Re: [PATCH v5 2/2] extable: verify address is read-only
On 04/07/17, kbuild test robot wrote:
> Hi Eddie,
>
> [auto build test ERROR on next-20170330]
> [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> v4.9-rc7 v4.9-rc6 v4.11-rc5]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170407-004322
> config: i386-randconfig-x010-201714 (attached as .config)
> compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
> reproduce:
> # save the attached .config to linux build tree
> make ARCH=i386
>
> All errors (new ones prefixed by >>):
>
>kernel/extable.c: In function 'core_kernel_rodata':
> >> kernel/extable.c:169:29: error: '__start_ro_after_init' undeclared (first
> >> use in this function)
> if (addr >= (unsigned long)__start_ro_after_init &&
> ^
>kernel/extable.c:169:29: note: each undeclared identifier is reported only
> once for each function it appears in
> >> kernel/extable.c:170:28: error: '__end_ro_after_init' undeclared (first
> >> use in this function)
> addr < (unsigned long)__end_ro_after_init)
>^~~
>
> vim +/__start_ro_after_init +169 kernel/extable.c
>
>163int core_kernel_rodata(unsigned long addr)
>164{
>165if (addr >= (unsigned long)__start_rodata &&
>166addr < (unsigned long)__end_rodata)
>167return 1;
>168
> > 169if (addr >= (unsigned long)__start_ro_after_init &&
> > 170addr < (unsigned long)__end_ro_after_init)
>171return 1;
>172
>173return 0;
>
> ---
> 0-DAY kernel test infrastructureOpen Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
This looks like a false alarm.
The test build is based on next-20170330. Kees' patch for the section
names [start|end]_ro_after_init didn't appear in next until 20170403.
I cannot reproduce the build error using this config on recent versions
of next. Am I missing something here?
Eddie
Re: [PATCH v5 2/2] extable: verify address is read-only
On 04/07/17, kbuild test robot wrote:
> Hi Eddie,
>
> [auto build test ERROR on next-20170330]
> [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> v4.9-rc7 v4.9-rc6 v4.11-rc5]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170407-004322
> config: i386-randconfig-x010-201714 (attached as .config)
> compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
> reproduce:
> # save the attached .config to linux build tree
> make ARCH=i386
>
> All errors (new ones prefixed by >>):
>
>kernel/extable.c: In function 'core_kernel_rodata':
> >> kernel/extable.c:169:29: error: '__start_ro_after_init' undeclared (first
> >> use in this function)
> if (addr >= (unsigned long)__start_ro_after_init &&
> ^
>kernel/extable.c:169:29: note: each undeclared identifier is reported only
> once for each function it appears in
> >> kernel/extable.c:170:28: error: '__end_ro_after_init' undeclared (first
> >> use in this function)
> addr < (unsigned long)__end_ro_after_init)
>^~~
>
> vim +/__start_ro_after_init +169 kernel/extable.c
>
>163int core_kernel_rodata(unsigned long addr)
>164{
>165if (addr >= (unsigned long)__start_rodata &&
>166addr < (unsigned long)__end_rodata)
>167return 1;
>168
> > 169if (addr >= (unsigned long)__start_ro_after_init &&
> > 170addr < (unsigned long)__end_ro_after_init)
>171return 1;
>172
>173return 0;
>
> ---
> 0-DAY kernel test infrastructureOpen Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
This looks like a false alarm.
The test build is based on next-20170330. Kees' patch for the section
names [start|end]_ro_after_init didn't appear in next until 20170403.
I cannot reproduce the build error using this config on recent versions
of next. Am I missing something here?
Eddie
[PATCH v5 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the existing functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to verify that the
module address is in a read-only section. The idea is to prevent structures
(including modules) that are not read-only from being passed to functions.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v4:
- Rename function __module_ro_address() to __module_rodata_address()
- Move module_rodata_address() stub below is_module_address()
- Minor comment fixes
- Verify that mod is not NULL before setting up layout variables
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
---
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..a3d17b081de3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_rodata_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_rodata_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
@@ -656,6 +663,11 @@ static inline bool is_module_address(unsigned long addr)
return false;
}
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline bool is_module_percpu_address(unsigned long addr)
{
return false;
diff --git a/kernel/module.c b/kernel/module.c
index f953df992a11..d5753210cf34 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4296,6 +4296,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module data?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_rodata_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_rodata_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_rodata_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_rodata_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.2
[PATCH v5 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
The idea is to prevent structures that are not read-only from being
passed to functions. Other functions inside the kernel could then use
this capability to verify that their arguments are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v5:
- Replace __start_data_ro_after_init with __start_ro_after_init
- Replace __end_data_ro_after_init with __end_ro_after_init
Changes in v4:
- Rename function core_kernel_ro_data() to core_kernel_rodata().
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..5748784ca209 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_rodata(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..18c5e4dbe0fc 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_rodata - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_rodata(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_ro_after_init &&
+ addr < (unsigned long)__end_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_rodata(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.2
[PATCH v5 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
The idea is to prevent structures that are not read-only from being
passed to functions. Other functions inside the kernel could then use
this capability to verify that their arguments are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook
Signed-off-by: Eddie Kovsky
---
Changes in v5:
- Replace __start_data_ro_after_init with __start_ro_after_init
- Replace __end_data_ro_after_init with __end_ro_after_init
Changes in v4:
- Rename function core_kernel_ro_data() to core_kernel_rodata().
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..5748784ca209 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_rodata(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..18c5e4dbe0fc 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_rodata - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_rodata(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_ro_after_init &&
+ addr < (unsigned long)__end_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_rodata(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.2
[PATCH v5 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the existing functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to verify that the
module address is in a read-only section. The idea is to prevent structures
(including modules) that are not read-only from being passed to functions.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook
Signed-off-by: Eddie Kovsky
---
Changes in v4:
- Rename function __module_ro_address() to __module_rodata_address()
- Move module_rodata_address() stub below is_module_address()
- Minor comment fixes
- Verify that mod is not NULL before setting up layout variables
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
---
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..a3d17b081de3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_rodata_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_rodata_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
@@ -656,6 +663,11 @@ static inline bool is_module_address(unsigned long addr)
return false;
}
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline bool is_module_percpu_address(unsigned long addr)
{
return false;
diff --git a/kernel/module.c b/kernel/module.c
index f953df992a11..d5753210cf34 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4296,6 +4296,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module data?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_rodata_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_rodata_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_rodata_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_rodata_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.2
[PATCH v5 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments
are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
http://www.openwall.com/lists/kernel-hardening/2017/02/04/1
The idea is to prevent structures (including modules) that are not
read-only from being passed to functions. It builds upon the functions
in kernel/extable.c that test if an address is in the text section.
A build failure on the Blackfin architecture led to the discovery of
an incomplete definition of the RO_DATA macro used in this series. The
fixes are in linux-next:
commit 906f2a51c941 ("mm: fix section name for .data..ro_after_init")
commit 939897e2d736 ("vmlinux.lds: add missing VMLINUX_SYMBOL macros")
The latest version of this series uses new symbols provided in these
fixes. The series now cross compiles on Blackfin without errors. I have
also test compiled this series on next-20170405 for x86.
I have dropped the third patch that uses these features to check the
arguments to vmbus_register() because the maintainers have not been
receptive to using it. My goal right now is to get the API right.
Eddie Kovsky (2):
module: verify address is read-only
extable: verify address is read-only
include/linux/kernel.h | 2 ++
include/linux/module.h | 12
kernel/extable.c | 29 +++
kernel/module.c| 53 ++
4 files changed, 96 insertions(+)
--
2.12.2
[PATCH v5 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments
are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
http://www.openwall.com/lists/kernel-hardening/2017/02/04/1
The idea is to prevent structures (including modules) that are not
read-only from being passed to functions. It builds upon the functions
in kernel/extable.c that test if an address is in the text section.
A build failure on the Blackfin architecture led to the discovery of
an incomplete definition of the RO_DATA macro used in this series. The
fixes are in linux-next:
commit 906f2a51c941 ("mm: fix section name for .data..ro_after_init")
commit 939897e2d736 ("vmlinux.lds: add missing VMLINUX_SYMBOL macros")
The latest version of this series uses new symbols provided in these
fixes. The series now cross compiles on Blackfin without errors. I have
also test compiled this series on next-20170405 for x86.
I have dropped the third patch that uses these features to check the
arguments to vmbus_register() because the maintainers have not been
receptive to using it. My goal right now is to get the API right.
Eddie Kovsky (2):
module: verify address is read-only
extable: verify address is read-only
include/linux/kernel.h | 2 ++
include/linux/module.h | 12
kernel/extable.c | 29 +++
kernel/module.c| 53 ++
4 files changed, 96 insertions(+)
--
2.12.2
Re: [PATCH v4 2/2] extable: verify address is read-only
On 03/30/17, Kees Cook wrote:
> On Wed, Mar 29, 2017 at 8:27 PM, Jessica Yu <j...@redhat.com> wrote:
> > +++ Eddie Kovsky [28/03/17 21:28 -0600]:
> >
> >> On 03/27/17, Kees Cook wrote:
> >>>
> >>> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot <l...@intel.com> wrote:
> >>> > Hi Eddie,
> >>> >
> >>> > [auto build test ERROR on next-20170323]
> >>> > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> >>> > v4.9-rc7 v4.9-rc6 v4.11-rc4]
> >>> > [if your patch is applied to the wrong git tree, please drop us a note
> >>> > to help improve the system]
> >>> >
> >>> > url:
> >>> > https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922
> >>> > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config)
> >>> > compiler: bfin-uclinux-gcc (GCC) 6.2.0
> >>> > reproduce:
> >>> > wget
> >>> > https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross
> >>> > -O
> >>> > ~/bin/make.cross
> >>> > chmod +x ~/bin/make.cross
> >>> > # save the attached .config to linux build tree
> >>> > make.cross ARCH=blackfin
> >>> >
> >>> > All errors (new ones prefixed by >>):
> >>> >
> >>> >kernel/built-in.o: In function `core_kernel_rodata':
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>>
> >>> Hm, I'm confused about this. blackfin includes
> >>> include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which
> >>> resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines
> >>> __[start|end]_data_ro_after_init.
> >>>
> >>> Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73
> >>> ("mm: kmemleak: scan .data.ro_after_init") added a potentially
> >>> redundant section name (s390 already calls this
> >>> __[start|end]_ro_after_init). I'd like to get this cleaned up, since
> >>> having multiple names for the same thing is confusing:
> >>>
> >>> diff --git a/arch/s390/kernel/vmlinux.lds.S
> >>> b/arch/s390/kernel/vmlinux.lds.S
> >>> index 000e6e91f6a0..3667d20e997f 100644
> >>> --- a/arch/s390/kernel/vmlinux.lds.S
> >>> +++ b/arch/s390/kernel/vmlinux.lds.S
> >>> @@ -62,9 +62,11 @@ SECTIONS
> >>>
> >>> . = ALIGN(PAGE_SIZE);
> >>> __start_ro_after_init = .;
> >>> + __start_data_ro_after_init = .;
> >>> .data..ro_after_init : {
> >>> *(.data..ro_after_init)
> >>> }
> >>> + __end_data_ro_after_init = .;
> >>> EXCEPTION_TABLE(16)
> >>> . = ALIGN(PAGE_SIZE);
> >>> __end_ro_after_init = .;
> >>>
> >>> And it seems that this hunk is wrong (__end_ro_after_init includes
> >>> s390's exception table, etc). I think we should remove the
> >>> ..._data_... name and use s390's name.
> >>>
> >>> I'll send an adjustment patch, but we'll still need to deal with
> >>> blackfin.
> >>>
> >>> -Kees
> >>>
> >>
> >> Kees
> >>
> >> I applied your patch (mm: fix section name for .data..ro_after_init) and
> >> changed the new function in extable.c to use __[start|
Re: [PATCH v4 2/2] extable: verify address is read-only
On 03/30/17, Kees Cook wrote:
> On Wed, Mar 29, 2017 at 8:27 PM, Jessica Yu wrote:
> > +++ Eddie Kovsky [28/03/17 21:28 -0600]:
> >
> >> On 03/27/17, Kees Cook wrote:
> >>>
> >>> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot wrote:
> >>> > Hi Eddie,
> >>> >
> >>> > [auto build test ERROR on next-20170323]
> >>> > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> >>> > v4.9-rc7 v4.9-rc6 v4.11-rc4]
> >>> > [if your patch is applied to the wrong git tree, please drop us a note
> >>> > to help improve the system]
> >>> >
> >>> > url:
> >>> > https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922
> >>> > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config)
> >>> > compiler: bfin-uclinux-gcc (GCC) 6.2.0
> >>> > reproduce:
> >>> > wget
> >>> > https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross
> >>> > -O
> >>> > ~/bin/make.cross
> >>> > chmod +x ~/bin/make.cross
> >>> > # save the attached .config to linux build tree
> >>> > make.cross ARCH=blackfin
> >>> >
> >>> > All errors (new ones prefixed by >>):
> >>> >
> >>> >kernel/built-in.o: In function `core_kernel_rodata':
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__start_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>> >>> kernel/extable.c:169: undefined reference to
> >>> >>> `__end_data_ro_after_init'
> >>>
> >>> Hm, I'm confused about this. blackfin includes
> >>> include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which
> >>> resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines
> >>> __[start|end]_data_ro_after_init.
> >>>
> >>> Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73
> >>> ("mm: kmemleak: scan .data.ro_after_init") added a potentially
> >>> redundant section name (s390 already calls this
> >>> __[start|end]_ro_after_init). I'd like to get this cleaned up, since
> >>> having multiple names for the same thing is confusing:
> >>>
> >>> diff --git a/arch/s390/kernel/vmlinux.lds.S
> >>> b/arch/s390/kernel/vmlinux.lds.S
> >>> index 000e6e91f6a0..3667d20e997f 100644
> >>> --- a/arch/s390/kernel/vmlinux.lds.S
> >>> +++ b/arch/s390/kernel/vmlinux.lds.S
> >>> @@ -62,9 +62,11 @@ SECTIONS
> >>>
> >>> . = ALIGN(PAGE_SIZE);
> >>> __start_ro_after_init = .;
> >>> + __start_data_ro_after_init = .;
> >>> .data..ro_after_init : {
> >>> *(.data..ro_after_init)
> >>> }
> >>> + __end_data_ro_after_init = .;
> >>> EXCEPTION_TABLE(16)
> >>> . = ALIGN(PAGE_SIZE);
> >>> __end_ro_after_init = .;
> >>>
> >>> And it seems that this hunk is wrong (__end_ro_after_init includes
> >>> s390's exception table, etc). I think we should remove the
> >>> ..._data_... name and use s390's name.
> >>>
> >>> I'll send an adjustment patch, but we'll still need to deal with
> >>> blackfin.
> >>>
> >>> -Kees
> >>>
> >>
> >> Kees
> >>
> >> I applied your patch (mm: fix section name for .data..ro_after_init) and
> >> changed the new function in extable.c to use __[start|end]_ro_afte
Re: [PATCH v4 2/2] extable: verify address is read-only
On 03/27/17, Kees Cook wrote:
> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot <l...@intel.com> wrote:
> > Hi Eddie,
> >
> > [auto build test ERROR on next-20170323]
> > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> > v4.9-rc7 v4.9-rc6 v4.11-rc4]
> > [if your patch is applied to the wrong git tree, please drop us a note to
> > help improve the system]
> >
> > url:
> > https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922
> > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config)
> > compiler: bfin-uclinux-gcc (GCC) 6.2.0
> > reproduce:
> > wget
> > https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O
> > ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # save the attached .config to linux build tree
> > make.cross ARCH=blackfin
> >
> > All errors (new ones prefixed by >>):
> >
> >kernel/built-in.o: In function `core_kernel_rodata':
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
>
> Hm, I'm confused about this. blackfin includes
> include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which
> resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines
> __[start|end]_data_ro_after_init.
>
> Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73
> ("mm: kmemleak: scan .data.ro_after_init") added a potentially
> redundant section name (s390 already calls this
> __[start|end]_ro_after_init). I'd like to get this cleaned up, since
> having multiple names for the same thing is confusing:
>
> diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
> index 000e6e91f6a0..3667d20e997f 100644
> --- a/arch/s390/kernel/vmlinux.lds.S
> +++ b/arch/s390/kernel/vmlinux.lds.S
> @@ -62,9 +62,11 @@ SECTIONS
>
> . = ALIGN(PAGE_SIZE);
> __start_ro_after_init = .;
> + __start_data_ro_after_init = .;
> .data..ro_after_init : {
> *(.data..ro_after_init)
> }
> + __end_data_ro_after_init = .;
> EXCEPTION_TABLE(16)
> . = ALIGN(PAGE_SIZE);
> __end_ro_after_init = .;
>
> And it seems that this hunk is wrong (__end_ro_after_init includes
> s390's exception table, etc). I think we should remove the
> ..._data_... name and use s390's name.
>
> I'll send an adjustment patch, but we'll still need to deal with blackfin.
>
> -Kees
>
Kees
I applied your patch (mm: fix section name for .data..ro_after_init) and
changed the new function in extable.c to use __[start|end]_ro_after_init
instead. The new version still builds without errors on x86, which isn't
surprising.
I've cross compiled this for blackfin and I'm able to reproduce the
build error. I'm still not sure why. As you pointed out, blackfin does
appear to use 'include/asm-generic/vmlinux.lds.h'.
Eddie
> >
> > vim +169 kernel/extable.c
> >
> >163 int core_kernel_rodata(unsigned long addr)
> >164 {
> >165 if (addr >= (unsigned long)__start_rodata &&
> >166 addr < (unsigned long)__end_rodata)
> >167 return 1;
> >168
> > > 169 if (addr >= (unsigned long)__start_data_ro_after_init &&
> >170 addr < (unsigned long)__end_data_ro_after_init)
> >171 return 1;
> >172
> >
> > ---
> > 0-DAY kernel test infrastructureOpen Source Technology
> > Center
> > https://lists.01.org/pipermail/kbuild-all Intel
> > Corporation
>
>
>
> --
> Kees Cook
> Pixel Security
Re: [PATCH v4 2/2] extable: verify address is read-only
On 03/27/17, Kees Cook wrote:
> On Mon, Mar 27, 2017 at 1:43 AM, kbuild test robot wrote:
> > Hi Eddie,
> >
> > [auto build test ERROR on next-20170323]
> > [cannot apply to linus/master linux/master jeyu/modules-next v4.9-rc8
> > v4.9-rc7 v4.9-rc6 v4.11-rc4]
> > [if your patch is applied to the wrong git tree, please drop us a note to
> > help improve the system]
> >
> > url:
> > https://github.com/0day-ci/linux/commits/Eddie-Kovsky/module-verify-address-is-read-only/20170327-142922
> > config: blackfin-BF561-EZKIT-SMP_defconfig (attached as .config)
> > compiler: bfin-uclinux-gcc (GCC) 6.2.0
> > reproduce:
> > wget
> > https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O
> > ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # save the attached .config to linux build tree
> > make.cross ARCH=blackfin
> >
> > All errors (new ones prefixed by >>):
> >
> >kernel/built-in.o: In function `core_kernel_rodata':
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__start_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
> >>> kernel/extable.c:169: undefined reference to `__end_data_ro_after_init'
>
> Hm, I'm confused about this. blackfin includes
> include/asm-generic-vmlinux.lds.h and uses the RO_DATA macro (which
> resolves to RO_DATA_SECTION to RO_AFTER_INIT_DATA which defines
> __[start|end]_data_ro_after_init.
>
> Also, it seems that commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73
> ("mm: kmemleak: scan .data.ro_after_init") added a potentially
> redundant section name (s390 already calls this
> __[start|end]_ro_after_init). I'd like to get this cleaned up, since
> having multiple names for the same thing is confusing:
>
> diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
> index 000e6e91f6a0..3667d20e997f 100644
> --- a/arch/s390/kernel/vmlinux.lds.S
> +++ b/arch/s390/kernel/vmlinux.lds.S
> @@ -62,9 +62,11 @@ SECTIONS
>
> . = ALIGN(PAGE_SIZE);
> __start_ro_after_init = .;
> + __start_data_ro_after_init = .;
> .data..ro_after_init : {
> *(.data..ro_after_init)
> }
> + __end_data_ro_after_init = .;
> EXCEPTION_TABLE(16)
> . = ALIGN(PAGE_SIZE);
> __end_ro_after_init = .;
>
> And it seems that this hunk is wrong (__end_ro_after_init includes
> s390's exception table, etc). I think we should remove the
> ..._data_... name and use s390's name.
>
> I'll send an adjustment patch, but we'll still need to deal with blackfin.
>
> -Kees
>
Kees
I applied your patch (mm: fix section name for .data..ro_after_init) and
changed the new function in extable.c to use __[start|end]_ro_after_init
instead. The new version still builds without errors on x86, which isn't
surprising.
I've cross compiled this for blackfin and I'm able to reproduce the
build error. I'm still not sure why. As you pointed out, blackfin does
appear to use 'include/asm-generic/vmlinux.lds.h'.
Eddie
> >
> > vim +169 kernel/extable.c
> >
> >163 int core_kernel_rodata(unsigned long addr)
> >164 {
> >165 if (addr >= (unsigned long)__start_rodata &&
> >166 addr < (unsigned long)__end_rodata)
> >167 return 1;
> >168
> > > 169 if (addr >= (unsigned long)__start_data_ro_after_init &&
> >170 addr < (unsigned long)__end_data_ro_after_init)
> >171 return 1;
> >172
> >
> > ---
> > 0-DAY kernel test infrastructureOpen Source Technology
> > Center
> > https://lists.01.org/pipermail/kbuild-all Intel
> > Corporation
>
>
>
> --
> Kees Cook
> Pixel Security
[PATCH v4 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments are read-only. This implements the first half of a suggestion made by Kees Cook for the Kernel Self Protection Project: - provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 The idea is to prevent structures (including modules) that are not read-only from being passed to functions. It builds upon the functions in kernel/extable.c that test if an address is in the text section. I have dropped the third patch that uses these features to check the arguments to vmbus_register() because the maintainers have not been receptive to using it. My goal right now is to get the API right. I have test compiled this series on next-20170324 for x86. Eddie Kovsky (2): module: verify address is read-only extable: verify address is read-only include/linux/kernel.h | 2 ++ include/linux/module.h | 12 kernel/extable.c | 29 +++ kernel/module.c| 53 ++ 4 files changed, 96 insertions(+) -- 2.12.1
[PATCH v4 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments are read-only. This implements the first half of a suggestion made by Kees Cook for the Kernel Self Protection Project: - provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 The idea is to prevent structures (including modules) that are not read-only from being passed to functions. It builds upon the functions in kernel/extable.c that test if an address is in the text section. I have dropped the third patch that uses these features to check the arguments to vmbus_register() because the maintainers have not been receptive to using it. My goal right now is to get the API right. I have test compiled this series on next-20170324 for x86. Eddie Kovsky (2): module: verify address is read-only extable: verify address is read-only include/linux/kernel.h | 2 ++ include/linux/module.h | 12 kernel/extable.c | 29 +++ kernel/module.c| 53 ++ 4 files changed, 96 insertions(+) -- 2.12.1
[PATCH v4 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the existing functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to verify that the
module address is in a read-only section. The idea is to prevent structures
(including modules) that are not read-only from being passed to functions.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v4:
- Rename function __module_ro_address() to __module_rodata_address()
- Move module_rodata_address() stub below is_module_address()
- Minor comment fixes
- Verify that mod is not NULL before setting up layout variables
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
---
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..a3d17b081de3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_rodata_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_rodata_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
@@ -656,6 +663,11 @@ static inline bool is_module_address(unsigned long addr)
return false;
}
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline bool is_module_percpu_address(unsigned long addr)
{
return false;
diff --git a/kernel/module.c b/kernel/module.c
index 8ffcd29a4245..26bd62c61d87 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module data?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_rodata_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_rodata_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_rodata_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_rodata_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.1
[PATCH v4 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
The idea is to prevent structures that are not read-only from being
passed to functions. Other functions inside the kernel could then use
this capability to verify that their arguments are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook <keesc...@chromium.org>
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v4:
- Rename function core_kernel_ro_data() to core_kernel_rodata().
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..5748784ca209 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_rodata(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..22562cfc6ac3 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_rodata - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_rodata(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_rodata(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.1
[PATCH v4 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the existing functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to verify that the
module address is in a read-only section. The idea is to prevent structures
(including modules) that are not read-only from being passed to functions.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook
Signed-off-by: Eddie Kovsky
---
Changes in v4:
- Rename function __module_ro_address() to __module_rodata_address()
- Move module_rodata_address() stub below is_module_address()
- Minor comment fixes
- Verify that mod is not NULL before setting up layout variables
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
---
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..a3d17b081de3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_rodata_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_rodata_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
@@ -656,6 +663,11 @@ static inline bool is_module_address(unsigned long addr)
return false;
}
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline bool is_module_percpu_address(unsigned long addr)
{
return false;
diff --git a/kernel/module.c b/kernel/module.c
index 8ffcd29a4245..26bd62c61d87 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module data?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_rodata_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_rodata_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_rodata_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_rodata_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.1
[PATCH v4 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
The idea is to prevent structures that are not read-only from being
passed to functions. Other functions inside the kernel could then use
this capability to verify that their arguments are read-only.
This implements the first half of a suggestion made by Kees Cook for
the Kernel Self Protection Project:
- provide mechanism to check for ro_after_init memory areas, and
reject structures not marked ro_after_init in vmbus_register()
Suggested-by: Kees Cook
Signed-off-by: Eddie Kovsky
---
Changes in v4:
- Rename function core_kernel_ro_data() to core_kernel_rodata().
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..5748784ca209 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_rodata(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..22562cfc6ac3 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_rodata - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_rodata(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_rodata(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.1
Re: [PATCH v3 1/2] module: verify address is read-only
On 03/24/17, Jessica Yu wrote:
> +++ Eddie Kovsky [22/03/17 20:55 -0600]:
> > Implement a mechanism to check if a module's address is in
> > the rodata or ro_after_init sections. It mimics the exsiting functions
> > that test if an address is inside a module's text section.
> >
> > Functions that take a module as an argument will be able to
>
> > verify that the module is in a read-only section.
>
> s/module/module address/?
>
Yes, that is more accurate.
> Also, there is some useful information in your cover letter on the
> context and motivation for adding to the api, it would be good to
> reproduce that info here so that we can have it officially in the
> changelog. (sentences "This implements a suggestion made by Kees..."
> and "The idea is to prevent structures..." would be nice to copy here)
>
Okay, that's easy to add.
Kees, would you like me to add your Suggested-by as well?
> > Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
> > ---
> > Changes in v3:
> > - Change function name is_module_ro_address() to
> > is_module_rodata_address().
> > - Improve comments on is_module_rodata_address().
> > - Add a !CONFIG_MODULES stub for is_module_rodata_address.
> > - Correct and simplify the check for the read-only memory regions in
> > the module address.
> >
> > include/linux/module.h | 12
> > kernel/module.c| 53
> > ++
> > 2 files changed, 65 insertions(+)
> >
> > diff --git a/include/linux/module.h b/include/linux/module.h
> > index 9ad68561d8c2..66b7fd321334 100644
> > --- a/include/linux/module.h
> > +++ b/include/linux/module.h
> > @@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
> >
> > struct module *__module_text_address(unsigned long addr);
> > struct module *__module_address(unsigned long addr);
> > +struct module *__module_ro_address(unsigned long addr);
>
> Can we rename __module_ro_address to __module_rodata_address (to match
> is_module_rodata_address())?
>
Sure, consistency is a good thing.
> > bool is_module_address(unsigned long addr);
> > +bool is_module_rodata_address(unsigned long addr);
> > bool __is_module_percpu_address(unsigned long addr, unsigned long
> > *can_addr);
> > bool is_module_percpu_address(unsigned long addr);
> > bool is_module_text_address(unsigned long addr);
> > @@ -646,6 +648,16 @@ static inline struct module *__module_address(unsigned
> > long addr)
> > return NULL;
> > }
> >
> > +static inline struct module *__module_ro_address(unsigned long addr)
> > +{
> > + return NULL;
> > +}
> > +
> > +static inline bool is_module_rodata_address(unsigned long addr)
> > +{
> > + return false;
> > +}
> > +
>
> Style nitpick: Can you move is_module_rodata_address() below
> is_module_address()?
> That way, the function stubs are grouped a bit more consistently.
>
I think I might have shuffled that on the last rebase.
> > static inline struct module *__module_text_address(unsigned long addr)
> > {
> > return NULL;
> > diff --git a/kernel/module.c b/kernel/module.c
> > index 8ffcd29a4245..99ada1257aaa 100644
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long
> > addr)
> > }
> > EXPORT_SYMBOL_GPL(__module_text_address);
> >
> > +/**
> > + * is_module_rodata_address - is this address inside read-only module code?
>
> s/code/data/
>
Yes.
> > + * @addr: the address to check.
> > + *
> > + */
> > +bool is_module_rodata_address(unsigned long addr)
> > +{
> > + bool ret;
> > +
> > + preempt_disable();
> > + ret = __module_ro_address(addr) != NULL;
> > + preempt_enable();
> > +
> > + return ret;
> > +}
> > +
> > +/*
> > + * __module_ro_address - get the module whose rodata/ro_after_init sections
> > + * contain the given address.
>
> As mentioned in the first comment, let's rename __module_ro_address to
> __module_rodata_address, so it mirrors is_module_rodata_address().
>
> > + * @addr: the address.
> > + *
> > + * Must be called with preempt disabled or module mutex held so that
> > + * module doesn't get freed during this.
> > + */
> > +struct module *__module_ro_address(unsigned long addr)
> > +{
> > + struct module *mod = __module_address(addr);
>
> We need to check that mod is not NULL before dereferencing it below.
>
Re: [PATCH v3 1/2] module: verify address is read-only
On 03/24/17, Jessica Yu wrote:
> +++ Eddie Kovsky [22/03/17 20:55 -0600]:
> > Implement a mechanism to check if a module's address is in
> > the rodata or ro_after_init sections. It mimics the exsiting functions
> > that test if an address is inside a module's text section.
> >
> > Functions that take a module as an argument will be able to
>
> > verify that the module is in a read-only section.
>
> s/module/module address/?
>
Yes, that is more accurate.
> Also, there is some useful information in your cover letter on the
> context and motivation for adding to the api, it would be good to
> reproduce that info here so that we can have it officially in the
> changelog. (sentences "This implements a suggestion made by Kees..."
> and "The idea is to prevent structures..." would be nice to copy here)
>
Okay, that's easy to add.
Kees, would you like me to add your Suggested-by as well?
> > Signed-off-by: Eddie Kovsky
> > ---
> > Changes in v3:
> > - Change function name is_module_ro_address() to
> > is_module_rodata_address().
> > - Improve comments on is_module_rodata_address().
> > - Add a !CONFIG_MODULES stub for is_module_rodata_address.
> > - Correct and simplify the check for the read-only memory regions in
> > the module address.
> >
> > include/linux/module.h | 12
> > kernel/module.c| 53
> > ++
> > 2 files changed, 65 insertions(+)
> >
> > diff --git a/include/linux/module.h b/include/linux/module.h
> > index 9ad68561d8c2..66b7fd321334 100644
> > --- a/include/linux/module.h
> > +++ b/include/linux/module.h
> > @@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
> >
> > struct module *__module_text_address(unsigned long addr);
> > struct module *__module_address(unsigned long addr);
> > +struct module *__module_ro_address(unsigned long addr);
>
> Can we rename __module_ro_address to __module_rodata_address (to match
> is_module_rodata_address())?
>
Sure, consistency is a good thing.
> > bool is_module_address(unsigned long addr);
> > +bool is_module_rodata_address(unsigned long addr);
> > bool __is_module_percpu_address(unsigned long addr, unsigned long
> > *can_addr);
> > bool is_module_percpu_address(unsigned long addr);
> > bool is_module_text_address(unsigned long addr);
> > @@ -646,6 +648,16 @@ static inline struct module *__module_address(unsigned
> > long addr)
> > return NULL;
> > }
> >
> > +static inline struct module *__module_ro_address(unsigned long addr)
> > +{
> > + return NULL;
> > +}
> > +
> > +static inline bool is_module_rodata_address(unsigned long addr)
> > +{
> > + return false;
> > +}
> > +
>
> Style nitpick: Can you move is_module_rodata_address() below
> is_module_address()?
> That way, the function stubs are grouped a bit more consistently.
>
I think I might have shuffled that on the last rebase.
> > static inline struct module *__module_text_address(unsigned long addr)
> > {
> > return NULL;
> > diff --git a/kernel/module.c b/kernel/module.c
> > index 8ffcd29a4245..99ada1257aaa 100644
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long
> > addr)
> > }
> > EXPORT_SYMBOL_GPL(__module_text_address);
> >
> > +/**
> > + * is_module_rodata_address - is this address inside read-only module code?
>
> s/code/data/
>
Yes.
> > + * @addr: the address to check.
> > + *
> > + */
> > +bool is_module_rodata_address(unsigned long addr)
> > +{
> > + bool ret;
> > +
> > + preempt_disable();
> > + ret = __module_ro_address(addr) != NULL;
> > + preempt_enable();
> > +
> > + return ret;
> > +}
> > +
> > +/*
> > + * __module_ro_address - get the module whose rodata/ro_after_init sections
> > + * contain the given address.
>
> As mentioned in the first comment, let's rename __module_ro_address to
> __module_rodata_address, so it mirrors is_module_rodata_address().
>
> > + * @addr: the address.
> > + *
> > + * Must be called with preempt disabled or module mutex held so that
> > + * module doesn't get freed during this.
> > + */
> > +struct module *__module_ro_address(unsigned long addr)
> > +{
> > + struct module *mod = __module_address(addr);
>
> We need to check that mod is not NULL before dereferencing it below.
>
I mis
[PATCH v3 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the exsiting functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to
verify that the module is in a read-only section.
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..66b7fd321334 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_ro_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,16 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_ro_address(unsigned long addr)
+{
+ return NULL;
+}
+
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
diff --git a/kernel/module.c b/kernel/module.c
index 8ffcd29a4245..99ada1257aaa 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module code?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_ro_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_ro_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_ro_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_ro_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.0
[PATCH v3 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
Other functions inside the kernel could then use this capability to
verify that their arguments are read-only.
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..51beea39e6c4 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_ro_data(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..3c3a9f4e6250 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_ro_data - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_ro_data(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_ro_data(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.0
[PATCH v3 1/2] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the exsiting functions
that test if an address is inside a module's text section.
Functions that take a module as an argument will be able to
verify that the module is in a read-only section.
Signed-off-by: Eddie Kovsky
---
Changes in v3:
- Change function name is_module_ro_address() to
is_module_rodata_address().
- Improve comments on is_module_rodata_address().
- Add a !CONFIG_MODULES stub for is_module_rodata_address.
- Correct and simplify the check for the read-only memory regions in
the module address.
include/linux/module.h | 12
kernel/module.c| 53 ++
2 files changed, 65 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 9ad68561d8c2..66b7fd321334 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_ro_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_rodata_address(unsigned long addr);
bool __is_module_percpu_address(unsigned long addr, unsigned long *can_addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -646,6 +648,16 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_ro_address(unsigned long addr)
+{
+ return NULL;
+}
+
+static inline bool is_module_rodata_address(unsigned long addr)
+{
+ return false;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
diff --git a/kernel/module.c b/kernel/module.c
index 8ffcd29a4245..99ada1257aaa 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4292,6 +4292,59 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_rodata_address - is this address inside read-only module code?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_rodata_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_ro_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_ro_address - get the module whose rodata/ro_after_init sections
+ * contain the given address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_ro_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ void *init_base = mod->init_layout.base;
+ unsigned int init_text_size = mod->init_layout.text_size;
+ unsigned int init_ro_after_init_size =
mod->init_layout.ro_after_init_size;
+
+ void *core_base = mod->core_layout.base;
+ unsigned int core_text_size = mod->core_layout.text_size;
+ unsigned int core_ro_after_init_size =
mod->core_layout.ro_after_init_size;
+
+ /*
+* Make sure module is within the read-only section.
+* range(base + text_size, base + ro_after_init_size)
+* encompasses both the rodata and ro_after_init regions.
+* See comment above frob_text() for the layout diagram.
+*/
+ if (mod) {
+ if (!within(addr, init_base + init_text_size,
+ init_ro_after_init_size - init_text_size)
+ && !within(addr, core_base + core_text_size,
+ core_ro_after_init_size - core_text_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_ro_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.12.0
[PATCH v3 2/2] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
Other functions inside the kernel could then use this capability to
verify that their arguments are read-only.
Signed-off-by: Eddie Kovsky
---
Changes in v3:
- Fix missing declaration of is_module_rodata_address()
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..51beea39e6c4 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_ro_data(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 2676d7f8baf6..3c3a9f4e6250 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_ro_data - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_ro_data(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_ro_data(addr))
+ return 1;
+ if (is_module_rodata_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.12.0
[PATCH v3 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments are read-only. This implements the first half of a suggestion made by Kees Cook for the Kernel Self Protection Project: - provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 The idea is to prevent structures (including modules) that are not read-only from being passed to functions. It builds upon the functions in kernel/extable.c that test if an address is in the text section. I have dropped the third patch that uses these features to check the arguments to vmbus_register() because the maintainers have not been receptive to using it. My goal right now is to get the API right. I have test compiled this series on next-20170321 for x86. Eddie Kovsky (2): module: verify address is read-only extable: verify address is read-only include/linux/kernel.h | 2 ++ include/linux/module.h | 12 kernel/extable.c | 29 +++ kernel/module.c| 53 ++ 4 files changed, 96 insertions(+) -- 2.12.0
[PATCH v3 0/2] provide check for ro_after_init memory sections
Provide a mechanism for other functions to verify that their arguments are read-only. This implements the first half of a suggestion made by Kees Cook for the Kernel Self Protection Project: - provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 The idea is to prevent structures (including modules) that are not read-only from being passed to functions. It builds upon the functions in kernel/extable.c that test if an address is in the text section. I have dropped the third patch that uses these features to check the arguments to vmbus_register() because the maintainers have not been receptive to using it. My goal right now is to get the API right. I have test compiled this series on next-20170321 for x86. Eddie Kovsky (2): module: verify address is read-only extable: verify address is read-only include/linux/kernel.h | 2 ++ include/linux/module.h | 12 kernel/extable.c | 29 +++ kernel/module.c| 53 ++ 4 files changed, 96 insertions(+) -- 2.12.0
Re: [PATCH v2 3/3] Make vmbus register arguments read-only (fwd)
On 02/18/17, Julia Lawall wrote:
> It looks like brace are missing on the if on lines 1057-1059.
>
> julia
>
>
Well that is embarrassing. I should have caught that on my own test
build before submitting this. But I do think I've found the error in my
build script.
Sorry for all the noise.
Eddie
>
> -- Forwarded message --
> Date: Sat, 18 Feb 2017 15:46:30 +0800
> From: kbuild test robot <fengguang...@intel.com>
> To: kbu...@01.org
> Cc: Julia Lawall <julia.law...@lip6.fr>
> Subject: Re: [PATCH v2 3/3] Make vmbus register arguments read-only
>
> CC: kbuild-...@01.org
> In-Reply-To: <20170218055844.1457-4-...@edkovsky.org>
>
> Hi Eddie,
>
> [auto build test WARNING on linus/master]
> [also build test WARNING on v4.10-rc8 next-20170217]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Eddie-Kovsky/provide-check-for-ro_after_init-memory-sections/20170218-141040
> :: branch date: 2 hours ago
> :: commit date: 2 hours ago
>
> >> drivers/hv/vmbus_drv.c:1058:2-45: code aligned with following code on line
> >> 1059
>drivers/hv/vmbus_drv.c:1129:2-45: code aligned with following code on line
> 1130
>
> git remote add linux-review https://github.com/0day-ci/linux
> git remote update linux-review
> git checkout 1fed72d7adca008d13119f00c095e1e379f319a1
> vim +1058 drivers/hv/vmbus_drv.c
>
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1052
> ret = vmbus_exists();
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1053
> if (ret < 0)
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1054
> return ret;
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1055
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1056
> ret = kernel_ro_address(_driver);
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1057
> if (ret < 1)
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 @1058
> pr_err("Module address is not read-only.");
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 @1059
> return ret;
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1060
> 768fa219 drivers/staging/hv/vmbus_drv.c Greg Kroah-Hartman 2011-08-25 1061
> hv_driver->driver.name = hv_driver->name;
> 768fa219 drivers/staging/hv/vmbus_drv.c Greg Kroah-Hartman 2011-08-25 1062
> hv_driver->driver.owner = owner;
>
> ---
> 0-DAY kernel test infrastructureOpen Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
Re: [PATCH v2 3/3] Make vmbus register arguments read-only (fwd)
On 02/18/17, Julia Lawall wrote:
> It looks like brace are missing on the if on lines 1057-1059.
>
> julia
>
>
Well that is embarrassing. I should have caught that on my own test
build before submitting this. But I do think I've found the error in my
build script.
Sorry for all the noise.
Eddie
>
> -- Forwarded message --
> Date: Sat, 18 Feb 2017 15:46:30 +0800
> From: kbuild test robot
> To: kbu...@01.org
> Cc: Julia Lawall
> Subject: Re: [PATCH v2 3/3] Make vmbus register arguments read-only
>
> CC: kbuild-...@01.org
> In-Reply-To: <20170218055844.1457-4-...@edkovsky.org>
>
> Hi Eddie,
>
> [auto build test WARNING on linus/master]
> [also build test WARNING on v4.10-rc8 next-20170217]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Eddie-Kovsky/provide-check-for-ro_after_init-memory-sections/20170218-141040
> :: branch date: 2 hours ago
> :: commit date: 2 hours ago
>
> >> drivers/hv/vmbus_drv.c:1058:2-45: code aligned with following code on line
> >> 1059
>drivers/hv/vmbus_drv.c:1129:2-45: code aligned with following code on line
> 1130
>
> git remote add linux-review https://github.com/0day-ci/linux
> git remote update linux-review
> git checkout 1fed72d7adca008d13119f00c095e1e379f319a1
> vim +1058 drivers/hv/vmbus_drv.c
>
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1052
> ret = vmbus_exists();
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1053
> if (ret < 0)
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1054
> return ret;
> cf6a2eac drivers/hv/vmbus_drv.c K. Y. Srinivasan 2011-12-01 1055
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1056
> ret = kernel_ro_address(_driver);
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1057
> if (ret < 1)
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 @1058
> pr_err("Module address is not read-only.");
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 @1059
> return ret;
> 1fed72d7 drivers/hv/vmbus_drv.c Eddie Kovsky 2017-02-17 1060
> 768fa219 drivers/staging/hv/vmbus_drv.c Greg Kroah-Hartman 2011-08-25 1061
> hv_driver->driver.name = hv_driver->name;
> 768fa219 drivers/staging/hv/vmbus_drv.c Greg Kroah-Hartman 2011-08-25 1062
> hv_driver->driver.owner = owner;
>
> ---
> 0-DAY kernel test infrastructureOpen Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
[PATCH v2 3/3] Make vmbus register arguments read-only
Use the new RO check functions introduced in this series to make the
vmbus register functions verify that the address of their arguments are
read-only. Addresses that fail the verification are rejected.
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
drivers/hv/vmbus_drv.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index c1b27026f744..e527454ffa59 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -1026,6 +1026,11 @@ int __vmbus_driver_register(struct hv_driver *hv_driver,
struct module *owner, c
if (ret < 0)
return ret;
+ ret = kernel_ro_address(_driver);
+ if (ret < 1)
+ pr_err("Module address is not read-only.");
+ return ret;
+
hv_driver->driver.name = hv_driver->name;
hv_driver->driver.owner = owner;
hv_driver->driver.mod_name = mod_name;
@@ -1092,6 +1097,11 @@ int vmbus_device_register(struct hv_device
*child_device_obj)
{
int ret = 0;
+ ret = kernel_ro_address(_device_obj);
+ if (ret < 1)
+ pr_err("Device address is not read-only.");
+ return ret;
+
dev_set_name(_device_obj->device, "%pUl",
child_device_obj->channel->offermsg.offer.if_instance.b);
--
2.11.1
[PATCH v2 3/3] Make vmbus register arguments read-only
Use the new RO check functions introduced in this series to make the
vmbus register functions verify that the address of their arguments are
read-only. Addresses that fail the verification are rejected.
Signed-off-by: Eddie Kovsky
---
drivers/hv/vmbus_drv.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index c1b27026f744..e527454ffa59 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -1026,6 +1026,11 @@ int __vmbus_driver_register(struct hv_driver *hv_driver,
struct module *owner, c
if (ret < 0)
return ret;
+ ret = kernel_ro_address(_driver);
+ if (ret < 1)
+ pr_err("Module address is not read-only.");
+ return ret;
+
hv_driver->driver.name = hv_driver->name;
hv_driver->driver.owner = owner;
hv_driver->driver.mod_name = mod_name;
@@ -1092,6 +1097,11 @@ int vmbus_device_register(struct hv_device
*child_device_obj)
{
int ret = 0;
+ ret = kernel_ro_address(_device_obj);
+ if (ret < 1)
+ pr_err("Device address is not read-only.");
+ return ret;
+
dev_set_name(_device_obj->device, "%pUl",
child_device_obj->channel->offermsg.offer.if_instance.b);
--
2.11.1
[PATCH v2 0/3] provide check for ro_after_init memory sections
Provide a mechansim for other functions to verify that their arguments are read-only. Use this mechansim in the vmbus register functions to reject arguments that fail this test. This implements a suggestion made by Kees Cook for the Kernel Self Protection Project: * provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 I have successfully compiled this series on next-20170215 for x86. Eddie Kovsky (3): module: verify address is read-only extable: verify address is read-only Make vmbus register arguments read-only drivers/hv/vmbus_drv.c | 10 ++ include/linux/kernel.h | 2 ++ include/linux/module.h | 7 +++ kernel/extable.c | 29 + kernel/module.c| 44 5 files changed, 92 insertions(+) -- 2.11.1
[PATCH v2 0/3] provide check for ro_after_init memory sections
Provide a mechansim for other functions to verify that their arguments are read-only. Use this mechansim in the vmbus register functions to reject arguments that fail this test. This implements a suggestion made by Kees Cook for the Kernel Self Protection Project: * provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 I have successfully compiled this series on next-20170215 for x86. Eddie Kovsky (3): module: verify address is read-only extable: verify address is read-only Make vmbus register arguments read-only drivers/hv/vmbus_drv.c | 10 ++ include/linux/kernel.h | 2 ++ include/linux/module.h | 7 +++ kernel/extable.c | 29 + kernel/module.c| 44 5 files changed, 92 insertions(+) -- 2.11.1
[PATCH v2 1/3] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the exsiting functions
that test if an address is inside a module's text section.
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
include/linux/module.h | 7 +++
kernel/module.c| 44
2 files changed, 51 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 0297c5cd7cdf..1608d3570ee2 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_ro_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_ro_address(unsigned long addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -645,6 +647,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_ro_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
diff --git a/kernel/module.c b/kernel/module.c
index 7eba6dea4f41..298cfe4645b1 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4275,6 +4275,50 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_text_ro_address - is this address inside read-only module code?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_ro_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_ro_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_ro_address - get the module whose code contains a read-only
address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_ro_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ if (mod) {
+ /* Make sure it's within the read-only section. */
+ if (!within(addr, mod->init_layout.base,
+ mod->init_layout.ro_size)
+ && !within(addr, mod->core_layout.base,
+ mod->core_layout.ro_size))
+ mod = NULL;
+ if (!within(addr, mod->init_layout.base,
+ mod->init_layout.ro_after_init_size)
+ && !within(addr, mod->core_layout.base,
+ mod->core_layout.ro_after_init_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_ro_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.11.1
[PATCH v2 2/3] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
Signed-off-by: Eddie Kovsky <e...@edkovsky.org>
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..51beea39e6c4 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_ro_data(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 6b0d09051efb..e9608f129730 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -149,3 +149,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_ro_data - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_ro_data(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_ro_data(addr))
+ return 1;
+ if (is_module_ro_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.11.1
[PATCH v2 1/3] module: verify address is read-only
Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the exsiting functions
that test if an address is inside a module's text section.
Signed-off-by: Eddie Kovsky
---
include/linux/module.h | 7 +++
kernel/module.c| 44
2 files changed, 51 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 0297c5cd7cdf..1608d3570ee2 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)
struct module *__module_text_address(unsigned long addr);
struct module *__module_address(unsigned long addr);
+struct module *__module_ro_address(unsigned long addr);
bool is_module_address(unsigned long addr);
+bool is_module_ro_address(unsigned long addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -645,6 +647,11 @@ static inline struct module *__module_address(unsigned
long addr)
return NULL;
}
+static inline struct module *__module_ro_address(unsigned long addr)
+{
+ return NULL;
+}
+
static inline struct module *__module_text_address(unsigned long addr)
{
return NULL;
diff --git a/kernel/module.c b/kernel/module.c
index 7eba6dea4f41..298cfe4645b1 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4275,6 +4275,50 @@ struct module *__module_text_address(unsigned long addr)
}
EXPORT_SYMBOL_GPL(__module_text_address);
+/**
+ * is_module_text_ro_address - is this address inside read-only module code?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_ro_address(unsigned long addr)
+{
+ bool ret;
+
+ preempt_disable();
+ ret = __module_ro_address(addr) != NULL;
+ preempt_enable();
+
+ return ret;
+}
+
+/*
+ * __module_ro_address - get the module whose code contains a read-only
address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_ro_address(unsigned long addr)
+{
+ struct module *mod = __module_address(addr);
+
+ if (mod) {
+ /* Make sure it's within the read-only section. */
+ if (!within(addr, mod->init_layout.base,
+ mod->init_layout.ro_size)
+ && !within(addr, mod->core_layout.base,
+ mod->core_layout.ro_size))
+ mod = NULL;
+ if (!within(addr, mod->init_layout.base,
+ mod->init_layout.ro_after_init_size)
+ && !within(addr, mod->core_layout.base,
+ mod->core_layout.ro_after_init_size))
+ mod = NULL;
+ }
+ return mod;
+}
+EXPORT_SYMBOL_GPL(__module_ro_address);
+
/* Don't grab lock, we're oopsing. */
void print_modules(void)
{
--
2.11.1
[PATCH v2 2/3] extable: verify address is read-only
Provide a mechanism to check if the address of a variable is
const or ro_after_init. It mimics the existing functions that test if an
address is inside the kernel's text section.
Signed-off-by: Eddie Kovsky
---
include/linux/kernel.h | 2 ++
kernel/extable.c | 29 +
2 files changed, 31 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 4c26dc3a8295..51beea39e6c4 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr);
extern int __kernel_text_address(unsigned long addr);
extern int kernel_text_address(unsigned long addr);
extern int func_ptr_is_kernel_text(void *ptr);
+extern int core_kernel_ro_data(unsigned long addr);
+extern int kernel_ro_address(unsigned long addr);
unsigned long int_sqrt(unsigned long);
diff --git a/kernel/extable.c b/kernel/extable.c
index 6b0d09051efb..e9608f129730 100644
--- a/kernel/extable.c
+++ b/kernel/extable.c
@@ -149,3 +149,32 @@ int func_ptr_is_kernel_text(void *ptr)
return 1;
return is_module_text_address(addr);
}
+
+/**
+ * core_kernel_ro_data - Verify address points to read-only section
+ * @addr: address to test
+ *
+ */
+int core_kernel_ro_data(unsigned long addr)
+{
+ if (addr >= (unsigned long)__start_rodata &&
+ addr < (unsigned long)__end_rodata)
+ return 1;
+
+ if (addr >= (unsigned long)__start_data_ro_after_init &&
+ addr < (unsigned long)__end_data_ro_after_init)
+ return 1;
+
+ return 0;
+}
+
+/* Verify that address is const or ro_after_init. */
+int kernel_ro_address(unsigned long addr)
+{
+ if (core_kernel_ro_data(addr))
+ return 1;
+ if (is_module_ro_address(addr))
+ return 1;
+
+ return 0;
+}
--
2.11.1
[PATCH 3/3] Documentation: Add minimal Mutt config for using Gmail
This patch provides a minimal configuration to set up Mutt for submitting plain text patches using Gmail. Signed-off-by: Eddie Kovsky --- Documentation/email-clients.txt | 32 1 file changed, 32 insertions(+) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index d11c20b0e897..d2fb26a547f3 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -185,6 +185,38 @@ It should work with default settings. However, it's a good idea to set the "send_charset" to: set send_charset="us-ascii:utf-8" +Mutt is highly customizable. Here is a minimum configuration to start +using Mutt to send patches through Gmail: + +# .muttrc +# IMAP +set imap_user = 'yourusern...@gmail.com' +set imap_pass = 'yourpassword' +set spoolfile = imaps://imap.gmail.com/INBOX +set folder = imaps://imap.gmail.com/ +set record="imaps://imap.gmail.com/[Gmail]/Sent Mail" +set postponed="imaps://imap.gmail.com/[Gmail]/Drafts" +set mbox="imaps://imap.gmail.com/[Gmail]/All Mail" + +# SMTP +set smtp_url = "smtp://usern...@smtp.gmail.com:587/" +set smtp_pass = $imap_pass +set ssl_force_tls = yes # Require encrypted connection + +# Composition +set editor = `echo \$EDITOR` +set edit_headers = yes # See the headers when editing +set charset = UTF-8 # value of $LANG; also fallback for send_charset +# Sender, email address, and sign-off line must match +unset use_domain# because joe@localhost is just embarrassing +set realname = "YOUR NAME" +set from = "usern...@gmail.com" +set use_from = yes + +The Mutt docs have lots more information: +http://dev.mutt.org/trac/wiki/UseCases/Gmail +http://dev.mutt.org/doc/manual.html + ~~ Pine (TUI) -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] Documentation: Clarify use of Gmail for emailing patches
Clarify that Gmail can be used to send patches, provided you use Gmail as a server and avoid the Web UI. Signed-off-by: Eddie Kovsky --- Documentation/email-clients.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index aba85b39a400..ca38031c4762 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -250,7 +250,8 @@ Works. Use "Insert file..." or external editor. ~~ Gmail (Web GUI) -Does not work for sending patches. +Gmail works fine for sending patches provided you do NOT use the web interface +and just use Gmail as an IMAP server with a text based email client. Gmail web client converts tabs to spaces automatically. -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] Documentation: Add note on sending files directly with Mutt
Like 'git send-email', Mutt can also be used to send patches generated with 'git format-patch'. This works regardless of the editor the contributor has set up to use with Mutt. Signed-off-by: Eddie Kovsky --- Documentation/email-clients.txt | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index ca38031c4762..d11c20b0e897 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -176,6 +176,10 @@ To use 'vim' with mutt: if you want to include the patch inline. (a)ttach works fine without "set paste". +You can also generate patches with 'git format-patch' and then use Mutt +to send them: +$ mutt -H 0001-some-bug-fix.patch + Config options: It should work with default settings. However, it's a good idea to set the "send_charset" to: -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/3] Documentation: Email client improvements
A recent mailing list discussion about developer tools extended over to Google+. https://plus.google.com/+DarrenHart/posts/EbVFWJu3FK9 Several members of the kernel community felt that improving the email client documentation would make it easier for new developers to get started submitting patches. This series introduces three updates to help new contributors get Mutt working as quickly as possible. * Clarify that Gmail is acceptable for sending patches, as long as it is used without the web interface. * Add instructions for sending files directly from Mutt without use of a specific editor. * Add a minimal Mutt configuration to use Gmail's IMAP servers to send text email. I tested this configuration using a mockup local user and my own Gmail account. Thanks Eddie Eddie Kovsky (3): Clarify use of Gmail for emailing patches Add note on sending files directly with Mutt Add minimal Mutt config for using Gmail Documentation/email-clients.txt | 39 ++- 1 file changed, 38 insertions(+), 1 deletion(-) -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/3] Documentation: Email client improvements
A recent mailing list discussion about developer tools extended over to Google+. https://plus.google.com/+DarrenHart/posts/EbVFWJu3FK9 Several members of the kernel community felt that improving the email client documentation would make it easier for new developers to get started submitting patches. This series introduces three updates to help new contributors get Mutt working as quickly as possible. * Clarify that Gmail is acceptable for sending patches, as long as it is used without the web interface. * Add instructions for sending files directly from Mutt without use of a specific editor. * Add a minimal Mutt configuration to use Gmail's IMAP servers to send text email. I tested this configuration using a mockup local user and my own Gmail account. Thanks Eddie Eddie Kovsky (3): Clarify use of Gmail for emailing patches Add note on sending files directly with Mutt Add minimal Mutt config for using Gmail Documentation/email-clients.txt | 39 ++- 1 file changed, 38 insertions(+), 1 deletion(-) -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] Documentation: Clarify use of Gmail for emailing patches
Clarify that Gmail can be used to send patches, provided you use Gmail as a server and avoid the Web UI. Signed-off-by: Eddie Kovsky <e...@edkovsky.org> --- Documentation/email-clients.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index aba85b39a400..ca38031c4762 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -250,7 +250,8 @@ Works. Use "Insert file..." or external editor. ~~ Gmail (Web GUI) -Does not work for sending patches. +Gmail works fine for sending patches provided you do NOT use the web interface +and just use Gmail as an IMAP server with a text based email client. Gmail web client converts tabs to spaces automatically. -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] Documentation: Add minimal Mutt config for using Gmail
This patch provides a minimal configuration to set up Mutt for submitting plain text patches using Gmail. Signed-off-by: Eddie Kovsky <e...@edkovsky.org> --- Documentation/email-clients.txt | 32 1 file changed, 32 insertions(+) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index d11c20b0e897..d2fb26a547f3 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -185,6 +185,38 @@ It should work with default settings. However, it's a good idea to set the "send_charset" to: set send_charset="us-ascii:utf-8" +Mutt is highly customizable. Here is a minimum configuration to start +using Mutt to send patches through Gmail: + +# .muttrc +# IMAP +set imap_user = 'yourusern...@gmail.com' +set imap_pass = 'yourpassword' +set spoolfile = imaps://imap.gmail.com/INBOX +set folder = imaps://imap.gmail.com/ +set record="imaps://imap.gmail.com/[Gmail]/Sent Mail" +set postponed="imaps://imap.gmail.com/[Gmail]/Drafts" +set mbox="imaps://imap.gmail.com/[Gmail]/All Mail" + +# SMTP +set smtp_url = "smtp://usern...@smtp.gmail.com:587/" +set smtp_pass = $imap_pass +set ssl_force_tls = yes # Require encrypted connection + +# Composition +set editor = `echo \$EDITOR` +set edit_headers = yes # See the headers when editing +set charset = UTF-8 # value of $LANG; also fallback for send_charset +# Sender, email address, and sign-off line must match +unset use_domain# because joe@localhost is just embarrassing +set realname = "YOUR NAME" +set from = "usern...@gmail.com" +set use_from = yes + +The Mutt docs have lots more information: +http://dev.mutt.org/trac/wiki/UseCases/Gmail +http://dev.mutt.org/doc/manual.html + ~~ Pine (TUI) -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] Documentation: Add note on sending files directly with Mutt
Like 'git send-email', Mutt can also be used to send patches generated with 'git format-patch'. This works regardless of the editor the contributor has set up to use with Mutt. Signed-off-by: Eddie Kovsky <e...@edkovsky.org> --- Documentation/email-clients.txt | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/email-clients.txt b/Documentation/email-clients.txt index ca38031c4762..d11c20b0e897 100644 --- a/Documentation/email-clients.txt +++ b/Documentation/email-clients.txt @@ -176,6 +176,10 @@ To use 'vim' with mutt: if you want to include the patch inline. (a)ttach works fine without "set paste". +You can also generate patches with 'git format-patch' and then use Mutt +to send them: +$ mutt -H 0001-some-bug-fix.patch + Config options: It should work with default settings. However, it's a good idea to set the "send_charset" to: -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] checkpatch: Fix left brace warning
Using checkpatch.pl with Perl 5.22.0 generates the following warning:
Unescaped left brace in regex is deprecated, passed through in regex;
This patch fixes the warnings by escaping occurrences of the left brace
inside the regular expression.
Signed-off-by: Eddie Kovsky
---
scripts/checkpatch.pl | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 50693f52d57c..a38fa70ce694 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -3547,7 +3547,7 @@ sub process {
# function brace can't be on same line, except for #defines of do while,
# or if closed on same line
if (($line=~/$Type\s*$Ident\(.*\).*\s*{/) and
- !($line=~/\#\s*define.*do\s{/) and !($line=~/}/)) {
+ !($line=~/\#\s*define.*do\s\{/) and !($line=~/}/)) {
if (ERROR("OPEN_BRACE",
"open brace '{' following function
declarations go on the next line\n" . $herecurr) &&
$fix) {
@@ -4059,8 +4059,8 @@ sub process {
## }
#need space before brace following if, while, etc
- if (($line =~ /\(.*\){/ && $line !~ /\($Type\){/) ||
- $line =~ /do{/) {
+ if (($line =~ /\(.*\)\{/ && $line !~ /\($Type\){/) ||
+ $line =~ /do\{/) {
if (ERROR("SPACING",
"space required before the open brace '{'\n"
. $herecurr) &&
$fix) {
@@ -4507,7 +4507,7 @@ sub process {
$dstat !~ /^for\s*$Constant$/ &&
# for (...)
$dstat !~
/^for\s*$Constant\s+(?:$Ident|-?$Constant)$/ && # for (...) bar()
$dstat !~ /^do\s*{/ &&
# do {...
- $dstat !~ /^\({/ &&
# ({...
+ $dstat !~ /^\(\{/ &&
# ({...
$ctx !~
/^.\s*#\s*define\s+TRACE_(?:SYSTEM|INCLUDE_FILE|INCLUDE_PATH)\b/)
{
$ctx =~ s/\n*$//;
--
2.5.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] checkpatch: Fix left brace warning
Using checkpatch.pl with Perl 5.22.0 generates the following warning:
Unescaped left brace in regex is deprecated, passed through in regex;
This patch fixes the warnings by escaping occurrences of the left brace
inside the regular expression.
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
scripts/checkpatch.pl | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 50693f52d57c..a38fa70ce694 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -3547,7 +3547,7 @@ sub process {
# function brace can't be on same line, except for #defines of do while,
# or if closed on same line
if (($line=~/$Type\s*$Ident\(.*\).*\s*{/) and
- !($line=~/\#\s*define.*do\s{/) and !($line=~/}/)) {
+ !($line=~/\#\s*define.*do\s\{/) and !($line=~/}/)) {
if (ERROR(OPEN_BRACE,
open brace '{' following function
declarations go on the next line\n . $herecurr)
$fix) {
@@ -4059,8 +4059,8 @@ sub process {
## }
#need space before brace following if, while, etc
- if (($line =~ /\(.*\){/ $line !~ /\($Type\){/) ||
- $line =~ /do{/) {
+ if (($line =~ /\(.*\)\{/ $line !~ /\($Type\){/) ||
+ $line =~ /do\{/) {
if (ERROR(SPACING,
space required before the open brace '{'\n
. $herecurr)
$fix) {
@@ -4507,7 +4507,7 @@ sub process {
$dstat !~ /^for\s*$Constant$/
# for (...)
$dstat !~
/^for\s*$Constant\s+(?:$Ident|-?$Constant)$/# for (...) bar()
$dstat !~ /^do\s*{/
# do {...
- $dstat !~ /^\({/
# ({...
+ $dstat !~ /^\(\{/
# ({...
$ctx !~
/^.\s*#\s*define\s+TRACE_(?:SYSTEM|INCLUDE_FILE|INCLUDE_PATH)\b/)
{
$ctx =~ s/\n*$//;
--
2.5.0
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Fixes: 9697dffb098d ("drm: Turn off Legacy Context Functions")
Commit 9697dffb098d ("drm: Turn off Legacy Context Functions")
added checks for legacy features to several functions in the
drm driver. It is now possible for the void functions changed by
this commit to return an int error code. This patch updates
the function definitions to return int. This fixes the build warnings:
warning: ‘return’ with a value, in function returning void
return -EINVAL
Signed-off-by: Eddie Kovsky
---
drivers/gpu/drm/drm_context.c | 12 +---
drivers/gpu/drm/drm_legacy.h | 6 +++---
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index f3ea657f6574..3c2f4a76f934 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -51,7 +51,7 @@ struct drm_ctx_list {
* in drm_device::ctx_idr, while holding the drm_device::struct_mutex
* lock.
*/
-void drm_legacy_ctxbitmap_free(struct drm_device * dev, int ctx_handle)
+int drm_legacy_ctxbitmap_free(struct drm_device * dev, int ctx_handle)
{
if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) &&
drm_core_check_feature(dev, DRIVER_MODESET))
@@ -60,6 +60,8 @@ void drm_legacy_ctxbitmap_free(struct drm_device * dev, int
ctx_handle)
mutex_lock(>struct_mutex);
idr_remove(>ctx_idr, ctx_handle);
mutex_unlock(>struct_mutex);
+
+ return 0;
}
/**
@@ -107,7 +109,7 @@ int drm_legacy_ctxbitmap_init(struct drm_device * dev)
* Free all idr members using drm_ctx_sarea_free helper function
* while holding the drm_device::struct_mutex lock.
*/
-void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
+int drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
{
if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) &&
drm_core_check_feature(dev, DRIVER_MODESET))
@@ -116,6 +118,8 @@ void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
mutex_lock(>struct_mutex);
idr_destroy(>ctx_idr);
mutex_unlock(>struct_mutex);
+
+ return 0;
}
/**
@@ -127,7 +131,7 @@ void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
* @file. Note that after this call returns, new contexts might be added if
* the file is still alive.
*/
-void drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file)
+int drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file)
{
struct drm_ctx_list *pos, *tmp;
@@ -150,6 +154,8 @@ void drm_legacy_ctxbitmap_flush(struct drm_device *dev,
struct drm_file *file)
}
mutex_unlock(>ctxlist_mutex);
+
+ return 0;
}
/*@}*/
diff --git a/drivers/gpu/drm/drm_legacy.h b/drivers/gpu/drm/drm_legacy.h
index c1dc61473db5..26c16220e475 100644
--- a/drivers/gpu/drm/drm_legacy.h
+++ b/drivers/gpu/drm/drm_legacy.h
@@ -43,9 +43,9 @@ struct drm_file;
#define DRM_RESERVED_CONTEXTS 1
int drm_legacy_ctxbitmap_init(struct drm_device *dev);
-void drm_legacy_ctxbitmap_cleanup(struct drm_device *dev);
-void drm_legacy_ctxbitmap_free(struct drm_device *dev, int ctx_handle);
-void drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file);
+int drm_legacy_ctxbitmap_cleanup(struct drm_device *dev);
+int drm_legacy_ctxbitmap_free(struct drm_device *dev, int ctx_handle);
+int drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file);
int drm_legacy_resctx(struct drm_device *d, void *v, struct drm_file *f);
int drm_legacy_addctx(struct drm_device *d, void *v, struct drm_file *f);
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Fixes: 9697dffb098d (drm: Turn off Legacy Context Functions)
Commit 9697dffb098d (drm: Turn off Legacy Context Functions)
added checks for legacy features to several functions in the
drm driver. It is now possible for the void functions changed by
this commit to return an int error code. This patch updates
the function definitions to return int. This fixes the build warnings:
warning: ‘return’ with a value, in function returning void
return -EINVAL
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
drivers/gpu/drm/drm_context.c | 12 +---
drivers/gpu/drm/drm_legacy.h | 6 +++---
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index f3ea657f6574..3c2f4a76f934 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -51,7 +51,7 @@ struct drm_ctx_list {
* in drm_device::ctx_idr, while holding the drm_device::struct_mutex
* lock.
*/
-void drm_legacy_ctxbitmap_free(struct drm_device * dev, int ctx_handle)
+int drm_legacy_ctxbitmap_free(struct drm_device * dev, int ctx_handle)
{
if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT)
drm_core_check_feature(dev, DRIVER_MODESET))
@@ -60,6 +60,8 @@ void drm_legacy_ctxbitmap_free(struct drm_device * dev, int
ctx_handle)
mutex_lock(dev-struct_mutex);
idr_remove(dev-ctx_idr, ctx_handle);
mutex_unlock(dev-struct_mutex);
+
+ return 0;
}
/**
@@ -107,7 +109,7 @@ int drm_legacy_ctxbitmap_init(struct drm_device * dev)
* Free all idr members using drm_ctx_sarea_free helper function
* while holding the drm_device::struct_mutex lock.
*/
-void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
+int drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
{
if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT)
drm_core_check_feature(dev, DRIVER_MODESET))
@@ -116,6 +118,8 @@ void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
mutex_lock(dev-struct_mutex);
idr_destroy(dev-ctx_idr);
mutex_unlock(dev-struct_mutex);
+
+ return 0;
}
/**
@@ -127,7 +131,7 @@ void drm_legacy_ctxbitmap_cleanup(struct drm_device * dev)
* @file. Note that after this call returns, new contexts might be added if
* the file is still alive.
*/
-void drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file)
+int drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file)
{
struct drm_ctx_list *pos, *tmp;
@@ -150,6 +154,8 @@ void drm_legacy_ctxbitmap_flush(struct drm_device *dev,
struct drm_file *file)
}
mutex_unlock(dev-ctxlist_mutex);
+
+ return 0;
}
/*@}*/
diff --git a/drivers/gpu/drm/drm_legacy.h b/drivers/gpu/drm/drm_legacy.h
index c1dc61473db5..26c16220e475 100644
--- a/drivers/gpu/drm/drm_legacy.h
+++ b/drivers/gpu/drm/drm_legacy.h
@@ -43,9 +43,9 @@ struct drm_file;
#define DRM_RESERVED_CONTEXTS 1
int drm_legacy_ctxbitmap_init(struct drm_device *dev);
-void drm_legacy_ctxbitmap_cleanup(struct drm_device *dev);
-void drm_legacy_ctxbitmap_free(struct drm_device *dev, int ctx_handle);
-void drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file);
+int drm_legacy_ctxbitmap_cleanup(struct drm_device *dev);
+int drm_legacy_ctxbitmap_free(struct drm_device *dev, int ctx_handle);
+int drm_legacy_ctxbitmap_flush(struct drm_device *dev, struct drm_file *file);
int drm_legacy_resctx(struct drm_device *d, void *v, struct drm_file *f);
int drm_legacy_addctx(struct drm_device *d, void *v, struct drm_file *f);
--
2.4.3
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Fix reversed logic in drivers/md/md.c
Fixes the following compiler warning in next-20150525 using gcc 5.1.0: drivers/md/md.c: In function ‘update_array_info’: drivers/md/md.c:6394:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] !mddev->persistent != info->not_persistent|| Signed-off-by: Eddie Kovsky --- drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index eb27b2a74492..b0f98b5b8985 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -6391,7 +6391,7 @@ static int update_array_info(struct mddev *mddev, mdu_array_info_t *info) mddev->ctime != info->ctime || mddev->level != info->level || /* mddev->layout!= info->layout|| */ - !mddev->persistent != info->not_persistent|| + mddev->persistent== info->not_persistent|| mddev->chunk_sectors != info->chunk_size >> 9 || /* ignore bottom 8 bits of state, and allow SB_BITMAP_PRESENT to change */ ((state^info->state) & 0xfe00) -- 2.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Fix reversed logic in drivers/md/md.c
Fixes the following compiler warning in next-20150525 using gcc 5.1.0: drivers/md/md.c: In function ‘update_array_info’: drivers/md/md.c:6394:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] !mddev-persistent != info-not_persistent|| Signed-off-by: Eddie Kovsky e...@edkovsky.org --- drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index eb27b2a74492..b0f98b5b8985 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -6391,7 +6391,7 @@ static int update_array_info(struct mddev *mddev, mdu_array_info_t *info) mddev-ctime != info-ctime || mddev-level != info-level || /* mddev-layout!= info-layout|| */ - !mddev-persistent != info-not_persistent|| + mddev-persistent== info-not_persistent|| mddev-chunk_sectors != info-chunk_size 9 || /* ignore bottom 8 bits of state, and allow SB_BITMAP_PRESENT to change */ ((state^info-state) 0xfe00) -- 2.4.1 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Staging: rtl8192u Make function static
On Wed, Apr 01, 2015 at 09:09:26AM +0530, Sudip Mukherjee wrote: > On Tue, Mar 31, 2015 at 05:51:19PM -0600, Eddie Kovsky wrote: > > Changing function definition to static fixes the > > following warning generated by sparse: > > > > drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c:1924:6: warning: > > symbol 'ieee80211_check_auth_response' was not declared. Should it be > > static? > > some one has already done this and it has been already applied to > staging-testing. > > regards > sudip > Yes, I see that now. I thought I was already tracking that branch. I'm sorry for the noise. Eddie -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Staging: rtl8192u Make function static
Changing function definition to static fixes the
following warning generated by sparse:
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c:1924:6: warning: symbol
'ieee80211_check_auth_response' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky
---
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
index 66b158714822..072d8204b01c 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
@@ -1921,7 +1921,7 @@ static void ieee80211_process_action(struct
ieee80211_device *ieee,
}
-void ieee80211_check_auth_response(struct ieee80211_device *ieee,
+static void ieee80211_check_auth_response(struct ieee80211_device *ieee,
struct sk_buff *skb)
{
/* default support N mode, disable halfNmode */
--
2.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH V2] Staging: rtl8192 Clean up function definition
On Tue, Mar 31, 2015 at 10:14:54AM +0300, Dan Carpenter wrote: > On Mon, Mar 30, 2015 at 05:05:36PM -0600, Eddie Kovsky wrote: > > Change function definition to static, move the function further up in > > the file, and delete the function prototype. > > > > This fixes the following warning generated by sparse: > > > > drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol > > 'rtl8192_update_ratr_table' was not declared. Should it be static? > > > > Someone already fixed the warning earlier but this this is still a nice > patch to have. > > regards, > dan carpenter Dan I sent in the patch last week to fix this warning. You had asked me to clean up the function by removing the prototype instead. Greg had already sent me a message saying he picked up that patch. I waited a few cycles, but I still haven't seen my patch show up in yesterday's (or today's) next. I assume my original patch got dropped waiting on this one? Eddie -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Staging: rtl8192u Make function static
On Wed, Apr 01, 2015 at 09:09:26AM +0530, Sudip Mukherjee wrote: On Tue, Mar 31, 2015 at 05:51:19PM -0600, Eddie Kovsky wrote: Changing function definition to static fixes the following warning generated by sparse: drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c:1924:6: warning: symbol 'ieee80211_check_auth_response' was not declared. Should it be static? some one has already done this and it has been already applied to staging-testing. regards sudip Yes, I see that now. I thought I was already tracking that branch. I'm sorry for the noise. Eddie -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH V2] Staging: rtl8192 Clean up function definition
On Tue, Mar 31, 2015 at 10:14:54AM +0300, Dan Carpenter wrote: On Mon, Mar 30, 2015 at 05:05:36PM -0600, Eddie Kovsky wrote: Change function definition to static, move the function further up in the file, and delete the function prototype. This fixes the following warning generated by sparse: drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol 'rtl8192_update_ratr_table' was not declared. Should it be static? Someone already fixed the warning earlier but this this is still a nice patch to have. regards, dan carpenter Dan I sent in the patch last week to fix this warning. You had asked me to clean up the function by removing the prototype instead. Greg had already sent me a message saying he picked up that patch. I waited a few cycles, but I still haven't seen my patch show up in yesterday's (or today's) next. I assume my original patch got dropped waiting on this one? Eddie -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Staging: rtl8192u Make function static
Changing function definition to static fixes the
following warning generated by sparse:
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c:1924:6: warning: symbol
'ieee80211_check_auth_response' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
index 66b158714822..072d8204b01c 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
@@ -1921,7 +1921,7 @@ static void ieee80211_process_action(struct
ieee80211_device *ieee,
}
-void ieee80211_check_auth_response(struct ieee80211_device *ieee,
+static void ieee80211_check_auth_response(struct ieee80211_device *ieee,
struct sk_buff *skb)
{
/* default support N mode, disable halfNmode */
--
2.3.4
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] Staging: rtl8192 Clean up function definition
Change function definition to static, move the function further up in
the file, and delete the function prototype.
This fixes the following warning generated by sparse:
drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol
'rtl8192_update_ratr_table' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky
---
drivers/staging/rtl8192u/r8192U_core.c | 87 +-
1 file changed, 44 insertions(+), 43 deletions(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c
b/drivers/staging/rtl8192u/r8192U_core.c
index 8834c23d67fc..f16a0a45611f 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -1762,7 +1762,50 @@ void rtl8192_usb_deleteendpoints(struct net_device *dev)
}
#endif
-static void rtl8192_update_ratr_table(struct net_device *dev);
+static void rtl8192_update_ratr_table(struct net_device *dev)
+{
+ struct r8192_priv *priv = ieee80211_priv(dev);
+ struct ieee80211_device *ieee = priv->ieee80211;
+ u8 *pMcsRate = ieee->dot11HTOperationalRateSet;
+ u32 ratr_value = 0;
+ u8 rate_index = 0;
+ rtl8192_config_rate(dev, (u16 *)(_value));
+
+ ratr_value |= (*(u16 *)(pMcsRate)) << 12;
+ switch (ieee->mode) {
+ case IEEE_A:
+ ratr_value &= 0x0FF0;
+ break;
+ case IEEE_B:
+ ratr_value &= 0x000F;
+ break;
+ case IEEE_G:
+ ratr_value &= 0x0FF7;
+ break;
+ case IEEE_N_24G:
+ case IEEE_N_5G:
+ if (ieee->pHTInfo->PeerMimoPs == 0) { /* MIMO_PS_STATIC */
+ ratr_value &= 0x0007F007;
+ } else {
+ if (priv->rf_type == RF_1T2R)
+ ratr_value &= 0x000FF007;
+ else
+ ratr_value &= 0x0F81F007;
+ }
+ break;
+ default:
+ break;
+ }
+ ratr_value &= 0x0FFF;
+ if (ieee->pHTInfo->bCurTxBW40MHz && ieee->pHTInfo->bCurShortGI40MHz)
+ ratr_value |= 0x8000;
+ else if (!ieee->pHTInfo->bCurTxBW40MHz &&
ieee->pHTInfo->bCurShortGI20MHz)
+ ratr_value |= 0x8000;
+ write_nic_dword(dev, RATR0+rate_index*4, ratr_value);
+ write_nic_byte(dev, UFWP, 1);
+}
+
+
static void rtl8192_link_change(struct net_device *dev)
{
struct r8192_priv *priv = ieee80211_priv(dev);
@@ -1967,48 +2010,6 @@ static int rtl8192_handle_assoc_response(struct
net_device *dev,
}
-void rtl8192_update_ratr_table(struct net_device *dev)
-{
- struct r8192_priv *priv = ieee80211_priv(dev);
- struct ieee80211_device *ieee = priv->ieee80211;
- u8 *pMcsRate = ieee->dot11HTOperationalRateSet;
- u32 ratr_value = 0;
- u8 rate_index = 0;
- rtl8192_config_rate(dev, (u16 *)(_value));
- ratr_value |= (*(u16 *)(pMcsRate)) << 12;
- switch (ieee->mode) {
- case IEEE_A:
- ratr_value &= 0x0FF0;
- break;
- case IEEE_B:
- ratr_value &= 0x000F;
- break;
- case IEEE_G:
- ratr_value &= 0x0FF7;
- break;
- case IEEE_N_24G:
- case IEEE_N_5G:
- if (ieee->pHTInfo->PeerMimoPs == 0) { /* MIMO_PS_STATIC */
- ratr_value &= 0x0007F007;
- } else {
- if (priv->rf_type == RF_1T2R)
- ratr_value &= 0x000FF007;
- else
- ratr_value &= 0x0F81F007;
- }
- break;
- default:
- break;
- }
- ratr_value &= 0x0FFF;
- if (ieee->pHTInfo->bCurTxBW40MHz && ieee->pHTInfo->bCurShortGI40MHz)
- ratr_value |= 0x8000;
- else if (!ieee->pHTInfo->bCurTxBW40MHz &&
ieee->pHTInfo->bCurShortGI20MHz)
- ratr_value |= 0x8000;
- write_nic_dword(dev, RATR0+rate_index*4, ratr_value);
- write_nic_byte(dev, UFWP, 1);
-}
-
static u8 ccmp_ie[4] = {0x00, 0x50, 0xf2, 0x04};
static u8 ccmp_rsn_ie[4] = {0x00, 0x0f, 0xac, 0x04};
static bool GetNmodeSupportBySecCfg8192(struct net_device *dev)
--
2.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] Staging: rtl8192 Clean up function definition
Change function definition to static, move the function further up in
the file, and delete the function prototype.
This fixes the following warning generated by sparse:
drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol
'rtl8192_update_ratr_table' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
drivers/staging/rtl8192u/r8192U_core.c | 87 +-
1 file changed, 44 insertions(+), 43 deletions(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c
b/drivers/staging/rtl8192u/r8192U_core.c
index 8834c23d67fc..f16a0a45611f 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -1762,7 +1762,50 @@ void rtl8192_usb_deleteendpoints(struct net_device *dev)
}
#endif
-static void rtl8192_update_ratr_table(struct net_device *dev);
+static void rtl8192_update_ratr_table(struct net_device *dev)
+{
+ struct r8192_priv *priv = ieee80211_priv(dev);
+ struct ieee80211_device *ieee = priv-ieee80211;
+ u8 *pMcsRate = ieee-dot11HTOperationalRateSet;
+ u32 ratr_value = 0;
+ u8 rate_index = 0;
+ rtl8192_config_rate(dev, (u16 *)(ratr_value));
+
+ ratr_value |= (*(u16 *)(pMcsRate)) 12;
+ switch (ieee-mode) {
+ case IEEE_A:
+ ratr_value = 0x0FF0;
+ break;
+ case IEEE_B:
+ ratr_value = 0x000F;
+ break;
+ case IEEE_G:
+ ratr_value = 0x0FF7;
+ break;
+ case IEEE_N_24G:
+ case IEEE_N_5G:
+ if (ieee-pHTInfo-PeerMimoPs == 0) { /* MIMO_PS_STATIC */
+ ratr_value = 0x0007F007;
+ } else {
+ if (priv-rf_type == RF_1T2R)
+ ratr_value = 0x000FF007;
+ else
+ ratr_value = 0x0F81F007;
+ }
+ break;
+ default:
+ break;
+ }
+ ratr_value = 0x0FFF;
+ if (ieee-pHTInfo-bCurTxBW40MHz ieee-pHTInfo-bCurShortGI40MHz)
+ ratr_value |= 0x8000;
+ else if (!ieee-pHTInfo-bCurTxBW40MHz
ieee-pHTInfo-bCurShortGI20MHz)
+ ratr_value |= 0x8000;
+ write_nic_dword(dev, RATR0+rate_index*4, ratr_value);
+ write_nic_byte(dev, UFWP, 1);
+}
+
+
static void rtl8192_link_change(struct net_device *dev)
{
struct r8192_priv *priv = ieee80211_priv(dev);
@@ -1967,48 +2010,6 @@ static int rtl8192_handle_assoc_response(struct
net_device *dev,
}
-void rtl8192_update_ratr_table(struct net_device *dev)
-{
- struct r8192_priv *priv = ieee80211_priv(dev);
- struct ieee80211_device *ieee = priv-ieee80211;
- u8 *pMcsRate = ieee-dot11HTOperationalRateSet;
- u32 ratr_value = 0;
- u8 rate_index = 0;
- rtl8192_config_rate(dev, (u16 *)(ratr_value));
- ratr_value |= (*(u16 *)(pMcsRate)) 12;
- switch (ieee-mode) {
- case IEEE_A:
- ratr_value = 0x0FF0;
- break;
- case IEEE_B:
- ratr_value = 0x000F;
- break;
- case IEEE_G:
- ratr_value = 0x0FF7;
- break;
- case IEEE_N_24G:
- case IEEE_N_5G:
- if (ieee-pHTInfo-PeerMimoPs == 0) { /* MIMO_PS_STATIC */
- ratr_value = 0x0007F007;
- } else {
- if (priv-rf_type == RF_1T2R)
- ratr_value = 0x000FF007;
- else
- ratr_value = 0x0F81F007;
- }
- break;
- default:
- break;
- }
- ratr_value = 0x0FFF;
- if (ieee-pHTInfo-bCurTxBW40MHz ieee-pHTInfo-bCurShortGI40MHz)
- ratr_value |= 0x8000;
- else if (!ieee-pHTInfo-bCurTxBW40MHz
ieee-pHTInfo-bCurShortGI20MHz)
- ratr_value |= 0x8000;
- write_nic_dword(dev, RATR0+rate_index*4, ratr_value);
- write_nic_byte(dev, UFWP, 1);
-}
-
static u8 ccmp_ie[4] = {0x00, 0x50, 0xf2, 0x04};
static u8 ccmp_rsn_ie[4] = {0x00, 0x0f, 0xac, 0x04};
static bool GetNmodeSupportBySecCfg8192(struct net_device *dev)
--
2.3.4
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Staging: rtl8192 Clean up function definition
On Thu, Mar 26, 2015 at 11:37:45AM +0300, Dan Carpenter wrote: > Huh. Weird. Please, could you just move it forward instead so we don't > have to have the prototype declaration? > > regars, > dan carpenter > Dan You're right. That's a better solution. But I already got a message from Greg that he picked this up. I'll put together another patch to remove the prototype. Eddie -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Staging: rtl8192 Clean up function definition
On Thu, Mar 26, 2015 at 11:37:45AM +0300, Dan Carpenter wrote: Huh. Weird. Please, could you just move it forward instead so we don't have to have the prototype declaration? regars, dan carpenter Dan You're right. That's a better solution. But I already got a message from Greg that he picked this up. I'll put together another patch to remove the prototype. Eddie -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Staging: rtl8192 Clean up function definition
Change function definition to match its prototype declaration. This
fixes the following warning generated by sparse:
drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol
'rtl8192_update_ratr_table' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky
---
drivers/staging/rtl8192u/r8192U_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c
b/drivers/staging/rtl8192u/r8192U_core.c
index 8834c23d67fc..a4795afeeb9c 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -1967,7 +1967,7 @@ static int rtl8192_handle_assoc_response(struct
net_device *dev,
}
-void rtl8192_update_ratr_table(struct net_device *dev)
+static void rtl8192_update_ratr_table(struct net_device *dev)
{
struct r8192_priv *priv = ieee80211_priv(dev);
struct ieee80211_device *ieee = priv->ieee80211;
--
2.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Staging: rtl8192 Clean up function definition
Change function definition to match its prototype declaration. This
fixes the following warning generated by sparse:
drivers/staging/rtl8192u/r8192U_core.c:1970:6: warning: symbol
'rtl8192_update_ratr_table' was not declared. Should it be static?
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
drivers/staging/rtl8192u/r8192U_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c
b/drivers/staging/rtl8192u/r8192U_core.c
index 8834c23d67fc..a4795afeeb9c 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -1967,7 +1967,7 @@ static int rtl8192_handle_assoc_response(struct
net_device *dev,
}
-void rtl8192_update_ratr_table(struct net_device *dev)
+static void rtl8192_update_ratr_table(struct net_device *dev)
{
struct r8192_priv *priv = ieee80211_priv(dev);
struct ieee80211_device *ieee = priv-ieee80211;
--
2.3.4
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] staging: vt6655: fix sparse warning: argument type
Fixes following warning generated by sparse: drivers/staging/vt6655/baseband.c:2180:45: warning: incorrect type in argument 1 (different address spaces) drivers/staging/vt6655/baseband.c:2180:45:expected struct vnt_private *priv drivers/staging/vt6655/baseband.c:2180:45:got void [noderef] *dwIoBase Compile tested on next-20141219. Signed-off-by: Eddie Kovsky --- drivers/staging/vt6655/baseband.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/vt6655/baseband.c b/drivers/staging/vt6655/baseband.c index 86c72ba0a0cd..f8c5fc371c4c 100644 --- a/drivers/staging/vt6655/baseband.c +++ b/drivers/staging/vt6655/baseband.c @@ -2177,7 +2177,7 @@ bool BBbVT3253Init(struct vnt_private *priv) /* Init ANT B select,RX Config CR10 = 0x28->0x2A, 0x2A->0x28(VC1/VC2 define, make the ANT_A, ANT_B inverted) */ /*bResult &= BBbWriteEmbedded(dwIoBase,0x0a,0x28);*/ /* Select VC1/VC2, CR215 = 0x02->0x06 */ - bResult &= BBbWriteEmbedded(dwIoBase, 0xd7, 0x06); + bResult &= BBbWriteEmbedded(priv, 0xd7, 0x06); /* }} */ for (ii = 0; ii < CB_VT3253B0_AGC; ii++) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] staging: vt6655: fix sparse warning: argument type
Fixes following warning generated by sparse: drivers/staging/vt6655/baseband.c:2180:45: warning: incorrect type in argument 1 (different address spaces) drivers/staging/vt6655/baseband.c:2180:45:expected struct vnt_private *priv drivers/staging/vt6655/baseband.c:2180:45:got void [noderef] asn:2*dwIoBase Compile tested on next-20141219. Signed-off-by: Eddie Kovsky e...@edkovsky.org --- drivers/staging/vt6655/baseband.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/vt6655/baseband.c b/drivers/staging/vt6655/baseband.c index 86c72ba0a0cd..f8c5fc371c4c 100644 --- a/drivers/staging/vt6655/baseband.c +++ b/drivers/staging/vt6655/baseband.c @@ -2177,7 +2177,7 @@ bool BBbVT3253Init(struct vnt_private *priv) /* Init ANT B select,RX Config CR10 = 0x28-0x2A, 0x2A-0x28(VC1/VC2 define, make the ANT_A, ANT_B inverted) */ /*bResult = BBbWriteEmbedded(dwIoBase,0x0a,0x28);*/ /* Select VC1/VC2, CR215 = 0x02-0x06 */ - bResult = BBbWriteEmbedded(dwIoBase, 0xd7, 0x06); + bResult = BBbWriteEmbedded(priv, 0xd7, 0x06); /* }} */ for (ii = 0; ii CB_VT3253B0_AGC; ii++) -- 2.1.0 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] kconfig: Fix compiler warning
Fixes gcc warning when building linux-next:
In file included from scripts/kconfig/zconf.tab.c:2537:0:
scripts/kconfig/menu.c: In function ‘get_symbol_str’:
scripts/kconfig/menu.c:590:18: warning: ‘jump’ may be used uninitialized in
this function [-Wmaybe-uninitialized]
jump->offset = strlen(r->s);
^
scripts/kconfig/menu.c:551:19: note: ‘jump’ was declared here
struct jump_key *jump;
^
HOSTLD scripts/kconfig/conf
Moved the initialization of struct jump_key *jump outside the first
'if' branch so it can be available throughout the function.
Also uses the preferred pointer syntax for passing the size of a struct.
Tested on next-20141119.
Signed-off-by: Eddie Kovsky
---
scripts/kconfig/menu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index a26cc5d2a9b0..a728d23949e7 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -559,8 +559,8 @@ static void get_prompt_str(struct gstr *r, struct property
*prop,
if (location == NULL && accessible)
location = menu;
}
+ jump = xmalloc(sizeof(*jump));
if (head && location) {
- jump = xmalloc(sizeof(struct jump_key));
if (menu_is_visible(prop->menu)) {
/*
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] kconfig: Fix compiler warning
Fixes gcc warning when building linux-next:
In file included from scripts/kconfig/zconf.tab.c:2537:0:
scripts/kconfig/menu.c: In function ‘get_symbol_str’:
scripts/kconfig/menu.c:590:18: warning: ‘jump’ may be used uninitialized in
this function [-Wmaybe-uninitialized]
jump-offset = strlen(r-s);
^
scripts/kconfig/menu.c:551:19: note: ‘jump’ was declared here
struct jump_key *jump;
^
HOSTLD scripts/kconfig/conf
Moved the initialization of struct jump_key *jump outside the first
'if' branch so it can be available throughout the function.
Also uses the preferred pointer syntax for passing the size of a struct.
Tested on next-20141119.
Signed-off-by: Eddie Kovsky e...@edkovsky.org
---
scripts/kconfig/menu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index a26cc5d2a9b0..a728d23949e7 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -559,8 +559,8 @@ static void get_prompt_str(struct gstr *r, struct property
*prop,
if (location == NULL accessible)
location = menu;
}
+ jump = xmalloc(sizeof(*jump));
if (head location) {
- jump = xmalloc(sizeof(struct jump_key));
if (menu_is_visible(prop-menu)) {
/*
--
2.1.0
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] staging: clean up checkpatch warnings in lustre
Silence checkpatch warning: WARNING: type 'long long unsigned' should be specified in [[un]signed] [short|int|long|long long] order Signed-off-by: Eddie Kovsky --- drivers/staging/lustre/lustre/fid/lproc_fid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/lustre/fid/lproc_fid.c b/drivers/staging/lustre/lustre/fid/lproc_fid.c index 92a27fa..ecf654e 100644 --- a/drivers/staging/lustre/lustre/fid/lproc_fid.c +++ b/drivers/staging/lustre/lustre/fid/lproc_fid.c @@ -84,8 +84,8 @@ static int lprocfs_fid_write_common(const char __user *buffer, size_t count, /* of the form "[0x00024400 - 0x00028000400]" */ rc = sscanf(kernbuf, "[%llx - %llx]\n", - (long long unsigned *)_start, - (long long unsigned *)_end); + (unsigned long long *)_start, + (unsigned long long *)_end); if (!range_is_sane() || range_is_zero() || tmp.lsr_start < range->lsr_start || tmp.lsr_end > range->lsr_end) return -EINVAL; -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] staging: clean up checkpatch warnings in lustre
Silence checkpatch warning: WARNING: type 'long long unsigned' should be specified in [[un]signed] [short|int|long|long long] order Signed-off-by: Eddie Kovsky e...@edkovsky.org --- drivers/staging/lustre/lustre/fid/lproc_fid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/lustre/fid/lproc_fid.c b/drivers/staging/lustre/lustre/fid/lproc_fid.c index 92a27fa..ecf654e 100644 --- a/drivers/staging/lustre/lustre/fid/lproc_fid.c +++ b/drivers/staging/lustre/lustre/fid/lproc_fid.c @@ -84,8 +84,8 @@ static int lprocfs_fid_write_common(const char __user *buffer, size_t count, /* of the form [0x00024400 - 0x00028000400] */ rc = sscanf(kernbuf, [%llx - %llx]\n, - (long long unsigned *)tmp.lsr_start, - (long long unsigned *)tmp.lsr_end); + (unsigned long long *)tmp.lsr_start, + (unsigned long long *)tmp.lsr_end); if (!range_is_sane(tmp) || range_is_zero(tmp) || tmp.lsr_start range-lsr_start || tmp.lsr_end range-lsr_end) return -EINVAL; -- 1.9.3 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
