Kernel Traffic #79 For 7 Aug 2000

even priviledged users can not be allowed to send disk level distructive commands.

YES/NO ??

The subsystem needs to protect itself and the hardware from general abuse. In order to do that you must construct a superset (or complete set) of commands that to get blanket access must be a complied option and user is at their own risk. The default should be able to accept all commands and reject the harmful ones. Currently you could issue a modified setfeature used in configuring drive speed and destroy the drive or device.

The object is to protect this from happening even if you are ROOT or have stolen ROOT priviledges.

Does this help explain the issue or should I provide a "disk2brick.c" program to make the point clearer? This will vaporize a drive to the replacement level. Yes you can to that today!

At this point I have no interest in publishing a finished patch to TASK and allow people to have fuller and more robust control over the kernel.

Basically screw the project!

But would you like to know the predictive write caching of a given drive to optimize things like the BLOCK_ELEVATOR, basically make it intellegent. You know I can do this for SCSI but screw that project too!

Screw your hardware! Since all of you are so damn smart and know the ATA-ATAPI specification, you are not sensible enough to see that I showed you that it can be violated. This violation of the standard, which none of you have the membership to vote on, is what I was trying to point out.

The reason why you can not do this level of destruction in Microsoft is that it does not have a HOLE the size of a MAC TRUCK! There is no one to blame for this, but I should have found it earlier. Now that it is found something needs to be done.

Since most of you POMPUS SCSI users are down playing the point you have no room or business to comment on a subsystem that you do not use. I base this because if you were using ATA you might think twice before calling NIMBY. It has been clearly pointed out that you have a problem of the same level, but the hole is smaller and harder to work through.

Since 90% of Linux depends on the ATA subsystem being stable and safe, all I will claim is that it is stable.

Nice to see that those with the biggest mouths fighting me on the issue are as big an ASS as me pushing the issue. I am glad to have the company of ASSHOLES as big as me debating the issue.

No Bart,

Let them eat cake ............

The patch has been pulled .........

What's the point?

If the system is secure, then adding sanity checking to the ATA code makes no difference: nobody gets to do anything improper anyway.

If the system is not secure, then adding sanity checking to the ATA code makes no difference: people who could use the ATA thing can use other things that are much more insidious.

The mechanism that everybody wants is _already_ there. It's called "permissions". No new driver code necessary.

If those permissions do not work, then they don't work, and adding last-minute band-aids makes no difference.

Just as a comparison, look at Windows. It takes the opposite approach: it has no real seurity, but a LOT of band-aids to avoid the "obvious" holes. Leaving it wide open.

What validation?

The OS doesn't even know what the commands do. They are undocumented. And they vary from drive to drive.

How do you expect the OS to validate the drive firmware update commands for every drive manufacturer?

In short, should we

- know every single drive, know every command it can take, and do all of this inside the OS

OR should we

- move this policy into user space, and potentially have programs that know what different drives can do, and upgrade them the proper way

I think the thing is fairly clear. If you want "the OS" to validate the parameters, then you should create a user-mode program that validates the thing.

Basically, Linux already validates everything it _can_ validate. Sure, it could also verify that only "approved" commands are sent, but what about the undocumented yet potentially useful ones?

Let's take a hypothetial example (you judge on just _how_ hypothetical it actually is): imagine that you have a drive that can be made to refuse to read certain removable media based on where the drive was purchased. Imagine that this was actually done in firmware, and that there was a way of overriding it. Imagine further that you moved, and you wanted to make the drive read certain removable media in the new location, using undocumented commands..

Should the kernel block those commands because it doesn't know what they do?

Or should the kernel assume that "Oh, he has the permission to do this, then sure, I'll let him do it..".

Note that everybody has gotten very lathered up about the fact that you can kill certain hardware. Guess what? This is neither new nor very exciting. Look at your XFree86 configuration file some time, and read the warnings in the documentation. And ruminate on it. A monitor can be quite a bit more expensive than your harddisk.

Firthermore, destroying your harddisk may be the most _polite_ thing that can be done to you. Quite frankly, I'd personally rather have a dead harddisk than have all my data on that harddisk be siphoned back to an intruder.

A dead harddisk you might get a refund for under the warranty. Your credit card information (or your browsing habits or copies of your personal emails) made available all over the place might be more of a bother.

"There are worse things than death". Even with harddisks.

Or validate the commands listed in the SPEC for the default enable interface, and grant unrestriced access to all command with a compile option plus a sysctl flag that defaults in the off.

You will then no longer violate the usage of the SPEC by default. You will preserve the drive warrenties, and protect the commerial distribution market place for being liable for intent.

Specifically, it is public record that a distribution shipping without a taskfile filter in ATA and SCSI (I have this now) to carry copablity of knowingly with intent to sell product that allows no protection for improper calls to the hardware.

All you have to do is provide a default approved filter, and include the non-default option to disable the filter to not violate unix policies of no-policies and cover linux and distrubtors from issues that can be deemed actionable.

Upon the user disabling the command-filter, everyone is cleared of any and all issues that can be deemed actionable, and make the individual responsible for their actions and not you or the maintainers copablity.

This is all I want.........not to be sued in the future for decisions that are not mine to be made.

I can live with that. The simple switch-statement that you posted as an alternative "minimal" approach would work for me. Preferably with an opt-out (sysctl-like thing).

What I do NOT want to see is big re-organizations around this, especially considering that this is not something new. Simple.

I know that SCIos (http://sci-serv.inrialpes.fr/) does something like this: They use SCI networks to do distributed shared memory in a cluster. Then, if a node in the cluster wants to swap, it first checks if there are free memory in the distributed shared memory. If there is, it swaps to these pages. AFAIK they have found that it is quite a bit faster then disk. The SCI controllers are on the PCI bus, but the memory is main memory of a remote node. This means that they will have to travel 2 pci busses, the network and the main memory bus of the remote node. Only going through the local pci bus should be quite fast compared to this. (Slow compared to main memory, yes).

SCIos is based on Linux (is a set of patches) - maybe there are some code in there that could inspire someone.

The kernel has "zones" for different kinds of RAM that can be accessed in different ways, but it still assumes they are more or less the same speed. This means that if the PCI RAM were allocated for a user space page, it would stay continue using the PCI RAM even if it's used heavily.

If instead you use the PCI RAM as a ramdisk and swap to it, any program which makes heavy use of a page will cause the page to stay in main RAM where it should remain.

Unions are imho only acceptable when they implicitly know their own type. The in-kernel example of this is the inode per-filesystem thing. An inode has a filesystem-specific part, and there is no way any other filesystem can access it except by a major bug somewhere.

Any union that needs code like

if (xxx->type == yyy).. ....

is a design mistake.

I don't think you'll find all that many unions in Linux. And I don't think we should add new ones..

It's the best place indeed. It might not be the most appropriate place, but if you are looking for results, it generally reaches the widest audience of insane bigmouths (and I don't exclude myself) that will fight to no end arguing about it and causing a big public stir. This causes it to get seen on Slashdot and the rest is history. If the FSF doesn't jump in, they likely will eventually, or someone will try and establish communications with the offending vendor.

It usually results in one of:

1. The vendor eventually realizes they're screwed and does what is required to get themselves out of the mess legally.
2. The vendor pulls the product
3. Darth Vendor joins dark side of the source. (releases code)

Either way, a huge pissing match occurs that goes on for at least a month or so, but it usually ends up getting the job done, so it is worth it.

Note that this part of the status page really is worth some attention.

Alan doesn't have the time to maintain 2.4.x issues. Which means that right now nobody is really doing it. I have a kind of general "map" in my head, but that isn't nearly good enough..

Would somebody be interested in taking this over?

Note! It's more than just maintaining a list. It's realizing what are show-stoppers, and what are just problems that should be fixed. It's trying to work with people in trying to get enough information to get a good list of problems, but it's also trying to confirm that the problem still exists or is fixed.

It's also possibly maintaining potential fixes: keeping track of who has suggested what fix (possibly with an actual patch). Sometimes the fixes aren't actually usable as-is due to other issues, but even when they are not usable they can be supremely important for people who try to fix the same thing in a acceptable manner.

It's also good if you're respected by people already, or at least think you can work with people without making them hate you.

In short: it's important. And it's something that Alan did for both 2.0 and 2.2. Nobody can quite live up to "being Alan", but hey, if you don't like long beards you may be just as heppy knowing that.

Anybody?

A number of people have suggested to me that using one of the automated bug-tracking systems would be nice.

I don't like using them myself, but some people do. Whoever would be the maintainer (and hey, Ted has been around since pretty much the beginning of Linux, so I'd certainly be inclined to trust him) would make his own choice on _how_ he does it. A web-interface sounds like a good idea. It boils down to how much work/help it is, and personal taste of the developer in question.

OK, this is my first attempt at publishing Alan's 2.4 todo list. It's been lightly updated so far, but I *know* that there's large parts of this list which are out of date.

So if you know that a particular problem has been dealt with, could you please let me know? Especially if your name appears next to the item as the one who reported the problem, or the kernel subsystem maintainer who's working on the issue.

I'll be publishing another version which will hopefully be a bit more up to date, and better at reflecting reality.

1. Should Be Fixed (Confirmation Wanted)
1. IDE fails on some VIA boards (eg the i-opener)
2. Floppy driver broken by VFS changes. Other drivers may be too (Stuff gets called after _close now - unload race possibly too)
3. Fbcon races
4. Fix all remaining PCI code to use pci_enable_device (mostly done)
2. Capable Of Corrupting Your FS
1. E820 memory setup causes crashes/corruption on some laptops[**VERY NASTY**]
2. Use PCI DMA by default in IDE is unsafe (must not do so on via VPx x<3)
3. Data corruption on IDE disks (Generic PCI DMA and SiS support (Steven Walter)
3. Security
1. Fix module remove race bug (mostly done - Al Viro)
2. access_process_mm oops/lockup if task->mm changes (Manfred) [user can cause deliberately]
4. Boot Time Failures
1. AHA29xx driver appears to stomp other cards (may be BIOS)
2. AHA27xx is broken (maybe 28xx too)
3. Use PCI DMA 'lost interrupt' problem with some hw [which ?] (NEC Versa LX with PIIX tuning)
4. HT6560/UMC8672 ide sets up stuff too early (before region stuff can be done)
5. Crashes on boot on some Compaqs ? (may be fixed)
6. Boot hangs on a range of Dell docking stations (Latitude)
5. In Progress
1. Dcache threading (Al Viro)
2. Merge the network fixes (DaveM)
3. Finish I2O merge (Intel/Alan)
4. Exploitable leak in file locking (Willy)
5. Restore O_SYNC functionality (Stephen) - core code and ext2 done
6. Obvious Projects For People (well if you have the hardware..)
1. pci_socket crash on unload
2. DEFXX driver appears broken
3. NCR5380 isnt smp safe
4. DMFE is not SMP safe
5. Make syncppp use new ppp code
6. Fix SPX socket code
7. Merge the 2.2 ServeRAID driver into 2.4
8. Merge the current Compaq RAID driver into 2.4
7. Fix Exists But Isnt Merged
1. Update SGI VisWS to new-style IRQ handling (Ingo)
2. 64bit lockf support
3. Support MP table above 1Gig (Ingo)
4. Dont panic on boot when meeting HP boxes with wacked APIC table numbering (AC)
5. Scheduler bugs in RT (Dimitris)
6. HFS is still broken
7. AIC7xxx doesnt work non PCI ? (Doug says OK, new version due anyway)
8. Fix boards with different TSC per CPU and kill TSC use on them
9. Floppy last block cache flush error
10. TB Multisound driver hasnt been updated for new isa I/O totally.
8. To Do
1. mount crashes on Alpha platforms
2. Check all devices use resources properly
3. Tulip hang on rmmod/crashes sometimes
4. Devfs races, Sockfs (removing NULL ->i_sb stuf) (Al Viro)
5. Debian report that the gcc 2.95 possibly miscompiles fault.c or mm/remap.c (Perl script available from Arjan)
6. Fix further NFS races (Al Viro)
7. Test other file systems on write
8. Audit all char and block drivers to ensure they are safe with the 2.3 locking - a lot of them are not especially on the open() path.
9. Stick lock_kernel() calls around driver with issues to hard to fix nicely for 2.4 itself
10. PCMCIA/Cardbus hangs, IRQ problems. (Basically unusable - Hinds pcmcia code is reliable)_
11. Keyboard/mouse problems (may be fixed ?)
12. Fix mount failures due to copy_* user mishandling
13. Fix default mount behaviour to disallow repeat mounting
14. Check all file systems are either LFS compliant or error large files
15. Issue with notifiers that try to deregister themselves? (lnz)
16. Mount of new fs over existing mounted filesystem should return an error unless forced (Andrew McNabb, Alan Cox)
17. Kernel build has race conditions when building modversions.h (Mikael Pettersson)
9. To Do But Non Showstopper
1. Finish 64bit vfs merges (lockf64 and friends missing)
2. Go through as 2.4pre kicks in and figure what we should mark obsolete for the final 2.4
3. Union mount (Al Viro)
4. Per Process rtsigio limit
5. iget abuse in knfsd
6. Some people report 2.3.x serial problems
7. USB hangs on APM suspend on some machines
8. PCMCIA crashes on unloading pci_socket
9. ISAPnP IRQ handling failing on SB1000 + resource handling bug
10. DVD-RAM is apparently not working for write currently (Rogier Wolff)
11. Parallel ports should set SA_SHIRQ if PCI (eg in Plip)
12. Devfs compiled in but not mounted causes crap for ->mnt_devname of root (Al Viro)
10. Compatibility Errors
1. Xterm broke in 2.3.99pre6 (FIONREAD/select loop)
11. Probably Post 2.4
1. per super block write_super needs an async flag
2. addres_space needs a VM pressure/flush callback (Ingo)
3. per file_op rw_kiovec
12. Drivers In 2.2 not 2.4
13. To Check
1. Check O_APPEND atomicity bug fixing is complete
2. Protection on isize (sct) [Al Viro mostly done]
3. Mikulas claims we need to fix the getblk/mark_buffer_uptodate thing for 2.3.x as well
4. Network block device seems broken by block device changes
5. VFS?VM - mmap/write deadlock (demo code seems to show lock is there)
6. rw sempahores on page faults (mmap_sem)
7. kiobuf seperate lock functions/bounce/page_address fixes
8. Fix routing by fwmark
9. Some FB drivers check the A000 area and find it busy then bomb out
10. rw semaphores on inodes to fix read/truncate races ? [Probably fixed]
11. Not all device drivers are safe now the write inode lock isnt taken on write
12. File locking needs checking for races
13. Multiwrite IDE breaks on a disk error [minor issue at best]
14. ACPI/APM suspend issue - IDE related stuff ?
15. NFS bugs are fixed
16. Chase reports of SMB not working
17. IRDA calls get random bytes before random is set up
18. Some AWE cards are not being found by ISAPnP ??
19. SHM segments not always being detached and destroyed right ?
20. RAM disk contents vanishing on cramfs (block change) and bforget cases
21. ACPI hangs on boot for some systems (Are there any cases left ?)
14. Fixed
1. Incredibly slow loopback tcp bug (believed fixed about 2.3.48)
2. COMX series WAN now merged
3. VM needs rebalancing or we have a bad leak
4. SHM works chroot
5. SHM back compatibility
6. Intel i960 problems with I2O
7. Symbol clashes and other mess from _three_ copies of zlib!
8. PCI buffer overruns
9. Shared memory changes change the API breaking applications (eg gimp)
10. Finish softnet driver port over and cleanups
11. via rhine oopses under load ?
12. SCSI generic driver crashes controllers (need to pass PCI_DIR_UNKNOWN..)
13. UMSDOS fixups resync (not quite done)
14. Make NTFS sort of work
15. Any user can crash FAT fs code with ftruncate
16. AFFS fixups
17. Directory race fix for UFS
18. Security holes in execve()
19. Lan Media WAN update for 2.3
20. Get the Emu10K merged
21. Paride seems to need fixes for the block changes yet
22. Kernel corrupts fs and gs in some situations (Ulrich has demo code)
23. 1.07 AMI MegaRAID
24. Merge 2.2.15 changes (Alan)
25. Get RAID 0.90 in (Ingo)
26. S/390 Merge
27. NFS DoS fix (security)
28. Merge the RIO driver
29. Fix Space.c duplicate string/write to constants
30. Elevator and block handling queue change errors are all sorted
31. Make sure all drivers return 1 from their __setup functions (Done ?)
32. Enhanced disk statistics
33. Complete vfsmount merge (Al Viro)
34. Merge removed-buf-open directory stuff into VFS (Al Viro)
35. Problems with ip autoconfig according to Zaitcev
36. NFS causes dup kmem_create on reload (Trond)
37. vmalloc(GFP_DMA) is needed for DMA drivers (Ingo)
38. TLB flush should use highest priority (Ingo)
39. SMP affinity code creates multiple dirs with the same name (Ingo)
40. Set SMP affinity mask to actual cpu online mask (needed for some boards) (Ingo)
41. heavy swapping corrupts ptes (believed so)
42. pci_set_master forces a 64 latency on low latency setting devices.Some boards require all cards have latency <= 32
43. msync fails on NFS (probably fixed anyway)
44. Find out what has ruined disk I/O throughput. (mostly)
45. PIII FXSAVE/FXRESTORE support
46. The netdev name changing stuff broke GRE
47. put_user is broken for i386 machines (security) - sem stuff may be wrong too
48. BusLogic crashes when you cat /proc/scsi/BusLogic/0 (Robert de Vries)
49. Finish sorting out VM balancing (Rik Van Riel, Juan Quintela et al)
50. Fix eth= command line
51. 8139 + bridging fails
52. RtSig limit handling bug
53. Signals leak kernel memory (security) [FIX in ac tree]
54. TTY and N_HDLC layer called poll_wait twice per fd and corrupt memory
55. ATM layer calls poll_wait twice per fd and corrupts memory
56. Random calls poll_wait twice per fd and corrupts memory
57. PCI sound calls poll_wait twice per fd and corrupts memory
58. sbus audio calls poll_wait twice per fd and corrupts memory
59. IBM MCA driver breaks on Device_Inquiry at boot
60. SHM code corrupts memory (Russell)
61. Linux sends a 1K buffer with SCSI inquiries. The ANSI-SCSI limit is 255.
62. Linux uses TEST_UNIT_READY to chck for device presence on a PUN/LUN. The INQUIRY is the only valid test allowed by the spec.
63. truncate_inode_pages does unsafe page cache operations
64. Fix the ptrace code to be back compatible and add a new PTRACE call set for getting the PIII extra registers
65. EPIC100 fixes
66. Tlan and Epic100 crash under load
67. Fix hpfs_unlink (Al Viro)
68. exec loader permissions
69. Locking on getcwd
70. Loopback fs hangs

This should be fixed as of -pre5. I finally got a hold of a laptop that did this.

Please, anybody that had random hangs/oopses that went away if you specified the memory size by hand with the "mem=xxx" boot option, test if 2.4.0-test5 works without the workaround..

Sorry to say this. But the fs loopback is not fixed, or this some other bug fixed but than i have shown before. This an example. This kills my 2.4.0test5 system, an Intel PII SMP box. Im out of the office so I can only verfiy that i still exist on my machine.

This work is 2.2.14, but test[2-5] systems stops running without any messages.

Create an big image.

dd if=/dev/zero of=/someware/dosfs.img bs=64k count=10000

Create an msdos filesystem on the image. (Im using dosfstools-2.4) I have also done this with ext2 and get the same results.

msdosfs /somewhere/dosfs.img

Mount it.

mount -o loop /somewhere/dosfs.img /mnt/mymountpoint

Do the bad thing...

dd if=/dev/zero of=/mnt/mymountpoint/bigfile.foo bs=64k

Wait....

After a while the system can not create process and dies. A difference with 2.4.0test4 is that the filesystem is less corrupted with test5. And sync command not complete during the dd on the loopback device.

everyone and his brother has approached me suggesting that I use their favorite bug tracking system. The answer which I'm giving folks is that for now, trying to get the information into a sane state is far more important than the mechanism of which bug tracking system to use. At the moment, the hardest parts of the problem are:

• Figuring out when Linus has applied a patch that fixes a particular item on the bug list.
• Determining when someone complains whether it's a real bug or not, and if so, how important is it.
• Ditto for when someone posts a patch.
• Figuring out what Alan meant by descriptive items such as "Check all devices use resources properly" (If anyone has a copy of Vulcan Mind Melds for Dummies, let me know. :-)

I'm not sure if this has been discussed yet, I'm not completely caught up with the current kernel list. However with the pending release of Linux 2.4, it may be time to bring this up again.

I've created a rough draft (intended for discussion only!) of a press release for Linux 2.4, if we decide to go with one. Greg Smart and Albert Cahalan attempted this for Linux 2.2 but I don't think anything came of that work -- now I've decided to step up and make a fool of myself for Linux 2.4. :)

Please take a look at this and let me know what you think. There's probably someone on this list who actually knows what to do with a press release, it's quite a bit beyond my experience. Feel free to edit this as appropiate.

Oh, and I stuck a small plug for my "Wonderful World" document at the end. For a final version, we would want to point that at a good resource for more information about the release-- I'm a bit biased in this respect.

LINUX KERNEL 2.4 (DRAFT!)
The Internet, August XX, 2000

Linus Torvalds and the kernel development team would like to announce the immediate availability of Linux 2.4, the latest revision of the popular open source operating system kernel. This update brings increased scalability and performance to all Linux users, in addition to new hardware support.

Notewothy Features:

1. Enterprise Ready! Linux 2.4 includes changes that make it even more ready for Enterprise environments. This new revision supports up to 64 gigabytes of RAM, allows files to be larger than 2 gigabytes, supports many more simultaneous processes, and has been largely rewritten to take better advantage of systems with multiple processors.
2. Cutting-edge hardware support. Linux now supports Itanium, the 64-bit Intel hardware soon to be released as well as the S/390, an IBM mainframe, and SuperH, often used in WindowsCE handhelds. Linux 2.4 improves support for Intel and Apple desktop and server hardware, in addition to Compaq servers based on the Alpha processor, Sun Sparc systems, MIPs systems, and other platforms.
3. Linux is now even better suited for desktop environments with a new resource manager and support for USB and Firewire hardware. Additionally, Linux 2.4 also improves support for PC Cards (PCMCIA) and legacy "Plug-and-Play" cards.
4. Rewritten network layer to be faster than ever before, especially on multiprocessor hardware. This new layer brings to Linux the flexibility and power formerly available only with expensive routing hardware.
5. Support for version 3 of the popular NFS filesystem for sharing files in UNIX-like environments.
6. Linux 2.4 includes special enhancments for webservers including a kernel-level web server and "wake one" support for speedier page serving with all popular web servers, including Apache.
7. Logical Volume Manager for easy administration of disk space, including adding, deleting, and resizing disk slices on the fly.

This update is already available to advanced users through multiple kernel mirrors (ftp.kernel.org) Although no timeframes have been announced at this time, all current Linux distributors will be updating to this version of the kernel within the next several months.

Linux is developed by a online team of programmers headed by Linus Torvalds, a resident of Santa Clara, CA. Linux has been developed using the open source methodology which provides for source code and peer review at all stages of development. It is because of this system of openness that Linux has grown to be the most successful non-corporate operating system to date.

For more informatoon, please consult www.linux.org for a list of other Linux-related websites. More information on the new features in Linux 2.4 can be found in the "Wonderful World of Linux 2.4" document, available ...

Linux is a trademark of Linus Torvalds.

I think you should mention:

USB and FireWire - possibly appealing to the multimedia market, etc? Note the high proliferation of USB Zip drives, etc, so you could tout this as how it's great that we've got all the k-whrad standards.

Netfilter - I think I mention this to everyone I talk to about Linux 2.4. Stateful inspection, totally extensible, separate conntrack/NAT.

• The new netfilter code replaces "ipchains" with the most flexible and modular packet filtering available.
• Policy based routing and quality of server (QoS) queueing and packet scheduling allows Linux systems to precisely control the flow of data through the system and into and out of your networks.
• FreeS/WAN and CIPE (available via international patches) provide kernel level support for transparent network cryptography.
• These (previous three) features make Linux the ideal kernel for building custom routers.
• Support for very high speed (gigabit) ethernet and other (FDDI, HIPPI) network interfaces.

• Linux is also well suited to many laptop, mobile and embedded applications. There is additional support for Transmeta's new line of "Crusoe (TM)" low-power consumption x86 processors which are powering web pads and long running "work all day" laptops.
• ACPI support builds on the advanced power management (APM) features from earlier kernel versions.
• The new Linux kernel now has integrated PCMCIA and Cardbus support (long available as an "add-on" patch). Also included is support for a number of wireless networking products and protocols, for "untethered" convenience.

The Linux developers sarcastically acknowlege Mindcraft and thank them for their efforts in helping us identify the need for these improvements.

Also the "kernel-level web server" is better described as a kernel level web "accelerator." That is more accurate, and it is less likely to scare off business users who have already chosen a web server/daemon.

• "Capabilities" support extends the UNIX security model and allows Linux to provide more fine-grained access to system privileged. The "capabilities bounding set" further allows the administrator to "lock down" their system and prevent persistent changes, even in the face of "rogue" applications.

SA_INTERRUPT is deprecated, as it fundamentally cannot work with shared interrupts (or at least they all have to _agree_ on SA_INTERRUPT, which basically means that you have to know exactly the type of sharing. Ugh).

And non-shared interrupts are _definitely_ deprecated, unless the hardware really forces you to use them. That kind of hardware is getting quite rare. Thank God.

That said, SA_INTERRUPT still works, but it's really only meant to be used for the timer handler (you don't want the timer to be interruptible: it's fast, and at least the SCSI layer historically wanted the timer to tick _while_ a SCSI interrupt is active, so you must not have a SCSI interrupt interrupt the timer, because if that happens..)

The best way to do this is to do it in a user-mode program which is run out of an /etc/rc.d script, which uses ioctl()'s to download the firmware into kernel. This allows you to have much better error recovery and timeout handling than if you try to do this in the kernel.

For an exmaple program of how to do this, see the rocketport driver, especially how the loadrm2 program loads the Rocketmodem II firmware. There's some clever code there which allows multiple modems to be downloaded in parallel to speed things up. Feel free to steal it for your project; it's under the GPL.

The easiest way, and the way which will always work in the future, is to provide open() close() and ioctl() in your driver.

After the driver is installed (insmod) upon bootup, you execute a user-mode program that opens the device and sends file-data to the device via ioctl(). Your ioctl() routine in your driver puts this stuff in the right place inside your hardware and finishes initializing the device. The sysV-init scripts can be modified to do this automatically. You could, of course do the same thing using write(), but ioctl() allows you to pass function parameters so your startup code might do something like:

fd = open("MyDevice", O_RDWR);
file = open("MyBinaryJunk", O_RDONLY);
ioctl(fd, MYDEV_WAKEUP);
read(file, buf, len);
ioctl(fd, MYDEV_UPLOAD_WINDOW0, buf);
ioctl(fd, MYDEV_OPEN_WINDOW1);
read(file, buf, len);
ioctl(fd, MYDEV_UPLOAD_WINDOW1, buf);
ioctl(fd, MYDEV_.... etc.
ioctl(fd, MYDEV_START);

Another way, is to make a 'C' array of the data that you need to put into your hardware. You can make a simple 'C' development tool that reads data from your file, converts it to text the compiler understands, and you include this during compilation. This has at least two major problems. The first is that you have to recompile to update your hardware-code. The second is that some code may be very large. This stays within the kernel when the module is installed and wastes kernel space.

You can't deallocate an array that the compiler initializes.

The last way, and the way I don't recommend, is to actually open and read the file from kernel space. This is complex because your driver needs to borrow a "process context" in order for file I/O to work. The file-system was designed to run from a user's data area (segment) and, for a file-descriptor to actually mean something, it has to be associated with a process. This can be done and I am sure that others will point you in that direction. However, what works today might not work for the next kernel version.

I wrote such a driver about a year ago. It seemed to work after I got a lot of help. However, even though the file was closed after the read, I was never able to unmount '/index.html'. This means the next boot was a long fscking wait.

Ripping that up, and using user-mode access via ioctl() created a stable driver with the minimum of resident code.

The latest version is always available at http://www.tuxedo.org/~esr/kbuild/.

Release 0.7.4: Wed Jul 26 12:07:47 EDT 2000

1. Randy Dunlap has certified the USB configuration.
2. 'x' and 'q' reversed in curses and tty modes. 'q' now matches the semantics of the Tk Quit menu entry.
3. We no longer write FOO=n in defconfig; this turned out to break a large number of ifdefs in old-style makefiles in the Linux kernel tree.

That third bullet item means that CML2 will not be able to do the right thing and support passing around partial configs until about 300 lines in various Makefiles are changed. Sigh...this may mean I put off issuing 1.0.0 until after CML2 has been accepted into the tree and those changes get made,

There are currently a couple of minor look and feel issues in the Tk interface, but no known bugs.

Release 0.7.5: Sat Jul 29 05:34:59 EDT 2000

1. Sychronized with 2.4.0-test5

There's a 2.4.0-test5 kernel out there. The diff is pretty huge, to a large degree due to a bttv driver syntactic split-up and due to the NLS forward-port from 2.2.x.

Other notable bugfixes:

• the buggy Toshiba (and possibly others) BIOS memory reporting thing is fixed. Just ignore RAM that the BIOS reports in the 640k-1M range. The BIOS is confused.
• Manfred Spraul found and fixed a SMP TLB invalidation problem with threads.
• various architecture updates (arm, ia64, sparc, sh..)
• MD driver cleanups
• Toshiba floppy controller problem workaround
• updated DRI code (works with XF86-4.0.1)
• various driver updates (ToPIC CardBus should work, ide updates, etc)
• "kfree_s()" is gone. It hasn't existed for several years, but people still used it. No more.
• USB driver updates and fbcon cleanups
• various othe rupdates I've repressed.

Be happy.

They're HOPING for that.

There is currently a call out to find all machines that work with zImage but not bzImage so they can make bzImage work on them and then get rid of zImage.

Apparently one was found here.

They really really want zImage to go away. Rather than trying to get zImage to work on this particular computer again, I'd suggest concentrate on trying to get bzImage to work.