From b2387b6720c455146000d90f1bdf2556852dd2ff Mon Sep 17 00:00:00 2001
From: Elena <18021067879@163.com>
Date: Tue, 30 Nov 2021 02:40:12 +0000
Subject: [PATCH 1/2] update docs/en/docs/SecHarden/file-permissions.md.

---
 docs/en/docs/SecHarden/file-permissions.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/en/docs/SecHarden/file-permissions.md b/docs/en/docs/SecHarden/file-permissions.md
index 8a5118de6..824661369 100644
--- a/docs/en/docs/SecHarden/file-permissions.md
+++ b/docs/en/docs/SecHarden/file-permissions.md
@@ -153,10 +153,8 @@ Any user can modify globally writable files, which affects system integrity.
 
 1.  Search for all globally writable files.
 
-    ```
     find / -type d ( -perm -o+w ) | grep -v proc
     find / -type f ( -perm -o+w ) | grep -v proc
-    ```
 
 2.  View the settings of files \(excluding files and directories with sticky bits\) listed in step 1, and delete the files or disable the globally writable permission on them. Run the following command to remove the permission. In the command,  _filename_  indicates the file name.
 
-- 
Gitee


From cd3831f59e6d177b73618e488e64e70f1c6a717a Mon Sep 17 00:00:00 2001
From: Tong Tiangen <tongtiangen@huawei.com>
Date: Thu, 9 Dec 2021 03:54:39 +0000
Subject: [PATCH 2/2] =?UTF-8?q?update=20docs/zh/docs/kernel/RAS/UCE?=
 =?UTF-8?q?=E5=AE=B9=E9=94=99=E7=89=B9=E6=80=A7.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tong Tiangen <tongtiangen@huawei.com>
---
 ...71\351\224\231\347\211\271\346\200\247.md" | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 "docs/zh/docs/kernel/RAS/UCE\345\256\271\351\224\231\347\211\271\346\200\247.md"

diff --git "a/docs/zh/docs/kernel/RAS/UCE\345\256\271\351\224\231\347\211\271\346\200\247.md" "b/docs/zh/docs/kernel/RAS/UCE\345\256\271\351\224\231\347\211\271\346\200\247.md"
new file mode 100644
index 000000000..afc3e5017
--- /dev/null
+++ "b/docs/zh/docs/kernel/RAS/UCE\345\256\271\351\224\231\347\211\271\346\200\247.md"
@@ -0,0 +1,34 @@
+# 特性介绍
+
+当前Linux内核对在内核态消费的UCE错误的处理方式是panic，本特性支持在如下两种场景下消费UCE不会导致内核panic：
+
+1、用户态进程fork 子进程，在内核态触发写时拷贝（COW）处理。
+
+2、用户态进程读文件，在内核态触发读page cache。
+
+
+
+考虑到这两种场景内存出错的影响范围仅仅是在触发UCE的用户进程本身，不会对系统带来其他危害，所以在这两种场景下用kill用户进程代替系统panic是合理的。
+
+
+
+# 对外接口
+
+
+
+1. cmdline参数
+
+   格式：uce_kernel_recovery=xx，xx取值范围为0~3
+
+
+   其中：0 - 关闭特性
+
+   ​           1 – 写时复制(COW)场景打开特性
+
+   ​           2 - 读page cache场景打开特性
+
+   ​           3 – 写时复制(COW)和读page cache场景均打开特性
+
+2. proc/sys/kernel/uce_kernel_recovery，该接口可读可写，写入的范围为0~3，意义同上。
+
+3. 新增CONFIG_UCE_KERNEL_RECOVERY配置项，默认打开，该配置项依赖CONFIG_ARM64_ERR_RECOV。
-- 
Gitee