[PATCH 04/21] hexagon: clean up ioremap

Use ioremap as the main implemented function, and defined ioremap_nocache to it as a deprecated alias. Signed-off-by: Christoph Hellwig --- arch/hexagon/include/asm/io.h | 11 ++- arch/hexagon/kernel/hexagon_ksyms.c | 2 +- arch/hexagon/mm/ioremap.c | 2 +- 3 files

[PATCH 03/21] ia64: rename ioremap_nocache to ioremap_uc

On ia64 ioremap_nocache fails if attributs don't match. Not other architectures does this, and we plan to get rid of ioremap_nocache. So get rid of the special semantics and define ioremap_nocache in terms of ioremap as no portable driver could rely on the behavior anyway. However x86 implements

[PATCH 05/21] alpha: remove the unused __ioremap wrapper

No need for the additional namespace pollution. Signed-off-by: Christoph Hellwig --- arch/alpha/include/asm/io.h | 6 -- 1 file changed, 6 deletions(-) diff --git a/arch/alpha/include/asm/io.h b/arch/alpha/include/asm/io.h index af2c0063dc75..1989b946a28d 100644 ---

[PATCH 09/21] xtensa: clean up ioremap

Use ioremap as the main implemented function, and defined ioremap_nocache to it as a deprecated alias. Signed-off-by: Christoph Hellwig --- arch/xtensa/include/asm/io.h | 14 -- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/arch/xtensa/include/asm/io.h

[PATCH 10/21] asm-generic: ioremap_uc should behave the same with and without MMU

Whatever reason there is for the existence of ioremap_uc, and the fact that it returns NULL by default on architectures with an MMU applies equally to nommu architectures, so don't provide different defaults. In practice the difference is meaningless as the only portable driver that uses

generic ioremap (and lots of cleanups) v2

Hi all, the last patches in this series add a generic ioremap implementation, and switch our 3 most recent and thus most tidy architeture ports over to use it. With a little work and an additional arch hook or two the implementation should be able to eventually cover more than half of our ports.

[PATCH 01/21] arm: remove ioremap_cached

No users of ioremap_cached are left, remove it. Signed-off-by: Christoph Hellwig --- arch/arm/include/asm/io.h | 6 -- arch/arm/mm/ioremap.c | 4 arch/arm/mm/mmu.c | 2 +- arch/arm/mm/nommu.c | 4 4 files changed, 1 insertion(+), 15 deletions(-) diff --git

[PATCH 02/21] unicore32: remove ioremap_cached

No users of ioremap_cached are left, remove it. Signed-off-by: Christoph Hellwig --- arch/unicore32/include/asm/io.h | 4 +--- arch/unicore32/mm/ioremap.c | 8 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/arch/unicore32/include/asm/io.h

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/16 0:58, Greg KH wrote: > On Tue, Oct 15, 2019 at 06:40:29PM +0800, Yunsheng Lin wrote: >> On 2019/10/14 17:25, Greg KH wrote: >>> On Mon, Oct 14, 2019 at 04:00:46PM +0800, Yunsheng Lin wrote: On 2019/10/12 18:47, Greg KH wrote: > On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg

Re: [PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Oct 10, 2019 at 05:05:40PM -0700, Kees Cook wrote: > Arch maintainers: please send Acks (if you haven't already) for your > respective linker script changes; the intention is for this series to > land via -tip. > > v1:

Re: [PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

On Thu, Oct 10, 2019 at 05:05:46PM -0700, Kees Cook wrote: > In preparation for moving NOTES into RO_DATA, move RO_DATA back into the > "text" PT_LOAD Program Header, as done with other architectures. The > "data" PT_LOAD now starts with the writable data section. > > Signed-off-by: Kees Cook >

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Tue, Oct 15, 2019 at 06:54:13PM +0200, Borislav Petkov wrote: > On Fri, Oct 11, 2019 at 11:25:52AM -0500, Segher Boessenkool wrote: > > Names *matter*, internal names doubly so. So why replace a good name with > > a worse name? Because it is slightly less work for you? > > So if we agree on

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Tue, Oct 15, 2019 at 06:40:29PM +0800, Yunsheng Lin wrote: > On 2019/10/14 17:25, Greg KH wrote: > > On Mon, Oct 14, 2019 at 04:00:46PM +0800, Yunsheng Lin wrote: > >> On 2019/10/12 18:47, Greg KH wrote: > >>> On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg KH wrote: > On Sat, Oct 12, 2019

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Fri, Oct 11, 2019 at 11:25:52AM -0500, Segher Boessenkool wrote: > Names *matter*, internal names doubly so. So why replace a good name with > a worse name? Because it is slightly less work for you? So if we agree on the name "notes" and we decide to rename the other arches, this should all

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/14 17:25, Greg KH wrote: > On Mon, Oct 14, 2019 at 04:00:46PM +0800, Yunsheng Lin wrote: >> On 2019/10/12 18:47, Greg KH wrote: >>> On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg KH wrote: On Sat, Oct 12, 2019 at 05:47:56PM +0800, Yunsheng Lin wrote: > On 2019/10/12 15:40, Greg

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Mon, Oct 14, 2019 at 11:49:12AM +0200, Peter Zijlstra wrote: > On Mon, Oct 14, 2019 at 11:25:09AM +0200, Greg KH wrote: > > Good luck, I don't really think that most, if any, of this is needed, > > but hey, it's nice to clean it up where it can be :) > > Some of the virtual devices we have

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Mon, Oct 14, 2019 at 11:25:09AM +0200, Greg KH wrote: > Good luck, I don't really think that most, if any, of this is needed, > but hey, it's nice to clean it up where it can be :) Some of the virtual devices we have (that use devm) really ought to set the node too, like drivers/base/cpu.c and

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Mon, Oct 14, 2019 at 04:00:46PM +0800, Yunsheng Lin wrote: > On 2019/10/12 18:47, Greg KH wrote: > > On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg KH wrote: > >> On Sat, Oct 12, 2019 at 05:47:56PM +0800, Yunsheng Lin wrote: > >>> On 2019/10/12 15:40, Greg KH wrote: > On Sat, Oct 12, 2019

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/12 18:47, Greg KH wrote: > On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg KH wrote: >> On Sat, Oct 12, 2019 at 05:47:56PM +0800, Yunsheng Lin wrote: >>> On 2019/10/12 15:40, Greg KH wrote: On Sat, Oct 12, 2019 at 02:17:26PM +0800, Yunsheng Lin wrote: > add pci and acpi

Re: [PATCH v2 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

On Thu, Oct 10, 2019 at 5:16 PM Kees Cook wrote: > > Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. > > Signed-off-by: Kees Cook > --- > arch/xtensa/kernel/vmlinux.lds.S | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Acked-by: Max Filippov -- Thanks. -- Max

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Sat, Oct 12, 2019 at 12:40:01PM +0200, Greg KH wrote: > On Sat, Oct 12, 2019 at 05:47:56PM +0800, Yunsheng Lin wrote: > > On 2019/10/12 15:40, Greg KH wrote: > > > On Sat, Oct 12, 2019 at 02:17:26PM +0800, Yunsheng Lin wrote: > > >> add pci and acpi maintainer > > >> cc

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Sat, Oct 12, 2019 at 05:47:56PM +0800, Yunsheng Lin wrote: > On 2019/10/12 15:40, Greg KH wrote: > > On Sat, Oct 12, 2019 at 02:17:26PM +0800, Yunsheng Lin wrote: > >> add pci and acpi maintainer > >> cc linux-...@vger.kernel.org and linux-a...@vger.kernel.org > >> > >> On 2019/10/11 19:15,

Re: [PATCH v2 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

On 11.10.19 02:06, Kees Cook wrote: Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) Acked-by: Helge Deller # parisc Helge diff --git

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/12 15:40, Greg KH wrote: > On Sat, Oct 12, 2019 at 02:17:26PM +0800, Yunsheng Lin wrote: >> add pci and acpi maintainer >> cc linux-...@vger.kernel.org and linux-a...@vger.kernel.org >> >> On 2019/10/11 19:15, Peter Zijlstra wrote: >>> On Fri, Oct 11, 2019 at 11:27:54AM +0800, Yunsheng

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Sat, Oct 12, 2019 at 02:17:26PM +0800, Yunsheng Lin wrote: > add pci and acpi maintainer > cc linux-...@vger.kernel.org and linux-a...@vger.kernel.org > > On 2019/10/11 19:15, Peter Zijlstra wrote: > > On Fri, Oct 11, 2019 at 11:27:54AM +0800, Yunsheng Lin wrote: > >> But I failed to see why

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

add pci and acpi maintainer cc linux-...@vger.kernel.org and linux-a...@vger.kernel.org On 2019/10/11 19:15, Peter Zijlstra wrote: > On Fri, Oct 11, 2019 at 11:27:54AM +0800, Yunsheng Lin wrote: >> But I failed to see why the above is related to making node_to_cpumask_map() >> NUMA_NO_NODE aware?

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-12, Aleksa Sarai wrote: > On 2019-10-10, Linus Torvalds wrote: > > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > > > > > --- a/fs/namei.c > > > +++ b/fs/namei.c > > > @@ -2277,6 +2277,11 @@ static const char *path_init(struct nameidata *nd, > > > unsigned flags) > > > > >

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On 2019-10-10, Linus Torvalds wrote: > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -2277,6 +2277,11 @@ static const char *path_init(struct nameidata *nd, > > unsigned flags) > > > > nd->m_seq = read_seqbegin(_lock); > > > > +

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Fri, Oct 11, 2019 at 03:25:19AM -0500, Segher Boessenkool wrote: > On Thu, Oct 10, 2019 at 05:05:41PM -0700, Kees Cook wrote: > > The Program Header identifiers are internal to the linker scripts. In > > preparation for moving the NOTES segment declaration into RO_DATA, > > standardize the

Re: [PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

On Fri, Oct 11, 2019 at 2:07 AM Kees Cook wrote: > Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" > is a lie, since it's multiple sections and section flags cannot be > applied to the macro.) > > Signed-off-by: Kees Cook > arch/m68k/kernel/vmlinux-nommu.lds | 2 +- For

Re: [PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

On Fri, Oct 11, 2019 at 2:07 AM Kees Cook wrote: > Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, > since it's multiple sections and section flags cannot be applied to > the macro.) > > Signed-off-by: Kees Cook > arch/m68k/kernel/vmlinux-nommu.lds | 2 +- >

Re: [PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

Kees Cook writes: > In preparation for moving NOTES into RO_DATA, remove the PT_NOTE > workaround since the kernel requires at least gcc 4.6 now. > > Signed-off-by: Kees Cook > --- > arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- > 1 file changed, 2 insertions(+), 22

Re: [PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

Kees Cook writes: > In preparation for moving NOTES into RO_DATA, rename the linker script > internal identifier for the PT_LOAD Program Header from "kernel" to > "text" to match other architectures. > > Signed-off-by: Kees Cook > --- > arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- > 1

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

Kees Cook writes: > The Program Header identifiers are internal to the linker scripts. In > preparation for moving the NOTES segment declaration into RO_DATA, > standardize the identifier for the PT_NOTE entry to "note" as used by > all other architectures that emit PT_NOTE. > > Signed-off-by:

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/10 15:32, Michal Hocko wrote: > On Thu 10-10-19 14:07:21, Yunsheng Lin wrote: >> On 2019/10/9 20:25, Robin Murphy wrote: >>> On 2019-10-08 9:38 am, Yunsheng Lin wrote: On 2019/9/25 18:41, Peter Zijlstra wrote: > On Wed, Sep 25, 2019 at 05:14:20PM +0800, Yunsheng Lin wrote:

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On October 10, 2019 4:57:36 PM PDT, Kees Cook wrote: >On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote: >> On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: >> > This series works to move the linker sections for NOTES and >> > EXCEPTION_TABLE into the RO_DATA area, where

[PATCH v2 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index

[PATCH v2 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..ac99ba0864bf

[PATCH v2 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..bc6f727278fd

[PATCH v2 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 11d5115bc44d..1ec6b703c5b4

[PATCH v2 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 7 --- 1 file changed, 4 insertions(+), 3

[PATCH v2 29/29] x86: Use INT3 instead of NOP for linker fill bytes

Instead of using 0x90 (NOP) to fill bytes between functions, which makes it easier to sloppily target functions in function pointer overwrite attacks, fill with 0xCC (INT3) to force a trap. Also drop the space between "=" and the value to better match the binutils documentation

[PATCH v2 27/29] x86/mm: Report which part of kernel image is freed

The memory freeing report wasn't very useful for figuring out which parts of the kernel image were being freed. Add the details for clearer reporting in dmesg. Before: [2.150450] Freeing unused kernel image memory: 1348K [2.154574] Write protecting the kernel read-only data: 20480k [

[PATCH v2 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index

[PATCH v2 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that only needs to be readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Acked-by: Will Deacon ---

[PATCH v2 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index

[PATCH v2 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index

[PATCH v2 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da..e67ddca8b7a8

[PATCH v2 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insertions(+), 4

[PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git

[PATCH v2 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed, 7 insertions(+), 7

[PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook ---

[PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +-

[PATCH v2 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S| 12

[PATCH v2 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

Arch maintainers: please send Acks (if you haven't already) for your respective linker script changes; the intention is for this series to land via -tip. v1: https://lore.kernel.org/lkml/20190926175602.33098-1-keesc...@chromium.org v2: clean up commit messages, rename RO_EXCEPTION_TABLE (bp)

[PATCH v2 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3 +--

[PATCH v2 28/29] x86/mm: Report actual image regions in /proc/iomem

The resource reservations in /proc/iomem made for the kernel image did not reflect the gaps between text, rodata, and data. Add the "rodata" resource and update the start/end calculations to match the respective calls to free_kernel_image_pages(). Before (booted with "nokaslr" for easier

[PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file changed, 6 insertions(+), 6

[PATCH v2 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel/vmlinux.lds.S

[PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +-

[PATCH v2 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index

[PATCH v2 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3

[PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-- 1 file changed, 2

[PATCH v2 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux-xip.lds.S

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: > > This series works to move the linker sections for NOTES and > > EXCEPTION_TABLE into the RO_DATA area, where they belong on most > > (all?) architectures. The problem

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: > This series works to move the linker sections for NOTES and > EXCEPTION_TABLE into the RO_DATA area, where they belong on most > (all?) architectures. The problem being addressed was the discovery > by Rick Edgecombe that the exception

Re: [PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem

On Thu, Sep 26, 2019 at 10:56:01AM -0700, Kees Cook wrote: > The resource reservations in made for the kernel image did not reflect ^ /proc/iomem > the gaps between text, rodata, and data. This adds the rodata resource s/This adds/Add/

Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai wrote: > > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -2277,6 +2277,11 @@ static const char *path_init(struct nameidata *nd, > unsigned flags) > > nd->m_seq = read_seqbegin(_lock); > > + /* LOOKUP_IN_ROOT treats absolute paths as being

Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > Many architectures have an EXCEPTION_TABLE that needs only to be > read-only. As such, it should live in RO_DATA. This creates a macro to > identify this case for the architectures that can move EXCEPTION_TABLE > into RO_DATA. > >

Apply For Financial investment at a lower rate 2%

-- Hello, We are private lenders based in UK. Do you need a loan (credit) as soon as possible. Are you in search of money to solve your personal needs or finance your business venture, then get Your desired loan today! Consult us at Sunrise Funding Ltd. * We offer personal loan & huge capital

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Wed, Oct 09, 2019 at 01:25:14PM +0100, Robin Murphy wrote: > On 2019-10-08 9:38 am, Yunsheng Lin wrote: > > On 2019/9/25 18:41, Peter Zijlstra wrote: > > > On Wed, Sep 25, 2019 at 05:14:20PM +0800, Yunsheng Lin wrote: > > > > From the discussion above, It seems making the node_to_cpumask_map()

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Thu 10-10-19 14:07:21, Yunsheng Lin wrote: > On 2019/10/9 20:25, Robin Murphy wrote: > > On 2019-10-08 9:38 am, Yunsheng Lin wrote: > >> On 2019/9/25 18:41, Peter Zijlstra wrote: > >>> On Wed, Sep 25, 2019 at 05:14:20PM +0800, Yunsheng Lin wrote: > From the discussion above, It seems

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019/10/9 20:25, Robin Murphy wrote: > On 2019-10-08 9:38 am, Yunsheng Lin wrote: >> On 2019/9/25 18:41, Peter Zijlstra wrote: >>> On Wed, Sep 25, 2019 at 05:14:20PM +0800, Yunsheng Lin wrote: From the discussion above, It seems making the node_to_cpumask_map() NUMA_NO_NODE aware is

[PATCH v14 5/6] selftests: add openat2(2) selftests

Test all of the various openat2(2) flags. A small stress-test of a symlink-rename attack is included to show that the protections against ".."-based attacks are sufficient. The main things these self-tests are enforcing are: * The struct+usize ABI for openat2(2) and copy_struct_from_user() to

[PATCH v14 6/6] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED

Now that we have a special flag to signify magic-link jumps, mention it within the path-lookup docs. And now that "magic link" is the correct term for nd_jump_link()-style symlinks, clean up references to this type of "symlink". Signed-off-by: Aleksa Sarai ---

[PATCH v14 4/6] open: introduce openat2(2) syscall

/* Background. */ For a very long time, extending openat(2) with new features has been incredibly frustrating. This stems from the fact that openat(2) is possibly the most famous counter-example to the mantra "don't silently accept garbage from userspace" -- it doesn't check whether unknown flags

[PATCH v14 3/6] namei: permit ".." resolution with LOOKUP_{IN_ROOT,BENEATH}

This patch allows for LOOKUP_BENEATH and LOOKUP_IN_ROOT to safely permit ".." resolution (in the case of LOOKUP_BENEATH the resolution will still fail if ".." resolution would resolve a path outside of the root -- while LOOKUP_IN_ROOT will chroot(2)-style scope it). Magic-link jumps are still

[PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution

/* Background. */ Container runtimes or other administrative management processes will often interact with root filesystems while in the host mount namespace, because the cost of doing a chroot(2) on every operation is too prohibitive (especially in Go, which cannot safely use vfork). However, a

[PATCH v14 1/6] namei: O_BENEATH-style resolution restriction flags

/* Background. */ The need for some sort of control over VFS's path resolution (to avoid malicious paths resulting in inadvertent breakouts) has been a very long-standing desire of many userspace applications throughout the history of Unix. While some improvements have been made (such as

[PATCH v14 0/6] open: introduce openat2(2) syscall

This patchset is being developed here: Patch changelog: v14: * The magic-link changes (and O_EMPTYPATH) have been dropped from this series -- they will be developed and sent separately. The main reason is that we need to restrict

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On 2019-10-08 9:38 am, Yunsheng Lin wrote: On 2019/9/25 18:41, Peter Zijlstra wrote: On Wed, Sep 25, 2019 at 05:14:20PM +0800, Yunsheng Lin wrote: From the discussion above, It seems making the node_to_cpumask_map() NUMA_NO_NODE aware is the most feasible way to move forwad. That's still

RE:PERSONAL LETTER FROM MRS RASHIA AMIRA

Greetings My name is Barrister Hans Erich. I have a client who is interested to invest in your country, she is a well known politician in her country and deserve a lucrative investment partnership with you outside her country without any delay Please can you manage such investment please

Juggling Ball

Hi, We are making juggling balls. Find below link of our Google drive where you can see catalog of our juggling balls. https://drive.google.com/open?id=0B5meiXXKee54Y1RYaU9OczRlUjQ Price depend on order quantity. For quick communication you also can whatsaap 00923006122353 PS. If you are

Re: Unaligned user pointer issues..

On Sun, Oct 06, 2019 at 08:25:05PM -0700, Linus Torvalds wrote: > So Guenther Roeck reported that my fancy readdir() user access > optimization broke alpha and sparc64 boot for him. > > (It really improves things on x86 - I swear! The cost of telling the > CPU over and over again to "please allow

Re: Bug report (with fix) for DEC Tulip driver (de2104x.c)

On Wed, 18 Sep 2019, Thomas Bogendoerfer wrote: > > >> Likewise, I'm at a loss for testing with real hardware. It's hard to > > >> find such things, now. > > > How does de2104x compare to ds2142/43?  I have a c3750 with ds2142/43 > > > tulip.  Helge > > > or some others might have a machine with

Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

On Tue, Oct 01, 2019 at 10:03:56AM +0100, Will Deacon wrote: > Hi Kees, > > On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote: > > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. > > > > Signed-off-by: Kees Cook > > --- > > arch/arm64/kernel/vmlinux.lds.S | 6 -- > >

Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > Many architectures have an EXCEPTION_TABLE that needs only to be > read-only. As such, it should live in RO_DATA. This creates a macro to > identify this case for the architectures that can move EXCEPTION_TABLE > into RO_DATA. > >

Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Hi Kees, On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote: > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. > > Signed-off-by: Kees Cook > --- > arch/arm64/kernel/vmlinux.lds.S | 6 -- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git

Re: [PATCH v13 7/9] open: openat2(2) syscall

Hi Aleksa, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on linus/master] [cannot apply to v5.4-rc1 next-20191001] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system. BTW, we also suggest to use '--base' option to

Re: [PATCH v13 7/9] open: openat2(2) syscall

Hi Aleksa, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [cannot apply to v5.4-rc1 next-20190930] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system. BTW, we also suggest to use '--base' option to specify

Re: [PATCH v13 3/9] open: O_EMPTYPATH: procfs-less file descriptor re-opening

On 2019-10-01, kbuild test robot wrote: > Hi Aleksa, > > Thank you for the patch! Yet something to improve: > > [auto build test ERROR on linus/master] > [cannot apply to v5.4-rc1 next-20190930] > [if your patch is applied to the wrong git tree, please drop us a note to help > improve the

Re: [PATCH v13 3/9] open: O_EMPTYPATH: procfs-less file descriptor re-opening

Hi Aleksa, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [cannot apply to v5.4-rc1 next-20190930] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system. BTW, we also suggest to use '--base' option to specify

Re: [PATCH v13 7/9] open: openat2(2) syscall

On 2019-10-01, kbuild test robot wrote: > Hi Aleksa, > > Thank you for the patch! Yet something to improve: > > [auto build test ERROR on linus/master] > [cannot apply to v5.4-rc1 next-20190930] > [if your patch is applied to the wrong git tree, please drop us a note to help > improve the

Re: [PATCH RESEND v3 00/26] Add definition for the number of standard PCI BARs

On Sat, Sep 28, 2019 at 02:40:26AM +0300, Denis Efremov wrote: > Code that iterates over all standard PCI BARs typically uses > PCI_STD_RESOURCE_END, but this is error-prone because it requires > "i <= PCI_STD_RESOURCE_END" rather than something like > "i < PCI_STD_NUM_BARS". We could add such a

[PATCH v13 2/9] procfs: switch magic-link modes to be more sane

Now that magic-link modes are obeyed for file re-opening purposes, some of the pre-existing magic-link modes need to be adjusted to be more semantically correct. The most blatant example of this is /proc/self/exe, which had a mode of a+rwx even though tautologically the file could never be opened

[PATCH v13 8/9] selftests: add openat2(2) selftests

Test all of the various openat2(2) flags, as well as how file descriptor re-opening works. A small stress-test of a symlink-rename attack is included to show that the protections against ".."-based attacks are sufficient. In addition, the memfd selftest is fixed to no longer depend on the

[PATCH v13 5/9] namei: LOOKUP_IN_ROOT: chroot-like path resolution

The primary motivation for the need for this flag is container runtimes which have to interact with malicious root filesystems in the host namespaces. One of the first requirements for a container runtime to be secure against a malicious rootfs is that they correctly scope symlinks (that is, they

[PATCH v13 3/9] open: O_EMPTYPATH: procfs-less file descriptor re-opening

Userspace has made use of /proc/self/fd very liberally to allow for descriptors to be re-opened. There are a wide variety of uses for this feature, but it has always required constructing a pathname and could not be done without procfs mounted. The obvious solution for this is to extend openat(2)

[PATCH v13 1/9] namei: obey trailing magic-link DAC permissions

The ability for userspace to "re-open" file descriptors through /proc/self/fd has been a very useful tool for all sorts of usecases (container runtimes are one common example). However, the current interface for doing this has resulted in some pretty subtle security holes. Userspace can re-open a

<    1   2   3   4   5   6   7   8   9   10   >