Next Page: 10000

          Comment on Android Me Bootloader And Kernel Kya Hota hai by Shobha padalkar      Cache   Translate Page   Web Page Cache   
Sir mere ph ka dispaly break ho gya tha…n repairing k bad..wo puri tarah se format ho gya..hai..purani files..videos..photos..kaise wapas la sakte hai..plz. bataie
          Fedora 28: kernel-headers Security Update      Cache   Translate Page   Web Page Cache   
LinuxSecurity.com: The 4.17.12 stable kernel update contains a number of important fixes across the tree.
          Fedora 28: kernel-tools Security Update      Cache   Translate Page   Web Page Cache   
LinuxSecurity.com: The 4.17.12 stable kernel update contains a number of important fixes across the tree.
          Software Engineer - VMware - Palo Alto, CA      Cache   Translate Page   Web Page Cache   
1 years of experience in Intel and AMD x86 based processor architecture. 1 years of experience in OS kernel internals, including memory management, resource...
From VMware - Wed, 25 Jul 2018 00:20:47 GMT - View all Palo Alto, CA jobs
          much faster curl uploads on Windows with a single tiny commit      Cache   Translate Page   Web Page Cache   
These days, operating system kernels provide TCP/IP stacks that can do really fast network transfers. It's not even unusual for ordinary people to have gigabit connections at home and of course we want our applications to be able take advantage of them. I don't think many readers here will be surprised when I say that … Continue reading much faster curl uploads on Windows with a single tiny commit
          #53 Ibrahim, el rapero tinerfeño acuchillado por su compañera de piso "que iba fumada de crack"       Cache   Translate Page   Web Page Cache   

#24 Y hace esas mismas tres semanas, en esta misma página se censuró el asesinato de un hombre DEGOLLADO a manos de su pareja por el comando planchabragas.
www.meneame.net/story/joven-asesina-novio-lugones/voters
Así que no vengas ahora a hacerte la víctima cuando vosotros hacéis exactamente lo mismo.

» autor: Kernel-chagi


          How To Use “dmesg” Command For Troubleshooting And Reading Kernel Ring Buffer Log      Cache   Translate Page   Web Page Cache   

Sometimes you need to to see kernel level events when you’re troubleshooting something. Maybe your system isn’t booting up properly and is dropping your into a shell in the initial ramdisk or some other recovery environment and you don’t have access to many tools. Maybe your fancy new hardware isn’t being recognized. Sometimes, you just […]

The post How To Use “dmesg” Command For Troubleshooting And Reading Kernel Ring Buffer Log appeared first on Fossbytes.


          Comment on When Two Gay Catholic Tribes Go To (Cold) War by Mike      Cache   Translate Page   Web Page Cache   
This line drew my attention: "Might the answer be: because they sense that the problem is such that if they really tried to clean up the mess, they wouldn’t know for sure which pillars and walls would fall?" Which, also brought to my mind the assurance from the very words of Jesus himself, "Truly, truly, I tell you, unless a kernel of wheat falls to the ground and dies, it remains only a seed; but if it dies, it bears much fruit." Another says, "the weak are the strong..." The Gospel itself encourages those who need to say something--even at the risk of "killing" the source, need to do it. Like the seed, like the weak--like Jesus--it needs to be "killed" to be born anew and made strong.
          Analysis/PDE Seminar, Aug 27      Cache   Translate Page   Web Page Cache   
First I will describe a new pseudodifferential calculus for (pseudo-)Riemannian spaces, which in our opinion (my, D.Siemssen's and A.Latosiński's) is the most appropriate way to study operators on such a manifold. I will briefly describe its applications to computations of the asymptotics the heat kernel and Green's operator on Riemannian manifolds. Then I will discuss analogous applications to Lorentzian manifolds, relevant for QFT on curved spaces. I will mention an intriguing question of the self-adjointness of the Klein-Gordon operator. I will describe the construction of the (distinguished) Feynman propagator on asymptotically static spacetimes. I will show how our pseudodifferential calculus can be used to compute the full asymptotics around the diagonal of various inverses and bisolutions of the Klein-Gordon operator.
          Agreement: Excess PHP notices      Cache   Translate Page   Web Page Cache   
Notice: Undefined index: reset_date in Drupal\agreement\Entity\Agreement->getAgreementFrequencyTimestamp() (line 85 of modules/contrib/agreement/src/Entity/Agreement.php).
Drupal\agreement\Entity\Agreement->getAgreementFrequencyTimestamp() (Line: 109)
Drupal\agreement\AgreementHandler->hasAgreed(Object, Object) (Line: 136)
Drupal\agreement\Form\AgreementForm->buildForm(Array, Object, Object)
call_user_func_array(Array, Array) (Line: 518)
Drupal\Core\Form\FormBuilder->retrieveForm('agreement_default_form', Object) (Line: 275)
Drupal\Core\Form\FormBuilder->buildForm('agreement_default_form', Object) (Line: 74)
Drupal\Core\Controller\FormController->getContentResult(Object, Object)
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 582)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 151)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 666)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)

          Re: [PATCH] net/9p/trans_virtio.c: decrease the refcount of 9p vir ...      Cache   Translate Page   Web Page Cache   
piaojun writes: Hi Dominique,
Hi Dominique,
On 2018/8/8 17:40, Dominique Martinet wrote:
My kernel commit id 6edf1d4cb0acde, and I replace the 9p code with 9p-next. And I wonder if this will work well?
9p-next. And I wonder if this will work well?
In my testing, `modprobe -r` has the same behavior with rmmod. In my testing, `modprobe -r` has the same behavior with rmmod. In my testing, `modprobe -r` has the same behavior with rmmod.
          [BUG] Loopback devices with 4k logical block size are not automati ...      Cache   Translate Page   Web Page Cache   
Andrew Jeddeloh writes: (Summary) I've also filed the bug on the kernel bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200749
https://bugzilla.kernel.org/show_bug.cgi?id=200749
Copied from the bugzilla report:
Copied from the bugzilla report:
Loop devices with the logical sector size set to 4096 do not autodetect partitions when attached. With 4096 byte logical block size I only see /dev/loopN devices and no /dev/loopNpX devices.
/dev/loopNpX devices.
Steps to reproduce:
1) truncate -s 1G diskimg
2) losetup -fP --show -b 4096 diskimg
3) sgdisk -n 0:0:0 /dev/loopN # Other partitioning tools will probably also work.
4) losetup -d /dev/loopN
5) losetup -fP --show -b 4096 diskimg
5) losetup -fP --show -b 4096 diskimg
This happens reliably.
          linux-next: build failure after merge of the tip tree      Cache   Translate Page   Web Page Cache   
Stephen Rothwell writes: (Summary) Hi all,
Hi all,
After merging the tip tree, today's linux-next build (x86_64 defconfig) failed like this:
failed like this:
Invalid absolute R_X86_64_32S relocation: __end_rodata_aligned /kisskb/src/arch/x86/boot/compressed/Makefile:127: recipe for target 'arch/x86/boot/compressed/vmlinux.relocs' failed /kisskb/src/arch/x86/boot/compressed/Makefile:127: recipe for target 'arch/x86/boot/compressed/vmlinux.relocs' failed Caused by commit
Caused by commit
39d668e04eda ("x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit") 39d668e04eda ("x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit") This was a build using gcc 4.6.3.
          Re: [PATCH v8 00/22] vfio-ap: guest dedicated crypto adapters      Cache   Translate Page   Web Page Cache   
Tony Krowiak writes: (Summary) On 08/08/2018 12:25 PM, Cornelia Huck wrote:
still useful.
That may very well be the case, but we decided on bare bones expedite acceptance.
acceptance.
Where's point 3? Only the all-knowing, all-seeing can discern its
presence ;)
presence ;)
I had reviewed David's patches and they looked good to me. They are included here precisely because they are not yet available in our master branch and our code is dependent upon
them.
them.
kernel headers updates.
Got it.
Got it.
Got it.
Got it.

          Re: [PATCH] 9p: fix NULL pointer dereferences      Cache   Translate Page   Web Page Cache   
Dominique Martinet writes: (Summary) Dmitry Vyukov wrote on Wed, Aug 08, 2018:
So let's proceed with checking in each transport function? Yes, he's done it a while ago, just didn't se the in-reply-to field to keep part of the thread but the Reported-by was here: http://lkml.kernel.org/r/20180727110558.5479-1-tomasbortoli@gmail.com http://lkml.kernel.org/r/20180727110558.5479-1-tomasbortoli@gmail.com This is in linux-next right now as 631263a1b23c71
This is in linux-next right now as 631263a1b23c71

          [PATCH RFC ftrace/core] tracing: Directly call tracer and lockdep ...      Cache   Translate Page   Web Page Cache   
"Joel Fernandes (Google)" writes: (Summary) +#else +void tracer_preempt_on(void *none, unsigned long a0, unsigned long a1) { } +void tracer_preempt_off(void *none, unsigned long a0, unsigned long a1) { } +#endif + #endif /* _LINUX_KERNEL_TRACE_H */ diff --git a/kernel/trace/trace_irqsoff.c b/kernel/trace/trace_irqsoff.c index 770cd30cda40..d61d42e431e9 100644 --- a/kernel/trace/trace_irqsoff.c +++ b/kernel/trace/trace_irqsoff.c @@ -601,13 +601,13 @@ static void irqsoff_tracer_stop(struct trace_array *tr) /* * We are only interested in hardirq on/off events: */ -static void tracer_hardirqs_on(void *none, unsigned long a0, unsigned long a1) +void tracer_hardirqs_on(void *none, unsigned long a0, unsigned long a1) { if (!preempt_trace() &&
          possible deadlock in team_vlan_rx_add_vid      Cache   Translate Page   Web Page Cache   
syzbot writes: (Summary) *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor4/6391: #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 net/core/rtnetlink.c:4662 #1: (____ptrval____) (&team->lock){+.+.}, at: team_add_slave+0xdb/0x1c30 drivers/net/team/team.c:1947 stack backtrace: CPU: 1 PID: 6391 Comm: syz-executor4 Not tainted 4.18.0-rc7+ #176 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_deadlock_bug kernel/locking/lockdep.c:1765 [inline] check_deadlock kernel/locking/lockdep.c:1809 [inline] validate_chain kernel/locking/lockdep.c:2405 [inline] __lock_acquire.cold.64+0x1fb/0x486 kernel/locking/lockdep.c:3435 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 __mutex_lock_common kernel/lockin
          Re: [PATCH v3 1/2] PM / devfreq: Generic CPU frequency to device f ...      Cache   Translate Page   Web Page Cache   
skannan@codeauro ... writes: (Summary) On 2018-08-08 01:47, Sudeep Holla wrote:
on a particular platform ?
But that's not the point here? Not sure what you mean.
this platform doesn't have that ?
All QC platforms would use this.
All QC platforms would use this.
As a personal (non-Qcom) opinion, I'd rather the kernel control this than have some black magic FW manage this. I've a really bitter taste in my mouth for FW hiding this because of a broken ACPI implementation in one of my x86 motherboards prevented CPUfreq from working (this was well before I worked on CPUfreq). But I'd rather not for simpler stuff like this.
simpler stuff like this.
-Saravana
-Saravana
-Saravana

          [GIT PULL] parisc architecture fixes      Cache   Translate Page   Web Page Cache   
Helge Deller writes: (Summary) Hi Linus,
Hi Linus,
would you please pull two important patches for the parisc architecture for kernel 4.18 from: would you please pull two important patches for the parisc architecture for kernel 4.18 from: git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux.git parisc-4.18-2 git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux.git parisc-4.18-2 The first patch is trivial and fixes the kernel build if someone chooses to build the generic 64bit defconfig. Our hope is, that this should help us to fix the issues we rarely still see with spinlocks.
still see with spinlocks.
Both patches had been in the for-next branch for a few days without any reported issues and are tagged to be backported to all kernels above v4.0.
          Re: [PATCH 6/8] dt-bindings: interrupt-controller: RISC-V PLIC doc ...      Cache   Translate Page   Web Page Cache   
Palmer Dabbelt writes: On Wed, 08 Aug 2018 09:15:58 PDT (-0700), robh+dt@kernel.org wrote: implement things.
FWIW, I like this approach. There is an interrupt widget in the hardware, so having the device tree represent it seems like a good idea. having the device tree represent it seems like a good idea. Rob
Rob

          More Laptop Quirks Queued For Linux 4.19      Cache   Translate Page   Web Page Cache   

The x86 platform drivers area of the Linux kernel is ready for the 4.19 kernel cycle to get underway next week.

With linux-platform-drivers-x86 it's largely drivers for handling different behavior on various x86 laptops/tablets. Like most cycles, much of the changes are just about handling quirks for new devices. Among the x86 platform driver updates queued in its "-next" tree for Linux 4.19 includes:

- Support for the calculator hotkey on various Lenovo systems.

Read more


          Ubuntu Security Notice USN-3732-2      Cache   Translate Page   Web Page Cache   
Ubuntu Security Notice 3732-2 - USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
          Graphics: Radeon, AMDGPU, NVIDIA      Cache   Translate Page   Web Page Cache   
  • AMD Radeon Pro 18.Q3 Linux Driver Released

    AMD has released their Radeon Pro 18.Q3 enterprise driver update, including for supported Linux distributions, as their QA-tested professional-grade driver update for the quarter.

    Radeon Pro Software 18.Q3 is available for RHEL/CentOS 7.5, RHEL/CentOS 6.9, Ubuntu 18.04, Ubuntu 16.04, and SUSE Linux Enterprise Desktop/Server 12 SP3. This is basically the QA-vetted enterprise driver stack of "AMDGPU-PRO" intended for workstation graphics hardware while for the most part those on consumer Radeon GPUs are generally best off riding the latest Linux+Mesa releases for the leading open-source driver coverage.

  • AMDGPU LRU Bulk Move Patches Yielding OpenCL & Vulkan Performance Boosts

    AMD's Huang Rui and Christian Konig are working on LRU bulk move functionality that can yield performance improvements for Vulkan and OpenCL workloads.

    This AMDGPU kernel change is about migrating PD/PT buffer objects onto the LRU (least recently used) list in bulk in a single operation. For end-users, what matters is the performance difference as a result.

  • NVIDIA Vulkan Beta Update Brings Hang Fixes, Device Diagnostic Checkpoints

    NVIDIA has just published their latest Vulkan beta driver release for Windows and Linux.

    The newest NVIDIA Vulkan beta for Linux out today is version 396.51.02. Most notable with this driver update is that it adds support for the VK_NV_device_diagnostic_checkpoints extension. This extension was recently made public by Vulkan 1.1.82 and is for inserting device diagnostic checkpoints.

read more


          brauner's blog: Unprivileged File Capabilities      Cache   Translate Page   Web Page Cache   

alt text

Introduction

File capabilities (fcaps) are capabilities associated with - well - files, usually a binary. They can be used to temporarily elevate privileges for unprivileged users in order to accomplish a privileged task. This allows various tools to drop the dangerous setuid (suid) or setgid (sgid) bits in favor of fcaps.

While fcaps are supported since Linux 2.6.24 they could only be set in the initial user namespace. If they would have been allowed to be set by root in a non-initial user namespace then any unprivileged user on the host would have been able to map their own uid to root in a new user namespace, set fcaps that would grant more privileges to them, and then execute the binary with elevated privileged on the host. This also means that until recently it was not safe to use fcaps in unprivileged containers, i.e. containers using user namespaces. The good news is that starting with Linux kernel version 4.14 it is possible to set fcaps in user namespaces.

Kernel Patchset

The patchset to enable this has been contributed by Serge Hallyn, a co-maintainer and core developer of the LXD and LXC projects:

commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
Author: Serge E. Hallyn <serge@hallyn.com>
Date:   Mon May 8 13:11:56 2017 -0500

    Introduce v3 namespaced file capabilities

LXD Now Preserves File Capabilities In User Namespaces

In parallel to the kernel patchset we have now enabled LXD to preserve fcaps in user namespaces. This means if your kernel supports namespaced fcaps LXD will preserve them whenever unprivileged containers are created, or when their idmapping is changed. No matter if you go from privileged to unpriviliged or the other way around. Your filesystem capabilities will be right there with you. In other news, there is now little to no use for the suid and sgid bits even in unprivileged containers.

This is something that the Linux Containers Project has wanted for a long time and we are happy that we are the first runtime to fully support this feature.

If all of the above either makes no sense to you or you’re asking yourself what is so great about this because some distros have been using fcaps for a long time don’t worry we’ll try to shed some light on all of this.

The dark ages: suid and sgid binaries

Not too long ago the suid and sgid bits were the only well-known mechanism to temporarily grant elevated privileges to unprivileged users executing a binary. Once some or all of the following binaries where suid or sgid binaries on most distros:

  • ping
  • newgidmap
  • newuidmap
  • mtr-packet

The binary that most developers will have already used is the ping binary. It’s convenient to just check whether a connection to the internet has been established successfully by pinging a random website. It’s such a common tool that most people don’t even think about it needing any sort of privilege. In fact it does require privileges. ping wants to open sockets of type SOCK_RAW but the kernel prevents unprivileged users from using sockets of type SOCK_RAW because it would allow them to e.g. send ICMP packages directly. But ping seems like a binary that is useful to unprivileged users as well as safe. Short of a better mechanism the most obvious choice is to have it be owned by uid 0 and set the suid bit.

chb@conventiont|~
> perms /bin/ping
-rwsr-xr-x 4755 /bin/ping

You can see the little s in the permissions. This indicates that this version of ping has the suid bit set. Hence, if called it will run as uid 0 independent of the uid of the caller. In short, if my user has uid 1000 and calls the ping binary ping will still run with uid 0.

While the suid mechanism gets the job done it is also wildly inappropriate. ping does need elevated privileges in one specific area. But by setting the suid bit and having ping be owned by uid 0 we’re granting it all kinds of privileges, in fact all privileges. If there ever is a major security sensitive bug in a suid binary it is trivial for anyone to exploit the fact that it runs as uid 0.

Of course, the kernel has all kinds of security mechanisms to deflate the impact of the suid and sgid bits. If you strace an suid binary the suid bit will be stripped, there are complex rules regarding execve()ing a binary that has the suid bit set, and the suid bit is also dropped when the owner of the binary in question changes, i.e. when you call chown() on it. Still these are all migitations for something that is inherently dangerous because it grants too much for too little gain. It’s like someone asking for a little sugar and you handing out the key to your house. To quote Eric:

Frankly being able to raise the priveleges of an existing process is such a dangerous mechanism and so limiting on system design that I wish someone would care, and remove all suid, sgid, and capabilities use from a distro. It is hard to count how many neat new features have been shelved because of the requirement to support suid root executables.

Capabilities and File Capabilities

This is where capabilities come into play 1. Capabilities start from the idea that the root privilege could as well be split into subsets of privileges. Whenever something requests to perform an operation that requires privileges it doesn’t have we can grant it a very specific subset instead of all privileges at once 2. For example, the ping binary would only need the CAP_NET_RAW capability because it is the capability that regulates whether a process can open SOCK_RAW sockets.

Capabilities are associated with processes and files. Granted, Linux capabilities are not the cleanest or easiest concept to grasp. But I’ll try to shed some light. In essence, capabilities can be present in four different types of sets. The kernel performs checks against a process by looking at its effective capability set, i.e. the capabilities the process has at the time of trying to perform the operation. The rest of the capability sets are (glossing over details now for the sake of brevity) basically used for calculating each other including the effective capability set. There are permitted capabilities, i.e. the capabilities a process is allowed to raise in the effective set, inheritable capabilities, i.e. capabilities that should be (but are only under certain restricted conditions) preserved across an execve(), and ambient capabilities that are there to fix the shortcomings of inheritable capabilities, i.e. they are there to allow unprivileged processes to preserve capabilities across an execve() call. 3 Last but not least we have file capabilities, i.e. capabilities that are attached to a file. When such a file is execve()ed the associated fcaps are taken into account when calculating the permissions after the execve().

Extended attributes and File Capabilities

The part most users are confused about is how capabilities get associated with files. This is where extended attributes (xattr) come into play. xattrs are <key>:<value> pairs that can be associated with files. They are stored on-disk as part of the metadata of a file. The <key> of an xattr will always be a string identifying the attribute in question whereas the <value> can be arbitrary data, i.e. it can be another string or binary data. Note that it is not guaranteed nor required by the kernel that a filesystem supports xattrs. While the virtual filesystem (vfs) will handle all core permission checks, i.e. it will verify that the caller is allowed to set the requested xattr but the actual operation of writing out the xattr on disk will be left to the filesystem. Without going into the specifics the callchain currently is:

SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
                const char __user *, name, const void __user *, value,
                size_t, size, int, flags)
|
-> static int path_setxattr(const char __user *pathname,
                            const char __user *name, const void __user *value,
                            size_t size, int flags, unsigned int lookup_flags)
   |
   -> static long setxattr(struct dentry *d, const char __user *name,
                           const void __user *value, size_t size, int flags)
      |
      -> int vfs_setxattr(struct dentry *dentry, const char *name,
                          const void *value, size_t size, int flags)
         |
         -> int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
                                      const void *value, size_t size, int flags)

and finally __vfs_setxattr_noperm() will call

int __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
                   const void *value, size_t size, int flags)
{
        const struct xattr_handler *handler;

        handler = xattr_resolve_name(inode, &name);
        if (IS_ERR(handler))
                return PTR_ERR(handler);
        if (!handler->set)
                return -EOPNOTSUPP;
        if (size == 0)
                value = "";  /* empty EA, do not remove */
        return handler->set(handler, dentry, inode, name, value, size, flags);
}

The __vfs_setxattr() function will then call xattr_resolve_name() which will find and return the appropriate handler for the xattr in the list struct xattr_handler of the corresponding filesystem. If the filesystem has a handler for the xattr in question it will return it and the attribute will be set and if not EOPNOTSUPP will be surfaced to the caller.

For this article we will only focus on the permission checks that the vfs performs not on the filesystem specifics. An important thing to note is that different xattrs are subject to different permission checks by the vfs. First, the vfs regulates what types of xattrs are supported in the first place. If you look at the xattr.h header you will find all supported xattr namespaces. An xattr namespace is essentially nothing but a prefix like security.. Let’s look at a few examples from the xattr.h header:

#define XATTR_SECURITY_PREFIX "security."
#define XATTR_SECURITY_PREFIX_LEN (sizeof(XATTR_SECURITY_PREFIX) - 1)

#define XATTR_SYSTEM_PREFIX "system."
#define XATTR_SYSTEM_PREFIX_LEN (sizeof(XATTR_SYSTEM_PREFIX) - 1)

#define XATTR_TRUSTED_PREFIX "trusted."
#define XATTR_TRUSTED_PREFIX_LEN (sizeof(XATTR_TRUSTED_PREFIX) - 1)

#define XATTR_USER_PREFIX "user."
#define XATTR_USER_PREFIX_LEN (sizeof(XATTR_USER_PREFIX) - 1)

Based on the detected prefix the vfs will decide what permission checks to perform. For example, the user. namespace is not subject to very strict permission checks since it exists to allow users to store arbitrary information. However, some xattrs are subject to very strict permission checks since they allow to change privileges. For example, this affects the security. namespace. In fact, the xattr.h header even exposes a specific capability suffix to use with the security. namespace:

#define XATTR_CAPS_SUFFIX "capability"
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX

As you might have figured out file capabilities are associated with the security.capability xattr.

In contrast to other xattrs the value associated with the security.capability xattr key is not a string but binary data. The actual implementation is a C struct that contains bitmasks of capability flags. To actually set file capabilities userspace would usually use the libcap library because the low-level bits of the implementation are not very easy to use. Let’s say a user wanted to associate the CAP_NET_RAW capability with the ping binary on a system that only supports non-namespaced file capabilities. Then this is the minimum that you would need to do in order to set CAP_NET_RAW in the effective and permitted set of the file:

/*
 * Do not simply copy this code. For the sake of brevity I e.g. omitted
 * handling the necessary endianess translation. (Not to speak of the apparent
 * ugliness and missing documentation of my sloppy macros.)
 */

struct vfs_cap_data xattr = {0};

#define raise_cap_permitted(x, cap_data)   cap_data.data[(x)>>5].permitted   |= (1<<((x)&31))
#define raise_cap_inheritable(x, cap_data) cap_data.data[(x)>>5].inheritable |= (1<<((x)&31))

raise_cap_permitted(CAP_NET_RAW, xattr);
xattr.magic_etc = VFS_CAP_REVISION_2 | VFS_CAP_FLAGS_EFFECTIVE;

setxattr("/bin/ping", "security.capability", &xattr, sizeof(xattr), 0);

After having done this we can look at the ping binary and use the getcap binary to check whether we successfully set the CAP_NET_RAW capability on the ping binary. Here’s a little demo:

asciicast

Setting Unprivileged File Capabilities

On kernels that support namespaced file capabilities the straightforward way to set a file capability is to attach to the user namespace in question as root and then simply perform the above operations. The kernel will then transparently handle the translation between a non-namespaced and a namespaced capability by recording the rootid from the kernel’s perspective (the kuid).

However, it is also possible to set file capabilities in lieu of another user namespace. In order to do this the code above needs to be changed slightly:

/* 
 * Do not simply copy this code. For the sake of brevity I e.g. omitted
 * handling the necessary endianess translation. (Not to speak of the apparent
 * ugliness and missing documentation of my sloppy macros.)
 */

struct vfs_ns_cap_data ns_xattr = {0};

#define raise_cap_permitted(x, cap_data)   cap_data.data[(x)>>5].permitted   |= (1<<((x)&31))
#define raise_cap_inheritable(x, cap_data) cap_data.data[(x)>>5].inheritable |= (1<<((x)&31))

raise_cap_permitted(CAP_NET_RAW, ns_xattr);
ns_xattr.magic_etc = VFS_CAP_REVISION_2 | VFS_CAP_FLAGS_EFFECTIVE;
ns_xattr.rootid = 1000000;

setxattr("/bin/ping", "security.capability", &ns_xattr, sizeof(ns_xattr), 0);

As you can see the struct we use has changed. Instead of using struct vfs_cap_data we are now using struct vfs_ns_cap_data which has gained an additional field rootid. In our example we are setting the rootid to 1000000 which in my example is the rootid of uid 0 in the container’s user namespace as seen from the host.

asciicast

As you can see from the asciicast we can’t execute the ping binary as an unprivileged user on the host since the fcaps is namespaced and associated with uid 1000000. But if we copy that binary to a container where this uid is mapped to uid 0 we can now call ping as an unprivileged user.

So let’s look at an actual unprivileged container and let’s set the CAP_NET_RAW capability on the ping binary in there:

asciicast

Some Implementation Details

As you have seen above a new struct vfs_ns_cap_data has been added to the kernel:

/*
 * same as vfs_cap_data but with a rootid at the end
 */
struct vfs_ns_cap_data {
        __le32 magic_etc;
        struct {
                __le32 permitted;    /* Little endian */
                __le32 inheritable;  /* Little endian */
        } data[VFS_CAP_U32];
        __le32 rootid;
};

In the end this struct is what the kernel expects to be passed and which it will use to calculate fcaps. The location of the permitted and inheritable set in struct vfs_ns_cap_data are obvious but the effective set seems to be missing. Whether or not effective caps are set on the file is determined by raising the VFS_CAP_FLAGS_EFFECTIVE bit in the magic_etc mask. The magic_etc member is also used to tell the kernel which fcaps version the vfs is expected to support. The kernel will verify that either XATTR_CAPS_SZ_2 or XATTR_CAPS_SZ_3 are passed as size and are correctly paired with the VFS_CAP_REVISION_2 and VFS_CAP_REVISION_3 flag. If XATTR_CAPS_SZ_2 is set then the kernel will not try to look for a rootid field in the struct it received, i.e. even if you pass a struct vfs_ns_cap_data with a rootid but set XATTR_CAPS_SZ_2 as size parameter and VFS_CAP_REVISION_2 in magic_etc the kernel will be able to ignore the rootid field and instead use the rootid of the current user namespace. This allows the kernel to transparently translate from VFS_CAP_REVISION_2 to VFS_CAP_REVISION_3 fcaps. The main translation mechanism can be found in cap_convert_nscap() and rootid_from_xattr():

/*
* User requested a write of security.capability.  If needed, update the
* xattr to change from v2 to v3, or to fixup the v3 rootid.
*
* If all is ok, we return the new size, on error return < 0.
*/
int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
{
        struct vfs_ns_cap_data *nscap;
        uid_t nsrootid;
        const struct vfs_cap_data *cap = *ivalue;
        __u32 magic, nsmagic;
        struct inode *inode = d_backing_inode(dentry);
        struct user_namespace *task_ns = current_user_ns(),
                *fs_ns = inode->i_sb->s_user_ns;
        kuid_t rootid;
        size_t newsize;

        if (!*ivalue)
                return -EINVAL;
        if (!validheader(size, cap))
                return -EINVAL;
        if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
                return -EPERM;
        if (size == XATTR_CAPS_SZ_2)
                if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP))
                        /* user is privileged, just write the v2 */
                        return size;

        rootid = rootid_from_xattr(*ivalue, size, task_ns);
        if (!uid_valid(rootid))
                return -EINVAL;

        nsrootid = from_kuid(fs_ns, rootid);
        if (nsrootid == -1)
                return -EINVAL;

        newsize = sizeof(struct vfs_ns_cap_data);
        nscap = kmalloc(newsize, GFP_ATOMIC);
        if (!nscap)
                return -ENOMEM;
        nscap->rootid = cpu_to_le32(nsrootid);
        nsmagic = VFS_CAP_REVISION_3;
        magic = le32_to_cpu(cap->magic_etc);
        if (magic & VFS_CAP_FLAGS_EFFECTIVE)
                nsmagic |= VFS_CAP_FLAGS_EFFECTIVE;
        nscap->magic_etc = cpu_to_le32(nsmagic);
        memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);

        kvfree(*ivalue);
        *ivalue = nscap;
        return newsize;
}

Conclusion

Having fcaps available in user namespaces just makes the argument to always use unprivileged containers even stronger. The Linux Containers Project is also working on a bunch of other kernel- and userspace features to improve unprivileged containers even more. Stay tuned! :)

Christian

  1. While capabilities provide a better mechanism to temporarily and selectively grant privileges to unprivileged processes they are by no means inherently safe. Setting fcaps should still be done rarely. If privilege escalation happens via suid or sgid bits or fcaps doesn’t matter in the end: it’s still a privilege escalation. 

  2. Exactly how to split up the root privilege and how exactly privileges should be implemented (e.g. should they be attached to file descriptors, should they be attached to inodes, etc.) is a good argument to have. For the sake of this article we will skip this discussion and assume the Linux implementation of POSIX capabilities. 

  3. If people are super keen and request this I can make a longer post how exactly they all relate to each other and possibly look at some of the implementation details too. 


          Having an issue with installing TRIRIGA 3.5.1 on WebLogic 12      Cache   Translate Page   Web Page Cache   
During TRIRIGA install, we encountered “Build Failed” and the Oracle WebLogic log contained the following. What happened? ####<Jan 23, 2018 4:47:14 PM ART> <Error> <Deployer> <S-Tririga> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <7bf5687e-a5eb-47f9-9610-fd0f96db07ae-0000042e> <1516736834996> <BEA-149265> <Failure occurred in the execution of deployment request with ID "7285840482438638" for task "2". Error is: "weblogic.application.ModuleException: […]
          unwanted cleanup in /var/tmp/.oracle      Cache   Translate Page   Web Page Cache   
In my previous blog missing oraagent.bin process I raised a question:why does files in /var/tmp/.oracle disappear? At least this question I am now able to answer.By the help of Linux kernel's audit system and a proper rule:-a always,exit -F arch=b64 -S rename,rmdir,unlink,unlinkat,renameat -F path=/var/tmp/.oracle -F key=ora.deleteI was able to see the culprit process:----type=PROCTITLE msg=audit(08/06/2018 17:13:48.382:58122) : proctitle=/usr/bin/systemd-tmpfiles […]
          Comment on 5 Myths About Linux That Scares Away New Users by Jim      Cache   Translate Page   Web Page Cache   
Im an Hardcore gamer so i dont think i am ever going back to Linux The kernel is fantastic and other stuff. but look. Linux deserves something better than this... but i deserve something better than that too. So sorry Linux community i am going back to 10
          Comment on Lubuntu Doesn’t Want to be the “distribution for old computers” Anymore by Charles      Cache   Translate Page   Web Page Cache   
I am writing this on a more or less 10 year old Dell Optiplex 755 small form factor desktop with a 64-bit Intel Core2Duo E6750 2.66GHz processor, 6 GB of DDR2 RAM and a 2TB hard drive running Linux Mint 18.3 4.15 Linux kernel with a Cinnamon 3.67 desktop and it runs fine for me. However, I have found when running Zorin lite based upon Lubuntu 14.04 on a Dell Inspiron Mini 10 netbook with an 32-bit Atom processor and 1GB RAM, that You Tube videos tend to play with an occasional stutter in Firefox and Chromium. I have installed 32-bit Debian 7 with an LXDE desktop on a Pentium III PC with 256MB of RAM and it runs, albeit rather slowly, especially when surfing the Internet. Lubuntu 14.04 or 16.04 with an LXDE desktop runs fine on a Pentium 4 PC with 1GB RAM. As I have not given the LXQT desktop a try, so I will not comment on whether Lubuntu's replacement of LXDE with LXQT is a desireable or undesireable move. However, if LXQT is just a bit heavier on resources than LXDE, perhaps it will not have much impact on the performance of most 10 year old PCs today, though Lubuntu could give users a choice of LXDE or LXQT. I would also like to see Lubuntu come pre-installed with office suite such as LibreOffice or Open Office, plus more communly used apps and utilities, which would save me on having to install them post-installation. Anyway, my desktop preferences are Cinnamon for more powerful computers and Mate for less powerful computers. I only choose LXDE for old and relatively low powered computers.
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by ard      Cache   Translate Page   Web Page Cache   
You have completely overlooked Facebook as worst thread of them ALL!
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Abishek S      Cache   Translate Page   Web Page Cache   
Stupid ad hominem comment. Google is a vast data collection apparatus. The US is an apex danger to the free world. Racist police state with a biological concept of racial superiority like the nazis. The proper course of action would be to require users of this module to recompile the kernel with this module.
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Rex Alfie Lee      Cache   Translate Page   Web Page Cache   
These mongrels cannot be trusted. If I saw the contest between 2 flies running up a wall & they told me who'd won & I saw it with my own 2 eyes I'd believe it was rigged. They cannot & should not ever be trusted. One magic number might be all that stands between you & you're data...
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by teknovagrant      Cache   Translate Page   Web Page Cache   
You make no sense. If Google is in the governments back pocket and already have access to everything, this "backdoor" wouldn't be necessary eh?
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Nobody of Import      Cache   Translate Page   Web Page Cache   
It may not be an issue, per se. It's trivially WEAK encryption, which is not overly useful, really. The biggest issue I and everyone else should have is that it's a play to foist off subpar, suboptimal stuff (Hm...we seem to have a few projects like this, all in the name of "usability" in Containers, etc.) all for the sake of a company's agenda there (Hm...this *does* sound familiar...). We should be doing a lot better. We should treat this in the manner we SHOULD have treated systemd- tell 'em NO, do better there...and there **ARE** better answers in this context.
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Nobody of Import      Cache   Translate Page   Web Page Cache   
Which, to be honest...should be a big-fat-NO item. I'm sorry...if it's not documented like NSA, it doesn't meet the criteria that should be included in the Kernel. And if you're needing more "oomph" for the crypto...maybe you should quit trying to use such low-spec hardware? I would have issues trying to use Android on an IoT device that couldn't manage AES or something more substantive even if lower weight- like DJB's stuff. This gives me the willies- it's like all those damn BT and ZigBee controlled Deadbolts for consumer "smart" (In this context, don't you mean **STUPID**?) homes.
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Nobody of Import      Cache   Translate Page   Web Page Cache   
It's turned on because of how they're doing production builds of the Kernel.
          Comment on NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community by Nick      Cache   Translate Page   Web Page Cache   
What irritates me the most is that it got APPROVED to be part of the Linux Kernel just because Google said so. The same time that it's been rejected by ISO. Everything has its price right? I wish it wasn't true for Linux too, rather than it seems..
          How To Make Soul Food A Healthier Choice      Cache   Translate Page   Web Page Cache   
In a recent sketch on SNL, two hosts of a gospel-themed cooking show cooked soul food while talking about people they know dying from heart disease and diabetes. It might come across as funny, but it holds a kernel of truth about soul food and its link to health issues. Soul food – it’s the food of […]
          Comment on How to Install TWRP Recovery and Root Xiaomi Mi 6 (Sagit) by aos      Cache   Translate Page   Web Page Cache   
Hi, it does not work. Up to the last step, this is the error it produces: D:\Users\Owner\Downloads\New1>fastboot devices 1fc86a427d24 fastboot D:\Users\Owner\Downloads\New1>fastboot flash recovery recovery.img target reported max download size of 134217728 bytes sending 'recovery' (27128 KB)... OKAY [ 0.900s] writing 'recovery'... OKAY [ 0.363s] finished. total time: 1.263s D:\Users\Owner\Downloads\New1>fastboot boot recovery.img downloading 'boot.img'... OKAY [ 0.899s] booting... FAILED (remote: invalid kernel address: not lie in memory) finished. total time: 0.899s Please advice. -aos.
          Marcona Almonds - Inedible?      Cache   Translate Page   Web Page Cache   
The seeds of Prunus dulcis var. dulcis are predominantly sweet[26][27] but some individual trees produce seeds that are somewhat more bitter. The genetic basis for bitterness involves a single gene, the bitter flavor furthermore being recessive,[28][29] both aspects making this trait easier to domesticate. The fruits from Prunus dulcis var. amara are always bitter, as are the kernels from other species of genus Prunus, such as peach and cherry (although to a lesser extent). The bitter almond is slightly broader and shorter than the sweet almond and contains about 50% of the fixed oil that occurs in sweet almonds. It also contains the enzyme emulsin which, in the presence of water, acts on the two soluble glucosides amygdalin and prunasin[30] yielding glucose, cyanide and the essential oil of bitter almonds, which is nearly pure benzaldehyde, the chemical causing the bitter flavor. Bitter almonds may yield 4–9 mg of hydrogen cyanide per almond[31] and contain 42 times higher amounts of cyanide than the trace levels found in sweet almonds.[32] The origin of cyanide content in bitter almonds is via the enzymatic hydrolysis of amygdalin.[32] Extract of bitter almond was once used medicinally but even in small doses, effects are severe or lethal, especially in children; the cyanide must be removed before consumption.[32] The acute oral lethal dose of cyanide for adult humans is reported to be 0.5–3.5 mg/kg (0.2–1.6 mg/lb) of body weight (approximately 50 bitter almonds), whereas for children, consuming 5–10 bitter almonds may be fatal.[32] All commercially grown almonds sold as food in the United States are sweet cultivars. The US Food and Drug Administration reported in 2010 that some fractions of imported sweet almonds were contaminated with bitter almonds. Eating such almonds could result in vertigo and other typical bitter almond (cyanide) poisoning effects.[33] ————————————————————————————————————— This is from the Wikipedia on almonds. Sorry it’s 11 years later, hope you survived. Just thought it might be useful info for anyone else who gets a bitter package.
          Ubuntu and Debian Stretch Receive Linux Kernel Security Update to Fix TCP Flaw      Cache   Translate Page   Web Page Cache   

Discovered and reported by security researcher Juha-Matti Tilli, the security flaw (CVE-2018-5390) could allow a remote attacker to cause a denial of service on affected machines


          Grand slam sinks LumberKings      Cache   Translate Page   Web Page Cache   
Clinton, IA - A grand slam by Jacob Pearson of the Cedar Rapids Kernels was the difference in a 6-3 Clinton LumberKings loss on Wednesday night at Ash... - MWL Clinton LumberKings
          Black Orchid Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, 4 Oz. Jar, Handmade by GaGirlNaturals      Cache   Translate Page   Web Page Cache   

9.25 USD

Black Orchid Tom Ford Type Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, 4 Oz. Jar, Handmade

Compare to Tom Ford Black Orchid fragrance.

Black Orchid is a luxurious, sensual fragrance of dark accords and alluring black orchids and spice. It is a warm floral fragrance with notes of incense, orchid, patchouli, and sandalwood. This is a unisex fragrance that both women and men love!

Want a handmade body butter that is skin softening and moisturizing and also has many wonderful benefits for your skin? Then, you have found a body butter for you! My handmade goat milk based whipped body butter is a luxurious treat for your skin. Made with goat milk, vitamin C, shea and cocoa butters, coconut, apricot kernel, avocado, olive, pomegranate seed, argan oil, and vitamin E oils to nourish your skin and provide many skin loving benefits.

Goat milk contains alpha-hydroxy acids that help to exfoliate dry, dead skin cells, contains probiotics which helps protect the skin from ultra violet light, contains high amounts of protein, fat, iron, vitamin A, B6, B12, C, D, E, and many more. These vitamins and minerals help slow down aging, help the skin rebuild, add elasticity, and help retain skin moisture, is readily absorbed into the skin, and very moisturizing. Vitamin C helps build collagen, protects against ultra violet rays, and contains antioxidants. Rose hip seed oil contains retinoic acid, a natural form of vitamin A. Pomegranate Seed oil is powerfully antioxidant and anti-inflammatory; and it is known to significantly boost epidermal cellular regeneration. Avocado, apricot kernel, olive, and coconut oils are readily absorbed into the skin, and very moisturizing.

My whipped body butter is available in over 50 fragrances, as well as unscented.

My products are handmade to order fresh for you.

Ingredients: Distilled water, sunflower oil, soya oil, vegetable glycerin, potassium sorbate, meadow foam oil, jojoba oil, goat's milk, aloe vera, vitamin c, shea butter, cocoa butter, coconut oil, pomegranate seed oil, olive oil, apricot kernel oil, avocado oil, grape seed oil, rose hip seed oil, vitamin E oil, stearic acid, cetyl alcohol, emulsifying wax, palmitic acid.

** Please note that cosmetic products like soaps and lotions can begin to melt if left in high temperatures. Please note your tracking information and try to be available to receive your package promptly.**

My Credentials:

I have a Master Cosmetology License and a Certificate in Natural Health and Healing.

[Type*] - Name trademarks and copyrights are properties of their respective manufacturers and/or designers. These versions are NOT to be confused with the originals and GaGirlNaturals has no affiliation with the manufacturers/designers. This description is to give the customer an idea of scent character, not to mislead, confuse the customer or infringe on the manufacturers/designer's name and valuable trademark.


          Cafe Rose Tom Ford Type Handmade Whipped Goat Milk, Shea, and Cocoa Body Butter With Vitamin C, 8 Oz. Jar by GaGirlNaturals      Cache   Translate Page   Web Page Cache   

17.75 USD

Cafe Rose Tom Ford Type Handmade Whipped Goat Milk, Shea, and Cocoa Body Butter With Vitamin C, 8 Oz. Jar

Compare to Tom Ford Cafe Rose fragrance.

Cafe Rose is an exotic, enticing, seductive fragrance of three precious rose essences blended with dark coffee, exotic spices, incense resin, amber, and woods.

Want a handmade body butter that is skin softening and moisturizing and also has many wonderful benefits for your skin? Then, you have found a body butter for you! My handmade goat milk based whipped body butter is a luxurious treat for your skin. Made with goat milk, vitamin C, shea and cocoa butters, coconut, apricot kernel, avocado, olive, pomegranate seed, argan oil, and vitamin E oils to nourish your skin and provide many skin loving benefits.

Goat milk contains alpha-hydroxy acids that help to exfoliate dry, dead skin cells, contains probiotics which helps protect the skin from ultra violet light, contains high amounts of protein, fat, iron, vitamin A, B6, B12, C, D, E, and many more. These vitamins and minerals help slow down aging, help the skin rebuild, add elasticity, and help retain skin moisture, is readily absorbed into the skin, and very moisturizing. Vitamin C helps build collagen, protects against ultra violet rays, and contains antioxidants. Rose hip seed oil contains retinoic acid, a natural form of vitamin A. Pomegranate Seed oil is powerfully antioxidant and anti-inflammatory; and it is known to significantly boost epidermal cellular regeneration. Avocado, apricot kernel, olive, and coconut oils are readily absorbed into the skin, and very moisturizing.

My whipped body butter is available in over 50 fragrances, as well as unscented.

My products are handmade to order fresh for you.

Ingredients: Distilled water, sunflower oil, soya oil, vegetable glycerin, potassium sorbate, meadow foam oil, jojoba oil, goat's milk, aloe vera, vitamin c, shea butter, cocoa butter, coconut oil, pomegranate seed oil, olive oil, apricot kernel oil, avocado oil, rose hip seed oil, vitamin E oil, argan oil, stearic acid, cetyl alcohol, emulsifying wax, palmitic acid

** Please note that cosmetic products like soaps and lotions can begin to melt if left in high temperatures. Please note your tracking information and try to be available to receive your package promptly.**

My Credentials:

I have a Master Cosmetology License and a Certificate in Natural Health and Healing.

[Type*] - Name trademarks and copyrights are properties of their respective manufacturers and/or designers. These versions are NOT to be confused with the originals and GaGirlNaturals has no affiliation with the manufacturers/designers. This description is to give the customer an idea of scent character, not to mislead, confuse the customer or infringe on the manufacturers/designer's name and valuable trademark.


          云原生的MySQL托管服务架构及读写分离的优化      Cache   Translate Page   Web Page Cache   

云原生的MySQL托管服务架构及读写分离的优化

内容来源: 2017 年 08 月 24 日,微软中国首席产品经理宋青见在“ODF 2017开源数据库论坛(北京)”进行《云原生的mysql托管服务架构及读写分离的优化》演讲分享。IT 大咖说(微信id:itdakashuo)作为独家视频合作方,经主办方和讲者审阅授权发布。

阅读字数: 4055 | 11分钟阅读

获取嘉宾演讲视频及PPT:

摘要

在私有数据中心运维MySQL的方式是单机运行、一主一备,甚至是多主复制的集群,为了保证高可用,成本是比较高的。而基于云计算,托管运维大量的用户MySQL实例,如何用Cloud Native的原则,通过沙箱隔离、计算和数据的完全分离,实现低成本和高扩展的高可用方案?通过开篇分享,使大家更好的理解Cloud RDS的架构精髓。进而通过基于Azure storage的针对MySQL读写分离的优化,比较深入的分享了一种可以借鉴的主从分离优化技术。

云原生的托管服务架构 云原生的MySQL PaaS服务

我们的MySQL托管运维并非直接将数据存储在本地SSD,而是所有的连接都需要经过一层代理(可以理解为无状态的外部服务器),然后由代理将用户的连接转发到某一个虚拟机中的MySQL实例上。每个虚拟机上有一个Agent用来监控运行的MySQL服务状态,如果其中某个数据库出现问题,就会在其他的虚拟机上恢复该数据库。这种情况下Proxy的好处就显现出来了,因为用户连接是在proxy上,所以当后方数据库出现问题,proxy会将连接重新定位到已恢复的数据库上。

另外我们将所有数据库的读写操作都从本地移到了网络上,真正做到了计算和存储的分离。所有MySQL的数据文件不是保存在本地硬盘,而是存储在分布式的基于网络的存储框架上,数据在网络上被保存多份,同时严格监控用户的带宽资源消耗。

从节点的管理上来看本地的数据中心如果有上千台的节点就已经算是不小的网络了,而公有云在全球有超过百万的物理节点。面对如此多的节点运维的思路和架构会完全不同,我们在网络和存储方面实际上是花费了很大的精力才做到了不同租户或用户之间的隔离。

如果是单一线程的任务,本地存储肯定是比网络要快的,因为网络有着延时,但实际上云计算可以通过高并发来回避在延迟方面的不足。

MySQL PaaS的好处

MySQL PaaS带来了更方便快速的部署,高性价比,高可用性,以及高安全性的全托管服务。缺点在于限制了用户对数据库操作的权力,因为我们是将多个用户的数据放在一起运维,所以对整个环境的安全性要求比较高。

平台支持

我们当前的架构下只是将MySQL作为一个进程,更多的重点是在MySQL任务监控、快速恢复上。由于架构中有代理、计算和分离,所以可以很容易的做到单点的高可用。这种情况下我们后台用的DB Engine是MySQL社区版本,支持现有的MySQL客户端和工具。

启动备用库

当前架构下计算和数据分离之后,数据是被存储在Azure storage上,这时虽然单点就可以达到高可用,但是在数据文件较大的时候,由于网络原因恢复起来需要一定的时间,经过监控发现基本上在3分钟以内。如果用户对时间有要求的话,一般是建议用户再建一个读写分离的从库,主库出现问题的时候手动将从库提升为主库。不过我们提供了更方便的启用备用库功能,可以将从库自动的提升为主库,从而节省时间,此时故障恢复时间通常在分钟级别(一般在60秒内)。

一体化的数据库运维平台
云原生的MySQL托管服务架构及读写分离的优化

这是我们于2017年5月份在全球推出的一体化数据运维平台,MySQL、SQL Database、SQL Database warehouse 、PostgreSQL被统一的放在该平台中。它可以对运维数据进行优化监测并给出建议,能够按需弹性放缩,资源管理。

读写分离的优化 支持基于副本的横向扩展

正常情况下主库和从库之间通过网络建立连接,然后将binlog从主库传输到从库,接着从库将binlog作为一个Relay插入到数据库中。如果主从库都是在MySQL PaaS上,那么MySQL实际就没有打开Replication开关,此时从库会另起一个进程,从Azure Storage上读取主库的binlog,然后解析插入到数据库中。这种架构下支持基于副本的横向扩展,适用于读取压力较大,或读远大于写的业务,从属实例不受限制,不过一般5个足够了。

支持混合云的数据库同步

由于目前混合云的应用还是比较多的,所以我们也支持混合云的数据库同步。比如从本地同步数据到Azure上以满足Azure上的应用需要,或者应用平滑迁移到Azure。可以通过管理门户配置同步和查看同步状态。

新一代的架构框架技术 Stateless Services Pattern
云原生的MySQL托管服务架构及读写分离的优化

我们这里来回顾下基于云架构开发后台程序的两个Patter,首先是无状态模式。这个模式下存储和前端服务器可以很容易的弹性放缩,问题于中间的业务层,因为业务之间是相互依赖,且用户的数据代表某种状态,要访问这些状态就不可避免的引入排队机制、入锁机制等。面对这些问题常见的做法是使用蓄水池方法,将用户的请求放在queues中,降低无状态服务的复杂度同时还可以达到无线扩展队列的需求。

Stateful Services Pattern
云原生的MySQL托管服务架构及读写分离的优化

在实际的应用中其实大部分还是采用有状态模式,这种模式下依赖于有状态中间件,有状态中间件通过分区的方式解决高并发,在分区内使用传统方式保证数据一致性。这种情况下数据的传输过程相对较少,延迟得到了保障。

Traditional Application
云原生的MySQL托管服务架构及读写分离的优化

传统应用程序的API、UI、引擎等都是整合在一起,在编译的时候就能确定相互之间的依赖关系并能够方便的发现问题。不过由于所有的模块都被整合在一起,牵一发而动全身,所以在水平扩展服务能力的时候要付出相当大的代价。

Application composed of microservices
云原生的MySQL托管服务架构及读写分离的优化

不同于传统应用,微服务框架中所有的模块都是一个独立的进程,模块之间通过HTTP或者RPC等协议进行沟通。相当于应用中包含多个服务,服务之间通过标准协议调用,不过只有在运行时才能发现错误,而非编译的时候。由于是完全基于网络的框架,所以必须要考虑到网络延迟的问题。微服务所带来的好处在于能够很方便的升级,模块数据相对来说容易监控,模块升级也已经可持续。

Service Fabric
云原生的MySQL托管服务架构及读写分离的优化

Service Fabric是微软的微服务框架。该框架中有一个ApplicationType用来定义App类型,类似于编程中的class。App创建后的实例可以有不同的名字,可以通过不同的名字来管理同一个实例。它同时支持有状态和无状态两种服务。其中有状态服务可以声明式的支持多个分区,每个分区中实例可以创建多个副本,相当于通过分区提高高并发能力,通过副本提供高可用。在多个分区的情况下,每个有状态的服务本身就可以创建一个状态机,这个状态机可以复制到其他几点的副本中。由于副本的复制可配置,所以可以让对有状态数据的访问基于本地节点,以此来降低延迟。

Service Fabric的另一个特点是对集群上运行的所有任务的自动部署,比如原来有5个节点10个分区,这不同的应用分区在这5个节点上会被自动分配,当节点扩大的时候,整个任务又会重新分配。这些部分都是自动完成,因此不用程序去显示的关注。


云原生的MySQL托管服务架构及读写分离的优化

整个Service Fabric提供了一个更好的底层框架,能够实现高可用、可测试、可管理、可缩放。可测试指的是在服务升级的时候可以支持灰度发布,还可以设定某个条件判断升级版本是否有问题,一旦发现问题就会自动的回滚。可管理指的是基于内核级的检查和管理,当某个节点出现问题的时候,该节点上的运行的任务会在其他的节点上被自动的管理恢复。可缩放指的是增加节点的时候,整个任务会被重新分配。

SQL Azure Service architecture

SQL Azure架构中的SQL Server数据库被分解成很多的Service Fabric应用程序。物理集群被分成两部分,一部分作为控制管理的节点集群叫做Control Plane,它更多的做数据库的运维服务,另一部分用户的数据库任务运行在Data Plane上。他们之间有严格的安全发送机制,用来保证用户和数据库之间的运行环境。

Drawbridge

Drawbridge是微软应用的新的容器技术,它既有虚拟机技术的强隔离性,又具有容器技术的高计算密度。核心是传统的NT Process,有1200多个API,显然这么多API是很难做到严格意义上的绝对安全,因此后续进行了优化。首先是将NT kernel运行在用户态,第二是让用户态的操作系统和真正的操作系统之间只允许不超过15个系统调用。基于这两步NT上出现了一个特殊的进程Picoprocess,它从外部看就是一个空进程,唯一与它有交互的是一个很小的系统内核库。

SQL Server for linux也应用了Drawbridge技术,这样就可以将原先windows上的SQL Server通过SQLPAL层移植到Linux上。


          Samsung Galaxy S7 Susceptible to Meltdown Attacks      Cache   Translate Page   Web Page Cache   

The Samsung Galaxy S7 has a serious security flaw, according to researchers from Austria’s Graz Technical University. A microchip security issue leaves the S7 open to Meltdown attacks. Meltdown takes advantage of a CPU tool called speculative execution, which allows processors to predict where instructions will travel. Hackers could use certain techniques to manipulate speculative execution in order to access privileged memory, such as that of the kernel. Meltdown and a similar vulnerability called Spectre were discovered to impact devices from a wide range of manufacturers late last year and early this year. "There are potentially hundreds of million of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know," said the researchers. They plan to look at devices from other phone makers to see if other models are impacted by the flaw. Samsung claims to have plugged the Meltdown security hole in patches issued in January and again in July. "Samsung takes security very seriously and our products and services are designed with security as a priority," said the company. There are no known cases of Meltdown being used to attack the Galaxy S7. The Galaxy S7 was first released in 2016 and is used by about 30 million people, according to Strategy Analytics.


          Re: [PATCH 2/3] perf report: Add raw report support for s390 auxil ...      Cache   Translate Page   Web Page Cache   
Thomas-Mich Richter writes: On 08/08/2018 06:42 PM, Arnaldo Carvalho de Melo wrote: More majordomo info at http://vger.kernel.org/majordomo-info.html I just updated the perf/core branch, compiled it and all works fine. I just updated the perf/core branch, compiled it and all works fine. Thanks for fixing these errors.

          [PATCH V1 6/6] x86/efi: Introduce EFI_WARN_ON_ILLEGAL_ACCESSES      Cache   Translate Page   Web Page Cache   
Sai Praneeth Prakhya writes: (Summary) +config EFI_WARN_ON_ILLEGAL_ACCESSES + bool "Warn about illegal memory accesses by firmware" + depends on EFI + help + Enable this debug feature so that the kernel can detect illegal + memory accesses by firmware and issue a warning. If the access is to any other efi region like above but if the + buggy efi runtime service is efi_reset_system(), then the + platform is rebooted through BIOS.
          [PATCH V1 5/6] x86/mm: If in_atomic(), allocate pages without sleeping      Cache   Translate Page   Web Page Cache   
Sai Praneeth Prakhya writes: (Summary) 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 3bded76e8d5c..1b28a333c8ce 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -926,7 +926,13 @@ static void unmap_pud_range(p4d_t *p4d, unsigned long start, unsigned long end) static int alloc_pte_page(pmd_t *pmd) { - pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL); @@ -936,7 +942,13 @@ static int alloc_pte_page(pmd_t *pmd) static int alloc_pmd_page(pud_t *pud) { - pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL);
          [PATCH v8 4/6] Uprobes/sdt: Prevent multiple reference counter for ...      Cache   Translate Page   Web Page Cache   
Ravi Bangoria writes: (Summary) 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 61b0481ef417..492a0e005b4d 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -689,6 +689,12 @@ static struct uprobe *alloc_uprobe(struct inode *inode, loff_t offset, cur_uprobe = insert_uprobe(uprobe); /* a uprobe exists for this inode:offset combination */ if (cur_uprobe) { + if (cur_uprobe->ref_ctr_offset != uprobe->ref_ctr_offset) { + pr_warn("Reference counter offset mismatch.\n"); } @@ -1103,6 +1109,9 @@ static int __uprobe_register(struct inode *inode, loff_t offset, uprobe = alloc_uprobe(inode, offset, ref_ctr_offset);
          Re: [PATCH v13 03/16] s390, kexec_file: drop arch_kexec_mem_walk()      Cache   Translate Page   Web Page Cache   
Pingfan Liu writes: (Summary) ----- Original Message ----- > To: "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Philipp Rudo" <prudo@linux.ibm.com>, "catalin marinas" > Pingfan Liu confirmed ppc does not use 0 as valid address, > On Wed, Aug 01, 2018 at 10:29:51AM +0200, Philipp Rudo wrote: > address 0, > }" > #define KEXEC_BUF_MEM_UNKNOWN 0 > --- > --- a/arch/s390/kernel/machine_kexec_file.c > } > - */ > - int (*func)(struct resource *, void *)) > - > --- a/kernel/kexec_file.c > { >
          Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption      Cache   Translate Page   Web Page Cache   
Yu Chen writes: (Summary) Hi,
On Wed, Aug 08, 2018 at 07:58:45PM +0200, Pavel Machek wrote: It seems that Joey was talking about certification(something like login) rather than encryption?
rather than encryption?
Best,
Yu
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
          [PATCH v2 0/2] ASoC: trace: format file and add trace field      Cache   Translate Page   Web Page Cache   
"Liu, Changcheng" writes: (Summary) trace dapm type in snd_soc_dapm_widget class event 2. trace dapm type in snd_soc_dapm_widget class event Liu Changcheng (2):
ASoC: trace: remove unnecessary typecast
ASoC: trace: track dapm type in snd_soc_dapm_widget ASoC: trace: track dapm type in snd_soc_dapm_widget v1->v2
correct code style to meet kernel requirement.
correct code style to meet kernel requirement.
include/trace/events/asoc.h | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) -- 2.7.4
          Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption      Cache   Translate Page   Web Page Cache   
Yu Chen writes: (Summary) User requirement:
A is the user, B is the attacker, user A launches a STD and encrypts A's ram data, then writes these encrypted data onto the disk, so that: Even if user B has access to the disk, B could not know the content of A. But if it is a requirement from the user, that's ok.
if it is a requirement from the user, that's ok.
uswsusp is to do all the staff in user space, and other two aim to do all the staff in kernel space.
          [PATCH V3 3/4] mm: add a function to differentiate the pages is fr ...      Cache   Translate Page   Web Page Cache   
Zhang Yi writes: (Summary) DAX driver hotplug the device memory and move it to memory zone, these pages will be marked reserved flag, however, some other kernel componet will misconceive these pages are reserved mmio (ex: we map these dev_dax or fs_dax pages to kvm for DIMM/NVDIMM backend). 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 68a5121..de5cbc3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -889,6 +889,13 @@ static inline bool is_device_public_page(const struct page *page) page->pgmap->type == MEMORY_DEVICE_PUBLIC;
          Re: [PATCH] selinux: refactor mls_context_to_sid() and make it str ...      Cache   Translate Page   Web Page Cache   
Paul Moore writes: (Summary) While my emails are generally a good source of typos, the above is pretty bad, so let me try again ...
pretty bad, so let me try again ...
Why are we simply not always returning 0 in the case where MLS is not enabled in the policy? The mls_context_to_sid() function is pretty much a no-op in this case regardless of input and I worry that returning EINVAL here is a deviation from current behavior which could cause problems.
cause problems.
More majordomo info at http://vger.kernel.org/majordomo-info.html More majordomo info at http://vger.kernel.org/majordomo-info.html More majordomo info at http://vger.kernel.org/majordomo-info.html
          Canon EOS T-ring      Cache   Translate Page   Web Page Cache   
For Sale

Kernel T2 EOS ring, EXC condition. $10 shipped.

10.00
          Grand slam sinks LumberKings      Cache   Translate Page   Web Page Cache   
A grand slam by Jacob Pearson of the Cedar Rapids Kernels was the difference in a 6-3 Clinton LumberKings loss. Ariel Sandoval' 16th home run of the season was not enough for the LumberKings who lost their fourth straight game to the Kernels.
          Linux čelí kritike komunity a bezpečnostnému problému      Cache   Translate Page   Web Page Cache   

Když už jste pomalí, tak aspoň nešiřte FUD a poskytněte odpovídající zdroje. Jinde se toto téma propíralo již začátkem týdne. Speck bude z Linuxu pravděpodobně odstraněn [1] a Google použije jiné šifry pravděpodobně HPolyC, tedy něco založeného na práci D. J. Bernstein a jiných. [2], [3] Jinak pokud si myslíte, že NSA neumí do kernelu propašovat co potřebuje, tak se mýlíte. IPsec a SELinux jsou do velké míry ovlivněné NSA. Další věc je, že jestli si někdo myslí, že v ca. 1,5 milionech řádku kódu, který na běžném laptopu v rámci kernelu běží nedokáže někdo schovat zadní vrátka, když na to má odborníky a peníze, tak je naivní. Nejsem si ale jistý, jestli je to v jejich zájmu - nakonec hodně zařízení běžících na Linuxu sama NSA používá a mohlo by se jim to vymknout z rukou. Úkolem NSA je i chránit USA, a vnitřní informační bezpečnost. Nakonec třeba AES je taky schválené NSA... [4] Prosím autora o revizi článku aby byl objektivní, poskytoval aktuální data a kvalitní citace. [1] https://www.spinics.net/lists/kernel/msg2875744.html [2] https://www.phoronix.com/scan.php?page=news_item&px=No-Speck-Yes-HPolyC-Encryption [3] https://github.com/google/hpolyc [4] https://en.wikipedia.org/wiki/Advanced_Encryption_Standard


          Reboots      Cache   Translate Page   Web Page Cache   
     This weekend starting early Saturday morning on August 11th, 2018, (shortly after Midnight) I will be rebooting most of the servers for kernel updates.  The 4.15.0 kernel seems to be particularly problematic although for us it’s not been problematic … Continue reading
          Peter Hutterer: How the 60-evdev.hwdb works      Cache   Translate Page   Web Page Cache   

libinput made a design decision early on to use physical reference points wherever possible. So your virtual buttons are X mm high/across, the pointer movement is calculated in mm, etc. Unfortunately this exposed us to a large range of devices that don't bother to provide that information or just give us the wrong information to begin with. Patching the kernel for every device is not feasible so in 2015 the 60-evdev.hwdb was born and it has seen steady updates since. Plenty a libinput bug was fixed by just correcting the device's axis ranges or resolution. To take the magic out of the 60-evdev.hwdb, here's a blog post for your perusal, appreciation or, failing that, shaking a fist at. Note that the below is caller-agnostic, it doesn't matter what userspace stack you use to process your input events.

There are four parts that come together to fix devices: a kernel ioctl and a trifecta of udev rules hwdb entries and a udev builtin.

The kernel's EVIOCSABS ioctl

It all starts with the kernel's struct input_absinfo.


struct input_absinfo {
__s32 value;
__s32 minimum;
__s32 maximum;
__s32 fuzz;
__s32 flat;
__s32 resolution;
};
The three values that matter right now: minimum, maximum and resolution. The "value" is just the most recent value on this axis, ignore fuzz/flat for now. The min/max values simply specify the range of values the device will give you, the resolution how many values per mm you get. Simple example: an x axis given at min 0, max 1000 at a resolution of 10 means your devices is 100mm wide. There is no requirement for min to be 0, btw, and there's no clipping in the kernel so you may get values outside min/max. Anyway, your average touchpad looks like this in evemu-record:

# Event type 3 (EV_ABS)
# Event code 0 (ABS_X)
# Value 2572
# Min 1024
# Max 5112
# Fuzz 0
# Flat 0
# Resolution 41
# Event code 1 (ABS_Y)
# Value 4697
# Min 2024
# Max 4832
# Fuzz 0
# Flat 0
# Resolution 37
This is the information returned by the EVIOCGABS ioctl (EVdev IOCtl Get ABS). It is usually run once on device init by any process handling evdev device nodes.

Because plenty of devices don't announce the correct ranges or resolution, the kernel provides the EVIOCSABS ioctl (EVdev IOCtl Set ABS). This allows overwriting the in-kernel struct with new values for min/max/fuzz/flat/resolution, processes that query the device later will get the updated ranges.

udev rules, hwdb and builtins

The kernel has no notification mechanism for updated axis ranges so the ioctl must be applied before any process opens the device. This effectively means it must be applied by a udev rule. udev rules are a bit limited in what they can do, so if we need to call an ioctl, we need to run a program. And while udev rules can do matching, the hwdb is easier to edit and maintain. So the pieces we have is: a hwdb that knows when to change (and the values), a udev program to apply the values and a udev rule to tie those two together.

In our case the rule is 60-evdev.rules. It checks the 60-evdev.hwdb for matching entries [1], then invokes the udev-builtin-keyboard if any matching entries are found. That builtin parses the udev properties assigned by the hwdb and converts them into EVIOCSABS ioctl calls. These three pieces need to agree on each other's formats - the udev rule and hwdb agree on the matches and the hwdb and the builtin agree on the property names and value format.

By itself, the hwdb itself has no specific format beyond this:


some-match-that-identifies-a-device
PROPERTY_NAME=value
OTHER_NAME=othervalue
But since we want to match for specific use-cases, our udev rule assembles several specific match lines. Have a look at 60-evdev.rules again, the last rule in there assembles a string in the form of "evdev:name:the device name:content of /sys/class/dmi/id/modalias". So your hwdb entry could look like this:

evdev:name:My Touchpad Name:dmi:*svnDellInc*
EVDEV_ABS_00=0:1:3
If the name matches and you're on a Dell system, the device gets the EVDEV_ABS_00 property assigned. The "evdev:" prefix in the match line is merely to distinguish from other match rules to avoid false positives. It can be anything, libinput unsurprisingly used "libinput:" for its properties.

The last part now is understanding what EVDEV_ABS_00 means. It's a fixed string with the axis number as hex number - 0x00 is ABS_X. And the values afterwards are simply min, max, resolution, fuzz, flat, in that order. So the above example would set min/max to 0:1 and resolution to 3 (not very useful, I admit).

Trailing bits can be skipped altogether and bits that don't need overriding can be skipped as well provided the colons are in place. So the common use-case of overriding a touchpad's x/y resolution looks like this:


evdev:name:My Touchpad Name:dmi:*svnDellInc*
EVDEV_ABS_00=::30
EVDEV_ABS_01=::20
EVDEV_ABS_35=::30
EVDEV_ABS_36=::20
0x00 and 0x01 are ABS_X and ABS_Y, so we're setting those to 30 units/mm and 20 units/mm, respectively. And if the device is multitouch capable we also need to set ABS_MT_POSITION_X and ABS_MT_POSITION_Y to the same resolution values. The min/max ranges for all axes are left as-is.

The most confusing part is usually: the hwdb uses a binary database that needs updating whenever the hwdb entries change. A call to systemd-hwdb update does that job.

So with all the pieces in place, let's see what happens when the kernel tells udev about the device:

  • The udev rule assembles a match and calls out to the hwdb,
  • The hwdb applies udev properties where applicable and returns success,
  • The udev rule calls the udev keyboard-builtin
  • The keyboard builtin parses the EVDEV_ABS_xx properties and issues an EVIOCSABS ioctl for each axis,
  • The kernel updates the in-kernel description of the device accordingly
  • The udev rule finishes and udev sends out the "device added" notification
  • The userspace process sees the "device added" and opens the device which now has corrected values
  • Celebratory champagne corks are popping everywhere, hands are shaken, shoulders are patted in congratulations of another device saved from the tyranny of wrong axis ranges/resolutions

Once you understand how the various bits fit together it should be quite easy to understand what happens. Then the remainder is just adding hwdb entries where necessary but the touchpad-edge-detector tool is useful for figuring those out.

[1] Not technically correct, the udev rule merely calls the hwdb builtin which searches through all hwdb entries. It doesn't matter which file the entries are in.


          Linux Kernel Security Updates for Arch Linux      Cache   Translate Page   Web Page Cache   
The following Linux Kernel security updates are available for Arch Linux: ASA-201808-4: linux: denial of service ASA-201808-5: linux-lts: denial of service ASA-201808-6: linux-zen: denial of service ASA-201808-7: linux-hardened: denial of service...
          We Have the CIA to Thank for the QAnon Conspiracy Theory      Cache   Translate Page   Web Page Cache   
The roots of the wackiest pro-Trump conspiracy can be traced back to the CIA.

As the editor of the JFK Facts blog, I try not to spend a lot of time on stupid conspiracy theories, but given widespread ignorance and confusion on the subject, unpleasant journalist duty often calls.

Who killed JFK? The Federal Reserve? Nah. The Secret Service man? A hoax. Ted Cruz’s father? Pure B.S. George H.W. Bush? Heavy breathing is not the same as credible evidence. On a recent Black Vault podcast, the most common JFK question I heard was, “Was Kennedy assassinated because of his interest in UFOs?” Um, no, he was not.

Which brings me to QAnon, the imaginative conspiracy theorist now dominating the internet, attracting followers of President Trump, and obsessing the Washington Post, which has published dozen articles about QAnon in the span of four days. Like many conspiracy theories, the QAnon fever dream can be traced back to the assassination of JFK.

The QAnon conspiracy theory is a psychedelic mushroom planted in the fertile manure of the Warren Commission. This mind-altering proposition grows in the gloom of anonymous chat groups. It is then stimulated by the bright lights of social media. And finally it is harvested and ingested by Trump cultists eager to prolong the alt-reality buzz that commenced on January 20, 2017.

But it all began on November 22, 1963.

Who Is QAnon?

For the uninitiated, “Q” is the moniker of a person or group of persons who post to 4Chan, a popular image website favored by the anonymous. Q’s “theory” (and I use the term generously) is that President Trump was persuaded by the military to smash a network of “deep state” pedophiles that has ruled America for decades. The president (it is said) is working with John F. Kennedy Jr. (who did not die in a plane crash). They will soon smash the perfidious plotters, QAnon predicts, and Barack Obama and Hillary Clinton will be sent to Guantanamo.

You may think this is nutty stuff. Buzzfeed News speculates that QAnon is actually a leftist goof on right-wing suckers. But read the respectful coverage of the pro-Trump Washington Times, where QAnon is described as a “mysterious figure” who has been “posting provocative questions about the government since October.” This stuff is taken seriously.

The historical foundation of this mash-up of the preposterous, the ludicrous and the vile is, you guessed it, the assassination of JFK.

From a December 2017 QAnon post about Trump’s alleged enemies:

  • As a backup, they defined ‘conspiracy’ as crazy/mentally unstable and label anything ‘true’ as such.

  • This works given most of what they engage in is pure evil and simply unbelievable (hard to swallow).

  • The ‘fix’ has always been in – no matter which party won the election (-JFK (killed)/Reagan(shot)).

Why do people believe this nonsense?

One reason is that a few kernels of it are not nonsense. The CIA, in this April 1967 memo, launched a worldwide campaign to demonize critics of the Warren Commission as “conspiracy theorists.” Skepticism about official theory of JFK’s assassination, wrote one agency official with the approval of CIA director Richard Helms, “is of concern to the U.S. government including our organization.”

The agency distributed talking points for “friendly elite contacts,” including the bald-faced lie that accused assassin Lee Harvey Oswald was “an unknown quantity to any professional intelligence service.” In fact, CIA counterintelligence chief James Angleton had monitored Oswald’s movements, politics, personal life and foreign contacts for four years before he allegedly killed JFK.

If that fact became known, the CIA would have a world of hurt on its hands. So the agency said in its memo that the members of the Warren Commission were eminent men and “efforts to impugn their rectitude and wisdom tend to cast doubt on the whole leadership of American society.”

The Commission’s critics, said the CIA, “are enticed by a form of intellectual pride: they light on some theory and fall in love with it; they also scoff at the Commission because it did not always answer every question with a flat decision one way or another.” In other words, the CIA did define belief in “conspiracy” as a symptom of the mentally unstable and patriotically unreliable.

In fact, the doubts were fact-based. Skepticism about the Warren Commission’s conclusions percolated among the Washington insiders (including Lyndon Johnson, Robert Kennedy, and Jackie Kennedy) and among foreign leaders (including Fidel Castro and Charles DeGaulle). All of them concluded privately that JFK had been killed by his enemies, not by a lone gunman.

Of course, there are other factors contributing to the vogue of QAnon that have nothing to do with JFK.

The echo chamber effects of social media encourage the credulous. So does a president enamored with “alternative facts” (aka bullshit). The exhaustion of the American economic system, which no longer provides the majority with affordable education or upward mobility, leaves young people grasping for explanation of their plight.

But the U.S. government’s implausible account of JFK’s assassination—and the CIA’s self-serving defense—can always be cited by those who say “The government is lying.” So if you want to trace the roots of QAnon in American society, look to the Warren Commission and Langley. Please leave us JFK researchers out of it.

The Origins of JFK Theories

As I wrote a few years ago in The Atlantic, the popular belief in a conspiracy was widespread within a week of Kennedy’s murder. Between November 25 and 29, 1963, University of Chicago pollsters asked more than 1,000 Americans who they thought was responsible for the president’s death. By then, the chief suspect, Lee Oswald—a leftist who had lived for a time in Soviet Union—had been shot dead while in police custody by Jack Ruby, a local strip club owner with organized crime connections who hated Bobby Kennedy.

While the White House, the FBI, and the Dallas Police Department all affirmed that Oswald had acted alone and no one should believe “rumors” to the contrary, 62 percent of respondents said they believed that more than one person was involved in JFK’s assassination. Only 24 percent thought Oswald had acted alone. Another poll taken in Dallas during the same week found 66 percent of city respondents believed that there had been a plot.

The belief that Kennedy was killed by his enemies was not created by “conspiracy theorists” or Oliver Stone of the KGB. It was created by the circumstances of the crime and the assassination of Oswald.

The belief in conspiracy was nurtured the factual revelations that followed: The investigations of New Orleans District Attorney Jim Garrison in the late 1960s, the Church Committee investigation of 1975, the House Select Committee on Assassinations in 1978, and the Assassination Records Review Board in the 1990s. The vastly expanded historical record of JFK’s murder undermines the Warren Commission’s findings and destroys the CIA’s cover stories. While we still don’t have a good explanation of who killed Kennedy, we do know the available facts do not corroborate the official theory.

As long as the government and major media organizations deny the JFK facts, they give credibility to those who cultivate pernicious fantasies. They water the psychedelic mushroom now altering the American consciousness.

This article was produced by the Deep State, a project of the Independent Media Institute.

 

Related Stories


          协助美团 Kafka 团队定位到的一个JVM Crash 问题      Cache   Translate Page   Web Page Cache   

PerfMa作为一家新型的技术驱动型公司,技术是我们的命根子,企业公众号的第一篇文章也希望特别一点,给大家来一篇大大的干货,我们后续也会在我们的公众号里给大家源源不断地奉上干货,大家可以关注一下我们公众号。

image

概述

有挺长一段时间没写技术文章了,正好这两天美团kafka团队有位小伙伴加了我微信,然后咨询了一个JVM crash的问题,大家对crash的问题都比较无奈,因为没有现场,信息量不多,碰到这类问题我们应该怎么去分析,我想趁这次机会和大家分享一下我针对这种问题的分析过程。

不过我觉得这个分析过程可能会有点绕,因为crash文件太大,不能让大家看到crash文件的全貌而对让大家理解起来没那么有体感,因此您可以先跳到文章最后看一下结论,再回过头来看整个分析过程或许会更有帮助。

问题初探

首先我要了crash文件,第一眼当然是看开头

image

从这个提示初步来看我们基本猜到是物理内存不够导致的crash,在请求196608bytes内存的时候crash了,于是马上跑到crash文件的最后

image

发现其实物理内存是足够的,还有1G多,怎么会分配192KB的内存都分配不了呢?因此不太可能是物理内存不够导致的。

另外我们注意下这是发生在JDK7上的,JDK8上的提示会有一些不一样,JDK8上只会在32位的机器上才会有和上面完全一样的提示内容。

找出问题现场

那接下来我们要找一下发生问题的地方究竟在哪里?我的第一感觉是看是什么线程上发生的crash,然后再看其栈到底是什么?于是在crash日志里找到了如下内容:

image

从上面我们看到crash的线程是VMThread(JVM里唯一的一个线程,主要用来处理JVM的一些事件,比如GC),它正在做Full GC,从栈上我们可以看到正在做扩容,不过ConcurrentMarkSweepGeneration的数据结构在CMS GC下Perm和Old都是用的它,那究竟是哪个呢,我们先看下栈上提到的GenCollectedHeap::do_collection这个方法,找到其调用compute_new_size方法的地方

image

我们暂时无法确认到底调用的是上面那个compute_new_size,还是下面那个,如果是下面那个,那就可以确认是Perm扩容所致,如果是上面那个,那就是old扩容所致。

为了进一步确认,我们此时应该看下JVM参数

image

从上面的JVM参数可以看到我们设置了Xmx和Xms相等,并且还设置了Xmn,那Old的Size是固定的,这样一来基本可以排除是Old扩容所致,并且我们发现没有设置PermSize和MaxPermSize,这样肯定是存在扩容操作的,因为它们默认不相等,因此可以断定是Perm扩容的时候发生了crash

至此我们可以确定当时的场景是:发生了一次Full GC,在Full GC完之后根据当时的实际情况会对各个内存分代重新设置分代大小进行扩容,在对Perm扩容的时候发生了crash,Perm扩容其实就是做了一次mmap的操作:image从上面的代码,我们进入到warn_fail_commit_memory这个方法image理论上我们其实是会在标准输出里打印上面的内容,不过从业务方那得知,他们将标准输出重定向到了/dev/null,因此上面那行日志就看不到了,如果能看到上面的日志,那至少我们知道mmap发生的具体errno是什么,从而断定mmap到底是为什么失败了。于是叫业务方将标准输出重定向到一个固定的文件里看具体的异常。

到现在好像基本上断了思路,只能等待参数修改之后看看其效果。

结合GC日志再探问题

我忙完一些事情后又想起这个案例,于是继续看这个crash日志,看到了crash的那个点,是发生了Full GC,而这个Full GC是GenCollectFull,这个就比较特殊了,因为它发生的场景主要是三种:

  • JVMTI的强制GC

  • System GC

  • GC Locker

第一个基本可以排除,因为一般情况下都不会有这种agent来做这个,那下面两种情况怎么确定呢?如果有GC日志就好了,于是找业务方要了GC日志,比较可惜的是这个系统跑在JDK7上,GCCause并没有默认开启,因此我们从GC日志上看不到GC的原因,如果是JDK8,那在GC日志里是能看到System.gc的关键字来表明是System.gc触发的,GC Locker也同样可以看到相关的关键字。不过因为JDK参数里没有显示开启GCCause(-XX:+PrintGCCause),于是最后那条GC日志我们只能看到如下内容:image这条GC日志还没有打完,因为此时发生了crash,从这个GC日志看,老生代使用率其实很低的(5891510K/20971520K=28%),是不是超过了CMS的阈值?于是我们看上面的JVM参数里果然看到了CMSInitiatingOccupancyFraction设置为30,那就是老生代使用率达到30%会触发一次background CMS GC,不过目前还没达到CMS GC发生的条件,而且从整个GC日志来看,CMS GC的次数并不多,因此基本可以排除内存碎片的问题,因为这次要申请的内存其实还是很小的,那这么一说是不是可能是GC Locker导致的呢,看起来也不应该,这个要结合上一条GC日志来看,上一条GC日志是image和下一条Full GC相差了蛮久(2069977.519-2069794.281=183.238s),这期间新生代和老生代使用率都不高,可以结合crash日志里的下面内容断定image在Full GC之前,eden使用率也只有55%,因此不太可能在这个期间存在跨GC的情况,因此GC Locker基本没可能。

那最有可能的就是System GC了,那什么情况会导致System GC的发生呢?

稍微总结下以前主要碰到的几种会触发System GC的情况:

这几种可能基本都可以排除

  • 系统是kafka,是scala写的,我特地下载了scala的源码下来,基本没有这种显示调用System GC的逻辑;

  • RMI也不可能,因为我们从线程列表里看不到GC Deamon线程,因此不存在这种check的调用;

  • 堆外内存(主要是说DirectByteBuffer这种)也不太可能,因为我们从JVM参数来看,第一没有显示设置最大值MaxDirectMemorySize,第二Xmx设置有24G,那默认的堆外内存最大值基本也有差不多这么大(Xmx除去一个survivor的大小),后面再结合看了下top命令看到的数据的值,物理内存总共都才使用了7G左右,所以堆外内存满了而导致的System GC也基本可以排除。

所以我再次翻了下JDK的代码,寻找可能抛出System GC的情况,结果发现了sun.nio.ch.FileChannelImpl的map方法里有类似的逻辑image会不会是这里发生的呢?

确定问题现场

为了确定是否有类似的逻辑调用,于是我在kafka的源码里搜索了map的逻辑调用,果然看到大量的地方调用image似乎柳暗花明了,找业务方确认,还真得知有大量的索引文件映射,并且都是大于1G的,于是我们是否可以设想这么一个场景:kafka映射一个大文件,结果失败了,然后抛出了一个OOM的异常,在catch到这个OOM的异常之后,主动触发了一次System.gc,从而这就是当时crash发生的整个现场。

我们从crash日志里找到了类似的日志image这个时间点和Full GC的时间点基本一致,差不多可以认为是上面这个事件发生的时候接着做了一次Full GC,那基本可以笃定jni.cpp:743应该是一个OOM的异常处理,于是我找到这个JDK版本的这行代码的位置,验证确实如此image因此基本也确定业务系统是直到这个地方发生了crash,要验证这个只能是有那个时候的线程,比如有crash时候的heapdump或者coredump,然后找到引发Full GC的那个线程,看它的调用栈是不是正好在做这块的操作。

确定根本原因

问题发生的点确认了,那接下来我们要寻找根本原因,我们看下sun.nio.ch.FileChannelImpl.map0的native方法实现Java_sun_nio_ch_FileChannelImpl_map0,因为这是触发crash的地方,然后看到下面的逻辑

image

因为确实是抛出了一个OOM的异常,因此我们这里完全可以确定mmap返回的errno是ENOMEM,所以我们在前面提出的,想把标准输出打印出来以确认具体的mmap异常,从这个地方也基本可以确认mmap就是因为返回了ENOMEM这个错误码,我们先看下mmap的手册里关于ENOMEM的介绍

image

因为我们确认了物理内存是足够的,因此我们只能怀疑是否达到了mappings的最大个数,我们再结合下kernel里的mmap的实现(mmap.c:do_mmap)

image

当mmap的vma个数达到了最大值的时候确实也会返回ENOMEM,于是我们要业务方确认下/proc/sys/vm/max_map_count的值,结果发现是65530,也就是说我们mmap的vma最多只能是65530个,我们再结合下crash日志里虚拟地址映射的个数,正好达到了这个上限了,具体可以看看Dynamic libraries下面的条数有多少基本就是mmap的vma的个数。

至此我们完全确认了整个问题。

问题解决

从上面分析解决问题的方法有两个

问题总结

上面的过程是我思考的一个过程,可能过程有些绕,不过我这里可以来个简单的概述,描述下整个问题发生的过程:

kafka做了很多索引文件的内存映射,每个索引文件占用的内存还很大,这些索引文件并且一直占着没有释放,于是随着索引文件数的增多,而慢慢达到了物理内存的一个上限,比如映射到某个索引文件的时候,物理内存还剩1G,但是我们要映射一个超过1G的文件,因此会映射失败,映射失败接着就做了一次System GC,而在System GC过程中因为PermSize和MaxPermSize不一样,从而导致了在Full GC完之后Perm进行扩容,在扩容的时候因为又调用了一次mmap,而在mmap的时候check是否达到了vma的最大上限,也就是/proc/sys/vm/max_map_count里的65530,如果超过了,就直接crash了。

这只是我从此次crash文件里能想像到的一个现场,当然其实可能会有更多的场景,只要是能触发mmap动作的地方都有可能是导致crash的案发现场,比如后面又给了我一个crash文件,是在创建线程栈的时候因为mmap而导致的crash,完全和OOM没有关系,所以根本原因还是因为kafka做了太多的索引文件映射,导致mmap的vma非常多,超过了系统的限制,从而导致了crash。

本人其他JVM相关文章

image


          Comment on A Post in Which I Thank Donald Trump: Pork Chop Edition by Moses Herzog      Cache   Translate Page   Web Page Cache   
Now, I wanna tell you guys, I am a miser. And when people call me cheap or a miser, my shoulders become upright, my face turns up and I grin like I just got the blue ribbon at the county fair. I get this from my "departed" Dad, who was a Depression baby. My Dad had me late in life, and could tell me stories he remembers of the Dust Bowl hitting the midwest, if that gives you any idea. So I'm here to tell you, when I left lights on in the house I "heard about it". When our family went out to eat buffet at a cafeteria, and some kernels of corn were on my plate or half a roll was uneaten I was often told something like the following by my Dad as my Mom and sister looked on with blank faces "We're not leaving here until you clean your plate and eat all of that, so..... we can sit here all night if you like, but we're not leaving until that plate is empty". When I was in 3rd grade I had holes in my shoes and actually felt daily pain because I was exceedingly afraid to hear what my Dad would say if I asked for new shoes (no hussy fits about getting "Air Jordans" from me friends). And I'm here to tell you, you don't get snobbish about food when a significant portion of your preteen years is spent eating from two food groups---packaged <b>off brand</b> macaroni and cheese and Van Kamp's "Pork and beans". Any concept of food snobbery goes right out the window when that's your view of food as a kid. Now, as the sad song violins start playing in the background here (joke), I also wanna say I was very <b>happy</b> to eat. But the point is you get good at saving money, and you don't lose that even when you move up to higher income brackets. It's a habit. If I told you we shop at a place that is cheaper than Wal-Mart would you believe it?? I'll HINT to you the place where we go, the name starts with a W, and the headquarters are based out of Idaho. So let's go through a July 31 receipt here: medium pack of thick cut bacon (sorry, threw away the empty package), about 15 slices??---$3.98 Canned corn 15.25 ounces (some water, not much)-- 88 cents Texas grown watermelon 20 cents per pound---$2.97 (try to find 20cents per pound watermelon at Wal Mart friends----doubt it exists, not Texas grown anyway 12 cans pack Mountain Dew ripoff soda (tastes exactly the same with the caffeine fix)----$2.39 1 can "Monster" drink (the real deal)---- $1.48 Large pack of chicken thighs (about 12 thighs)---$4.85 6 cucumbers at 58cents each--- $3.48 Off-brand mixed nuts 10.3 ounces---- $2.48 (Honest to God, cannot tell difference from "Planters") <b>10 pound bag</b> of carrots---$3.98 2 <b>large</b> cans Dinty Moore beef stew--- $4.36 (2.18 each) 3 normal size can Wolf brand chili ---$4.74 ($1.58 each) 6 packages of Reeses' peanut butter cups (2 cups per package, 12 cups total)--- $2.98 3 bottles of 2 liter Dr Pepper ripoff soda----$2.25 (.75 cents each bottle) 8 limes, .20cents each--- $1.60 2 small boxes Little Debbie Nutty bars (those are always same size yeah??--- $2.16 ($1.08 per box) 4 bars name brand anti-bacterial soap---$3.14 total Zucchini Squash .78cents per pound----$1.85 total <b>Off-brand</b> Bran flake cereal (no raisins) 18 ounce box---$1.78 1 loaf of white bread, 20 ounces----.98cents OK, there's more on this receipt that aren't bad, but harder to quantify if I threw out the packaging. <b>TMI???</b> But I was curious how many of you can beat those and/or if you could guess where I shopped based on those prices??---most of which would beat Wal-Mart.
          r8168-lts 8.046.00-1 x86_64      Cache   Translate Page   Web Page Cache   
A kernel module for Realtek 8169 network cards for linux-lts
          Security Bulletin for August 2018      Cache   Translate Page   Web Page Cache   

August 6, 2018:

Microsoft is aware of a temporary denial of service (DoS) vulnerability (CVE-2018-5390) affecting the Linux Kernel. Virtual Machines running Linux may be vulnerable. The Azure Host platform remains secure from this vulnerability. We are working with various Linux distributions to ensure that they address this security issue.

For guidance on (CVE-2018-5390) please refer to the Linux vendor security channels for your distribution. To learn more about the vulnerability, please visit Vulnerability Notes Database.

We will continue to update this advisory as additional details become available.


          Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption      Cache   Translate Page   Web Page Cache   
Oliver Neukum writes: (Summary) On Do, 2018-08-09 at 11:01 +0800, Yu Chen wrote:
On Do, 2018-08-09 at 11:01 +0800, Yu Chen wrote:
Hi,
Hi,
'permission'.
That is what encrypted STD does.
That is what encrypted STD does.
A's 'permission'.
No, that is out of scope for Secure Boot
No, that is out of scope for Secure Boot
kernel to use TPM key to protects the user provided 'key', etc. But it has no relation to encrypted STD, other than that you need encrypted STD for this to make sense.
you need encrypted STD for this to make sense.
it looks like the same case as encryption here.
Secure Boot has no concept of users.
          Re: [PATCH v3 3/8] mailbox: Add transmit done by blocking option      Cache   Translate Page   Web Page Cache   
Mikko Perttunen writes: (Summary) Here's my current code:
Here's my current code:
https://github.com/cyndis/linux/commits/wip/t194-tcu-4 https://github.com/cyndis/linux/commits/wip/t194-tcu-4 "fixup! "tegra-hsp: use polling" changes it to use polling. I assume this gets printed through the earlycon as it's printing out correctly.
as it's printing out correctly.
Thanks,
Mikko
Mikko
On 08.08.2018 17:46, Mikko Perttunen wrote:
More majordomo info atÿ¿¿¿¿¿ http://vger.kernel.org/majordomo-info.html More majordomo info atÿ¿¿¿¿¿ http://vger.kernel.org/majordomo-info.html
          Re: [PATCH] arm64: PCI: Remove node-local allocations when initial ...      Cache   Translate Page   Web Page Cache   
Punit Agrawal writes: Bjorn Helgaas <helgaas@kernel.org> writes:
Bjorn Helgaas <helgaas@kernel.org> writes:
performance, so I'd be inclined to just use kzalloc(). Thanks for confirming.
Thanks for confirming.
I'm happy to add a patch updating x86 use of kzalloc_node() as well. I'll post something once the merge window closes. well. I'll post something once the merge window closes. Bjorn
Bjorn

          Re: FUSE: write operations trigger balance_dirty_pages when using ...      Cache   Translate Page   Web Page Cache   
Miklos Szeredi writes: (Summary) If you remove that setting from fuse in the kernel you should not be getting the balance_dirty_pages() as often.
the balance_dirty_pages() as often.
Not sure if that's the realproblem, though, that depends on how much time is spent in balance_dirty_pages(). You can try profiling the kernel to find that out.
kernel to find that out.
My guess is that the real cause of the slowdown is some other place. Disabling getxattr on your filesystem may significantly improve performance.
improve performance.
Thanks,
Miklos
Miklos
Miklos

          Re: [PATCH bpf-next 0/4] Convert filter.txt to RST      Cache   Translate Page   Web Page Cache   
Daniel Borkmann writes: (Summary) On 08/09/2018 09:27 AM, Tobin C. Harding wrote:
GPL-2.0+ : GNU General Public License v2.0 or later Not really, please see the first three paragraphs of process/license-rules.rst. The COPYING file of the kernel says that it's 'v2' and not 'v2 or later', unless otherwise _explicitly_ noted. Given that and given there is no other specific note in filter.txt, it would mean it's v2-only due to that rule. specific note in filter.txt, it would mean it's v2-only due to that rule. Tobin.
Tobin.

          Re: [PATCH 0/2] fs/lock: show locks info owned by dead/invisible p ...      Cache   Translate Page   Web Page Cache   
Konstantin Khorenko writes: (Summary) On 08/09/2018 10:16 AM, Murphy Zhou wrote:
Looks like this missed v4.18 ?
Hi Murphy,
Hi Murphy,
yes, Jeff planned to push those patches into 4.19 and they are in "linux-next" now, but not in 4.18 "master" currently.
but not in 4.18 "master" currently.
On 06/14/2018 01:41 PM, Jeff Layton wrote:
has objections.
linux-next:
1cf8e5de4055 ("fs/lock: show locks taken by processes from another pidns") 826d7bc9f013 ("fs/lock: skip lock owner pid translation in case we are in init_pid_ns") 826d7bc9f013 ("fs/lock: skip lock owner pid translation in case we are in init_pid_ns") --
Best regards,
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
Virtuozzo Linux Kernel Team
.
.

          Re: [PATCH v8 09/26] kernel/cpu_pm: Manage runtime PM in the idle ...      Cache   Translate Page   Web Page Cache   
"Rafael J. Wysocki" writes: On Wed, Aug 8, 2018 at 8:02 PM, Lina Iyer <ilina@codeaurora.org> wrote: powerful processor with a desired battery efficiency. Even so, you still need firmware (or hardware) to do the right thing in the concurrent wakeup via an edge-triggered interrupt case AFAICS. That is, you need the domain to be prevented from being turned off if one of the CPUs in it has just been woken up and the interrupt is still pending.
still pending.
still pending.

          Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption      Cache   Translate Page   Web Page Cache   
joeyli writes: On Thu, Aug 09, 2018 at 11:43:20AM +0800, Yu Chen wrote: rather than encryption?
Actually I do not have good idea.
Actually I do not have good idea.
Joey Lee
Joey Lee
Joey Lee

          Re: [RFC PATCH 0/7] A General Accelerator Framework, WarpDrive      Cache   Translate Page   Web Page Cache   
Kenneth Lee writes: (Summary) On Wed, Aug 08, 2018 at 11:18:35AM -0400, Jerome Glisse wrote: the above and are not in VFIO.
I think our divergence is on "it is common that some device drivers use IOMMU for user land DMA operation". This is the feature that the VFIO container can provide.
the VFIO container can provide.
all the kernel drivers).
I think it is not necessarily to rewrite the GPU driver if they don't need to share their space with others.
          [PATCH v6 5/5] Auto-detect whether a FPU exists      Cache   Translate Page   Web Page Cache   
Alan Kao writes: (Summary) #else +#define has_fpu false #define fstate_save(task, regs) do { } while (0) #define fstate_restore(task, regs) do { } while (0) #define __switch_to_aux(__prev, __next) do { } while (0) -#define DEFAULT_SSTATUS (SR_SPIE | +#endif } diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 3820d89e2db9..97155aee9e71 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -83,7 +83,9 @@ void show_regs(struct pt_regs *regs) void start_thread(struct pt_regs *regs, unsigned long pc, unsigned long sp) { - regs->sstatus = DEFAULT_SSTATUS;
          Re: [PATCH bpf-next 0/4] Convert filter.txt to RST      Cache   Translate Page   Web Page Cache   
"Tobin C. Harding" writes: (Summary) On Wed, Aug 08, 2018 at 11:07:35PM -0700, Alexei Starovoitov wrote: kernel licensing is GPLv2 without +
According to process/license-rules.rst
According to process/license-rules.rst
GPL-2.0+ : GNU General Public License v2.0 or later GPL-2.0+ : GNU General Public License v2.0 or later all contributors before making such change.
So if a file does not _explicitly_ state that it is under another licence it is ok to add GPLv2?
licence it is ok to add GPLv2?
licence it is ok to add GPLv2?
thanks,
Tobin.
Tobin.
Tobin.

          [PATCH v4 0/3] clk: meson: add a sub EMMC clock controller support      Cache   Translate Page   Web Page Cache   
Yixun Lan writes: (Summary) Changes since v3 [4]:
- separate clk-phase-delay driver
- replace clk_get_rate() with clk_hw_get_rate()
- collect Rob's R-Y
- drop 'meson-' prefix from compatible string
- drop 'meson-' prefix from compatible string
Changes since v2 [3]:
- squash dt-binding clock-id patch
- update license
- fix alignment
- construct a clk register helper() function
- construct a clk register helper() function
Changes since v1 [2]:
- implement phase clock
- update compatible name
- adjust file name
- divider probe() into small functions, and re-use them - divider probe() into small functions, and re-use them [1] https://lkml.kernel.org/r/20180628090034.0637a062@xps13 [2] https://lkml.kernel.org/r/20180703145716.31860-1-yixun.lan@amlogic.com [3]

Republicans were not the only ones dismayed at the results of the August 2nd election. To be sure, the GOP took a licking in races for countywide positions, and they lost a swing district on the Shelby County Commission, giving Democrats a decisive 8-5 majority for the next four years. But, with the exception of Democrat Michael Whaley's win in District 5, a city swing district, Shelby County Republicans held their own in localized one-on-one competition. On a countywide scale, though, the GOP fared less well, even in nonpartisan races. Two judicial candidates bearing Republican endorsements — David Rudolph and Jennifer S. Nichols — went down in defeat, despite having the advantage of being incumbents, albeit as recent interim appointees.

In a general way, the law of averages is what determined the outcomes. Yes, there are in theory more Democrats than Republicans in Shelby County; this year, unlike the case in 2010 and 2014, there was a general consensus in both parties that, quality-wise, Democratic candidates were as good as — if not better than — than their Republican counterparts, and, for a change, adequately funded. Crossover voting in the GOP's direction, a factor in the previous two elections, was virtually non-existent this year. 

Similarly, there is the related fact that there are more African Americans in Shelby County than whites, and, while post-racial results have been known to occur in local elections (think Steve Cohen or, when he still had a bloom on, A C Wharton), it would seem to be human nature that, all else being equal, people will vote for their racial group-mates. Accordingly, in relatively close races between blacks and whites, the racial factor tilted toward African Americans.

Finally, in local politics as in state and national elections, women have steadily become a more active force, and people, including other women, who in the binary sense are yet another majority, have no compunction in voting for women.

Taking those three factors into account — party, race, and gender — a fairly reliable rule-of-thumb can be stated that, where any two are present, they can be decisive for the candidate on the majority side of the ledger. 

Thus, Democrat John Boatner Jr., a white candidate in the primary for Congress in the 8th Congressional District, was at a disadvantage in his contest with Erika Stotts Pearson, an African American. And, while Boatner had more money and was clearly the more active of the two candidates (omnipresent at campaign events, and with several large yard signs bearing his name on upscale sections of Walnut Grove Road), he was a first-time candidate, and, as a white male contending with an African American female, was on the wrong side of the arithmetic. (In his case, too, the power of the city vote, where Democrats are numerous, out-did the party's rather scanty presence these days in the West Tennessee counties that comprise the rest of the district.)

A few other upsets reflect various versions of the Democratic/black/female tilt.

Circuit court Judge Rudolph had, by general consent, performed well after his 2017 appointment by Governor Haslam to fill the vacancy left by the retirement of Judge Robert L. "Butch" Childers, and his diligence as a candidate, often in the company of his personable wife, Elizabeth, an administrator at the University of Memphis Law School, could not be faulted. The scion of an East Memphis family, educated at MUS and Vanderbilt, he was well-financed, to boot.

But he was felled by Yolanda Kight, an equally impressive and diligent young black woman from a humble background in South Memphis, who had risen very much by her own efforts to attain the lesser judicial rank of magistrate. Aided also by the "upset" factor which can generate sympathy in an electorate, she ended with a narrow win over Rudolph. 

Another such case was the victory in a Democratic state Senate primary race of Gabby Salinas, whose Colombian family had immigrated to Memphis so that young Gabby could be treated for childhood cancer at St. Jude. On the threshold of being a scientist in her own right, she survived three different bouts with the disease, and, though she was faced with a better-financed opponent, the able and equally appealing Le Bonheur chaplain David Weatherspoon, her backstory may have made the difference. Her next challenge will be, as an advocate of Medicaid expansion, against Republican state Senator Brian Kelsey.

There were other unexpected outcomes. The victories of Joyce Dorse-Coleman and Michelle McKissack over Shelby County Schools Board incumbents Mike Kernell and Chris Caldwell conformed to the above-mentioned formula, though McKissack's in particular also owed much to her support from charter-school advocates. Though hardly a novice in politics, the oft-controversial city Councilwoman Janis Fullilove, victorious as a Democrat over Republican Bobby Simmons for Juvenile Court Clerk, was expected to be shut out of the white vote entirely. Further analysis will determine whether she wasn't or whether she was but was able to prevail anyhow.

Most outcomes on August 2nd conformed to the form sheet. It was a Democratic year, not so much because of a better-than-usual turnout but because their candidates were measurably better than in previous years, staving off the customary flow of crossover Democratic voters to Republican candidates that had marked prior elections. 

In the marquee local races, State Senator Lee Harris for county mayor was clearly an able political figure, as was Chief Deputy Floyd Bonner for sheriff, both of them sufficiently so to attract crossovers of their own to augment what was already their majority standing.  

The Democratic blue wave was no surprise. In the vernacular, this was how it was 'sposed to be.

Ford Canale's win for a a vacant city council position was due to his maintaining establishment support against a field of several candidates breaking up the dissident vote. In the statewide contests, Republican Bill Lee won his gubernatorial primary by being himself; Democrat Karl Dean won his through superior resources and fidelity to a centrist party message. The U.S. Senate primary wins of Democrat Phil Bredesen and Republican Marsha Blackburn were no-brainers.

The final win of the mid-summer election season occurred Monday night at Shelby County Republican headquarters, where a small caucus of steering committee members from the state House District 99 of late state Representative Ron Lollar elected onetime state Senator Tom Leatherwood, outgoing as register and a loser in his race for Circuit Court Clerk, as a compromise choice to run against Democratic nominee Dave Cambron in November.


          Denegación de servicio remota en los núcleos Linux y FreeBSD      Cache   Translate Page   Web Page Cache   
Un investigador de los Nokia Bell Labs ha descubierto vulnerabilidades en los núcleos Linux y FreeBSD que pueden usarse para saturar el procesador (y consecuentemente la máquina) a través de un flujo TCP especial

No estamos ante vulnerabilidades que podrían ser aprovechadas en teoría, en circunstancias especiales, si se alinean los planetas... Que pasa a veces con vulnerabilidades de este tipo en el núcleo Linux. Y eso lo sabemos porque Akamai ha realizado un comunicado oficial asegurando que ha parcheado sus sistemas más críticos y está trabajando en parchear el resto en estos momentos. Ambas vulnerabilidades, tanto la de Linux como la de FreeBSD han venido de la mano de Juha-Matti Tilli, un investigador de los Nokia Bell Labs. Estos laboratorios pertenecen a la división de investigación industrial de la famosa "teleco" multinacional Nokia.

Para comprender estas dos vulnerabilidades, es necesario recordar por encima lo básico de redes. Para que la información llegue de un punto a otro del planeta, esta información suele envolverse en varias capas. Literalmente, a cada trozo de información se le pone un prefijo (y a veces un sufijo) que contiene información relativa a esa capa. Y el proceso se repite por cada capa. Cada una de estas capas es responsable de algún aspecto de la comunicación: una contiene información sobre el siguiente nodo al que viajará el paquete, otra contiene información que permite asegurar que no se pierde ningún paquete... Durante el viaje, las capas se van quitando, poniendo y modificando según sea necesario. De hecho, cada dispositivo de red (router, switch, tarjeta de red y el mismo sistema operativo) está preparado para interpretar ciertas capas e ignorar las otras.




En este caso, la vulnerabilidad se encuentra en la forma en la que ambos núcleos manejan el protocolo TCP, hermano del protocolo UDP que aparece en la figura. TCP tiene entre sus responsabilidades dividir en trozos llamados "segmentos" la información que pretende transportar si es demasiado grande para transportarse de una sola vez. Tras dividirse en segmentos, TCP se encarga de que cada segmento tenga un identificador que permita al destinatario juntar los segmentos TCP en el orden correcto y reconstruir la información original. Esto es necesario, ya que los paquetes no tienen por qué llegar en el orden en el que salieron.

Llegados a este punto, ya podemos empezar a entender las vulnerabilidades tal y como la explican los reportes oficiales (el primero Linux y el segundo FreeBSD):

One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue.
Juha-Matti Tilli reported that malicious peers could inject tiny packets in out_of_order_queue, forcing very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet.

Ambas vulnerabilidades dan a entender el mismo problema subyacente: la reconstrucción de la información original a partir de los segmentos TCP fuera de orden no es demasiado eficiente. Los algoritmos usados para la reconstrucción seguramente funcionan bastante bien en las circunstancias habituales, pues en otro caso se habrían detectado problemas de rendimiento previamente. Pero en casos raros, y especialmente si quieres buscarle las cosquillas, es posible a través de una serie de segmentos TCP especialmente diseñados causar que la reconstrucción tarde demasiadoLo de "demasiado" significa que para una cantidad relativamente pequeña de segmentos TCP (es decir, con un ancho de banda pequeño) conseguimos usar tiempo del procesador de una forma desproporcionada.

Tanto el código del núcleo de Linux como el de FreeBSD han sido actualizados con sendos parches. En Linux estamos hablando de la versión 4.9 para adelante como las más afectadas, pero con la 4.8 y anteriores vulnerables en menor medida (necesitando más tráfico para causar el mismo efecto). En FreeBSD se ven afectadas todas las versiones. La vulnerabilidad de Linux ha recibido el identificador CVE-2018-5390, mientras que la de FreeBSD ha recibido el CVE-2018-6922.



Carlos Ledesma
Más información:

          Message Passing Graph Kernels. (arXiv:1808.02510v1 [stat.ML])      Cache   Translate Page   Web Page Cache   

Authors: Giannis Nikolentzos, Michalis Vazirgiannis

Graph kernels have recently emerged as a promising approach for tackling the graph similarity and learning tasks at the same time. In this paper, we propose a general framework for designing graph kernels. The proposed framework capitalizes on the well-known message passing scheme on graphs. The kernels derived from the framework consist of two components. The first component is a kernel between vertices, while the second component is a kernel between graphs. The main idea behind the proposed framework is that the representations of the vertices are implicitly updated using an iterative procedure. Then, these representations serve as the building blocks of a kernel that compares pairs of graphs. We derive four instances of the proposed framework, and show through extensive experiments that these instances are competitive with state-of-the-art methods in various tasks.


          Question-Guided Hybrid Convolution for Visual Question Answering. (arXiv:1808.02632v1 [cs.CV])      Cache   Translate Page   Web Page Cache   

Authors: Peng Gao, Pan Lu, Hongsheng Li, Shuang Li, Yikang Li, Steven Hoi, Xiaogang Wang

In this paper, we propose a novel Question-Guided Hybrid Convolution (QGHC) network for Visual Question Answering (VQA). Most state-of-the-art VQA methods fuse the high-level textual and visual features from the neural network and abandon the visual spatial information when learning multi-modal features.To address these problems, question-guided kernels generated from the input question are designed to convolute with visual features for capturing the textual and visual relationship in the early stage. The question-guided convolution can tightly couple the textual and visual information but also introduce more parameters when learning kernels. We apply the group convolution, which consists of question-independent kernels and question-dependent kernels, to reduce the parameter size and alleviate over-fitting. The hybrid convolution can generate discriminative multi-modal features with fewer parameters. The proposed approach is also complementary to existing bilinear pooling fusion and attention based VQA methods. By integrating with them, our method could further boost the performance. Extensive experiments on public VQA datasets validate the effectiveness of QGHC.


          Accelerating wave-propagation algorithms with adaptive mesh refinement using the Graphics Processing Unit (GPU). (arXiv:1808.02638v1 [cs.MS])      Cache   Translate Page   Web Page Cache   

Authors: Xinsheng Qin, Randall J. LeVeque, Michael R. Motley

Clawpack is a library for solving nonlinear hyperbolic partial differential equations using high-resolution finite volume methods based on Riemann solvers and limiters. It supports Adaptive Mesh Refinement (AMR), which is essential in solving multi-scale problems. Recently, we added capabilities to accelerate the code by using the Graphics Process Unit (GPU). Routines that manage CPU and GPU AMR data and facilitate the execution of GPU kernels are added. Customized and CPU thread-safe memory managers are designed to manage GPU and CPU memory pools, which is essential in eliminating the overhead of memory allocation and de-allocation. A global reduction is conducted every time step for dynamically adjusting the time step based on Courant number restrictions. Some small GPU kernels are merged into bigger kernels, which greatly reduces kernel launching overhead. A speed-up between $2$ and $3$ for the total running time is observed in an acoustics benchmark problem.


          A Kernel Method for Positive 1-in-3-SAT. (arXiv:1808.02821v1 [cs.CC])      Cache   Translate Page   Web Page Cache   

Authors: Valentin Bura

This paper illustrates the power of Gaussian Elimination by adapting it to Positive 1-in-3-SAT.

We derive a general kernelization method for this problem and thus obtain an upper bound for the complexity of its counting version of O(2kR 2^{(1-k)R}) for number of variables R and clauses-to-variables ratio k.

Combining this method with previous results gives a time and space complexity for the counting problem of O(4/3|V|2^{3|V|/8}) and O(4/3|V|2^{3|V|/16}).


          Transformations of High-Level Synthesis Codes for High-Performance Computing. (arXiv:1805.08288v3 [cs.DC] UPDATED)      Cache   Translate Page   Web Page Cache   

Authors: Johannes de Fine Licht, Simon Meierhans, Torsten Hoefler

Specialized hardware architectures promise a major step in performance and energy efficiency over the traditional load/store devices currently employed in large scale computing systems. The adoption of high-level synthesis (HLS) from languages such as C/C++ and OpenCL has greatly increased programmer productivity when designing for such platforms. While this has enabled a wider audience to target specialized hardware, the optimization principles known from software design are no longer sufficient to implement high-performance codes, due to fundamental differences between software and hardware architectures. In this work, we propose a set of optimizing transformations for HLS, targeting scalable and efficient architectures for high-performance computing (HPC) applications. We show how these can be used to efficiently exploit pipelining, on-chip distributed fast memory, and on-chip streaming dataflow, allowing for massively parallel architectures with little off-chip data movement. To quantify the effect of our transformations, we use them to optimize a set of high-throughput FPGA kernels, demonstrating that they are sufficient to scale up parallelism within the hardware constraints of the target device. With the transformations covered, we hope to establish a common framework for performance engineers, compiler developers, and hardware developers, to tap into the performance potential offered by specialized hardware architectures using HLS.


          Pearson Powers Kernels to 6-3 Triumph      Cache   Translate Page   Web Page Cache   
CLINTON, IOWA - Jacob Pearson hit a go-ahead grand slam Wednesday at Ashford University Field and lifted the Cedar Rapids Kernels to a 6-3 win over th... - MWL Cedar Rapids Kernels
          More Laptop Quirks Queued For Linux 4.19      Cache   Translate Page   Web Page Cache   
Phoronix: More Laptop Quirks Queued For Linux 4.19 The x86 platform drivers area of the Linux kernel is ready for the 4.19 kernel cycle to get...
          [ROM CUSTOM]Pixel Experience [8.1.0] AOSP r26 Kernel SINGULARITY [OP5T]      Cache   Translate Page   Web Page Cache   
OnePlus 5T - Roms officielles et custom
Statistiques : 34 Réponses || 538 Vues Dernier message par Matdog7413
          More DRM updates      Cache   Translate Page   Web Page Cache   
Francois Tigeot has been quietly updating DRM support in DragonFly, matching Linux kernel 4.7.10.  I don’t think there’s any user-visible changes at this point, but I wanted to draw attention to the work.
          Phoronix: Some Problematic Laptops On Linux Will Soon Stop Making Loud Noises When You Reboot      Cache   Translate Page   Web Page Cache   
Shortly after writing about the Sound Blaster Recon3D finally getting Linux support yesterday, a Phoronix reader pointed out another frustrating Linux sound problem with a resolution on its way to the mainline Linux kernel...
          Re: [PATCH wireless-drivers] mt76x0: Remove VLA usage      Cache   Translate Page   Web Page Cache   
Kalle Valo writes: (Summary) Stanislaw Gruszka <sgruszka@redhat.com> writes: Stanislaw Gruszka <sgruszka@redhat.com> writes: Ok, goal is to have all kernel source files with SPDX header. Yeah, it's a goal but I don't think it's a hard requirement yet. At least I don't see it as a reason to reject patches. least I don't see it as a reason to reject patches. And besides, mt76 uses ISC license and that's not in LICENSES directory. So someone should add that first, and I think that patch should go via Jonathan Corbet's tree (CCed).
Jonathan Corbet's tree (CCed).

          Re: [PATCH wireless-drivers] mt76x0: Remove VLA usage      Cache   Translate Page   Web Page Cache   
Stanislaw Gruszka writes: (Summary) On Wed, Aug 08, 2018 at 08:41:28AM -0700, Kees Cook wrote: I thought all source files needed SPDX: https://lwn.net/Articles/739183/ Ok, goal is to have all kernel source files with SPDX header. Ok, goal is to have all kernel source files with SPDX header. now, these stand out. :)
Then:
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
          Re: [PATCH v8 09/26] kernel/cpu_pm: Manage runtime PM in the idle ...      Cache   Translate Page   Web Page Cache   
Lorenzo Pieralisi writes: (Summary) On Wed, Aug 08, 2018 at 12:02:48PM -0600, Lina Iyer wrote: AFAIK, there are no platforms supporting both.
PSCI specifications, 5.20.1:
PSCI specifications, 5.20.1:
"The platform will boot in platform-coordinated mode." I am sorry but if you want us to merge PSCI patches in this series you will have to back the claim above with a detailed technical explanation of *why* platform-coordination falls short of QCOM (or whoever else) needs wrt PSCI OSI.
needs wrt PSCI OSI.
Thanks,
Lorenzo
Lorenzo
Lorenzo

          Re: [PATCH v5 3/6] regmap: Add regmap_noinc_read API      Cache   Translate Page   Web Page Cache   
Mark Brown writes: (Summary) On Tue, Aug 07, 2018 at 05:52:17PM +0300, Stefan Popa wrote: range of registers but some I2C/SPI devices have certain registers for The following changes since commit ce397d215ccd07b8ae3f71db689aedb85d56ab40: The following changes since commit ce397d215ccd07b8ae3f71db689aedb85d56ab40: Linux 4.18-rc1 (2018-06-17 08:04:49 +0900)
Linux 4.18-rc1 (2018-06-17 08:04:49 +0900)
are available in the Git repository at:
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap.git tags/regmap-noinc-read https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap.git tags/regmap-noinc-read for you to fetch changes up to 74fe7b551f3385fa585d92616c85b3a575b2b2cb: for you to fetch changes up to 74fe7b551f3385fa585d92616c85b3a575b2b2cb: regmap: Add regmap_noinc_read API (2018-0
          Re: [PATCH 0/3] scsi: fcoe: memleak fixes      Cache   Translate Page   Web Page Cache   
ard writes: (Summary) Hi Guys,
Hi Guys,
On Tue, Aug 07, 2018 at 06:04:52PM +0200, ard wrote: Every device sees every device.
New day, new conflicting results.
Yay \0/.
Yay \0/.
As I did not trust the results, I redid the tests, and the same tests gave some different results.
Before giving the results I've changed my stance on the bug: The bug is not a regression in memory leak. So there are state timers involved that hold on to the memory and after time out do not free it.
And another thing I noticed: When the pc and the steam machine had a working rport, after a while the steam machine (4.16 unpatched) fc_timedout the rports to all nodes (so all nodes with kernel <
          Re: [PATCH v8 09/26] kernel/cpu_pm: Manage runtime PM in the idle ...      Cache   Translate Page   Web Page Cache   
Sudeep Holla writes: (Summary) On Wed, Aug 08, 2018 at 12:02:48PM -0600, Lina Iyer wrote: On Wed, Aug 08, 2018 at 12:02:48PM -0600, Lina Iyer wrote: [...]
[...]
AFAIK, there are no platforms supporting both.
That's the fundamental issue here. While there are corner cases where OSI is able to make better judgement, may be we can add ways to deal with that in the firmware with PC mode, have we explored that before adding complexity to the OSPM ? Since the firmware complexity with OSI remains same as PC mode, isn't it worth checking if the corner case we are talking here can be handled in the firmware.
the firmware.
--
Regards,
Sudeep
Sudeep
Sudeep

          [PATCH] x86, relocs: Add __end_rodata_aligned to S_REL      Cache   Translate Page   Web Page Cache   
Joerg Roedel writes: (Summary) This new symbol needs to be in the workaround-list for buggy binutils, otherwise the build with gcc-4.6 fails.
binutils, otherwise the build with gcc-4.6 fails.
Fixes: 39d668e04eda ('x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit') Signed-off-by: Joerg Roedel <jroedel@suse.de> 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 220e97841e49..3a6c8ebc8032 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -67,6 +67,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { "__tracedata_(start|end)|" "__(start|stop)_notes|" "__end_rodata|" + "__end_rodata_aligned|" "__initramfs_start|" "(jiffies|jiffies_64)|" #if ELF_BITS == 64 -- 2.16.4

          Re: linux-next: build failure after merge of the tip tree      Cache   Translate Page   Web Page Cache   
Joerg Roedel writes: (Summary) Hi Stephen,
Hi Stephen,
On Thu, Aug 09, 2018 at 09:24:20AM +1000, Stephen Rothwell wrote: 39d668e04eda ("x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit") Thanks for the report! I only built the source with gcc-4.8 and gcc-7.3, so I didn't catch this earlier. I have a fix now and will send it as a separate reply in this thread.
separate reply in this thread.
separate reply in this thread.
Thanks,
Thanks,
Joerg
Joerg
Joerg

          Re: [PATCH v3 3/8] mailbox: Add transmit done by blocking option      Cache   Translate Page   Web Page Cache   
Jassi Brar writes: (Summary) [dropping everyone else while we discuss the code]
[dropping everyone else while we discuss the code]
Thanks. I assume that branch as all the code that there is. Let me look and get back to you.
look and get back to you.
On Thu, Aug 9, 2018 at 2:19 PM, Mikko Perttunen <cyndis@kapsi.fi> wrote: More majordomo info at http://vger.kernel.org/majordomo-info.html More majordomo info at http://vger.kernel.org/majordomo-info.html
          Re: [PATCH v8 04/22] s390/zcrypt: Integrate ap_asm.h into include/ ...      Cache   Translate Page   Web Page Cache   
Harald Freudenberger writes: (Summary) On 09.08.2018 11:06, Cornelia Huck wrote:
Good catch, Cony you are right. I'll fix this to return 1 if AP instructions are available and 0 if not. However, this patch will come via Martin's pipe to the Linus Torwald kernel sources.
More majordomo info at http://vger.kernel.org/majordomo-info.html More majordomo info at http://vger.kernel.org/majordomo-info.html
          Hiformance Openvz7 Experience      Cache   Translate Page   Web Page Cache   

Thx to their staff for the kindly help.

Hiformance seems to be preparing for new products with Openvz7.

I'm glad to have a chance to experience this.

Here's the bench report.

image

Yep, the kernel version is 4.4, amazing!


          Oberon システムのゴミ集め      Cache   Translate Page   Web Page Cache   

Oberon システムのゴミ集めは完全なマーク & 一括スイープ方式です。 ゴミ集めは強調型タスクとしてスケジュールされ、 ゴミ集め中に他のタスクのスタックは空なので、 全ロード済み MODULE のグローバル変数のポインタをルート・セットに選ぶだけで済んでいて、 スタック走査がない分シンプルです。

ゴミ集めは翻訳器とローダの助けを借りて、 どこがポインタかを追跡していきます。 MODULE のグローバル変数領域中の全ポインタのオフセットのベクタと、 各構造体中のポインタのオフセット・ベクタを翻訳子がローダブル・バイナリに書き込みます。 後者は構造体型記述子に書き込まれます。 これらをローダはメモリ割り当て領域に合わせてアドレスを計算してゴミ集めに備えます。 手続き NEW で構造体型記述子を使って構造体にヒープから領域を割り当てると同時に、 隠しフィールドを 2 つ初期化します。 一方に構造体記述子のアドレスを格納し、 もう一方はマーク・フィールドとしてゼロにします。 これで、 ゴミ集めの仕掛けと準備が整います。

⇒ 構造体記述子の生成部 ORG.Mod PROCEDURE BuildTD

⇒ トップ・スコープのポインタ位置の書き出し部 ORG.Mod PROCEDURE FindPtrs

⇒ 手続き NEW のコード生成 ORG.Mod PROCEDURE New

⇒ ローダ PROCEDURE Load の pointer references が大域変数のポインタベクタのアドレス計算部分、 同 fixup of type descriptors が構造体記述子のアドレス計算部

⇒ 手続き NEW の実行部 Kernel.Mod PROCEDURE New

⇒ ゴミ集めタスク Oberon.Mod PROCEDURE GC

⇒ ゴミ集めマーク・フェーズ Kernel.Mod PROCEDURE Mark

⇒ ゴミ集めスイープ・フェーズ Kernel.Mod PROCEDURE Scan

Oberon-07 は、 これらの仕掛けを簡便に実現するため、 ポインタ型の基本型を構造体型に制限しています。 NEW 手続きで構造体に領域を割り当てると、 先頭に 2 つの隠しフィールドをつけます。 構造体のポインタは先頭フィールドを指し、 隠しフィールドは負のオフセットで参照します。 -8 のオフセットには構造体型記述子のアドレスが格納され、 -4 はマーク用フィールドでゼロに初期化します。 構造体型記述子のオフセット 16 以降に構造体中のポインタ・フィールドのオフセットが並びます。 この並びは -1 で終端されています。 次の例では、 +8 オフセットのフィールドと、 +16 オフセットのそれがポインタ・フィールドであることを表しています。

RECORD
  INTEGER f1;           (*  +0 *)
  INTEGER f2;           (*  +4 *)
  POINTER TO Foo f3;    (*  +8 *)
  INTEGER f4;           (* +12 *)
  POINTER TO Foo f5;    (* +16 *)
END;

        -8    -4    +0    +4    +8    +12   +16
      | tag |mark | f1  | f2  | f3  | f4  | f5  |
         |
         v
        +0                +16   +20   +24
      | NEW 用のヘッダ  |  +8 | +16 |  -1 |

ゴミ集めのマーク・フェーズは、 Deutsch-Schorr-Waite ポインタ反転算法をアレンジして、 マーク・スタックなしでの深さ優先探索マークをおこなっています。 この算法は、 2 つのポインタ current と previous を使います。 リンクを深く潜っていくときは、 current に辿ったポインタを入れ、 元の current の値を previous に入れます。 その際、 辿ったポインタの内容を逆向きに書き直していくので、 ポインタ反転法と呼ばれています。 なお、 Oberon の Kernel.Mark 手続きでは、 previous は変数 q、 current は変数 p としています。

Kernel.Mark のアレンジで巧みなのは、 mark 隠しフィールドの使い方です。 まだ訪れていないときは値がゼロになっており、 訪れた後は、 current ポインタが辿ったフィールドに対応する構造体型記述子中のアドレスを格納してあります。 例えば、 上の構造体の例を複数割り当てて、 f3 フィールドで順にリンクしているとします。 R2.f3 を辿って current を R3 に移したとき、 R2 の mark フィールドが T1 になり、 R2.f3 のポインタが反転して R1 に書き直されます。 mark フィールドには着目しているフィールドのオフセットの入っているタグのアドレスへ順に更新していくので、 ゼロから T1、 T2、 T3 と順に変化していきます。

                    R1
      | tag |  T1 | f1  | f2  | R0  | f4  | f5  |
                     ^
                     +----------+
                                |
                 previous (q)   |
                    v           |
                    R2          |
      | tag |  T1 | f1  | f2  | R1  | f4  | f5  |

                 current (p)
                    v
                    R3
      | tag |   0 | f1  | f2  | nil | f4  | nil |


  tag                T1    T2    T3  
| NEW 用のヘッダ  |  +8 | +16 |  -1 |

mark フィールドは current を一段元に戻すときに使います。 例えば、 R3 のポインタ・フィールドは両方とも nil なので、 ここから深く潜ることはできません。 そこで、 R2 に戻ることにします。 まず、 R3 の mark フィールドへ T3 を書きこみます。 previous の R2 の mark フィールドに T1 が入っているので、 T1 からオフセット +8 を得て、 R2.f3 のアドレスを得ます。 R2.f3 のポインタの値 R1 を戻った後の previous にします。 R2.f3 に current の値を書き込んで、 ポインタ・フィールドの値を復帰させ、 current を R2 にすると一つ浅い段階に戻ります。

                 previous (q)
                    v
                    R1
      | tag |  T1 | f1  | f2  | R0  | f4  | f5  |

                 current (p)
                    v
                    R2
      | tag |  T1 | f1  | f2  | R3  | f4  | f5  |
                                |
                    +-----------+
                    v
                    R3
      | tag |  T3 | f1  | f2  | nil | f4  | nil |


  tag                T1    T2    T3  
| NEW 用のヘッダ  |  +8 | +16 |  -1 |

          Linux Foundation and Kernel Development      Cache   Translate Page   Web Page Cache   
  • Containers Microconference Accepted into 2018 Linux Plumbers Conference

    The Containers Micro-conference at Linux Plumbers is the yearly gathering of container runtime developers, kernel developers and container users. It is the one opportunity to have everyone in the same room to both look back at the past year in the container space and discuss the year ahead.

    In the past, topics such as use of cgroups by containers, system call filtering and interception (Seccomp), improvements/additions of kernel namespaces, interaction with the Linux Security Modules (AppArmor, SELinux, SMACK), TPM based validation (IMA), mount propagation and mount API changes, uevent isolation, unprivileged filesystem mounts and more have been discussed in this micro-conference.

  • LF Deep Learning Foundation Advances Open Source Artificial Intelligence With Major Membership Growth

    The LF Deep Learning Foundation, an umbrella organization of The Linux Foundation that supports and sustains open source innovation in artificial intelligence, machine learning, and deep learning, today announced five new members: Ciena, DiDi, Intel, Orange and Red Hat. The support of these new members will provide additional resources to the community to develop and expand open source AI, ML and DL projects, such as the Acumos AI Project, the foundation's comprehensive platform for AI model discovery, development and sharing.

  • A quick history of early-boot memory allocators

    One might think that memory allocation during system startup should not be difficult: almost all of memory is free, there is no concurrency, and there are no background tasks that will compete for memory. Even so, boot-time memory management is a tricky task. Physical memory is not necessarily contiguous, its extents change from system to system, and the detection of those extents may be not trivial. With NUMA things are even more complex because, in order to satisfy allocation locality, the exact memory topology must be determined. To cope with this, sophisticated mechanisms for memory management are required even during the earliest stages of the boot process.

    One could ask: "so why not use the same allocator that Linux uses normally from the very beginning?" The problem is that the primary Linux page allocator is a complex beast and it, too, needs to allocate memory to initialize itself. Moreover, the page-allocator data structures should be allocated in a NUMA-aware way. So another solution is required to get to the point where the memory-management subsystem can become fully operational.

    In the early days, Linux didn't have an early memory allocator; in the 1.0 kernel, memory initialization was not as robust and versatile as it is today. Every subsystem initialization call, or simply any function called from start_kernel(), had access to the starting address of the single block of free memory via the global memory_start variable. If a function needed to allocate memory it just increased memory_start by the desired amount. By the time v2.0 was released, Linux was already ported to five more architectures, but boot-time memory management remained as simple as in v1.0, with the only difference being that the extents of the physical memory were detected by the architecture-specific code. It should be noted, though, that hardware in those days was much simpler and memory configurations could be detected more easily.

  • Teaching the OOM killer about control groups

    The kernel's out-of-memory (OOM) killer is summoned when the system runs short of free memory and is unable to proceed without killing one or more processes. As might be expected, the policy decisions around which processes should be targeted have engendered controversy for as long as the OOM killer has existed. The 4.19 development cycle is likely to include a new OOM-killer implementation that targets control groups rather than individual processes, but it turns out that there is significant disagreement over how the OOM killer and control groups should interact.

    To simplify a bit: when the OOM killer is invoked, it tries to pick the process whose demise will free the most memory while causing the least misery for users of the system. The heuristics used to make this selection have varied considerably over time — it was once remarked that each developer who changes the heuristics makes them work for their use case while ruining things for everybody else. In current kernels, the heuristics implemented in oom_badness() are relatively simple: sum up the amount of memory used by a process, then scale it by the process's oom_score_adj value. That value, found in the process's /proc directory, can be tweaked by system administrators to make specific processes more or less attractive as an OOM-killer target.

    No OOM-killer implementation is perfect, and this one is no exception. One problem is that it does not pay attention to how much memory a particular user has allocated; it only looks at specific processes. If user A has a single large process while user B has 100 smaller ones, the OOM killer will invariably target A's process, even if B is using far more memory overall. That behavior is tolerable on a single-user system, but it is less than optimal on a large system running containers on behalf of multiple users.

read more


          Security Bulletin for August 2018      Cache   Translate Page   Web Page Cache   
August 6, 2018:

Microsoft is aware of a temporary denial of service (DoS) vulnerability ( CVE-2018-5390 ) affecting the linux Kernel. Virtual Machines running Linux may be vulnerable. The Azure Host platform remains secure from this vulnerability.We are working with various Linux distributions to ensure that they address this security issue.

For guidance on (CVE-2018-5390) please refer to the Linux vendor security channels for your distribution. To learn more about the vulnerability, please visit Vulnerability Notes Database .

We will continue to update this advisory as additional details become available.


          Shell out tour      Cache   Translate Page   Web Page Cache   

Nothing to show this week. I have more or less proved to my own satisfaction that I can reboot into a new image using kexec and a small C program and some shell scripts. This came at at considerable personal mental cost, but that's what happens when trying to do text processing in a Bourne shell (not bash) script without falling back on awk or sed (not installed). Associative arrays would have been nice. Actually, just arrays in general would have been a help.

The C program is called writemem and is approximately the moral equivalent of cat | dd seek=N of=/dev/mem bs=1 except that it writes in blocks bigger than 1 byte. Just the kind of thing your security auditor wants to find left lying around on random systems, yeah. I can see a need for some proper thought on security posture in the near future: although no-web-interface and ssh-only-with-a-pubkey-embedded-at-build-time probably makes it less of a target than any consumer D-Linksysgear box in its default configuration, there's probably still a lot more to do on that front. The attack we want to protect against is (1) being able to write to random locations in physical memory; (2) being able to reboot into random kernels using kexec; (3) being able to flash anything we like; (4) all of the above. Probably (4)

There will be one user-visible change when this stuff lands: whereas previously we produced separate files for kernel and rootfs when doing a "development" build, now we make a single agglomerated firmware image and rely on thekernel mtdsplit code to find the root filesystem. This is because step 1 of the headless upgrade procedure is to reboot into the current kernel with an additional memmap parameter, so in the case that the current kernel is running from RAM we need the original uImage to still be accessible and not to have been overwritten since boot. It also makes the build a bit more consistent between dev and production, which is a nice side effect.

First things first, though: need to get it into a state where I can actually commit something. Last night I dreamt I was in a bacon-eating competition where the goal was to consume as much as possible during a MongoDB cluster election before a new primary was chosen, but I woke up before the contest finished. I mention this just to give you an idea of where my brain is right now, but it is probably not a very good idea.


          Android 8.1 启动篇(一) -- 深入研究 init(源码分析)      Cache   Translate Page   Web Page Cache   
前言

init进程,它是一个由内核启动的用户级进程,当linux内核启动之后,运行的第一个进程是init,这个进程是一个守护进程,确切的说,它是Linux系统中用户控件的第一个进程,所以它的进程号是1。它的生命周期贯穿整个linux 内核运行的始终, linux中所有其它的进程的共同始祖均为init进程。

开篇 Android系统启动过程

按下电源系统启动

当电源按下时引导芯片代码开始从预定义的地方(固化在ROM)开始执行,加载引导程序Bootloader到RAM,然后执行。

引导程序Bootloader

引导程序是在Android操作系统开始运行前的一个小程序,它的主要作用是把系统OS拉起来并运行。

linux内核启动

内核启动时,设置缓存、被保护存储器、计划列表,加载驱动。当内核完成系统设置,它首先在系统文件中寻找”init”文件,然后启动root进程或者系统的第一个进程。

init进程启动

:sparkles: 这就是我们接下来要讨论的内容 :sparkles:

Read The Fucking Code

Android init进程的入口文件在system/core/init/init.cpp中,由于init是命令行程序,所以分析init.cpp首先应从main函数开始:

第一阶段(内核态) 判断及增加环境变量 int main(int argc, char** argv) { /* ------------ 第一阶段 ------------ BEGIN------------ */ //根据参数,判断是否需要启动ueventd和watchdogd if (!strcmp(basename(argv[0]), "ueventd")) { // 启动ueventd return ueventd_main(argc, argv); } if (!strcmp(basename(argv[0]), "watchdogd")) { // 启动watchdogd return watchdogd_main(argc, argv); } if (REBOOT_BOOTLOADER_ON_PANIC) { InstallRebootSignalHandlers(); // 若紧急重启,则安装对应的消息处理器 } add_environment("PATH", _PATH_DEFPATH); // 添加环境变量 ... ... } 创建并挂载相关的文件系统 int main(int argc, char** argv) { /* 01. 判断及增加环境变量 */ bool is_first_stage = (getenv("INIT_SECOND_STAGE") == nullptr); if (is_first_stage) { // 判断是否是系统启动的第一阶段(第一次进入:true) boot_clock::time_point start_time = boot_clock::now(); // 用于记录启动时间 // Clear the umask. umask(0); // 清除屏蔽字(file mode creation mask),保证新建的目录的访问权限不受屏蔽字影响 // Get the basic filesystem setup we need put together in the initramdisk // on / and then we'll let the rc file figure out the rest. mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); // 挂载tmpfs文件系统 mkdir("/dev/pts", 0755); mkdir("/dev/socket", 0755); mount("devpts", "/dev/pts", "devpts", 0, NULL); // 挂载devpts文件系统 #define MAKE_STR(x) __STRING(x) mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); // 挂载proc文件系统 // Don't expose the raw commandline to unprivileged processes. chmod("/proc/cmdline", 0440); // 8.0新增, 收紧了cmdline目录的权限 gid_t groups[] = { AID_READPROC }; // 8.0新增,增加了个用户组 setgroups(arraysize(groups), groups); mount("sysfs", "/sys", "sysfs", 0, NULL); // 挂载sysfs文件系统 mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL); // 8.0新增 mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); // 提前创建了kmsg设备节点文件,用于输出log信息 mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)); mknod("/dev/urandom", S_IFCHR | 0666, makedev(1, 9)); ... ... }

如上所示,该部分主要用于创建和挂载启动所需的文件目录。需要注意的是,在编译Android系统源码时,在生成的根文件系统中, 并不存在这些目录,它们是系统运行时的目录,即当系统终止时,就会消失。

四类文件系统:

tmpfs:一种虚拟内存文件系统,它会将所有的文件存储在虚拟内存中,如果你将tmpfs文件系统卸载后,那么其下的所有的内容将不复存在。tmpfs既可以使用RAM,也可以使用交换分区,会根据你的实际需要而改变大小。tmpfs的速度非常惊人,毕竟它是驻留在RAM中的,即使用了交换分区,性能仍然非常卓越。由于tmpfs是驻留在RAM的,因此它的内容是不持久的。断电后,tmpfs的内容就消失了,这也是被称作tmpfs的根本原因。

devpts:为伪终端提供了一个标准接口,它的标准挂接点是/dev/ pts。只要pty的主复合设备/dev/ptmx被打开,就会在/dev/pts下动态的创建一个新的pty设备文件。

proc:一个非常重要的虚拟文件系统,它可以看作是内核内部数据结构的接口,通过它我们可以获得系统的信息,同时也能够在运行时修改特定的内核参数。

sysfs:与proc文件系统类似,也是一个不占有任何磁盘空间的虚拟文件系统。它通常被挂接在/sys目录下。sysfs文件系统是Linux2.6内核引入的,它把连接在系统上的设备和总线组织成为一个分级的文件,使得它们可以在用户空间存取。

重定向输入输出/内核Log系统 int main(int argc, char** argv) { /* ------------ 第一阶段 ------------ BEGIN------------ */ /* 01. 判断及增加环境变量 */ /* 02. 创建并挂载相关的文件系统 */ if (is_first_stage) { ... ... // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually // talk to the outside world... InitKernelLogging(argv); ... ... } ... ... 屏蔽标准的输入输出

跟踪InitKernelLogging(): system/core/init/log.cpp

void InitKernelLogging(char* argv[]) { // Make stdin/stdout/stderr all point to /dev/null. int fd = open("/sys/fs/selinux/null", O_RDWR); if (fd == -1) { // 若开启失败,则记录log int saved_errno = errno; android::base::InitLogging(argv, &android::base::KernelLogger); errno = saved_errno; PLOG(FATAL) << "Couldn't open /sys/fs/selinux/null"; } dup2(fd, 0); // dup2函数的作用是用来复制一个文件的描述符, 通常用来重定向进程的stdin、stdout和stderr dup2(fd, 1); // 它的函数原形是:int dup2(int oldfd, int targetfd),该函数执行后,targetfd将变成oldfd的复制品 dup2(fd, 2); // 因此这边的过程其实就是:创建出__null__设备后,将0、1、2绑定到__null__设备上 if (fd > 2) close(fd); // 所以init进程调用InitKernelLogging函数后,通过标准的输入输出无法输出信息 android::base::InitLogging(argv, &android::base::KernelLogger); } 设置kernel logger

跟踪InitLogging():system/core/base/logging.cpp

// 设置KernelLogger void InitLogging(char* argv[], LogFunction&& logger, AbortFunction&& aborter) { //设置logger SetLogger(std::forward<LogFunction>(logger)); SetAborter(std::forward<AbortFunction>(aborter)); if (gInitialized) { return; } gInitialized = true; // Stash the command line for later use. We can use /proc/self/cmdline on // Linux to recover this, but we don't have that luxury on the Mac/windows, // and there are a couple of argv[0] variants that are commonly used. if (argv != nullptr) { std::lock_guard<std::mutex> lock(LoggingLock()); ProgramInvocationName() = basename(argv[0]); } const char* tags = getenv("ANDROID_LOG_TAGS"); if (tags == nullptr) { return; } // 根据TAG决定最小记录等级 std::vector<std::string> specs = Split(tags, " "); for (size_t i = 0; i < specs.size(); ++i) { // "tag-pattern:[vdiwefs]" std::string spec(specs[i]); if (spec.size() == 3 && StartsWith(spec, "*:")) { switch (spec[2]) { case 'v': gMinimumLogSeverity = VERBOSE; continue; ... ... } } LOG(FATAL) << "unsupported '" << spec << "' in ANDROID_LOG_TAGS (" << tags << ")"; } }

当需要输出日志时,KernelLogger函数就会被调用:

#if defined(__linux__) void KernelLogger(android::base::LogId, android::base::LogSeverity severity, const char* tag, const char*, unsigned int, const char* msg) { ... ... // 打开log节点 static int klog_fd = TEMP_FAILURE_RETRY(open("/dev/kmsg", O_WRONLY | O_CLOEXEC)); if (klog_fd == -1) return; // 决定log等级 int level = kLogSeverityToKernelLogLevel[severity]; // The kernel's printk buffer is only 1024 bytes. // TODO: should we automatically break up long lines into multiple lines? // Or we could log but with something like "..." at the end? char buf[1024]; size_t size = snprintf(buf, sizeof(buf), "<%d>%s: %s\n", level, tag, msg); if (size > sizeof(buf)) { size = snprintf(buf, sizeof(buf), "<%d>%s: %zu-byte mes
          Linus Torvalds Net Worth      Cache   Translate Page   Web Page Cache   

Finnish-American software engineer and hacker Linus Torvalds has as estimated net worth of $150 million and an estimated annual salary of $10 million. Linus earned his net worth as the principal force behind the creation of the Linux kernel. Linus held a place at Transmeta, Open Source Development Labs and Free Standards Group that later …

The post Linus Torvalds Net Worth appeared first on Celebrity Net Worth.


          We Have the CIA to Thank for the QAnon Conspiracy Theory      Cache   Translate Page   Web Page Cache   
The roots of the wackiest pro-Trump conspiracy can be traced back to the CIA.

As the editor of the JFK Facts blog, I try not to spend a lot of time on stupid conspiracy theories, but given widespread ignorance and confusion on the subject, unpleasant journalist duty often calls.

Who killed JFK? The Federal Reserve? Nah. The Secret Service man? A hoax. Ted Cruz’s father? Pure B.S. George H.W. Bush? Heavy breathing is not the same as credible evidence. On a recent Black Vault podcast, the most common JFK question I heard was, “Was Kennedy assassinated because of his interest in UFOs?” Um, no, he was not.

Which brings me to QAnon, the imaginative conspiracy theorist now dominating the internet, attracting followers of President Trump, and obsessing the Washington Post, which has published dozen articles about QAnon in the span of four days. Like many conspiracy theories, the QAnon fever dream can be traced back to the assassination of JFK.

The QAnon conspiracy theory is a psychedelic mushroom planted in the fertile manure of the Warren Commission. This mind-altering proposition grows in the gloom of anonymous chat groups. It is then stimulated by the bright lights of social media. And finally it is harvested and ingested by Trump cultists eager to prolong the alt-reality buzz that commenced on January 20, 2017.

But it all began on November 22, 1963.

Who Is QAnon?

For the uninitiated, “Q” is the moniker of a person or group of persons who post to 4Chan, a popular image website favored by the anonymous. Q’s “theory” (and I use the term generously) is that President Trump was persuaded by the military to smash a network of “deep state” pedophiles that has ruled America for decades. The president (it is said) is working with John F. Kennedy Jr. (who did not die in a plane crash). They will soon smash the perfidious plotters, QAnon predicts, and Barack Obama and Hillary Clinton will be sent to Guantanamo.

You may think this is nutty stuff. Buzzfeed News speculates that QAnon is actually a leftist goof on right-wing suckers. But read the respectful coverage of the pro-Trump Washington Times, where QAnon is described as a “mysterious figure” who has been “posting provocative questions about the government since October.” This stuff is taken seriously.

The historical foundation of this mash-up of the preposterous, the ludicrous and the vile is, you guessed it, the assassination of JFK.

From a December 2017 QAnon post about Trump’s alleged enemies:

  • As a backup, they defined ‘conspiracy’ as crazy/mentally unstable and label anything ‘true’ as such.

  • This works given most of what they engage in is pure evil and simply unbelievable (hard to swallow).

  • The ‘fix’ has always been in – no matter which party won the election (-JFK (killed)/Reagan(shot)).

Why do people believe this nonsense?

One reason is that a few kernels of it are not nonsense. The CIA, in this April 1967 memo, launched a worldwide campaign to demonize critics of the Warren Commission as “conspiracy theorists.” Skepticism about official theory of JFK’s assassination, wrote one agency official with the approval of CIA director Richard Helms, “is of concern to the U.S. government including our organization.”

The agency distributed talking points for “friendly elite contacts,” including the bald-faced lie that accused assassin Lee Harvey Oswald was “an unknown quantity to any professional intelligence service.” In fact, CIA counterintelligence chief James Angleton had monitored Oswald’s movements, politics, personal life and foreign contacts for four years before he allegedly killed JFK.

If that fact became known, the CIA would have a world of hurt on its hands. So the agency said in its memo that the members of the Warren Commission were eminent men and “efforts to impugn their rectitude and wisdom tend to cast doubt on the whole leadership of American society.”

The Commission’s critics, said the CIA, “are enticed by a form of intellectual pride: they light on some theory and fall in love with it; they also scoff at the Commission because it did not always answer every question with a flat decision one way or another.” In other words, the CIA did define belief in “conspiracy” as a symptom of the mentally unstable and patriotically unreliable.

In fact, the doubts were fact-based. Skepticism about the Warren Commission’s conclusions percolated among the Washington insiders (including Lyndon Johnson, Robert Kennedy, and Jackie Kennedy) and among foreign leaders (including Fidel Castro and Charles DeGaulle). All of them concluded privately that JFK had been killed by his enemies, not by a lone gunman.

Of course, there are other factors contributing to the vogue of QAnon that have nothing to do with JFK.

The echo chamber effects of social media encourage the credulous. So does a president enamored with “alternative facts” (aka bullshit). The exhaustion of the American economic system, which no longer provides the majority with affordable education or upward mobility, leaves young people grasping for explanation of their plight.

But the U.S. government’s implausible account of JFK’s assassination—and the CIA’s self-serving defense—can always be cited by those who say “The government is lying.” So if you want to trace the roots of QAnon in American society, look to the Warren Commission and Langley. Please leave us JFK researchers out of it.

The Origins of JFK Theories

As I wrote a few years ago in The Atlantic, the popular belief in a conspiracy was widespread within a week of Kennedy’s murder. Between November 25 and 29, 1963, University of Chicago pollsters asked more than 1,000 Americans who they thought was responsible for the president’s death. By then, the chief suspect, Lee Oswald—a leftist who had lived for a time in Soviet Union—had been shot dead while in police custody by Jack Ruby, a local strip club owner with organized crime connections who hated Bobby Kennedy.

While the White House, the FBI, and the Dallas Police Department all affirmed that Oswald had acted alone and no one should believe “rumors” to the contrary, 62 percent of respondents said they believed that more than one person was involved in JFK’s assassination. Only 24 percent thought Oswald had acted alone. Another poll taken in Dallas during the same week found 66 percent of city respondents believed that there had been a plot.

The belief that Kennedy was killed by his enemies was not created by “conspiracy theorists” or Oliver Stone of the KGB. It was created by the circumstances of the crime and the assassination of Oswald.

The belief in conspiracy was nurtured the factual revelations that followed: The investigations of New Orleans District Attorney Jim Garrison in the late 1960s, the Church Committee investigation of 1975, the House Select Committee on Assassinations in 1978, and the Assassination Records Review Board in the 1990s. The vastly expanded historical record of JFK’s murder undermines the Warren Commission’s findings and destroys the CIA’s cover stories. While we still don’t have a good explanation of who killed Kennedy, we do know the available facts do not corroborate the official theory.

As long as the government and major media organizations deny the JFK facts, they give credibility to those who cultivate pernicious fantasies. They water the psychedelic mushroom now altering the American consciousness.

This article was produced by the Deep State, a project of the Independent Media Institute.


          Usando o Ubuntu Kernel Update Utility para atualizar o kernel do Ubuntu      Cache   Translate Page   Web Page Cache   

Se você procura manter o núcleo do Ubuntu sempre atualizado, conheça e experimente Ubuntu Kernel Update Utility e faça isso de um jeito simples e fácil.

Leia o restante do texto "Usando o Ubuntu Kernel Update Utility para atualizar o kernel do Ubuntu"

O post Usando o Ubuntu Kernel Update Utility para atualizar o kernel do Ubuntu apareceu primeiro em Blog do Edivaldo.


          Bare-Metal-Cloud: Github legt eigene Load Balancer offen      Cache   Translate Page   Web Page Cache   
Der Code-Hoster Github betreibt seine Dienste in eigenen Rechenzentren auf Bare-Metal-Servern. Das zu Microsoft gehörende Unternehmen hat nun den Code seiner Load Balancer offengelegt, die für hohen Durchsatz Pakete am Kernel vorbeischleusen. (Github, Server)
          mkinitcpio-mlx4      Cache   Translate Page   Web Page Cache   
Archlinux mkinitcpio hook to pack mlx4_core and mlx4_en kernel modules
          Re: [PATCH] sched: idle: Reenable sched tick for cpuidle request      Cache   Translate Page   Web Page Cache   
"Rafael J. Wysocki" writes: (Summary) On Thursday, August 9, 2018 7:47:27 AM CEST Leo Yan wrote: occur again.
Well, there is code in the menu governor to avoid that. Well, there is code in the menu governor to avoid that. until there have other interrupts on it.
And which means that the above-mentioned code misses this case. And which means that the above-mentioned code misses this case. rcu_idle_enter();
Please CC cpuidle patches to linux-pm@vger.kernel.org, that helps a lot. Thanks,
Rafael
Rafael
Rafael

          [PATCH 3/5] perf/hw_breakpoint: Remove superfluous bp->attr.disabl ...      Cache   Translate Page   Web Page Cache   
Jiri Olsa writes: (Summary) 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c index fb229d9c7f3c..3e560d7609fd 100644 --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -526,10 +526,9 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att if (err) return err; - if (!attr->disabled) { + if (!attr->disabled) perf_event_enable(bp); - } + return 0;
          [PATCH 4/5] perf/hw_breakpoint: Set breakpoint as disabled in modi ...      Cache   Translate Page   Web Page Cache   
Jiri Olsa writes: (Summary) When we failed to modify breakpoint, we ended up with disabled event. 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c index 3e560d7609fd..eff7ab716139 100644 --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -523,8 +523,10 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att perf_event_disable(bp); - if (err) + if (err) { + bp->attr.disabled = 1;
          [PATCH 5/5] perf/hw_breakpoint: Add fallback code for ptrace_set_b ...      Cache   Translate Page   Web Page Cache   
Jiri Olsa writes: (Summary) Restoring the breakpoint after unsuccesfull address change, so following user code no longer produces disabled breakpoint. ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[0]), addr_1) ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[7]), dr7) ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[0]), -1) ptrace(PTRACE_POKEUSER, child, offsetof(struct user, u_debugreg[0]), -1) The first 2 ptrace calls set breakpoint on addr_1. This patch adds the code that restores the breakpoint to its original state.
restores the breakpoint to its original state.
Link: http://lkml.kernel.org/n/tip-h9ut835vl297roen0v163zg6@git.kernel.org Signed-off-by: Jiri Olsa <jolsa@kernel.org>
--- arch/x86/kernel/ptrace.c |
          [PATCHv2 0/5] perf/hw_breakpoint: Fix breakpoint modify      Cache   Translate Page   Web Page Cache   
Jiri Olsa writes: (Summary) It's described in patch 1 as perf test, patch 2 is the breakpoint code fix.
patch 2 is the breakpoint code fix.
I ran strace tests, nothing (new) broken there..
I ran strace tests, nothing (new) broken there..
v2 changes:
- added Oleg's ack for patch 2
- added new changes based on Oleg's questions
plus new test code
plus new test code
thanks,
jirka
jirka
--- Jiri Olsa (5): perf tests: Add breakpoint modify tests perf/hw_breakpoint: Modify breakpoint even if the new attr has disabled set perf/hw_breakpoint: Remove superfluous bp->attr.disabled = 0 perf/hw_breakpoint: Set breakpoint as disabled in modify_user_hw_breakpoint error path perf/hw_breakpoint: Add fallback code for ptrace_set_breakpoint_addr arch/x86/kernel/ptrace.c |
          Re: [RFC net-next 00/15] net: A socket API for LoRa      Cache   Translate Page   Web Page Cache   
Alan Cox writes: (Summary) PF_PACKET is built into the stack so providing you label packets with the ETH_P_xxx you have for Lora, you can use PF_PACKET interfaces to dump them and write raw packets at the kernel layer.
layer.
PF_INET SOCK_RAW
PF_INET SOCK_RAW
Split the messages by protocol number in IP between multiple listeners/writers
listeners/writers
PF_INET SOCK_UDP / TCP etc
PF_INET SOCK_UDP / TCP etc
Split the messages by port numbers in the higher level protocol Split the messages by port numbers in the higher level protocol Split the messages by port numbers in the higher level protocol For PF_LORA these would map to whatever goes on at the LORA protocol level and divide LORA messages up between multiple processes on the Linux system that are interested in some of the messages.
          Re: linux: sata_nv: adma support      Cache   Translate Page   Web Page Cache   
Pali Rohár writes: On Thursday 10 May 2018 15:51:57 Pali Rohár wrote: parses error messages for unsupported operations?
Tejun, you are libata maintainer, can you look or check if this is a problem in kernel's libata? I guess that this is problem in propagating APM errors. At least disk without APM support should not cause such errors...
errors...

          Re: [PATCH] x86/ACPI/cstate: Output AMD on APCI C1 FFH MWAIT AMD s ...      Cache   Translate Page   Web Page Cache   
Prarit Bhargava writes: (Summary) On 08/08/2018 03:58 PM, Pavel Machek wrote:
First, you are changing kernel API.
I thought about that and the AMD support was only added a year ago so I think it is okay to change. use Intel MWAIT, too...
That's true but the weirdness of seeing INTEL on an AMD box there made me push this patch.
this patch.
Third, there are more CPU vendors out there.
Not in this code. I thought about dropping INTEL, and also switching to X86.
also switching to X86.
Should we drop INTEL from the above or not (as suggested later in this thread)?
          Re: [PATCH] sched: idle: Reenable sched tick for cpuidle request      Cache   Translate Page   Web Page Cache   
leo.yan@linaro ... writes: (Summary) On Thu, Aug 09, 2018 at 12:45:49PM +0200, Peter Zijlstra wrote: timer_clear_idle().
No, from the testing I found must call retain_tick, otherwise the kernel compliants the warning from tick_nohz_idle_exit() when exit from idle state:
from idle state:
WARN_ON_ONCE(ts->timer_expires_base);
WARN_ON_ONCE(ts->timer_expires_base);
However, I would rather we stuff all this into retain_tick. diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c index da9455a..fd2bfad 100644 --- a/kernel/time/tick-sched.c +++ b/kernel/time/tick-sched.c @@ -962,6 +962,10 @@ void tick_nohz_idle_stop_tick(void) void tick_nohz_idle_retain_tick(void) { + /* Restart the tikc if it has been stopped yet.
          Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()      Cache   Translate Page   Web Page Cache   
Joerg Roedel writes: (Summary) Hi Dave,
Hi Dave,
On Wed, Aug 08, 2018 at 08:54:37AM -0700, Dave Hansen wrote: Before pti_init(), I would have expected the user page tables to be empty. The W+X check runs at the end of mark_readonly() in x86, which is after pti_init() already put kernel mappings into the user page-table. Problem is that the cloned entries are still W+X mapped, which is fixed in pti_finalize() running _after_ mark_readonly().
pti_finalize() running _after_ mark_readonly().
Regards,
Regards,
Joerg
Joerg
Joerg

          eGPU : comment utiliser une carte graphique externe avec macOS      Cache   Translate Page   Web Page Cache   

Depuis qu’elles sont explicitement prises en charge par macOS High Sierra, et plus encore maintenant qu’on peut les trouver dans les boutiques Apple, les cartes graphiques externes ne sont plus réservées aux bidouilleurs. De fait, leur utilisation se résume au branchement de deux câbles, l’un vers le secteur et l’autre vers le Mac. Enfin… presque.

Blackmagic eGPU.

D’abord parce que le débranchement d’une carte graphique externe, ou eGPU, n’est pas aussi simple que son branchement. Le branchement d’un eGPU fait apparaître un nouvel élément dans la barre des menus, qui permet d’assurer la bonne déconnexion de la carte graphique avant son débranchement. Tirez sur le câble sans passer ce menu d’« éjection », et vous risquez le plantage de l’application qui utilise les ressources graphiques externes, voire un kernel panic.

Le menulet eGPU.

Ensuite parce que le fonctionnement des cartes graphiques externes laisse encore à désirer. Depuis macOS High Sierra 10.13.4, les eGPU permettent d’accélérer les applications utilisant des API graphiques comme OpenGL et Metal ou des API de calcul parallèle comme OpenCL. L’accélération demande un écran, qu’il s’agisse d’un écran externe, d’un casque de réalité virtuelle, ou même de l’écran de votre MacBook Pro…

…à condition que vos applications soient adaptées à cet usage. Apple elle-même n’a pas terminé le travail, si bien que Final Cut Pro ignore les cartes graphiques externes tant qu’un écran n’est pas branché. (Cela explique pourquoi Blackmagic prend soin de faire apparaître un écran sur toutes les photos de sa carte graphique externe.)

La fenêtre « Éjecter le GPU en toute sécurité » s’ouvre si vous essayez d’« éjecter » une carte graphique externe en plein travail. Vous pourrez alors soit quitter l’application proprement, soit forcer l’éjection et risquer le plantage.

Ce problème sera réglé par macOS Mojave, qui permettra de forcer l’utilisation des cartes graphiques externes avec l’option Préférer le GPU externe dans l’inspecteur de l’application (Fichier > Lire les informations). Cette option est déjà présente dans macOS High Sierra, mais il faut utiliser un script shell pour l’activer, application par application ou à l’échelle du système tout entier.

Enfin parce que les cartes graphiques externes sont encore instables. La plupart des modèles démarrent automatiquement lors du branchement au Mac, sauf quand les deux appareils n’arrivent pas à communiquer. Faute d’interrupteur sur le boîtier externe, il faut s’y reprendre à plusieurs fois, voire redémarrer, avant d’enfin obtenir une bonne connexion.

Les plantages sont plus rares que les artefacts, qui semblent liés à la montée en charge de la carte et la saturation de la connexion Thunderbolt, mais ne durent généralement que le temps d’une frame. Bref, vous l’aurez compris : l’utilisation des cartes graphiques externes est nettement plus aisée, mais pas encore tout à fait simple.


          Linux ist anfällig für Denial-of-Service-Angriffe       Cache   Translate Page   Web Page Cache   
Der Linux-Kernel ab Version 4.9 enthält offenbar eine Sicherheitslücke. Diese könnte genutzt werden, um das Betriebssystem lahmzulegen.
          Field Formatter Condition: Fico & DS reset template - field date with errors      Cache   Translate Page   Web Page Cache   

Hi,

Drupal 8.5.6
Fico 1.0

Example: I have a News Content Type. If you activate the Reset template Display Suite in Display and show the date of publication, no conditions are set. Save. Go to the website, to the page record, which displays the data date field, then an error occurs:

Notice: Undefined index: formatter in Drupal\ds\Plugin\DsField\Date-&gt;build()</em> (line 56 of modules/contrib/ds/src/Plugin/DsField/Date.php). Drupal\ds\Plugin\DsField\Date-&gt;build() (Line: 310)
fico_entity_view_alter(Array, Object, Object) (Line: 539)
Drupal\Core\Extension\ModuleHandler-&gt;alter('node_view', Array, Object, Object) (Line: 286)
Drupal\Core\Entity\EntityViewBuilder-&gt;buildMultiple(Array) (Line: 220)
Drupal\Core\Entity\EntityViewBuilder-&gt;build(Array)
call_user_func(Array, Array) (Line: 378)
Drupal\Core\Render\Renderer-&gt;doRender(Array, ) (Line: 195)
Drupal\Core\Render\Renderer-&gt;render(Array, ) (Line: 226)
Drupal\Core\Render\MainContent\HtmlRenderer-&gt;Drupal\Core\Render\MainContent\{closure}() (Line: 582)
Drupal\Core\Render\Renderer-&gt;executeInRenderContext(Object, Object) (Line: 227)
Drupal\Core\Render\MainContent\HtmlRenderer-&gt;prepare(Array, Object, Object) (Line: 117)
Drupal\Core\Render\MainContent\HtmlRenderer-&gt;renderResponse(Array, Object, Object) (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber-&gt;onViewRenderArray(Object, 'kernel.view', Object)
call_user_func(Array, Object, 'kernel.view', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher-&gt;dispatch('kernel.view', Object) (Line: 156)
Symfony\Component\HttpKernel\HttpKernel-&gt;handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel-&gt;handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle-&gt;handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache-&gt;pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware-&gt;handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware-&gt;handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel-&gt;handle(Object, 1, 1) (Line: 666)
Drupal\Core\DrupalKernel-&gt;handle(Object) (Line: 19)

With Regards


          Some Problematic Laptops On Linux Will Soon Stop Making Loud Noises When You Reboot      Cache   Translate Page   Web Page Cache   
Shortly after writing about the Sound Blaster Recon3D finally getting Linux support yesterday, a Phoronix reader pointed out another frustrating Linux sound problem with a resolution on its way to the mainline Linux kernel...
          How SELinux helps mitigate risk while facilitating compliance      Cache   Translate Page   Web Page Cache   
English

Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStackⓇ Platform.

In this blog post, we use PCI-DSS to highlight some of the benefits of SELinux. Though there are many other security standards that affect our customers, we selected PCI-DSS based on a review of customer support cases, feedback, and general inquiries we received. The items we selected from this standard are also accepted industry practices, such as:

  • Limiting user access to data based on job roles.
  • Limiting access to system components.
  • Configuring software behavior, functions, and access.

What is SELinux?

SELinux is an advanced access control mechanism originally created by the United States National Security Agency. It was released under an open source license in 2000, and integrated into the Linux kernel in 2003. As part of the Linux kernel, it is built into the core of Red Hat Enterprise Linux. SELinux works by layering additional access controls on top of the traditional discretionary access controls that have been the basis of UNIX and Linux security for decades. SELinux access controls provide both increased granularity as well as a single security policy that is applied across the entire system and enforced by the RHEL kernel. SELinux enforces the security policy on applications bundled with Red Hat Enterprise Linux as well as any custom, third-party, and independent software vendor (ISV) applications. In addition to applications on the host system, SELinux access controls provide separation and controlled sharing between RHEL-hosted virtual machines and containers.

SELinux’s access controls are driven by a configurable security policy, which is loaded into the kernel at boot. The SELinux security policy functions as a whitelist for user and application behavior. The policy allows administrators and policy developers to isolate applications into specific SELinux domains that are tailored to the application’s permitted behaviors. Access to files, local interprocess communications (IPC) mechanisms, the network, and various other system resources can all be restricted on a per-domain basis. SELinux also allows the administrator to put individual SELinux domains, as well as the entire system, into permissive mode where SELinux-based access denials are logged, but the access is still permitted. This eases policy development and troubleshooting.

While SELinux is an important part of Red Hat Enterprise Linux security capabilities, there are many other security technologies and widely accepted practices that should also be employed. Data encryption, malware scanning, firewalls, and other network security mechanisms remain an important part of an overall security strategy. SELinux is a way to augment existing security solutions, and is not a replacement for current security measures that may be in place.

Mapping to compliance requirements

With the above understanding of how SELinux can help reduce risk and harden a Red Hat Enterprise Linux system, let’s see how it maps to a few PCI-DSS compliance requirements. When reviewing PCI-DSS 3.2 requirements, it is easy to see how RHEL with SELinux can help address requirements that fall under the section Implement Strong Access Control Measures Requirement. Let’s look at some lesser-known requirements in sections two and three instead.

PCI-DSS requirement 2.2:

“[d]evelop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.”

Given that, by default, it denies access to any resource rather than permits access, SELinux immediately meets industry-accepted system hardening standards, and may help mitigate certain classes of security vulnerabilities. It also helps meet the more granular requirements under 2.2 by ensuring a greater level of security restrictions and more fine-grained access control.

PCI-DSS requirement 3.6.7:

“Prevention of unauthorized substitution of cryptographic keys”

At a system-configuration level, SELinux can prevent unauthorized overwriting of files—even when a specific user or role would normally be authorized to write to the directory containing cryptographic keys.

SELinux can also help customers meet other well-known PCI-DSS 3.2 requirements by:
Limiting access to system components and cardholder data to only those individuals whose job requires such access. (meets 7.1.1 - 7.1.3)
Establishing an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to ‘deny all’ unless specifically allowed. (meets 7.2.1 - 7.2.3)

Restricting malicious actor read, write, and pivoting

When SELinux is in enforcing mode, the default policy used in Red Hat Enterprise Linux is the targeted policy. In the default targeted policy, some applications run in a confined SELinux domain where SELinux policy restricts those applications to a particular set of behaviors. All other applications run in special unconfined domains; while they are still SELinux security domains, there is little to no restriction to their permitted behavior.

Almost every service that listens on a network is confined in RHEL, such as httpd and sshd. Also, most processes that run as the root user and perform tasks for users, such as the passwd utility, are confined. When a process is confined, it runs in its own domain. Depending on the SELinux policy configuration for a confined process, an attacker's access to resources, ability to pivot, read, and write, and the possible damage they can do may be limited.

We have listed below a few of the common processes and daemons that run confined by default in their own domain. If you have a question regarding a process that is not listed here, send your inquiry to Red Hat Customer Service.

  • dhcpd is a dynamic host control protocol used in Red Hat Enterprise Linux to dynamically deliver and configure Layer 3 TCP/IP details for clients.
  • smbd is a Samba server that provides file and print services between clients across various operating systems.
  • httpd (Apache HTTP Server) provides a web server.
  • Squid is a high-performance proxy caching server for web clients supporting FTP, Gopher, and HTTP data objects. It reduces bandwidth and improves response times by caching and reusing frequently requested web pages.
  • mysqld is a multi-user, multi-threaded SQL database server that consists of the MariaDB server daemon (mysqld) and many client programs and libraries.
  • PostgreSQL is an Object-Relational database management system (DBMS).
  • Postfix is an open-source Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.

For more information on how the Red Hat portfolio can help customers with PCI-DSS compliance, review Red Hat’s 2015 paper on PCI and DSS compliance and our 2016-2017 blog series.

Vulnerabilities

SELinux can also help mitigate many risks posed from privilege escalation attacks. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker can only access resources granted to it through the associated SELinux domain. Exploiting an application does not change what SELinux allows the process to access. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories by default, unless a specific SELinux policy rule was added or configured to allow such access.

Based on our review of data from the 2017 calendar year, we selected three vulnerabilities publicly released during that time which were mitigated by default Red Hat Enterprise Linux SELinux policies.

CVE-2016-9962 targeted containers, and it became public just 11 days into the new year. On Red Hat systems with SELinux enabled, the dangers of even privileged containers are mitigated. SELinux prevents container processes from accessing host content even if those container processes manage to gain access to the actual file descriptors. With SELinux in enforcing mode, and enabling the default SELinux policy (deny_ptrace) which only affects the policy shipped by Fedora or Red Hat, customers can:
- remove all ptrace,
- confine an unconfined domain, and
- retain the flexibility to disable it permanently or temporarily for troubleshooting.

CVE-2017-6074 addressed a flaw in the Datagram Congestion Control Protocol (DCCP). If exploited by a local, unprivileged user, the user could alter the kernel memory and escalate their privileges on the system. With SELinux enabled and using the default policies alone, this flaw is mitigated.

CVE-2017-7494 addressed a vulnerable Samba client. A malicious authenticated Samba client, having write access to the Samba share, could use this flaw to execute arbitrary code as root. When SELinux is enabled by default, our default policy prevents loading of modules from outside of Samba's module directories and therefore mitigates the flaw.

Red Hat and security

At Red Hat we believe that security is a mindset, not a feature. That’s why we work closely with upstream developers and communities to encourage secure coding practices, information sharing, and collaboration. We firmly believe the principles of open source software contribute to transparency and more secure products, benefiting customers and communities alike.

SELinux is shipped enabled by default in Red Hat Enterprise Linux. In addition to providing added security and mitigating a threat actor’s ability to pivot, SELinux also helps customers meet a variety of compliance standards requirements. And although the terms compliant and secure are not directly interchangeable, we understand that both are very important to our customers. We work continuously to support our products and help our customers achieve both business objectives.

For more information on Red Hat Product Security, visit the Product Security Center on the Red Hat Customer Portal. If you have vulnerability information you would like to share with us, please send an email to secalert@redhat.com.

Product

Red Hat Enterprise Linux

Category

Secure

Tags

selinux

Component

dhcp httpd mysql postfix postgresql samba squid

          Kernel Processing at Harvest was calculated to Improve Silage 6.5%      Cache   Translate Page   Web Page Cache   
Kernel Processing at Harvest was calculated to Improve Silage 6.5% University of Nebraska Corn silage is frequently used in beef cattle diets as a roughage source. Increasing the nutrients available from corn silage through genetic improvement and processing are two … Continue reading
          Medium-Chain Triglycerides Market Worth $809.3 Million by 2022      Cache   Translate Page   Web Page Cache   

The medium-chain triglycerides (MCTs) market is projected to reach USD 809.3 Million by 2022, at a CAGR of 6.1% from 2017. Growing consumer inclination toward health foods and fitness is expected to influence the growth of the medium-chain triglycerides market.

Northbrook, IL -- (SBWIRE) -- 08/09/2018 -- According to the new market research report "Medium-chain Triglycerides Market by Fatty Acid Type (Caproic, Caprylic, Capric, and Lauric), Application (Nutritional Diet, Infant Formula, Sport Drinks, Pharmaceuticals, and Personal Care), Form, Source, and Region - Global Forecast to 2022", the medium-chain triglycerides market is projected to reach USD 809.3 Million by 2022, at a CAGR of 6.1% from 2017. The market for medium-chain triglycerides is driven by the rising demand for nutritional food and increasing health consciousness among consumers.

Browse 76 market data tables and 60 figures spread through 144 pages and in-depth TOC on "Medium-chain Triglycerides Market - Global Forecast to 2022"

Early buyers will receive 10% customization on this report.

Download PDF Brochure

"Caprylic acid dominated the medium-chain triglycerides market in 2016"

Caprylic acid dominated the medium-chain triglycerides market, followed by capric acid, in 2016. The demand for caprylic acid is projected to grow, due to its increasing consumption in the food & beverage and personal care industries. Caprylic triglycerides work as emollient agents in different applications. Caprylic acid is a mixed trimester available only in the liquid form. It improves shelf life and creates a lubrication barrier for cosmetic products. It is widely used in many applications, including personal care (skin, body, and hair), food & beverages, pharmaceuticals, and industrial.

"Coconut is the major source for medium-chain triglycerides"

Medium-chain triglycerides (MCTs) are medium-chain fatty acids with a carbon chain that is obtained by treating oils such as coconut oil and palm kernel oil. Caprylic triglycerides work as emollient agents in different applications. They are derived from coconut oil and glycerin. Coconut oil aids in treating health problems, especially related to inflammations such as helps in maintaining healthy weight, supports in reducing stored body fat by increasing metabolic functions, helps in better digestion and gives more energy, and balances hormone levels.

Make an Inquiry

"Nutritional diet is the major segment for application in medium-chain triglycerides market"

Medium-chain triglycerides have numerous health benefits, ranging from better weight management to improved cognitive functioning. Saturated fats and MCTs are good for consumption on daily basis; they help in reducing the risks associated with hormone imbalances, weight gain, gut problems, and cognitive disorders. The nutritional diet segment accounted for the largest share of the North American medium-chain triglycerides market, in 2016.

"Asia-Pacific is projected to register highest growth rate from 2017 to 2022"

The medium-chain triglycerides market in the Asia-Pacific region is projected to witness the highest CAGR from 2017 to 2022. The growing use of personal care products such as lotions, gels, creams, and cosmetics products for women are fueling the growth of the medium-chain triglycerides market in the Asia-Pacific region. Additionally, with busy lifestyles and increase in disposable incomes, the demand for nutritional food & products is growing in the region.

This report includes a study of marketing and development strategies, along with the product portfolio of key service providers. It includes the profiles of leading companies such as KLK Oleo (Malaysia), BASF SE (Germany), Stepan Company (U.S.), Croda International PLC. (U.K.), E. I. du Pont de Nemours and Company (U.S.), and Koninklijke DSM N.V. (Netherlands).

About MarketsandMarkets™
MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7500 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model – GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledgestore" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

Contact:
Mr. Shelly Singh
MarketsandMarkets™ INC.
630 Dundee Road
Suite 430
Northbrook, IL 60062
USA : 1-888-600-6441
sales@marketsandmarkets.com

For more information on this press release visit: http://www.sbwire.com/press-releases/medium-chain-triglycerides-market-worth-8093-million-by-2022-1023820.htm

Media Relations Contact

Mr. Shelly Singh
Telephone: 1-888-600-6441
Email: Click to Email Mr. Shelly Singh
Web: http://www.marketsandmarkets.com

#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000


          Hardware ID I need it to Change serial numbers - Kernel Based      Cache   Translate Page   Web Page Cache   
Hardware ID I need it to Change serial numbers, model and Manufacturer: Applications that request hardware data should not receive real data, but those that will be emulated by your application.The real data about the hardware of the computer for application should be hidden... (Budget: ₹1500 - ₹12500 INR, Jobs: C Programming, C# Programming, C++ Programming, Linux, Software Architecture)
          BlackHat 2018       Cache   Translate Page   Web Page Cache   

议题概要

现代操作系统基本都已经在硬件级别(MMU)支持了用户态只读内存,只读内存映射在保证了跨进程间通信、用户态与内核间通信高效性的同时,也保证了其安全性。直到DirtyCOW漏洞的出现,这种信任边界被彻底打破。

在iOS中,这样的可信边界似乎是安全的,然而随着苹果设备的快速更新和发展,引入了越来越多的酷炫功能。许多酷炫功能依赖iOS与一些独立芯片的共同协作。其中,DMA(直接内存访问)技术让iOS与这些独立芯片之间的数据通信变得更加高效。

然而,很少有人意识到,这些新功能的引入,悄然使得建立已久的可信边界被打破。科恩实验室经过长时间的研究,发现了一些间接暴露给用户应用的DMA接口。虽然DMA的通信机制设计的比较完美,但是在软件实现层出现了问题。将一系列的问题串联起来后,将会形成了一个危害巨大的攻击链,甚至可导致iOS手机被远程越狱。部分技术曾在去年的MOSEC大会上进行演示,但核心细节与技术从未被公开。该议题将首次对这些技术细节、漏洞及利用过程进行分享,揭示如何串联多个模块中暴露的“不相关”问题,最终获取iOS内核最高权限的新型攻击模式。

image.png

作者简介

陈良,腾讯安全科恩实验室安全研究专家,专注于浏览器高级利用技术、Apple系操作系统(macOS/iOS)的漏洞挖掘与利用技术研究。他曾多次带领团队获得Pwn2Own 、Mobile Pwn2Own的冠军,并多次实现针对iOS系统的越狱。

image.png

议题解析

现代操作系统都会实现内存保护机制,让攻击变得更困难。iOS在不同级别实现了这样的内存保护,例如,MMU的TBE属性实现NX、PXN、AP等,以及更底层的KPP、AMCC等:

image.png

其中,用户态只读内存机制,在iOS上有很多应用,比如可执行页只读、进程间只读以及内核到用户态内存的只读: 

image.png如果一旦这些只读内存的保护被破坏,那么最初的可信边界就会被彻底破坏,在多进程通信的模式下,这可以导致沙盒绕过。而对于内核和用户态内存共享模式下,这可能可以导致内核代码执行:

image.png然而突破这样的限制并不容易,在iOS中,内核代码会阻止这样的情况发生:每个内存页都有一个max_prot属性,如果这个属性设置为不能大于只读,那么所有设置成writable的重映射请求都会被阻止:

image.png

随着手机新技术的发展,DMA技术也被应用于手机上,DMA是一种让内存可以不通过CPU进行处理的技术,也就是说,所有CPU级别的内存保护,对于DMA全部无效。

那么,是不是说,DMA没有内存保护呢?事实并非如此,这是因为两个原因:第一,对于64位手机设备,许多手机的周边设备(例如WIFI设备)还是32位的,这使得有必要进行64位和32位地址间转换;第二是因为DMA技术本身需要必要的内存保护。

image.png

正因为如此,IOMMU的概念被提出了。在iOS设备中,DART模块用来实现这样的地址转换。

事实上DMA有两种:Host-to-device DMA以及device-to-host DMA,前者用于将系统内存映射到设备,而后者用户将设备内存映射于系统虚拟内存。在2017年中,Google Project Zero的研究员Gal Beniamini先将WIFI芯片攻破,然后通过修改Host-to-device DMA的一块内存,由于内核充分信任这块内存,忽略了一些必要的边界检查,导致成功通过WIFI来攻破整个iOS系统:

image.png

然而Gal的攻击方式存在一定局限,因为必须在短距离模式下才能完成:攻击WIFI芯片需要攻击者和受害者在同一个WIFI环境中。

我们有没有办法通过DMA的问题实现远距离攻破,这听上去并不可行,因为DMA接口本身并不会暴露于iOS用户态。

然而通过科恩实验室的研究发现,可能存在一些间接接口,可以用来做DMA相关的操作,例如iOS中的JPEG引擎以及IOSurface transform等模块。我们选择研究IOSurface transform模块的工作机制。以下是IOSurface transform模块的工作机制:

image.pngIOSurfaceAccelerator接口通过用户态提供的两个IOSurface地址作为用户参数,通过操作Scaler设备,将IOSurface对应的地址转换成Scaler设备可见的设备地址,然后启动scaler设备进行transform,整个过程如下:

image.png另一方面,在这个Host-to-device DMA过程中,用户态内存的只读属性是否被考虑在内,是一个比较疑惑的问题。我们经过研究,发现在IOMMU中是支持内存属性的:

image.png在TTE的第8和第9位,是用于执行内存页的读写属性的:

image.png因此我们得到这样的页表属性定义:

image.png我们之后介绍了苹果图形组件的工作模式:

image.png在iPhone7设备中,一共有128个Channel,这些Channel被分成三类:CL、GL和TA,内核将来自用户态的绘图指令包装并塞入这128个channel,然后等待GPU的处理。由于GPU处理是高并发的,因此需要很健全的通知机制。

image.png首先GPU会映射一个128个元素的stampArray给kernel,kernel也会把这块内存映射到用户态。与此同时,内核也维护了一个stamp address array,用于保存每个channel的stamp地址:

image.png值得注意的是,GPU每处理完一个绘图指令后,都会将对应channel的stamp值加1。另一方面,对于每个绘图指令,都会有一个期望stamp值,这个值被封装于IOAccelEvent对象中:

image.png

系统通过简单的比较expectStamp于当前channel的stamp值就可以确定这个绘图指令是否已经完成。为了提高处理效率,部分IOAccelEvent对象会被映射到用户态,属性只读。

在介绍完了所有这些机制性的问题后,我们来介绍两个用于Jailbreak的关键漏洞。漏洞1存在于DMA映射模块,先前提到,系统的内存属性mapOption会被传入底层DART的代码中,然而在iOS 10以及早期的iOS 11版本中,这个mapOption参数被下层的DART转换所忽略:

image.png所有操作系统中的虚拟地址,都会被映射成IOSpace中允许读写的内存:

image.png之后我们介绍第二个漏洞,这个漏洞存在于苹果图形模块中。在IOAccelResource对象创建过程中,一个IOAccelClientShareRO对象会被映射到用户态作为只读内存,这个对象包含4个IOAccelEvent对象:

在IOAccelResource对象销毁过程中,testEvent函数会被执行,用于测试IOAccelResource对应的绘图指令是否已经被GPU处理完成:

image.png在这个代码逻辑中,由于内核充分信任这块IOAccelEvent内存不会被用户态程序篡改(因为是只读映射),因此并没有对channelIndex做边界检查。这虽然在绝大多数情况下是安全的,但如果我们配合漏洞1,在用户态直接修改这块只读内存,就会导致可信边界被彻底破坏,从而造成m_stampAddressArray的越界读以及m_inlineArray的越界写:

image.png最后,我们讨论两个漏洞的利用。要利用这两个漏洞并不容易,因为我们需要找到一种内存布局方法,让m_stampAddressArray以及m_inlineArray这两个数组的越界值都可控。但因为这两个数组在系统启动初期就已经分配,而且这两个数组的元素大小并不相同,因此布局并不容易。

image.png

经过研究,我们发现,只有通过指定大index以及合理的内核对喷,才能实现这样的布局。因为在iPhone7设备中,用户态应用可以喷射大概350MB的内存,并且在m_stampAddressArray以及m_inlineArray初始化后,会有额外50MB的内存消耗,因此我们需要使得index满足以下两个条件:

1. index ∗ 24 < 350MB + 50MB 

2. index ∗ 8 > 50MB 

也就是说index的值需要在[0x640000, 0x10AAAAA]这个范围内,可以使得两个数组的越界值极大概率在我们可控的喷射内存内:

然后,下一个问题就是,我们是否能够任意地址读以及任意地址写。对于任意地址读似乎不是什么问题,因为m_stampAddressArray的元素大小是8字节,可以通过指定任意index到达任意内存地址。但任意地址写需要研究,因为m_inlineArray的元素大小是24字节,只有一个field可以用于越界写,所以不是每个内存地址都可以被写到:

image.png在这种情况下,我们退求其次,如果能实现对于一个页中的任意偏移值进行写操作,那么也可以基本达到我们的要求。在这里,我们需要通过同余定理来实现:

image.png

因为:

0xc000 ≡ 0(mod0x4000)

因此对于任意整数n,满足:

n ∗ 0×800 ∗ 24 ≡ 0(mod0x4000) 

由于0×4000 / 24 * 0xF0 / 16 = 0x27f6,我们得到:

0xF0 + 0x27f6 ∗ 24 + n ∗ 0×800 ∗ 24 ≡ 0(mod0x4000) 

最后我们得出结论,如果需要通过越界m_inlineArray写到一个页的前8字节,需要满足:

index = 0x27f6 + n ∗ 0×800 

而如果需要到达任意页内偏移,假设要到达偏移m,则index需要满足条件:

index = 0x27f6 + 0x2ab ∗ m/8 + n ∗ 0×800 

image.png与之前得出的index范围结论相结合,我们最终选择了index值0x9e6185:

image.png然后我们通过以下几个步骤进行漏洞利用,在第一个布局中,我们得出Slot B与Slot C的index值:

image.png随之我们将slot B填入相同大小的AGXGLContext对象,然后再次利用漏洞泄露出其vtable的第四位:

image.pngimage.png最后我们通过将Slot C释放并填入AGXGLContext对象,将其原本0×568偏移的AGXAccelerator对象改为我们可控的内存值,实现代码执行:

image.png最后,整个利用流程总结如下:

image.pngimage.png在通过一系列ROP后,我们最终拿到了TFP0,但这离越狱还有一段距离:绕过AMFI,rootfs的读写挂载、AMCC/KPP绕过工作都需要做,由于这些绕过技术都有公开资料可以查询,我们这里不作详细讨论:

image.pngimage.png

最后,我们对整条攻击链作了总结:

1. 在iOS 11的第一个版本发布后,我们的DMA映射漏洞被修复;

2. 但是苹果图形组件中的越界写漏洞并没有被修复;

3. 这是一个”设计安全,但实现并不安全”的典型案例,通过这一系列问题,我们将这些问题串联起来实现了复杂的攻击;

4. 也许目前即便越界写漏洞不修复,我们也无法破坏重新建立起来的只读内存可信边界;

5. 但是至少,我们通过这篇文章,证明了可信边界是可以被打破的,因为用户态只读映射是”危险”的;

6. 也许在未来的某一天,另一个漏洞的发现又彻底破坏了这样的可信边界,配合这个越界写漏洞将整个攻击链再次复活。这是完全有可能的。

image.pngimage.png对iOS安全研究感兴趣的朋友可以查看此次议题发布的白皮书《KeenLab iOS越狱细节揭秘:危险的用户态只读内存》获取更多信息。微信搜索“腾讯科恩实验室”,回复“iOS安全”即可获取Black Hat 2018议题白皮书!

*本文作者:腾讯安全科恩实验室,转载请注明来自FreeBuf.COM


          Ce XP-Pen tableta grafica imi recomandati? in Comunitate : Cafeneaua Ubuntu România      Cache   Translate Page   Web Page Cache   
Topic: Ce XP-Pen tableta grafica imi recomandati? Message: Salut,Sper ca nu intrebi pentru Windows ca nu prea are treaba cu activitatea de pe forumul asta :DTabletele grafice alese de tine nu prea functioneaza pe Linux din prima.Posibil sa ai ceva sanse cu DECO 01, dar trebuie sa muncesti: https://github.com/DIGImend/digimend-kernel-driversWacom-urile au cel mai bun suport:https://askubuntu.com/questions/284284/ … -in-ubuntuCa aplicatie pentru desen, Krita este cea mai populara pe Linux. O gasesti in depozitul de pachete "universe" din Ubuntu deci se poate instala extrem de usor din "Software" sau din linia de comanda cu: Cod:sudo apt install krita
          Pasang TWRP Xiaomi Mi A2 (Jasmine) di jamin sukses      Cache   Translate Page   Web Page Cache   
Pasang TWRP Xiaomi Mi A2 (Jasmine) di jamin sukses

Jika sebekumnya device Xiaomi Mi A2 kalian sudah berhasil masuk dalam kondisi Unlock Bootloader, maka langkah selanjutnya adalah dengan memasangkan TWRP pada device tersebut, perlu kalian ketahui pemasangan TWRP pada seri Xiaomi Mi A2 ini akan sangat mudah untuk di lakukan, asalkan cara pemasangannya benar, seperti yang akan kami jelaskan di bawah ini.

Selanjutnya, tutorial ini hanya akan berlaku untuk variant Xiaomi Mi A2 versi reguler saja dengan Codename : Jasmine, dan ingat! TWRP ini tidak bisa di pasangkan ke seri Xiaomi Mi A2 Lite, karena berbeda source kernelnya.

Syarat utama sebelum memasangkan TWRP :
1. Unlock Bootloader
2. PC atau Laptop
3. USB Cable.
4. Driver ADB dan Fastboot
5. TWRP Xiaomi Mi A2
6. No Verity Opt Encrypt

Pasang TWRP Xiaomi Mi A2 (Jasmine) di jamin sukses


Berikut adalah cara kerja pemasangan TWRP di Xiaomi Mi A2 (Jasmine) :
1. Silahkan lengkapi dulu persyatan di atas, untuk file TWRP Xiaomi Mi A2 rename menjadi TWRP.img lalu pindahkan file ke direktory file Fastboot driver di PC, untuk file No Verity pindahkan ke Memory Internal Xiaomi Mi A2.
2. Selanjutnya masuk ke dalam Mode Fastboot dengan menekan tombol Volume Down (-) dan Power berbarengan hingga muncul gambar robot dan kelinci.
3. Hubungkan Xiaomi Mi A2 ke PC dengan menggunakan Kabel USB.
4. Masukan perintah :

fastboot devices 

5. Jika sudah terbaca, masukan perintah ini :

fastboot set_active b

6. Lalu install TWRP dengan perintah :

fastboot boot twrp.img

7. Jika sudah masuk dalam mode TWRP segera flash file No Verity Opt Encrypt yang sudah kalian pindahkan ke Internal Memory Xiaomi Mi A2 kalian sebelumnya.
8. Done, untuk mencoba masuk dalam mode TWRP secara manual kalian bisa menekan tombol volume up (+) dan Power berbarengan saat kondisi device Power Off.
9. Done.

Ingat hal penting ini! kalian disini hanya di ijinkan untuk bisa melakukan Boot terhadap file TWRP recovery, bukan melakukan Flash, jadi perintah utama pada Fastboot ialah Boot bukan Flash, jika kalian terlanjur melakukan flash maka, solusinya flash ulang Boot.img pada stock firmware yang kalian gunakan jika tidak device kalian tidak akan bisa booting.

Info Penting! lakukan Backup sebelum memasangkan TWRP tersebut, karena ada potensi bootloop, jika kalian mendapati masalah terkait TWRP yang tidak bisa membaca Memory Internal atau terkunci, solusinya sudah di tuliskan lengkap dan ampuh DISINI.

Jika kalian sudah mengikuti cara diatas dengan benar sepenuhnya, mestinya kalian sudah berhasil memasang TWRP ini secara 100% berhasil, dan jangan khwatir metode ini sudah kami uji coba dan berhasil, jadi selamat menikmati TWRP baru pada device kesayangan kalian. 

          Linux vulnerability could lead to DDoS attacks      Cache   Translate Page   Web Page Cache   
A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to a 6 August security advisory.
          Peter Hutterer: How the 60-evdev.hwdb works      Cache   Translate Page   Web Page Cache   

libinput made a design decision early on to use physical reference points wherever possible. So your virtual buttons are X mm high/across, the pointer movement is calculated in mm, etc. Unfortunately this exposed us to a large range of devices that don't bother to provide that information or just give us the wrong information to begin with. Patching the kernel for every device is not feasible so in 2015 the 60-evdev.hwdb was born and it has seen steady updates since. Plenty a libinput bug was fixed by just correcting the device's axis ranges or resolution. To take the magic out of the 60-evdev.hwdb, here's a blog post for your perusal, appreciation or, failing that, shaking a fist at. Note that the below is caller-agnostic, it doesn't matter what userspace stack you use to process your input events.

There are four parts that come together to fix devices: a kernel ioctl and a trifecta of udev rules hwdb entries and a udev builtin.

The kernel's EVIOCSABS ioctl

It all starts with the kernel's struct input_absinfo.


struct input_absinfo {
__s32 value;
__s32 minimum;
__s32 maximum;
__s32 fuzz;
__s32 flat;
__s32 resolution;
};
The three values that matter right now: minimum, maximum and resolution. The "value" is just the most recent value on this axis, ignore fuzz/flat for now. The min/max values simply specify the range of values the device will give you, the resolution how many values per mm you get. Simple example: an x axis given at min 0, max 1000 at a resolution of 10 means your devices is 100mm wide. There is no requirement for min to be 0, btw, and there's no clipping in the kernel so you may get values outside min/max. Anyway, your average touchpad looks like this in evemu-record:

# Event type 3 (EV_ABS)
# Event code 0 (ABS_X)
# Value 2572
# Min 1024
# Max 5112
# Fuzz 0
# Flat 0
# Resolution 41
# Event code 1 (ABS_Y)
# Value 4697
# Min 2024
# Max 4832
# Fuzz 0
# Flat 0
# Resolution 37
This is the information returned by the EVIOCGABS ioctl (EVdev IOCtl Get ABS). It is usually run once on device init by any process handling evdev device nodes.

Because plenty of devices don't announce the correct ranges or resolution, the kernel provides the EVIOCSABS ioctl (EVdev IOCtl Set ABS). This allows overwriting the in-kernel struct with new values for min/max/fuzz/flat/resolution, processes that query the device later will get the updated ranges.

udev rules, hwdb and builtins

The kernel has no notification mechanism for updated axis ranges so the ioctl must be applied before any process opens the device. This effectively means it must be applied by a udev rule. udev rules are a bit limited in what they can do, so if we need to call an ioctl, we need to run a program. And while udev rules can do matching, the hwdb is easier to edit and maintain. So the pieces we have is: a hwdb that knows when to change (and the values), a udev program to apply the values and a udev rule to tie those two together.

In our case the rule is 60-evdev.rules. It checks the 60-evdev.hwdb for matching entries [1], then invokes the udev-builtin-keyboard if any matching entries are found. That builtin parses the udev properties assigned by the hwdb and converts them into EVIOCSABS ioctl calls. These three pieces need to agree on each other's formats - the udev rule and hwdb agree on the matches and the hwdb and the builtin agree on the property names and value format.

By itself, the hwdb itself has no specific format beyond this:


some-match-that-identifies-a-device
PROPERTY_NAME=value
OTHER_NAME=othervalue
But since we want to match for specific use-cases, our udev rule assembles several specific match lines. Have a look at 60-evdev.rules again, the last rule in there assembles a string in the form of "evdev:name:the device name:content of /sys/class/dmi/id/modalias". So your hwdb entry could look like this:

evdev:name:My Touchpad Name:dmi:*svnDellInc*
EVDEV_ABS_00=0:1:3
If the name matches and you're on a Dell system, the device gets the EVDEV_ABS_00 property assigned. The "evdev:" prefix in the match line is merely to distinguish from other match rules to avoid false positives. It can be anything, libinput unsurprisingly used "libinput:" for its properties.

The last part now is understanding what EVDEV_ABS_00 means. It's a fixed string with the axis number as hex number - 0x00 is ABS_X. And the values afterwards are simply min, max, resolution, fuzz, flat, in that order. So the above example would set min/max to 0:1 and resolution to 3 (not very useful, I admit).

Trailing bits can be skipped altogether and bits that don't need overriding can be skipped as well provided the colons are in place. So the common use-case of overriding a touchpad's x/y resolution looks like this:


evdev:name:My Touchpad Name:dmi:*svnDellInc*
EVDEV_ABS_00=::30
EVDEV_ABS_01=::20
EVDEV_ABS_35=::30
EVDEV_ABS_36=::20
0x00 and 0x01 are ABS_X and ABS_Y, so we're setting those to 30 units/mm and 20 units/mm, respectively. And if the device is multitouch capable we also need to set ABS_MT_POSITION_X and ABS_MT_POSITION_Y to the same resolution values. The min/max ranges for all axes are left as-is.

The most confusing part is usually: the hwdb uses a binary database that needs updating whenever the hwdb entries change. A call to systemd-hwdb update does that job.

So with all the pieces in place, let's see what happens when the kernel tells udev about the device:

  • The udev rule assembles a match and calls out to the hwdb,
  • The hwdb applies udev properties where applicable and returns success,
  • The udev rule calls the udev keyboard-builtin
  • The keyboard builtin parses the EVDEV_ABS_xx properties and issues an EVIOCSABS ioctl for each axis,
  • The kernel updates the in-kernel description of the device accordingly
  • The udev rule finishes and udev sends out the "device added" notification
  • The userspace process sees the "device added" and opens the device which now has corrected values
  • Celebratory champagne corks are popping everywhere, hands are shaken, shoulders are patted in congratulations of another device saved from the tyranny of wrong axis ranges/resolutions

Once you understand how the various bits fit together it should be quite easy to understand what happens. Then the remainder is just adding hwdb entries where necessary but the touchpad-edge-detector tool is useful for figuring those out.

[1] Not technically correct, the udev rule merely calls the hwdb builtin which searches through all hwdb entries. It doesn't matter which file the entries are in.


          Kosway Trading Co      Cache   Translate Page   Web Page Cache   
Kosway Trading deal in oil palm and coconut byproduct mostly from Malaysia and Indonesia. 1) palm kernel shell and coconut shell, coconut shell charcoal. These item are use as green, renewable energy source, replacing coal and petroleum which cause global warming. 2) palm kernel expeller and copra cake. Palm kernel expeller (pke) is called palm kernel meal or cake , together with copra cake are used a animal feed. 3) Palm, Palm Kernel and Coconut Acid Oil and Fatty Acid Oil. Feed stock for soap and bio diesel manufacturing.
          Alpha Palm Oil      Cache   Translate Page   Web Page Cache   
APO is malaysia's leading producer of crude palm oil (cpo) and palm kernel oil (pko). The company’s own plantations provide approximately 20% of the fruit processed by three APO factories, with the balance provided by more than 2, 000 small and medium sized out-grower farmers. The company’s emphasis on modern agricultural practices and productivity improvement. The APO production process starts with our oil palm breeding programme and seed production unit. High quality hybrid oil palm seedlings are produced for our own plantings or for sale to our farmer suppliers. After careful selection in the company’s nurseries, seedlings are ready for planting at around the age of 10 to 12 months.
          VIKING EDIBLE OILS SDN BHD      Cache   Translate Page   Web Page Cache   
Destinations across diverse cultures, and form a vital ingredient in a broad spectrum of food, pastry and confectionery. This seamless integration of Palm Oil derives from its unique composition of liquid and semi solid fractions. Blends among fractions, the modification of physical properties of these fractions through interesterification and blends between fractions of Palm Oil and Palm Kernel Oil generate a dazzling array of oils and fats each with distinctive oil and fat profiles. Our buyers can choose from an extensive range of with customised crystal structures, solid fats, meltdown, etc. and from these obtain attributes and performance they desire in their food, pastry and confectionery formulations. All this is done without the intrusion of injurious substances or processes. We have long association with Palm Oil, and are, for our customers a one stop centre for premium grade palm oil products. Our portfolio of exports include RBD Palm Olein (cooking oil), Vegetable Ghee, Shortening, Margarine, Cocoa Butter Substitute (CBS), Ice cream, Dough, Creaming, Coating and other Speciality Fats. All products are available in consumer and industrial packing and are manufactured to parameters designed to surpass.....
          Beijing Bidragon Machinery Co., Ltd.       Cache   Translate Page   Web Page Cache   
Beijing Double Dragon International Industrial & Mining Machinery Co., Ltd (also known as Bidragon) is located in Beijing. We are a high and new technology enterprise, which is professionally engaged in boiler design, development, sales, service and marketing promotion. At the same time, we are also engaged in boiler system design and project construction. Beijing Double Dragon International Industrial & Mining Machinery Co., Ltd. is authorized by the Chinese Foreign Economy and Trade Committee, with independent import and export rights. Many years’ experience on foreign trade helps us provide the best service for foreign customers. We Bidragon have cooperated with many Grade-A boiler manufacturers and research enterprises. Furthermore, we are extending product function constantly and improving product performance by absorbing advanced experience at home and abroad. We Bidargon are professional in selling the state-of-the-art technology boilers with high thermal efficiency and adopting renewable clean energy, which is not only environment friendly but also help customer save operation cost. We supply Grade-A Boiler Manufactures product. According to customer’s requirement, we can supply oil fired boiler, gas fired boiler, biomass (wood pellet, wood chip, wood dust, corncob, bagasse, rice husk, palm kernel shell) boiler, electric boiler, coal fired boiler, coal-water slurry boiler, heat recovery boiler and so on. Our products own ISO9001 qualification system. What’s more, we have got the SGS certificate, BV certificate and CE certificate. The designed boiler lifespan can reach 20 years. We are dedicated to global market. Nowadays, we have exported boilers to more than twenty countries, such as Europe, Middle East, Southeast Asia, and Africa. During the past years, our company is developing quickly and stably at the annual growth speed of 100%. We sincerely welcome all customers to contact and visit us to build long-term business relationship. Bidragon mission We are responsible for your choice!
          PAN PACIFIC CORPORATION      Cache   Translate Page   Web Page Cache   
From a single seed in a farmer’s field to a dinner table halfway across the globe, PAN PACIFIC CORPORATION (PPC) brings ideas together to help satisfy the world’s needs. To get there, we collaborate with customers to create better products and services, streamline supply chains, save energy, reduce costs and move goods to every corner of the planet. We help farmers get higher yields from fewer acres, and store crops so they have greater flexibility in marketing their harvest. We give back to the communities where we do business through continuous efforts to improve nutrition, health and education, and protect natural resources. PAN PACIFIC CORPORATION (PPC) Agro Farms, Food and Agriculture, Industrial Products, Raw Materials Export, Import and General Trading, Buyer and Seller Mandate Services Company is a Bangladeshi Owned Company since 2005. We have been doing business in Bangladesh and Middle East and Africa EU , USA , Canada and Asian Countries in various capacities for more than 15 years. We have long standing and very close relationships with Bangladeshi and Asian prominent Producers and Traders ensuring we can offer you best access to the Finest Quality First Class Premium Bangladeshi and Asian Products. We are into the Farming, Export, Import, Trading and wide range of commodity serving customer in USA,GCC/Gulf, Africa, EU, Australia and Asian countries. We, as Agro farming and Industrial Products, General Trading Company outsource and serve both overseas and domestic customers. The company maintains a large in-house data which enables us to quickly outsource commodities, makes prompt and quick quotations for my customer requirements according to the manufacturer’s information and specification. It is always our endeavor to coordinate and deal with reputed manufacture and trading houses that meets the satisfaction in terms of quality as well as price competitiveness of our customers. We are multi diversified agro farming and general trading company in various commodities representing many other producers / manufacturing and trading houses in the competitive market. These arrangements are an asset to reduce operation cost and become more competitive in the international markets. While we manage export for our principles, we take complete responsibility of marketing, procuring, shipping, export/import documentation and after sales customer’s services. We active involve in agro products, trading and supply of various commodities mainly in Food Stuffs and industrial products locally and globally. Our products and service portfolio ranges from Fresh and Quality Vegetable, Fruits, Wheat, Rice, Sugar ( Refined Sugar, Raw Sugar, Beet Sugar ) Grains, Refined Sunflower Oil, Crude Sunflower Oil, Refined Soybean Oil, Crude Soybean Oil, Refined Corn Oil, Crude Corn Oil, Refined Palm Oil, Refined Palm Kernel Oil, Crude Palm Oil, Crude Coconut Oil, Refined Coconut Oil, Olive Oil, Full Cream Milk Powder – FCMP, Skimmed Milk Powder – SMP, Yellow Corn, White Corn, Soybean GMO G2, Soybean Meal, Barley Feed, Cattle Feed, Sea Salt, Animal Feed, Fish meal, Fish Feeds, Canned Fish, PP Woven Sacks. Industrial Products : Industrial Raw Materials, UREA N46 (Granular & Prilled), Paper Products, Chemicals, Minerals, Metals, Garments and Apparels, Prime Leather Products, Rails, Steels and Iron Scrap that originate from USA, EU, Malaysia, Singapore, Thailand, Indonesia, Japan, Hong Kong, Philippines, Middle East, China, India, Pakistan, Bangladesh, Russia, Ukrain, Australia, Turkey and African Countries. We are a well established company with innovative ideas and dynamic thinking professionals, with moral values & ethics in business. We are committed to provides quality workmanship and reliable services to our most valuable customers that have enabled us to succeed in this competitive market. Our core strengths can be characterized in three words – Dynamic, Reasonable and Responsible. We PAN PACIFIC CORPORATION (PPC) has enjoyed a period of strong growth, and achievement since inception. Our determination and dedication to serve the clients interests makes us keep on growing from grass root to the top. When you deal with us, you will feel and realize what this means. Mission : Our primary objective is to pursuit excellence in the field of agriculture, agro based production and process, Industrial Products procurement, services and supply of Goods and Services. The organization consistently endeavoring to achieve optimum results through quality products and services to clients through complete professionalism. Vision: To be a leading Agriculturist, Agro farming process, Industrial Products Exporter, Importer and Trading House in local and global region, offering quality products and services to the customers at the right place at the right time at the best price. We invite you with great pleasure to join hands with us to provide high quality products and services to the end user at competitive prices in order to meet their full satisfaction. We are looking forward to your reply and inquiry soon, if we could have opportunity to cooperate in your good company in the future. Our experience and understanding having products and traded in the Far East, Middle East and Far West for many years, combined with our direct relationships with many of Bangladeshi and Asian top producers, Traders makes us an ideal source. Building an ongoing relationship with Agro Products and Process,F&B, Industrial Products gives you access to Bangladeshi and global finest food and agro products... clean, fresh and delicious every time! Agriculture – Food – Industrial – Investor Relations
          Vimal Oil Co.Limited      Cache   Translate Page   Web Page Cache   
Vimal Oil Co.LTD company is a supplier of oils and fats since 1838. We offer Refined, USP/NF, Crude and Kosher (where applicable) vegetable oils, animal fats, fatty acids, and other oils for various industries. We are certified and registered by the Food and Drug Administration (FDA), as a drug repackaging establishment -- all products are continually tested to maintain the highest quality. A full-time in house quality control laboratory tests and analyzes incoming and outgoing products using methods prescribed by U.S.P., F.C.C., A.O.C.S., A.S.T.M., and via gas chromatography to verify that they meet the required specifications and industry standards. Vimal Oil Co.LTD as a big company sell all it product at cheap and affordable price''s. Here are the list of different kinds of products we offer for sale from our company WE CAN ALSO INVOLVE IN RESEARCH ACTIVITIES WITH YOUR ORGANIZATION. WE HAVE DEVELOPED A KNOWLEDGE NETWORK ON OIL AND BIODIESEL. WE ALSO LIST ALL PRODUCTS AVAILABLE IN STOCK IN THE YEAR 2008 IN BELOW PRODUCTS LIST SINCE OUR PRODUCTION HAS INCREASED AND ANY INTERESTED BUYER WHO IS INTERESTED IN ANY OF OUR PRODUCTS SHOULD CONTACT US FOR THEIR PRICES. WE ARE THE PRODUCER QUANTITY: MINIMUM ORDER - 5 MT PER SHIPMENT WE OFFER FREE SAMPLES BUT YOU ARE ONLY GOING TO PAY FOR FREIGHT TO YOUR DOORSTEP MAXIMUM ORDER - 25,000 MT PER SHIPMENT DATE OF FIRST DELIVERY: BY AGREEMENT IN CONTRACT DELIVERY METHOD: BULK BY VESSEL, SHIP TO TANK ETC DELIVERY TIME ......2 TO 4 WEEKS EXPRESS SERVICE BY AIR SAMPLES DELIVERY TIME ......WITHIN 48 HOURS PACKING: IN CUSTOMER PROFFERED METHOD PAYMENT:L/C, T/T ( BANK TRANSFER ), WIRE TRANSFER INSPECTION: THE QUALITY AND QUANTITY OF GOODS WILL BE CONFIRMED FOR EACH SHIPMENT ON A CERTIFICATE ISSUED BY THE SGS AT DISCHARGE PORT AT BUYERS ACCOUNT WHICH SHALL BE BINDING ON BOTH PARTIES IN ALL RESPECTS WE SELL PER METRIC TON(MT) vimaloiltds@yahoo.com VEGETABLE OIL FOR .....................................USD220 PERMT SESSAME OIL FOR .......................................USD220 PERMT CORN OIL FOR ..........................................USD220 PERMT SOYA BEAN OIL FOR .....................................USD250 PERMT JATROPHA OIL FOR ......................................USD250 PERMT RBD PALMOIL FOR .......................................USD220 PERMT PALM OIL FOR ..........................................USD220 PERMT COOKING OIL FOR .......................................USD200 PERMT BIODIESEL FOR .........................................USD300 PERMT CASTOR OIL FOR ........................................USD240 PERMT GRAPE SEED OIL FOR ....................................USD240 PERMT JOJOBA OIL FOR ........................................USD220 PERMT CRUDE PALM OIL FOR ....................................USD220 PERMT PALM, RBD OLEIN FOR ...................................USD220 PERMT SUNFLOWER OIL FOR......................................USD230 PERMT PALM STEARIN ORGANIC FOR ..............................USD220 PERMT VIRGIN COCONUT OIL FOR ................................USD240 PERMT KAPOP SEED OIL FOR ....................................USD200 PERMT RAPESEED OIL FOR ......................................USD270 PERMT SAFFLOWER OIL FOR .....................................USD200 PERMT SNAKE OIL FOR..........................................USD20 0 PERMT vimaloiltds@yahoo.com BELOW ARE SOME OF OUR PRODUCT LISTED. ACAI OIL ALMOND OIL AMARANTH OIL APRICOT OIL ARGAN OIL AVOCADO OIL BABASSU OIL BASIL OIL BERGAMOT OIL BIODIESEL BLACK CURRANT SEED OIL BLACK SEED OIL BORAGE OIL BRAZIL NUT OIL BUCHU OIL CAMELLIA OIL CAMOMILE OIL CANOLA OIL / RAPESEED OIL CAROB POD OIL CARROT SEED OIL CASHEW OIL CASTOR OIL CINNAMON OIL CLOVE OIL COCOA BUTTER COCONUT OIL CORIANDER SEED OIL CORN OIL COTTONSEED OIL CRANBERRY SEED OIL CUMARU - TONKA BEAN OIL CUMIN SEED OIL DILL SEED OIL EUCALYPTUS OIL EVENING PRIMROSE FENNEL SEED OIL FENUGREEK OIL FLAX SEED OIL GERANIUM OIL GINGER OIL GOUND NUT OIL GRAPE SEED OIL GRAPEFRUIT OIL HAZELNUT OIL HEMP OIL JATROPHA OIL JOJOBA OIL JUNIPER BERRY OIL KAPOK SEED OIL LAVENDER OIL LEMON GRASS OIL LEMON OIL LINOLEIC ACID LINSEED OIL LYSINE MACADAMIAN NUT OIL MELISSA OIL MINT OIL MORINGA OIL MUGWORT OIL MUSTARD OIL MYRRH OIL NEEM OIL NUTMEG OIL OLIVE OIL OLIVE OIL - VIRGIN OLIVE OIL - EXTRA VIRGIN OLIVE OIL - LAMPANTE OLIVE OIL - POMACE OLIVE OIL - REFINED ORANGE OIL OREGANO OIL OTHER PALM KERNEL OIL PALM OIL PALM OIL - CRUDE PALM OIL - ORGANIC PALM STEARIN PALM STEARIN - ORGANIC PALM, RBD OLEIN PALMAROSA OIL PATCHOULI OIL PECAN OIL PENNY ROYAL OIL PEPPERMINT OIL PERILLA SEED OIL PINE SEED OIL PISTACHIO POMEGRANATE SEED OIL POPPY SEED OIL PRUNE KERNAL OIL PUMPKIN SEED RED PEPPER OIL RICE BRAN OIL ROSE HIP OIL ROSE OIL ROSEMARY OIL ROSEWOOD SAFFLOWER OIL SAGE OIL SANDALWOOD OIL SAVORY OIL SESAME OIL SHEA BUTTER SOYA BEAN OIL STAR ANISE OIL SUNFLOWER OIL TARRAGON OIL TEA SEED OIL TEA TREE OIL THYME OIL TRUFFLE OIL TUNG OIL VEGETABLE OIL VEGETABLE OIL - USED WALNUT OIL WHEAT GERM OIL FOR MORE INQUIRIES MAIL :vimaloiltds@yahoo.com
          Edible Oils Ltd      Cache   Translate Page   Web Page Cache   
WE CAN ALSO INVOLVE IN RESEARCH ACTIVITIES WITH YOUR ORGANIZATION. WE HAVE DEVELOPED A KNOWLEDGE NETWORK ON OIL AND BIODIESEL. WE ALSO LIST ALL PRODUCTS AVAILABLE IN STOCK IN THE YEAR 2008 IN BELOW PRODUCTS LIST SINCE OUR PRODUCTION HAS INCREASED AND ANY INTERESTED BUYER WHO IS INTERESTED IN ANY OF OUR PRODUCTS SHOULD CONTACT US FOR THEIR PRICES. WE ARE THE PRODUCER QUANTITY: MINIMUM ORDER - 5 MT PER SHIPMENT WE OFFER FREE SAMPLES BUT YOU ARE ONLY GOING TO PAY FOR FREIGHT TO YOUR DOORSTEP MAXIMUM ORDER - 25,000 MT PER SHIPMENT DATE OF FIRST DELIVERY: BY AGREEMENT IN CONTRACT DELIVERY METHOD: BULK BY VESSEL, SHIP TO TANK ETC DELIVERY TIME ......2 TO 4 WEEKS EXPRESS SERVICE BY AIR SAMPLES DELIVERY TIME ......WITHIN 48 HOURS PACKING: IN CUSTOMER PROFFERED METHOD PAYMENT:L/C, T/T ( BANK TRANSFER ), WIRE TRANSFER INSPECTION: THE QUALITY AND QUANTITY OF GOODS WILL BE CONFIRMED FOR EACH SHIPMENT ON A CERTIFICATE ISSUED BY THE SGS AT DISCHARGE PORT AT BUYERS ACCOUNT WHICH SHALL BE BINDING ON BOTH PARTIES IN ALL RESPECTS WE SELL PER METRIC TON(MT) BELOW ARE SOME OF OUR PRODUCT LISTED. ACAI OIL ALMOND OIL AMARANTH OIL APRICOT OIL ARGAN OIL AVOCADO OIL BABASSU OIL BASIL OIL BERGAMOT OIL BIODIESEL BLACK CURRANT SEED OIL BLACK SEED OIL BORAGE OIL BRAZIL NUT OIL BUCHU OIL CAMELLIA OIL CAMOMILE OIL CANOLA OIL / RAPESEED OIL CAROB POD OIL CARROT SEED OIL CASHEW OIL CASTOR OIL CINNAMON OIL CLOVE OIL COCOA BUTTER COCONUT OIL CORIANDER SEED OIL CORN OIL COTTONSEED OIL CRANBERRY SEED OIL CUMARU - TONKA BEAN OIL CUMIN SEED OIL DILL SEED OIL EUCALYPTUS OIL EVENING PRIMROSE FENNEL SEED OIL FENUGREEK OIL FLAX SEED OIL GERANIUM OIL GINGER OIL GOUND NUT OIL GRAPE SEED OIL GRAPEFRUIT OIL HAZELNUT OIL HEMP OIL JATROPHA OIL JOJOBA OIL JUNIPER BERRY OIL KAPOK SEED OIL LAVENDER OIL LEMON GRASS OIL LEMON OIL LINOLEIC ACID LINSEED OIL LYSINE MACADAMIAN NUT OIL MELISSA OIL MINT OIL MORINGA OIL MUGWORT OIL MUSTARD OIL MYRRH OIL NEEM OIL NUTMEG OIL OLIVE OIL OLIVE OIL - VIRGIN OLIVE OIL - EXTRA VIRGIN OLIVE OIL - LAMPANTE OLIVE OIL - POMACE OLIVE OIL - REFINED ORANGE OIL OREGANO OIL OTHER PALM KERNEL OIL PALM OIL PALM OIL - CRUDE PALM OIL - ORGANIC PALM STEARIN PALM STEARIN - ORGANIC PALM, RBD OLEIN PALMAROSA OIL PATCHOULI OIL PECAN OIL PENNY ROYAL OIL PEPPERMINT OIL PERILLA SEED OIL PINE SEED OIL PISTACHIO POMEGRANATE SEED OIL POPPY SEED OIL PRUNE KERNAL OIL PUMPKIN SEED RED PEPPER OIL RICE BRAN OIL ROSE HIP OIL ROSE OIL ROSEMARY OIL ROSEWOOD SAFFLOWER OIL SAGE OIL SANDALWOOD OIL SAVORY OIL SESAME OIL SHEA BUTTER SOYA BEAN OIL STAR ANISE OIL SUNFLOWER OIL TARRAGON OIL TEA SEED OIL TEA TREE OIL THYME OIL TRUFFLE OIL TUNG OIL VEGETABLE OIL VEGETABLE OIL - USED WALNUT OIL WHEAT GERM OIL FOR MORE INQUIRIES MAIL
          Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read      Cache   Translate Page   Web Page Cache   
Linux Kernel version 4.14.7 (Ubuntu 16.04 / CentOS 7) arbitrary file read exploit with KASLR and SMEP bypass.
          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major ...      Cache   Translate Page   Web Page Cache   

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major ...
An analyst at the DHS’ cyber defense facility in Idaho Falls, Idaho who is supposedly staring at a DHS emblem superimposed on a circuit board logo for some reason.

Photo: Mark J. Terrill (AP)

Department of Homeland Security-funded research by Virginia-based security firm Kryptowire has allegedly discovered major security flaws in numerous phones, according to a report on cybersecurity site Fifth Domain .

According to the report, DHS Science and Technology Directorate program manager Vincent Sritapan said at the Black Hat conference in Las Vegas that the vulnerabilities have been discovered in phones carried by all four major carriers: Verizon, AT&T, T-Mobile, and Sprint. The exact nature of the vulnerabilities were not released, though they allegedly can take control of a targeted device:

The vulnerabilities are built into devices before a customer purchases the phone. Researchers said it is not clear if hackers have exploited the loophole yet. Department of Homeland Security officials declined to say which manufacturers have the underlying vulnerabilities. Millions of users in the U.S. are likely at risk, a source familiar with the research said, although the total number is not clear. ... “This is something that can target individuals without their knowledge,” Angelos Stavrou, the founder of Kryptowire told Fifth Domain.

The vulnerabilities are so widespread that government officials are likely using potentially affected phones, Fifth Domain added. Researchers began notifying manufacturers as early as February.

As noted by 9to5Mac , Kryptowire said the research was prompted by concerns about vulnerabilities in phones made by Blu, a manufacturer of low-cost, primarily Android-powered devices. Amazon briefly pulled Blu phones earlier this year, but they returned to the e-commerce giant’s marketplace after the company wrote off the matter as a “false alarm.”

On Wednesday, researchers also told Reuters that Samsung Galaxy S7 smartphones were vulnerable to Meltdown , an exploit in speculative execution, a processing technique where CPUs perform some tasks that might not be needed to reach results faster. Meltdown exploits this process to gain glimpses at protected kernel memory, which could potentially compromise an entire device. Samsung told Reuters it had rolled out preliminary updates for S7 handsets in January, as well as another update in July.

“There are potentially even more phones affected that we don’t know about yet,” Graz Technical University researcher Michael Schwarz told Reuters. “There are potentially hundreds of million of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”

According to Fifth Domain, researchers are expected to release further details about the vulnerabilities later this week.

[ Fifth Domain via 9to5Mac ]
          [lubuntu] Kernel upgrade disables WiFi      Cache   Translate Page   Web Page Cache   
I have an HP Paviliion TS11 running Lubuntu 16.04, with a dongle for WiFi access (I couldn't get the built-in RT3290 to work). The software for the dongle (rtl8812au) was installed using the help I received in https://ubuntuforums.org/showthread.php?t=2368422. Now, though, after the most recent...
          In Like Father, Lauren Miller Rogen Delivers a Solid Comedy - With an Emotional Twist      Cache   Translate Page   Web Page Cache   

It's easy to watch the trailer for Like Father and think you know exactly how the movie is going to play out. The film tells the story of Rachel, who gets dumped at the altar and drunkenly ends up on her honeymoon cruise with her estranged father, Harry, instead of her fiancé. You might assume you'll see relationship-focused comedy tropes that we've come to know, love, and grow tired of: a workaholic giving up her lucrative career for love, the handsome disaster who you can't help but be charmed by despite his major faults, and even the big musical number at the end that proves just how far the main characters have come. Yes, some of those do happen, but not necessarily in the ways you think they will.

That's what makes Lauren Miller Rogen's directing debut for Netflix a subtle masterclass in subverting said tropes aided by powerhouse performances from Kelsey Grammer and Kristen Bell, who play Harry and Rachel. From the melancholy core of the dramedy to the hilarious character played by Rogen's husband, Seth, I hopped on the phone with her to discuss everything that makes Like Father so special.

POPSUGAR: I have to confess that I've never been on a cruise, so this movie was very, very enlightening, and also a little scary.

Lauren Miller Rogen: [laughs] It's crazy, isn't it?

PS: What made you go with that location?

LMR: The idea was actually pitched to me by Anders Bard, the producer of the movie. The kernel of the idea, a woman who gets left at the altar and whose estranged dad shows up and they go on her honeymoon cruise. That very basic idea. I had never been on a cruise before either! I wrote the whole thing with the help of the internet, and also my in-laws are really big cruisers. They go on four or five a year. Not joking. [laughs] But really what it was is that it traps [Rachel and Harry]. If it was at a resort and they woke up there, they could just drive away. So, it's a device to force them to open up their story. What I really liked about it was the juxtaposition of this colorful cruise world with this really intimate, emotional story that was going on.

PS: It's definitely an interesting juxtaposition, especially because of how dark Harry's story gets. Surprisingly so. How did you go about casting Kelsey Grammar as Harry?

LMR: The casting process for our movie was actually happening at the same time they were shooting Neighbors 2, where Kelsey plays Chloë Moretz's dad. I happened to be on set the day he was shooting a scene, and he was so funny. I was like, "Wait, could he be Harry?!" We ended up sitting down together, and in addition to seeing him on set and knowing he was so hysterical, within the first five minutes of talking he brought up one of the more emotional scenes from the film, and started tearing up. He's really lived such an extraordinary life with so many ups and downs, that he has so much to pull from. Within the first few minutes of sitting across from him, I said "Oh, he's Harry." It wasn't even a question. He's warm and funny, but sad and searching . . . he was perfect.

PS: And for Kristen Bell, she's in a lot of bubbly, comedic roles, but this really shows off her dramatic edge. What made you realize she was Rachel?

LMR: She and I have a mutual friend and we've met a few times, but didn't really know each other. I sent my friend the script like "Can you email her and tell her that I'm a normal person and to read the script?" [laughs] I'd seen a lot of her comedic work and I'd seen a little bit of her dramatic roles, but not exactly quite like this. Within the first few minutes of meeting with her, it was the same thing [as with Kelsey]. She's a really intellectual actor. When I wrote the script I really wanted to create a character who felt three dimensional, who felt like a real woman who goes on a quite emotional journey with a lot of ups and downs, and I wanted her to react to those things in a way that feels organic and authentic. Instantly, that was the first thing Kristen talked about. We were so on the same page. I had a real partnership with her in creating a woman who felt genuine, and hopefully women who see the movie will see themselves in her.

PS: Something I find so annoying in movies in this genre is the trope at the end where the woman totally gives up her amazing job for love. Obviously it's not the exact same scenario here, but it was so refreshing to see Rachel be praised for being successful in her demanding career, but also still be able to forge a relationship with Harry.

LMR: Yeah, I did not want to create a character who had to choose between her job and her life. I have a job that I love, and you know what? I also have a life that I love, that I'm very present in. I think that a lot of times in movies, like you're saying, that choice ends up happening. Like, "I need to quit my job to live my life!" I want to scream "No!" Because you can do something you love and also have a life. That's what Rachel does. She chooses to have a balance. That was important to both me and Kristen, because she's someone who loves her job, but also fiercely loves her family. It is work to balance those two, and that's what Rachel learns along the way, that she has to put in effort towards balancing them, and we really wanted to put that out there.

PS: In terms of Harry's character, I loved the scene when we finally find out who's at the other end of all of those phone calls he keeps getting. There's that incredible blow up between him and Rachel, but it ends up being a bit of a twist when he admits what's actually going on. How did you decide to go in that direction, as opposed to having him ask her for money or something along those lines?

LMR: It literally took me so long to figure out why Harry came back. I went through so many different versions. Was he sick? Did his wife die? Was he bankrupt? At the end, I was always so disgusted by him coming for money, so I put it in as a red herring. Anders, the producer, told me that was one of his favorite things when he read the script for the first time, that there were so many times where I take you down a road where you're like, "Oh, of course this is gonna happen," and then something totally different happens. Sort of changing that stereotype and twisting it a little bit is something I was very much conscious of. I wanted to push past those initial ideas, which is how I arrived at the fact that Harry was lonely, and that's why he came to her. How sad is that?

PS: That scene broke me, honestly.

LMR: Aren't they amazing?

PS: The energy between them in those quiet scenes was just phenomenal.

LMR: Don't they really seem like father and daughter? They're good actors. Very good actors.

Lauren Miller Rogen being an absolute boss on the set of Like Father.

PS: Did you know that you wanted to have Seth [Rogen, the director's husband] in your movie from the beginning?

LMR: Well, originally we had talked about him playing Owen, the groom. I liked the idea of him having a little cameo, someone you'd think would come back later. And then having him play Jeff just kind of accidentally happened. A few months before we were shooting we were in Canada, and the role of Jeff was originally written as a Midwestern guy. This sweet, sort of goofy Midwesterner. But we were in Canada, and as we were literally brushing our teeth I said, "What if Jeff was Canadian and I made funny Canadian jokes?" And Seth's response was, "I'm not going on the cruise ship." [laughs] Over the next few days, though, we just kept bouncing around jokes and ideas, and he'd never played a Canadian and gotten to make jokes like that. It got to the point where he was just like "Man, it would be too funny. Alright I have to do it." So that's how it happened! And why wouldn't I want my favorite actor in my movie?

[Editor's note: Reader, I "aww"d.]

PS: The estranged father-daughter relationship isn't usually one that we see explored in movies that often. Typically it's mother-daughter, or father-son. How did you go about making that kind of relationship feel authentic?

LMR: My dad is amazing, and we've always been together. [laughs] So it wasn't from experience. I have a friend who has a similar story that I had some good conversations with, who gave me some emotional context to include. I think as an actor, and I can't speak for other writers, but as an actor, when I write I will sort of act the scenes out in my head a little bit. I'll improvise my way through them. When I was writing this script, I was going through what was a pretty dark time in my life. My mom, who has Alzheimer's disease, it was when she was just becoming really advanced, and I was sort of going through this pretty angry time. Writing these emotional scenes sometimes, even though the content wasn't necessarily reflecting my own personal situation, I put a lot of that emotion in it. To the best of my abilities I put myself in the emotional shoes of my characters, and try to always think about how they feel. I'd get dark when Rachel got dark, and was sad when Harry was sad. I'd just try to think about how this would really go down as I was writing it.

PS: Over the last five or so years, a space has really opened up for these so-called "unlikable" female characters in movies and TV shows, who actually just seem like realistic women. Rachel definitely comes across as one of them.

LMR: There have been amazing portraits of women in movies prior to this, and I don't want to discount that. But I think people have trouble when women emote. They want someone like Kristen Bell to be happy all the time. They don't want to see Princess Anna sad, or angry, or yelling. We've been told that women should be happy, pretty princesses. And, again, I don't want to make a blanket statement and say that's never been in a movie before, because it has so many times in so many amazing ways, but I just wanted to make sure that what I was creating was going to feel real. I didn't want to sugar coat it. I didn't want to make her likable for the sake of being likable, because women are real people who are allowed to be angry, and we're allowed to be sad, and we're allowed to make mistakes and f*ck up royally. I wanted Rachel to not have it right. I wanted to show that she was a woman who was struggling, who thought she had it all figured out and was so wrong, and had not paid attention to herself for long enough that she had let go so far off the rails. That's what's real to me. It was important to me to see that reflected in the story I was creating. I think that women in the past few years, we've seen that be OK. We've seen that become more and more acceptable. I just started the new season of Orange Is the New Black, for example, and it's great. Shows like that are so inspiring. Those women? Some of them are so far from perfect. [laughs] But they're so real. Don't you relate to every single one of them in some way?

PS: It's impossible not to.

LMR: Right? They're real people who make mistakes and they're human beings. I just wanted to create a human being.

Like Father is streaming on Netflix now.


          FreeBSD has its own TCP-queue-of-death bug, easier to hose than Linux’s SegmentSmack      Cache   Translate Page   Web Page Cache   
Hard on the heels of the Linux kernel’s packets-of-death attack dubbed SegmentSmack, a similar vulnerability has been disclosed and fixed in FreeBSD. Attributed to SegmentSmack discoverer Juha-Matti Tilli of Aalto University in Finland, the FreeBSD TCP issue is related to how the operating system’s networking stack reassembles segmented packets. Much in the same way Linux
          [KPN Glasvezel] Ervaringen & Discussie - Deel 2      Cache   Translate Page   Web Page Cache   
Replies: 7897 Last poster: marcel19 at 09-08-2018 21:30 Topic is Open Ik heb na een lang besluit toch maar weer mijn Asus RT-AC87U uit de kast gehaald en deze wilde ik weer plaatsen in plaats van de Experiabox V10. Ik heb exact gevold wat hier staat: https://gathering.tweakers.net/forum/view_message/50000529 Mijn CPU adres heb ik aangepast naar: 7t En op dit moment werkt mijn ITV op poort 4 van de asus router maar dan heb ik geen internet op poort 1 2 3 werkt mijn internet wel, maar mijn ITV niet. Iemand enig idee? robocfg show:code:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 admin@RT-AC87U-6C20:/jffs/configs# robocfg show Switch: enabled Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 10:51:72:23:32:7e Port 1: DOWN enabled stp: none vlan: 4 jumbo: off mac: 00:00:00:00:00:00 Port 2: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00 Port 3: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00 Port 4: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00 Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: d8:cb:8a:e5:96:e0 Port 7: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 08:62:66:8e:6c:20 Port 8: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00 VLANs: BCM5301x enabled mac_check mac_hash 1: vlan1: 2 3 5 7t 2: vlan2: 0 7 4: vlan4: 0t 1 6: vlan6: 0t 7t 1045: vlan1045: 0 4t 1046: vlan1046: 0 1t 2 4 5t 7t 8u 1047: vlan1047: 0 1 3 4 7 8u 1099: vlan1099: 1 2t 3t 1100: vlan1100: 4 1101: vlan1101: 0 1t 4t 5t 8t 1102: vlan1102: 2t 3 4 5 7t 8u 1103: vlan1103: 0t 1t 3t 5System log van de Asus Router:code:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 Aug 9 21:31:32 rc_service: httpd 305:notify_rc reboot Aug 9 21:31:33 dnsmasq[297]: read /etc/hosts - 5 addresses Aug 9 21:31:33 dnsmasq[297]: using nameserver 195.121.1.66#53 Aug 9 21:31:33 dnsmasq[297]: using nameserver 195.121.1.34#53 Aug 9 21:31:33 pppd[372]: Hangup (SIGHUP) Aug 9 21:31:33 pppd[372]: Terminating on signal 15 Aug 9 21:31:33 pppd[372]: Connect time 14.5 minutes. Aug 9 21:31:33 pppd[372]: Sent 498133066 bytes, received 448355157 bytes. Aug 9 21:31:33 pppd[372]: Connection terminated. Aug 9 21:31:33 pppd[372]: Sent PADT Aug 9 21:31:33 dnsmasq[297]: read /etc/hosts - 5 addresses Aug 9 21:31:33 dnsmasq[297]: using nameserver 195.121.1.66#53 Aug 9 21:31:33 dnsmasq[297]: using nameserver 195.121.1.34#53 Aug 9 21:31:33 pppd[372]: Exit. Aug 9 21:31:33 kernel: et1: et_mvlan_netdev_event: event 9 for vlan6 mvlan_en 0 Aug 9 21:31:33 kernel: Interface ppp0 doesn't exist Aug 9 21:31:33 kernel: et1: et_mvlan_netdev_event: event 2 for vlan6 mvlan_en 0 Aug 9 21:31:33 kernel: et1: et_mvlan_netdev_event: event 13 for vlan6 mvlan_en 0 Aug 9 21:31:33 kernel: et1: et_mvlan_netdev_event: event 1 for vlan6 mvlan_en 0 Aug 9 21:31:33 kernel: et1: et_mvlan_netdev_event: event 4 for vlan6 mvlan_en 0 Aug 9 21:31:34 iTunes: daemon is stopped Aug 9 21:31:34 FTP_Server: daemon is stopped Aug 9 21:31:34 Samba_Server: smb daemon is stopped Aug 9 21:31:34 kernel: gro disabled Aug 9 21:31:34 Timemachine: daemon is stopped Aug 9 21:31:34 WEBDAV_Server: daemon is stopped Aug 9 21:31:34 kernel: usbcore: deregistering interface driver cdc_mbim Aug 9 21:31:34 kernel: usbcore: deregistering interface driver cdc_ncm Aug 9 21:31:34 kernel: usbcore: deregistering interface driver qmi_wwan Aug 9 21:31:34 kernel: usbcore: deregistering interface driver cdc_wdm Aug 9 21:31:34 kernel: usbcore: deregistering interface driver rndis_host Aug 9 21:31:34 kernel: usbcore: deregistering interface driver cdc_ether Aug 9 21:31:34 kernel: usbcore: deregistering interface driver asix Aug 9 21:31:34 kernel: usbcore: deregistering interface driver cdc_acm Aug 9 21:31:34 kernel: usbcore: deregistering interface driver usblp Aug 9 21:31:34 kernel: et1: et_mvlan_netdev_event: event 4 for vlan6 mvlan_en 0 Feb 14 01:00:11 syslogd started: BusyBox v1.25.1 Feb 14 01:00:11 kernel: klogd started: BusyBox v1.25.1 (2018-05-12 21:53:36 EDT) Feb 14 01:00:11 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Sat May 12 22:04:16 EDT 2018 Feb 14 01:00:11 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f Feb 14 01:00:11 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache Feb 14 01:00:11 kernel: Machine: Northstar Prototype Feb 14 01:00:11 kernel: Ignoring unrecognised tag 0x00000000 Feb 14 01:00:11 kernel: bootconsole [earlycon0] enabled Feb 14 01:00:11 kernel: Memory policy: ECC disabled, Data cache writealloc Feb 14 01:00:11 kernel: MPCORE found at 19020000 Feb 14 01:00:11 kernel: PERCPU: Embedded 7 pages/cpu @c8215000 s5472 r8192 d15008 u65536 Feb 14 01:00:11 kernel: pcpu-alloc: s5472 r8192 d15008 u65536 alloc=16*4096 Feb 14 01:00:11 kernel: pcpu-alloc: [0] 0 [0] 1 Feb 14 01:00:11 kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60416 Feb 14 01:00:11 kernel: Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 init=/sbin/preinit earlyprintk debug Feb 14 01:00:11 kernel: PID hash table entries: 1024 (order: 0, 4096 bytes) Feb 14 01:00:11 kernel: Dentry cache hash table entries: 32768 (order: 5, 131072 bytes) Feb 14 01:00:11 kernel: Inode-cache hash table entries: 16384 (order: 4, 65536 bytes) Feb 14 01:00:11 kernel: Memory: 128MB 128MB = 256MB total Feb 14 01:00:11 kernel: Memory: 255488k/255488k available, 6656k reserved, 0K highmem Feb 14 01:00:11 kernel: Virtual kernel memory layout: Feb 14 01:00:11 kernel: vector : 0xffff0000 - 0xffff1000 ( 4 kB) Feb 14 01:00:11 kernel: fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB) Feb 14 01:00:11 kernel: DMA : 0xf7e00000 - 0xffe00000 ( 128 MB) Feb 14 01:00:11 kernel: vmalloc : 0xd0800000 - 0xf0000000 ( 504 MB) Feb 14 01:00:11 kernel: lowmem : 0xc0000000 - 0xd0000000 ( 256 MB) Feb 14 01:00:11 kernel: modules : 0xbf000000 - 0xc0000000 ( 16 MB) Feb 14 01:00:11 kernel: .init : 0xc0008000 - 0xc003d000 ( 212 kB) Feb 14 01:00:11 kernel: .text : 0xc003d000 - 0xc03aa000 (3508 kB) Feb 14 01:00:11 kernel: .data : 0xc03c2000 - 0xc03e52e0 ( 141 kB) Feb 14 01:00:11 kernel: SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 Feb 14 01:00:11 kernel: Hierarchical RCU implementation. Feb 14 01:00:11 kernel: RCU-based detection of stalled CPUs is disabled. Feb 14 01:00:11 kernel: Verbose stalled-CPUs detection is disabled. Feb 14 01:00:11 kernel: NR_IRQS:256 Feb 14 01:00:11 kernel: MPCORE GIC init Feb 14 01:00:11 kernel: External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored. Feb 14 01:00:11 kernel: MPCORE Global Timer Clock 500000000Hz Feb 14 01:00:11 kernel: Calibrating delay loop... 1998.84 BogoMIPS (lpj=9994240) Feb 14 01:00:11 kernel: pid_max: default: 32768 minimum: 301 Feb 14 01:00:11 kernel: Mount-cache hash table entries: 512 Feb 14 01:00:11 kernel: CPU: Testing write buffer coherency: ok Feb 14 01:00:11 kernel: MPCORE Private timer setup CPU0 Feb 14 01:00:11 kernel: Calibrating local timer... 499.816MHz. Feb 14 01:00:11 kernel: L310: cache controller enabled 16 ways, CACHE_ID 0x410000c8, AUX_CTRL 0x7a130000 Feb 14 01:00:11 kernel: CPU1: Booted secondary processor Feb 14 01:00:11 kernel: MPCORE Private timer setup CPU1 Feb 14 01:00:11 kernel: Brought up 2 CPUs Feb 14 01:00:11 kernel: SMP: Total of 2 processors activated (3997.69 BogoMIPS). Feb 14 01:00:11 kernel: devtmpfs: initialized Feb 14 01:00:11 kernel: atomic64 test passed Feb 14 01:00:11 kernel: NET: Registered protocol family 16 Feb 14 01:00:11 kernel: Found a AMD NAND flash: Feb 14 01:00:11 kernel: Total size: 128MB Feb 14 01:00:11 kernel: Block size: 128KB Feb 14 01:00:11 kernel: Page Size: 2048B Feb 14 01:00:11 kernel: OOB Size: 64B Feb 14 01:00:11 kernel: Sector size: 512B Feb 14 01:00:11 kernel: Spare size: 16B Feb 14 01:00:11 kernel: ECC level: 8 (8-bit) Feb 14 01:00:11 kernel: Device ID: 0x 1 0xf1 0x80 0x1d 0x 1 0xf1 Feb 14 01:00:11 kernel: CCA UART Clock Config: Sel=1 Ovr=1 Div=48 Feb 14 01:00:11 kernel: CCA UART Clock rate 125000000Hz Feb 14 01:00:11 kernel: bio: create slab at 0 Feb 14 01:00:11 kernel: Switching to clocksource mpcore_gtimer Feb 14 01:00:11 kernel: NET: Registered protocol family 2 Feb 14 01:00:11 kernel: IP route cache hash table entries: 2048 (order: 1, 8192 bytes) Feb 14 01:00:11 kernel: TCP established hash table entries: 8192 (order: 4, 65536 bytes) Feb 14 01:00:11 kernel: TCP bind hash table entries: 8192 (order: 4, 98304 bytes) Feb 14 01:00:11 kernel: TCP: Hash tables configured (established 8192 bind 8192) Feb 14 01:00:11 kernel: TCP reno registered Feb 14 01:00:11 kernel: UDP hash table entries: 128 (order: 0, 4096 bytes) Feb 14 01:00:11 kernel: UDP-Lite hash table entries: 128 (order: 0, 4096 bytes) Feb 14 01:00:11 kernel: NET: Registered protocol family 1 Feb 14 01:00:11 kernel: PCI: no core Feb 14 01:00:11 kernel: PCI: no core Feb 14 01:00:11 kernel: PCI: scanning bus 0 Feb 14 01:00:11 kernel: PCI: Fixing up bus 0 Feb 14 01:00:11 kernel: PCIE1 link=1 Feb 14 01:00:11 kernel: PCIE1 switching to GEN2 Feb 14 01:00:11 kernel: PCIE1 link=1 Feb 14 01:00:11 kernel: PCI: Fixing up bus 0 Feb 14 01:00:11 kernel: PCI: bus0: Fast back to back transfers disabled Feb 14 01:00:11 kernel: PCI: Fixing up bus 1 Feb 14 01:00:11 kernel: PCI: bus1: Fast back to back transfers disabled Feb 14 01:00:11 kernel: pci 0001:00:00.0: BAR 8: assigned [mem 0x08000000-0x080fffff] Feb 14 01:00:11 kernel: pci 0001:01:00.0: BAR 0: assigned [mem 0x08000000-0x08007fff 64bit] Feb 14 01:00:11 kernel: pci 0001:01:00.0: BAR 0: set to [mem 0x08000000-0x08007fff 64bit] (PCI address [0x8000000-0x8007fff] Feb 14 01:00:11 kernel: pci 0001:00:00.0: PCI bridge to [bus 01-01] Feb 14 01:00:11 kernel: pci 0001:00:00.0: bridge window [io disabled] Feb 14 01:00:11 kernel: pci 0001:00:00.0: bridge window [mem 0x08000000-0x080fffff] Feb 14 01:00:11 kernel: pci 0001:00:00.0: bridge window [mem pref disabled] Feb 14 01:00:11 kernel: PCIE2 link=0 Feb 14 01:00:11 kernel: PCIE3 link=0 Feb 14 01:00:11 kernel: VFS: Disk quotas dquot_6.5.2 Feb 14 01:00:11 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) Feb 14 01:00:11 kernel: squashfs: version 4.0 (2009/01/31) Phillip Lougher Feb 14 01:00:11 kernel: fuse init (API version 7.15) Feb 14 01:00:11 kernel: msgmni has been set to 499 Feb 14 01:00:11 kernel: io scheduler noop registered (default) Feb 14 01:00:11 kernel: io scheduler deadline registered Feb 14 01:00:11 kernel: io scheduler cfq registered Feb 14 01:00:11 kernel: Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled Feb 14 01:00:11 kernel: serial8250.0: ttyS0 at MMIO 0x18000300 (irq = 117) is a 16550 Feb 14 01:00:11 kernel: console [ttyS0] enabled, bootconsole disabled Feb 14 01:00:11 kernel: serial8250.0: ttyS1 at MMIO 0x18000400 (irq = 117) is a 16550 Feb 14 01:00:11 kernel: brd: module loaded Feb 14 01:00:11 kernel: loop: module loaded Feb 14 01:00:11 kernel: pflash: found no supported devices Feb 14 01:00:11 kernel: bcmsflash: found no supported devices Feb 14 01:00:11 kernel: Boot partition size = 524288(0x80000) Feb 14 01:00:11 kernel: lookup_nflash_rootfs_offset: offset = 0x200000 Feb 14 01:00:11 kernel: nflash: squash filesystem with lzma found at block 28 Feb 14 01:00:11 kernel: Creating 4 MTD partitions on "nflash": Feb 14 01:00:11 kernel: 0x000000000000-0x000000080000 : "boot" Feb 14 01:00:11 kernel: 0x000000080000-0x000000200000 : "nvram" Feb 14 01:00:11 kernel: 0x000000200000-0x000004000000 : "linux" Feb 14 01:00:11 kernel: 0x00000039dd14-0x000004000000 : "rootfs" Feb 14 01:00:11 kernel: PPP generic driver version 2.4.2 Feb 14 01:00:11 kernel: PPP MPPE Compression module registered Feb 14 01:00:11 kernel: NET: Registered protocol family 24 Feb 14 01:00:11 kernel: PPTP driver version 0.8.5 Feb 14 01:00:11 kernel: Mirror/redirect action on Feb 14 01:00:11 kernel: u32 classifier Feb 14 01:00:11 kernel: Performance counters on Feb 14 01:00:11 kernel: Actions configured Feb 14 01:00:11 kernel: Netfilter messages via NETLINK v0.30. Feb 14 01:00:11 kernel: nf_conntrack version 0.5.0 (3992 buckets, 15968 max) Feb 14 01:00:11 kernel: xt_time: kernel timezone is -0000 Feb 14 01:00:11 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Feb 14 01:00:11 kernel: TCP cubic registered Feb 14 01:00:11 kernel: NET: Registered protocol family 10 Feb 14 01:00:11 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team Feb 14 01:00:11 kernel: NET: Registered protocol family 17 Feb 14 01:00:11 kernel: L2TP core driver, V2.0 Feb 14 01:00:11 kernel: PPPoL2TP kernel driver, V2.0 Feb 14 01:00:11 kernel: 802.1Q VLAN Support v1.8 Ben Greear Feb 14 01:00:11 kernel: All bugs added by David S. Miller Feb 14 01:00:11 kernel: Registering the dns_resolver key type Feb 14 01:00:11 kernel: Northstar brcmnand NAND Flash Controller driver, Version 0.1 (c) Broadcom Inc. 2012 Feb 14 01:00:11 kernel: NAND device: Manufacturer ID: 0x01, Chip ID: 0xf1 (AMD NAND 128MiB 3,3V 8-bit) Feb 14 01:00:11 kernel: Spare area=64 eccbytes 56, ecc bytes located at: Feb 14 01:00:11 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63 Feb 14 01:00:11 kernel: Available 7 bytes at (off,len): Feb 14 01:00:11 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0) Feb 14 01:00:11 kernel: Scanning device for bad blocks Feb 14 01:00:11 kernel: Options: NO_AUTOINCR,NO_READRDY,BBT_SCAN2NDPAGE, Feb 14 01:00:11 kernel: Creating 2 MTD partitions on "brcmnand": Feb 14 01:00:11 kernel: 0x000004000000-0x000007ec0000 : "brcmnand" Feb 14 01:00:11 kernel: 0x000007ec0000-0x000008000000 : "asus" Feb 14 01:00:11 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3. Feb 14 01:00:11 kernel: devtmpfs: mounted Feb 14 01:00:11 kernel: Freeing init memory: 212K Feb 14 01:00:11 kernel: ctf: module license 'Proprietary' taints kernel. Feb 14 01:00:11 kernel: Disabling lock debugging due to kernel taint Feb 14 01:00:11 kernel: et_module_init: passivemode set to 0x0 Feb 14 01:00:11 kernel: et_module_init: txworkq set to 0x1 Feb 14 01:00:11 kernel: et_module_init: et_txq_thresh set to 0xce4 Feb 14 01:00:11 kernel: ================= Feb 14 01:00:11 kernel: robo chk regs: Feb 14 01:00:11 kernel: =================== Feb 14 01:00:11 kernel: (0x00,0x5d)Port 5 States Override: 0xfb Feb 14 01:00:11 kernel: (0x00,0x5f)Port 7 States Override: 0xfb Feb 14 01:00:11 kernel: (0x00,0x0e)Port 8 States Override: 0x0a Feb 14 01:00:11 kernel: (0x00,0x08)Port 8 IMP Control Register: 0x00 Feb 14 01:00:11 kernel: (0x02,0x00) Global Management Config: 0x00 Feb 14 01:00:11 kernel: (0x02,0x00) 802.1Q VLAN Control 5: 0x00 Feb 14 01:00:11 kernel: (0x02,0x03) BRCM HDR Control Register: 0x00 Feb 14 01:00:11 kernel: (0x00,0x0b) Switch Mode Register: 0x06 Feb 14 01:00:11 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.14.126 (r561982) Feb 14 01:00:11 kernel: et_probe: mvlan vid[0]: 0 Feb 14 01:00:11 kernel: et_probe: mvlan vid[1]: 0 Feb 14 01:00:11 kernel: et_probe: mvlan en 0 Feb 14 01:00:11 kernel: wl_module_init: passivemode set to 0x0 Feb 14 01:00:11 kernel: wl_module_init: igs set to 0x0 Feb 14 01:00:11 kernel: wl_module_init: txworkq set to 0x1 Feb 14 01:00:11 kernel: eth1: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982) Feb 14 01:00:11 kernel: usbcore: registered new interface driver usbfs Feb 14 01:00:11 kernel: usbcore: registered new interface driver hub Feb 14 01:00:11 kernel: usbcore: registered new device driver usb Feb 14 01:00:11 kernel: xhci_hcd 0000:00:0c.0: xHCI Host Controller Feb 14 01:00:11 kernel: xhci_hcd 0000:00:0c.0: new USB bus registered, assigned bus number 1 Feb 14 01:00:11 kernel: xhci_hcd 0000:00:0c.0: irq 112, io mem 0x18023000 Feb 14 01:00:11 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X Feb 14 01:00:11 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry Feb 14 01:00:11 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values Feb 14 01:00:11 kernel: hub 1-0:1.0: USB hub found Feb 14 01:00:11 kernel: hub 1-0:1.0: 1 port detected Feb 14 01:00:11 kernel: [xhci-hub] usb2mode:[0] Feb 14 01:00:11 kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Feb 14 01:00:11 kernel: ehci_hcd 0000:00:0b.1: EHCI Host Controller Feb 14 01:00:11 kernel: ehci_hcd 0000:00:0b.1: new USB bus registered, assigned bus number 2 Feb 14 01:00:11 kernel: ehci_hcd 0000:00:0b.1: irq 111, io mem 0x18021000 Feb 14 01:00:11 kernel: ehci_hcd 0000:00:0b.1: USB 0.0 started, EHCI 1.00 Feb 14 01:00:11 kernel: hub 2-0:1.0: USB hub found Feb 14 01:00:11 kernel: hub 2-0:1.0: 2 ports detected Feb 14 01:00:11 kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Feb 14 01:00:11 kernel: ohci_hcd 0000:00:0b.0: OHCI Host Controller Feb 14 01:00:11 kernel: ohci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 3 Feb 14 01:00:11 kernel: ohci_hcd 0000:00:0b.0: irq 111, io mem 0x18022000 Feb 14 01:00:11 kernel: hub 3-0:1.0: USB hub found Feb 14 01:00:11 kernel: hub 3-0:1.0: 2 ports detected Feb 14 01:00:11 kernel: usbcore: registered new interface driver cdc_acm Feb 14 01:00:11 kernel: cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters Feb 14 01:00:11 kernel: usbcore: registered new interface driver asix Feb 14 01:00:11 kernel: usbcore: registered new interface driver cdc_ether Feb 14 01:00:11 kernel: usbcore: registered new interface driver rndis_host Feb 14 01:00:11 kernel: cdc_ncm: 14-Mar-2012 Feb 14 01:00:11 kernel: usbcore: registered new interface driver cdc_ncm Feb 14 01:00:11 kernel: usbcore: registered new interface driver cdc_wdm Feb 14 01:00:11 kernel: usbcore: registered new interface driver qmi_wwan Feb 14 01:00:11 kernel: cdc_mbim: loaded Feb 14 01:00:11 kernel: usbcore: registered new interface driver cdc_mbim Feb 14 01:00:11 kernel: JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Feb 14 01:00:11 kernel: et1: et_mvlan_netdev_event: event 16 for vlan1 mvlan_en 0 Feb 14 01:00:11 kernel: et1: et_mvlan_netdev_event: event 5 for vlan1 mvlan_en 0 Feb 14 01:00:11 kernel: et1: et_mvlan_netdev_event: event 16 for vlan2 mvlan_en 0 Feb 14 01:00:11 kernel: et1: et_mvlan_netdev_event: event 5 for vlan2 mvlan_en 0 Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 6 for vlan2 mvlan_en 0 Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 17 for vlan2 mvlan_en 0 Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 16 for vlan6 mvlan_en 0 Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 5 for vlan6 mvlan_en 0 Feb 14 01:00:12 kernel: Interface br0 doesn't exist Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 13 for vlan1 mvlan_en 0 Feb 14 01:00:12 kernel: et1: et_mvlan_netdev_event: event 1 for vlan1 mvlan_en 0 Feb 14 01:00:12 kernel: device vlan1 entered promiscuous mode Feb 14 01:00:12 kernel: device eth0 entered promiscuous mode Feb 14 01:00:12 kernel: device eth1 entered promiscuous mode Feb 14 01:00:12 kernel: br0: topology change detected, propagating Feb 14 01:00:12 kernel: br0: port 2(eth1) entering forwarding state Feb 14 01:00:12 kernel: br0: port 2(eth1) entering forwarding state Feb 14 01:00:12 kernel: br0: topology change detected, propagating Feb 14 01:00:12 kernel: br0: port 1(vlan1) entering forwarding state Feb 14 01:00:12 kernel: br0: port 1(vlan1) entering forwarding state Feb 14 01:00:13 nat: apply redirect rules Feb 14 01:00:13 qcsapi: write qcsapi conf ok Feb 14 01:00:18 WAN_Connection: Fail to connect with some issues. Feb 14 01:00:22 dropbear[271]: Running in background Feb 14 01:00:26 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add. Feb 14 01:00:26 dnsmasq[293]: started, version 2.78 cachesize 1500 Feb 14 01:00:26 dnsmasq[293]: warning: no upstream servers configured Feb 14 01:00:26 dnsmasq[293]: asynchronous logging enabled, queue limit is 5 messages Feb 14 01:00:26 dnsmasq-dhcp[293]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d Feb 14 01:00:26 dnsmasq[293]: read /etc/hosts - 5 addresses Feb 14 01:00:26 RT-AC87U: start httpd:80 Feb 14 01:00:27 snooper[309]: started on vlan1@br0 Feb 14 01:00:27 NAT_Tunnel: AAE Service is stopped Feb 14 01:00:27 httpd: Generating SSL certificate... Feb 14 01:00:27 disk_monitor: be idle Feb 14 01:00:27 AAE: AAE Service is started Feb 14 01:00:27 hour_monitor: daemon is starting Feb 14 01:00:27 hour_monitor: daemon terminates Feb 14 01:00:27 jffs2: valid logs(1) Feb 14 01:00:27 Mastiff: init Feb 14 01:00:27 wan: [wan0_hwaddr] == [08:62:66:8E:6C:20] Feb 14 01:00:27 kernel: et1: et_mvlan_netdev_event: event 8 for vlan6 mvlan_en 0 Feb 14 01:00:27 kernel: et1: et_mvlan_netdev_event: event 13 for vlan6 mvlan_en 0 Feb 14 01:00:27 kernel: et1: et_mvlan_netdev_event: event 1 for vlan6 mvlan_en 0 Feb 14 01:00:27 pppd[363]: Plugin rp-pppoe.so loaded. Feb 14 01:00:27 pppd[363]: RP-PPPoE plugin version 3.11 compiled against pppd 2.4.7 Feb 14 01:00:27 pppd[382]: pppd 2.4.7 started by admin, uid 0 Feb 14 01:00:27 pppd[382]: PPP session is 27913 (0x6d09) Feb 14 01:00:27 pppd[382]: Connected to 10:51:72:23:32:7e via interface vlan6 Feb 14 01:00:27 pppd[382]: Using interface ppp0 Feb 14 01:00:27 pppd[382]: Connect: ppp0 <--> vlan6 Feb 14 01:00:27 pppd[382]: Remote message: Authentication success,Welcome! Feb 14 01:00:27 pppd[382]: PAP authentication succeeded Feb 14 01:00:27 pppd[382]: peer from calling number 10:51:72:23:32:7E authorized Feb 14 01:00:28 pppd[382]: local IP address 86.89.90.159 Feb 14 01:00:28 pppd[382]: remote IP address 195.190.228.41 Feb 14 01:00:28 pppd[382]: primary DNS address 195.121.1.34 Feb 14 01:00:28 pppd[382]: secondary DNS address 195.121.1.66 Feb 14 01:00:28 custom_script: Running /jffs/scripts/wan-start (args: 0) Feb 14 01:00:28 rc_service: ip-up 398:notify_rc start_firewall Feb 14 01:00:28 dnsmasq[293]: read /etc/hosts - 5 addresses Feb 14 01:00:28 dnsmasq[293]: using nameserver 195.121.1.66#53 Feb 14 01:00:28 dnsmasq[293]: using nameserver 195.121.1.34#53 Feb 14 01:00:28 wan: finish adding multi routes Feb 14 01:00:28 rc_service: ip-up 398:notify_rc stop_upnp Feb 14 01:00:28 rc_service: waitting "start_firewall" via ip-up ... Feb 14 01:00:28 WAN_Connection: WAN was restored. Feb 14 01:00:28 dnsmasq[293]: read /etc/hosts - 5 addresses Feb 14 01:00:28 dnsmasq[293]: using nameserver 195.121.1.66#53 Feb 14 01:00:28 dnsmasq[293]: using nameserver 195.121.1.34#53 Feb 14 01:00:29 kernel: SCSI subsystem initialized Feb 14 01:00:29 kernel: csw_retry 100 Feb 14 01:00:29 kernel: Initializing USB Mass Storage driver... Feb 14 01:00:29 kernel: usbcore: registered new interface driver usb-storage Feb 14 01:00:29 kernel: USB Mass Storage support registered. Feb 14 01:00:29 kernel: Tuxera FAT 12/16/32 driver version 3015.1.29.5_1 [Flags: R/W MODULE]. Feb 14 01:00:29 kernel: Built against headers 2.6.36.4brcmarm #1 SMP PREEMPT Wed Dec 2 11:17:39 CST 2015 arm Feb 14 01:00:29 kernel: Running on kernel 2.6.36.4brcmarm #1 SMP PREEMPT Sat May 12 22:04:16 EDT 2018 armv7l Feb 14 01:00:30 kernel: Tuxera NTFS driver 3015.1.29.8_1 [Flags: R/W MODULE]. Feb 14 01:00:30 kernel: Tuxera HFS+ driver 3014.7.28 Feb 14 01:00:30 kernel: usbcore: registered new interface driver usblp Feb 14 01:00:31 nat: apply nat rules (/tmp/nat_rules_ppp0_vlan6) Feb 14 01:00:31 custom_script: Running /jffs/scripts/nat-start Feb 14 01:00:31 ntp: start NTP update Aug 9 21:33:32 rc_service: ntp 417:notify_rc restart_diskmon Aug 9 21:33:32 rc_service: waitting "start_firewall" via ip-up ... Aug 9 21:33:33 kernel: nf_conntrack_rtsp v0.6.21 loading Aug 9 21:33:33 kernel: nf_nat_rtsp v0.6.21 loading Aug 9 21:33:33 nat: apply nat rules (/tmp/nat_rules_ppp0_vlan6) Aug 9 21:33:33 custom_script: Running /jffs/scripts/nat-start Aug 9 21:33:34 disk_monitor: Finish Aug 9 21:33:34 pppd[382]: System time change detected. Aug 9 21:33:35 rc_service: ip-up 398:notify_rc start_upnp Aug 9 21:33:35 rc_service: waitting "stop_upnp" via ip-up ... Aug 9 21:33:35 disk_monitor: be idle Aug 9 21:33:37 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 28:6c:07:11:2a:7b Aug 9 21:33:37 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.136 28:6c:07:11:2a:7b Aug 9 21:33:40 rc_service: zcip 561:notify_rc start_firewall Aug 9 21:33:40 udpxy[565]: udpxy 1.0-23.10 (prod) standard [Linux 2.6.36.4brcmarm armv7l] is starting Aug 9 21:33:40 custom_config: Using custom /jffs/configs/igmpproxy.conf config file. Aug 9 21:33:41 nat: apply nat rules (/tmp/nat_rules_ppp0_vlan6) Aug 9 21:33:41 custom_script: Running /jffs/scripts/nat-start Aug 9 21:33:41 igmpproxy[571]: There must be at least 2 Vif's where one is upstream. Aug 9 21:33:41 zcip_client: configured 169.254.199.72 Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 28:6c:07:11:29:36 Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.248 28:6c:07:11:29:36 Aug 9 21:33:41 dnsmasq[293]: read /etc/hosts - 5 addresses Aug 9 21:33:41 dnsmasq[293]: using nameserver 195.121.1.66#53 Aug 9 21:33:41 dnsmasq[293]: using nameserver 195.121.1.34#53 Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.136 28:6c:07:11:2a:7b Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.136 28:6c:07:11:2a:7b yeelink-light-color1_miio48260752 Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 28:6c:07:11:29:36 Aug 9 21:33:41 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.248 28:6c:07:11:29:36 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 54:27:1e:5a:57:3d Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.113 54:27:1e:5a:57:3d Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.136 28:6c:07:11:2a:7b Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.136 28:6c:07:11:2a:7b yeelink-light-color1_miio48260752 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.248 28:6c:07:11:29:36 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.248 28:6c:07:11:29:36 yeelink-light-color1_miio48260427 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 54:27:1e:5a:57:3d Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.113 54:27:1e:5a:57:3d Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.248 28:6c:07:11:29:36 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.248 28:6c:07:11:29:36 yeelink-light-color1_miio48260427 Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.113 54:27:1e:5a:57:3d Aug 9 21:33:45 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.113 54:27:1e:5a:57:3d eneco-001-068163 Aug 9 21:33:56 qtn: bootcfg.tgz exists Aug 9 21:33:58 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 54:27:1e:5a:57:3d Aug 9 21:33:58 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.113 54:27:1e:5a:57:3d Aug 9 21:33:58 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.113 54:27:1e:5a:57:3d Aug 9 21:33:58 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.113 54:27:1e:5a:57:3d eneco-001-068163 Aug 9 21:34:01 crond[300]: time disparity of 780213 minutes detected Aug 9 21:34:05 channel_scan: start scan[1] Aug 9 21:34:05 channel_scan: complete Aug 9 21:35:51 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 3c:bd:3e:70:e4:47 Aug 9 21:35:51 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.47 3c:bd:3e:70:e4:47 Aug 9 21:35:51 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.47 3c:bd:3e:70:e4:47 Aug 9 21:35:51 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.47 3c:bd:3e:70:e4:47 Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 04:d6:aa:5d:ed:7a Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.250 04:d6:aa:5d:ed:7a Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPDISCOVER(br0) 04:d6:aa:5d:ed:7a Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPOFFER(br0) 192.168.1.250 04:d6:aa:5d:ed:7a Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPREQUEST(br0) 192.168.1.250 04:d6:aa:5d:ed:7a Aug 9 21:36:05 dnsmasq-dhcp[293]: DHCPACK(br0) 192.168.1.250 04:d6:aa:5d:ed:7a Galaxy-S8
          WireGuard «придет» в ядро Linux — почему?      Cache   Translate Page   Web Page Cache   
В конце июля разработчики VPN-туннеля WireGuard предложили набор патчей, которые сделают их ПО для организации VPN-туннелей частью ядра Linux. Однако точная дата реализации «задумки» пока остается неизвестной. Под катом поговорим об этом инструменте подробнее.

Читать дальше →
          Linux Kernel Expectations For AMD Threadripper 2      Cache   Translate Page   Web Page Cache   
If you have already pre-ordered your AMD Threadripper 2990WX processor or just planning to be an early customer of that high-end desktop processor or the Threadripper 2950X, you may be wondering about Linux requirements from these new high-end AMD CPU offerings. Here's the gist of the Linux support state of AMD Zen+ CPUs for those wanting to get ready for Threadripper 2...
          Obtaining various frequency level of cpu for Raspberry Pi 3 via building kernel file      Cache   Translate Page   Web Page Cache   
As you can see from the picture, when I focus on the available frequency steps I have just 2 available frequency steps ( 600MHz and 1200MHz ). I wanna multiply frequency values. For example, it has 400 MHz,600MHz, 800MHz, 1000MHz and 1200MHz, instead of 700 MHz and 1200MHz... (Budget: £20 - £250 GBP, Jobs: Computer Help, Computer Science, Electronics, Linux, Raspberry Pi)
          Comment on Performance shootout: Apple’s 15-inch MacBook Pro (2018) vs. Dell’s XPS 15 by Paul      Cache   Translate Page   Web Page Cache   
MDN take is perfect example of selective reading. Everyone else will see that Dell offers equal or far superior (GPU) performance and quality for a lower price. There was a time that MacOS was the more efficient OS to use. Not so much anymore. The sole advantage Apple has is a secure UNIX kernel. But so does LINUX. Apple had better stop mailing it in if it wants formerly loyal Mac owners to remain in the fold. Premium prices need to come with premium performance.
          IoT ripe for SegmentSmack Linux kernel security vulnerability      Cache   Translate Page   Web Page Cache   
none
          Phoronix: Linux Kernel Expectations For AMD Threadripper 2      Cache   Translate Page   Web Page Cache   
If you have already pre-ordered your AMD Threadripper 2990WX processor or just planning to be an early customer of that high-end desktop processor or the Threadripper 2950X, you may be wondering about Linux requirements from these new high-end AMD CPU offerings. Here's the gist of the Linux support state of AMD Zen+ CPUs for those wanting to get ready for Threadripper 2...


Next Page: 10000

Site Map 2018_01_14
Site Map 2018_01_15
Site Map 2018_01_16
Site Map 2018_01_17
Site Map 2018_01_18
Site Map 2018_01_19
Site Map 2018_01_20
Site Map 2018_01_21
Site Map 2018_01_22
Site Map 2018_01_23
Site Map 2018_01_24
Site Map 2018_01_25
Site Map 2018_01_26
Site Map 2018_01_27
Site Map 2018_01_28
Site Map 2018_01_29
Site Map 2018_01_30
Site Map 2018_01_31
Site Map 2018_02_01
Site Map 2018_02_02
Site Map 2018_02_03
Site Map 2018_02_04
Site Map 2018_02_05
Site Map 2018_02_06
Site Map 2018_02_07
Site Map 2018_02_08
Site Map 2018_02_09
Site Map 2018_02_10
Site Map 2018_02_11
Site Map 2018_02_12
Site Map 2018_02_13
Site Map 2018_02_14
Site Map 2018_02_15
Site Map 2018_02_15
Site Map 2018_02_16
Site Map 2018_02_17
Site Map 2018_02_18
Site Map 2018_02_19
Site Map 2018_02_20
Site Map 2018_02_21
Site Map 2018_02_22
Site Map 2018_02_23
Site Map 2018_02_24
Site Map 2018_02_25
Site Map 2018_02_26
Site Map 2018_02_27
Site Map 2018_02_28
Site Map 2018_03_01
Site Map 2018_03_02
Site Map 2018_03_03
Site Map 2018_03_04
Site Map 2018_03_05
Site Map 2018_03_06
Site Map 2018_03_07
Site Map 2018_03_08
Site Map 2018_03_09
Site Map 2018_03_10
Site Map 2018_03_11
Site Map 2018_03_12
Site Map 2018_03_13
Site Map 2018_03_14
Site Map 2018_03_15
Site Map 2018_03_16
Site Map 2018_03_17
Site Map 2018_03_18
Site Map 2018_03_19
Site Map 2018_03_20
Site Map 2018_03_21
Site Map 2018_03_22
Site Map 2018_03_23
Site Map 2018_03_24
Site Map 2018_03_25
Site Map 2018_03_26
Site Map 2018_03_27
Site Map 2018_03_28
Site Map 2018_03_29
Site Map 2018_03_30
Site Map 2018_03_31
Site Map 2018_04_01
Site Map 2018_04_02
Site Map 2018_04_03
Site Map 2018_04_04
Site Map 2018_04_05
Site Map 2018_04_06
Site Map 2018_04_07
Site Map 2018_04_08
Site Map 2018_04_09
Site Map 2018_04_10
Site Map 2018_04_11
Site Map 2018_04_12
Site Map 2018_04_13
Site Map 2018_04_14
Site Map 2018_04_15
Site Map 2018_04_16
Site Map 2018_04_17
Site Map 2018_04_18
Site Map 2018_04_19
Site Map 2018_04_20
Site Map 2018_04_21
Site Map 2018_04_22
Site Map 2018_04_23
Site Map 2018_04_24
Site Map 2018_04_25
Site Map 2018_04_26
Site Map 2018_04_27
Site Map 2018_04_28
Site Map 2018_04_29
Site Map 2018_04_30
Site Map 2018_05_01
Site Map 2018_05_02
Site Map 2018_05_03
Site Map 2018_05_04
Site Map 2018_05_05
Site Map 2018_05_06
Site Map 2018_05_07
Site Map 2018_05_08
Site Map 2018_05_09
Site Map 2018_05_15
Site Map 2018_05_16
Site Map 2018_05_17
Site Map 2018_05_18
Site Map 2018_05_19
Site Map 2018_05_20
Site Map 2018_05_21
Site Map 2018_05_22
Site Map 2018_05_23
Site Map 2018_05_24
Site Map 2018_05_25
Site Map 2018_05_26
Site Map 2018_05_27
Site Map 2018_05_28
Site Map 2018_05_29
Site Map 2018_05_30
Site Map 2018_05_31
Site Map 2018_06_01
Site Map 2018_06_02
Site Map 2018_06_03
Site Map 2018_06_04
Site Map 2018_06_05
Site Map 2018_06_06
Site Map 2018_06_07
Site Map 2018_06_08
Site Map 2018_06_09
Site Map 2018_06_10
Site Map 2018_06_11
Site Map 2018_06_12
Site Map 2018_06_13
Site Map 2018_06_14
Site Map 2018_06_15
Site Map 2018_06_16
Site Map 2018_06_17
Site Map 2018_06_18
Site Map 2018_06_19
Site Map 2018_06_20
Site Map 2018_06_21
Site Map 2018_06_22
Site Map 2018_06_23
Site Map 2018_06_24
Site Map 2018_06_25
Site Map 2018_06_26
Site Map 2018_06_27
Site Map 2018_06_28
Site Map 2018_06_29
Site Map 2018_06_30
Site Map 2018_07_01
Site Map 2018_07_02
Site Map 2018_07_03
Site Map 2018_07_04
Site Map 2018_07_05
Site Map 2018_07_06
Site Map 2018_07_07
Site Map 2018_07_08
Site Map 2018_07_09
Site Map 2018_07_10
Site Map 2018_07_11
Site Map 2018_07_12
Site Map 2018_07_13
Site Map 2018_07_14
Site Map 2018_07_15
Site Map 2018_07_16
Site Map 2018_07_17
Site Map 2018_07_18
Site Map 2018_07_19
Site Map 2018_07_20
Site Map 2018_07_21
Site Map 2018_07_22
Site Map 2018_07_23
Site Map 2018_07_24
Site Map 2018_07_25
Site Map 2018_07_26
Site Map 2018_07_27
Site Map 2018_07_28
Site Map 2018_07_29
Site Map 2018_07_30
Site Map 2018_07_31
Site Map 2018_08_01
Site Map 2018_08_02
Site Map 2018_08_03
Site Map 2018_08_04
Site Map 2018_08_05
Site Map 2018_08_06
Site Map 2018_08_07
Site Map 2018_08_08
Site Map 2018_08_09