Free kernel panic software for linux

Kernel Version Monitor is a Superkaramba theme that creates a widget displaying the current version information of the Linux kernel as put forth by the kernel.org RSS feed here: http://kernel.org/kdist/rss.xml . Kernel Version Monitor uses the Tux icon from the nuoveXT icon theme found at http://nuovext.pwsp.net

Kudos and thanks to Richard "Ricardo" Szlachta for his advice on refining the aesthetics of this theme.

This is my first Superkaramba theme and a work in progress. I would love to hear comments, opinions and suggestions in order to improve this theme.

Install Kernel interfaces with the Linux operating system by running a series of functions or groups of commands that automate the compiling or recompiling and installation process.
Install Kernel project consists of three groups of functions: building the kernel and moving files, checking dependencies, and editing the boot loader configuration file. Grouping all of the functions in these three groups makes maintaining and altering the script much easier.
Install Kernel can also be considered a program, because a program does checking and makes choices accordingly. A script is usually a file, which contains a certain number of commands with no logic in mind. Therefore, while ik is technically a script, it can also be called a program.
Dependency checks are to make sure the current system configuration and settings are properly setup before proceeding with the kernel build. There are seven dependency checks, they are: a root check, space check, link check, boot check, boot loader check, configuration check, and a module check.
First, the root check makes sure the user is a super user; which means they are capable of editing important system files only accessible to the root account. The space check makes sure there is at least 200 megabytes available.
The kernel source these days is around 150 megabytes just for the source code. When one compiles the kernel, it may increase the size to 50 megabytes or more. Therefore, ik
checks for at least 200MB available in order to successfully compile the kernel without running out of space. Next, it is not required, but it is standard to have a symbolic link of /usr/src/linux pointing to /usr/src/linux-x.y.z.
The fourth check makes sure the user has a /boot directory, this is where the Linux kernel files will be installed to. The fifth check determines the bootloader that will be used. There are two main boot loaders in Linux. LILO and GRUB are the two most popular for booting the operating system.
This check accurately finds whether the kernel was booted from either LILO or GRUB by checking which bootloader was used last. It then tells the rest of the script to edit the correct one accordingly. The sixth configuration check is to make sure users have created a proper kernel configuration file, which is used in the process of building the Linux kernel.
The final check is a module check, if modules are turned off, the script will determine this and alter the installation process to install with no module support. The main idea behind the depdency checks is to make sure the user cannot damage his or her system if they do not do something right.
The installation process also contains seven functions. The installation process is usually several commands. However, because of the differences that can occur in a users configuration file, each part of the building process must be checked and the building process may need to be altered.
The first function makes sure the dependencies are setup correctly for all files in the kernel source tree. The second function deletes stale object files and or old kernel files. Next, the third function is the kernel build function; this function runs a command to build the Linux kernel. Next, functions four and five make and install modules if the user had specified module support in his or her kernel configuration file.
The sixth function moves the Linux kernel and its System dependency map to the boot partition. The last function of the build process sets up module dependencies for the new kernel if modules were defined. The installation process also includes a small error check for each part of the kernel build process.
If any part of the kernel build process fails; the script will abort, not modifying any boot loader configuration files. This is important; because if it did not abort, it may alter the boot loader configuration files, thus rendering the system unbootable. It is important to support every Linux configuration possible because of the wide use of this script.
The boot loader configuration and setup process is probably the most important aspect of installing a new kernel. An improper boot loader configuration may leave one with system that does not boot; or simply does not boot the new kernel.
It is also important, as some systems may have two or more boot loaders installed. There are four functions defined for this process. The first function uses the boot loader, which was defined during the configuration checks. The second function defines where the LILO or GRUB configuration files are located.
Next, depending on which boot loader is found, either LILO or GRUB configuration files are edited automatically by sed. Sed is a stream editor, which edits a file with no user intervention. If user intervention were required, the user would have to be present between certain parts of the kernel installation. With ik, it makes efficient use of a users time because only one command needs to be entered to complete the entire installation and setup process.
Install Kernel is a useful tool for those who are new to Linux, rebuild their kernel often, or value their time. It reduces the commands for installing the kernel from about thirteen to one. Users new to Linux may find this attractive.
This is because the entire process is automated; and if something is not correct, in most cases ik will notify the user what is incorrect, and how to fix the error. On the other side, for experienced users who do not wish to spend valuable time installing a new kernel, this is also very handy. Install Kernel is efficient by requiring no user intervention and reducing time spent on kernel installs, and effective by giving new to Linux the option for an easy kernel upgrade.
Enhancements:
- Updated to work with the newer version of coreutils for head and tail.
- The MAKE_JOBS directive has been removed in favor of make -j2 to prevent make from spawning hundreds of jobs if /proc/cpuinfo did not exist.

Kernel Configuration Comparison (kccmp) provides a GUI for comparing two Linux kernel ".config" files.
It shows configuration variables with different values in a tabular format. It also shows configuration variables found in only one of the input configuration files.
Building:
kccmp by default requires Qt 3.x. However, by changing one line in kccmp.pro you can build against Qt 4.x. Note that the Qt 4.x build requilres libboost_regex as well.
The standard build is as easy as:
example:
% qmake
% make
Usage
% kccmp /path/to/first/.config path/to/second/.config
example:
% kccmp /usr/src/linux/.config /usr/src/linux/.config.old
Enhancements:
- This release was ported to Qt 3.x.
- The requirement for libboost_regex was removed.
- Building with either Qt 4.x or Qt 3.x is now supported.

The Kernel-Machine Library is a freely available (released under the GPL) C++ library to promote the use and progress of kernel machines. It is both for academic use and for developing real world applications.
The Kernel-Machine Library draws heavily from features of modern C++ such as template meta-programming to achieve high performance while at the same time offering a comfortable interface.
It enables compile-time selection of specialised algorithms on the basis of data types: for example, the specific case of a SVM in combination with a linear kernel can be computed by a specialised efficient algorithm.
The Kernel-Machine Library has implementations for the following kernel machines and their cited algorithms:
- Support Vector Machine [1, 2, 3]
- Relevance Vector Machine [4]
- Kernel Recursive Least Squares [5]
- Adaptive Sparseness using Jeffreys Prior [6]
- Smooth Relevance Vector Machine [7]
Up till now, the focus has been on regression. The handling of classification and ranking problems is being added.

The Linux SMP kernel uses spinlocks to protect data structures from concurrent, potentially conflicting accesses. Linux Kernel Spinlock Metering is a kernel patch that allows you to build an i386, ia64, Alpha, Sparc64, or mips64 kernel that can perform simple "metering" (record-keeping) of spinlock usage. Also available is source for an associated new command, lockstat, that is used to instruct the kernel to turn this lock metering on or off, and to retrieve the metering data from the kernel and display it in a human-readable format.

Data displayed includes the number of lock attempts, per-spinlock per-caller, the number of those attempts that were immediately successful vs. those that required the attempting locker to wait for the current lock-holder to release; the mean and max hold-time, and the mean, max, and cumulative wait-time. Whenever possible, the locking caller and the spinlocks are identified by their symbolic names, not by their virtual addresses.

Various patch sets are available. Version 1.1.4 patches the 2.2.14 kernel and reflects a relatively old flavor of Lockmeter. Version 1.4.11 patches the 2.4.16, 2.4.17, 2.5.3, and 2.5.5 kernels, and the previous release v1.4.9 patches various other releases of the 2.4.x kernel. This version 1.4 supports i386, alpha, ia64, mips64, and sparc64. The most recent version 1.5 is available as a patch against the 2.4.18 and various 2.5.x kernels, and it additionally supports mips (32-bit mips). Each is approximately 22 KB in gziped size. (Patches against a few older kernel versions are also available in the old subdirectory.) After applying the appropriate patch, make oldconfig presents a new Kernel lock metering option in the Kernel hacking subsection -- although only if CONFIG_SMP (Symmetric multi-processing support) has been enabled. The spinlock metering code is compiled into the kernel only when this new option is turned on.

Compiling the spinlock metering code into the kernel does not materially affect the kernel size because the additional code is roughly compensated for by the shrinking effect of the normally in-line locking routines now becoming procedure calls. A metering-capable kernel (i.e., with the patch applied, but data collection turned off) is negligibly slower than a non-metering-capable kernel, though a metering-capable kernel does slow when the metering data collection is turned on using the lockstat command (typically 8% for a systime==25% workload). Care has been taken to minimize performance degradation, and further improvements are in progress.

The lockstat command must also be downloaded, compiled, and installed. lockstat is a privileged command that requires root access. It reads and writes to the node /proc/lockmeter to control the kernels metering as follows:

lockstat on enables the kernels metering data collection,
lockstat options displays the collected data, and
lockstat off disables the metering data collection.

Run lockstat with no arguments to see a verbose description of the command arguments and options.

When metering is enabled, count and time data is collected in malloced arrays that are private to each CPU, thereby avoiding costly cacheblock coherency operations that would otherwise be required if all CPUs updated the same count and time fields. The lockstat command accumulates and sorts the per-cpu data at display time.

Lockmetering attempts to provide both "cause" and "effect" information about spinlock usage. The "hold time" metering exposes which spinlocks are being held and for how long, identified by where they are held inside the kernel. The "wait-time" metering exposes the effects of these hold-times when multiple CPUs concurrently contend for the same lock.

Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various security fixes.
The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
Non-executable user stack area.
Most buffer overflow exploits are based on overwriting a functions return address on the stack to point to some arbitrary code, which is also put onto the stack. If the stack area is non-executable, buffer overflow vulnerabilities become harder to exploit.
Another way to exploit a buffer overflow is to point the return address to a function in libc, usually system(). This patch also changes the default address that shared libraries are mmap()ed at to make it always contain a zero byte. This makes it impossible to specify any more data (parameters to the function, or more copies of the return address when filling with a pattern), -- in many exploits that have to do with ASCIIZ strings.
However, note that this patch is by no means a complete solution, it just adds an extra layer of security. Many buffer overflow vulnerabilities will remain exploitable a more complicated way, and some will even remain unaffected by the patch. The reason for using such a patch is to protect against some of the buffer overflow vulnerabilities that are yet unknown.
Also, note that some buffer overflows can be used for denial of service attacks (usually in non-respawning daemons and network clients). A patch like this cannot do anything against that.
It is important that you fix vulnerabilities as soon as they become known, even if youre using the patch. The same applies to other features of the patch (discussed below) and their corresponding vulnerabilities.
Restricted links in /tmp.
Ive also added a link-in-+t restriction, originally for Linux 2.0 only, by Andrew Tridgell. Ive updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they dont own, unless they could read and write the file (due to group permissions). This is usually the desired behavior anyway, since otherwise users couldnt remove such links theyve just created in a +t directory (unfortunately, this is still possible for group-writable files) and because of disk quotas.
Unfortunately, this may break existing applications.
Restricted FIFOs in /tmp.
In addition to restricting links, you might also want to restrict writes into untrusted FIFOs (named pipes), to make data spoofing attacks harder. Enabling this option disallows writing into FIFOs not owned by the user in +t directories, unless the owner is the same as that of the directory or the FIFO is opened without the O_CREAT flag.
Restricted /proc.
This was originally a patch by route that only changed the permissions on some directories in /proc, so you had to be root to access them. Then there were similar patches by others. I found them all quite unusable for my purposes, on a system where I wanted several admins to be able to see all the processes, etc, without having to su root (or use sudo) each time. So I had to create my own patch that I include here.
This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless theyre in a special group. This groups id is specified via the gid= mount option, and is 0 by default. (Note: if youre using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having to reboot).
When using this part of the patch, most programs (ps, top, who) work as desired -- they only show the processes of this user (unless root or in the special group, or running with the relevant capabilities on 2.2+), and dont complain they cant access others. However, theres a known problem with w(1) in recent versions of procps, so you should apply the included patch to procps if this applies to you.
Enhancements:
- This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel.
- It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).