On Thu, Mar 25, 2021 at 3:38 AM John Garry wrote:
>
> Function find_metric() is required for the metric processing in the
> pmu-events testcase, so make it public. Also change the name to include
> "metricgroup".
Would it make more sense as "pmu_events_map__find_metric" ?
Thanks,
Ian
>
On Thu, Apr 1, 2021 at 12:22 AM Wan Jiabing wrote:
>
> struct btf_type is declared twice. One is declared at 35th line.
> The blew one is not needed. Remove the duplicate.
>
> Signed-off-by: Wan Jiabing
Acked-by: Song Liu
This adds device tree bindings for the Hycon HY46XX touchscreen series.
Signed-off-by: Giulio Benetti
---
V1->V2:
As suggested by Rob Herring:
* fixed $id: address
* added "hycon," in front of every custom property
* changed all possible property to boolean type
* removed proximity-sensor-switch
This patch adds support for Hycon HY46XX.
Signed-off-by: Giulio Benetti
---
V1->V2:
* removed proximity-sensor-switch property according to previous patch
As suggested by Dmitry Torokhov
* moved i2c communaction to regmap use
* added macro to avoid magic number
* removed cmd variable that could
Update Documentation/devicetree/bindings/vendor-prefixes.yaml to
include "hycon" as a vendor prefix for "Hycon Technology".
Company website: https://www.hycontek.com/
Signed-off-by: Giulio Benetti
---
V1->V2:
* updated http:// to https:// in commit log as suggested by Jonathan Neuschäfer
---
This patchset adds Hycon vendor, HY46XX touchscreen controller driver
and its .yaml binding.
---
V1->V2:
* changed authorship and SoBs to @benettiengineering.com domain
* fixed vendor commit log according to Jonathan Neuschäfer's suggestion
* fixed hy46xx bindings according to Rob Herring's
On Thu, Apr 01, 2021, Maxim Levitsky wrote:
> Use 'pending_exception' and 'injected_exception' fields
> to store the pending and the injected exceptions.
>
> After this patch still only one is active, but
> in the next patch both could co-exist in some cases.
Please explain _why_.
>
From: Kimito Sakata
Signed-off-by: Kimito Sakata
---
mmc.c | 8
mmc.h | 13 +-
mmc_cmds.c | 129 +
mmc_cmds.h | 1 +
4 files changed, 150 insertions(+), 1 deletion(-)
diff --git a/mmc.c b/mmc.c
index f3d724b..eb2638b
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Thu, 1 Apr 2021 14:06:28 +0800 you wrote:
> The commit d2a029bde37b ("stmmac: pci: add MSI support for Intel Quark
> X1000") introduced a pci_enable_msi() call in stmmac_pci.c.
>
> With the commit 58da0cfa6cf1 ("net:
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Thu, 1 Apr 2021 16:27:52 +0300 you wrote:
> syzbot reported memory leak in peak_usb.
> The problem was in case of failure after calling
> ->dev_init()[2] in peak_usb_create_dev()[1]. The data
> allocated int dev_init()
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Thu, 1 Apr 2021 14:02:50 +0800 you wrote:
> Update dwmac-intel to use managed function, i.e. pcim_enable_device().
>
> This will allow devres framework to call resource free function for us.
>
> Signed-off-by: Wong
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Thu, 1 Apr 2021 08:59:17 +0200 you wrote:
> From: Norman Maurer
>
> Support for UDP_GRO was added in the past but the implementation for
> getsockopt was missed which did lead to an error when we tried to
> retrieve the
From: Ira Weiny
Protection Keys for Supervisor pages (PKS) enables fast, hardware thread
specific, manipulation of permission restrictions on supervisor page
mappings. It uses the same mechanism of Protection Keys as those on
User mappings but applies that mechanism to supervisor mappings using
From: Ira Weiny
Previously if a Protection key fault occurred it indicated something
very wrong because user page mappings are not supposed to be in the
kernel address space.
Now PKey faults may happen on kernel mappings if the feature is enabled.
Remove the warning in the fault path and allow
From: Ira Weiny
The core PKS functionality provides an interface for kernel users to
reserve keys to their domains set up the page tables with those keys and
control access to those domains when needed.
Define test code which exercises the core functionality of PKS via a
debugfs entry. Basic
From: Ira Weiny
The PKRS MSR is not managed by XSAVE. It is preserved through a context
switch but this support leaves exception handling code open to memory
accesses during exceptions.
2 possible places for preserving this state were considered,
irqentry_state_t or pt_regs.[1] pt_regs was
From: Ira Weiny
The PKRS MSR is defined as a per-logical-processor register. This
isolates memory access by logical CPU. Unfortunately, the MSR is not
managed by XSAVE. Therefore, tasks must save/restore the MSR value on
context switch.
Define a saved PKRS value in the task struct, as well
From: Fenghua Yu
PKS allows kernel users to define domains of page mappings which have
additional protections beyond the paging protections. Violating those
protections results in an oops.
Add an API to allocate, use, and free a protection key which identifies
such a domain. Export 5 new
From: Ira Weiny
Protection Keys for Supervisor pages (PKS) enables fast, hardware thread
specific, manipulation of permission restrictions on supervisor page
mappings. It uses the same mechanism of Protection Keys as those on
User mappings but applies that mechanism to supervisor mappings using
From: Ira Weiny
Avoid open coding shift and mask operations by defining and using helper
macros for PKey operations.
Reviewed-by: Dan Williams
Signed-off-by: Ira Weiny
---
Changes from V3:
new patch suggested by Dan Williams to use macros better.
---
arch/x86/include/asm/pgtable.h
From: Ira Weiny
Define a helper, update_pkey_val(), which will be used to support both
Protection Key User (PKU) and the new Protection Key for Supervisor
(PKS) in subsequent patches.
Reviewed-by: Dan Williams
Co-developed-by: Peter Zijlstra
Signed-off-by: Peter Zijlstra
Signed-off-by: Ira
From: Ira Weiny
Introduce a new page protection mechanism for supervisor pages, Protection Key
Supervisor (PKS).
Generally PKS enables protections on 'domains' of supervisor pages to limit
supervisor mode access to pages beyond the normal paging protections. PKS
works in a similar fashion to
From: Ira Weiny
Protection Keys User (PKU) and Protection Keys Supervisor (PKS) work in
similar fashions and can share common defines. Specifically PKS and PKU
each have:
1. A single control register
2. The same number of keys
3. The same number of bits in the register
On 4/1/21 1:01 PM, Yang Shi wrote:
> On Thu, Apr 1, 2021 at 11:35 AM Dave Hansen
> wrote:
>>
>>
>> From: Dave Hansen
>>
>> This is mostly derived from a patch from Yang Shi:
>>
>>
>> https://lore.kernel.org/linux-mm/1560468577-101178-10-git-send-email-yang@linux.alibaba.com/
>>
>>
On Thu, Apr 01, 2021, Paolo Bonzini wrote:
> On 01/04/21 16:38, Maxim Levitsky wrote:
> > +static int kvm_do_deliver_pending_exception(struct kvm_vcpu *vcpu)
> > +{
> > + int class1, class2, ret;
> > +
> > + /* try to deliver current pending exception as VM exit */
> > + if
On Wed, Mar 31, 2021 at 8:17 AM Johannes Weiner wrote:
>
> On Tue, Mar 30, 2021 at 03:05:42PM -0700, Roman Gushchin wrote:
> > On Tue, Mar 30, 2021 at 05:30:10PM -0400, Johannes Weiner wrote:
> > > On Tue, Mar 30, 2021 at 11:58:31AM -0700, Roman Gushchin wrote:
> > > > On Tue, Mar 30, 2021 at
Use memset to initialize two local buffers in net/ipv6/mcast.c,
and another in net/ipv4/igmp.c. Fixes a KMSAN found uninit-value
bug reported by syzbot at:
https://syzkaller.appspot.com/bug?id=0766d38c656abeace60621896d705743aeefed51
Reported-by:
On 4/1/21 3:26 PM, Sean Christopherson wrote:
> On Thu, Apr 01, 2021, Dave Hansen wrote:
>> On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
>>> From: "Kirill A. Shutemov"
>>>
>>> Handle #VE due to MMIO operations. MMIO triggers #VE with EPT_VIOLATION
>>> exit reason.
>>>
>>> For now we only
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Thu, 1 Apr 2021 11:22:23 +0800 you wrote:
> The logic in rt6_age_examine_exception is confusing. The commit is
> to refactor the code.
>
> Signed-off-by: Xu Jia
> ---
> net/ipv6/route.c | 5 +
> 1 file changed, 1
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Thu, 1 Apr 2021 07:46:24 +0300 you wrote:
> syzbot reported memory leak in atusb_probe()[1].
> The problem was in atusb_alloc_urbs().
> Since urb is anchored, we need to release the reference
> to correctly free the urb
>
On Thu, 1 Apr 2021 at 15:29, Bean Huo wrote:
>
> From: Bean Huo
>
> As the density increases, the 4-minute timeout value for
> sanitize is no longer feasible. At the same time, devices
> of different densities have different timeout values, and it is
> difficult to obtain a unified standard
On Thu, Apr 01, 2021 at 03:33:29PM -0700, Paul E. McKenney wrote:
> On Thu, Apr 01, 2021 at 11:08:02PM +0200, Frederic Weisbecker wrote:
> How about like this? I put this only in kvm.sh for the moment, but
> if these keep cropping up I will just hit all the scripts. ;-)
Sure, works for me!
If you update the timestamp of KCONFIG_CONFIG without actually changing
anything, config_data.gz is re-generated and causes vmlinux to re-link.
When Link Time Optimization is enabled, unnecessary re-linking of
vmlinux is highly desirable since it adds several minutes to build time.
Avoid touching
On Thu, Apr 01, 2021 at 11:15:43AM +, David Laight wrote:
> From: Will Deacon
> > Sent: 01 April 2021 09:31
> ...
> > > +/*
> > > + * These macros must be used during syscall entry when interrupts and
> > > + * preempt are disabled, and after user registers have been stored to
> > > + * the
A small suggestion: Given that migrate_pages() requires that
*nr_succeeded should be initialized to 0 when it is called due to its
use of *nr_succeeded in count_vm_events() and trace_mm_migrate_pages(),
it would be less error-prone if migrate_pages() initializes
*nr_succeeded itself.
On Thu, Apr
Use memset to initialize local array in drivers/net/usb/ax88179_178a.c, and
also set a local u16 and u32 variable to 0. Fixes a KMSAN found uninit-value bug
reported by syzbot at:
https://syzkaller.appspot.com/bug?id=00371c73c72f72487c1d0bfe0cc9d00de339d5aa
Reported-by:
Hi Luojiaxing,
On Mon, Mar 22, 2021 at 1:41 AM luojiaxing wrote:
>
>
> On 2021/3/20 20:14, John Garry wrote:
> > On 19/03/2021 01:43, Jason Yan wrote:
> >>
> >>
> >> 在 2021/3/19 6:56, Jolly Shah 写道:
> >>> When the cache_type for the scsi device is changed, the scsi layer
> >>> issues a
On Thu, Apr 1, 2021 at 3:11 PM Richard Guy Briggs wrote:
>
> Drop the "Format:" field from the /proc/PID/loginuid documentation and
> integrate the information into the Description field since it is not
> recognized by the "./scripts/get_abi.pl validate" command which causes a
> warning.
On Thu, Apr 01, 2021 at 11:08:02PM +0200, Frederic Weisbecker wrote:
> On Thu, Apr 01, 2021 at 02:02:53PM -0700, Paul E. McKenney wrote:
> > On Thu, Apr 01, 2021 at 10:41:13PM +0200, Frederic Weisbecker wrote:
> > > On Thu, Apr 01, 2021 at 01:40:22PM -0700, Paul E. McKenney wrote:
> > > > On Thu,
Before the change page_owner recursion was detected via fetching
backtrace and inspecting it for current instruction pointer.
It has a few problems:
- it is slightly slow as it requires extra backtrace and a linear
stack scan of the result
- it is too late to check if backtrace fetching required
On Thu, Apr 01, 2021, Dave Hansen wrote:
> On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
> > From: "Kirill A. Shutemov"
> >
> > Handle #VE due to MMIO operations. MMIO triggers #VE with EPT_VIOLATION
> > exit reason.
> >
> > For now we only handle subset of instruction that kernel uses
On 4/1/21 2:19 PM, Dave Hansen wrote:
On 4/1/21 2:15 PM, Kuppuswamy, Sathyanarayanan wrote:
On 4/1/21 2:08 PM, Dave Hansen wrote:
On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
+bool is_tdx_guest(void)
+{
+ return static_cpu_has(X86_FEATURE_TDX_GUEST);
+}
Why do you need
Il 01/04/2021 20:37, Giulio Benetti ha scritto:
Needs a vendor prefix here and all the custom properties.
Sorry but I can't understand this ^^^, I've checked a lot of other yaml
files but couldn't find something related to this. Can you help me by
pointing me an example?
Found in
> From: Johan Jonker
> Date: Thu, 1 Apr 2021 23:36:48 +0200
>
> The conversion of rockchip,dwc3.txt to yaml was added to linux-next,
> but the necessary changes for rk3399 are still pending.
>
> For rk3399 dwc3 usb the wrapper node for only clocks makes no sense,
> so that was removed in the
Add a comma to separate repeated words in a comment. The comma preserves
the meaning of the comment while also stopping the checkpatch warning:
WARNING: Possible repeated word: 'very'.
Signed-off-by: Deborah Brouwer
---
drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 +-
1 file changed, 1
Add * at the beginning of each line in block comments to conform to the
Linux kernel coding style. Issue detected using checkpatch.
Signed-off-by: Deborah Brouwer
---
drivers/staging/rtl8723bs/core/rtw_xmit.c | 59 +++
1 file changed, 28 insertions(+), 31 deletions(-)
diff
Remove empty comment because it provides no information.
Signed-off-by: Deborah Brouwer
---
drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c
b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index
Style changes to block comments.
Changes since v2:
- add subsystem/driver prefix into 0/X email subject line
Changes since v1:
- all commit messages more accurately describe changes
Deborah Brouwer (3):
staging: rtl8723bs: core: add comma within a comment
staging: rtl8723bs:
ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
component of CET. IBT prevents attacks by ensuring that (most) indirect
branches and function calls may only land at ENDBR instructions. Branches
that don't follow the rules will result in control flow (#CF) exceptions.
From: "H.J. Lu"
When Indirect Branch Tracking (IBT) is enabled, vDSO functions may be
called indirectly, and must have ENDBR32 or ENDBR64 as the first
instruction. The compiler must support -fcf-protection=branch so that it
can be used to compile vDSO.
Signed-off-by: H.J. Lu
Signed-off-by:
ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
component of CET. IBT prevents attacks by ensuring that (most) indirect
branches and function calls may only land at ENDBR instructions. Branches
that don't follow the rules will result in control flow (#CF) exceptions.
From: "H.J. Lu"
Update ARCH_X86_CET_STATUS and ARCH_X86_CET_DISABLE for Indirect Branch
Tracking.
Signed-off-by: H.J. Lu
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
---
v24:
- Update for function name changes introduced from splitting shadow stack and
ibt.
An ELF file's .note.gnu.property indicates features the file supports.
The property is parsed at loading time and passed to arch_setup_elf_
property(). Update it for Indirect Branch Tracking.
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Update for changes introduced from splitting
From: "H.J. Lu"
ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
component of CET. IBT prevents attacks by ensuring that (most) indirect
branches and function calls may only land at ENDBR instructions. Branches
that don't follow the rules will result in control flow
When an indirect CALL/JMP instruction is executed and before it reaches
the target, it is in 'WAIT_ENDBR' status, which can be read from
MSR_IA32_U_CET. The status is part of a task's status before a signal is
raised and preserved in the signal frame. It is restored for sigreturn.
IBT state
Indirect Branch Tracking (IBT) provides protection against CALL-/JMP-
oriented programming attacks. It is active when the kernel has this
feature enabled, and the processor and the application support it.
When this feature is enabled, legacy non-IBT applications continue to
work, but without IBT
Introduce user-mode Indirect Branch Tracking (IBT) support. Add routines
for the setup/disable of IBT.
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Move IBT routines to a separate ibt.c, update related areas accordingly.
arch/x86/include/asm/cet.h | 9 ++
arch/x86/kernel/Makefile
Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].
This is the second part of CET and enables Indirect Branch Tracking (IBT).
It is built on top
To prepare the introduction of PROT_SHSTK and be consistent with other
architectures, move arch_vm_get_page_prot() and arch_calc_vm_prot_bits() to
arch/x86/include/asm/mman.h.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
Cc: Kirill A. Shutemov
---
arch/x86/include/asm/mman.h | 30
This series improves the defensive posture of sysfs's use of seq_file
to gain the vmap guard pages at the end of vmalloc buffers to stop a
class of recurring flaw[1]. The long-term goal is to switch sysfs from
a buffer to using seq_file directly, but this will take time to refactor.
Included is
There are three possible options to create a shadow stack allocation API:
an arch_prctl, a new syscall, or adding PROT_SHSTK to mmap()/mprotect().
Each has its advantages and compromises.
An arch_prctl() is the least intrusive. However, the existing x86
arch_prctl() takes only two parameters.
When newer VM flags are being created, such as VM_MTE, it becomes necessary
for mmap/mprotect to verify if certain flags are being applied to an
anonymous VMA.
To solve this, one approach is adding a VM flag to track that MAP_ANONYMOUS
is specified [1], and then using the flag in
The sysfs interface to seq_file continues to be rather fragile
(seq_get_buf() should not be used outside of seq_file), as seen with
some recent exploits[1]. Move the seq_file buffer to the vmap area
(while retaining the accounting flag), since it has guard pages that will
catch and stop linear
Similar to the existing slab overflow and stack exhaustion tests, add
VMALLOC_LINEAR_OVERFLOW (and rename the slab test SLAB_LINEAR_OVERFLOW).
Signed-off-by: Kees Cook
---
drivers/misc/lkdtm/core.c | 3 ++-
drivers/misc/lkdtm/heap.c | 21 -
From: Arnd Bergmann
Clang points out that adding something to NULL is not allowed in
standard C:
fs/kernfs/file.c:127:15: warning: performing pointer arithmetic on a
null pointer has undefined behavior [-Wnull-pointer-arithmetic]
return NULL + !*ppos;
arch_prctl(ARCH_X86_CET_STATUS, u64 *args)
Get CET feature status.
The parameter 'args' is a pointer to a user buffer. The kernel returns
the following information:
*args = shadow stack/IBT status
*(args + 1) = shadow stack base address
*(args + 2) = shadow stack size
An ELF file's .note.gnu.property indicates arch features supported by the
file. These features are extracted by arch_parse_elf_property() and stored
in 'arch_elf_state'.
Introduce x86 feature definitions and arch_setup_elf_property(), which
enables such features. The first use-case of this
When shadow stack is enabled, a task's shadow stack states must be saved
along with the signal context and later restored in sigreturn. However,
currently there is no systematic facility for extending a signal context.
Introduce a signal context extension struct 'sc_ext', which is used to save
A shadow stack restore token marks a restore point of the shadow stack, and
the address in a token must point directly above the token, which is within
the same shadow stack. This is distinctively different from other pointers
on the shadow stack, since those pointers point to executable code
The kernel allocates (and frees on thread exit) a new shadow stack for a
pthread child.
It is possible for the kernel to complete the clone syscall and set the
child's shadow stack pointer to NULL and let the child thread allocate
a shadow stack for itself. There are two issues in
Introduce basic shadow stack enabling/disabling/allocation routines.
A task's shadow stack is allocated from memory with VM_SHADOW_STACK flag
and has a fixed size of min(RLIMIT_STACK, 4GB).
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Rename cet.c to shstk.c, update related areas
There was no more caller passing vm_flags to do_mmap(), and vm_flags was
removed from the function's input by:
commit 45e55300f114 ("mm: remove unnecessary wrapper function
do_mmap_pgoff()").
There is a new user now. Shadow stack allocation passes VM_SHADOW_STACK to
do_mmap(). Thus,
The read-only and Dirty PTE has been used to indicate copy-on-write pages.
However, newer x86 processors also regard a read-only and Dirty PTE as a
shadow stack page. In order to separate the two, the software-defined
_PAGE_COW is created to replace _PAGE_DIRTY for the copy-on-write case, and
When serving a page fault, maybe_mkwrite() makes a PTE writable if it is in
a writable vma. A shadow stack vma is writable, but its PTEs need
_PAGE_DIRTY to be set to become writable. For this reason, maybe_mkwrite()
has been updated.
There are a few places that call pte_mkwrite() directly, but
In change_pte_range(), when a PTE is changed for prot_numa, _PAGE_RW is
preserved to avoid the additional write fault after the NUMA hinting fault.
However, pte_write() now includes both normal writable and shadow stack
(RW=0, Dirty=1) PTEs, but the latter does not have _PAGE_RW and has no need
to
Account shadow stack pages to stack memory.
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
Cc: Kirill A. Shutemov
---
v24:
- Change arch_shadow_stack_mapping() to is_shadow_stack_mapping().
- Change VM_SHSTK to VM_SHADOW_STACK.
arch/x86/mm/pgtable.c | 7 +++
include/linux/pgtable.h | 11
When serving a page fault, maybe_mkwrite() makes a PTE writable if its vma
has VM_WRITE.
A shadow stack vma has VM_SHADOW_STACK. Its PTEs have _PAGE_DIRTY, but not
_PAGE_WRITE. In fork(), _PAGE_DIRTY is cleared to cause copy-on-write,
and in the page fault handler, _PAGE_DIRTY is restored and
Can_follow_write_pte() ensures a read-only page is COWed by checking the
FOLL_COW flag, and uses pte_dirty() to validate the flag is still valid.
Like a writable data page, a shadow stack page is writable, and becomes
read-only during copy-on-write, but it is always dirty. Thus, in the
INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the
first and the last elements in the range, effectively touches those memory
areas.
The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and
255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from PAGE_SIZE.
Thus,
When Shadow Stack is introduced, [R/O + _PAGE_DIRTY] PTE is reserved for
shadow stack. Copy-on-write PTEs have [R/O + _PAGE_COW].
When a PTE goes from [R/W + _PAGE_DIRTY] to [R/O + _PAGE_COW], it could
become a transient shadow stack PTE in two cases:
The first case is that some processors can
After the introduction of _PAGE_COW, a modified page's PTE can have either
_PAGE_DIRTY or _PAGE_COW. Change _PAGE_DIRTY to _PAGE_DIRTY_BITS.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kees Cook
Reviewed-by: Kirill A. Shutemov
Cc: David Airlie
Cc: Joonas Lahtinen
Cc: Jani Nikula
Cc: Daniel
A shadow stack PTE must be read-only and have _PAGE_DIRTY set. However,
read-only and Dirty PTEs also exist for copy-on-write (COW) pages. These
two cases are handled differently for page faults. Introduce
VM_SHADOW_STACK to track shadow stack VMAs.
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
To prepare the introduction of _PAGE_COW, move pmd_write() and
pud_write() up in the file, so that they can be used by other
helpers below.
Signed-off-by: Yu-cheng Yu
Reviewed-by: Kirill A. Shutemov
---
arch/x86/include/asm/pgtable.h | 24
1 file changed, 12
There is essentially no room left in the x86 hardware PTEs on some OSes
(not Linux). That left the hardware architects looking for a way to
represent a new memory type (shadow stack) within the existing bits.
They chose to repurpose a lightly-used state: Write=0, Dirty=1.
The reason it's lightly
The x86 family of processors do not directly create read-only and Dirty
PTEs. These PTEs are created by software. One such case is that kernel
read-only pages are historically setup as Dirty.
New processors that support Shadow Stack regard read-only and Dirty PTEs as
shadow stack pages. This
Control-flow Enforcement Technology (CET) introduces these MSRs:
MSR_IA32_U_CET (user-mode CET settings),
MSR_IA32_PL3_SSP (user-mode shadow stack pointer),
MSR_IA32_PL0_SSP (kernel-mode shadow stack pointer),
MSR_IA32_PL1_SSP (Privilege Level 1 shadow stack pointer),
Shadow stack accesses are those that are performed by the CPU where it
expects to encounter a shadow stack mapping. These accesses are performed
implicitly by CALL/RET at the site of the shadow stack pointer. These
accesses are made explicitly by shadow stack management instructions like
WRUSSQ.
A control-protection fault is triggered when a control-flow transfer
attempt violates Shadow Stack or Indirect Branch Tracking constraints.
For example, the return address for a RET instruction differs from the copy
on the shadow stack; or an indirect JMP instruction, without the NOTRACK
prefix,
Add CPU feature flags for Control-flow Enforcement Technology (CET).
CPUID.(EAX=7,ECX=0):ECX[bit 7] Shadow stack
CPUID.(EAX=7,ECX=0):EDX[bit 20] Indirect Branch Tracking
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Update for splitting CONFIG_X86_CET to CONFIG_X86_SHADOW_STACK and
Shadow Stack provides protection against function return address
corruption. It is active when the processor supports it, the kernel has
CONFIG_X86_SHADOW_STACK enabled, and the application is built for the
feature. This is only implemented for the 64-bit kernel. When it is
enabled, legacy
Introduce a software-defined X86_FEATURE_CET, which indicates either Shadow
Stack or Indirect Branch Tracking (or both) is present. Also introduce
related cpu init/setup functions.
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Update #ifdef placement to reflect Kconfig changes of
Explain no_user_shstk/no_user_ibt kernel parameters, and introduce a new
document on Control-flow Enforcement Technology (CET).
Signed-off-by: Yu-cheng Yu
Cc: Kees Cook
---
v24:
- Update for Kconfig changes from X86_CET to X86_SHADOW_STACK, X86_IBT.
- Update for the change of VM_SHSTK to
Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].
CET can protect applications and the kernel. This series enables only
application-level
Hi Greg,
On 01/04/2021 21:28, Greg KH wrote:
> On Thu, Apr 01, 2021 at 08:36:49PM +0200, Daniel Lezcano wrote:
>> A SoC can be differently structured depending on the platform and the
>> kernel can not be aware of all the combinations, as well as the
>> specific tweaks for a particular board.
On 4/1/21 4:29 AM, syzbot wrote:
Hello,
syzbot found the following issue on:
HEAD commit:36e79851 libbpf: Preserve empty DATASEC BTFs during static..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1569bb06d0
kernel config:
On 4/1/21 3:56 PM, Greg KH wrote:
On Thu, Apr 01, 2021 at 01:43:53PM -0500, Pierre-Louis Bossart wrote:
My bigger issue with this is that this macro is crazy. Why do you need
debugging here at all for this type of thing? That's what ftrace is
for, do not sprinkle code with "we got this
On 3/25/21 3:38 AM, Mauro Carvalho Chehab wrote:
Change the text in order to generate cross-references for
alloc_pages_success and alloc_pages_fail symbols.
Signed-off-by: Mauro Carvalho Chehab
---
Documentation/ABI/testing/sysfs-kernel-mm-cma | 8 +++-
1 file changed, 3 insertions(+),
On Thu, Apr 01, 2021 at 10:59:36PM +0200, Uwe Kleine-König wrote:
> On Wed, Mar 31, 2021 at 03:55:49PM +0200, Clemens Gruber wrote:
> > On Wed, Mar 31, 2021 at 02:26:14PM +0200, Clemens Gruber wrote:
> > > On Mon, Mar 29, 2021 at 08:02:06PM +0200, Uwe Kleine-König wrote:
> > > > On Mon, Mar 29,
On Thu, Apr 01, 2021 at 05:32:36PM +0300, Dan Carpenter wrote:
> On Thu, Apr 01, 2021 at 03:55:37PM +0200, Fabio Aiuto wrote:
> >
> > Hi Dan,
> >
> > I have the following:
> >
> > if (rtw_createbss_cmd(adapter) != _SUCCESS)
> > - RT_TRACE(_module_rtl871x_mlme_c_, _drv_err_,
On Thu, 1 Apr 2021 10:12:27 -0300
Jason Gunthorpe wrote:
> On Mon, Mar 29, 2021 at 05:10:53PM -0600, Alex Williamson wrote:
> > On Tue, 23 Mar 2021 16:32:13 -0300
> > Jason Gunthorpe wrote:
> >
> > > On Mon, Mar 22, 2021 at 10:40:16AM -0600, Alex Williamson wrote:
> > >
> > > > Of course
201 - 300 of 1549 matches
Mail list logo
