1. 03 4月, 2020 1 次提交
    • M
      asm-generic: make more kernel-space headers mandatory · 630f289b
      Masahiro Yamada 提交于
      Change a header to mandatory-y if both of the following are met:
      
      [1] At least one architecture (except um) specifies it as generic-y in
          arch/*/include/asm/Kbuild
      
      [2] Every architecture (except um) either has its own implementation
          (arch/*/include/asm/*.h) or specifies it as generic-y in
          arch/*/include/asm/Kbuild
      
      This commit was generated by the following shell script.
      
      ----------------------------------->8-----------------------------------
      
      arches=$(cd arch; ls -1 | sed -e '/Kconfig/d' -e '/um/d')
      
      tmpfile=$(mktemp)
      
      grep "^mandatory-y +=" include/asm-generic/Kbuild > $tmpfile
      
      find arch -path 'arch/*/include/asm/Kbuild' |
      	xargs sed -n 's/^generic-y += \(.*\)/\1/p' | sort -u |
      while read header
      do
      	mandatory=yes
      
      	for arch in $arches
      	do
      		if ! grep -q "generic-y += $header" arch/$arch/include/asm/Kbuild &&
      			! [ -f arch/$arch/include/asm/$header ]; then
      			mandatory=no
      			break
      		fi
      	done
      
      	if [ "$mandatory" = yes ]; then
      		echo "mandatory-y += $header" >> $tmpfile
      
      		for arch in $arches
      		do
      			sed -i "/generic-y += $header/d" arch/$arch/include/asm/Kbuild
      		done
      	fi
      
      done
      
      sed -i '/^mandatory-y +=/d' include/asm-generic/Kbuild
      
      LANG=C sort $tmpfile >> include/asm-generic/Kbuild
      
      ----------------------------------->8-----------------------------------
      
      One obvious benefit is the diff stat:
      
       25 files changed, 52 insertions(+), 557 deletions(-)
      
      It is tedious to list generic-y for each arch that needs it.
      
      So, mandatory-y works like a fallback default (by just wrapping
      asm-generic one) when arch does not have a specific header
      implementation.
      
      See the following commits:
      
      def3f7ce
      a1b39bae
      
      It is tedious to convert headers one by one, so I processed by a shell
      script.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Cc: Michal Simek <michal.simek@xilinx.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Link: http://lkml.kernel.org/r/20200210175452.5030-1-masahiroy@kernel.orgSigned-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      630f289b
  2. 28 3月, 2020 2 次提交
  3. 26 3月, 2020 1 次提交
    • J
      s390/qdio: extend polling support to multiple queues · 0a6e6345
      Julian Wiedmann 提交于
      When the support for polling drivers was initially added, it only
      considered Input Queue 0. But as QDIO interrupts are actually for the
      full device and not a single queue, this doesn't really fit for
      configurations where multiple Input Queues are used.
      
      Rework the qdio code so that interrupts for a polling driver are not
      split up into actions for each queue. Instead deliver the interrupt as
      a single event, and let the driver decide which queue needs what action.
      
      When re-enabling the QDIO interrupt via qdio_start_irq(), this means
      that the qdio code needs to
      (1) put _all_ eligible queues back into a state where they raise IRQs,
      (2) and afterwards check _all_ eligible queues for new work to bridge
          the race window.
      
      On the qeth side of things (as the only qdio polling driver), we can now
      add CQ polling support to the main NAPI poll routine. It doesn't consume
      NAPI budget, and to avoid hogging the CPU we yield control after
      completing one full queue worth of buffers.
      The subsequent qdio_start_irq() will check for any additional work, and
      have us re-schedule the NAPI instance accordingly.
      Signed-off-by: NJulian Wiedmann <jwi@linux.ibm.com>
      Acked-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0a6e6345
  4. 11 3月, 2020 1 次提交
  5. 04 3月, 2020 2 次提交
    • N
      s390/pci: Fix unexpected write combine on resource · df057c91
      Niklas Schnelle 提交于
      In the initial MIO support introduced in
      
      commit 71ba41c9 ("s390/pci: provide support for MIO instructions")
      
      zpci_map_resource() and zpci_setup_resources() default to using the
      mio_wb address as the resource's start address. This means users of the
      mapping, which includes most drivers, will get write combining on PCI
      Stores. This may lead to problems when drivers expect write through
      behavior when not using an explicit ioremap_wc().
      
      Cc: stable@vger.kernel.org
      Fixes: 71ba41c9 ("s390/pci: provide support for MIO instructions")
      Signed-off-by: NNiklas Schnelle <schnelle@linux.ibm.com>
      Reviewed-by: NPierre Morel <pmorel@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      df057c91
    • G
      s390/mm: fix panic in gup_fast on large pud · 582b4e55
      Gerald Schaefer 提交于
      On s390 there currently is no implementation of pud_write(). That was ok
      as long as we had our own implementation of get_user_pages_fast() which
      checked for pud protection by testing the bit directly w/o using
      pud_write(). The other callers of pud_write() are not reachable on s390.
      
      After commit 1a42010c ("s390/mm: convert to the generic
      get_user_pages_fast code") we use the generic get_user_pages_fast(), which
      does call pud_write() in pud_access_permitted() for FOLL_WRITE access on
      a large pud. Without an s390 specific pud_write(), the generic version is
      called, which contains a BUG() statement to remind us that we don't have a
      proper implementation. This results in a kernel panic.
      
      Fix this by providing an implementation of pud_write().
      
      Cc: <stable@vger.kernel.org> # 5.2+
      Fixes: 1a42010c ("s390/mm: convert to the generic get_user_pages_fast code")
      Signed-off-by: NGerald Schaefer <gerald.schaefer@de.ibm.com>
      Reviewed-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      582b4e55
  6. 20 2月, 2020 2 次提交
  7. 19 2月, 2020 1 次提交
  8. 18 2月, 2020 4 次提交
  9. 12 2月, 2020 2 次提交
  10. 08 2月, 2020 2 次提交
  11. 04 2月, 2020 5 次提交
  12. 01 2月, 2020 3 次提交
  13. 31 1月, 2020 4 次提交
  14. 30 1月, 2020 7 次提交
    • H
      s390/pkey/zcrypt: Support EP11 AES secure keys · 55d0a513
      Harald Freudenberger 提交于
      Extend the low level ep11 misc functions implementation by
      several functions to support EP11 key objects for paes and pkey:
      - EP11 AES secure key generation
      - EP11 AES secure key generation from given clear key value
      - EP11 AES secure key blob check
      - findcard function returns list of apqns based on given criterias
      - EP11 AES secure key derive to CPACF protected key
      
      Extend the pkey module to be able to generate and handle EP11
      secure keys and also use them as base for deriving protected
      keys for CPACF usage. These ioctls are extended to support
      EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
      PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.
      
      Additionally the 'clear key' token to protected key now uses
      an EP11 card if the other ways (via PCKMO, via CCA) fail.
      
      The PAES cipher implementation needed a new upper limit for
      the max key size, but is now also working with EP11 keys.
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      55d0a513
    • H
      s390/zcrypt: ep11 structs rework, export zcrypt_send_ep11_cprb · a7367997
      Harald Freudenberger 提交于
      Minor rework for struct ep11_cprb and struct ep11_urb. Use of u8, u16,
      u32 instead of unsigned char. Declare pointers to mem from userspace
      with __user to give sparse a chance to check.
      
      Export zcrypt_send_ep11_cprb() function as this function will be
      called by code in progress which will build ep11 cprbs within the
      zcrypt device driver zoo and send them to EP11 crypto cards.
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      a7367997
    • H
      s390/zcrypt: enable card/domain autoselect on ep11 cprbs · 8f291ebf
      Harald Freudenberger 提交于
      For EP11 CPRBs there was only to choose between specify
      one or more ep11 targets or not give a target at all. Without
      any target the zcrypt code assumed AUTOSELECT. For EP11 this
      ended up in choosing any EP11 APQN with regards to the weight.
      
      However, CCA CPRBs can have a more fine granular target
      addressing. The caller can give 0xFFFF as AUTOSELECT for
      the card and/or the domain. So it's possible to address
      any card but domain given or any domain but card given.
      
      This patch now introduces the very same for EP11 CPRB handling.
      An EP11 target entry now may contain 0xFFFF as card and/or
      domain value with the meaning of ANY card or domain. So
      now the same behavior as with CCA CPRBs becomes possible:
      Address any card with given domain or address any domain within
      given card.
      
      For convenience the zcrypt.h header file now has two new
      defines AUTOSEL_AP and AUTOSEL_DOM covering the 0xFFFF
      value to address card any and domain any.
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      8f291ebf
    • H
      s390/crypto: enable clear key values for paes ciphers · 7f820d05
      Harald Freudenberger 提交于
      With this patch the paes ciphers do accept AES clear key values of
      size 16, 24 or 32 byte. The key value is internal rearranged to form a
      paes clear key token so that the pkey kernel module recognizes and
      handles this key material as source for protected keys.
      
      Using clear key material as a source for protected keys is a security
      risc as the raw key material is kept in memory. However, so the AES
      selftests provided with the testmanager can be run during registration
      of the paes ciphers.
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      7f820d05
    • H
      s390/crypto: Rework on paes implementation · 6f3196b7
      Harald Freudenberger 提交于
      There have been some findings during Eric Biggers rework of the
      paes implementation which this patch tries to address:
      
      A very minor finding within paes ctr where when the cpacf instruction
      returns with only partially data en/decrytped the walk_done() was
      mistakenly done with the all data counter.  Please note this can only
      happen when the kmctr returns because the protected key became invalid
      in the middle of the operation. And this is only with suspend and
      resume on a system with different effective wrapping key.
      
      Eric Biggers mentioned that the context struct within the tfm struct
      may be shared among multiple kernel threads. So here now a rework
      which uses a spinlock per context to protect the read and write of the
      protected key blob value. The en/decrypt functions copy the protected
      key(s) at the beginning into a param struct and do not work with the
      protected key within the context any more. If the protected key in the
      param struct becomes invalid, the key material is again converted to
      protected key(s) and the context gets this update protected by the
      spinlock. Race conditions are still possible and may result in writing
      the very same protected key value more than once. So the spinlock
      needs to make sure the protected key(s) within the context are
      consistent updated.
      
      The ctr page is now locked by a mutex instead of a spinlock. A similar
      patch went into the aes_s390 code as a result of a complain "sleeping
      function called from invalid context at ...algapi.h". See
      commit 1c2c7029 ("s390/crypto: fix possible sleep during spinlock
      aquired")' for more.
      
      During testing with instrumented code another issue with the xts
      en/decrypt function revealed. The retry cleared the running iv value
      and thus let to wrong en/decrypted data.
      
      Tested and verified with additional testcases via AF_ALG interface and
      additional selftests within the kernel (which will be made available
      as soon as possible).
      Reported-by: NEric Biggers <ebiggers@kernel.org>
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      6f3196b7
    • S
      s390: support KPROBES_ON_FTRACE · 657480d9
      Sven Schnelle 提交于
      Instead of using our own kprobes-on-ftrace handling convert the
      code to support KPROBES_ON_FTRACE.
      Signed-off-by: NSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      657480d9
    • G
      s390/mm: fix dynamic pagetable upgrade for hugetlbfs · 5f490a52
      Gerald Schaefer 提交于
      Commit ee71d16d ("s390/mm: make TASK_SIZE independent from the number
      of page table levels") changed the logic of TASK_SIZE and also removed the
      arch_mmap_check() implementation for s390. This combination has a subtle
      effect on how get_unmapped_area() for hugetlbfs pages works. It is now
      possible that a user process establishes a hugetlbfs mapping at an address
      above 4 TB, without triggering a dynamic pagetable upgrade from 3 to 4
      levels.
      
      This is because hugetlbfs mappings will not use mm->get_unmapped_area, but
      rather file->f_op->get_unmapped_area, which currently is the generic
      implementation of hugetlb_get_unmapped_area() that does not know about s390
      dynamic pagetable upgrades, but with the new definition of TASK_SIZE, it
      will now allow mappings above 4 TB.
      
      Subsequent access to such a mapped address above 4 TB will result in a page
      fault loop, because the CPU cannot translate such a large address with 3
      pagetable levels. The fault handler will try to map in a hugepage at the
      address, but due to the folded pagetable logic it will end up with creating
      entries in the 3 level pagetable, possibly overwriting existing mappings,
      and then it all repeats when the access is retried.
      
      Apart from the page fault loop, this can have various nasty effects, e.g.
      kernel panic from one of the BUG_ON() checks in memory management code,
      or even data loss if an existing mapping gets overwritten.
      
      Fix this by implementing HAVE_ARCH_HUGETLB_UNMAPPED_AREA support for s390,
      providing an s390 version for hugetlb_get_unmapped_area() with pagetable
      upgrade support similar to arch_get_unmapped_area(), which will then be
      used instead of the generic version.
      
      Fixes: ee71d16d ("s390/mm: make TASK_SIZE independent from the number of page table levels")
      Cc: <stable@vger.kernel.org> # 4.12+
      Signed-off-by: NGerald Schaefer <gerald.schaefer@de.ibm.com>
      Signed-off-by: NVasily Gorbik <gor@linux.ibm.com>
      5f490a52
  15. 28 1月, 2020 3 次提交