Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Find a file
Kentaro Takeda 9590837b89 Common functions for TOMOYO Linux.
This file contains common functions (e.g. policy I/O, pattern matching).

-------------------- About pattern matching --------------------

Since TOMOYO Linux is a name based access control, TOMOYO Linux seriously
considers "safe" string representation.

TOMOYO Linux's string manipulation functions make reviewers feel crazy,
but there are reasons why TOMOYO Linux needs its own string manipulation
functions.

----- Part 1 : preconditions -----

People definitely want to use wild card.

  To support pattern matching, we have to support wild card characters.

  In a typical Linux system, filenames are likely consists of only alphabets,
  numbers, and some characters (e.g. + - ~ . / ).
  But theoretically, the Linux kernel accepts all characters but NUL character
  (which is used as a terminator of a string).

    Some Linux systems can have filenames which contain * ? ** etc.

Therefore, we have to somehow modify string so that we can distinguish
wild card characters and normal characters.

  It might be possible for some application's configuration files to restrict
  acceptable characters.
  It is impossible for kernel to restrict acceptable characters.

    We can't accept approaches which will cause troubles for applications.

----- Part 2 : commonly used approaches -----

Text formatted strings separated by space character (0x20) and new line
character (0x0A) is more preferable for users over array of NUL-terminated
string.

  Thus, people use text formatted configuration files separated by space
  character and new line.

We sometimes need to handle non-printable characters.

  Thus, people use \ character (0x5C) as escape character and represent
  non-printable characters using octal or hexadecimal format.

At this point, we remind (at least) 3 approaches.

  (1) Shell glob style expression
  (2) POSIX regular expression (UNIX style regular expression)
  (3) Maverick wild card expression

On the surface, (1) and (2) sound good choices. But they have a big pitfall.
All meta-characters in (1) and (2) are legal characters for representing
a pathname, and users easily write incorrect expression. What is worse, users
unlikely notice incorrect expressions because characters used for regular
pathnames unlikely contain meta-characters. This incorrect use of
meta-characters in pathname representation reveals vulnerability
(e.g. unexpected results) only when irregular pathname is specified.

The authors of TOMOYO Linux think that approaches which adds some character
for interpreting meta-characters as normal characters (i.e. (1) and (2)) are
not suitable for security use.

Therefore, the authors of TOMOYO Linux propose (3).

----- Part 3: consideration points -----

We need to solve encoding problem.

  A single character can be represented in several ways using encodings.

    For Japanese language, there are "ShiftJIS", "ISO-2022-JP", "EUC-JP",
    "UTF-8" and more.

  Some languages (e.g. Japanese language) supports multi-byte characters
  (where a single character is represented using several bytes).

    Some multi-byte characters may match the escape character.

    For Japanese language, some characters in "ShiftJIS" encoding match
    \ character, and bothering Web's CGI developers.

  It is important that the kernel string is not bothered by encoding problem.

    Linus said, "I really would expect that kernel strings don't have
    an encoding. They're just C strings: a NUL-terminated stream of bytes."
    http://lkml.org/lkml/2007/11/6/142

    Yes. The kernel strings are just C strings.
    We are talking about how to store and carry "kernel strings" safely.

  If we store "kernel string" into policy file as-is, the "kernel string" will
  be interpreted differently depending on application's encoding settings.
  One application may interpret "kernel string" as "UTF-8",
  another application may interpret "kernel string" as "ShiftJIS".

    Therefore, we propose to represent strings using ASCII encoding.
    In this way, we are no longer bothered by encoding problems.

We need to avoid information loss caused by display.

  It is difficult to input and display non-printable characters, but we have to
  be able to handle such characters because the kernel string is a C string.

  If we use only ASCII printable characters (from 0x21 to 0x7E) and space
  character (0x20) and new line character (0x0A), it is easy to input from
  keyboard and display on all terminals which is running Linux.

  Therefore, we propose to represent strings using only characters which value
  is one of "from 0x21 to 0x7E", "0x20", "0x0A".

We need to consider ease of splitting strings from a line.

  If we use an approach which uses "\ " for representing a space character
  within a string, we have to count the string from the beginning to check
  whether this space character is accompanied with \ character or not.
  As a result, we cannot monotonically split a line using space character.

  If we use an approach which uses "\040" for representing a space character
  within a string, we can monotonically split a line using space character.

  If we use an approach which uses NUL character as a delimiter, we cannot
  use string manipulation functions for splitting strings from a line.

  Therefore, we propose that we represent space character as "\040".

We need to avoid wrong designations (incorrect use of special characters).

  Not all users can understand and utilize POSIX's regular expressions
  correctly and perfectly.

  If a character acts as a wild card by default, the user will get unexpected
  result if that user didn't know the meaning of that character.

    Therefore, we propose that all characters but \ character act as
    a normal character and let the user add \ character to make a character
    act as a wild card.

    In this way, users needn't to know all wild card characters beforehand.
    They can learn when they encountered an unseen wild card character
    for their first time.

----- Part 4: supported wild card expressions -----

At this point, we have wild card expressions listed below.

  +-----------+--------------------------------------------------------------+
  | Wild card | Meaning and example                                          |
  +-----------+--------------------------------------------------------------+
  |   \*      | More than or equals to 0 character other than '/'.           |
  |           |           /var/log/samba/\*                                  |
  +-----------+--------------------------------------------------------------+
  |   \@      | More than or equals to 0 character other than '/' or '.'.    |
  |           |           /var/www/html/\@.html                              |
  +-----------+--------------------------------------------------------------+
  |   \?      | 1 byte character other than '/'.                             |
  |           |           /tmp/mail.\?\?\?\?\?\?                             |
  +-----------+--------------------------------------------------------------+
  |   \$      | More than or equals to 1 decimal digit.                      |
  |           |           /proc/\$/cmdline                                   |
  +-----------+--------------------------------------------------------------+
  |   \+      | 1 decimal digit.                                             |
  |           |           /var/tmp/my_work.\+                                |
  +-----------+--------------------------------------------------------------+
  |   \X      | More than or equals to 1 hexadecimal digit.                  |
  |           |           /var/tmp/my-work.\X                                |
  +-----------+--------------------------------------------------------------+
  |   \x      | 1 hexadecimal digit.                                         |
  |           |           /tmp/my-work.\x                                    |
  +-----------+--------------------------------------------------------------+
  |   \A      | More than or equals to 1 alphabet character.                 |
  |           |           /var/log/my-work/\$-\A-\$.log                      |
  +-----------+--------------------------------------------------------------+
  |   \a      | 1 alphabet character.                                        |
  |           |           /home/users/\a/\*/public_html/\*.html              |
  +-----------+--------------------------------------------------------------+
  |   \-      | Pathname subtraction operator.                               |
  |           | +---------------------+------------------------------------+ |
  |           | | Example             | Meaning                            | |
  |           | +---------------------+------------------------------------+ |
  |           | | /etc/\*             | All files in /etc/ directory.      | |
  |           | +---------------------+------------------------------------+ |
  |           | | /etc/\*\-\*shadow\* | /etc/\* other than /etc/\*shadow\* | |
  |           | +---------------------+------------------------------------+ |
  |           | | /\*\-proc\-sys/     | /\*/ other than /proc/ /sys/       | |
  |           | +---------------------+------------------------------------+ |
  +-----------+--------------------------------------------------------------+

  +----------------+---------------------------------------------------------+
  | Representation | Meaning and example                                     |
  +----------------+---------------------------------------------------------+
  |   \\           | backslash character itself.                             |
  +----------------+---------------------------------------------------------+
  |   \ooo         | 1 byte character.                                       |
  |                | ooo is 001 <= ooo <= 040 || 177 <= ooo <= 377.          |
  |                |                                                         |
  |                |           \040 for space character.                     |
  |                |           \177 for del character.                       |
  |                |                                                         |
  +----------------+---------------------------------------------------------+

----- Part 5: Advantages -----

We can obtain extensibility.

  Since our proposed approach adds \ to a character to interpret as a wild
  card, we can introduce new wild card in future while maintaining backward
  compatibility.

We can process monotonically.

  Since our proposed approach separates strings using a space character,
  we can split strings using existing string manipulation functions.

We can reliably analyze access logs.

  It is guaranteed that a string doesn't contain space character (0x20) and
  new line character (0x0A).

  It is guaranteed that a string won't be converted by FTP and won't be damaged
  by a terminal's settings.

  It is guaranteed that a string won't be affected by encoding converters
  (except encodings which insert NUL character (e.g. UTF-16)).

----- Part 6: conclusion -----

TOMOYO Linux is using its own encoding with reasons described above.
There is a disadvantage that we need to introduce a series of new string
manipulation functions. But TOMOYO Linux's encoding is useful for all users
(including audit and AppArmor) who want to perform pattern matching and
safely exchange string information between the kernel and the userspace.

-------------------- About policy interface --------------------

TOMOYO Linux creates the following files on securityfs (normally
mounted on /sys/kernel/security) as interfaces between kernel and
userspace. These files are for TOMOYO Linux management tools *only*,
not for general programs.

  * profile
  * exception_policy
  * domain_policy
  * manager
  * meminfo
  * self_domain
  * version
  * .domain_status
  * .process_status

** /sys/kernel/security/tomoyo/profile **

This file is used to read or write profiles.

"profile" means a running mode of process. A profile lists up
functions and their modes in "$number-$variable=$value" format. The
$number is profile number between 0 and 255. Each domain is assigned
one profile. To assign profile to domains, use "ccs-setprofile" or
"ccs-editpolicy" or "ccs-loadpolicy" commands.

(Example)
[root@tomoyo]# cat /sys/kernel/security/tomoyo/profile
0-COMMENT=-----Disabled Mode-----
0-MAC_FOR_FILE=disabled
0-MAX_ACCEPT_ENTRY=2048
0-TOMOYO_VERBOSE=disabled
1-COMMENT=-----Learning Mode-----
1-MAC_FOR_FILE=learning
1-MAX_ACCEPT_ENTRY=2048
1-TOMOYO_VERBOSE=disabled
2-COMMENT=-----Permissive Mode-----
2-MAC_FOR_FILE=permissive
2-MAX_ACCEPT_ENTRY=2048
2-TOMOYO_VERBOSE=enabled
3-COMMENT=-----Enforcing Mode-----
3-MAC_FOR_FILE=enforcing
3-MAX_ACCEPT_ENTRY=2048
3-TOMOYO_VERBOSE=enabled

- MAC_FOR_FILE:
Specifies access control level regarding file access requests.
- MAX_ACCEPT_ENTRY:
Limits the max number of ACL entries that are automatically appended
during learning mode. Default is 2048.
- TOMOYO_VERBOSE:
Specifies whether to print domain policy violation messages or not.

** /sys/kernel/security/tomoyo/manager **

This file is used to read or append the list of programs or domains
that can write to /sys/kernel/security/tomoyo interface. By default,
only processes with both UID = 0 and EUID = 0 can modify policy via
/sys/kernel/security/tomoyo interface. You can use keyword
"manage_by_non_root" to allow policy modification by non root user.

(Example)
[root@tomoyo]# cat /sys/kernel/security/tomoyo/manager
/usr/lib/ccs/loadpolicy
/usr/lib/ccs/editpolicy
/usr/lib/ccs/setlevel
/usr/lib/ccs/setprofile
/usr/lib/ccs/ld-watch
/usr/lib/ccs/ccs-queryd

** /sys/kernel/security/tomoyo/exception_policy **

This file is used to read and write system global settings. Each line
has a directive and operand pair. Directives are listed below.

- initialize_domain:
To initialize domain transition when specific program is executed,
use initialize_domain directive.
  * initialize_domain "program" from "domain"
  * initialize_domain "program" from "the last program part of domain"
  * initialize_domain "program"
If the part "from" and after is not given, the entry is applied to
all domain. If the "domain" doesn't start with "<kernel>", the entry
is applied to all domain whose domainname ends with "the last program
part of domain".
This directive is intended to aggregate domain transitions for daemon
program and program that are invoked by the kernel on demand, by
transiting to different domain.

- keep_domain
To prevent domain transition when program is executed from specific
domain, use keep_domain directive.
  * keep_domain "program" from "domain"
  * keep_domain "program" from "the last program part of domain"
  * keep_domain "domain"
  * keep_domain "the last program part of domain"
If the part "from" and before is not given, this entry is applied to
all program. If the "domain" doesn't start with "<kernel>", the entry
is applied to all domain whose domainname ends with "the last program
part of domain".
This directive is intended to reduce total number of domains and
memory usage by suppressing unneeded domain transitions.
To declare domain keepers, use keep_domain directive followed by
domain definition.
Any process that belongs to any domain declared with this directive,
the process stays at the same domain unless any program registered
with initialize_domain directive is executed.

In order to control domain transition in detail, you can use
no_keep_domain/no_initialize_domain keywrods.

- alias:
To allow executing programs using the name of symbolic links, use
alias keyword followed by dereferenced pathname and reference
pathname. For example, /sbin/pidof is a symbolic link to
/sbin/killall5 . In normal case, if /sbin/pidof is executed, the
domain is defined as if /sbin/killall5 is executed. By specifying
"alias /sbin/killall5 /sbin/pidof", you can run /sbin/pidof in the
domain for /sbin/pidof .
(Example)
alias /sbin/killall5 /sbin/pidof

- allow_read:
To grant unconditionally readable permissions, use allow_read keyword
followed by canonicalized file. This keyword is intended to reduce
size of domain policy by granting read access to library files such
as GLIBC and locale files. Exception is, if ignore_global_allow_read
keyword is given to a domain, entries specified by this keyword are
ignored.
(Example)
allow_read /lib/libc-2.5.so

- file_pattern:
To declare pathname pattern, use file_pattern keyword followed by
pathname pattern. The pathname pattern must be a canonicalized
Pathname. This keyword is not applicable to neither granting execute
permissions nor domain definitions.
For example, canonicalized pathname that contains a process ID
(i.e. /proc/PID/ files) needs to be grouped in order to make access
control work well.
(Example)
file_pattern /proc/\$/cmdline

- path_group
To declare pathname group, use path_group keyword followed by name of
the group and pathname pattern. For example, if you want to group all
files under home directory, you can define
   path_group HOME-DIR-FILE /home/\*/\*
   path_group HOME-DIR-FILE /home/\*/\*/\*
   path_group HOME-DIR-FILE /home/\*/\*/\*/\*
in the exception policy and use like
   allow_read @HOME-DIR-FILE
to grant file access permission.

- deny_rewrite:
To deny overwriting already written contents of file (such as log
files) by default, use deny_rewrite keyword followed by pathname
pattern. Files whose pathname match the patterns are not permitted to
open for writing without append mode or truncate unless the pathnames
are explicitly granted using allow_rewrite keyword in domain policy.
(Example)
deny_rewrite /var/log/\*

- aggregator
To deal multiple programs as a single program, use aggregator keyword
followed by name of original program and aggregated program. This
keyword is intended to aggregate similar programs.
For example, /usr/bin/tac and /bin/cat are similar. By specifying
"aggregator /usr/bin/tac /bin/cat", you can run /usr/bin/tac in the
domain for /bin/cat .
For example, /usr/sbin/logrotate for Fedora Core 3 generates programs
like /tmp/logrotate.\?\?\?\?\?\? and run them, but TOMOYO Linux
doesn't allow using patterns for granting execute permission and
defining domains. By specifying
"aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp", you can
run /tmp/logrotate.\?\?\?\?\?\? as if /tmp/logrotate.tmp is running.

** /sys/kernel/security/tomoyo/domain_policy **

This file contains definition of all domains and permissions that are
granted to each domain.

Lines from the next line to a domain definition ( any lines starting
with "<kernel>") to the previous line to the next domain definitions
are interpreted as access permissions for that domain.

** /sys/kernel/security/tomoyo/meminfo **

This file is to show the total RAM used to keep policy in the kernel
by TOMOYO Linux in bytes.
(Example)
[root@tomoyo]# cat /sys/kernel/security/tomoyo/meminfo
Shared:       61440
Private:      69632
Dynamic:        768
Total:       131840

You can set memory quota by writing to this file.
(Example)
[root@tomoyo]# echo Shared: 2097152 > /sys/kernel/security/tomoyo/meminfo
[root@tomoyo]# echo Private: 2097152 > /sys/kernel/security/tomoyo/meminfo

** /sys/kernel/security/tomoyo/self_domain **

This file is to show the name of domain the caller process belongs to.
(Example)
[root@etch]# cat /sys/kernel/security/tomoyo/self_domain
<kernel> /usr/sbin/sshd /bin/zsh /bin/cat

** /sys/kernel/security/tomoyo/version **

This file is used for getting TOMOYO Linux's version.
(Example)
[root@etch]# cat /sys/kernel/security/tomoyo/version
2.2.0-pre

** /sys/kernel/security/tomoyo/.domain_status **

This is a view (of a DBMS) that contains only profile number and
domainnames of domain so that "ccs-setprofile" command can do
line-oriented processing easily.

** /sys/kernel/security/tomoyo/.process_status **

This file is used by "ccs-ccstree" command to show "list of processes
currently running" and "domains which each process belongs to" and
"profile number which the domain is currently assigned" like "pstree"
command. This file is writable by programs that aren't registered as
policy manager.

Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-12 15:15:04 +11:00
arch alpha: fixup BUG macro 2009-02-05 12:56:49 -08:00
block block: fix oops in blk_queue_io_stat() 2009-02-02 08:42:32 +01:00
crypto crypto: ccm - Fix handling of null assoc data 2009-01-27 17:11:15 +11:00
Documentation Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
drivers Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
firmware ti_usb_3410_5052: add Multi-Tech firmware 2009-01-12 16:37:01 -08:00
fs Add in_execve flag into task_struct. 2009-02-12 15:15:03 +11:00
include Add in_execve flag into task_struct. 2009-02-12 15:15:03 +11:00
init Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes 2009-01-26 15:10:37 -08:00
ipc Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
kernel wait: prevent exclusive waiter starvation 2009-02-05 12:56:48 -08:00
lib cpumask: convert lib/smp_processor_id to new cpumask ops 2009-01-30 15:47:34 +01:00
mm integrity: shmem zero fix 2009-02-11 15:27:15 +11:00
net sunrpc: fix rdma dependencies 2009-02-03 15:20:13 -08:00
samples samples: mark {static|__init|__exit} for {init|exit} functions 2009-01-06 15:59:12 -08:00
scripts Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes 2009-01-26 15:10:37 -08:00
security Common functions for TOMOYO Linux. 2009-02-12 15:15:04 +11:00
sound Merge branch 'fix/asoc' into for-linus 2009-02-04 18:19:11 +01:00
usr kbuild: gen_init_cpio expands shell variables in file names 2008-12-03 21:32:03 +01:00
virt/kvm kvm/iommu: fix compile warning 2009-01-03 16:37:53 +01:00
.gitignore Fix and clean top .gitignore 2008-06-29 12:18:00 -07:00
.mailmap Dmitry has been renamed 2009-01-06 15:59:13 -08:00
COPYING [PATCH] update FSF address in COPYING 2005-09-10 10:06:29 -07:00
CREDITS CREDITS address update for dwmw2. 2009-01-15 12:55:55 -08:00
Kbuild kbuild: asm symlink support for arch/$ARCH/include 2008-07-25 22:12:34 +02:00
MAINTAINERS Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
Makefile Linux 2.6.29-rc3 2009-01-28 10:49:30 -08:00
README kbuild: make *config usage docs 2009-01-02 20:43:25 +01:00
REPORTING-BUGS REPORTING-BUGS: cc the mailing list too 2008-02-07 08:42:17 -08:00

	Linux kernel release 2.6.xx <http://kernel.org/>

These are the release notes for Linux version 2.6.  Read them carefully,
as they tell you what this is all about, explain how to install the
kernel, and what to do if something goes wrong. 

WHAT IS LINUX?

  Linux is a clone of the operating system Unix, written from scratch by
  Linus Torvalds with assistance from a loosely-knit team of hackers across
  the Net. It aims towards POSIX and Single UNIX Specification compliance.

  It has all the features you would expect in a modern fully-fledged Unix,
  including true multitasking, virtual memory, shared libraries, demand
  loading, shared copy-on-write executables, proper memory management,
  and multistack networking including IPv4 and IPv6.

  It is distributed under the GNU General Public License - see the
  accompanying COPYING file for more details. 

ON WHAT HARDWARE DOES IT RUN?

  Although originally developed first for 32-bit x86-based PCs (386 or higher),
  today Linux also runs on (at least) the Compaq Alpha AXP, Sun SPARC and
  UltraSPARC, Motorola 68000, PowerPC, PowerPC64, ARM, Hitachi SuperH, Cell,
  IBM S/390, MIPS, HP PA-RISC, Intel IA-64, DEC VAX, AMD x86-64, AXIS CRIS,
  Xtensa, AVR32 and Renesas M32R architectures.

  Linux is easily portable to most general-purpose 32- or 64-bit architectures
  as long as they have a paged memory management unit (PMMU) and a port of the
  GNU C compiler (gcc) (part of The GNU Compiler Collection, GCC). Linux has
  also been ported to a number of architectures without a PMMU, although
  functionality is then obviously somewhat limited.
  Linux has also been ported to itself. You can now run the kernel as a
  userspace application - this is called UserMode Linux (UML).

DOCUMENTATION:

 - There is a lot of documentation available both in electronic form on
   the Internet and in books, both Linux-specific and pertaining to
   general UNIX questions.  I'd recommend looking into the documentation
   subdirectories on any Linux FTP site for the LDP (Linux Documentation
   Project) books.  This README is not meant to be documentation on the
   system: there are much better sources available.

 - There are various README files in the Documentation/ subdirectory:
   these typically contain kernel-specific installation notes for some 
   drivers for example. See Documentation/00-INDEX for a list of what
   is contained in each file.  Please read the Changes file, as it
   contains information about the problems, which may result by upgrading
   your kernel.

 - The Documentation/DocBook/ subdirectory contains several guides for
   kernel developers and users.  These guides can be rendered in a
   number of formats:  PostScript (.ps), PDF, HTML, & man-pages, among others.
   After installation, "make psdocs", "make pdfdocs", "make htmldocs",
   or "make mandocs" will render the documentation in the requested format.

INSTALLING the kernel source:

 - If you install the full sources, put the kernel tarball in a
   directory where you have permissions (eg. your home directory) and
   unpack it:

		gzip -cd linux-2.6.XX.tar.gz | tar xvf -

   or
		bzip2 -dc linux-2.6.XX.tar.bz2 | tar xvf -


   Replace "XX" with the version number of the latest kernel.

   Do NOT use the /usr/src/linux area! This area has a (usually
   incomplete) set of kernel headers that are used by the library header
   files.  They should match the library, and not get messed up by
   whatever the kernel-du-jour happens to be.

 - You can also upgrade between 2.6.xx releases by patching.  Patches are
   distributed in the traditional gzip and the newer bzip2 format.  To
   install by patching, get all the newer patch files, enter the
   top level directory of the kernel source (linux-2.6.xx) and execute:

		gzip -cd ../patch-2.6.xx.gz | patch -p1

   or
		bzip2 -dc ../patch-2.6.xx.bz2 | patch -p1

   (repeat xx for all versions bigger than the version of your current
   source tree, _in_order_) and you should be ok.  You may want to remove
   the backup files (xxx~ or xxx.orig), and make sure that there are no
   failed patches (xxx# or xxx.rej). If there are, either you or me has
   made a mistake.

   Unlike patches for the 2.6.x kernels, patches for the 2.6.x.y kernels
   (also known as the -stable kernels) are not incremental but instead apply
   directly to the base 2.6.x kernel.  Please read
   Documentation/applying-patches.txt for more information.

   Alternatively, the script patch-kernel can be used to automate this
   process.  It determines the current kernel version and applies any
   patches found.

		linux/scripts/patch-kernel linux

   The first argument in the command above is the location of the
   kernel source.  Patches are applied from the current directory, but
   an alternative directory can be specified as the second argument.

 - If you are upgrading between releases using the stable series patches
   (for example, patch-2.6.xx.y), note that these "dot-releases" are
   not incremental and must be applied to the 2.6.xx base tree. For
   example, if your base kernel is 2.6.12 and you want to apply the
   2.6.12.3 patch, you do not and indeed must not first apply the
   2.6.12.1 and 2.6.12.2 patches. Similarly, if you are running kernel
   version 2.6.12.2 and want to jump to 2.6.12.3, you must first
   reverse the 2.6.12.2 patch (that is, patch -R) _before_ applying
   the 2.6.12.3 patch.
   You can read more on this in Documentation/applying-patches.txt

 - Make sure you have no stale .o files and dependencies lying around:

		cd linux
		make mrproper

   You should now have the sources correctly installed.

SOFTWARE REQUIREMENTS

   Compiling and running the 2.6.xx kernels requires up-to-date
   versions of various software packages.  Consult
   Documentation/Changes for the minimum version numbers required
   and how to get updates for these packages.  Beware that using
   excessively old versions of these packages can cause indirect
   errors that are very difficult to track down, so don't assume that
   you can just update packages when obvious problems arise during
   build or operation.

BUILD directory for the kernel:

   When compiling the kernel all output files will per default be
   stored together with the kernel source code.
   Using the option "make O=output/dir" allow you to specify an alternate
   place for the output files (including .config).
   Example:
     kernel source code:	/usr/src/linux-2.6.N
     build directory:		/home/name/build/kernel

   To configure and build the kernel use:
   cd /usr/src/linux-2.6.N
   make O=/home/name/build/kernel menuconfig
   make O=/home/name/build/kernel
   sudo make O=/home/name/build/kernel modules_install install

   Please note: If the 'O=output/dir' option is used then it must be
   used for all invocations of make.

CONFIGURING the kernel:

   Do not skip this step even if you are only upgrading one minor
   version.  New configuration options are added in each release, and
   odd problems will turn up if the configuration files are not set up
   as expected.  If you want to carry your existing configuration to a
   new version with minimal work, use "make oldconfig", which will
   only ask you for the answers to new questions.

 - Alternate configuration commands are:
	"make config"      Plain text interface.
	"make menuconfig"  Text based color menus, radiolists & dialogs.
	"make xconfig"     X windows (Qt) based configuration tool.
	"make gconfig"     X windows (Gtk) based configuration tool.
	"make oldconfig"   Default all questions based on the contents of
			   your existing ./.config file and asking about
			   new config symbols.
	"make silentoldconfig"
			   Like above, but avoids cluttering the screen
			   with questions already answered.
	"make defconfig"   Create a ./.config file by using the default
			   symbol values from arch/$ARCH/defconfig.
	"make allyesconfig"
			   Create a ./.config file by setting symbol
			   values to 'y' as much as possible.
	"make allmodconfig"
			   Create a ./.config file by setting symbol
			   values to 'm' as much as possible.
	"make allnoconfig" Create a ./.config file by setting symbol
			   values to 'n' as much as possible.
	"make randconfig"  Create a ./.config file by setting symbol
			   values to random values.

   You can find more information on using the Linux kernel config tools
   in Documentation/kbuild/make-configs.txt.

	NOTES on "make config":
	- having unnecessary drivers will make the kernel bigger, and can
	  under some circumstances lead to problems: probing for a
	  nonexistent controller card may confuse your other controllers
	- compiling the kernel with "Processor type" set higher than 386
	  will result in a kernel that does NOT work on a 386.  The
	  kernel will detect this on bootup, and give up.
	- A kernel with math-emulation compiled in will still use the
	  coprocessor if one is present: the math emulation will just
	  never get used in that case.  The kernel will be slightly larger,
	  but will work on different machines regardless of whether they
	  have a math coprocessor or not. 
	- the "kernel hacking" configuration details usually result in a
	  bigger or slower kernel (or both), and can even make the kernel
	  less stable by configuring some routines to actively try to
	  break bad code to find kernel problems (kmalloc()).  Thus you
	  should probably answer 'n' to the questions for
          "development", "experimental", or "debugging" features.

COMPILING the kernel:

 - Make sure you have at least gcc 3.2 available.
   For more information, refer to Documentation/Changes.

   Please note that you can still run a.out user programs with this kernel.

 - Do a "make" to create a compressed kernel image. It is also
   possible to do "make install" if you have lilo installed to suit the
   kernel makefiles, but you may want to check your particular lilo setup first.

   To do the actual install you have to be root, but none of the normal
   build should require that. Don't take the name of root in vain.

 - If you configured any of the parts of the kernel as `modules', you
   will also have to do "make modules_install".

 - Verbose kernel compile/build output:

   Normally the kernel build system runs in a fairly quiet mode (but not
   totally silent).  However, sometimes you or other kernel developers need
   to see compile, link, or other commands exactly as they are executed.
   For this, use "verbose" build mode.  This is done by inserting
   "V=1" in the "make" command.  E.g.:

	make V=1 all

   To have the build system also tell the reason for the rebuild of each
   target, use "V=2".  The default is "V=0".

 - Keep a backup kernel handy in case something goes wrong.  This is 
   especially true for the development releases, since each new release
   contains new code which has not been debugged.  Make sure you keep a
   backup of the modules corresponding to that kernel, as well.  If you
   are installing a new kernel with the same version number as your
   working kernel, make a backup of your modules directory before you
   do a "make modules_install".
   Alternatively, before compiling, use the kernel config option
   "LOCALVERSION" to append a unique suffix to the regular kernel version.
   LOCALVERSION can be set in the "General Setup" menu.

 - In order to boot your new kernel, you'll need to copy the kernel
   image (e.g. .../linux/arch/i386/boot/bzImage after compilation)
   to the place where your regular bootable kernel is found. 

 - Booting a kernel directly from a floppy without the assistance of a
   bootloader such as LILO, is no longer supported.

   If you boot Linux from the hard drive, chances are you use LILO which
   uses the kernel image as specified in the file /etc/lilo.conf.  The
   kernel image file is usually /vmlinuz, /boot/vmlinuz, /bzImage or
   /boot/bzImage.  To use the new kernel, save a copy of the old image
   and copy the new image over the old one.  Then, you MUST RERUN LILO
   to update the loading map!! If you don't, you won't be able to boot
   the new kernel image.

   Reinstalling LILO is usually a matter of running /sbin/lilo. 
   You may wish to edit /etc/lilo.conf to specify an entry for your
   old kernel image (say, /vmlinux.old) in case the new one does not
   work.  See the LILO docs for more information. 

   After reinstalling LILO, you should be all set.  Shutdown the system,
   reboot, and enjoy!

   If you ever need to change the default root device, video mode,
   ramdisk size, etc.  in the kernel image, use the 'rdev' program (or
   alternatively the LILO boot options when appropriate).  No need to
   recompile the kernel to change these parameters. 

 - Reboot with the new kernel and enjoy. 

IF SOMETHING GOES WRONG:

 - If you have problems that seem to be due to kernel bugs, please check
   the file MAINTAINERS to see if there is a particular person associated
   with the part of the kernel that you are having trouble with. If there
   isn't anyone listed there, then the second best thing is to mail
   them to me (torvalds@linux-foundation.org), and possibly to any other
   relevant mailing-list or to the newsgroup.

 - In all bug-reports, *please* tell what kernel you are talking about,
   how to duplicate the problem, and what your setup is (use your common
   sense).  If the problem is new, tell me so, and if the problem is
   old, please try to tell me when you first noticed it.

 - If the bug results in a message like

	unable to handle kernel paging request at address C0000010
	Oops: 0002
	EIP:   0010:XXXXXXXX
	eax: xxxxxxxx   ebx: xxxxxxxx   ecx: xxxxxxxx   edx: xxxxxxxx
	esi: xxxxxxxx   edi: xxxxxxxx   ebp: xxxxxxxx
	ds: xxxx  es: xxxx  fs: xxxx  gs: xxxx
	Pid: xx, process nr: xx
	xx xx xx xx xx xx xx xx xx xx

   or similar kernel debugging information on your screen or in your
   system log, please duplicate it *exactly*.  The dump may look
   incomprehensible to you, but it does contain information that may
   help debugging the problem.  The text above the dump is also
   important: it tells something about why the kernel dumped code (in
   the above example it's due to a bad kernel pointer). More information
   on making sense of the dump is in Documentation/oops-tracing.txt

 - If you compiled the kernel with CONFIG_KALLSYMS you can send the dump
   as is, otherwise you will have to use the "ksymoops" program to make
   sense of the dump (but compiling with CONFIG_KALLSYMS is usually preferred).
   This utility can be downloaded from
   ftp://ftp.<country>.kernel.org/pub/linux/utils/kernel/ksymoops/ .
   Alternately you can do the dump lookup by hand:

 - In debugging dumps like the above, it helps enormously if you can
   look up what the EIP value means.  The hex value as such doesn't help
   me or anybody else very much: it will depend on your particular
   kernel setup.  What you should do is take the hex value from the EIP
   line (ignore the "0010:"), and look it up in the kernel namelist to
   see which kernel function contains the offending address.

   To find out the kernel function name, you'll need to find the system
   binary associated with the kernel that exhibited the symptom.  This is
   the file 'linux/vmlinux'.  To extract the namelist and match it against
   the EIP from the kernel crash, do:

		nm vmlinux | sort | less

   This will give you a list of kernel addresses sorted in ascending
   order, from which it is simple to find the function that contains the
   offending address.  Note that the address given by the kernel
   debugging messages will not necessarily match exactly with the
   function addresses (in fact, that is very unlikely), so you can't
   just 'grep' the list: the list will, however, give you the starting
   point of each kernel function, so by looking for the function that
   has a starting address lower than the one you are searching for but
   is followed by a function with a higher address you will find the one
   you want.  In fact, it may be a good idea to include a bit of
   "context" in your problem report, giving a few lines around the
   interesting one. 

   If you for some reason cannot do the above (you have a pre-compiled
   kernel image or similar), telling me as much about your setup as
   possible will help.  Please read the REPORTING-BUGS document for details.

 - Alternately, you can use gdb on a running kernel. (read-only; i.e. you
   cannot change values or set break points.) To do this, first compile the
   kernel with -g; edit arch/i386/Makefile appropriately, then do a "make
   clean". You'll also need to enable CONFIG_PROC_FS (via "make config").

   After you've rebooted with the new kernel, do "gdb vmlinux /proc/kcore".
   You can now use all the usual gdb commands. The command to look up the
   point where your system crashed is "l *0xXXXXXXXX". (Replace the XXXes
   with the EIP value.)

   gdb'ing a non-running kernel currently fails because gdb (wrongly)
   disregards the starting offset for which the kernel is compiled.