1. 05 6月, 2015 1 次提交
  2. 27 4月, 2015 1 次提交
  3. 15 4月, 2015 3 次提交
    • K
      mm: split ET_DYN ASLR from mmap ASLR · d1fd836d
      Kees Cook 提交于
      This fixes the "offset2lib" weakness in ASLR for arm, arm64, mips,
      powerpc, and x86.  The problem is that if there is a leak of ASLR from
      the executable (ET_DYN), it means a leak of shared library offset as
      well (mmap), and vice versa.  Further details and a PoC of this attack
      is available here:
      
        http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
      
      With this patch, a PIE linked executable (ET_DYN) has its own ASLR
      region:
      
        $ ./show_mmaps_pie
        54859ccd6000-54859ccd7000 r-xp  ...  /tmp/show_mmaps_pie
        54859ced6000-54859ced7000 r--p  ...  /tmp/show_mmaps_pie
        54859ced7000-54859ced8000 rw-p  ...  /tmp/show_mmaps_pie
        7f75be764000-7f75be91f000 r-xp  ...  /lib/x86_64-linux-gnu/libc.so.6
        7f75be91f000-7f75beb1f000 ---p  ...  /lib/x86_64-linux-gnu/libc.so.6
        7f75beb1f000-7f75beb23000 r--p  ...  /lib/x86_64-linux-gnu/libc.so.6
        7f75beb23000-7f75beb25000 rw-p  ...  /lib/x86_64-linux-gnu/libc.so.6
        7f75beb25000-7f75beb2a000 rw-p  ...
        7f75beb2a000-7f75beb4d000 r-xp  ...  /lib64/ld-linux-x86-64.so.2
        7f75bed45000-7f75bed46000 rw-p  ...
        7f75bed46000-7f75bed47000 r-xp  ...
        7f75bed47000-7f75bed4c000 rw-p  ...
        7f75bed4c000-7f75bed4d000 r--p  ...  /lib64/ld-linux-x86-64.so.2
        7f75bed4d000-7f75bed4e000 rw-p  ...  /lib64/ld-linux-x86-64.so.2
        7f75bed4e000-7f75bed4f000 rw-p  ...
        7fffb3741000-7fffb3762000 rw-p  ...  [stack]
        7fffb377b000-7fffb377d000 r--p  ...  [vvar]
        7fffb377d000-7fffb377f000 r-xp  ...  [vdso]
      
      The change is to add a call the newly created arch_mmap_rnd() into the
      ELF loader for handling ET_DYN ASLR in a separate region from mmap ASLR,
      as was already done on s390.  Removes CONFIG_BINFMT_ELF_RANDOMIZE_PIE,
      which is no longer needed.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Reported-by: NHector Marco-Gisbert <hecmargi@upv.es>
      Cc: Russell King <linux@arm.linux.org.uk>
      Reviewed-by: NIngo Molnar <mingo@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: "David A. Long" <dave.long@linaro.org>
      Cc: Andrey Ryabinin <a.ryabinin@samsung.com>
      Cc: Arun Chandran <achandran@mvista.com>
      Cc: Yann Droneaud <ydroneaud@opteya.com>
      Cc: Min-Hua Chen <orca.chen@gmail.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Alex Smith <alex@alex-smith.me.uk>
      Cc: Markos Chandras <markos.chandras@imgtec.com>
      Cc: Vineeth Vijayan <vvijayan@mvista.com>
      Cc: Jeff Bailey <jeffbailey@google.com>
      Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
      Cc: Ben Hutchings <ben@decadent.org.uk>
      Cc: Behan Webster <behanw@converseincode.com>
      Cc: Ismael Ripoll <iripoll@upv.es>
      Cc: Jan-Simon Mller <dl9pf@gmx.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d1fd836d
    • K
      mm: expose arch_mmap_rnd when available · 2b68f6ca
      Kees Cook 提交于
      When an architecture fully supports randomizing the ELF load location,
      a per-arch mmap_rnd() function is used to find a randomized mmap base.
      In preparation for randomizing the location of ET_DYN binaries
      separately from mmap, this renames and exports these functions as
      arch_mmap_rnd(). Additionally introduces CONFIG_ARCH_HAS_ELF_RANDOMIZE
      for describing this feature on architectures that support it
      (which is a superset of ARCH_BINFMT_ELF_RANDOMIZE_PIE, since s390
      already supports a separated ET_DYN ASLR from mmap ASLR without the
      ARCH_BINFMT_ELF_RANDOMIZE_PIE logic).
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Cc: Hector Marco-Gisbert <hecmargi@upv.es>
      Cc: Russell King <linux@arm.linux.org.uk>
      Reviewed-by: NIngo Molnar <mingo@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: "David A. Long" <dave.long@linaro.org>
      Cc: Andrey Ryabinin <a.ryabinin@samsung.com>
      Cc: Arun Chandran <achandran@mvista.com>
      Cc: Yann Droneaud <ydroneaud@opteya.com>
      Cc: Min-Hua Chen <orca.chen@gmail.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Alex Smith <alex@alex-smith.me.uk>
      Cc: Markos Chandras <markos.chandras@imgtec.com>
      Cc: Vineeth Vijayan <vvijayan@mvista.com>
      Cc: Jeff Bailey <jeffbailey@google.com>
      Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
      Cc: Ben Hutchings <ben@decadent.org.uk>
      Cc: Behan Webster <behanw@converseincode.com>
      Cc: Ismael Ripoll <iripoll@upv.es>
      Cc: Jan-Simon Mller <dl9pf@gmx.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2b68f6ca
    • K
      arm64: expose number of page table levels on Kconfig level · 9f25e6ad
      Kirill A. Shutemov 提交于
      We would want to use number of page table level to define mm_struct.
      Let's expose it as CONFIG_PGTABLE_LEVELS.
      
      ARM64_PGTABLE_LEVELS is renamed to PGTABLE_LEVELS and defined before
      sourcing init/Kconfig: arch/Kconfig will define default value and it's
      sourced from init/Kconfig.
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: NCatalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Tested-by: NGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9f25e6ad
  4. 01 4月, 2015 1 次提交
  5. 26 3月, 2015 3 次提交
  6. 20 3月, 2015 1 次提交
  7. 19 3月, 2015 1 次提交
  8. 18 3月, 2015 1 次提交
  9. 12 3月, 2015 3 次提交
  10. 06 3月, 2015 1 次提交
  11. 30 1月, 2015 1 次提交
    • P
      arm64: Kconfig: clean up two no-op Kconfig options from CONFIG_ARCH_TEGRA* · 0d2fdcd7
      Paul Walmsley 提交于
      Paul Bolle pointed out that commit
      d035fdfa ("arm64: Add Tegra132
      support") included two Kconfig symbols that are now no-ops:
      USB_ARCH_HAS_EHCI and HAVE_SMP.  So, drop the two symbols.
      
      This second version corrects a thinko in Paul Bolle's E-mail address.
      Signed-off-by: NPaul Walmsley <paul@pwsan.com>
      Cc: Paul Walmsley <pwalmsley@nvidia.com>
      Cc: Allen Martin <amartin@nvidia.com>
      Cc: Thierry Reding <treding@nvidia.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Paul Bolle <pebolle@tiscali.nl>
      Signed-off-by: NOlof Johansson <olof@lixom.net>
      0d2fdcd7
  12. 28 1月, 2015 2 次提交
  13. 27 1月, 2015 1 次提交
    • L
      arm64: kernel: remove ARM64_CPU_SUSPEND config option · af3cfdbf
      Lorenzo Pieralisi 提交于
      ARM64_CPU_SUSPEND config option was introduced to make code providing
      context save/restore selectable only on platforms requiring power
      management capabilities.
      
      Currently ARM64_CPU_SUSPEND depends on the PM_SLEEP config option which
      in turn is set by the SUSPEND config option.
      
      The introduction of CPU_IDLE for arm64 requires that code configured
      by ARM64_CPU_SUSPEND (context save/restore) should be compiled in
      in order to enable the CPU idle driver to rely on CPU operations
      carrying out context save/restore.
      
      The ARM64_CPUIDLE config option (ARM64 generic idle driver) is therefore
      forced to select ARM64_CPU_SUSPEND, even if there may be (ie PM_SLEEP)
      failed dependencies, which is not a clean way of handling the kernel
      configuration option.
      
      For these reasons, this patch removes the ARM64_CPU_SUSPEND config option
      and makes the context save/restore dependent on CPU_PM, which is selected
      whenever either SUSPEND or CPU_IDLE are configured, cleaning up dependencies
      in the process.
      
      This way, code previously configured through ARM64_CPU_SUSPEND is
      compiled in whenever a power management subsystem requires it to be
      present in the kernel (SUSPEND || CPU_IDLE), which is the behaviour
      expected on ARM64 kernels.
      
      The cpu_suspend and cpu_init_idle CPU operations are added only if
      CPU_IDLE is selected, since they are CPU_IDLE specific methods and
      should be grouped and defined accordingly.
      
      PSCI CPU operations are updated to reflect the introduced changes.
      Signed-off-by: NLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Krzysztof Kozlowski <k.kozlowski@samsung.com>
      Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
      af3cfdbf
  14. 26 1月, 2015 1 次提交
  15. 24 1月, 2015 1 次提交
    • S
      arm64: Emulate SETEND for AArch32 tasks · 2d888f48
      Suzuki K. Poulose 提交于
      Emulate deprecated 'setend' instruction for AArch32 bit tasks.
      
      	setend [le/be] - Sets the endianness of EL0
      
      On systems with CPUs which support mixed endian at EL0, the hardware
      support for the instruction can be enabled by setting the SCTLR_EL1.SED
      bit. Like the other emulated instructions it is controlled by an entry in
      /proc/sys/abi/. For more information see :
      	Documentation/arm64/legacy_instructions.txt
      
      The instruction is emulated by setting/clearing the SPSR_EL1.E bit, which
      will be reflected in the PSTATE.E in AArch32 context.
      
      This patch also restores the native endianness for the execution of signal
      handlers, since the process could have changed the endianness.
      
      Note: All CPUs on the system must have mixed endian support at EL0. Once the
      handler is registered, hotplugging a CPU which doesn't support mixed endian,
      could lead to unexpected results/behavior in applications.
      Signed-off-by: NSuzuki K. Poulose <suzuki.poulose@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Punit Agrawal <punit.agrawal@arm.com>
      Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
      2d888f48
  16. 23 1月, 2015 1 次提交
    • P
      arm64: Add Tegra132 support · d035fdfa
      Paul Walmsley 提交于
      Add basic Kbuild support for the Tegra SoC family, and specifically,
      the Tegra132 SoC.  Tegra132 pairs the NVIDIA Denver CPU complex with
      the SoC integration of Tegra124 - hence the use of ARCH_TEGRA and the
      Tegra124 pinctrl option.
      
      This patch was based on a patch originally written by Allen Martin
      <amartin@nvidia.com>.
      Signed-off-by: NPaul Walmsley <paul@pwsan.com>
      Cc: Paul Walmsley <pwalmsley@nvidia.com>
      Cc: Allen Martin <amartin@nvidia.com>
      Cc: Thierry Reding <treding@nvidia.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: NThierry Reding <treding@nvidia.com>
      d035fdfa
  17. 19 1月, 2015 1 次提交
  18. 23 12月, 2014 1 次提交
  19. 22 12月, 2014 1 次提交
  20. 14 12月, 2014 1 次提交
  21. 28 11月, 2014 2 次提交
  22. 26 11月, 2014 3 次提交
  23. 25 11月, 2014 1 次提交
    • A
      arm64: protect alternatives workarounds with Kconfig options · c0a01b84
      Andre Przywara 提交于
      Not all of the errata we have workarounds for apply necessarily to all
      SoCs, so people compiling a kernel for one very specific SoC may not
      need to patch the kernel.
      Introduce a new submenu in the "Platform selection" menu to allow
      people to turn off certain bugs if they are not affected. By default
      all of them are enabled.
      Normal users or distribution kernels shouldn't bother to deselect any
      bugs here, since the alternatives framework will take care of
      patching them in only if needed.
      Signed-off-by: NAndre Przywara <andre.przywara@arm.com>
      [will: moved kconfig menu under `Kernel Features']
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      c0a01b84
  24. 21 11月, 2014 4 次提交
    • W
      arm64: kconfig: move emulation option under kernel features · 1b907f46
      Will Deacon 提交于
      Having the instruction emulation submenu underneath "platform selection"
      is a great way to hide options we don't want people to use, but somewhat
      confusing when you stumble across it there.
      
      Move the menuconfig option underneath "kernel features", where it makes
      a bit more sense.
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      1b907f46
    • P
      arm64: Emulate CP15 Barrier instructions · c852f320
      Punit Agrawal 提交于
      The CP15 barrier instructions (CP15ISB, CP15DSB and CP15DMB) are
      deprecated in the ARMv7 architecture, superseded by ISB, DSB and DMB
      instructions respectively. Some implementations may provide the
      ability to disable the CP15 barriers by disabling the CP15BEN bit in
      SCTLR_EL1. If not enabled, the encodings for these instructions become
      undefined.
      
      To support legacy software using these instructions, this patch
      register hooks to -
      * emulate CP15 barriers and warn the user about their use
      * toggle CP15BEN in SCTLR_EL1
      Signed-off-by: NPunit Agrawal <punit.agrawal@arm.com>
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      c852f320
    • P
      arm64: Port SWP/SWPB emulation support from arm · bd35a4ad
      Punit Agrawal 提交于
      The SWP instruction was deprecated in the ARMv6 architecture. The
      ARMv7 multiprocessing extensions mandate that SWP/SWPB instructions
      are treated as undefined from reset, with the ability to enable them
      through the System Control Register SW bit. With ARMv8, the option to
      enable these instructions through System Control Register was dropped
      as well.
      
      To support legacy applications using these instructions, port the
      emulation of the SWP and SWPB instructions from the arm port to arm64.
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NPunit Agrawal <punit.agrawal@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      bd35a4ad
    • P
      arm64: Add framework for legacy instruction emulation · 587064b6
      Punit Agrawal 提交于
      Typically, providing support for legacy instructions requires
      emulating the behaviour of instructions whose encodings have become
      undefined. If the instructions haven't been removed from the
      architecture, there maybe an option in the implementation to turn
      on/off the support for these instructions.
      
      Create common infrastructure to support legacy instruction
      emulation. In addition to emulation, also provide an option to support
      hardware execution when supported. The default execution mode (one of
      undef, emulate, hw exeuction) is dependent on the state of the
      instruction (deprecated or obsolete) in the architecture and
      can specified at the time of registering the instruction handlers. The
      runtime state of the emulation can be controlled by writing to
      individual nodes in sysctl. The expected default behaviour is
      documented as part of this patch.
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NPunit Agrawal <punit.agrawal@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      587064b6
  25. 19 11月, 2014 1 次提交
    • A
      ARM64: use GENERIC_PCI_IOMAP · cb61f676
      Arnd Bergmann 提交于
      Patch 09a57239 ("arm64: Use include/asm-generic/io.h") correctly
      removed the GENERIC_IOMAP selection from ARM64, which is not needed
      on architectures that have memory-mapped PCI I/O space, however
      we now lack a pci_iomap() function.
      
      Fortunately, there is already a generic implementation for this
      case, so we just need to select GENERIC_PCI_IOMAP to make it all
      work.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: 09a57239 ("arm64: Use include/asm-generic/io.h")
      cb61f676
  26. 10 11月, 2014 1 次提交
  27. 07 11月, 2014 1 次提交
    • S
      arm64: xchg: Implement cmpxchg_double · 5284e1b4
      Steve Capper 提交于
      The arm64 architecture has the ability to exclusively load and store
      a pair of registers from an address (ldxp/stxp). Also the SLUB can take
      advantage of a cmpxchg_double implementation to avoid taking some
      locks.
      
      This patch provides an implementation of cmpxchg_double for 64-bit
      pairs, and activates the logic required for the SLUB to use these
      functions (HAVE_ALIGNED_STRUCT_PAGE and HAVE_CMPXCHG_DOUBLE).
      
      Also definitions of this_cpu_cmpxchg_8 and this_cpu_cmpxchg_double_8
      are wired up to cmpxchg_local and cmpxchg_double_local (rather than the
      stock implementations that perform non-atomic operations with
      interrupts disabled) as they are used by the SLUB.
      
      On a Juno platform running on only the A57s I get quite a noticeable
      performance improvement with 5 runs of hackbench on v3.17:
      
               Baseline | With Patch
       -----------------+-----------
       Mean    119.2312 | 106.1782
       StdDev    0.4919 |   0.4494
      
      (times taken to complete `./hackbench 100 process 1000', in seconds)
      Signed-off-by: NSteve Capper <steve.capper@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      5284e1b4