Loading .gitignore +5 −0 Original line number Diff line number Diff line Loading @@ -65,6 +65,11 @@ modules.builtin # /debian/ # # Snap directory (make snap-pkg) # /snap/ # # tar directory (make tar*-pkg) # Loading Documentation/00-INDEX +0 −4 Original line number Diff line number Diff line Loading @@ -228,8 +228,6 @@ isdn/ - directory with info on the Linux ISDN support, and supported cards. kbuild/ - directory with info about the kernel build process. kernel-doc-nano-HOWTO.txt - outdated info about kernel-doc documentation. kdump/ - directory with mini HowTo on getting the crash dump code to work. doc-guide/ Loading Loading @@ -346,8 +344,6 @@ prctl/ - directory with info on the priveledge control subsystem preempt-locking.txt - info on locking under a preemptive kernel. printk-formats.txt - how to get printk format specifiers right process/ - how to work with the mainline kernel development process. pps/ Loading Documentation/ABI/stable/sysfs-bus-vmbus +37 −16 Original line number Diff line number Diff line Loading @@ -42,72 +42,93 @@ Contact: K. Y. Srinivasan <kys@microsoft.com> Description: The 16 bit vendor ID of the device Users: tools/hv/lsvmbus and user level RDMA libraries What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/cpu What: /sys/bus/vmbus/devices/vmbus_*/channels/NN Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Directory for per-channel information NN is the VMBUS relid associtated with the channel. What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debuggig tools Users: tools/hv/lsvmbus and other debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/cpu What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debuggig tools Users: tools/hv/lsvmbus and other debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/in_mask What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/in_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Inbound channel signaling state Description: Host to guest channel interrupt mask Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/latency What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/latency Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Channel signaling latency Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/out_mask What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/out_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Outbound channel signaling state Description: Guest to host channel interrupt mask Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/pending What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/pending Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Channel interrupt pending state Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/read_avail What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/read_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Bytes availabble to read Description: Bytes available to read Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/write_avail What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/write_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Bytes availabble to write Description: Bytes available to write Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/events What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/events Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Number of times we have signaled the host Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/interrupts What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/interrupts Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Number of times we have taken an interrupt (incoming) Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/subchannel_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Subchannel ID associated with VMBUS channel Users: Debugging tools and userspace drivers What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/monitor_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Monitor bit associated with channel Users: Debugging tools and userspace drivers Documentation/ABI/testing/devlink-resource-mlxsw 0 → 100644 +33 −0 Original line number Diff line number Diff line What: /kvd/ Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The main database in the Spectrum device is a centralized KVD database used for many of the tables used to configure the chip including L2 FDB, L3 LPM, ECMP and more. The KVD is divided into two sections, the first is hash-based table and the second is a linear access table. The division between the linear and hash-based sections is static and require reload before the changes take effect. What: /kvd/linear Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The linear section of the KVD is managed by software as a flat memory accessed using an index. What: /kvd/hash_single Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The hash based section of the KVD is managed by the switch device. Used in case the key size is smaller or equal to 64bit. What: /kvd/hash_double Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The hash based section of the KVD is managed by the switch device. Used in case the key is larger than 64 bit. Documentation/ABI/testing/evm +35 −19 Original line number Diff line number Diff line Loading @@ -14,30 +14,46 @@ Description: generated either locally or remotely using an asymmetric key. These keys are loaded onto root's keyring using keyctl, and EVM is then enabled by echoing a value to <securityfs>/evm: echoing a value to <securityfs>/evm made up of the following bits: 1: enable HMAC validation and creation 2: enable digital signature validation 3: enable HMAC and digital signature validation and HMAC creation Bit Effect 0 Enable HMAC validation and creation 1 Enable digital signature validation 2 Permit modification of EVM-protected metadata at runtime. Not supported if HMAC validation and creation is enabled. 31 Disable further runtime modification of EVM policy Further writes will be blocked if HMAC support is enabled or if bit 32 is set: For example: echo 0x80000002 ><securityfs>/evm echo 1 ><securityfs>/evm will enable digital signature validation and block further writes to <securityfs>/evm. will enable HMAC validation and creation Until this is done, EVM can not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. Loading keys and signaling EVM should be done as early as possible. Normally this is done in the initramfs, which has already been measured as part of the trusted boot. For more information on creating and loading existing trusted/encrypted keys, refer to: echo 0x80000003 ><securityfs>/evm Documentation/security/keys/trusted-encrypted.rst. Both dracut (via 97masterkey and 98integrity) and systemd (via will enable HMAC and digital signature validation and HMAC creation and disable all further modification of policy. echo 0x80000006 ><securityfs>/evm will enable digital signature validation, permit modification of EVM-protected metadata and disable all further modification of policy Note that once a key has been loaded, it will no longer be possible to enable metadata modification. Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. Loading keys and signaling EVM should be done as early as possible. Normally this is done in the initramfs, which has already been measured as part of the trusted boot. For more information on creating and loading existing trusted/encrypted keys, refer to: Documentation/security/keys/trusted-encrypted.rst. Both dracut (via 97masterkey and 98integrity) and systemd (via core/ima-setup) have support for loading keys at boot time. Loading
.gitignore +5 −0 Original line number Diff line number Diff line Loading @@ -65,6 +65,11 @@ modules.builtin # /debian/ # # Snap directory (make snap-pkg) # /snap/ # # tar directory (make tar*-pkg) # Loading
Documentation/00-INDEX +0 −4 Original line number Diff line number Diff line Loading @@ -228,8 +228,6 @@ isdn/ - directory with info on the Linux ISDN support, and supported cards. kbuild/ - directory with info about the kernel build process. kernel-doc-nano-HOWTO.txt - outdated info about kernel-doc documentation. kdump/ - directory with mini HowTo on getting the crash dump code to work. doc-guide/ Loading Loading @@ -346,8 +344,6 @@ prctl/ - directory with info on the priveledge control subsystem preempt-locking.txt - info on locking under a preemptive kernel. printk-formats.txt - how to get printk format specifiers right process/ - how to work with the mainline kernel development process. pps/ Loading
Documentation/ABI/stable/sysfs-bus-vmbus +37 −16 Original line number Diff line number Diff line Loading @@ -42,72 +42,93 @@ Contact: K. Y. Srinivasan <kys@microsoft.com> Description: The 16 bit vendor ID of the device Users: tools/hv/lsvmbus and user level RDMA libraries What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/cpu What: /sys/bus/vmbus/devices/vmbus_*/channels/NN Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Directory for per-channel information NN is the VMBUS relid associtated with the channel. What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debuggig tools Users: tools/hv/lsvmbus and other debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/cpu What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debuggig tools Users: tools/hv/lsvmbus and other debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/in_mask What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/in_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Inbound channel signaling state Description: Host to guest channel interrupt mask Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/latency What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/latency Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Channel signaling latency Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/out_mask What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/out_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Outbound channel signaling state Description: Guest to host channel interrupt mask Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/pending What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/pending Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Channel interrupt pending state Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/read_avail What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/read_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Bytes availabble to read Description: Bytes available to read Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/write_avail What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/write_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Bytes availabble to write Description: Bytes available to write Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/events What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/events Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Number of times we have signaled the host Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/relid/interrupts What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/interrupts Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Number of times we have taken an interrupt (incoming) Users: Debugging tools What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/subchannel_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Subchannel ID associated with VMBUS channel Users: Debugging tools and userspace drivers What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/monitor_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin@microsoft.com> Description: Monitor bit associated with channel Users: Debugging tools and userspace drivers
Documentation/ABI/testing/devlink-resource-mlxsw 0 → 100644 +33 −0 Original line number Diff line number Diff line What: /kvd/ Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The main database in the Spectrum device is a centralized KVD database used for many of the tables used to configure the chip including L2 FDB, L3 LPM, ECMP and more. The KVD is divided into two sections, the first is hash-based table and the second is a linear access table. The division between the linear and hash-based sections is static and require reload before the changes take effect. What: /kvd/linear Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The linear section of the KVD is managed by software as a flat memory accessed using an index. What: /kvd/hash_single Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The hash based section of the KVD is managed by the switch device. Used in case the key size is smaller or equal to 64bit. What: /kvd/hash_double Date: 08-Jan-2018 KernelVersion: v4.16 Contact: mlxsw@mellanox.com Description: The hash based section of the KVD is managed by the switch device. Used in case the key is larger than 64 bit.
Documentation/ABI/testing/evm +35 −19 Original line number Diff line number Diff line Loading @@ -14,30 +14,46 @@ Description: generated either locally or remotely using an asymmetric key. These keys are loaded onto root's keyring using keyctl, and EVM is then enabled by echoing a value to <securityfs>/evm: echoing a value to <securityfs>/evm made up of the following bits: 1: enable HMAC validation and creation 2: enable digital signature validation 3: enable HMAC and digital signature validation and HMAC creation Bit Effect 0 Enable HMAC validation and creation 1 Enable digital signature validation 2 Permit modification of EVM-protected metadata at runtime. Not supported if HMAC validation and creation is enabled. 31 Disable further runtime modification of EVM policy Further writes will be blocked if HMAC support is enabled or if bit 32 is set: For example: echo 0x80000002 ><securityfs>/evm echo 1 ><securityfs>/evm will enable digital signature validation and block further writes to <securityfs>/evm. will enable HMAC validation and creation Until this is done, EVM can not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. Loading keys and signaling EVM should be done as early as possible. Normally this is done in the initramfs, which has already been measured as part of the trusted boot. For more information on creating and loading existing trusted/encrypted keys, refer to: echo 0x80000003 ><securityfs>/evm Documentation/security/keys/trusted-encrypted.rst. Both dracut (via 97masterkey and 98integrity) and systemd (via will enable HMAC and digital signature validation and HMAC creation and disable all further modification of policy. echo 0x80000006 ><securityfs>/evm will enable digital signature validation, permit modification of EVM-protected metadata and disable all further modification of policy Note that once a key has been loaded, it will no longer be possible to enable metadata modification. Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. Loading keys and signaling EVM should be done as early as possible. Normally this is done in the initramfs, which has already been measured as part of the trusted boot. For more information on creating and loading existing trusted/encrypted keys, refer to: Documentation/security/keys/trusted-encrypted.rst. Both dracut (via 97masterkey and 98integrity) and systemd (via core/ima-setup) have support for loading keys at boot time.
Ingo Molnar <mingo@kernel.org>Ingo Molnar <mingo@kernel.org>