as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 215
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/pmalloc.txt | 104 +
1 file changed, 104 insertions(+)
create mode 100644 Documentation/core-api/pmalloc.txt
diff --git a/Documentation/core
Add basic self-test functionality for pmalloc.
Signed-off-by: Igor Stoppa
---
mm/Kconfig| 7 ++
mm/Makefile | 1 +
mm/pmalloc-selftest.c | 65 +++
mm/pmalloc-selftest.h | 30
mm/pmalloc.c
On 24/01/18 21:14, Ralph Campbell wrote:
> 2 Minor typos inline below:
thanks for proof-reading, will fix accordingly.
--
igor
On 26/01/18 18:36, Boris Lukashev wrote:
> I like the idea of making the verification call optional for consumers
> allowing for fast/slow+hard paths depending on their needs.
> Cant see any additional vectors for abuse (other than the original
> ones effecting out-of-band modification) introduced
.
An example is provided, in the form of self-testing.
Changes since the v11 version:
[http://www.openwall.com/lists/kernel-hardening/2018/01/24/4]
- restricted access to sysfs entries created (444 -> 400)
- more explicit reference to documentation
- couple of typos
Igor Stoppa (6):
genal
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 2 +-
lib/gen
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 30 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 216
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/pmalloc.txt | 104 +
1 file changed, 104 insertions(+)
create mode 100644 Documentation/core-api/pmalloc.txt
diff --git a/Documentation/core
Add basic self-test functionality for pmalloc.
Signed-off-by: Igor Stoppa
---
lib/genalloc.c| 2 +-
mm/Kconfig| 7 ++
mm/Makefile | 1 +
mm/pmalloc-selftest.c | 65 +++
mm/pmalloc-selftest.h | 30
On 01/02/18 02:00, Christopher Lameter wrote:
> On Tue, 30 Jan 2018, Igor Stoppa wrote:
>
>> @@ -1769,6 +1774,9 @@ void *__vmalloc_node_range(unsigned long size,
>> unsigned long align,
>>
>> kmemleak_vmalloc(area, size, gfp_mask);
>>
>> +
On 05/02/18 17:40, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>>> We could even do this in a more thorough way. Can we use a ring 1 / 2
>>> distinction to create a hardened OS core that policies the rest of
>>> the ever expa
On 05/02/18 17:33, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>> - the property of the compound page will affect the property of all the
>> pages in the compound, so when one is write protected, it can generate a
>> lot of wasted memory, if
On 06/02/18 14:37, Matthew Wilcox wrote:
[...]
> LOCAL variable names should be short, and to the point.
[...]
> (Documentation/process/coding-style.rst)
ok, will do, thanks for the pointer!
--
igor
On 05/02/18 05:45, Matthew Wilcox wrote:
> On Sun, Feb 04, 2018 at 02:34:08PM -0800, Randy Dunlap wrote:
>>> +/**
>>> + * cleart_bits_ll - according to the mask, clears the bits specified by
>>
>> clear_bits_ll
>
> 'make W=1' should catch this ... yes?
>
> (hint: building with 'make C=1
On 05/02/18 02:14, Randy Dunlap wrote:
> On 02/04/2018 03:03 PM, Matthew Wilcox wrote:
>> On Sun, Feb 04, 2018 at 02:19:22PM -0800, Randy Dunlap wrote:
+#ifndef __GENALLOC_SELFTEST_H__
+#define __GENALLOC_SELFTEST_H__
>>>
>>> Please use _LINUX_GENALLOC_SELFTEST_H_
>>
>>
On 05/02/18 00:34, Randy Dunlap wrote:
> On 02/04/2018 08:47 AM, Igor Stoppa wrote:
[...]
> It would be good for a lot of this to be in a source file or the
> pmalloc.rst documentation file instead of living only in the git repository.
This is actually about genalloc. The
On 04/02/18 23:37, Randy Dunlap wrote:
[...]
>> +reason, could neither be declared as constant, nor it could take advantage
>
> nor could it
ok
[...]
>> +Ex: A policy that is loaded from userspace.
>
> Either
>Example:
> or
>E.g.:
>
On 05/02/18 00:19, Randy Dunlap wrote:
> On 02/04/2018 08:47 AM, Igor Stoppa wrote:
[...]
> Please use kernel multi-line comment style.
ok for all of them
[...]
>> +BUG_ON(!locations[action->location]);
>> +print_first_chunk_bitmap(pool);
>> +BUG_ON(c
On 05/02/18 00:06, Randy Dunlap wrote:
> On 02/04/2018 08:47 AM, Igor Stoppa wrote:
[...]
>> + * pmalloc_create_pool - create a new protectable memory pool -
>
> Drop trailing " -".
yes
>> + * @name: the name of the pool, must be unique
>
> Is that
if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Igor-Stoppa/mm-security-ro-protection-for-dynamic-data/20180207-171252
> base: https://git.kernel.org/pub/scm/linux/kernel/git/kee
On 07/02/18 22:25, kbuild test robot wrote:
[...]
>>> lib/genalloc-selftest.c:17:10: fatal error: asm/set_memory.h: No such file
>>> or directory
> #include
This header is unnecessary and will be removed.
--
igor
ry include that was causing compilation failures
- changed license of pmalloc documentation from GPL 2.0 to CC-BY-SA-4.0
Igor Stoppa (6):
genalloc: track beginning of allocations
genalloc: selftest
struct page: add field for vm_struct
Protectable Memory
Pmalloc: self-test
Documentation f
for a sufficiently long
sequence of zeros, to identify zones available for allocation.
This patch doubles the space reserved in the bitmap for each allocation,
to track their beginning.
For details, see the documentation inside lib/genalloc.c
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 26 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
Add basic self-test functionality for pmalloc.
Signed-off-by: Igor Stoppa
---
mm/Kconfig| 9
mm/Makefile | 1 +
mm/pmalloc-selftest.c | 63 +++
mm/pmalloc-selftest.h | 24
mm/pmalloc.c
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 222 +
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 114 +
2 files changed, 115 insertions(+)
create mode 100644 Documentation/core-api
Hi,
thanks for the review. My reply below.
On 24/01/18 21:10, Jann Horn wrote:
> I'm not entirely convinced by the approach of marking small parts of
> kernel memory as readonly for hardening.
Because of the physmap you mention later?
Regarding small parts vs big parts (what is big enough?) I
On 26/01/18 07:35, Matthew Wilcox wrote:
> On Wed, Jan 24, 2018 at 08:10:53PM +0100, Jann Horn wrote:
>> I'm not entirely convinced by the approach of marking small parts of
>> kernel memory as readonly for hardening.
>
> It depends how significant the data stored in there are. For example,
>
On 25/01/18 17:38, Jerome Glisse wrote:
> On Thu, Jan 25, 2018 at 10:14:28AM -0500, Boris Lukashev wrote:
>> On Thu, Jan 25, 2018 at 6:59 AM, Igor Stoppa wrote:
>
> [...]
>
>> DMA/physmap access coupled with a knowledge of which virtual mappings
>> are in the p
On 24/01/18 19:56, Igor Stoppa wrote:
[...]
> +bool pmalloc_prealloc(struct gen_pool *pool, size_t size)
> +{
[...]
> +abort:
> + vfree(chunk);
this should be vfree_atomic()
[...]
> +void *pmalloc(struct gen_pool *pool, size_t size, gfp_t gfp)
> +{
[...]
> +free
.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
CC: linux-integr...@vger.kernel.org
CC: kernel-harden...@lists.openwall.com
CC: linux
.
This is accomplished by providing arch-specific version of the function
__init_wr_base()
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
CC: linux
ges, since the granularity
available for write protection is of one memory page.
The functionality is automatically activated by any architecture that sets
CONFIG_ARCH_HAS_PRMEM
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: D
s the entire
available address range from user space (128TB - 64TB)
* convert BUG() to WARN()
* turn verification of written data into debugging option
* wr_rcu_assign_pointer() as special case of wr_assign()
* example with protection of ima_policy_flags
* documentation
Igor Stoppa (11):
__w
Set ARCH_HAS_PRMEM to Y for arm64
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
CC: linux-integr...@vger.kernel.org
CC: kernel-harden
Update the self-protection documentation, to mention also the use of the
__wr_after_init attribute.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed
Verify that trying to modify a variable with the __wr_after_init
attribute will cause a crash.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
CC
.
__wr_after_init can still provide some protection, at least against
simple memory overwrite attacks
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
Refactor the test cases, in preparation for using them also for testing
__wr_after_init memory, when available.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC
Set of test cases meant to confirm that the write rare functionality
works as expected.
It can be optionally compiled as module.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago
The write protection of the __wr_after_init data can be verified with the
same methodology used for const data.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC
Set ARCH_HAS_PRMEM to Y for x86_64
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: Thiago Jung Bauermann
CC: Ahmed Soliman
CC: linux-integr...@vger.kernel.org
CC: kernel-harden
On 14/02/2019 13:28, Peter Zijlstra wrote:
On Thu, Feb 14, 2019 at 12:41:32AM +0200, Igor Stoppa wrote:
[...]
+#define wr_rcu_assign_pointer(p, v) ({ \
+ smp_mb(); \
+ wr_assign(p, v);\
+ p
Hi,
On 13/11/2018 20:36, Andy Lutomirski wrote:
On Tue, Nov 13, 2018 at 10:33 AM Igor Stoppa wrote:
I forgot one sentence :-(
On 13/11/2018 20:31, Igor Stoppa wrote:
On 13/11/2018 19:47, Andy Lutomirski wrote:
For general rare-writish stuff, I don't think we want IRQs running
with them
On 13/11/2018 19:16, Andy Lutomirski wrote:
> On Tue, Nov 13, 2018 at 6:25 AM Igor Stoppa wrote:
[...]
>> How about having one mm_struct for each writer (core or thread)?
>>
>
> I don't think that helps anything. I think the mm_struct used for
> prmem (or rare_wr
On 25/10/2018 01:24, Dave Hansen wrote:
+static __always_inline bool __is_wr_after_init(const void *ptr, size_t size)
+{
+ size_t start = (size_t)&__start_wr_after_init;
+ size_t end = (size_t)&__end_wr_after_init;
+ size_t low = (size_t)ptr;
+ size_t high = (size_t)ptr +
On 25/10/2018 01:26, Dave Hansen wrote:
On 10/23/18 2:34 PM, Igor Stoppa wrote:
+#define VM_PMALLOC 0x0100 /* pmalloc area - see docs */
+#define VM_PMALLOC_WR 0x0200 /* pmalloc write rare area */
+#define VM_PMALLOC_PROTECTED 0x0400
On 25/10/2018 01:28, Dave Hansen wrote:
On 10/23/18 2:34 PM, Igor Stoppa wrote:
Wrappers around the basic write rare functionality, addressing several
common data types found in the kernel, allowing to specify the new
values through immediates, like constants and defines.
I have to wonder
On 25/10/2018 17:43, Dave Hansen wrote:
+static bool is_address_protected(void *p)
+{
+ struct page *page;
+ struct vmap_area *area;
+
+ if (unlikely(!is_vmalloc_addr(p)))
+ return false;
+ page = vmalloc_to_page(p);
+ if (unlikely(!page))
+
On 25/10/2018 03:13, Matthew Wilcox wrote:
On Thu, Oct 25, 2018 at 02:01:02AM +0300, Igor Stoppa wrote:
@@ -1747,6 +1750,10 @@ void *__vmalloc_node_range(unsigned long size, unsigned
long align,
if (!addr)
return NULL;
+ va = __find_vmap_area((unsigned long)addr
On 29/10/2018 11:45, Chris von Recklinghausen wrote:
[...]
Could you add code somewhere (lkdtm driver if possible) to demonstrate
the issue and verify the code change?
Sure.
Eventually, I'd like to add test cases for each functionality.
I didn't do it right away for those parts which are
On 24/10/2018 14:43, Alexey Dobriyan wrote:
On Wed, Oct 24, 2018 at 12:35:00AM +0300, Igor Stoppa wrote:
Some of the data structures used in list management are composed by two
pointers. Since the kernel is now configured by default to randomize the
layout of data structures soleley composed
On 28/10/2018 09:52, Steven Rostedt wrote:
If a change log depends on other commits for context, it is
insufficient.
ok, I will adjust the change logs accordingly
--
thanks, igor
On 26/10/2018 10:41, Peter Zijlstra wrote:
On Wed, Oct 24, 2018 at 12:34:49AM +0300, Igor Stoppa wrote:
+static __always_inline
That's far too large for inline.
The reason for it is that it's supposed to minimize the presence of
gadgets that might be used in JOP attacks.
I am ready
On 25/10/2018 01:13, Peter Zijlstra wrote:
On Wed, Oct 24, 2018 at 12:35:03AM +0300, Igor Stoppa wrote:
+static __always_inline
+bool __pratomic_long_op(bool inc, struct pratomic_long_t *l)
+{
+ struct page *page;
+ uintptr_t base;
+ uintptr_t offset;
+ unsigned long
Hi,
I'm getting the following build error:
/home/igor/dev/kernel/linux/drivers/cpufreq/intel_pstate.c: In function
‘show_base_frequency’:
/home/igor/dev/kernel/linux/drivers/cpufreq/intel_pstate.c:726:10:
error: implicit declaration of function
‘intel_pstate_get_cppc_guranteed’; did you mean
On 30/10/2018 23:02, Andy Lutomirski wrote:
On Oct 30, 2018, at 1:43 PM, Igor Stoppa wrote:
There is no need to process each of these tens of thousands allocations and
initialization as write-rare.
Would it be possible to do the same here?
I don’t see why not, although getting
pl sources, to figure out the actual
test.
Signed-off-by: Igor Stoppa
CC: Andy Whitcroft
CC: Joe Perches
CC: linux-kernel@vger.kernel.org
---
scripts/checkpatch.pl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index c883ec55654f..e2
On 19/12/2018 14:29, Joe Perches wrote:
On Wed, 2018-12-19 at 11:59 +, Andy Whitcroft wrote:
On Wed, Dec 19, 2018 at 02:44:36AM -0800, Joe Perches wrote:
To cover both cases perhaps:
"please ensure that this config symbols is described fully (less than
pl sources, to figure out the actual
test.
Signed-off-by: Igor Stoppa
CC: Andy Whitcroft
CC: Joe Perches
CC: linux-kernel@vger.kernel.org
---
scripts/checkpatch.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index c883ec55654f..33
Create x86_64 specific version of memset for user space, based on
clear_user().
This will be used for implementing wr_memset() in the __wr_after_init
scenario, where write-rare variables have an alternate mapping for
writing.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC
o activate both section and label, the arch must set CONFIG_ARCH_HAS_PRMEM
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
CC: kernel-harden...@lists.openw
nel@vger.kernel.org
Igor Stoppa (12):
[PATCH 01/12] x86_64: memset_user()
[PATCH 02/12] __wr_after_init: linker section and label
[PATCH 03/12] __wr_after_init: generic header
[PATCH 04/12] __wr_after_init: x86_64: __wr_op
[PATCH 05/12] __wr_after_init: x86_64: de
To avoid code duplication, re-use __memset_user(), when clearing
user-space memory.
The overhead should be minimal (2 extra register assignments) and
outside of the writing loop.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees
Update the self-protection documentation, to mention also the use of the
__wr_after_init attribute.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
CC
Set of test cases meant to confirm that the write rare functionality
works as expected.
It can be optionally compiled as module.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux
.
__wr_after_init can still provide some protection, at least against
simple memory overwrite attacks
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
CC: kernel
The write protection of the __wr_after_init data can be verified with the
same methodology used for const data.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr
After each write operation, confirm that it was successful, otherwise
generate a warning.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
CC: kernel-harden
counterpart of memcpy()
- wr_assign(): write rare counterpart of the assignment ('=') operator
- wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer()
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave
, in a preemptible
system, however the amount of data to be altered is likely to be far
smaller than a page.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
Refactor the test cases, in preparation for using them also for testing
__wr_after_init memory, when available.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr
Verify that trying to modify a variable with the __wr_after_init
attribute will cause a crash.
Signed-off-by: Igor Stoppa
CC: Andy Lutomirski
CC: Nadav Amit
CC: Matthew Wilcox
CC: Peter Zijlstra
CC: Kees Cook
CC: Dave Hansen
CC: Mimi Zohar
CC: linux-integr...@vger.kernel.org
CC: kernel
On 12/12/2018 11:49, Martin Schwidefsky wrote:
On Wed, 5 Dec 2018 15:13:56 -0800
Andy Lutomirski wrote:
Hi s390 and powerpc people: it would be nice if this generic
implementation *worked* on your architectures and that it will allow
you to add some straightforward way to add a better
pl sources, to figure out the actual
test.
Signed-off-by: Igor Stoppa
CC: Andy Whitcroft
CC: Joe Perches
CC: Andi Kleen
CC: linux-kernel@vger.kernel.org
---
scripts/checkpatch.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index c8
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Inaky Perez-Gonzalez
---
drivers/net/wimax/i2400m/tx.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/wimax/i2400m/tx.c b/drivers/net/wimax
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Mike Snitzer
Cc: Alasdair Kergon
---
drivers/md/dm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 20f7e4ef5342
WARN_ON() already contains an unlikely(), so it's not necessary to wrap it
into another.
Signed-off-by: Igor Stoppa
Cc: Kees Cook
---
kernel/seccomp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index fd023ac24e10..5a2a9af4663e
The condition to test is unlikely() to be true. Add the hint.
Signed-off-by: Igor Stoppa
Cc: "Michael S. Tsirkin"
---
tools/virtio/linux/kernel.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virtio/linux/kernel.h b/tools/virtio/linux/kernel.h
index fb
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Larry Finger
Cc: Kalle Valo
---
drivers/net/wireless/broadcom/b43/dma.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/dma.c | 2 +-
2 files changed, 2 insertions
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Aaro Koskinen
Cc: Greg Kroah-Hartman
---
drivers/staging/octeon-usb/octeon-hcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/octeon
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: zijun_hu
Cc: Tejun Heo
Cc: Christoph Lameter
Cc: Dennis Zhou
---
mm/percpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/percpu.c b/mm/percpu.c
Typically the assert is expected to not fail.
Signed-off-by: Igor Stoppa
Cc: Chien Tung
Cc: Roland Dreier
Cc: Faisal Latif
Cc: Doug Ledford
Cc: Jason Gunthorpe
---
drivers/infiniband/hw/nes/nes.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/nes
Add a hint to the compiler that probably it won't be necessary to BUG()
Signed-off-by: Igor Stoppa
Cc: David Daney
Cc: Ralf Baechle
Cc: Paul Burton
Cc: James Hogan
---
arch/mips/include/asm/bug.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/bug.h
The assert() condition is likely to be true.
Signed-off-by: Igor Stoppa
Cc: huangdaode
Cc: Yisen Zhuang
Cc: Salil Mehta
---
drivers/net/ethernet/hisilicon/hns/hnae.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hnae.h
b/drivers/net
WARN_ON_ONCE() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Kalle Valo
Cc: Michal Kazior
---
drivers/net/wireless/ath/ath10k/htt_rx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless
WARN_ON() already contains an unlikely(), so it's not necessary to wrap it
into another.
Signed-off-by: Igor Stoppa
Cc: Rob Clark
Cc: David Airlie
Cc: Archit Taneja
Cc: Stephane Viau
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_ctl.c | 4 ++--
drivers/gpu/drm/msm/disp/mdp_format.c| 2 +-
2
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Andrew Jeffery
Cc: Linus Walleij
---
drivers/pinctrl/aspeed/pinctrl-aspeed.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/aspeed
WARN_ON_ONCE() already contains an unlikely(), and the logical or of two of
them is still unlikely(), so it's not necessary to wrap them into another.
Signed-off-by: Igor Stoppa
Cc: Christian Lamparter
Cc: Kalle Valo
---
drivers/net/wireless/ath/carl9170/tx.c | 4 ++--
1 file changed, 2
Add a hint to the compiler.
If BUG_ON() is used instead of BUG(), it means that probably the
preferred outcome is to not BUG().
Signed-off-by: Igor Stoppa
Cc: Arnd Bergmann
---
include/asm-generic/bug.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/asm-generic
BUG_ON() is unlikely() to BUG()
Signed-off-by: Igor Stoppa
Cc: Dmitry Safonov
Cc: Shuah Khan
---
tools/testing/selftests/vm/map_populate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/vm/map_populate.c
b/tools/testing/selftests/vm/map_populate.c
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Alexander Viro
---
fs/open.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/open.c b/fs/open.c
index 0285ce7dbd51..19a9e4b378d3 100644
--- a/fs/open.c
Both WARN_ON() and WARN_ONCE() already contain an unlikely(), so it's not
necessary to wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Madalin Bucur
---
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/net
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Bart Van Assche
---
drivers/infiniband/ulp/srpt/ib_srpt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c
b/drivers
WARN_ON() already contains an unlikely(), so it's not necessary to
wrap it into another.
Signed-off-by: Igor Stoppa
Cc: Arseny Solokha
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Michael Ellerman
---
arch/powerpc/mm/tlb_nohash.c | 2 +-
arch/powerpc/sysdev/xive/common.c | 2 +-
2
601 - 700 of 850 matches
Mail list logo
