1. 26 8月, 2016 7 次提交
    • M
      arm64: always enable DEBUG_RODATA and remove the Kconfig option · 40982fd6
      Mark Rutland 提交于
      Follow the example set by x86 in commit 9ccaf77c ("x86/mm:
      Always enable CONFIG_DEBUG_RODATA and remove the Kconfig option"), and
      make these protections a fundamental security feature rather than an
      opt-in. This also results in a minor code simplification.
      
      For those rare cases when users wish to disable this protection (e.g.
      for debugging), this can be done by passing 'rodata=off' on the command
      line.
      
      As DEBUG_RODATA_ALIGN is only intended to address a performance/memory
      tradeoff, and does not affect correctness, this is left user-selectable.
      DEBUG_MODULE_RONX is also left user-selectable until the core code
      provides a boot-time option to disable the protection for debugging
      use-cases.
      
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: NKees Cook <keescook@chromium.org>
      Acked-by: NLaura Abbott <labbott@redhat.com>
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      40982fd6
    • A
      arm64: mark reserved memblock regions explicitly in iomem · e7cd1903
      AKASHI Takahiro 提交于
      Kdump(kexec-tools) parses /proc/iomem to identify all the memory regions
      on the system. Since the current kernel names "nomap" regions, like UEFI
      runtime services code/data, as "System RAM," kexec-tools sets up elf core
      header to include them in a crash dump file (/proc/vmcore).
      
      Then crash dump kernel parses UEFI memory map again, re-marks those regions
      as "nomap" and does not create a memory mapping for them unlike the other
      areas of System RAM. In this case, copying /proc/vmcore through
      copy_oldmem_page() on crash dump kernel will end up with a kernel abort,
      as reported in [1].
      
      This patch names all the "nomap" regions explicitly as "reserved" so that
      we can exclude them from a crash dump file. acpi_os_ioremap() must also
      be modified because those regions have WB attributes [2].
      
      Apart from kdump, this change also matches x86's use of acpi (and
      /proc/iomem).
      
      [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2016-August/448186.html
      [2] http://lists.infradead.org/pipermail/linux-arm-kernel/2016-August/450089.htmlReviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Tested-by: NJames Morse <james.morse@arm.com>
      Reviewed-by: NJames Morse <james.morse@arm.com>
      Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      e7cd1903
    • J
      arm64: hibernate: Support DEBUG_PAGEALLOC · 5ebe3a44
      James Morse 提交于
      DEBUG_PAGEALLOC removes the valid bit of page table entries to prevent
      any access to unallocated memory. Hibernate uses this as a hint that those
      pages don't need to be saved/restored. This patch adds the
      kernel_page_present() function it uses.
      
      hibernate.c copies the resume kernel's linear map for use during restore.
      Add _copy_pte() to fill-in the holes made by DEBUG_PAGEALLOC in the resume
      kernel, so we can restore data the original kernel had at these addresses.
      
      Finally, DEBUG_PAGEALLOC means the linear-map alias of KERNEL_START to
      KERNEL_END may have holes in it, so we can't lazily clean this whole
      area to the PoC. Only clean the new mmuoff region, and the kernel/kvm
      idmaps.
      
      This reverts commit da24eb1f.
      Reported-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NJames Morse <james.morse@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      5ebe3a44
    • J
      arm64: vmlinux.ld: Add mmuoff data sections and move mmuoff text into idmap · b6113038
      James Morse 提交于
      Resume from hibernate needs to clean any text executed by the kernel with
      the MMU off to the PoC. Collect these functions together into the
      .idmap.text section as all this code is tightly coupled and also needs
      the same cleaning after resume.
      
      Data is more complicated, secondary_holding_pen_release is written with
      the MMU on, clean and invalidated, then read with the MMU off. In contrast
      __boot_cpu_mode is written with the MMU off, the corresponding cache line
      is invalidated, so when we read it with the MMU on we don't get stale data.
      These cache maintenance operations conflict with each other if the values
      are within a Cache Writeback Granule (CWG) of each other.
      Collect the data into two sections .mmuoff.data.read and .mmuoff.data.write,
      the linker script ensures mmuoff.data.write section is aligned to the
      architectural maximum CWG of 2KB.
      Signed-off-by: NJames Morse <james.morse@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      b6113038
    • J
      arm64: Create sections.h · ee78fdc7
      James Morse 提交于
      Each time new section markers are added, kernel/vmlinux.ld.S is updated,
      and new extern char __start_foo[] definitions are scattered through the
      tree.
      
      Create asm/include/sections.h to collect these definitions (and include
      the existing asm-generic version).
      Signed-off-by: NJames Morse <james.morse@arm.com>
      Reviewed-by: NMark Rutland <mark.rutland@arm.com>
      Tested-by: NMark Rutland <mark.rutland@arm.com>
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      ee78fdc7
    • C
      arm64: Introduce execute-only page access permissions · cab15ce6
      Catalin Marinas 提交于
      The ARMv8 architecture allows execute-only user permissions by clearing
      the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU
      implementation without User Access Override (ARMv8.2 onwards) can still
      access such page, so execute-only page permission does not protect
      against read(2)/write(2) etc. accesses. Systems requiring such
      protection must enable features like SECCOMP.
      
      This patch changes the arm64 __P100 and __S100 protection_map[] macros
      to the new __PAGE_EXECONLY attributes. A side effect is that
      pte_user() no longer triggers for __PAGE_EXECONLY since PTE_USER isn't
      set. To work around this, the check is done on the PTE_NG bit via the
      pte_ng() macro. VM_READ is also checked now for page faults.
      Reviewed-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      cab15ce6
    • P
      arm64: kprobe: Always clear pstate.D in breakpoint exception handler · 7419333f
      Pratyush Anand 提交于
      Whenever we are hitting a kprobe from a none-kprobe debug exception handler,
      we hit an infinite occurrences of "Unexpected kernel single-step exception
      at EL1"
      
      PSTATE.D is debug exception mask bit. It is set whenever we enter into an
      exception mode. When it is set then Watchpoint, Breakpoint, and Software
      Step exceptions are masked. However, software Breakpoint Instruction
      exceptions can never be masked. Therefore, if we ever execute a BRK
      instruction, irrespective of D-bit setting, we will be receiving a
      corresponding breakpoint exception.
      
      For example:
      
      - We are executing kprobe pre/post handler, and kprobe has been inserted in
        one of the instruction of a function called by handler. So, it executes
        BRK instruction and we land into the case of KPROBE_REENTER. (This case is
        already handled by current code)
      
      - We are executing uprobe handler or any other BRK handler such as in
        WARN_ON (BRK BUG_BRK_IMM), and we trace that path using kprobe.So, we
        enter into kprobe breakpoint handler,from another BRK handler.(This case
        is not being handled currently)
      
      In all such cases kprobe breakpoint exception will be raised when we were
      already in debug exception mode. SPSR's D bit (bit 9) shows the value of
      PSTATE.D immediately before the exception was taken. So, in above example
      cases we would find it set in kprobe breakpoint handler.  Single step
      exception will always be followed by a kprobe breakpoint exception.However,
      it will only be raised gracefully if we clear D bit while returning from
      breakpoint exception.  If D bit is set then, it results into undefined
      exception and when it's handler enables dbg then single step exception is
      generated, however it will never be handled(because address does not match
      and therefore treated as unexpected).
      
      This patch clears D-flag unconditionally in setup_singlestep, so that we can
      always get single step exception correctly after returning from breakpoint
      exception. Additionally, it also removes D-flag set statement for
      KPROBE_REENTER return path, because debug exception for KPROBE_REENTER will
      always take place in a debug exception state. So, D-flag will already be set
      in this case.
      Acked-by: NSandeepa Prabhu <sandeepa.s.prabhu@gmail.com>
      Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: NPratyush Anand <panand@redhat.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      7419333f
  2. 22 8月, 2016 13 次提交
  3. 20 8月, 2016 8 次提交
    • H
      parisc: Fix order of EREFUSED define in errno.h · 3eb53b20
      Helge Deller 提交于
      When building gccgo in userspace, errno.h gets parsed and the go include file
      sysinfo.go is generated.
      
      Since EREFUSED is defined to the same value as ECONNREFUSED, and ECONNREFUSED
      is defined later on in errno.h, this leads to go complaining that EREFUSED
      isn't defined yet.
      
      Fix this trivial problem by moving the define of EREFUSED down after
      ECONNREFUSED in errno.h (and clean up the indenting while touching this line).
      Signed-off-by: NHelge Deller <deller@gmx.de>
      Cc: stable@vger.kernel.org
      3eb53b20
    • H
      parisc: Fix automatic selection of cr16 clocksource · ae141830
      Helge Deller 提交于
      Commit 54b66800 (parisc: Add native high-resolution sched_clock()
      implementation) added support to use the CPU-internal cr16 counters as reliable
      clocksource with the help of HAVE_UNSTABLE_SCHED_CLOCK.
      
      Sadly the commit missed to remove the hack which prevented cr16 to become the
      default clocksource even on SMP systems.
      Signed-off-by: NHelge Deller <deller@gmx.de>
      Cc: stable@vger.kernel.org # 4.7+
      ae141830
    • L
      Make the hardened user-copy code depend on having a hardened allocator · 6040e576
      Linus Torvalds 提交于
      The kernel test robot reported a usercopy failure in the new hardened
      sanity checks, due to a page-crossing copy of the FPU state into the
      task structure.
      
      This happened because the kernel test robot was testing with SLOB, which
      doesn't actually do the required book-keeping for slab allocations, and
      as a result the hardening code didn't realize that the task struct
      allocation was one single allocation - and the sanity checks fail.
      
      Since SLOB doesn't even claim to support hardening (and you really
      shouldn't use it), the straightforward solution is to just make the
      usercopy hardening code depend on the allocator supporting it.
      Reported-by: Nkernel test robot <xiaolong.ye@intel.com>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6040e576
    • L
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 8cc9dddd
      Linus Torvalds 提交于
      Pull i2c fixes from Wolfram Sang:
       "I2C has some pretty standard driver bugfixes and one minor cleanup"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: meson: Use complete() instead of complete_all()
        i2c: brcmstb: Use complete() instead of complete_all()
        i2c: bcm-kona: Use complete() instead of complete_all()
        i2c: bcm-iproc: Use complete() instead of complete_all()
        i2c: at91: fix support of the "alternative command" feature
        i2c: ocores: add missed clk_disable_unprepare() on failure paths
        i2c: cros-ec-tunnel: Fix usage of cros_ec_cmd_xfer()
        i2c: mux: demux-pinctrl: properly roll back when adding adapter fails
      8cc9dddd
    • L
      Merge tag 'dm-4.8-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm · 43f4d36c
      Linus Torvalds 提交于
      Pull device mapper fixes from Mike Snitzer:
      
       - a stable fix for DM round robin multipath path selector to disable
         preemption before using this_cpu_ptr()
      
       - a slight increase in DM crypt's mempool reserves to make swap ontop
         of DM crypt more performant
      
       - a few DM raid fixes to issues found while testing changes that were
         merged in v4.8-rc1
      
      * tag 'dm-4.8-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm raid: support raid0 with missing metadata devices
        dm raid: enhance attempt_restore_of_faulty_devices() to support more devices
        dm raid: fix restoring of failed devices regression
        dm raid: fix frozen recovery regression
        dm crypt: increase mempool reserve to better support swapping
        dm round robin: do not use this_cpu_ptr() without having preemption disabled
      43f4d36c
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · b2848792
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "Six fairly small fixes.  The ipr, mpt3sas and ses ones all trigger
        oopses.  The megaraid one fixes an attach failure on io mapped only
        cards, the fcoe one is an obvious problem in the error path and the
        aacraid one is a theoretical security issue (ability to trick the
        kernel into a buffer overrun)"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        ses: Fix racy cleanup of /sys in remove_dev()
        mpt3sas: Fix resume on WarpDrive flash cards
        ipr: Fix sync scsi scan
        megaraid_sas: Fix probing cards without io port
        aacraid: Check size values after double-fetch from user
        fcoe: Use kfree_skb() instead of kfree()
      b2848792
    • L
      Merge tag 'usb-4.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 080ebb15
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here are a number of USB fixes for reported issues for your tree.
      
        The normal amount of gadget fixes, xhci fixes, new device ids, and a
        few other minor things.  All of them have been in linux-next for a
        while, the full details are in the shortlog below"
      
      * tag 'usb-4.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (43 commits)
        xhci: don't dereference a xhci member after removing xhci
        usb: xhci: Fix panic if disconnect
        xhci: really enqueue zero length TRBs.
        xhci: always handle "Command Ring Stopped" events
        cdc-acm: fix wrong pipe type on rx interrupt xfers
        usb: misc: usbtest: add fix for driver hang
        usb: dwc3: gadget: stop processing on HWO set
        usb: dwc3: don't set last bit for ISOC endpoints
        usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
        usb: udc: core: fix error handling
        usb: gadget: fsl_qe_udc: off by one in setup_received_handle()
        usb/gadget: fix gadgetfs aio support.
        usb: gadget: composite: Fix return value in case of error
        usb: gadget: uvc: Fix return value in case of error
        usb: gadget: fix check in sync read from ep in gadgetfs
        usb: misc: usbtest: usbtest_do_ioctl may return positive integer
        usb: dwc3: fix missing platform_set_drvdata() in dwc3_of_simple_probe()
        usb: phy: omap-otg: Fix missing platform_set_drvdata() in omap_otg_probe()
        usb: gadget: configfs: add mutex lock before unregister gadget
        usb: gadget: u_ether: fix dereference after null check coverify warning
        ...
      080ebb15
    • L
      Merge tag 'xfs-iomap-for-linus-4.8-rc3' of... · a8414fa3
      Linus Torvalds 提交于
      Merge tag 'xfs-iomap-for-linus-4.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs
      
      Pull xfs and iomap fixes from Dave Chinner:
       "Changes in this update:
      
        Regression fixes for XFS changes introduce in 4.8-rc1:
         - buffer IO accounting assert failure
         - ENOSPC block accounting reservation issue
         - DAX IO path page cache invalidation fix
         - rmapbt on-disk block count in agf
         - correct classification of rmap block type when updating AGFL.
         - iomap support for attribute fork mapping
      
        Regression fixes for iomap infrastructure in 4.8-rc1:
         - fiemap: honor FIEMAP_FLAG_SYNC
         - fiemap: implement FIEMAP_FLAG_XATTR support to fix XFS regression
         - make mark_page_accessed and pagefault_disable usage consistent with
           other IO paths"
      
      * tag 'xfs-iomap-for-linus-4.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs:
        xfs: remove OWN_AG rmap when allocating a block from the AGFL
        xfs: (re-)implement FIEMAP_FLAG_XATTR
        xfs: simplify xfs_file_iomap_begin
        iomap: mark ->iomap_end as optional
        iomap: prepare iomap_fiemap for attribute mappings
        iomap: fiemap should honor the FIEMAP_FLAG_SYNC flag
        iomap: remove superflous pagefault_disable from iomap_write_actor
        iomap: remove superflous mark_page_accessed from iomap_write_actor
        xfs: store rmapbt block count in the AGF
        xfs: don't invalidate whole file on DAX read/write
        xfs: fix bogus space reservation in xfs_iomap_write_allocate
        xfs: don't assert fail on non-async buffers on ioacct decrement
      a8414fa3
  4. 19 8月, 2016 12 次提交