Rework calibrate function to use common function. Derive the offset from
a missing hardcoded slope table and the data from the nvmem calib
efuses.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens-8960.c | 56 +--
1 file changed, 15 insertions(+), 41
It's present a hardware bug in tsens VER_0 where if sensors upper to id
6 are enabled selectively, underfined results are expected. Fix this by
enabling all the remaining sensor in one step.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens-8960.c | 19 +--
1 file
Document the use of bindings used for msm8960 tsens based devices.
msm8960 use the same gcc regs and is set as a child of the qcom gcc.
Signed-off-by: Ansuel Smith
---
.../bindings/thermal/qcom-tsens.yaml | 56 ---
1 file changed, 48 insertions(+), 8 deletions(-)
diff
Add support for tsens present in ipq806x SoCs based on generic msm8960
tsens driver.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/thermal/qcom/tsens.c b/drivers/thermal/qcom/tsens.c
index 842f518fdf84..e14b90ddd0f9
Function compute_intercept_slope hardcode the sensor slope to
SLOPE_DEFAULT. Change this and use the default value only if a slope is
not defined. This is needed for tsens VER_0 that has a hardcoded slope
table.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens.c | 3 ++-
1 file
VER_0 is used to describe device based on tsens version before v0.1.
These device are devices based on msm8960 for example apq8064 or
ipq806x.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens.c | 175 +--
drivers/thermal/qcom/tsens.h | 4 +-
2 files
This patchset convert msm8960 to reg_filed, use int_common instead
of a custom function and fix wrong tsens get_temp function for msm8960.
Ipq8064 SoCs tsens driver is based on 8960 tsens driver. Ipq8064 needs
to be registered as a gcc child as the tsens regs on this platform are
shared with the
Use init_common and drop custom init for msm8960.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens-8960.c | 52 +--
1 file changed, 1 insertion(+), 51 deletions(-)
diff --git a/drivers/thermal/qcom/tsens-8960.c
b/drivers/thermal/qcom/tsens-8960.c
index
Convert msm9860 driver to reg_field to use the init_common
function.
Signed-off-by: Ansuel Smith
---
drivers/thermal/qcom/tsens-8960.c | 80 ++-
1 file changed, 79 insertions(+), 1 deletion(-)
diff --git a/drivers/thermal/qcom/tsens-8960.c
On Feb 17, 2021, at 1:08 AM, Amir Goldstein wrote:
>
> You are missing my point.
> Never mind which server. The server does not *need* to rely on
> vfs_copy_file_range() to copy files from XFS to ext4.
> The server is very capable of implementing the fallback generic copy
> in case source/target
On 2/2/2021 8:23 AM, Bjorn Andersson wrote:
> On Thu 28 Jan 22:46 CST 2021, Wesley Cheng wrote:
>
>> In order to take advantage of the TX fifo resizing logic, manually add
>> these properties to the DWC3 child node by default. This will allow
>> the DWC3 gadget to resize the TX fifos for the
On (21/02/17 13:15), Enrico Weigelt, metux IT consult wrote:
> Under rare circumstances it may happen that a device node's name is NULL
> (most likely kernel bug in some other place). In such situations anything
> but helpful, if the debug printout crashes, and nobody knows what actually
>
Alexander Lobakin wrote:
> From: Xuan Zhuo
>
> This patch is used to construct skb based on page to save memory copy
> overhead.
>
> This function is implemented based on IFF_TX_SKB_NO_LINEAR. Only the
> network card priv_flags supports IFF_TX_SKB_NO_LINEAR will use page to
> directly construct
--
Hello
I am Mr. Azizi Ouadarago, a banker by profession from Burkina Faso. I
have a very confidential business proposition involving transfer of $
18,500,000.00 United State Dollars that will be of great benefit to both of
us. Contact me via my private email below for more details.
Best
syzbot has bisected this issue to:
commit dcd479e10a0510522a5d88b29b8f79ea3467d501
Author: Johannes Berg
Date: Fri Oct 9 12:17:11 2020 +
mac80211: always wind down STA state
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=169ceb24d0
start commit: f40ddce8 Linux
Hi Arnaldo,
On 2/1/2021 6:27 AM, Jiri Olsa wrote:
On Thu, Jan 28, 2021 at 09:34:17AM +0800, Jin Yao wrote:
Uncore becomes die-scope on Xeon Cascade Lake-AP and perf has supported
--per-die aggregation yet.
One issue is found in check_per_pkg() for uncore events running on
AP system. On
Hi "Ronald,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on input/next]
[also build test ERROR on v5.11 next-20210217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
Hi Linus,
Please pull the following KUnit update for Linux 5.12-rc1.
This KUnit update for Linux 5.12-rc1 consists of consists of:
-- support for filtering test suites using glob from Daniel Latypov.
"kunit_filter.glob" command line option is passed to the UML
kernel, which currently
On 2/12/2021 12:22 AM, Liang, Kan wrote:
On 2/11/2021 6:40 AM, Jiri Olsa wrote:
On Mon, Feb 08, 2021 at 07:24:57AM -0800, kan.li...@linux.intel.com wrote:
SNIP
Jin Yao (24):
perf jevents: Support unit value "cpu_core" and "cpu_atom"
perf util: Save pmu name to struct
On Fri, Feb 12, 2021 at 04:35:16PM +, Michael Kelley wrote:
> From: Melanie Plageman Sent: Thursday, February
> 11, 2021 3:18 PM
> >
> > Add ability to set the number of hardware queues with new module parameter,
> > storvsc_max_hw_queues. The default value remains the number of CPUs. This
On Tue, Feb 16, 2021 at 12:31 PM Geert Uytterhoeven
wrote:
>
> Hi Saravana,
>
> On Tue, Feb 16, 2021 at 7:49 PM Saravana Kannan wrote:
> > On Tue, Feb 16, 2021 at 12:05 AM Geert Uytterhoeven
> > wrote:
> > > On Mon, Feb 15, 2021 at 10:27 PM Saravana Kannan
> > > wrote:
> > > > On Mon, Feb 15,
There's no point in adding a device to the deferred probe list if we
know for sure that it doesn't have a matching driver. So, check if a
device can match with a driver before adding it to the deferred probe
list.
Signed-off-by: Saravana Kannan
---
Geert,
Can you give this a shot for your I2C
On Fri, Feb 12, 2021 at 02:04:44PM +1100, Stephen Rothwell wrote:
> Hi Ira,
>
> On Thu, 11 Feb 2021 17:07:41 -0800 Ira Weiny wrote:
> >
> > On Fri, Feb 12, 2021 at 10:38:10AM +1100, Stephen Rothwell wrote:
> > > from the fscache tree and commit:
> > >
> > > 325a835476e3 ("iov_iter: Remove
Quoting Kuogee Hsieh (2021-02-17 15:20:31)
> Add hbr3_hbr2 voltage and premphasis swing table to support
> HBR3 link rate.
>
> Signed-off-by: Kuogee Hsieh
> ---
> drivers/phy/qualcomm/phy-qcom-qmp.c | 23 +--
> 1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git
On 2021-02-11 23:09, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > > > I personally would notify once per transaction. This is easy and quick.
> >
> > This was the goal. iptables was atomic. nftables appears to no longer
> > be so. If I have this wrong, please show how that works.
>
Hi Linus,
Please pull the following Kselftest update for Linux 5.12-rc1.
This Kselftest update for Linux 5.12-rc1 consists of:
- dmabuf-heaps test fixes and cleanups from John Stultz.
- seccomp test fix to accept any valid fd in user_notification_addfd.
- Minor fixes to breakpoints and vDSO
On Sun, Feb 14, 2021 at 09:48:53AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:23 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/hddl_device/Kconfig
> > b/drivers/misc/hddl_device/Kconfig
> > index e1ae81fdf177..7f9a6a685275 100644
> > --- a/drivers/misc/hddl_device/Kconfig
> > +++
On Tue, Feb 16, 2021 at 2:30 AM Jianlin Lv wrote:
>
> Perf failed to add kretprobe event with debuginfo of vmlinux which is
> compiled by gcc with -fpatchable-function-entry option enabled.
> The same issue with kernel module.
>
> Issue:
>
> # perf probe -v 'kernel_clone%return $retval'
>
On Wed, Feb 17, 2021 at 6:18 PM Jason A. Donenfeld wrote:
>
> On 2/18/21, Willem de Bruijn wrote:
> > On Wed, Feb 17, 2021 at 5:56 PM Jason A. Donenfeld wrote:
> >>
> >> Hi Willem,
> >>
> >> On Wed, Feb 17, 2021 at 11:27 PM Willem de Bruijn
> >> wrote:
> >> > A vmlinux image might help. I
On Sun, Feb 14, 2021 at 09:47:51AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:23 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/hddl_device/Kconfig
> > b/drivers/misc/hddl_device/Kconfig
> > new file mode 100644
> > index ..e1ae81fdf177
> > --- /dev/null
> > +++
On Sun, Feb 14, 2021 at 09:42:22AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:23 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/intel_tsens/Kconfig
> > b/drivers/misc/intel_tsens/Kconfig
> > index be8d27e81864..5cfe6b4004e5 100644
> > --- a/drivers/misc/intel_tsens/Kconfig
> > +++
On Sun, Feb 14, 2021 at 09:41:26AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:22 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/intel_tsens/Kconfig
> > b/drivers/misc/intel_tsens/Kconfig
> > index 8b263fdd80c3..be8d27e81864 100644
> > --- a/drivers/misc/intel_tsens/Kconfig
> > +++
This is the last missing piece of the COW-during-fork effort when there're
pinned pages found. One can reference 70e806e4e645 ("mm: Do early cow for
pinned pages during fork() for ptes", 2020-09-27) for more information, since
we do similar things here rather than pte this time, but just for
v5:
- patch 4: change "int cow" into "bool cow"
- collect r-bs for Jason
v4:
- add r-b for Mike on the last patch, add some more commit message explains
that why we don't need wr-protect trick
- fix one warning of unused var in copy_present_page() [Gal]
v3:
- rebase to linux-next/akpm, switch
We've got quite a few places (pte, pmd, pud) that explicitly checked against
whether we should break the cow right now during fork(). It's easier to
provide a helper, especially before we work the same thing on hugetlbfs.
Since we'll reference is_cow_mapping() in mm.h, move it there too.
After is_cow_mapping() is exported in mm.h, replace some manual checks
elsewhere throughout the tree but start to use the new helper.
Cc: VMware Graphics
Cc: Roland Scheidegger
Cc: David Airlie
Cc: Daniel Vetter
Cc: Mike Kravetz
Cc: Alexey Dobriyan
Cc: Andrew Morton
Reviewed-by: Jason
Introduce hugetlb_resv_map_add() helper to add a new file_region rather than
duplication the similar code twice in add_reservation_in_range().
Reviewed-by: Mike Kravetz
Reviewed-by: Miaohe Lin
Signed-off-by: Peter Xu
---
mm/hugetlb.c | 51 +++
1
All the regions maintained in hugetlb reserved map is inclusive on "from" but
exclusive on "to". We can break earlier even if rg->from==t because it already
means no possible intersection.
This does not need a Fixes in all cases because when it happens (rg->from==t)
we'll not break out of the
On Sun, Feb 14, 2021 at 09:45:56AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:22 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/intel_tsens/Kconfig
> > b/drivers/misc/intel_tsens/Kconfig
> > index bfb8fe1997f4..8b263fdd80c3 100644
> > --- a/drivers/misc/intel_tsens/Kconfig
> > +++
From: Vasanth Sent: Wednesday, February 17, 2021 6:22 AM
>
> Signed-off-by: Vasanth Mathivanan
> ---
> drivers/hv/channel.c| 2 +-
> drivers/hv/connection.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
> index
On Sun, Feb 14, 2021 at 09:44:53AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:22 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/intel_tsens/Kconfig
> > b/drivers/misc/intel_tsens/Kconfig
> > new file mode 100644
> > index ..bfb8fe1997f4
> > --- /dev/null
> > +++
On Sun, Feb 14, 2021 at 09:39:55AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:22 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/vpumgr/Kconfig b/drivers/misc/vpumgr/Kconfig
> > new file mode 100644
> > index ..bb82ff83afd3
> > --- /dev/null
> > +++
On Sun, Feb 14, 2021 at 09:52:51AM -0800, Randy Dunlap wrote:
> On 2/12/21 2:22 PM, mgr...@linux.intel.com wrote:
> > diff --git a/drivers/misc/xlink-core/Kconfig
> > b/drivers/misc/xlink-core/Kconfig
> > new file mode 100644
> > index ..a0ceb0b48219
> > --- /dev/null
> > +++
On Tue, Feb 02, 2021 at 11:03:32AM +0100, Geert Uytterhoeven wrote:
> Kmemleak reports:
>
> unreferenced object 0xc328de40 (size 64):
> comm "kworker/1:1", pid 21, jiffies 4294938212 (age 1484.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 e0 d8 fc eb 00 00
Add hbr3_hbr2 voltage and premphasis swing table to support
HBR3 link rate.
Signed-off-by: Kuogee Hsieh
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp.c
On 2/18/21, Willem de Bruijn wrote:
> On Wed, Feb 17, 2021 at 5:56 PM Jason A. Donenfeld wrote:
>>
>> Hi Willem,
>>
>> On Wed, Feb 17, 2021 at 11:27 PM Willem de Bruijn
>> wrote:
>> > A vmlinux image might help. I couldn't find one for this kernel.
>>
>>
Drop limit link rate at HBR2 to support link rate
upto HBR3.
Signed-off-by: Kuogee Hsieh
---
drivers/gpu/drm/msm/dp/dp_panel.c | 4
1 file changed, 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_panel.c
b/drivers/gpu/drm/msm/dp/dp_panel.c
index 9cc8166..63112fa 100644
---
On Wed, 17 Feb 2021 22:30:14 +0100 Arnd Bergmann wrote:
> On Wed, Feb 17, 2021 at 9:20 PM Min Li wrote:
> > I attached the G.8273.2 document, where chapter 6 is about supporting
> > physical layer
> > frequency. And combo mode is Renesas way to support this requirement. Other
> > companies
> >
On Wed, Feb 17, 2021 at 5:56 PM Jason A. Donenfeld wrote:
>
> Hi Willem,
>
> On Wed, Feb 17, 2021 at 11:27 PM Willem de Bruijn
> wrote:
> > A vmlinux image might help. I couldn't find one for this kernel.
>
> https://data.zx2c4.com/icmp_send-crash-e03b4a42-706a-43bf-bc40-1f15966b3216.tar.xz
>
On Thursday, 11 February 2021 6:55:10 PM AEDT Christoph Hellwig wrote:
> On Wed, Feb 10, 2021 at 01:59:13PM -0400, Jason Gunthorpe wrote:
> > Really what you want to do here is leave the CPU page in the VMA and
> > the page tables where it started and deny CPU access to the page. Then
> > all the
Hi Willem,
On Wed, Feb 17, 2021 at 11:27 PM Willem de Bruijn
wrote:
> A vmlinux image might help. I couldn't find one for this kernel.
https://data.zx2c4.com/icmp_send-crash-e03b4a42-706a-43bf-bc40-1f15966b3216.tar.xz
has .debs with vmlinuz in there, which you can extract to vmlinux, as
well as
On Wed, Feb 17, 2021 at 10:34:39PM +, David Howells wrote:
> Matthew Wilcox wrote:
>
> > We're defeating the ondemand_readahead() algorithm here. Let's suppose
> > userspace is doing 64kB reads, the filesystem is OrangeFS which only
> > wants to do 4MB reads, the page cache is initially
On Fri, Feb 12, 2021, Sean Christopherson wrote:
> Paolo, this is more or less ready, but on final read-through before
> sending I realized it would be a good idea to WARN during VM destruction
> if cpu_dirty_logging_count is non-zero. I wanted to get you this before
> the 5.12 window opens in
On Wed, Feb 17, 2021 at 09:03:05AM +0100, Benjamin Gaignard wrote:
> The introduction on HEVC decoder lead to update the bindings
> to support it.
>
> Signed-off-by: Benjamin Gaignard
> Signed-off-by: Ezequiel Garcia
> Signed-off-by: Adrian Ratiu
> ---
> .../bindings/media/nxp,imx8mq-vpu.yaml
On Feb 17, 2021, at 9:08 AM, Theodore Ts'o wrote:
>
> On Tue, Feb 16, 2021 at 08:01:11PM -0800, Daniel Rosenberg wrote:
>> I'm not sure what the conflict is, at least format-wise. Naturally,
>> there would need to be some work to reconcile the two patches, but my
>> patch only alters the format
On 2/13/21 5:58 AM, Greg Kroah-Hartman wrote:
On Fri, Feb 12, 2021 at 09:17:13AM -0700, Shuah Khan wrote:
On 2/11/21 8:01 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.10.16 release.
There are 54 patches in this series, all will be posted as a response
to
> -Original Message-
> From: Finn Thain [mailto:fth...@telegraphics.com.au]
> Sent: Sunday, February 14, 2021 6:11 PM
> To: Song Bao Hua (Barry Song)
> Cc: Arnd Bergmann ; t...@linutronix.de;
> gre...@linuxfoundation.org; a...@arndb.de; ge...@linux-m68k.org;
> fun...@jurai.org;
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Wed, 17 Feb 2021 17:57:05 +0800 you wrote:
> This patch populates the PCI bus info in the ethtool driver query data.
>
> Users will be able to view PCI bus info using 'ethtool -i '.
>
> Signed-off-by: Wong Vee Khee
>
From: "H.J. Lu"
When Indirect Branch Tracking (IBT) is enabled, vDSO functions may be
called indirectly, and must have ENDBR32 or ENDBR64 as the first
instruction. The compiler must support -fcf-protection=branch so that it
can be used to compile vDSO.
Signed-off-by: H.J. Lu
Signed-off-by:
From: "H.J. Lu"
Add ENDBR32 to __kernel_vsyscall entry point.
Signed-off-by: H.J. Lu
Signed-off-by: Yu-cheng Yu
Acked-by: Andy Lutomirski
Reviewed-by: Kees Cook
---
arch/x86/entry/vdso/vdso32/system_call.S | 3 +++
1 file changed, 3 insertions(+)
diff --git
Matthew Wilcox wrote:
> We're defeating the ondemand_readahead() algorithm here. Let's suppose
> userspace is doing 64kB reads, the filesystem is OrangeFS which only
> wants to do 4MB reads, the page cache is initially empty and there's
> only one thread doing a sequential read.
Hi Dmitry,
On Wed, Feb 17, 2021 at 01:06:27PM -0800, Dmitry Torokhov wrote:
> On Wed, Feb 17, 2021 at 12:52:57PM -0800, Life is hard, and then you die
> wrote:
> >
> > On Wed, Feb 17, 2021 at 12:26:18PM -0800, Dmitry Torokhov wrote:
> > >
> > > On Wed, Feb 17, 2021 at 11:07:18AM -0800,
From: Bjorn Andersson
Enable the mpss remoteproc node and specify the firmware-name for this
and the wcnss remoteproc on the Dragonboard 410c.
Link:
https://lore.kernel.org/r/20200108055735.660475-1-bjorn.anders...@linaro.org
Signed-off-by: Bjorn Andersson
[rebased and moved to use pronto
When an indirect CALL/JMP instruction is executed and before it reaches
the target, it is in 'WAIT_ENDBR' status, which can be read from
MSR_IA32_U_CET. The status is part of a task's status before a signal is
raised and preserved in the signal frame. It is restored for sigreturn.
IBT state
An ELF file's .note.gnu.property indicates features the file supports.
The property is parsed at loading time and passed to arch_setup_elf_
property(). Update it for Indirect Branch Tracking.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/kernel/process_64.c | 8
1
From: "H.J. Lu"
Update ARCH_X86_CET_STATUS and ARCH_X86_CET_DISABLE for Indirect Branch
Tracking.
Signed-off-by: H.J. Lu
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/kernel/cet_prctl.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/x86/kernel/cet_prctl.c
There are three possible options to create a shadow stack allocation API:
an arch_prctl, a new syscall, or adding PROT_SHSTK to mmap()/mprotect().
Each has its advantages and compromises.
An arch_prctl() is the least intrusive. However, the existing x86
arch_prctl() takes only two parameters.
The kernel allocates (and frees on thread exit) a new shadow stack for a
pthread child.
It is possible for the kernel to complete the clone syscall and set the
child's shadow stack pointer to NULL and let the child thread allocate
a shadow stack for itself. There are two issues in
To prepare changes to arch_calc_vm_prot_bits() in the next patch, and be
consistent with other architectures, move arch_vm_get_page_prot() and
arch_calc_vm_prot_bits() to arch/x86/include/asm/mman.h.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/include/asm/mman.h | 30
arch_prctl(ARCH_X86_CET_STATUS, u64 *args)
Get CET feature status.
The parameter 'args' is a pointer to a user buffer. The kernel returns
the following information:
*args = shadow stack/IBT status
*(args + 1) = shadow stack base address
*(args + 2) = shadow stack size
An ELF file's .note.gnu.property indicates arch features supported by the
file. These features are extracted by arch_parse_elf_property() and stored
in 'arch_elf_state'.
Introduce x86 feature definitions and arch_setup_elf_property(), which
enables such features. The first use-case of this
Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].
This is the second part of CET and enables Indirect Branch Tracking (IBT).
It is built on top
Indirect branch tracking is a hardware security feature that verifies near
indirect call/jump instructions arrive at intended targets, which are
labeled by the compiler with ENDBR opcodes. If such instructions reach
unlabeled locations, the processor raises control-protection faults.
Check the
Introduce user-mode Indirect Branch Tracking (IBT) support. Add routines
for the setup/disable of IBT.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/include/asm/cet.h | 3 +++
arch/x86/kernel/cet.c | 33 +
2 files changed, 36
Account shadow stack pages to stack memory.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/mm/pgtable.c | 7 +++
include/linux/pgtable.h | 11 +++
mm/mmap.c | 5 +
3 files changed, 23 insertions(+)
diff --git a/arch/x86/mm/pgtable.c
Introduce basic shadow stack enabling/disabling/allocation routines.
A task's shadow stack is allocated from memory with VM_SHSTK flag and has
a fixed size of min(RLIMIT_STACK, 4GB).
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/include/asm/cet.h | 28 ++
There was no more caller passing vm_flags to do_mmap(), and vm_flags was
removed from the function's input by:
commit 45e55300f114 ("mm: remove unnecessary wrapper function
do_mmap_pgoff()").
There is a new user now. Shadow stack allocation passes VM_SHSTK to
do_mmap(). Re-introduce
Can_follow_write_pte() ensures a read-only page is COWed by checking the
FOLL_COW flag, and uses pte_dirty() to validate the flag is still valid.
Like a writable data page, a shadow stack page is writable, and becomes
read-only during copy-on-write, but it is always dirty. Thus, in the
To deliver a signal, create a shadow stack restore token and put the token
and the signal restorer address on the shadow stack. For sigreturn, verify
the token and restore from it the shadow stack pointer.
A shadow stack restore token marks a restore point of the shadow stack, and
the address in
On Tue, Feb 16 2021 at 09:44 -0800, Asutosh Das wrote:
On Sat, Feb 13 2021 at 13:37 -0800, Avri Altman wrote:
+ } else {
Is it possible to get here?
Scsi_scan_host is called only after successful add_wluns
It looks so.
scsi 0:0:0:49488: Link setup for lun - ufshcd_setup_links
[...]
A shadow stack PTE must be read-only and have _PAGE_DIRTY set. However,
read-only and Dirty PTEs also exist for copy-on-write (COW) pages. These
two cases are handled differently for page faults. Introduce VM_SHSTK to
track shadow stack VMAs.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
When serving a page fault, maybe_mkwrite() makes a PTE writable if its vma
has VM_WRITE.
A shadow stack vma has VM_SHSTK. Its PTEs have _PAGE_DIRTY, but not
_PAGE_WRITE. In fork(), _PAGE_DIRTY is cleared to effect copy-on-write,
and in page fault, _PAGE_DIRTY is restored and the shadow stack
INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the
first and the last elements in the range, effectively touches those memory
areas.
The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and
255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from PAGE_SIZE.
Thus,
Shadow stack accesses are those that are performed by the CPU where it
expects to encounter a shadow stack mapping. These accesses are performed
implicitly by CALL/RET at the site of the shadow stack pointer. These
accesses are made explicitly by shadow stack management instructions like
WRUSSQ.
When serving a page fault, maybe_mkwrite() makes a PTE writable if it is in
a writable vma. A shadow stack vma is writable, but its PTEs need
_PAGE_DIRTY to be set to become writable. For this reason, maybe_mkwrite()
has been updated.
There are a few places that call pte_mkwrite() directly, but
The read-only and Dirty PTE has been used to indicate copy-on-write pages.
However, newer x86 processors also regard a read-only and Dirty PTE as a
shadow stack page. In order to separate the two, the software-defined
_PAGE_COW is created to replace _PAGE_DIRTY for the copy-on-write case, and
After the introduction of _PAGE_COW, a modified page's PTE can have either
_PAGE_DIRTY or _PAGE_COW. Change _PAGE_DIRTY to _PAGE_DIRTY_BITS.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
Cc: David Airlie
Cc: Joonas Lahtinen
Cc: Jani Nikula
Cc: Daniel Vetter
Cc: Rodrigo Vivi
Cc: Zhenyu
When Shadow Stack is introduced, [R/O + _PAGE_DIRTY] PTE is reserved for
shadow stack. Copy-on-write PTEs have [R/O + _PAGE_COW].
When a PTE goes from [R/W + _PAGE_DIRTY] to [R/O + _PAGE_COW], it could
become a transient shadow stack PTE in two cases:
The first case is that some processors can
The x86 family of processors do not directly create read-only and Dirty
PTEs. These PTEs are created by software. One such case is that kernel
read-only pages are historically setup as Dirty.
New processors that support Shadow Stack regard read-only and Dirty PTEs as
shadow stack pages. This
A control-protection fault is triggered when a control-flow transfer
attempt violates Shadow Stack or Indirect Branch Tracking constraints.
For example, the return address for a RET instruction differs from the copy
on the shadow stack; or an indirect JMP instruction, without the NOTRACK
prefix,
There is essentially no room left in the x86 hardware PTEs on some OSes
(not Linux). That left the hardware architects looking for a way to
represent a new memory type (shadow stack) within the existing bits.
They chose to repurpose a lightly-used state: Write=0, Dirty=1.
The reason it's lightly
Shadow Stack provides protection against function return address
corruption. It is active when the processor supports it, the kernel has
CONFIG_X86_CET enabled, and the application is built for the feature.
This is only implemented for the 64-bit kernel. When it is enabled, legacy
non-Shadow
Introduce a software-defined X86_FEATURE_CET, which indicates either Shadow
Stack or Indirect Branch Tracking (or both) is present. Also introduce
related cpu init/setup functions.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/include/asm/cpufeatures.h | 2 +-
Control-flow Enforcement Technology (CET) introduces these MSRs:
MSR_IA32_U_CET (user-mode CET settings),
MSR_IA32_PL3_SSP (user-mode shadow stack pointer),
MSR_IA32_PL0_SSP (kernel-mode shadow stack pointer),
MSR_IA32_PL1_SSP (Privilege Level 1 shadow stack pointer),
Add CPU feature flags for Control-flow Enforcement Technology (CET).
CPUID.(EAX=7,ECX=0):ECX[bit 7] Shadow stack
CPUID.(EAX=7,ECX=0):EDX[bit 20] Indirect Branch Tracking
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
arch/x86/include/asm/cpufeatures.h | 2 ++
Explain no_user_shstk/no_user_ibt kernel parameters, and introduce a new
document on Control-flow Enforcement Technology (CET).
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
.../admin-guide/kernel-parameters.txt | 6 +
Documentation/x86/index.rst | 1 +
Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].
CET can protect applications and the kernel. This series enables only
application-level
[+cc Krzysztof, since he commented on a previous version]
[+cc Lukas, who previously proposed exactly what I suggest below,
sorry for repeating. I think Lukas was right to propose passing in
the vendor ID because it makes it easier to read the caller.]
When you post new versions of a series,
On Wed, Feb 17, 2021 at 1:12 PM Jason A. Donenfeld wrote:
>
> Hi Netdev & Willem,
>
> I've received a report of stack corruption -- via the stack protector
> check -- in icmp_send. I was sent a vmcore, and was able to extract
> the OOPS from there. However, I've been unable to produce the bug and
Mike Marshall wrote:
> Matthew has looked at how I'm fumbling about
> trying to deal with Orangefs's need for much larger
> than page-sized IO...
>
> I think I need to implement orangefs_readahead
> and from there fire off an asynchronous read
> and while that's going I'll call readahead_page
>
201 - 300 of 1042 matches
Mail list logo