diff options
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 36 | ||||
| -rw-r--r-- | init/do_mounts.c | 2 | ||||
| -rw-r--r-- | init/do_mounts_rd.c | 12 | ||||
| -rw-r--r-- | init/main.c | 56 |
4 files changed, 74 insertions, 32 deletions
diff --git a/init/Kconfig b/init/Kconfig index 3ca5b8110b0c..93f344337172 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -284,7 +284,7 @@ config AUDIT | |||
| 284 | 284 | ||
| 285 | config AUDITSYSCALL | 285 | config AUDITSYSCALL |
| 286 | bool "Enable system-call auditing support" | 286 | bool "Enable system-call auditing support" |
| 287 | depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) | 287 | depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) |
| 288 | default y if SECURITY_SELINUX | 288 | default y if SECURITY_SELINUX |
| 289 | help | 289 | help |
| 290 | Enable low-overhead system-call auditing infrastructure that | 290 | Enable low-overhead system-call auditing infrastructure that |
| @@ -301,20 +301,6 @@ config AUDIT_TREE | |||
| 301 | depends on AUDITSYSCALL | 301 | depends on AUDITSYSCALL |
| 302 | select FSNOTIFY | 302 | select FSNOTIFY |
| 303 | 303 | ||
| 304 | config AUDIT_LOGINUID_IMMUTABLE | ||
| 305 | bool "Make audit loginuid immutable" | ||
| 306 | depends on AUDIT | ||
| 307 | help | ||
| 308 | The config option toggles if a task setting its loginuid requires | ||
| 309 | CAP_SYS_AUDITCONTROL or if that task should require no special permissions | ||
| 310 | but should instead only allow setting its loginuid if it was never | ||
| 311 | previously set. On systems which use systemd or a similar central | ||
| 312 | process to restart login services this should be set to true. On older | ||
| 313 | systems in which an admin would typically have to directly stop and | ||
| 314 | start processes this should be set to false. Setting this to true allows | ||
| 315 | one to drop potentially dangerous capabilites from the login tasks, | ||
| 316 | but may not be backwards compatible with older init systems. | ||
| 317 | |||
| 318 | source "kernel/irq/Kconfig" | 304 | source "kernel/irq/Kconfig" |
| 319 | source "kernel/time/Kconfig" | 305 | source "kernel/time/Kconfig" |
| 320 | 306 | ||
| @@ -354,7 +340,8 @@ config VIRT_CPU_ACCOUNTING_NATIVE | |||
| 354 | 340 | ||
| 355 | config VIRT_CPU_ACCOUNTING_GEN | 341 | config VIRT_CPU_ACCOUNTING_GEN |
| 356 | bool "Full dynticks CPU time accounting" | 342 | bool "Full dynticks CPU time accounting" |
| 357 | depends on HAVE_CONTEXT_TRACKING && 64BIT | 343 | depends on HAVE_CONTEXT_TRACKING |
| 344 | depends on HAVE_VIRT_CPU_ACCOUNTING_GEN | ||
| 358 | select VIRT_CPU_ACCOUNTING | 345 | select VIRT_CPU_ACCOUNTING |
| 359 | select CONTEXT_TRACKING | 346 | select CONTEXT_TRACKING |
| 360 | help | 347 | help |
| @@ -844,7 +831,7 @@ config NUMA_BALANCING_DEFAULT_ENABLED | |||
| 844 | default y | 831 | default y |
| 845 | depends on NUMA_BALANCING | 832 | depends on NUMA_BALANCING |
| 846 | help | 833 | help |
| 847 | If set, autonumic NUMA balancing will be enabled if running on a NUMA | 834 | If set, automatic NUMA balancing will be enabled if running on a NUMA |
| 848 | machine. | 835 | machine. |
| 849 | 836 | ||
| 850 | config NUMA_BALANCING | 837 | config NUMA_BALANCING |
| @@ -855,7 +842,7 @@ config NUMA_BALANCING | |||
| 855 | help | 842 | help |
| 856 | This option adds support for automatic NUMA aware memory/task placement. | 843 | This option adds support for automatic NUMA aware memory/task placement. |
| 857 | The mechanism is quite primitive and is based on migrating memory when | 844 | The mechanism is quite primitive and is based on migrating memory when |
| 858 | it is references to the node the task is running on. | 845 | it has references to the node the task is running on. |
| 859 | 846 | ||
| 860 | This system will be inactive on UMA systems. | 847 | This system will be inactive on UMA systems. |
| 861 | 848 | ||
| @@ -1667,6 +1654,18 @@ config BASE_SMALL | |||
| 1667 | default 0 if BASE_FULL | 1654 | default 0 if BASE_FULL |
| 1668 | default 1 if !BASE_FULL | 1655 | default 1 if !BASE_FULL |
| 1669 | 1656 | ||
| 1657 | config SYSTEM_TRUSTED_KEYRING | ||
| 1658 | bool "Provide system-wide ring of trusted keys" | ||
| 1659 | depends on KEYS | ||
| 1660 | help | ||
| 1661 | Provide a system keyring to which trusted keys can be added. Keys in | ||
| 1662 | the keyring are considered to be trusted. Keys may be added at will | ||
| 1663 | by the kernel from compiled-in data and from hardware key stores, but | ||
| 1664 | userspace may only add extra keys if those keys can be verified by | ||
| 1665 | keys already in the keyring. | ||
| 1666 | |||
| 1667 | Keys in this keyring are used by module signature checking. | ||
| 1668 | |||
| 1670 | menuconfig MODULES | 1669 | menuconfig MODULES |
| 1671 | bool "Enable loadable module support" | 1670 | bool "Enable loadable module support" |
| 1672 | option modules | 1671 | option modules |
| @@ -1740,6 +1739,7 @@ config MODULE_SRCVERSION_ALL | |||
| 1740 | config MODULE_SIG | 1739 | config MODULE_SIG |
| 1741 | bool "Module signature verification" | 1740 | bool "Module signature verification" |
| 1742 | depends on MODULES | 1741 | depends on MODULES |
| 1742 | select SYSTEM_TRUSTED_KEYRING | ||
| 1743 | select KEYS | 1743 | select KEYS |
| 1744 | select CRYPTO | 1744 | select CRYPTO |
| 1745 | select ASYMMETRIC_KEY_TYPE | 1745 | select ASYMMETRIC_KEY_TYPE |
diff --git a/init/do_mounts.c b/init/do_mounts.c index a51cddc2ff8c..8e5addc45874 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c | |||
| @@ -197,6 +197,8 @@ done: | |||
| 197 | * is a zero-filled hex representation of the 1-based partition number. | 197 | * is a zero-filled hex representation of the 1-based partition number. |
| 198 | * 7) PARTUUID=<UUID>/PARTNROFF=<int> to select a partition in relation to | 198 | * 7) PARTUUID=<UUID>/PARTNROFF=<int> to select a partition in relation to |
| 199 | * a partition with a known unique id. | 199 | * a partition with a known unique id. |
| 200 | * 8) <major>:<minor> major and minor number of the device separated by | ||
| 201 | * a colon. | ||
| 200 | * | 202 | * |
| 201 | * If name doesn't have fall into the categories above, we return (0,0). | 203 | * If name doesn't have fall into the categories above, we return (0,0). |
| 202 | * block_class is used to check if something is a disk name. If the disk | 204 | * block_class is used to check if something is a disk name. If the disk |
diff --git a/init/do_mounts_rd.c b/init/do_mounts_rd.c index 6be2879cca66..7c098ac9068a 100644 --- a/init/do_mounts_rd.c +++ b/init/do_mounts_rd.c | |||
| @@ -57,6 +57,11 @@ static int __init crd_load(int in_fd, int out_fd, decompress_fn deco); | |||
| 57 | * cramfs | 57 | * cramfs |
| 58 | * squashfs | 58 | * squashfs |
| 59 | * gzip | 59 | * gzip |
| 60 | * bzip2 | ||
| 61 | * lzma | ||
| 62 | * xz | ||
| 63 | * lzo | ||
| 64 | * lz4 | ||
| 60 | */ | 65 | */ |
| 61 | static int __init | 66 | static int __init |
| 62 | identify_ramdisk_image(int fd, int start_block, decompress_fn *decompressor) | 67 | identify_ramdisk_image(int fd, int start_block, decompress_fn *decompressor) |
| @@ -342,6 +347,13 @@ static int __init crd_load(int in_fd, int out_fd, decompress_fn deco) | |||
| 342 | int result; | 347 | int result; |
| 343 | crd_infd = in_fd; | 348 | crd_infd = in_fd; |
| 344 | crd_outfd = out_fd; | 349 | crd_outfd = out_fd; |
| 350 | |||
| 351 | if (!deco) { | ||
| 352 | pr_emerg("Invalid ramdisk decompression routine. " | ||
| 353 | "Select appropriate config option.\n"); | ||
| 354 | panic("Could not decompress initial ramdisk image."); | ||
| 355 | } | ||
| 356 | |||
| 345 | result = deco(NULL, 0, compr_fill, compr_flush, NULL, NULL, error); | 357 | result = deco(NULL, 0, compr_fill, compr_flush, NULL, NULL, error); |
| 346 | if (decompress_error) | 358 | if (decompress_error) |
| 347 | result = 1; | 359 | result = 1; |
diff --git a/init/main.c b/init/main.c index 63d3e8f2970c..febc511e078a 100644 --- a/init/main.c +++ b/init/main.c | |||
| @@ -124,7 +124,6 @@ EXPORT_SYMBOL(system_state); | |||
| 124 | extern void time_init(void); | 124 | extern void time_init(void); |
| 125 | /* Default late time init is NULL. archs can override this later. */ | 125 | /* Default late time init is NULL. archs can override this later. */ |
| 126 | void (*__initdata late_time_init)(void); | 126 | void (*__initdata late_time_init)(void); |
| 127 | extern void softirq_init(void); | ||
| 128 | 127 | ||
| 129 | /* Untouched command line saved by arch-specific code. */ | 128 | /* Untouched command line saved by arch-specific code. */ |
| 130 | char __initdata boot_command_line[COMMAND_LINE_SIZE]; | 129 | char __initdata boot_command_line[COMMAND_LINE_SIZE]; |
| @@ -132,11 +131,20 @@ char __initdata boot_command_line[COMMAND_LINE_SIZE]; | |||
| 132 | char *saved_command_line; | 131 | char *saved_command_line; |
| 133 | /* Command line for parameter parsing */ | 132 | /* Command line for parameter parsing */ |
| 134 | static char *static_command_line; | 133 | static char *static_command_line; |
| 134 | /* Command line for per-initcall parameter parsing */ | ||
| 135 | static char *initcall_command_line; | ||
| 135 | 136 | ||
| 136 | static char *execute_command; | 137 | static char *execute_command; |
| 137 | static char *ramdisk_execute_command; | 138 | static char *ramdisk_execute_command; |
| 138 | 139 | ||
| 139 | /* | 140 | /* |
| 141 | * Used to generate warnings if static_key manipulation functions are used | ||
| 142 | * before jump_label_init is called. | ||
| 143 | */ | ||
| 144 | bool static_key_initialized __read_mostly = false; | ||
| 145 | EXPORT_SYMBOL_GPL(static_key_initialized); | ||
| 146 | |||
| 147 | /* | ||
| 140 | * If set, this is an indication to the drivers that reset the underlying | 148 | * If set, this is an indication to the drivers that reset the underlying |
| 141 | * device before going ahead with the initialization otherwise driver might | 149 | * device before going ahead with the initialization otherwise driver might |
| 142 | * rely on the BIOS and skip the reset operation. | 150 | * rely on the BIOS and skip the reset operation. |
| @@ -348,6 +356,7 @@ static inline void smp_prepare_cpus(unsigned int maxcpus) { } | |||
| 348 | static void __init setup_command_line(char *command_line) | 356 | static void __init setup_command_line(char *command_line) |
| 349 | { | 357 | { |
| 350 | saved_command_line = alloc_bootmem(strlen (boot_command_line)+1); | 358 | saved_command_line = alloc_bootmem(strlen (boot_command_line)+1); |
| 359 | initcall_command_line = alloc_bootmem(strlen (boot_command_line)+1); | ||
| 351 | static_command_line = alloc_bootmem(strlen (command_line)+1); | 360 | static_command_line = alloc_bootmem(strlen (command_line)+1); |
| 352 | strcpy (saved_command_line, boot_command_line); | 361 | strcpy (saved_command_line, boot_command_line); |
| 353 | strcpy (static_command_line, command_line); | 362 | strcpy (static_command_line, command_line); |
| @@ -693,7 +702,7 @@ int __init_or_module do_one_initcall(initcall_t fn) | |||
| 693 | 702 | ||
| 694 | if (preempt_count() != count) { | 703 | if (preempt_count() != count) { |
| 695 | sprintf(msgbuf, "preemption imbalance "); | 704 | sprintf(msgbuf, "preemption imbalance "); |
| 696 | preempt_count() = count; | 705 | preempt_count_set(count); |
| 697 | } | 706 | } |
| 698 | if (irqs_disabled()) { | 707 | if (irqs_disabled()) { |
| 699 | strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf)); | 708 | strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf)); |
| @@ -745,9 +754,9 @@ static void __init do_initcall_level(int level) | |||
| 745 | extern const struct kernel_param __start___param[], __stop___param[]; | 754 | extern const struct kernel_param __start___param[], __stop___param[]; |
| 746 | initcall_t *fn; | 755 | initcall_t *fn; |
| 747 | 756 | ||
| 748 | strcpy(static_command_line, saved_command_line); | 757 | strcpy(initcall_command_line, saved_command_line); |
| 749 | parse_args(initcall_level_names[level], | 758 | parse_args(initcall_level_names[level], |
| 750 | static_command_line, __start___param, | 759 | initcall_command_line, __start___param, |
| 751 | __stop___param - __start___param, | 760 | __stop___param - __start___param, |
| 752 | level, level, | 761 | level, level, |
| 753 | &repair_env_string); | 762 | &repair_env_string); |
| @@ -811,10 +820,26 @@ static int run_init_process(const char *init_filename) | |||
| 811 | (const char __user *const __user *)envp_init); | 820 | (const char __user *const __user *)envp_init); |
| 812 | } | 821 | } |
| 813 | 822 | ||
| 823 | static int try_to_run_init_process(const char *init_filename) | ||
| 824 | { | ||
| 825 | int ret; | ||
| 826 | |||
| 827 | ret = run_init_process(init_filename); | ||
| 828 | |||
| 829 | if (ret && ret != -ENOENT) { | ||
| 830 | pr_err("Starting init: %s exists but couldn't execute it (error %d)\n", | ||
| 831 | init_filename, ret); | ||
| 832 | } | ||
| 833 | |||
| 834 | return ret; | ||
| 835 | } | ||
| 836 | |||
| 814 | static noinline void __init kernel_init_freeable(void); | 837 | static noinline void __init kernel_init_freeable(void); |
| 815 | 838 | ||
| 816 | static int __ref kernel_init(void *unused) | 839 | static int __ref kernel_init(void *unused) |
| 817 | { | 840 | { |
| 841 | int ret; | ||
| 842 | |||
| 818 | kernel_init_freeable(); | 843 | kernel_init_freeable(); |
| 819 | /* need to finish all async __init code before freeing the memory */ | 844 | /* need to finish all async __init code before freeing the memory */ |
| 820 | async_synchronize_full(); | 845 | async_synchronize_full(); |
| @@ -826,9 +851,11 @@ static int __ref kernel_init(void *unused) | |||
| 826 | flush_delayed_fput(); | 851 | flush_delayed_fput(); |
| 827 | 852 | ||
| 828 | if (ramdisk_execute_command) { | 853 | if (ramdisk_execute_command) { |
| 829 | if (!run_init_process(ramdisk_execute_command)) | 854 | ret = run_init_process(ramdisk_execute_command); |
| 855 | if (!ret) | ||
| 830 | return 0; | 856 | return 0; |
| 831 | pr_err("Failed to execute %s\n", ramdisk_execute_command); | 857 | pr_err("Failed to execute %s (error %d)\n", |
| 858 | ramdisk_execute_command, ret); | ||
| 832 | } | 859 | } |
| 833 | 860 | ||
| 834 | /* | 861 | /* |
| @@ -838,18 +865,19 @@ static int __ref kernel_init(void *unused) | |||
| 838 | * trying to recover a really broken machine. | 865 | * trying to recover a really broken machine. |
| 839 | */ | 866 | */ |
| 840 | if (execute_command) { | 867 | if (execute_command) { |
| 841 | if (!run_init_process(execute_command)) | 868 | ret = run_init_process(execute_command); |
| 869 | if (!ret) | ||
| 842 | return 0; | 870 | return 0; |
| 843 | pr_err("Failed to execute %s. Attempting defaults...\n", | 871 | pr_err("Failed to execute %s (error %d). Attempting defaults...\n", |
| 844 | execute_command); | 872 | execute_command, ret); |
| 845 | } | 873 | } |
| 846 | if (!run_init_process("/sbin/init") || | 874 | if (!try_to_run_init_process("/sbin/init") || |
| 847 | !run_init_process("/etc/init") || | 875 | !try_to_run_init_process("/etc/init") || |
| 848 | !run_init_process("/bin/init") || | 876 | !try_to_run_init_process("/bin/init") || |
| 849 | !run_init_process("/bin/sh")) | 877 | !try_to_run_init_process("/bin/sh")) |
| 850 | return 0; | 878 | return 0; |
| 851 | 879 | ||
| 852 | panic("No init found. Try passing init= option to kernel. " | 880 | panic("No working init found. Try passing init= option to kernel. " |
| 853 | "See Linux Documentation/init.txt for guidance."); | 881 | "See Linux Documentation/init.txt for guidance."); |
| 854 | } | 882 | } |
| 855 | 883 | ||