lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 4 Dec 2022 11:10:24 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     linux-kernel@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        linux-doc@...r.kernel.org
Subject: Re: [PATCH] Documentation: admin: move OOO entries in
 kernel-parameters.txt

On Sat, Dec 03, 2022 at 05:30:50PM -0800, Randy Dunlap wrote:
> Do not backport.

Why? Why don't you want this to be AUTOSEL-ed for stable?

> diff -- a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -378,18 +378,16 @@
>  	autoconf=	[IPV6]
>  			See Documentation/networking/ipv6.rst.
>  
> -	show_lapic=	[APIC,X86] Advanced Programmable Interrupt Controller
> -			Limit apic dumping. The parameter defines the maximal
> -			number of local apics being dumped. Also it is possible
> -			to set it to "all" by meaning -- no limit here.
> -			Format: { 1 (default) | 2 | ... | all }.
> -			The parameter valid if only apic=debug or
> -			apic=verbose is specified.
> -			Example: apic=debug show_lapic=all
> -
>  	apm=		[APM] Advanced Power Management
>  			See header of arch/x86/kernel/apm_32.c.
>  
> +	apparmor=	[APPARMOR] Disable or enable AppArmor at boot time
> +			Format: { "0" | "1" }
> +			See security/apparmor/Kconfig help text
> +			0 -- disable.
> +			1 -- enable.
> +			Default value is set via kernel config option.
> +
>  	arcrimi=	[HW,NET] ARCnet - "RIM I" (entirely mem-mapped) cards
>  			Format: <io>,<irq>,<nodeID>
>  
> @@ -1045,26 +1043,12 @@
>  			can be useful when debugging issues that require an SLB
>  			miss to occur.
>  
> -	stress_slb	[PPC]
> -			Limits the number of kernel SLB entries, and flushes
> -			them frequently to increase the rate of SLB faults
> -			on kernel addresses.
> -
> -	stress_hpt	[PPC]
> -			Limits the number of kernel HPT entries in the hash
> -			page table to increase the rate of hash page table
> -			faults on kernel addresses.
> -
>  	disable=	[IPV6]
>  			See Documentation/networking/ipv6.rst.
>  
>  	disable_radix	[PPC]
>  			Disable RADIX MMU mode on POWER9
>  
> -	radix_hcall_invalidate=on  [PPC/PSERIES]
> -			Disable RADIX GTSE feature and use hcall for TLB
> -			invalidate.
> -
>  	disable_tlbie	[PPC]
>  			Disable TLBIE instruction. Currently does not work
>  			with KVM, with HASH MMU, or with coherent accelerators.
> @@ -1166,16 +1150,6 @@
>  			Documentation/admin-guide/dynamic-debug-howto.rst
>  			for details.
>  
> -	nopku		[X86] Disable Memory Protection Keys CPU feature found
> -			in some Intel CPUs.
> -
> -	<module>.async_probe[=<bool>] [KNL]
> -			If no <bool> value is specified or if the value
> -			specified is not a valid <bool>, enable asynchronous
> -			probe on this module.  Otherwise, enable/disable
> -			asynchronous probe on this module as indicated by the
> -			<bool> value. See also: module.async_probe
> -
>  	early_ioremap_debug [KNL]
>  			Enable debug messages in early_ioremap support. This
>  			is useful for tracking down temporary early mappings
> @@ -1791,12 +1765,6 @@
>  				      which allow the hypervisor to 'idle' the
>  				      guest on lock contention.
>  
> -	keep_bootcon	[KNL]
> -			Do not unregister boot console at start. This is only
> -			useful for debugging when something happens in the window
> -			between unregistering the boot console and initializing
> -			the real console.
> -
>  	i2c_bus=	[HW]	Override the default board specific I2C bus speed
>  				or register an additional I2C bus that is not
>  				registered from board initialization code.
> @@ -2366,17 +2334,18 @@
>  	js=		[HW,JOY] Analog joystick
>  			See Documentation/input/joydev/joystick.rst.
>  
> -	nokaslr		[KNL]
> -			When CONFIG_RANDOMIZE_BASE is set, this disables
> -			kernel and module base offset ASLR (Address Space
> -			Layout Randomization).
> -
>  	kasan_multi_shot
>  			[KNL] Enforce KASAN (Kernel Address Sanitizer) to print
>  			report on every invalid memory access. Without this
>  			parameter KASAN will print report only for the first
>  			invalid access.
>  
> +	keep_bootcon	[KNL]
> +			Do not unregister boot console at start. This is only
> +			useful for debugging when something happens in the window
> +			between unregistering the boot console and initializing
> +			the real console.
> +
>  	keepinitrd	[HW,ARM]
>  
>  	kernelcore=	[KNL,X86,IA-64,PPC]
> @@ -3325,6 +3294,13 @@
>  			For details see:
>  			Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst
>  
> +	<module>.async_probe[=<bool>] [KNL]
> +			If no <bool> value is specified or if the value
> +			specified is not a valid <bool>, enable asynchronous
> +			probe on this module.  Otherwise, enable/disable
> +			asynchronous probe on this module as indicated by the
> +			<bool> value. See also: module.async_probe
> +
>  	module.async_probe=<bool>
>  			[KNL] When set to true, modules will use async probing
>  			by default. To enable/disable async probing for a
> @@ -3779,6 +3755,11 @@
>  
>  	nojitter	[IA-64] Disables jitter checking for ITC timers.
>  
> +	nokaslr		[KNL]
> +			When CONFIG_RANDOMIZE_BASE is set, this disables
> +			kernel and module base offset ASLR (Address Space
> +			Layout Randomization).
> +
>  	no-kvmclock	[X86,KVM] Disable paravirtualized KVM clock driver
>  
>  	no-kvmapf	[X86,KVM] Disable paravirtualized asynchronous page
> @@ -3824,6 +3805,19 @@
>  
>  	nopcid		[X86-64] Disable the PCID cpu feature.
>  
> +	nopku		[X86] Disable Memory Protection Keys CPU feature found
> +			in some Intel CPUs.
> +
> +	nopv=		[X86,XEN,KVM,HYPER_V,VMWARE]
> +			Disables the PV optimizations forcing the guest to run
> +			as generic guest with no PV drivers. Currently support
> +			XEN HVM, KVM, HYPER_V and VMWARE guest.
> +
> +	nopvspin	[X86,XEN,KVM]
> +			Disables the qspinlock slow path using PV optimizations
> +			which allow the hypervisor to 'idle' the guest on lock
> +			contention.
> +
>  	norandmaps	Don't use address space randomization.  Equivalent to
>  			echo 0 > /proc/sys/kernel/randomize_va_space
>  
> @@ -4591,6 +4585,10 @@
>  
>  	r128=		[HW,DRM]
>  
> +	radix_hcall_invalidate=on  [PPC/PSERIES]
> +			Disable RADIX GTSE feature and use hcall for TLB
> +			invalidate.
> +
>  	raid=		[HW,RAID]
>  			See Documentation/admin-guide/md.rst.
>  
> @@ -5572,13 +5570,6 @@
>  			1 -- enable.
>  			Default value is 1.
>  
> -	apparmor=	[APPARMOR] Disable or enable AppArmor at boot time
> -			Format: { "0" | "1" }
> -			See security/apparmor/Kconfig help text
> -			0 -- disable.
> -			1 -- enable.
> -			Default value is set via kernel config option.
> -
>  	serialnumber	[BUGS=X86-32]
>  
>  	sev=option[,option...] [X86-64] See Documentation/x86/x86_64/boot-options.rst
> @@ -5586,6 +5577,15 @@
>  	shapers=	[NET]
>  			Maximal number of shapers.
>  
> +	show_lapic=	[APIC,X86] Advanced Programmable Interrupt Controller
> +			Limit apic dumping. The parameter defines the maximal
> +			number of local apics being dumped. Also it is possible
> +			to set it to "all" by meaning -- no limit here.
> +			Format: { 1 (default) | 2 | ... | all }.
> +			The parameter valid if only apic=debug or
> +			apic=verbose is specified.
> +			Example: apic=debug show_lapic=all
> +
>  	simeth=		[IA-64]
>  	simscsi=
>  
> @@ -6025,6 +6025,16 @@
>  			be used to filter out binaries which have
>  			not yet been made aware of AT_MINSIGSTKSZ.
>  
> +	stress_hpt	[PPC]
> +			Limits the number of kernel HPT entries in the hash
> +			page table to increase the rate of hash page table
> +			faults on kernel addresses.
> +
> +	stress_slb	[PPC]
> +			Limits the number of kernel SLB entries, and flushes
> +			them frequently to increase the rate of SLB faults
> +			on kernel addresses.
> +
>  	sunrpc.min_resvport=
>  	sunrpc.max_resvport=
>  			[NFS,SUNRPC]
> @@ -6957,16 +6967,6 @@
>  			fairer and the number of possible event channels is
>  			much higher. Default is on (use fifo events).
>  
> -	nopv=		[X86,XEN,KVM,HYPER_V,VMWARE]
> -			Disables the PV optimizations forcing the guest to run
> -			as generic guest with no PV drivers. Currently support
> -			XEN HVM, KVM, HYPER_V and VMWARE guest.
> -
> -	nopvspin	[X86,XEN,KVM]
> -			Disables the qspinlock slow path using PV optimizations
> -			which allow the hypervisor to 'idle' the guest on lock
> -			contention.
> -
>  	xirc2ps_cs=	[NET,PCMCIA]
>  			Format:
>  			<irq>,<irq_mask>,<io>,<full_duplex>,<do_sound>,<lockup_hack>[,<irq2>[,<irq3>[,<irq4>]]]

LGTM, thanks!

Reviewed-by: Bagas Sanjaya <bagasdotme@...il.com>

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ