Add support for MHI endpoint power_down that includes stopping all
available channels, destroying the channels, resetting the event and
transfer rings and freeing the host cache.
The stack will be powered down whenever the physical bus link goes down.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-11-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for MHI endpoint power_up that includes initializing the MMIO
and rings, caching the host MHI registers, and setting the MHI state to M0.
After registering the MHI EP controller, the stack has to be powered up
for usage.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-10-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for processing MHI endpoint interrupts such as control
interrupt, command interrupt and channel interrupt from the host.
The interrupts will be generated in the endpoint device whenever host
writes to the corresponding doorbell registers. The doorbell logic
is handled inside the hardware internally.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-9-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for managing the MHI state machine by controlling the state
transitions. Only the following MHI state transitions are supported:
1. Ready state
2. M0 state
3. M3 state
4. SYS_ERR state
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-8-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for sending the events to the host over MHI bus from the
endpoint. Following events are supported:
1. Transfer completion event
2. Command completion event
3. State change event
4. Execution Environment (EE) change event
An event is sent whenever an operation has been completed in the MHI EP
device. Event is sent using the MHI event ring and additionally the host
is notified using an IRQ if required.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-7-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for managing the MHI ring. The MHI ring is a circular queue
of data structures used to pass the information between host and the
endpoint.
MHI support 3 types of rings:
1. Transfer ring
2. Event ring
3. Command ring
All rings reside inside the host memory and the MHI EP device maps it to
the device memory using blocks like PCIe iATU. The mapping is handled in
the MHI EP controller driver itself.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-6-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for managing the Memory Mapped Input Output (MMIO) registers
of the MHI bus. All MHI operations are carried out using the MMIO registers
by both host and the endpoint device.
The MMIO registers reside inside the endpoint device memory (fixed
location based on the platform) and the address is passed by the MHI EP
controller driver during its registration.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-5-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit adds support for creating and destroying MHI endpoint devices.
The MHI endpoint devices binds to the MHI endpoint channels and are used
to transfer data between MHI host and endpoint device.
There is a single MHI EP device for each channel pair. The devices will be
created when the corresponding channels has been started by the host and
will be destroyed during MHI EP power down and reset.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-4-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit adds support for registering MHI endpoint client drivers
with the MHI endpoint stack. MHI endpoint client drivers bind to one
or more MHI endpoint devices inorder to send and receive the upper-layer
protocol packets like IP packets, modem control messages, and
diagnostics messages over MHI bus.
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-3-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit adds support for registering MHI endpoint controller drivers
with the MHI endpoint stack. MHI endpoint controller drivers manage
the interaction with the host machines (such as x86). They are also the
MHI endpoint bus master in charge of managing the physical link between
the host and endpoint device. Eventhough the MHI spec is bus agnostic,
the current implementation is entirely based on PCIe bus.
The endpoint controller driver encloses all information about the
underlying physical bus like PCIe. The registration process involves
parsing the channel configuration and allocating an MHI EP device.
Channels used in the endpoint stack follows the perspective of the MHI
host stack. i.e.,
UL - From host to endpoint
DL - From endpoint to host
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220405135754.6622-2-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The use of kmap_atomic() is being deprecated in favor of kmap_local_page()
where it is feasible. Each call of kmap_atomic() in the kernel creates
a non-preemptible section and disable pagefaults. This could be a source
of unwanted latency, so kmap_local_page() should be preferred.
With kmap_local_page(), the mapping is per thread, CPU local and not
globally visible. Furthermore, the mapping can be acquired from any context
(including interrupts). binder_alloc_do_buffer_copy() is a function where
the use of kmap_local_page() in place of kmap_atomic() is correctly suited.
Use kmap_local_page() / kunmap_local() in place of kmap_atomic() /
kunmap_atomic() but, instead of open coding the mappings and call memcpy()
to and from the virtual addresses of the mapped pages, prefer the use of
the memcpy_{to,from}_page() wrappers (as suggested by Christophe
Jaillet).
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Link: https://lore.kernel.org/r/20220425175754.8180-4-fmdefrancesco@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The use of kmap() is being deprecated in favor of kmap_local_page()
where it is feasible. With kmap_local_page(), the mapping is per
thread, CPU local and not globally visible.
binder_alloc_copy_user_to_buffer() is a function where the use of
kmap_local_page() in place of kmap() is correctly suited because
the mapping is local to the thread.
Therefore, use kmap_local_page() / kunmap_local().
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Link: https://lore.kernel.org/r/20220425175754.8180-3-fmdefrancesco@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The use of kmap() is being deprecated in favor of kmap_local_page()
where it is feasible. With kmap_local_page(), the mapping is per
thread, CPU local and not globally visible.
binder_alloc_clear_buf() is a function where the use of kmap_local_page()
in place of kmap() is correctly suited because the mapping is local to the
thread.
Therefore, use kmap_local_page() / kunmap_local() but, instead of open
coding these two functions and adding a memset() of the virtual address
of the mapping, prefer memset_page().
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Link: https://lore.kernel.org/r/20220425175754.8180-2-fmdefrancesco@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for ARM64 architecture so that the driver can now be built
and VMCI device can be used.
Update Kconfig file to allow the driver to be built on ARM64 as well.
Fail vmci_guest_probe_device() on ARM64 if the device does not support
MMIO register access. Lastly, add virtualization specific barriers
which map to actual memory barrier instructions on ARM64, because it
is required in case of ARM64 for queuepair (de)queuing.
Reviewed-by: Bryan Tan <bryantan@vmware.com>
Reviewed-by: Cyprien Laplace <claplace@vmware.com>
Signed-off-by: Vishnu Dasa <vdasa@vmware.com>
Link: https://lore.kernel.org/r/20220414193316.14356-1-vdasa@vmware.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The bug is here:
pmem->vaddr = NULL;
The list iterator 'pmem' will point to a bogus position containing
HEAD if the list is empty or no element is found. This case must
be checked before any use of the iterator, otherwise it will
lead to a invalid memory access.
To fix this bug, just gen_pool_free/set NULL/list_del() and return
when found, otherwise list_del HEAD and return;
Fixes: 7ca5ce8965 ("firmware: add Intel Stratix10 service layer driver")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220414035609.2239-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In 8619e5bdee ("/dev/mem: Bail out upon SIGKILL."), /dev/mem became
killable, and that commit noted:
Theoretically, reading/writing /dev/mem and /dev/kmem can become
"interruptible". But this patch chose "killable". Future patch will
make them "interruptible" so that we can revert to "killable" if
some program regressed.
So now we take the next step in making it "interruptible", by changing
fatal_signal_pending() into signal_pending().
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220407122638.490660-1-Jason@zx2c4.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
usb_get_dev is called in xillyusb_probe. So it is better to call
usb_put_dev before xdev is released.
Acked-by: Eli Billauer <eli.billauer@gmail.com>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220406075703.23464-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To move the list iterator variable into the list_for_each_entry_*()
macro in the future it should be avoided to use the list iterator
variable after the loop body.
To *never* use the list iterator variable after the loop it was
concluded to use a separate iterator variable instead of a
found boolean [1].
This removes the need to use a found variable and simply checking if
the variable was set, can determine if the break/goto was hit.
Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220327214551.2188544-1-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changed all remaining pr_XXX calls that write out debugging info into
dev_XXX calls, changed the needlessly verbose decoding of status bits
into dev_dbg(), so that it's supressed by the logging levels by default.
Forthermore the ds_recv_status function has a "dump" parameter that
enables extremely verbose logging, and that's used only once.
This has been factored out, and called explicitly at that one place.
Signed-off-by: Christian Vogel <vogelchr@vogel.cx>
Link: https://lore.kernel.org/r/20220324193246.16814-2-vogelchr@vogel.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The bug is here:
if (!buf) {
The list iterator value 'buf' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty (in this case, the
check 'if (!buf) {' will always be false and never exit expectly).
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'buf' as a dedicated pointer to
point to the found element.
Fixes: 2419e55e53 ("misc: fastrpc: add mmap/unmap support")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220327062202.5720-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To move the list iterator variable into the list_for_each_entry_*()
macro in the future it should be avoided to use the list iterator
variable after the loop body.
To *never* use the list iterator variable after the loop it was
concluded to use a separate iterator variable instead of a
found boolean [1].
This removes the need to use a found variable and simply checking if
the variable was set, can determine if the break/goto was hit.
Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
Acked-by: Eli Billauer <eli.billauer@gmail.com>
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220324070939.59297-1-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To move the list iterator variable into the list_for_each_entry_*()
macro in the future it should be avoided to use the list iterator
variable after the loop body.
To *never* use the list iterator variable after the loop it was
concluded to use a separate iterator variable instead of a
found boolean [1].
This removes the need to use a found variable and simply checking if
the variable was set, can determine if the break/goto was hit.
Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220324073151.66305-1-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The VMware balloon might be reset multiple times during execution. Print
errors only once to avoid filling the log unnecessarily.
Signed-off-by: Nadav Amit <namit@vmware.com>
Link: https://lore.kernel.org/r/20220322170052.6351-1-namit@vmware.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Printing probe success is discouraged, because we can use tracing for
this purpose. Remove useless print message after Sunplus OCOTP driver
probe.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20220321110326.44652-3-krzk@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The "sp_otp_v0" file scope variable is not used outside, so make it
static to fix warning:
drivers/nvmem/sunplus-ocotp.c:74:29: sparse:
sparse: symbol 'sp_otp_v0' was not declared. Should it be static?
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20220321110326.44652-2-krzk@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
"bcm_otpc_acpi_ids" is used with ACPI_PTR, so a build with !CONFIG_ACPI
has a warning:
drivers/nvmem/bcm-ocotp.c:247:36: error:
‘bcm_otpc_acpi_ids’ defined but not used [-Werror=unused-const-variable=]
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20220321110326.44652-1-krzk@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Enable the feature check if the PM_FEATURE_CHECK API returns success
with the supported version for the ZynqMP. Currently, it is enabled
for Versal only.
Move get_set_conduit_method() at the beginning as the Linux is
requesting to TF-A for the PM_FEATURE_CHECK API version for which the
interface should be enabled with TF-A.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Link: https://lore.kernel.org/r/1649242526-17493-5-git-send-email-ronak.jain@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently, we are not checking feature check version for PM APIs as
the support may or may not there in the firmware. To check the whether
the feature check API is supported or not in the firmware, allow
checking for its own version.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Link: https://lore.kernel.org/r/1649242526-17493-4-git-send-email-ronak.jain@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christophe Leroy (1):
lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP
Jiasheng Jiang (1):
lkdtm/bugs: Check for the NULL pointer after calling kmalloc
Kees Cook (4):
lkdtm/heap: Note conditions for SLAB_LINEAR_OVERFLOW
lkdtm/usercopy: Expand size of "out of frame" object
lkdtm: Move crashtype definitions into each category
lkdtm: Add CFI_BACKWARD to test ROP mitigations
-----BEGIN PGP SIGNATURE-----
iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmJbMv4WHGtlZXNjb29r
QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgC2D/wKK+J1F4Xt5is5TRFhnEiWcDpG
6BW0yAYdzy9bfcojvROLkWEwr9CMLpwT1aEOtWgDHJEXAC6s+fLhenHDnEeTMK9s
guoN2nyerLPuZ9QaxUcNVAV4yZEtmalhfiJa4br7uPW4M3mf5bmbkSdcMQyz+D/K
wpwLIPLxyhnJk3jkeKIi39KGo5qEBPEuNo58RRy9/zpUgndFpayDWlAZTDgEYp9E
eZ9ouV11kBkxD4Ju8epGA+pT0usZJYU54/errYJOUSkMN8S7vAc9Nib1gmIL77yH
gcp8tiglkCZrQy0E68nb+bND7EUBqdGB9xmIoXd0Qoetq4+sMNHNUtMXH1gskaev
6S4xEid8rMqYlL+jXroeluGxmtNUnZXLWLjy5nQDrxlAJzVcBYNNCJbTdYZZMMT6
Kvd9EzDHwcHrcRXgqzAaNVbqvfREIPLAPuCuD55CWl/1yD60XtY8tdY2N9jNJRVR
ovGOtpW/uSfTKG2hryH/g/FGdmPPaQepK58iEJludxu7+fFycmu2tUxDkPGoezbh
ZgxvTiBnuQxJeNRuVmtIrHByD2rSHTccJLE66tkpuufBnox8n548Mj7O3zBO040E
iDCenoW/UA8I3yBReaKJLLndDMH3XEfITUPXjbmtKt4s9ks8Y8Jq5f2ejiS2OzSE
qwJwTXSRJ715eBKXyA==
=xzN7
-----END PGP SIGNATURE-----
Merge tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into char-misc-next
Kees writes:
lkdtm updates for next
Christophe Leroy (1):
lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP
Jiasheng Jiang (1):
lkdtm/bugs: Check for the NULL pointer after calling kmalloc
Kees Cook (4):
lkdtm/heap: Note conditions for SLAB_LINEAR_OVERFLOW
lkdtm/usercopy: Expand size of "out of frame" object
lkdtm: Move crashtype definitions into each category
lkdtm: Add CFI_BACKWARD to test ROP mitigations
* tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
lkdtm: Add CFI_BACKWARD to test ROP mitigations
lkdtm: Move crashtype definitions into each category
lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP
lkdtm/usercopy: Expand size of "out of frame" object
lkdtm/heap: Note conditions for SLAB_LINEAR_OVERFLOW
lkdtm/bugs: Check for the NULL pointer after calling kmalloc
This silences the following coccinelle warning:
drivers/s390/char/tape_34xx.c:360:38-39: WARNING: sum of probable bitmasks, consider |
we will try to make code cleaner
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Link: https://lore.kernel.org/r/1647846757-946-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace for spelling
keypresses to key presses
bytesize to byte size
specificly to specifically
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Tom Rix <trix@redhat.com>
Link: https://lore.kernel.org/r/20220329195401.3220408-1-trix@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In order to test various backward-edge control flow integrity methods,
add a test that manipulates the return address on the stack. Currently
only arm64 Pointer Authentication and Shadow Call Stack is supported.
$ echo CFI_BACKWARD | cat >/sys/kernel/debug/provoke-crash/DIRECT
Under SCS, successful test of the mitigation is reported as:
lkdtm: Performing direct entry CFI_BACKWARD
lkdtm: Attempting unchecked stack return address redirection ...
lkdtm: ok: redirected stack return address.
lkdtm: Attempting checked stack return address redirection ...
lkdtm: ok: control flow unchanged.
Under PAC, successful test of the mitigation is reported by the PAC
exception handler:
lkdtm: Performing direct entry CFI_BACKWARD
lkdtm: Attempting unchecked stack return address redirection ...
lkdtm: ok: redirected stack return address.
lkdtm: Attempting checked stack return address redirection ...
Unable to handle kernel paging request at virtual address bfffffc0088d0514
Mem abort info:
ESR = 0x86000004
EC = 0x21: IABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
[bfffffc0088d0514] address between user and kernel address ranges
...
If the CONFIGs are missing (or the mitigation isn't working), failure
is reported as:
lkdtm: Performing direct entry CFI_BACKWARD
lkdtm: Attempting unchecked stack return address redirection ...
lkdtm: ok: redirected stack return address.
lkdtm: Attempting checked stack return address redirection ...
lkdtm: FAIL: stack return address was redirected!
lkdtm: This is probably expected, since this kernel was built *without* CONFIG_ARM64_PTR_AUTH_KERNEL=y nor CONFIG_SHADOW_CALL_STACK=y
Co-developed-by: Dan Li <ashimida@linux.alibaba.com>
Signed-off-by: Dan Li <ashimida@linux.alibaba.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/lkml/20220416001103.1524653-1-keescook@chromium.org
It's long been annoying that to add a new LKDTM test one had to update
lkdtm.h and core.c to get it "registered". Switch to a per-category
list and update the crashtype walking code in core.c to handle it.
This also means that all the lkdtm_* tests themselves can be static now.
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
When you don't select CONFIG_UBSAN_TRAP, you get:
# echo ARRAY_BOUNDS > /sys/kernel/debug/provoke-crash/DIRECT
[ 102.265827] ================================================================================
[ 102.278433] UBSAN: array-index-out-of-bounds in drivers/misc/lkdtm/bugs.c:342:16
[ 102.287207] index 8 is out of range for type 'char [8]'
[ 102.298722] ================================================================================
[ 102.313712] lkdtm: FAIL: survived array bounds overflow!
[ 102.318770] lkdtm: Unexpected! This kernel (5.16.0-rc1-s3k-dev-01884-g720dcf79314a ppc) was built with CONFIG_UBSAN_BOUNDS=y
It is not correct because when CONFIG_UBSAN_TRAP is not selected
you can't expect array bounds overflow to kill the thread.
Modify the logic so that when the kernel is built with
CONFIG_UBSAN_BOUNDS but without CONFIG_UBSAN_TRAP, you get a warning
about CONFIG_UBSAN_TRAP not been selected instead.
This also require a fix of pr_expected_config(), otherwise the
following error is encountered.
CC drivers/misc/lkdtm/bugs.o
drivers/misc/lkdtm/bugs.c: In function 'lkdtm_ARRAY_BOUNDS':
drivers/misc/lkdtm/bugs.c:351:2: error: 'else' without a previous 'if'
351 | else
| ^~~~
Fixes: c75be56e35 ("lkdtm/bugs: Add ARRAY_BOUNDS to selftests")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/363b58690e907c677252467a94fe49444c80ea76.1649704381.git.christophe.leroy@csgroup.eu
To be sufficiently out of range for the usercopy test to see the lifetime
mismatch, expand the size of the "bad" buffer, which will let it be
beyond current_stack_pointer regardless of stack growth direction.
Paired with the recent addition of stack depth checking under
CONFIG_HARDENED_USERCOPY=y, this will correctly start tripping again.
Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/lkml/762faf1b-0443-5ddf-4430-44a20cf2ec4d@collabora.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
It wasn't clear when SLAB_LINEAR_OVERFLOW would be expected to trip.
Explicitly describe it and include the CONFIGs in the kselftest.
Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
As the possible failure of the kmalloc(), the not_checked and checked
could be NULL pointer.
Therefore, it should be better to check it in order to avoid the
dereference of the NULL pointer.
Also, we need to kfree the 'not_checked' and 'checked' to avoid
the memory leak if fails.
And since it is just a test, it may directly return without error
number.
Fixes: ae2e1aad3e ("drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220120092936.1874264-1-jiasheng@iscas.ac.cn
This is a single serial driver fix for a build issue that showed up due
to changes that came in through the tty tree in 5.18-rc1 that were
missed previously. It resolves a build error with the mpc52xx_uart
driver.
It has been in linux-next this week with no reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYlLSOw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ykUDQCgpgjEqSAUVXHS3NMjIppMSF8RfD4AoNYjH7Hl
oVs5nzWNDcbZPvvh+TFw
=F6pL
-----END PGP SIGNATURE-----
Merge tag 'tty-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull serial driver fix from Greg KH:
"This is a single serial driver fix for a build issue that showed up
due to changes that came in through the tty tree in 5.18-rc1 that were
missed previously. It resolves a build error with the mpc52xx_uart
driver.
It has been in linux-next this week with no reported problems"
* tag 'tty-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
tty: serial: mpc52xx_uart: make rx/tx hooks return unsigned, part II.
Here is a single staging driver fix for 5.18-rc2 that resolves an endian
issue for the r8188eu driver. It has been in linux-next all this week
with no reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYlLRlw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ylqdgCcCNVlN2uYRqAYjVyZmYSNKumgzN8AoMm1/DVT
bT68T73BB/g1TFMNjuwy
=Ho+t
-----END PGP SIGNATURE-----
Merge tag 'staging-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fix from Greg KH:
"Here is a single staging driver fix for 5.18-rc2 that resolves an
endian issue for the r8188eu driver. It has been in linux-next all
this week with no reported problems"
* tag 'staging-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: r8188eu: Fix PPPoE tag insertion on little endian systems
Here are 2 small driver core changes for 5.18-rc2.
They are the final bits in the removal of the default_attrs field in
struct kobj_type. I had to wait until after 5.18-rc1 for all of the
changes to do this came in through different development trees, and then
one new user snuck in. So this series has 2 changes:
- removal of the default_attrs field in the powerpc/pseries/vas
code. Change has been acked by the PPC maintainers to come
through this tree
- removal of default_attrs from struct kobj_type now that all
in-kernel users are removed. This cleans up the kobject code
a little bit and removes some duplicated functionality that
confused people (now there is only one way to do default
groups.)
All of these have been in linux-next for all of this week with no
reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYlLRHg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yn+9gCfXN0OvKmw5QD55z8YGp/jIycK0ToAnifJ/OX+
sU2V8ZQfNbV8xw7iXfc2
=L+Uc
-----END PGP SIGNATURE-----
Merge tag 'driver-core-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core updates from Greg KH:
"Here are two small driver core changes for 5.18-rc2.
They are the final bits in the removal of the default_attrs field in
struct kobj_type. I had to wait until after 5.18-rc1 for all of the
changes to do this came in through different development trees, and
then one new user snuck in. So this series has two changes:
- removal of the default_attrs field in the powerpc/pseries/vas code.
The change has been acked by the PPC maintainers to come through
this tree
- removal of default_attrs from struct kobj_type now that all
in-kernel users are removed.
This cleans up the kobject code a little bit and removes some
duplicated functionality that confused people (now there is only
one way to do default groups)
Both of these have been in linux-next for all of this week with no
reported problems"
* tag 'driver-core-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
kobject: kobj_type: remove default_attrs
powerpc/pseries/vas: use default_groups in kobj_type
Here is a single driver fix for 5.18-rc2. It resolves the build warning
issue on 32bit systems in the habannalabs driver that came in during the
5.18-rc1 merge cycle.
It has been in linux-next for all this week with no reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYlK+5Q8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ykTKQCgoOU9/+9EiS3crSlFzo24SdomjKAAoL1nQoN9
2s4KLX25ynnincGifSr5
=VVFs
-----END PGP SIGNATURE-----
Merge tag 'char-misc-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fix from Greg KH:
"A single driver fix. It resolves the build warning issue on 32bit
systems in the habannalabs driver that came in during the 5.18-rc1
merge cycle.
It has been in linux-next for all this week with no reported problems"
* tag 'char-misc-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
habanalabs: Fix test build failures
- Fix KVM "lost kick" race, where an attempt to pull a vcpu out of the guest could be
lost (or delayed until the next guest exit).
- Disable SCV (system call vectored) when PR KVM guests could be run.
- Fix KVM PR guests using SCV, by disallowing AIL != 0 for KVM PR guests.
- Add a new KVM CAP to indicate if AIL == 3 is supported.
- Fix a regression when hotplugging a CPU to a memoryless/cpuless node.
- Make virt_addr_valid() stricter for 64-bit Book3E & 32-bit, which fixes crashes seen
due to hardened usercopy.
- Revert a change to max_mapnr which broke HIGHMEM.
Thanks to: Christophe Leroy, Fabiano Rosas, Kefeng Wang, Nicholas Piggin, Srikar Dronamraju.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmJSzCYTHG1wZUBlbGxl
cm1hbi5pZC5hdQAKCRBR6+o8yOGlgFqxD/98cokv9ZFbXoPApT0rbZo/5Re5GWGj
IzSI4kuBI7j5oPqDdwusfF/pqKt+zFmr0fVsnhz2WYZ4gX4xr9B48OpmuIQvNNbx
46gz4wWIPE2C9xVnOtU829DTOXfFoBOQo16TFzE8wfiLFx9M8gF2oogTzvF14LML
+tbE2STL3ga6MGje8oZ3VOvvXrt9zrynTRt4W/SsfpkXvhQYRdGSPC2Rw6IkbN1k
XDoFPt+vN9C+g6ItW7OzBrkMvCSYNxmsptWAA48zCqbGOawXomYoZyFTS7fooX5E
nhGM9wAQGVNRlbnLgEtOAUv/Djz4yVz1gjR+4b7LF26AN3bd3CrQJ+whZJAAqw+G
I6wtRZI6DrZ4UH5sfjsUQaOIT6DcGlt2MTidGmG2hY+XlanKgiLCdIisnxAMa4+x
kBD1zqSuThPWgpryfKMex4r1WBZyZ27bcwQ9L9Z9GeCQN0V9cNfD8OHwyeKEuQEb
hA941h2qq9bzzVL/wrDxVesRSzXRXoBed77RCL2YUYLonybW+mxijqbaWNVcqqB0
Hr3/hhgq+0uYid5Ld9rxHnXl9yrJI9itakXNFU6dmzqZtQ7b4xaha21IME5zoIcJ
DRkTWGnub0wjp2Re1rdJVpTDREP19k+gPu/dVJFNlW16SG4/Lhg1xOLTkRNQ+gnt
Ayp4o27CPzoTJg==
=uNqF
-----END PGP SIGNATURE-----
Merge tag 'powerpc-5.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- Fix KVM "lost kick" race, where an attempt to pull a vcpu out of the
guest could be lost (or delayed until the next guest exit).
- Disable SCV (system call vectored) when PR KVM guests could be run.
- Fix KVM PR guests using SCV, by disallowing AIL != 0 for KVM PR
guests.
- Add a new KVM CAP to indicate if AIL == 3 is supported.
- Fix a regression when hotplugging a CPU to a memoryless/cpuless node.
- Make virt_addr_valid() stricter for 64-bit Book3E & 32-bit, which
fixes crashes seen due to hardened usercopy.
- Revert a change to max_mapnr which broke HIGHMEM.
Thanks to Christophe Leroy, Fabiano Rosas, Kefeng Wang, Nicholas Piggin,
and Srikar Dronamraju.
* tag 'powerpc-5.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
Revert "powerpc: Set max_mapnr correctly"
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
KVM: PPC: Move kvmhv_on_pseries() into kvm_ppc.h
powerpc/numa: Handle partially initialized numa nodes
powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S
KVM: PPC: Use KVM_CAP_PPC_AIL_MODE_3
KVM: PPC: Book3S PR: Disallow AIL != 0
KVM: PPC: Book3S PR: Disable SCV when AIL could be disabled
KVM: PPC: Book3S HV P9: Fix "lost kick" race
- A fix for a long standing bug in the ARM GICv3 redistributor polling
which uses the wrong bit number to test.
- Prevent translation of bogus ACPI table entries which map device
interrupts into the IPI space on ARM GICs.
- Don't write into the pending register of ARM GICV4 before the scan
in hardware has completed.
- A set of build and correctness fixes for the Qualcomm MPM driver
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmJSzCQTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYobYVD/9WP+8WMN+EUWtL4+fbSFswjvlXtSjY
wURTtcu4Vfadoren5f6I7aEOmgJhC3iUY4R8u9ftvuKi5lh8M2TWVMyFDXfYQa/3
qGlIHfVPQe3AtN/bY1nFnpkFWCVFhfA6EfKOOsBV6/lmP28gSytepc9B29rqfIQM
d67GC2MeidSVpxM4AtS2Dguiq+v/MdDcA1P2oMFcpkYwsPSpPNHdrn8F1EbJyXfV
O8bZ1stlPRaMTtLb7Dzkpo0JhW6okaLDHDAo2HiXB23PciW7JdzsALvWsidosBuG
/b63YHJQqEEk/8sIZDlf84xOUkkOTA6sWpqdxVlzMA71jfMnIs/YEtIQ41paEwE2
MEZPyygVnE8vPmjMjM8dypcQAK/IdAoqyWlbtlNfc+6BFvA6wMLTG+ipG9nEkAiI
YvmEI4PUdDa2hrV2S/ExHGyyVhtXZBHT13YFHmspm8cHOkPtUjPSXhVztLv9oQHR
yCD1rpqv/zYPVDXNXR6jG+idDkc1L/emFl/3X/vkabbt2bZs8DAJf03sdU8sbAl8
2goG5JREJZI07bCSPdovi1xN8gPlHkZeiv3dFPN3r4Sghxp/H2G+YlMZSD/H9Nti
YhH3zXgWKpfEUAaSGyNXl/6RkvUJ5+ZCOuZkZPJtmsn8ptXhb+Z2u4f69ZqlI0LE
bkd0uATF50ZwBA==
=SJ8P
-----END PGP SIGNATURE-----
Merge tag 'irq-urgent-2022-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Thomas Gleixner:
"A set of interrupt chip driver fixes:
- A fix for a long standing bug in the ARM GICv3 redistributor
polling which uses the wrong bit number to test.
- Prevent translation of bogus ACPI table entries which map device
interrupts into the IPI space on ARM GICs.
- Don't write into the pending register of ARM GICV4 before the scan
in hardware has completed.
- A set of build and correctness fixes for the Qualcomm MPM driver"
* tag 'irq-urgent-2022-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip/gic, gic-v3: Prevent GSI to SGI translations
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling
irqchip/irq-qcom-mpm: fix return value check in qcom_mpm_init()
irq/qcom-mpm: Fix build error without MAILBOX
- Use local labels in the exception table macros to avoid symbol
conflicts with clang LTO builds
- A couple of fixes to objtool checking of the relatively newly added
SLS and IBT code
- Rename a local var in the WARN* macro machinery to prevent shadowing
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmJSwSkACgkQEsHwGGHe
VUp6QQ//TGhL2xxLoN+7pYjIBDEDHJ3Oi0m6fOweqyQAZTYcm/rAPqd7hvoWVSoO
YsLdWi9jeMwkzG0ItSm/qPVm/UvrViXwuQMdz4nDWqg2IPFIbhgNA3CKCIyPTio2
WHp2NXvYyDnwPMr6xTTRndMDoxiwxMBnXf91pNwoU3toxw0GuUuXan0Y+GKnvx1A
sqhbpWO27bAmhKb26wPw5soJVxBbSqx+1TbFVG0Sz/uwYQowMa+nfNg1DXF0sXyJ
E/ssqBB6wjl7ANVbQsxBQHRzr/EksLVPwHHrlT8ga/5loin+VJ6mTBCPLgG7SMBE
+R1fm79Bp/9KU194fcqhJ3pvnyJPi8hfizzCqNKnK871V8LRzC+jW0l3EdvASEXC
sDj0XWsSFoWft9eAtMV11d641uVC4rLB90GyyzmWWrEw9BbxmasBgED6QBx9d+V6
o1L4y58Tsz88HKzwd0PtBkeGDkvkA7xOx8ViG24IeLA0tcbixnfnATQdelQeWKqO
4m3o1JU8ogJp9JCEBY7ZeXyStFjZMedM4U/V0akF6AKnpDuVfR3T5C68cYhoLKBu
XU6Swf5sFHImNWp0+54HPnXhHj/uhuwj9YWCkxx/eXViwvVlxSdTdIQWa380EddN
0KhOFLwLOdhha2+81FJc6vmkDHwiu6hlR38yqdGvdxZf/KPKjM0=
=kMtP
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
- Fix the MSI message data struct definition
- Use local labels in the exception table macros to avoid symbol
conflicts with clang LTO builds
- A couple of fixes to objtool checking of the relatively newly added
SLS and IBT code
- Rename a local var in the WARN* macro machinery to prevent shadowing
* tag 'x86_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/msi: Fix msi message data shadow struct
x86/extable: Prefer local labels in .set directives
x86,bpf: Avoid IBT objtool warning
objtool: Fix SLS validation for kcov tail-call replacement
objtool: Fix IBT tail-call detection
x86/bug: Prevent shadowing in __WARN_FLAGS
x86/mm/tlb: Revert retpoline avoidance approach
