: 143Description:
144 This allows the user to examine and adjust the criteria by which 144 This allows the user to examine and adjust the criteria by which
145 mtd returns -EUCLEAN from mtd_read(). If the maximum number of 145 mtd returns -EUCLEAN from mtd_read() and mtd_read_oob(). If the
146 bit errors that were corrected on any single region comprising 146 maximum number of bit errors that were corrected on any single
147 an ecc step (as reported by the driver) equals or exceeds this 147 region comprising an ecc step (as reported by the driver) equals
148 value, -EUCLEAN is returned. Otherwise, absent an error, 0 is 148 or exceeds this value, -EUCLEAN is returned. Otherwise, absent
149 returned. Higher layers (e.g., UBI) use this return code as an 149 an error, 0 is returned. Higher layers (e.g., UBI) use this
150 indication that an erase block may be degrading and should be 150 return code as an indication that an erase block may be
151 scrutinized as a candidate for being marked as bad. 151 degrading and should be scrutinized as a candidate for being
152 marked as bad.
152 153
153 The initial value may be specified by the flash device driver. 154 The initial value may be specified by the flash device driver.
154 If not, then the default value is ecc_strength. 155 If not, then the default value is ecc_strength.
@@ -167,7 +168,7 @@ Description:
167 block degradation, but high enough to avoid the consequences of 168 block degradation, but high enough to avoid the consequences of
168 a persistent return value of -EUCLEAN on devices where sticky 169 a persistent return value of -EUCLEAN on devices where sticky
169 bitflips occur. Note that if bitflip_threshold exceeds 170 bitflips occur. Note that if bitflip_threshold exceeds
170 ecc_strength, -EUCLEAN is never returned by mtd_read(). 171 ecc_strength, -EUCLEAN is never returned by the read operations.
171 Conversely, if bitflip_threshold is zero, -EUCLEAN is always 172 Conversely, if bitflip_threshold is zero, -EUCLEAN is always
172 returned, absent a hard error. 173 returned, absent a hard error.
173 174
diff --git a/Documentation/DocBook/media/v4l/controls.xml b/Documentation/DocBook/media/v4l/controls.xml
index 676bc46f9c52..cda0dfb6769a 100644
--- a/Documentation/DocBook/media/v4l/controls.xml
+++ b/Documentation/DocBook/media/v4l/controls.xml
@@ -3988,7 +3988,7 @@ interface and may change in the future.</para>
3988 from RGB to Y'CbCr color space. 3988 from RGB to Y'CbCr color space.
3989 </entry> 3989 </entry>
3990 </row> 3990 </row>
3991 <row id = "v4l2-jpeg-chroma-subsampling"> 3991 <row>
3992 <entrytbl spanname="descr" cols="2"> 3992 <entrytbl spanname="descr" cols="2">
3993 <tbody valign="top"> 3993 <tbody valign="top">
3994 <row> 3994 <row>
diff --git a/Documentation/DocBook/media/v4l/pixfmt.xml b/Documentation/DocBook/media/v4l/pixfmt.xml
index f5ac15ed0549..e58934c92895 100644
--- a/Documentation/DocBook/media/v4l/pixfmt.xml
+++ b/Documentation/DocBook/media/v4l/pixfmt.xml
@@ -986,13 +986,13 @@ http://www.thedirks.org/winnov/</ulink></para></entry>
986 <row id="V4L2-PIX-FMT-Y4"> 986 <row id="V4L2-PIX-FMT-Y4">
987 <entry><constant>V4L2_PIX_FMT_Y4</constant></entry> 987 <entry><constant>V4L2_PIX_FMT_Y4</constant></entry>
988 <entry>'Y04 '</entry> 988 <entry>'Y04 '</entry>
989 <entry>Old 4-bit greyscale format. Only the least significant 4 bits of each byte are used, 989 <entry>Old 4-bit greyscale format. Only the most significant 4 bits of each byte are used,
990the other bits are set to 0.</entry> 990the other bits are set to 0.</entry>
991 </row> 991 </row>
992 <row id="V4L2-PIX-FMT-Y6"> 992 <row id="V4L2-PIX-FMT-Y6">
993 <entry><constant>V4L2_PIX_FMT_Y6</constant></entry> 993 <entry><constant>V4L2_PIX_FMT_Y6</constant></entry>
994 <entry>'Y06 '</entry> 994 <entry>'Y06 '</entry>
995 <entry>Old 6-bit greyscale format. Only the least significant 6 bits of each byte are used, 995 <entry>Old 6-bit greyscale format. Only the most significant 6 bits of each byte are used,
996the other bits are set to 0.</entry> 996the other bits are set to 0.</entry>
997 </row> 997 </row>
998 </tbody> 998 </tbody>
diff --git a/Documentation/DocBook/media/v4l/v4l2.xml b/Documentation/DocBook/media/v4l/v4l2.xml
index 015c561754b7..008c2d73a484 100644
--- a/Documentation/DocBook/media/v4l/v4l2.xml
+++ b/Documentation/DocBook/media/v4l/v4l2.xml
@@ -560,6 +560,7 @@ and discussions on the V4L mailing list.</revremark>
560 &sub-g-tuner; 560 &sub-g-tuner;
561 &sub-log-status; 561 &sub-log-status;
562 &sub-overlay; 562 &sub-overlay;
563 &sub-prepare-buf;
563 &sub-qbuf; 564 &sub-qbuf;
564 &sub-querybuf; 565 &sub-querybuf;
565 &sub-querycap; 566 &sub-querycap;
@@ -567,7 +568,6 @@ and discussions on the V4L mailing list.</revremark>
567 &sub-query-dv-preset; 568 &sub-query-dv-preset;
568 &sub-query-dv-timings; 569 &sub-query-dv-timings;
569 &sub-querystd; 570 &sub-querystd;
570 &sub-prepare-buf;
571 &sub-reqbufs; 571 &sub-reqbufs;
572 &sub-s-hw-freq-seek; 572 &sub-s-hw-freq-seek;
573 &sub-streamon; 573 &sub-streamon;
diff --git a/Documentation/DocBook/media/v4l/vidioc-create-bufs.xml b/Documentation/DocBook/media/v4l/vidioc-create-bufs.xml
index 765549ff8a71..a2474ecb574a 100644
--- a/Documentation/DocBook/media/v4l/vidioc-create-bufs.xml
+++ b/Documentation/DocBook/media/v4l/vidioc-create-bufs.xml
@@ -108,10 +108,9 @@ information.</para>
108/></entry> 108/></entry>
109 </row> 109 </row>
110 <row> 110 <row>
111 <entry>__u32</entry> 111 <entry>struct&nbsp;v4l2_format</entry>
112 <entry><structfield>format</structfield></entry> 112 <entry><structfield>format</structfield></entry>
113 <entry>Filled in by the application, preserved by the driver. 113 <entry>Filled in by the application, preserved by the driver.</entry>
114 See <xref linkend="v4l2-format" />.</entry>
115 </row> 114 </row>
116 <row> 115 <row>
117 <entry>__u32</entry> 116 <entry>__u32</entry>
diff --git a/Documentation/DocBook/media/v4l/vidioc-dqevent.xml b/Documentation/DocBook/media/v4l/vidioc-dqevent.xml
index e8714aa16433..98a856f9ec30 100644
--- a/Documentation/DocBook/media/v4l/vidioc-dqevent.xml
+++ b/Documentation/DocBook/media/v4l/vidioc-dqevent.xml
@@ -89,7 +89,7 @@
89 <row> 89 <row>
90 <entry></entry> 90 <entry></entry>
91 <entry>&v4l2-event-frame-sync;</entry> 91 <entry>&v4l2-event-frame-sync;</entry>
92 <entry><structfield>frame</structfield></entry> 92 <entry><structfield>frame_sync</structfield></entry>
93 <entry>Event data for event V4L2_EVENT_FRAME_SYNC.</entry> 93 <entry>Event data for event V4L2_EVENT_FRAME_SYNC.</entry>
94 </row> 94 </row>
95 <row> 95 <row>
diff --git a/Documentation/DocBook/media/v4l/vidioc-g-ext-ctrls.xml b/Documentation/DocBook/media/v4l/vidioc-g-ext-ctrls.xml
index e3d5afcdafbb..0a4b90fcf2da 100644
--- a/Documentation/DocBook/media/v4l/vidioc-g-ext-ctrls.xml
+++ b/Documentation/DocBook/media/v4l/vidioc-g-ext-ctrls.xml
@@ -284,13 +284,6 @@ These controls are described in <xref
284 processing controls. These controls are described in <xref 284 processing controls. These controls are described in <xref
285 linkend="image-process-controls" />.</entry> 285 linkend="image-process-controls" />.</entry>
286 </row> 286 </row>
287 <row>
288 <entry><constant>V4L2_CTRL_CLASS_JPEG</constant></entry>
289 <entry>0x9d0000</entry>
290 <entry>The class containing JPEG compression controls.
291These controls are described in <xref
292 linkend="jpeg-controls" />.</entry>
293 </row>
294 </tbody> 287 </tbody>
295 </tgroup> 288 </tgroup>
296 </table> 289 </table>
diff --git a/Documentation/arm/SPEAr/overview.txt b/Documentation/arm/SPEAr/overview.txt
index 57aae7765c74..65610bf52ebf 100644
--- a/Documentation/arm/SPEAr/overview.txt
+++ b/Documentation/arm/SPEAr/overview.txt
@@ -60,4 +60,4 @@ Introduction
60 Document Author 60 Document Author
61 --------------- 61 ---------------
62 62
63 Viresh Kumar <viresh.kumar@st.com>, (c) 2010-2012 ST Microelectronics 63 Viresh Kumar <viresh.linux@gmail.com>, (c) 2010-2012 ST Microelectronics
diff --git a/Documentation/device-mapper/verity.txt b/Documentation/device-mapper/verity.txt
index 32e48797a14f..9884681535ee 100644
--- a/Documentation/device-mapper/verity.txt
+++ b/Documentation/device-mapper/verity.txt
@@ -7,39 +7,39 @@ This target is read-only.
7 7
8Construction Parameters 8Construction Parameters
9======================= 9=======================
10 <version> <dev> <hash_dev> <hash_start> 10 <version> <dev> <hash_dev>
11 <data_block_size> <hash_block_size> 11 <data_block_size> <hash_block_size>
12 <num_data_blocks> <hash_start_block> 12 <num_data_blocks> <hash_start_block>
13 <algorithm> <digest> <salt> 13 <algorithm> <digest> <salt>
14 14
15<version> 15<version>
16 This is the version number of the on-disk format. 16 This is the type of the on-disk hash format.
17 17
18 0 is the original format used in the Chromium OS. 18 0 is the original format used in the Chromium OS.
19 The salt is appended when hashing, digests are stored continuously and 19 The salt is appended when hashing, digests are stored continuously and
20 the rest of the block is padded with zeros. 20 the rest of the block is padded with zeros.
21 21
22 1 is the current format that should be used for new devices. 22 1 is the current format that should be used for new devices.
23 The salt is prepended when hashing and each digest is 23 The salt is prepended when hashing and each digest is
24 padded with zeros to the power of two. 24 padded with zeros to the power of two.
25 25
26<dev> 26<dev>
27 This is the device containing the data the integrity of which needs to be 27 This is the device containing data, the integrity of which needs to be
28 checked. It may be specified as a path, like /dev/sdaX, or a device number, 28 checked. It may be specified as a path, like /dev/sdaX, or a device number,
29 <major>:<minor>. 29 <major>:<minor>.
30 30
31<hash_dev> 31<hash_dev>
32 This is the device that that supplies the hash tree data. It may be 32 This is the device that supplies the hash tree data. It may be
33 specified similarly to the device path and may be the same device. If the 33 specified similarly to the device path and may be the same device. If the
34 same device is used, the hash_start should be outside of the dm-verity 34 same device is used, the hash_start should be outside the configured
35 configured device size. 35 dm-verity device.
36 36
37<data_block_size> 37<data_block_size>
38 The block size on a data device. Each block corresponds to one digest on 38 The block size on a data device in bytes.
39 the hash device. 39 Each block corresponds to one digest on the hash device.
40 40
41<hash_block_size> 41<hash_block_size>
42 The size of a hash block. 42 The size of a hash block in bytes.
43 43
44<num_data_blocks> 44<num_data_blocks>
45 The number of data blocks on the data device. Additional blocks are 45 The number of data blocks on the data device. Additional blocks are
@@ -65,7 +65,7 @@ Construction Parameters
65Theory of operation 65Theory of operation
66=================== 66===================
67 67
68dm-verity is meant to be setup as part of a verified boot path. This 68dm-verity is meant to be set up as part of a verified boot path. This
69may be anything ranging from a boot using tboot or trustedgrub to just 69may be anything ranging from a boot using tboot or trustedgrub to just
70booting from a known-good device (like a USB drive or CD). 70booting from a known-good device (like a USB drive or CD).
71 71
@@ -73,20 +73,20 @@ When a dm-verity device is configured, it is expected that the caller
73has been authenticated in some way (cryptographic signatures, etc). 73has been authenticated in some way (cryptographic signatures, etc).
74After instantiation, all hashes will be verified on-demand during 74After instantiation, all hashes will be verified on-demand during
75disk access. If they cannot be verified up to the root node of the 75disk access. If they cannot be verified up to the root node of the
76tree, the root hash, then the I/O will fail. This should identify 76tree, the root hash, then the I/O will fail. This should detect
77tampering with any data on the device and the hash data. 77tampering with any data on the device and the hash data.
78 78
79Cryptographic hashes are used to assert the integrity of the device on a 79Cryptographic hashes are used to assert the integrity of the device on a
80per-block basis. This allows for a lightweight hash computation on first read 80per-block basis. This allows for a lightweight hash computation on first read
81into the page cache. Block hashes are stored linearly-aligned to the nearest 81into the page cache. Block hashes are stored linearly, aligned to the nearest
82block the size of a page. 82block size.
83 83
84Hash Tree 84Hash Tree
85--------- 85---------
86 86
87Each node in the tree is a cryptographic hash. If it is a leaf node, the hash 87Each node in the tree is a cryptographic hash. If it is a leaf node, the hash
88is of some block data on disk. If it is an intermediary node, then the hash is 88of some data block on disk is calculated. If it is an intermediary node,
89of a number of child nodes. 89the hash of a number of child nodes is calculated.
90 90
91Each entry in the tree is a collection of neighboring nodes that fit in one 91Each entry in the tree is a collection of neighboring nodes that fit in one
92block. The number is determined based on block_size and the size of the 92block. The number is determined based on block_size and the size of the
@@ -110,63 +110,23 @@ alg = sha256, num_blocks = 32768, block_size = 4096
110On-disk format 110On-disk format
111============== 111==============
112 112
113Below is the recommended on-disk format. The verity kernel code does not 113The verity kernel code does not read the verity metadata on-disk header.
114read the on-disk header. It only reads the hash blocks which directly 114It only reads the hash blocks which directly follow the header.
115follow the header. It is expected that a user-space tool will verify the 115It is expected that a user-space tool will verify the integrity of the
116integrity of the verity_header and then call dmsetup with the correct 116verity header.
117parameters. Alternatively, the header can be omitted and the dmsetup
118parameters can be passed via the kernel command-line in a rooted chain
119of trust where the command-line is verified.
120 117
121The on-disk format is especially useful in cases where the hash blocks 118Alternatively, the header can be omitted and the dmsetup parameters can
122are on a separate partition. The magic number allows easy identification 119be passed via the kernel command-line in a rooted chain of trust where
123of the partition contents. Alternatively, the hash blocks can be stored 120the command-line is verified.
124in the same partition as the data to be verified. In such a configuration
125the filesystem on the partition would be sized a little smaller than
126the full-partition, leaving room for the hash blocks.
127
128struct superblock {
129 uint8_t signature[8]
130 "verity\0\0";
131
132 uint8_t version;
133 1 - current format
134
135 uint8_t data_block_bits;
136 log2(data block size)
137
138 uint8_t hash_block_bits;
139 log2(hash block size)
140
141 uint8_t pad1[1];
142 zero padding
143
144 uint16_t salt_size;
145 big-endian salt size
146
147 uint8_t pad2[2];
148 zero padding
149
150 uint32_t data_blocks_hi;
151 big-endian high 32 bits of the 64-bit number of data blocks
152
153 uint32_t data_blocks_lo;
154 big-endian low 32 bits of the 64-bit number of data blocks
155
156 uint8_t algorithm[16];
157 cryptographic algorithm
158
159 uint8_t salt[384];
160 salt (the salt size is specified above)
161
162 uint8_t pad3[88];
163 zero padding to 512-byte boundary
164}
165 121
166Directly following the header (and with sector number padded to the next hash 122Directly following the header (and with sector number padded to the next hash
167block boundary) are the hash blocks which are stored a depth at a time 123block boundary) are the hash blocks which are stored a depth at a time
168(starting from the root), sorted in order of increasing index. 124(starting from the root), sorted in order of increasing index.
169 125
126The full specification of kernel parameters and on-disk metadata format
127is available at the cryptsetup project's wiki page
128 http://code.google.com/p/cryptsetup/wiki/DMVerity
129
170Status 130Status
171====== 131======
172V (for Valid) is returned if every check performed so far was valid. 132V (for Valid) is returned if every check performed so far was valid.
@@ -174,21 +134,22 @@ If any check failed, C (for Corruption) is returned.
174 134
175Example 135Example
176======= 136=======
177 137Set up a device:
178Setup a device: 138 # dmsetup create vroot --readonly --table \
179 dmsetup create vroot --table \ 139 "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
180 "0 2097152 "\
181 "verity 1 /dev/sda1 /dev/sda2 4096 4096 2097152 1 "\
182 "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\ 140 "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
183 "1234000000000000000000000000000000000000000000000000000000000000" 141 "1234000000000000000000000000000000000000000000000000000000000000"
184 142
185A command line tool veritysetup is available to compute or verify 143A command line tool veritysetup is available to compute or verify
186the hash tree or activate the kernel driver. This is available from 144the hash tree or activate the kernel device. This is available from
187the LVM2 upstream repository and may be supplied as a package called 145the cryptsetup upstream repository http://code.google.com/p/cryptsetup/
188device-mapper-verity-tools: 146(as a libcryptsetup extension).
189 git://sources.redhat.com/git/lvm2 147
190 http://sourceware.org/git/?p=lvm2.git 148Create hash on the device:
191 http://sourceware.org/cgi-bin/cvsweb.cgi/LVM2/verity?cvsroot=lvm2 149 # veritysetup format /dev/sda1 /dev/sda2
192 150 ...
193veritysetup -a vroot /dev/sda1 /dev/sda2 \ 151 Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
194 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 152
153Activate the device:
154 # veritysetup create vroot /dev/sda1 /dev/sda2 \
155 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
diff --git a/Documentation/devicetree/bindings/input/fsl-mma8450.txt b/Documentation/devicetree/bindings/input/fsl-mma8450.txt
index a00c94ccbdee..0b96e5737d3a 100644
--- a/Documentation/devicetree/bindings/input/fsl-mma8450.txt
+++ b/Documentation/devicetree/bindings/input/fsl-mma8450.txt
@@ -2,6 +2,7 @@
2 2
3Required properties: 3Required properties:
4- compatible : "fsl,mma8450". 4- compatible : "fsl,mma8450".
5- reg: the I2C address of MMA8450
5 6
6Example: 7Example:
7 8
diff --git a/Documentation/devicetree/bindings/mfd/mc13xxx.txt b/Documentation/devicetree/bindings/mfd/mc13xxx.txt
index 19f6af47a792..baf07987ae68 100644
--- a/Documentation/devicetree/bindings/mfd/mc13xxx.txt
+++ b/Documentation/devicetree/bindings/mfd/mc13xxx.txt
@@ -46,8 +46,8 @@ Examples:
46 46
47ecspi@70010000 { /* ECSPI1 */ 47ecspi@70010000 { /* ECSPI1 */
48 fsl,spi-num-chipselects = <2>; 48 fsl,spi-num-chipselects = <2>;
49 cs-gpios = <&gpio3 24 0>, /* GPIO4_24 */ 49 cs-gpios = <&gpio4 24 0>, /* GPIO4_24 */
50 <&gpio3 25 0>; /* GPIO4_25 */ 50 <&gpio4 25 0>; /* GPIO4_25 */
51 status = "okay"; 51 status = "okay";
52 52
53 pmic: mc13892@0 { 53 pmic: mc13892@0 {
diff --git a/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt b/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
index c7e404b3ef05..fea541ee8b34 100644
--- a/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
+++ b/Documentation/devicetree/bindings/mmc/fsl-imx-esdhc.txt
@@ -29,6 +29,6 @@ esdhc@70008000 {
29 compatible = "fsl,imx51-esdhc"; 29 compatible = "fsl,imx51-esdhc";
30 reg = <0x70008000 0x4000>; 30 reg = <0x70008000 0x4000>;
31 interrupts = <2>; 31 interrupts = <2>;
32 cd-gpios = <&gpio0 6 0>; /* GPIO1_6 */ 32 cd-gpios = <&gpio1 6 0>; /* GPIO1_6 */
33 wp-gpios = <&gpio0 5 0>; /* GPIO1_5 */ 33 wp-gpios = <&gpio1 5 0>; /* GPIO1_5 */
34}; 34};
diff --git a/Documentation/devicetree/bindings/net/fsl-fec.txt b/Documentation/devicetree/bindings/net/fsl-fec.txt
index 7ab9e1a2d8be..4616fc28ee86 100644
--- a/Documentation/devicetree/bindings/net/fsl-fec.txt
+++ b/Documentation/devicetree/bindings/net/fsl-fec.txt
@@ -19,6 +19,6 @@ ethernet@83fec000 {
19 reg = <0x83fec000 0x4000>; 19 reg = <0x83fec000 0x4000>;
20 interrupts = <87>; 20 interrupts = <87>;
21 phy-mode = "mii"; 21 phy-mode = "mii";
22 phy-reset-gpios = <&gpio1 14 0>; /* GPIO2_14 */ 22 phy-reset-gpios = <&gpio2 14 0>; /* GPIO2_14 */
23 local-mac-address = [00 04 9F 01 1B B9]; 23 local-mac-address = [00 04 9F 01 1B B9];
24}; 24};
diff --git a/Documentation/devicetree/bindings/pinctrl/fsl,imx6q-pinctrl.txt b/Documentation/devicetree/bindings/pinctrl/fsl,imx6q-pinctrl.txt
index 82b43f915857..a4119f6422d9 100644
--- a/Documentation/devicetree/bindings/pinctrl/fsl,imx6q-pinctrl.txt
+++ b/Documentation/devicetree/bindings/pinctrl/fsl,imx6q-pinctrl.txt
@@ -1626,3 +1626,5 @@ MX6Q_PAD_SD2_DAT3__PCIE_CTRL_MUX_11 1587
1626MX6Q_PAD_SD2_DAT3__GPIO_1_12 1588 1626MX6Q_PAD_SD2_DAT3__GPIO_1_12 1588
1627MX6Q_PAD_SD2_DAT3__SJC_DONE 1589 1627MX6Q_PAD_SD2_DAT3__SJC_DONE 1589
1628MX6Q_PAD_SD2_DAT3__ANATOP_TESTO_3 1590 1628MX6Q_PAD_SD2_DAT3__ANATOP_TESTO_3 1590
1629MX6Q_PAD_ENET_RX_ER__ANATOP_USBOTG_ID 1591
1630MX6Q_PAD_GPIO_1__ANATOP_USBOTG_ID 1592
diff --git a/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt b/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
index 9841057d112b..4256a6df9b79 100644
--- a/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
+++ b/Documentation/devicetree/bindings/spi/fsl-imx-cspi.txt
@@ -17,6 +17,6 @@ ecspi@70010000 {
17 reg = <0x70010000 0x4000>; 17 reg = <0x70010000 0x4000>;
18 interrupts = <36>; 18 interrupts = <36>;
19 fsl,spi-num-chipselects = <2>; 19 fsl,spi-num-chipselects = <2>;
20 cs-gpios = <&gpio3 24 0>, /* GPIO4_24 */ 20 cs-gpios = <&gpio3 24 0>, /* GPIO3_24 */
21 <&gpio3 25 0>; /* GPIO4_25 */ 21 <&gpio3 25 0>; /* GPIO3_25 */
22}; 22};
diff --git a/Documentation/devicetree/bindings/vendor-prefixes.txt b/Documentation/devicetree/bindings/vendor-prefixes.txt
index 6eab91747a86..db4d3af3643c 100644
--- a/Documentation/devicetree/bindings/vendor-prefixes.txt
+++ b/Documentation/devicetree/bindings/vendor-prefixes.txt
@@ -3,6 +3,7 @@ Device tree binding vendor prefix registry. Keep list in alphabetical order.
3This isn't an exhaustive list, but you should add new prefixes to it before 3This isn't an exhaustive list, but you should add new prefixes to it before
4using them to avoid name-space collisions. 4using them to avoid name-space collisions.
5 5
6ad Avionic Design GmbH
6adi Analog Devices, Inc. 7adi Analog Devices, Inc.
7amcc Applied Micro Circuits Corporation (APM, formally AMCC) 8amcc Applied Micro Circuits Corporation (APM, formally AMCC)
8apm Applied Micro Circuits Corporation (APM) 9apm Applied Micro Circuits Corporation (APM)
diff --git a/Documentation/hwmon/coretemp b/Documentation/hwmon/coretemp
index 84d46c0c71a3..c86b50c03ea8 100644
--- a/Documentation/hwmon/coretemp
+++ b/Documentation/hwmon/coretemp
@@ -6,7 +6,9 @@ Supported chips:
6 Prefix: 'coretemp' 6 Prefix: 'coretemp'
7 CPUID: family 0x6, models 0xe (Pentium M DC), 0xf (Core 2 DC 65nm), 7 CPUID: family 0x6, models 0xe (Pentium M DC), 0xf (Core 2 DC 65nm),
8 0x16 (Core 2 SC 65nm), 0x17 (Penryn 45nm), 8 0x16 (Core 2 SC 65nm), 0x17 (Penryn 45nm),
9 0x1a (Nehalem), 0x1c (Atom), 0x1e (Lynnfield) 9 0x1a (Nehalem), 0x1c (Atom), 0x1e (Lynnfield),
10 0x26 (Tunnel Creek Atom), 0x27 (Medfield Atom),
11 0x36 (Cedar Trail Atom)
10 Datasheet: Intel 64 and IA-32 Architectures Software Developer's Manual 12 Datasheet: Intel 64 and IA-32 Architectures Software Developer's Manual
11 Volume 3A: System Programming Guide 13 Volume 3A: System Programming Guide
12 http://softwarecommunity.intel.com/Wiki/Mobility/720.htm 14 http://softwarecommunity.intel.com/Wiki/Mobility/720.htm
@@ -52,6 +54,17 @@ Some information comes from ark.intel.com
52 54
53Process Processor TjMax(C) 55Process Processor TjMax(C)
54 56
5722nm Core i5/i7 Processors
58 i7 3920XM, 3820QM, 3720QM, 3667U, 3520M 105
59 i5 3427U, 3360M/3320M 105
60 i7 3770/3770K 105
61 i5 3570/3570K, 3550, 3470/3450 105
62 i7 3770S 103
63 i5 3570S/3550S, 3475S/3470S/3450S 103
64 i7 3770T 94
65 i5 3570T 94
66 i5 3470T 91
67
5532nm Core i3/i5/i7 Processors 6832nm Core i3/i5/i7 Processors
56 i7 660UM/640/620, 640LM/620, 620M, 610E 105 69 i7 660UM/640/620, 640LM/620, 620M, 610E 105
57 i5 540UM/520/430, 540M/520/450/430 105 70 i5 540UM/520/430, 540M/520/450/430 105
@@ -65,6 +78,11 @@ Process Processor TjMax(C)
65 U3400 105 78 U3400 105
66 P4505/P4500 90 79 P4505/P4500 90
67 80
8132nm Atom Processors
82 Z2460 90
83 D2700/2550/2500 100
84 N2850/2800/2650/2600 100
85
6845nm Xeon Processors 5400 Quad-Core 8645nm Xeon Processors 5400 Quad-Core
69 X5492, X5482, X5472, X5470, X5460, X5450 85 87 X5492, X5482, X5472, X5470, X5460, X5450 85
70 E5472, E5462, E5450/40/30/20/10/05 85 88 E5472, E5462, E5450/40/30/20/10/05 85
@@ -85,6 +103,8 @@ Process Processor TjMax(C)
85 N475/470/455/450 100 103 N475/470/455/450 100
86 N280/270 90 104 N280/270 90
87 330/230 125 105 330/230 125
106 E680/660/640/620 90
107 E680T/660T/640T/620T 110
88 108
8945nm Core2 Processors 10945nm Core2 Processors
90 Solo ULV SU3500/3300 100 110 Solo ULV SU3500/3300 100
diff --git a/Documentation/kdump/kdump.txt b/Documentation/kdump/kdump.txt
index 506c7390c2b9..13f1aa09b938 100644
--- a/Documentation/kdump/kdump.txt
+++ b/Documentation/kdump/kdump.txt
@@ -86,7 +86,7 @@ There is also a gitweb interface available at
86http://www.kernel.org/git/?p=utils/kernel/kexec/kexec-tools.git 86http://www.kernel.org/git/?p=utils/kernel/kexec/kexec-tools.git
87 87
88More information about kexec-tools can be found at 88More information about kexec-tools can be found at
89http://www.kernel.org/pub/linux/utils/kernel/kexec/README.html 89http://horms.net/projects/kexec/
90 90
913) Unpack the tarball with the tar command, as follows: 913) Unpack the tarball with the tar command, as follows:
92 92
diff --git a/Documentation/networking/stmmac.txt b/Documentation/networking/stmmac.txt
index ab1e8d7004c5..5cb9a1972460 100644
--- a/Documentation/networking/stmmac.txt
+++ b/Documentation/networking/stmmac.txt
@@ -10,8 +10,8 @@ Currently this network device driver is for all STM embedded MAC/GMAC
10(i.e. 7xxx/5xxx SoCs), SPEAr (arm), Loongson1B (mips) and XLINX XC2V3000 10(i.e. 7xxx/5xxx SoCs), SPEAr (arm), Loongson1B (mips) and XLINX XC2V3000
11FF1152AMT0221 D1215994A VIRTEX FPGA board. 11FF1152AMT0221 D1215994A VIRTEX FPGA board.
12 12
13DWC Ether MAC 10/100/1000 Universal version 3.60a (and older) and DWC Ether MAC 10/100 13DWC Ether MAC 10/100/1000 Universal version 3.60a (and older) and DWC Ether
14Universal version 4.0 have been used for developing this driver. 14MAC 10/100 Universal version 4.0 have been used for developing this driver.
15 15
16This driver supports both the platform bus and PCI. 16This driver supports both the platform bus and PCI.
17 17
@@ -54,27 +54,27 @@ net_device structure enabling the scatter/gather feature.
54When one or more packets are received, an interrupt happens. The interrupts 54When one or more packets are received, an interrupt happens. The interrupts
55are not queued so the driver has to scan all the descriptors in the ring during 55are not queued so the driver has to scan all the descriptors in the ring during
56the receive process. 56the receive process.
57This is based on NAPI so the interrupt handler signals only if there is work to be 57This is based on NAPI so the interrupt handler signals only if there is work
58done, and it exits. 58to be done, and it exits.
59Then the poll method will be scheduled at some future point. 59Then the poll method will be scheduled at some future point.
60The incoming packets are stored, by the DMA, in a list of pre-allocated socket 60The incoming packets are stored, by the DMA, in a list of pre-allocated socket
61buffers in order to avoid the memcpy (Zero-copy). 61buffers in order to avoid the memcpy (Zero-copy).
62 62
634.3) Timer-Driver Interrupt 634.3) Timer-Driver Interrupt
64Instead of having the device that asynchronously notifies the frame receptions, the 64Instead of having the device that asynchronously notifies the frame receptions,
65driver configures a timer to generate an interrupt at regular intervals. 65the driver configures a timer to generate an interrupt at regular intervals.
66Based on the granularity of the timer, the frames that are received by the device 66Based on the granularity of the timer, the frames that are received by the
67will experience different levels of latency. Some NICs have dedicated timer 67device will experience different levels of latency. Some NICs have dedicated
68device to perform this task. STMMAC can use either the RTC device or the TMU 68timer device to perform this task. STMMAC can use either the RTC device or the
69channel 2 on STLinux platforms. 69TMU channel 2 on STLinux platforms.
70The timers frequency can be passed to the driver as parameter; when change it, 70The timers frequency can be passed to the driver as parameter; when change it,
71take care of both hardware capability and network stability/performance impact. 71take care of both hardware capability and network stability/performance impact.
72Several performance tests on STM platforms showed this optimisation allows to spare 72Several performance tests on STM platforms showed this optimisation allows to
73the CPU while having the maximum throughput. 73spare the CPU while having the maximum throughput.
74 74
754.4) WOL 754.4) WOL
76Wake up on Lan feature through Magic and Unicast frames are supported for the GMAC 76Wake up on Lan feature through Magic and Unicast frames are supported for the
77core. 77GMAC core.
78 78
794.5) DMA descriptors 794.5) DMA descriptors
80Driver handles both normal and enhanced descriptors. The latter has been only 80Driver handles both normal and enhanced descriptors. The latter has been only
@@ -106,7 +106,8 @@ Several driver's information can be passed through the platform
106These are included in the include/linux/stmmac.h header file 106These are included in the include/linux/stmmac.h header file
107and detailed below as well: 107and detailed below as well:
108 108
109 struct plat_stmmacenet_data { 109struct plat_stmmacenet_data {
110 char *phy_bus_name;
110 int bus_id; 111 int bus_id;
111 int phy_addr; 112 int phy_addr;
112 int interface; 113 int interface;
@@ -124,19 +125,24 @@ and detailed below as well:
124 void (*bus_setup)(void __iomem *ioaddr); 125 void (*bus_setup)(void __iomem *ioaddr);
125 int (*init)(struct platform_device *pdev); 126 int (*init)(struct platform_device *pdev);
126 void (*exit)(struct platform_device *pdev); 127 void (*exit)(struct platform_device *pdev);
128 void *custom_cfg;
129 void *custom_data;
127 void *bsp_priv; 130 void *bsp_priv;
128 }; 131 };
129 132
130Where: 133Where:
134 o phy_bus_name: phy bus name to attach to the stmmac.
131 o bus_id: bus identifier. 135 o bus_id: bus identifier.
132 o phy_addr: the physical address can be passed from the platform. 136 o phy_addr: the physical address can be passed from the platform.
133 If it is set to -1 the driver will automatically 137 If it is set to -1 the driver will automatically
134 detect it at run-time by probing all the 32 addresses. 138 detect it at run-time by probing all the 32 addresses.
135 o interface: PHY device's interface. 139 o interface: PHY device's interface.
136 o mdio_bus_data: specific platform fields for the MDIO bus. 140 o mdio_bus_data: specific platform fields for the MDIO bus.
137 o pbl: the Programmable Burst Length is maximum number of beats to 141 o dma_cfg: internal DMA parameters
142 o pbl: the Programmable Burst Length is maximum number of beats to
138 be transferred in one DMA transaction. 143 be transferred in one DMA transaction.
139 GMAC also enables the 4xPBL by default. 144 GMAC also enables the 4xPBL by default.
145 o fixed_burst/mixed_burst/burst_len
140 o clk_csr: fixed CSR Clock range selection. 146 o clk_csr: fixed CSR Clock range selection.
141 o has_gmac: uses the GMAC core. 147 o has_gmac: uses the GMAC core.
142 o enh_desc: if sets the MAC will use the enhanced descriptor structure. 148 o enh_desc: if sets the MAC will use the enhanced descriptor structure.
@@ -160,8 +166,9 @@ Where:
160 this is sometime necessary on some platforms (e.g. ST boxes) 166 this is sometime necessary on some platforms (e.g. ST boxes)
161 where the HW needs to have set some PIO lines or system cfg 167 where the HW needs to have set some PIO lines or system cfg
162 registers. 168 registers.
163 o custom_cfg: this is a custom configuration that can be passed while 169 o custom_cfg/custom_data: this is a custom configuration that can be passed
164 initialising the resources. 170 while initialising the resources.
171 o bsp_priv: another private poiter.
165 172
166For MDIO bus The we have: 173For MDIO bus The we have:
167 174
@@ -180,7 +187,6 @@ Where:
180 o irqs: list of IRQs, one per PHY. 187 o irqs: list of IRQs, one per PHY.
181 o probed_phy_irq: if irqs is NULL, use this for probed PHY. 188 o probed_phy_irq: if irqs is NULL, use this for probed PHY.
182 189
183
184For DMA engine we have the following internal fields that should be 190For DMA engine we have the following internal fields that should be
185tuned according to the HW capabilities. 191tuned according to the HW capabilities.
186 192
diff --git a/Documentation/prctl/no_new_privs.txt b/Documentation/prctl/no_new_privs.txt
new file mode 100644
index 000000000000..f7be84fba910
--- /dev/null
+++ b/Documentation/prctl/no_new_privs.txt
@@ -0,0 +1,57 @@
1The execve system call can grant a newly-started program privileges that
2its parent did not have. The most obvious examples are setuid/setgid
3programs and file capabilities. To prevent the parent program from
4gaining these privileges as well, the kernel and user code must be
5careful to prevent the parent from doing anything that could subvert the
6child. For example:
7
8 - The dynamic loader handles LD_* environment variables differently if
9 a program is setuid.
10
11 - chroot is disallowed to unprivileged processes, since it would allow
12 /etc/passwd to be replaced from the point of view of a process that
13 inherited chroot.
14
15 - The exec code has special handling for ptrace.
16
17These are all ad-hoc fixes. The no_new_privs bit (since Linux 3.5) is a
18new, generic mechanism to make it safe for a process to modify its
19execution environment in a manner that persists across execve. Any task
20can set no_new_privs. Once the bit is set, it is inherited across fork,
21clone, and execve and cannot be unset. With no_new_privs set, execve
22promises not to grant the privilege to do anything that could not have
23been done without the execve call. For example, the setuid and setgid
24bits will no longer change the uid or gid; file capabilities will not
25add to the permitted set, and LSMs will not relax constraints after
26execve.
27
28To set no_new_privs, use prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0).
29
30Be careful, though: LSMs might also not tighten constraints on exec
31in no_new_privs mode. (This means that setting up a general-purpose
32service launcher to set no_new_privs before execing daemons may
33interfere with LSM-based sandboxing.)
34
35Note that no_new_privs does not prevent privilege changes that do not
36involve execve. An appropriately privileged task can still call
37setuid(2) and receive SCM_RIGHTS datagrams.
38
39There are two main use cases for no_new_privs so far:
40
41 - Filters installed for the seccomp mode 2 sandbox persist across
42 execve and can change the behavior of newly-executed programs.
43 Unprivileged users are therefore only allowed to install such filters
44 if no_new_privs is set.
45
46 - By itself, no_new_privs can be used to reduce the attack surface
47 available to an unprivileged user. If everything running with a
48 given uid has no_new_privs set, then that uid will be unable to
49 escalate its privileges by directly attacking setuid, setgid, and
50 fcap-using binaries; it will need to compromise something without the
51 no_new_privs bit set first.
52
53In the future, other potentially dangerous kernel features could become
54available to unprivileged tasks if no_new_privs is set. In principle,
55several options to unshare(2) and clone(2) would be safe when
56no_new_privs is set, and no_new_privs + chroot is considerable less
57dangerous than chroot by itself.
diff --git a/Documentation/stable_kernel_rules.txt b/Documentation/stable_kernel_rules.txt
index f0ab5cf28fca..4a7b54bd37e8 100644
--- a/Documentation/stable_kernel_rules.txt
+++ b/Documentation/stable_kernel_rules.txt
@@ -12,6 +12,12 @@ Rules on what kind of patches are accepted, and which ones are not, into the
12 marked CONFIG_BROKEN), an oops, a hang, data corruption, a real 12 marked CONFIG_BROKEN), an oops, a hang, data corruption, a real
13 security issue, or some "oh, that's not good" issue. In short, something 13 security issue, or some "oh, that's not good" issue. In short, something
14 critical. 14 critical.
15 - Serious issues as reported by a user of a distribution kernel may also
16 be considered if they fix a notable performance or interactivity issue.
17 As these fixes are not as obvious and have a higher risk of a subtle
18 regression they should only be submitted by a distribution kernel
19 maintainer and include an addendum linking to a bugzilla entry if it
20 exists and additional information on the user-visible impact.
15 - New device IDs and quirks are also accepted. 21 - New device IDs and quirks are also accepted.
16 - No "theoretical race condition" issues, unless an explanation of how the 22 - No "theoretical race condition" issues, unless an explanation of how the
17 race can be exploited is also provided. 23 race can be exploited is also provided.
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 930126698a0f..2c9948379469 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -1930,6 +1930,23 @@ The "pte_enc" field provides a value that can OR'ed into the hash
1930PTE's RPN field (ie, it needs to be shifted left by 12 to OR it 1930PTE's RPN field (ie, it needs to be shifted left by 12 to OR it
1931into the hash PTE second double word). 1931into the hash PTE second double word).
1932 1932
19334.75 KVM_IRQFD
1934
1935Capability: KVM_CAP_IRQFD
1936Architectures: x86
1937Type: vm ioctl
1938Parameters: struct kvm_irqfd (in)
1939Returns: 0 on success, -1 on error
1940
1941Allows setting an eventfd to directly trigger a guest interrupt.
1942kvm_irqfd.fd specifies the file descriptor to use as the eventfd and
1943kvm_irqfd.gsi specifies the irqchip pin toggled by this event. When
1944an event is tiggered on the eventfd, an interrupt is injected into
1945the guest using the specified gsi pin. The irqfd is removed using
1946the KVM_IRQFD_FLAG_DEASSIGN flag, specifying both kvm_irqfd.fd
1947and kvm_irqfd.gsi.
1948
1949
19335. The kvm_run structure 19505. The kvm_run structure
1934------------------------ 1951------------------------
1935 1952