1. 06 5月, 2021 1 次提交
    • A
      userfaultfd: add minor fault registration mode · 7677f7fd
      Axel Rasmussen 提交于
      Patch series "userfaultfd: add minor fault handling", v9.
      
      Overview
      ========
      
      This series adds a new userfaultfd feature, UFFD_FEATURE_MINOR_HUGETLBFS.
      When enabled (via the UFFDIO_API ioctl), this feature means that any
      hugetlbfs VMAs registered with UFFDIO_REGISTER_MODE_MISSING will *also*
      get events for "minor" faults.  By "minor" fault, I mean the following
      situation:
      
      Let there exist two mappings (i.e., VMAs) to the same page(s) (shared
      memory).  One of the mappings is registered with userfaultfd (in minor
      mode), and the other is not.  Via the non-UFFD mapping, the underlying
      pages have already been allocated & filled with some contents.  The UFFD
      mapping has not yet been faulted in; when it is touched for the first
      time, this results in what I'm calling a "minor" fault.  As a concrete
      example, when working with hugetlbfs, we have huge_pte_none(), but
      find_lock_page() finds an existing page.
      
      We also add a new ioctl to resolve such faults: UFFDIO_CONTINUE.  The idea
      is, userspace resolves the fault by either a) doing nothing if the
      contents are already correct, or b) updating the underlying contents using
      the second, non-UFFD mapping (via memcpy/memset or similar, or something
      fancier like RDMA, or etc...).  In either case, userspace issues
      UFFDIO_CONTINUE to tell the kernel "I have ensured the page contents are
      correct, carry on setting up the mapping".
      
      Use Case
      ========
      
      Consider the use case of VM live migration (e.g. under QEMU/KVM):
      
      1. While a VM is still running, we copy the contents of its memory to a
         target machine. The pages are populated on the target by writing to the
         non-UFFD mapping, using the setup described above. The VM is still running
         (and therefore its memory is likely changing), so this may be repeated
         several times, until we decide the target is "up to date enough".
      
      2. We pause the VM on the source, and start executing on the target machine.
         During this gap, the VM's user(s) will *see* a pause, so it is desirable to
         minimize this window.
      
      3. Between the last time any page was copied from the source to the target, and
         when the VM was paused, the contents of that page may have changed - and
         therefore the copy we have on the target machine is out of date. Although we
         can keep track of which pages are out of date, for VMs with large amounts of
         memory, it is "slow" to transfer this information to the target machine. We
         want to resume execution before such a transfer would complete.
      
      4. So, the guest begins executing on the target machine. The first time it
         touches its memory (via the UFFD-registered mapping), userspace wants to
         intercept this fault. Userspace checks whether or not the page is up to date,
         and if not, copies the updated page from the source machine, via the non-UFFD
         mapping. Finally, whether a copy was performed or not, userspace issues a
         UFFDIO_CONTINUE ioctl to tell the kernel "I have ensured the page contents
         are correct, carry on setting up the mapping".
      
      We don't have to do all of the final updates on-demand. The userfaultfd manager
      can, in the background, also copy over updated pages once it receives the map of
      which pages are up-to-date or not.
      
      Interaction with Existing APIs
      ==============================
      
      Because this is a feature, a registered VMA could potentially receive both
      missing and minor faults.  I spent some time thinking through how the
      existing API interacts with the new feature:
      
      UFFDIO_CONTINUE cannot be used to resolve non-minor faults, as it does not
      allocate a new page.  If UFFDIO_CONTINUE is used on a non-minor fault:
      
      - For non-shared memory or shmem, -EINVAL is returned.
      - For hugetlb, -EFAULT is returned.
      
      UFFDIO_COPY and UFFDIO_ZEROPAGE cannot be used to resolve minor faults.
      Without modifications, the existing codepath assumes a new page needs to
      be allocated.  This is okay, since userspace must have a second
      non-UFFD-registered mapping anyway, thus there isn't much reason to want
      to use these in any case (just memcpy or memset or similar).
      
      - If UFFDIO_COPY is used on a minor fault, -EEXIST is returned.
      - If UFFDIO_ZEROPAGE is used on a minor fault, -EEXIST is returned (or -EINVAL
        in the case of hugetlb, as UFFDIO_ZEROPAGE is unsupported in any case).
      - UFFDIO_WRITEPROTECT simply doesn't work with shared memory, and returns
        -ENOENT in that case (regardless of the kind of fault).
      
      Future Work
      ===========
      
      This series only supports hugetlbfs.  I have a second series in flight to
      support shmem as well, extending the functionality.  This series is more
      mature than the shmem support at this point, and the functionality works
      fully on hugetlbfs, so this series can be merged first and then shmem
      support will follow.
      
      This patch (of 6):
      
      This feature allows userspace to intercept "minor" faults.  By "minor"
      faults, I mean the following situation:
      
      Let there exist two mappings (i.e., VMAs) to the same page(s).  One of the
      mappings is registered with userfaultfd (in minor mode), and the other is
      not.  Via the non-UFFD mapping, the underlying pages have already been
      allocated & filled with some contents.  The UFFD mapping has not yet been
      faulted in; when it is touched for the first time, this results in what
      I'm calling a "minor" fault.  As a concrete example, when working with
      hugetlbfs, we have huge_pte_none(), but find_lock_page() finds an existing
      page.
      
      This commit adds the new registration mode, and sets the relevant flag on
      the VMAs being registered.  In the hugetlb fault path, if we find that we
      have huge_pte_none(), but find_lock_page() does indeed find an existing
      page, then we have a "minor" fault, and if the VMA has the userfaultfd
      registration flag, we call into userfaultfd to handle it.
      
      This is implemented as a new registration mode, instead of an API feature.
      This is because the alternative implementation has significant drawbacks
      [1].
      
      However, doing it this was requires we allocate a VM_* flag for the new
      registration mode.  On 32-bit systems, there are no unused bits, so this
      feature is only supported on architectures with
      CONFIG_ARCH_USES_HIGH_VMA_FLAGS.  When attempting to register a VMA in
      MINOR mode on 32-bit architectures, we return -EINVAL.
      
      [1] https://lore.kernel.org/patchwork/patch/1380226/
      
      [peterx@redhat.com: fix minor fault page leak]
        Link: https://lkml.kernel.org/r/20210322175132.36659-1-peterx@redhat.com
      
      Link: https://lkml.kernel.org/r/20210301222728.176417-1-axelrasmussen@google.com
      Link: https://lkml.kernel.org/r/20210301222728.176417-2-axelrasmussen@google.comSigned-off-by: NAxel Rasmussen <axelrasmussen@google.com>
      Reviewed-by: NPeter Xu <peterx@redhat.com>
      Reviewed-by: NMike Kravetz <mike.kravetz@oracle.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Anshuman Khandual <anshuman.khandual@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Chinwen Chang <chinwen.chang@mediatek.com>
      Cc: Huang Ying <ying.huang@intel.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Jann Horn <jannh@google.com>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: Lokesh Gidra <lokeshgidra@google.com>
      Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: "Michal Koutn" <mkoutny@suse.com>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Xu <peterx@redhat.com>
      Cc: Shaohua Li <shli@fb.com>
      Cc: Shawn Anastasio <shawn@anastas.io>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Steven Price <steven.price@arm.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Adam Ruprecht <ruprecht@google.com>
      Cc: Axel Rasmussen <axelrasmussen@google.com>
      Cc: Cannon Matthews <cannonmatthews@google.com>
      Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Mina Almasry <almasrymina@google.com>
      Cc: Oliver Upton <oupton@google.com>
      Cc: Kirill A. Shutemov <kirill@shutemov.name>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7677f7fd
  2. 28 4月, 2021 1 次提交
    • F
      bpf: Implement formatted output helpers with bstr_printf · 48cac3f4
      Florent Revest 提交于
      BPF has three formatted output helpers: bpf_trace_printk, bpf_seq_printf
      and bpf_snprintf. Their signatures specify that all arguments are
      provided from the BPF world as u64s (in an array or as registers). All
      of these helpers are currently implemented by calling functions such as
      snprintf() whose signatures take a variable number of arguments, then
      placed in a va_list by the compiler to call vsnprintf().
      
      "d9c9e4db bpf: Factorize bpf_trace_printk and bpf_seq_printf" introduced
      a bpf_printf_prepare function that fills an array of u64 sanitized
      arguments with an array of "modifiers" which indicate what the "real"
      size of each argument should be (given by the format specifier). The
      BPF_CAST_FMT_ARG macro consumes these arrays and casts each argument to
      its real size. However, the C promotion rules implicitely cast them all
      back to u64s. Therefore, the arguments given to snprintf are u64s and
      the va_list constructed by the compiler will use 64 bits for each
      argument. On 64 bit machines, this happens to work well because 32 bit
      arguments in va_lists need to occupy 64 bits anyway, but on 32 bit
      architectures this breaks the layout of the va_list expected by the
      called function and mangles values.
      
      In "88a5c690 bpf: fix bpf_trace_printk on 32 bit archs", this problem
      had been solved for bpf_trace_printk only with a "horrid workaround"
      that emitted multiple calls to trace_printk where each call had
      different argument types and generated different va_list layouts. One of
      the call would be dynamically chosen at runtime. This was ok with the 3
      arguments that bpf_trace_printk takes but bpf_seq_printf and
      bpf_snprintf accept up to 12 arguments. Because this approach scales
      code exponentially, it is not a viable option anymore.
      
      Because the promotion rules are part of the language and because the
      construction of a va_list is an arch-specific ABI, it's best to just
      avoid variadic arguments and va_lists altogether. Thankfully the
      kernel's snprintf() has an alternative in the form of bstr_printf() that
      accepts arguments in a "binary buffer representation". These binary
      buffers are currently created by vbin_printf and used in the tracing
      subsystem to split the cost of printing into two parts: a fast one that
      only dereferences and remembers values, and a slower one, called later,
      that does the pretty-printing.
      
      This patch refactors bpf_printf_prepare to construct binary buffers of
      arguments consumable by bstr_printf() instead of arrays of arguments and
      modifiers. This gets rid of BPF_CAST_FMT_ARG and greatly simplifies the
      bpf_printf_prepare usage but there are a few gotchas that change how
      bpf_printf_prepare needs to do things.
      
      Currently, bpf_printf_prepare uses a per cpu temporary buffer as a
      generic storage for strings and IP addresses. With this refactoring, the
      temporary buffers now holds all the arguments in a structured binary
      format.
      
      To comply with the format expected by bstr_printf, certain format
      specifiers also need to be pre-formatted: %pB and %pi6/%pi4/%pI4/%pI6.
      Because vsnprintf subroutines for these specifiers are hard to expose,
      we pre-format these arguments with calls to snprintf().
      Reported-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
      Signed-off-by: NFlorent Revest <revest@chromium.org>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Link: https://lore.kernel.org/bpf/20210427174313.860948-3-revest@chromium.org
      48cac3f4
  3. 25 4月, 2021 4 次提交
    • A
      kbuild: redo fake deps at include/config/*.h · 0e0345b7
      Alexey Dobriyan 提交于
      Make include/config/foo/bar.h fake deps files generation simpler.
      
      * delete .h suffix
      	those aren't header files, shorten filenames,
      
      * delete tolower()
      	Linux filesystems can deal with both upper and lowercase
      	filenames very well,
      
      * put everything in 1 directory
      	Presumably 'mkdir -p' split is from dark times when filesystems
      	handled huge directories badly, disks were round adding to
      	seek times.
      
      	x86_64 allmodconfig lists 12364 files in include/config.
      
      	../obj/include/config/
      	├── 104_QUAD_8
      	├── 60XX_WDT
      	├── 64BIT
      		...
      	├── ZSWAP_DEFAULT_ON
      	├── ZSWAP_ZPOOL_DEFAULT
      	└── ZSWAP_ZPOOL_DEFAULT_ZBUD
      
      	0 directories, 12364 files
      Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      0e0345b7
    • P
      kbuild: add support for zstd compressed modules · c3d7ef37
      Piotr Gorski 提交于
      kmod 28 supports modules compressed in zstd format so let's add this
      possibility to kernel.
      Signed-off-by: NPiotr Gorski <lucjan.lucjanov@gmail.com>
      Reviewed-by: NOleksandr Natalenko <oleksandr@natalenko.name>
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      c3d7ef37
    • M
      kbuild: remove CONFIG_MODULE_COMPRESS · d4bbe942
      Masahiro Yamada 提交于
      CONFIG_MODULE_COMPRESS is only used to activate the choice for module
      compression algorithm. It will be simpler to make the choice always
      visible, and add CONFIG_MODULE_COMPRESS_NONE in the choice.
      
      This is more consistent with the "Kernel compression mode" and "Built-in
      initramfs compression mode" choices. CONFIG_KERNEL_UNCOMPRESSED and
      CONFIG_INITRAMFS_COMPRESSION_NONE are available to choose no compression.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: NNick Desaulniers <ndesaulniers@google.com>
      d4bbe942
    • M
      kbuild: check the minimum assembler version in Kconfig · ba64beb1
      Masahiro Yamada 提交于
      Documentation/process/changes.rst defines the minimum assembler version
      (binutils version), but we have never checked it in the build time.
      
      Kbuild never invokes 'as' directly because all assembly files in the
      kernel tree are *.S, hence must be preprocessed. I do not expect
      raw assembly source files (*.s) would be added to the kernel tree.
      
      Therefore, we always use $(CC) as the assembler driver, and commit
      aa824e0c ("kbuild: remove AS variable") removed 'AS'. However,
      we are still interested in the version of the assembler acting behind.
      
      As usual, the --version option prints the version string.
      
        $ as --version | head -n 1
        GNU assembler (GNU Binutils for Ubuntu) 2.35.1
      
      But, we do not have $(AS). So, we can add the -Wa prefix so that
      $(CC) passes --version down to the backing assembler.
      
        $ gcc -Wa,--version | head -n 1
        gcc: fatal error: no input files
        compilation terminated.
      
      OK, we need to input something to satisfy gcc.
      
        $ gcc -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1
        GNU assembler (GNU Binutils for Ubuntu) 2.35.1
      
      The combination of Clang and GNU assembler works in the same way:
      
        $ clang -no-integrated-as -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1
        GNU assembler (GNU Binutils for Ubuntu) 2.35.1
      
      Clang with the integrated assembler fails like this:
      
        $ clang -integrated-as -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1
        clang: error: unsupported argument '--version' to option 'Wa,'
      
      For the last case, checking the error message is fragile. If the
      proposal for -Wa,--version support [1] is accepted, this may not be
      even an error in the future.
      
      One easy way is to check if -integrated-as is present in the passed
      arguments. We did not pass -integrated-as to CLANG_FLAGS before, but
      we can make it explicit.
      
      Nathan pointed out -integrated-as is the default for all of the
      architectures/targets that the kernel cares about, but it goes
      along with "explicit is better than implicit" policy. [2]
      
      With all this in my mind, I implemented scripts/as-version.sh to
      check the assembler version in Kconfig time.
      
        $ scripts/as-version.sh gcc
        GNU 23501
        $ scripts/as-version.sh clang -no-integrated-as
        GNU 23501
        $ scripts/as-version.sh clang -integrated-as
        LLVM 0
      
      [1]: https://github.com/ClangBuiltLinux/linux/issues/1320
      [2]: https://lore.kernel.org/linux-kbuild/20210307044253.v3h47ucq6ng25iay@archlinux-ax161/Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: NNathan Chancellor <nathan@kernel.org>
      ba64beb1
  4. 14 4月, 2021 3 次提交
    • M
      kconfig: change "modules" from sub-option to first-level attribute · 6dd85ff1
      Masahiro Yamada 提交于
      Now "modules" is the only member of the "option" property.
      
      Remove "option", and move "modules" to the top level property.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      6dd85ff1
    • M
      kconfig: do not use allnoconfig_y option · f8f0d064
      Masahiro Yamada 提交于
      allnoconfig_y is an ugly hack that sets a symbol to 'y' by allnoconfig.
      
      allnoconfig does not mean a minimal set of CONFIG options because a
      bunch of prompts are hidden by 'if EMBEDDED' or 'if EXPERT', but I do
      not like to hack Kconfig this way.
      
      Use the pre-existing feature, KCONFIG_ALLCONFIG, to provide a one
      liner config fragment. CONFIG_EMBEDDED=y is still forced when
      allnoconfig is invoked as a part of tinyconfig.
      
      No change in the .config file produced by 'make tinyconfig'.
      
      The output of 'make allnoconfig' will be changed; we will get
      CONFIG_EMBEDDED=n because allnoconfig literally sets all symbols to n.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      f8f0d064
    • M
      kconfig: change defconfig_list option to environment variable · b75b0a81
      Masahiro Yamada 提交于
      "defconfig_list" is a weird option that defines a static symbol that
      declares the list of base config files in case the .config does not
      exist yet.
      
      This is quite different from other normal symbols; we just abused the
      "string" type and the "default" properties to list out the input files.
      They must be fixed values since these are searched for and loaded in
      the parse stage.
      
      It is an ugly hack, and should not exist in the first place. Providing
      this feature as an environment variable is a saner approach.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      b75b0a81
  5. 09 4月, 2021 1 次提交
    • S
      add support for Clang CFI · cf68fffb
      Sami Tolvanen 提交于
      This change adds support for Clang’s forward-edge Control Flow
      Integrity (CFI) checking. With CONFIG_CFI_CLANG, the compiler
      injects a runtime check before each indirect function call to ensure
      the target is a valid function with the correct static type. This
      restricts possible call targets and makes it more difficult for
      an attacker to exploit bugs that allow the modification of stored
      function pointers. For more details, see:
      
        https://clang.llvm.org/docs/ControlFlowIntegrity.html
      
      Clang requires CONFIG_LTO_CLANG to be enabled with CFI to gain
      visibility to possible call targets. Kernel modules are supported
      with Clang’s cross-DSO CFI mode, which allows checking between
      independently compiled components.
      
      With CFI enabled, the compiler injects a __cfi_check() function into
      the kernel and each module for validating local call targets. For
      cross-module calls that cannot be validated locally, the compiler
      calls the global __cfi_slowpath_diag() function, which determines
      the target module and calls the correct __cfi_check() function. This
      patch includes a slowpath implementation that uses __module_address()
      to resolve call targets, and with CONFIG_CFI_CLANG_SHADOW enabled, a
      shadow map that speeds up module look-ups by ~3x.
      
      Clang implements indirect call checking using jump tables and
      offers two methods of generating them. With canonical jump tables,
      the compiler renames each address-taken function to <function>.cfi
      and points the original symbol to a jump table entry, which passes
      __cfi_check() validation. This isn’t compatible with stand-alone
      assembly code, which the compiler doesn’t instrument, and would
      result in indirect calls to assembly code to fail. Therefore, we
      default to using non-canonical jump tables instead, where the compiler
      generates a local jump table entry <function>.cfi_jt for each
      address-taken function, and replaces all references to the function
      with the address of the jump table entry.
      
      Note that because non-canonical jump table addresses are local
      to each component, they break cross-module function address
      equality. Specifically, the address of a global function will be
      different in each module, as it's replaced with the address of a local
      jump table entry. If this address is passed to a different module,
      it won’t match the address of the same function taken there. This
      may break code that relies on comparing addresses passed from other
      components.
      
      CFI checking can be disabled in a function with the __nocfi attribute.
      Additionally, CFI can be disabled for an entire compilation unit by
      filtering out CC_FLAGS_CFI.
      
      By default, CFI failures result in a kernel panic to stop a potential
      exploit. CONFIG_CFI_PERMISSIVE enables a permissive mode, where the
      kernel prints out a rate-limited warning instead, and allows execution
      to continue. This option is helpful for locating type mismatches, but
      should only be enabled during development.
      Signed-off-by: NSami Tolvanen <samitolvanen@google.com>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      Tested-by: NNathan Chancellor <nathan@kernel.org>
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20210408182843.1754385-2-samitolvanen@google.com
      cf68fffb
  6. 05 4月, 2021 1 次提交
    • V
      cgroup: Add misc cgroup controller · a72232ea
      Vipin Sharma 提交于
      The Miscellaneous cgroup provides the resource limiting and tracking
      mechanism for the scalar resources which cannot be abstracted like the
      other cgroup resources. Controller is enabled by the CONFIG_CGROUP_MISC
      config option.
      
      A resource can be added to the controller via enum misc_res_type{} in
      the include/linux/misc_cgroup.h file and the corresponding name via
      misc_res_name[] in the kernel/cgroup/misc.c file. Provider of the
      resource must set its capacity prior to using the resource by calling
      misc_cg_set_capacity().
      
      Once a capacity is set then the resource usage can be updated using
      charge and uncharge APIs. All of the APIs to interact with misc
      controller are in include/linux/misc_cgroup.h.
      
      Miscellaneous controller provides 3 interface files. If two misc
      resources (res_a and res_b) are registered then:
      
      misc.capacity
      A read-only flat-keyed file shown only in the root cgroup.  It shows
      miscellaneous scalar resources available on the platform along with
      their quantities::
      
          $ cat misc.capacity
          res_a 50
          res_b 10
      
      misc.current
      A read-only flat-keyed file shown in the non-root cgroups.  It shows
      the current usage of the resources in the cgroup and its children::
      
          $ cat misc.current
          res_a 3
          res_b 0
      
      misc.max
      A read-write flat-keyed file shown in the non root cgroups. Allowed
      maximum usage of the resources in the cgroup and its children.::
      
          $ cat misc.max
          res_a max
          res_b 4
      
      Limit can be set by::
      
          # echo res_a 1 > misc.max
      
      Limit can be set to max by::
      
          # echo res_a max > misc.max
      
      Limits can be set more than the capacity value in the misc.capacity
      file.
      Signed-off-by: NVipin Sharma <vipinsh@google.com>
      Reviewed-by: NDavid Rientjes <rientjes@google.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      a72232ea
  7. 14 3月, 2021 1 次提交
    • M
      init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM · ea29b20a
      Masahiro Yamada 提交于
      I read the commit log of the following two:
      
      - bc083a64 ("init/Kconfig: make COMPILE_TEST depend on !UML")
      - 334ef6ed ("init/Kconfig: make COMPILE_TEST depend on !S390")
      
      Both are talking about HAS_IOMEM dependency missing in many drivers.
      
      So, 'depends on HAS_IOMEM' seems the direct, sensible solution to me.
      
      This does not change the behavior of UML. UML still cannot enable
      COMPILE_TEST because it does not provide HAS_IOMEM.
      
      The current dependency for S390 is too strong. Under the condition of
      CONFIG_PCI=y, S390 provides HAS_IOMEM, hence can enable COMPILE_TEST.
      
      I also removed the meaningless 'default n'.
      
      Link: https://lkml.kernel.org/r/20210224140809.1067582-1-masahiroy@kernel.orgSigned-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Arnd Bergmann <arnd@kernel.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: KP Singh <kpsingh@google.com>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: Nick Terrell <terrelln@fb.com>
      Cc: Quentin Perret <qperret@google.com>
      Cc: Valentin Schneider <valentin.schneider@arm.com>
      Cc: "Enrico Weigelt, metux IT consult" <lkml@metux.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ea29b20a
  8. 11 3月, 2021 1 次提交
  9. 28 2月, 2021 1 次提交
  10. 27 2月, 2021 2 次提交
  11. 25 2月, 2021 2 次提交
  12. 24 2月, 2021 1 次提交
    • L
      Kbuild: disable TRIM_UNUSED_KSYMS option · 5cf0fd59
      Linus Torvalds 提交于
      The removal of EXPORT_UNUSED_SYMBOL() in commit 36794822 looks like
      (and was sold as) a no-op, but it actually had a rather serious and
      subtle side effect: the UNUSED_SYMBOLS option not only enabled the
      removed (unused) functionality, it also _disabled_ the TRIM_UNUSED_KSYMS
      functionality.
      
      And it turns out that TRIM_UNUSED_KSYMS is a huge time waste, and takes
      up a third of the kernel build time for me.  For no actual upside, since
      no distro is likely to ever be able to enable it (because they all
      support external kernel modules).
      
      Rather than re-enable EXPORT_UNUSED_SYMBOL, this just disables the
      TRIM_UNUSED_KSYMS option by marking it broken.  I'm tempted to just
      remove the support entirely, but maybe somebody has a use-case and can
      fix the behavior of it.
      
      I could have just disabled it for COMPILE_TEST, but it really smells
      like the TRIM_UNUSED_KSYMS option is badly done and not really useful,
      so this takes the more direct approach - let's see if anybody ever
      actually notices or complains.
      
      Cc: Miroslav Benes <mbenes@suse.cz>
      Cc: Emil Velikov <emil.l.velikov@gmail.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Jessica Yu <jeyu@kernel.org>
      Fixes: 36794822 ("module: remove EXPORT_UNUSED_SYMBOL*")
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5cf0fd59
  13. 22 2月, 2021 1 次提交
    • M
      kbuild: check the minimum linker version in Kconfig · 02aff859
      Masahiro Yamada 提交于
      Unify the two scripts/ld-version.sh and scripts/lld-version.sh, and
      check the minimum linker version like scripts/cc-version.sh did.
      
      I tested this script for some corner cases reported in the past:
      
       - GNU ld version 2.25-15.fc23
         as reported by commit 8083013f ("ld-version: Fix it on Fedora")
      
       - GNU ld (GNU Binutils) 2.20.1.20100303
         as reported by commit 0d61ed17 ("ld-version: Drop the 4th and
         5th version components")
      
      This script show an error message if the linker is too old:
      
        $ make LD=ld.lld-9
          SYNC    include/config/auto.conf
        ***
        *** Linker is too old.
        ***   Your LLD version:    9.0.1
        ***   Minimum LLD version: 10.0.1
        ***
        scripts/Kconfig.include:50: Sorry, this linker is not supported.
        make[2]: *** [scripts/kconfig/Makefile:71: syncconfig] Error 1
        make[1]: *** [Makefile:600: syncconfig] Error 2
        make: *** [Makefile:708: include/config/auto.conf] Error 2
      
      I also moved the check for gold to this script, so gold is still rejected:
      
        $ make LD=gold
          SYNC    include/config/auto.conf
        gold linker is not supported as it is not capable of linking the kernel proper.
        scripts/Kconfig.include:50: Sorry, this linker is not supported.
        make[2]: *** [scripts/kconfig/Makefile:71: syncconfig] Error 1
        make[1]: *** [Makefile:600: syncconfig] Error 2
        make: *** [Makefile:708: include/config/auto.conf] Error 2
      
      Thanks to David Laight for suggesting shell script improvements.
      Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
      Acked-by: NNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: NNathan Chancellor <nathan@kernel.org>
      Tested-by: NNathan Chancellor <nathan@kernel.org>
      02aff859
  14. 16 2月, 2021 2 次提交
  15. 08 2月, 2021 1 次提交
  16. 06 2月, 2021 1 次提交
  17. 29 1月, 2021 1 次提交
  18. 28 1月, 2021 1 次提交
  19. 15 1月, 2021 1 次提交
  20. 01 12月, 2020 2 次提交
  21. 21 11月, 2020 1 次提交
  22. 03 11月, 2020 1 次提交
  23. 25 9月, 2020 1 次提交
  24. 08 9月, 2020 1 次提交
  25. 29 8月, 2020 1 次提交
    • A
      bpf: Introduce sleepable BPF programs · 1e6c62a8
      Alexei Starovoitov 提交于
      Introduce sleepable BPF programs that can request such property for themselves
      via BPF_F_SLEEPABLE flag at program load time. In such case they will be able
      to use helpers like bpf_copy_from_user() that might sleep. At present only
      fentry/fexit/fmod_ret and lsm programs can request to be sleepable and only
      when they are attached to kernel functions that are known to allow sleeping.
      
      The non-sleepable programs are relying on implicit rcu_read_lock() and
      migrate_disable() to protect life time of programs, maps that they use and
      per-cpu kernel structures used to pass info between bpf programs and the
      kernel. The sleepable programs cannot be enclosed into rcu_read_lock().
      migrate_disable() maps to preempt_disable() in non-RT kernels, so the progs
      should not be enclosed in migrate_disable() as well. Therefore
      rcu_read_lock_trace is used to protect the life time of sleepable progs.
      
      There are many networking and tracing program types. In many cases the
      'struct bpf_prog *' pointer itself is rcu protected within some other kernel
      data structure and the kernel code is using rcu_dereference() to load that
      program pointer and call BPF_PROG_RUN() on it. All these cases are not touched.
      Instead sleepable bpf programs are allowed with bpf trampoline only. The
      program pointers are hard-coded into generated assembly of bpf trampoline and
      synchronize_rcu_tasks_trace() is used to protect the life time of the program.
      The same trampoline can hold both sleepable and non-sleepable progs.
      
      When rcu_read_lock_trace is held it means that some sleepable bpf program is
      running from bpf trampoline. Those programs can use bpf arrays and preallocated
      hash/lru maps. These map types are waiting on programs to complete via
      synchronize_rcu_tasks_trace();
      
      Updates to trampoline now has to do synchronize_rcu_tasks_trace() and
      synchronize_rcu_tasks() to wait for sleepable progs to finish and for
      trampoline assembly to finish.
      
      This is the first step of introducing sleepable progs. Eventually dynamically
      allocated hash maps can be allowed and networking program types can become
      sleepable too.
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: NJosef Bacik <josef@toxicpanda.com>
      Acked-by: NAndrii Nakryiko <andriin@fb.com>
      Acked-by: NKP Singh <kpsingh@google.com>
      Link: https://lore.kernel.org/bpf/20200827220114.69225-3-alexei.starovoitov@gmail.com
      1e6c62a8
  26. 20 8月, 2020 1 次提交
    • A
      bpf: Add kernel module with user mode driver that populates bpffs. · d71fa5c9
      Alexei Starovoitov 提交于
      Add kernel module with user mode driver that populates bpffs with
      BPF iterators.
      
      $ mount bpffs /my/bpffs/ -t bpf
      $ ls -la /my/bpffs/
      total 4
      drwxrwxrwt  2 root root    0 Jul  2 00:27 .
      drwxr-xr-x 19 root root 4096 Jul  2 00:09 ..
      -rw-------  1 root root    0 Jul  2 00:27 maps.debug
      -rw-------  1 root root    0 Jul  2 00:27 progs.debug
      
      The user mode driver will load BPF Type Formats, create BPF maps, populate BPF
      maps, load two BPF programs, attach them to BPF iterators, and finally send two
      bpf_link IDs back to the kernel.
      The kernel will pin two bpf_links into newly mounted bpffs instance under
      names "progs.debug" and "maps.debug". These two files become human readable.
      
      $ cat /my/bpffs/progs.debug
        id name            attached
        11 dump_bpf_map    bpf_iter_bpf_map
        12 dump_bpf_prog   bpf_iter_bpf_prog
        27 test_pkt_access
        32 test_main       test_pkt_access test_pkt_access
        33 test_subprog1   test_pkt_access_subprog1 test_pkt_access
        34 test_subprog2   test_pkt_access_subprog2 test_pkt_access
        35 test_subprog3   test_pkt_access_subprog3 test_pkt_access
        36 new_get_skb_len get_skb_len test_pkt_access
        37 new_get_skb_ifindex get_skb_ifindex test_pkt_access
        38 new_get_constant get_constant test_pkt_access
      
      The BPF program dump_bpf_prog() in iterators.bpf.c is printing this data about
      all BPF programs currently loaded in the system. This information is unstable
      and will change from kernel to kernel as ".debug" suffix conveys.
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Link: https://lore.kernel.org/bpf/20200819042759.51280-4-alexei.starovoitov@gmail.com
      d71fa5c9
  27. 08 8月, 2020 1 次提交
  28. 31 7月, 2020 1 次提交
  29. 29 7月, 2020 1 次提交
  30. 22 7月, 2020 1 次提交
  31. 01 7月, 2020 1 次提交