1. 08 Jul, 2021 24 commits
    • Kefeng Wang's avatar
      nios2: convert to setup_initial_init_mm() · 4154267a
      Kefeng Wang authored
      Use setup_initial_init_mm() helper to simplify code.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-10-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Ley Foon Tan <ley.foon.tan@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4154267a
    • Kefeng Wang's avatar
      nds32: convert to setup_initial_init_mm() · de26fb41
      Kefeng Wang authored
      Use setup_initial_init_mm() helper to simplify code.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-9-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Nick Hu <nickhu@andestech.com>
      Cc: Greentime Hu <green.hu@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      de26fb41
    • Kefeng Wang's avatar
    • Kefeng Wang's avatar
      h8300: convert to setup_initial_init_mm() · 9772bdef
      Kefeng Wang authored
      Use setup_initial_init_mm() helper to simplify code.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-7-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9772bdef
    • Kefeng Wang's avatar
    • Kefeng Wang's avatar
      arm64: convert to setup_initial_init_mm() · 29ffbca1
      Kefeng Wang authored
      Use setup_initial_init_mm() helper to simplify code.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-5-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      29ffbca1
    • Kefeng Wang's avatar
    • Kefeng Wang's avatar
      arc: convert to setup_initial_init_mm() · 8e339d50
      Kefeng Wang authored
      Use setup_initial_init_mm() helper to simplify code.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-3-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Acked-by: Vineet Gupta <vgupta@synopsys.com>	arch/arc]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8e339d50
    • Kefeng Wang's avatar
      mm: add setup_initial_init_mm() helper · 5748fbc5
      Kefeng Wang authored
      Patch series "init_mm: cleanup ARCH's text/data/brk setup code", v3.
      
      Add setup_initial_init_mm() helper, then use it to cleanup the text, data
      and brk setup code.
      
      This patch (of 15):
      
      Add setup_initial_init_mm() helper to setup kernel text, data and brk.
      
      Link: https://lkml.kernel.org/r/20210608083418.137226-1-wangkefeng.wang@huawei.com
      Link: https://lkml.kernel.org/r/20210608083418.137226-2-wangkefeng.wang@huawei.comSigned-off-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Souptick Joarder <jrdr.linux@gmail.com>
      Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Greentime Hu <green.hu@gmail.com>
      Cc: Greg Ungerer <gerg@linux-m68k.org>
      Cc: Guo Ren <guoren@kernel.org>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Ley Foon Tan <ley.foon.tan@intel.com>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Nick Hu <nickhu@andestech.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
      Cc: Stafford Horne <shorne@gmail.com>
      Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: Vineet Gupta <vgupta@synopsys.com>
      Cc: Will Deacon <will@kernel.org>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5748fbc5
    • Zhen Lei's avatar
      mm: fix spelling mistakes in header files · 06c88398
      Zhen Lei authored
      Fix some spelling mistakes in comments:
      successfull ==> successful
      potentialy ==> potentially
      alloced ==> allocated
      indicies ==> indices
      wont ==> won't
      resposible ==> responsible
      dirtyness ==> dirtiness
      droppped ==> dropped
      alread ==> already
      occured ==> occurred
      interupts ==> interrupts
      extention ==> extension
      slighly ==> slightly
      Dont't ==> Don't
      
      Link: https://lkml.kernel.org/r/20210531034849.9549-2-thunder.leizhen@huawei.comSigned-off-by: default avatarZhen Lei <thunder.leizhen@huawei.com>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: Dennis Zhou <dennis@kernel.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Christoph Lameter <cl@linux.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      06c88398
    • Mike Rapoport's avatar
      secretmem: test: add basic selftest for memfd_secret(2) · 76fe17ef
      Mike Rapoport authored
      The test verifies that file descriptor created with memfd_secret does not
      allow read/write operations, that secret memory mappings respect
      RLIMIT_MEMLOCK and that remote accesses with process_vm_read() and
      ptrace() to the secret memory fail.
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-8-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      76fe17ef
    • Mike Rapoport's avatar
      arch, mm: wire up memfd_secret system call where relevant · 7bb7f2ac
      Mike Rapoport authored
      Wire up memfd_secret system call on architectures that define
      ARCH_HAS_SET_DIRECT_MAP, namely arm64, risc-v and x86.
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-7-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Acked-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7bb7f2ac
    • Mike Rapoport's avatar
      PM: hibernate: disable when there are active secretmem users · 9a436f8f
      Mike Rapoport authored
      It is unsafe to allow saving of secretmem areas to the hibernation
      snapshot as they would be visible after the resume and this essentially
      will defeat the purpose of secret memory mappings.
      
      Prevent hibernation whenever there are active secret memory users.
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-6-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9a436f8f
    • Mike Rapoport's avatar
      mm: introduce memfd_secret system call to create "secret" memory areas · 1507f512
      Mike Rapoport authored
      Introduce "memfd_secret" system call with the ability to create memory
      areas visible only in the context of the owning process and not mapped not
      only to other processes but in the kernel page tables as well.
      
      The secretmem feature is off by default and the user must explicitly
      enable it at the boot time.
      
      Once secretmem is enabled, the user will be able to create a file
      descriptor using the memfd_secret() system call.  The memory areas created
      by mmap() calls from this file descriptor will be unmapped from the kernel
      direct map and they will be only mapped in the page table of the processes
      that have access to the file descriptor.
      
      Secretmem is designed to provide the following protections:
      
      * Enhanced protection (in conjunction with all the other in-kernel
        attack prevention systems) against ROP attacks.  Seceretmem makes
        "simple" ROP insufficient to perform exfiltration, which increases the
        required complexity of the attack.  Along with other protections like
        the kernel stack size limit and address space layout randomization which
        make finding gadgets is really hard, absence of any in-kernel primitive
        for accessing secret memory means the one gadget ROP attack can't work.
        Since the only way to access secret memory is to reconstruct the missing
        mapping entry, the attacker has to recover the physical page and insert
        a PTE pointing to it in the kernel and then retrieve the contents.  That
        takes at least three gadgets which is a level of difficulty beyond most
        standard attacks.
      
      * Prevent cross-process secret userspace memory exposures.  Once the
        secret memory is allocated, the user can't accidentally pass it into the
        kernel to be transmitted somewhere.  The secreremem pages cannot be
        accessed via the direct map and they are disallowed in GUP.
      
      * Harden against exploited kernel flaws.  In order to access secretmem,
        a kernel-side attack would need to either walk the page tables and
        create new ones, or spawn a new privileged uiserspace process to perform
        secrets exfiltration using ptrace.
      
      The file descriptor based memory has several advantages over the
      "traditional" mm interfaces, such as mlock(), mprotect(), madvise().  File
      descriptor approach allows explicit and controlled sharing of the memory
      areas, it allows to seal the operations.  Besides, file descriptor based
      memory paves the way for VMMs to remove the secret memory range from the
      userspace hipervisor process, for instance QEMU.  Andy Lutomirski says:
      
        "Getting fd-backed memory into a guest will take some possibly major
        work in the kernel, but getting vma-backed memory into a guest without
        mapping it in the host user address space seems much, much worse."
      
      memfd_secret() is made a dedicated system call rather than an extension to
      memfd_create() because it's purpose is to allow the user to create more
      secure memory mappings rather than to simply allow file based access to
      the memory.  Nowadays a new system call cost is negligible while it is way
      simpler for userspace to deal with a clear-cut system calls than with a
      multiplexer or an overloaded syscall.  Moreover, the initial
      implementation of memfd_secret() is completely distinct from
      memfd_create() so there is no much sense in overloading memfd_create() to
      begin with.  If there will be a need for code sharing between these
      implementation it can be easily achieved without a need to adjust user
      visible APIs.
      
      The secret memory remains accessible in the process context using uaccess
      primitives, but it is not exposed to the kernel otherwise; secret memory
      areas are removed from the direct map and functions in the
      follow_page()/get_user_page() family will refuse to return a page that
      belongs to the secret memory area.
      
      Once there will be a use case that will require exposing secretmem to the
      kernel it will be an opt-in request in the system call flags so that user
      would have to decide what data can be exposed to the kernel.
      
      Removing of the pages from the direct map may cause its fragmentation on
      architectures that use large pages to map the physical memory which
      affects the system performance.  However, the original Kconfig text for
      CONFIG_DIRECT_GBPAGES said that gigabyte pages in the direct map "...  can
      improve the kernel's performance a tiny bit ..." (commit 00d1c5e0
      ("x86: add gbpages switches")) and the recent report [1] showed that "...
      although 1G mappings are a good default choice, there is no compelling
      evidence that it must be the only choice".  Hence, it is sufficient to
      have secretmem disabled by default with the ability of a system
      administrator to enable it at boot time.
      
      Pages in the secretmem regions are unevictable and unmovable to avoid
      accidental exposure of the sensitive data via swap or during page
      migration.
      
      Since the secretmem mappings are locked in memory they cannot exceed
      RLIMIT_MEMLOCK.  Since these mappings are already locked independently
      from mlock(), an attempt to mlock()/munlock() secretmem range would fail
      and mlockall()/munlockall() will ignore secretmem mappings.
      
      However, unlike mlock()ed memory, secretmem currently behaves more like
      long-term GUP: secretmem mappings are unmovable mappings directly consumed
      by user space.  With default limits, there is no excessive use of
      secretmem and it poses no real problem in combination with
      ZONE_MOVABLE/CMA, but in the future this should be addressed to allow
      balanced use of large amounts of secretmem along with ZONE_MOVABLE/CMA.
      
      A page that was a part of the secret memory area is cleared when it is
      freed to ensure the data is not exposed to the next user of that page.
      
      The following example demonstrates creation of a secret mapping (error
      handling is omitted):
      
      	fd = memfd_secret(0);
      	ftruncate(fd, MAP_SIZE);
      	ptr = mmap(NULL, MAP_SIZE, PROT_READ | PROT_WRITE,
      		   MAP_SHARED, fd, 0);
      
      [1] https://lore.kernel.org/linux-mm/213b4567-46ce-f116-9cdf-bbd0c884eb3c@linux.intel.com/
      
      [akpm@linux-foundation.org: suppress Kconfig whine]
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-5-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Acked-by: default avatarHagen Paul Pfeifer <hagen@jauu.net>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1507f512
    • Mike Rapoport's avatar
      set_memory: allow querying whether set_direct_map_*() is actually enabled · 6d47c23b
      Mike Rapoport authored
      On arm64, set_direct_map_*() functions may return 0 without actually
      changing the linear map.  This behaviour can be controlled using kernel
      parameters, so we need a way to determine at runtime whether calls to
      set_direct_map_invalid_noflush() and set_direct_map_default_noflush() have
      any effect.
      
      Extend set_memory API with can_set_direct_map() function that allows
      checking if calling set_direct_map_*() will actually change the page
      table, replace several occurrences of open coded checks in arm64 with the
      new function and provide a generic stub for architectures that always
      modify page tables upon calls to set_direct_map APIs.
      
      [arnd@arndb.de: arm64: kfence: fix header inclusion ]
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-4-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6d47c23b
    • Mike Rapoport's avatar
      riscv/Kconfig: make direct map manipulation options depend on MMU · 10cc3278
      Mike Rapoport authored
      ARCH_HAS_SET_DIRECT_MAP and ARCH_HAS_SET_MEMORY configuration options have
      no meaning when CONFIG_MMU is disabled and there is no point to enable
      them for the nommu case.
      
      Add an explicit dependency on MMU for these options.
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-3-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      10cc3278
    • Mike Rapoport's avatar
      mmap: make mlock_future_check() global · 6aeb2542
      Mike Rapoport authored
      Patch series "mm: introduce memfd_secret system call to create "secret" memory areas", v20.
      
      This is an implementation of "secret" mappings backed by a file
      descriptor.
      
      The file descriptor backing secret memory mappings is created using a
      dedicated memfd_secret system call The desired protection mode for the
      memory is configured using flags parameter of the system call.  The mmap()
      of the file descriptor created with memfd_secret() will create a "secret"
      memory mapping.  The pages in that mapping will be marked as not present
      in the direct map and will be present only in the page table of the owning
      mm.
      
      Although normally Linux userspace mappings are protected from other users,
      such secret mappings are useful for environments where a hostile tenant is
      trying to trick the kernel into giving them access to other tenants
      mappings.
      
      It's designed to provide the following protections:
      
      * Enhanced protection (in conjunction with all the other in-kernel
        attack prevention systems) against ROP attacks.  Seceretmem makes
        "simple" ROP insufficient to perform exfiltration, which increases the
        required complexity of the attack.  Along with other protections like
        the kernel stack size limit and address space layout randomization which
        make finding gadgets is really hard, absence of any in-kernel primitive
        for accessing secret memory means the one gadget ROP attack can't work.
        Since the only way to access secret memory is to reconstruct the missing
        mapping entry, the attacker has to recover the physical page and insert
        a PTE pointing to it in the kernel and then retrieve the contents.  That
        takes at least three gadgets which is a level of difficulty beyond most
        standard attacks.
      
      * Prevent cross-process secret userspace memory exposures.  Once the
        secret memory is allocated, the user can't accidentally pass it into the
        kernel to be transmitted somewhere.  The secreremem pages cannot be
        accessed via the direct map and they are disallowed in GUP.
      
      * Harden against exploited kernel flaws.  In order to access secretmem,
        a kernel-side attack would need to either walk the page tables and
        create new ones, or spawn a new privileged uiserspace process to perform
        secrets exfiltration using ptrace.
      
      In the future the secret mappings may be used as a mean to protect guest
      memory in a virtual machine host.
      
      For demonstration of secret memory usage we've created a userspace library
      
      https://git.kernel.org/pub/scm/linux/kernel/git/jejb/secret-memory-preloader.git
      
      that does two things: the first is act as a preloader for openssl to
      redirect all the OPENSSL_malloc calls to secret memory meaning any secret
      keys get automatically protected this way and the other thing it does is
      expose the API to the user who needs it.  We anticipate that a lot of the
      use cases would be like the openssl one: many toolkits that deal with
      secret keys already have special handling for the memory to try to give
      them greater protection, so this would simply be pluggable into the
      toolkits without any need for user application modification.
      
      Hiding secret memory mappings behind an anonymous file allows usage of the
      page cache for tracking pages allocated for the "secret" mappings as well
      as using address_space_operations for e.g.  page migration callbacks.
      
      The anonymous file may be also used implicitly, like hugetlb files, to
      implement mmap(MAP_SECRET) and use the secret memory areas with "native"
      mm ABIs in the future.
      
      Removing of the pages from the direct map may cause its fragmentation on
      architectures that use large pages to map the physical memory which
      affects the system performance.  However, the original Kconfig text for
      CONFIG_DIRECT_GBPAGES said that gigabyte pages in the direct map "...  can
      improve the kernel's performance a tiny bit ..." (commit 00d1c5e0
      ("x86: add gbpages switches")) and the recent report [1] showed that "...
      although 1G mappings are a good default choice, there is no compelling
      evidence that it must be the only choice".  Hence, it is sufficient to
      have secretmem disabled by default with the ability of a system
      administrator to enable it at boot time.
      
      In addition, there is also a long term goal to improve management of the
      direct map.
      
      [1] https://lore.kernel.org/linux-mm/213b4567-46ce-f116-9cdf-bbd0c884eb3c@linux.intel.com/
      
      This patch (of 7):
      
      It will be used by the upcoming secret memory implementation.
      
      Link: https://lkml.kernel.org/r/20210518072034.31572-1-rppt@kernel.org
      Link: https://lkml.kernel.org/r/20210518072034.31572-2-rppt@kernel.orgSigned-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christopher Lameter <cl@linux.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Elena Reshetova <elena.reshetova@intel.com>
      Cc: Hagen Paul Pfeifer <hagen@jauu.net>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Bottomley <jejb@linux.ibm.com>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Palmer Dabbelt <palmer@dabbelt.com>
      Cc: Palmer Dabbelt <palmerdabbelt@google.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Roman Gushchin <guro@fb.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: Will Deacon <will@kernel.org>
      Cc: kernel test robot <lkp@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6aeb2542
    • Oliver Glitta's avatar
      mm/slub: use stackdepot to save stack trace in objects · 78869146
      Oliver Glitta authored
      Many stack traces are similar so there are many similar arrays.
      Stackdepot saves each unique stack only once.
      
      Replace field addrs in struct track with depot_stack_handle_t handle.  Use
      stackdepot to save stack trace.
      
      The benefits are smaller memory overhead and possibility to aggregate
      per-cache statistics in the future using the stackdepot handle instead of
      matching stacks manually.
      
      [rdunlap@infradead.org: rename save_stack_trace()]
        Link: https://lkml.kernel.org/r/20210513051920.29320-1-rdunlap@infradead.org
      [vbabka@suse.cz: fix lockdep splat]
        Link: https://lkml.kernel.org/r/20210516195150.26740-1-vbabka@suse.czLink: https://lkml.kernel.org/r/20210414163434.4376-1-glittao@gmail.comSigned-off-by: default avatarOliver Glitta <glittao@gmail.com>
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reviewed-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      78869146
    • Nathan Chancellor's avatar
      hexagon: select ARCH_WANT_LD_ORPHAN_WARN · 113616ec
      Nathan Chancellor authored
      Now that we handle all of the sections in a Hexagon defconfig, select
      ARCH_WANT_LD_ORPHAN_WARN so that unhandled sections are warned about by
      default.
      
      Link: https://lkml.kernel.org/r/20210521011239.1332345-4-nathan@kernel.orgSigned-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Acked-by: default avatarBrian Cain <bcain@codeaurora.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Oliver Glitta <glittao@gmail.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      113616ec
    • Nathan Chancellor's avatar
      hexagon: use common DISCARDS macro · 681ba73c
      Nathan Chancellor authored
      ld.lld warns that the '.modinfo' section is not currently handled:
      
      ld.lld: warning: kernel/built-in.a(workqueue.o):(.modinfo) is being placed in '.modinfo'
      ld.lld: warning: kernel/built-in.a(printk/printk.o):(.modinfo) is being placed in '.modinfo'
      ld.lld: warning: kernel/built-in.a(irq/spurious.o):(.modinfo) is being placed in '.modinfo'
      ld.lld: warning: kernel/built-in.a(rcu/update.o):(.modinfo) is being placed in '.modinfo'
      
      The '.modinfo' section was added in commit 898490c0 ("moduleparam:
      Save information about built-in modules in separate file") to the DISCARDS
      macro but Hexagon has never used that macro.  The unification of DISCARDS
      happened in commit 023bf6f1 ("linker script: unify usage of discard
      definition") in 2009, prior to Hexagon being added in 2011.
      
      Switch Hexagon over to the DISCARDS macro so that anything that is
      expected to be discarded gets discarded.
      
      Link: https://lkml.kernel.org/r/20210521011239.1332345-3-nathan@kernel.org
      Fixes: e95bf452 ("Hexagon: Add configuration and makefiles for the Hexagon architecture.")
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Acked-by: default avatarBrian Cain <bcain@codeaurora.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Oliver Glitta <glittao@gmail.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      681ba73c
    • Nathan Chancellor's avatar
      hexagon: handle {,SOFT}IRQENTRY_TEXT in linker script · 6fef087d
      Nathan Chancellor authored
      Patch series "hexagon: Fix build error with CONFIG_STACKDEPOT and select CONFIG_ARCH_WANT_LD_ORPHAN_WARN".
      
      This series fixes an error with ARCH=hexagon that was pointed out by the
      patch "mm/slub: use stackdepot to save stack trace in objects".
      
      The first patch fixes that error by handling the '.irqentry.text' and
      '.softirqentry.text' sections.
      
      The second patch switches Hexagon over to the common DISCARDS macro, which
      should have been done when Hexagon was merged into the tree to match
      commit 023bf6f1 ("linker script: unify usage of discard definition").
      
      The third patch selects CONFIG_ARCH_WANT_LD_ORPHAN_WARN so that something
      like this does not happen again.
      
      This patch (of 3):
      
      Patch "mm/slub: use stackdepot to save stack trace in objects" in -mm
      selects CONFIG_STACKDEPOT when CONFIG_STACKTRACE_SUPPORT is selected and
      CONFIG_STACKDEPOT requires IRQENTRY_TEXT and SOFTIRQENTRY_TEXT to be
      handled after commit 505a0ef1 ("kasan: stackdepot: move
      filter_irq_stacks() to stackdepot.c") due to the use of the
      __{,soft}irqentry_text_{start,end} section symbols.  If those sections are
      not handled, the build is broken.
      
      $ make ARCH=hexagon CROSS_COMPILE=hexagon-linux- LLVM=1 LLVM_IAS=1 defconfig all
      ...
      ld.lld: error: undefined symbol: __irqentry_text_start
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      
      ld.lld: error: undefined symbol: __irqentry_text_end
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      
      ld.lld: error: undefined symbol: __softirqentry_text_start
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      
      ld.lld: error: undefined symbol: __softirqentry_text_end
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      >>> referenced by stackdepot.c
      >>>               stackdepot.o:(filter_irq_stacks) in archive lib/built-in.a
      ...
      
      Add these sections to the Hexagon linker script so the build continues to
      work.  ld.lld's orphan section warning would have caught this prior to the
      -mm commit mentioned above:
      
      ld.lld: warning: kernel/built-in.a(softirq.o):(.softirqentry.text) is being placed in '.softirqentry.text'
      ld.lld: warning: kernel/built-in.a(softirq.o):(.softirqentry.text) is being placed in '.softirqentry.text'
      ld.lld: warning: kernel/built-in.a(softirq.o):(.softirqentry.text) is being placed in '.softirqentry.text'
      
      Link: https://lkml.kernel.org/r/20210521011239.1332345-1-nathan@kernel.org
      Link: https://lkml.kernel.org/r/20210521011239.1332345-2-nathan@kernel.org
      Link: https://github.com/ClangBuiltLinux/linux/issues/1381
      Fixes: 505a0ef1 ("kasan: stackdepot: move filter_irq_stacks() to stackdepot.c")
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Acked-by: default avatarBrian Cain <bcain@codeaurora.org>
      Cc: Oliver Glitta <glittao@gmail.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: David Rientjes <rientjes@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6fef087d
    • Zhen Lei's avatar
      lib: fix spelling mistakes in header files · c23c8082
      Zhen Lei authored
      Fix some spelling mistakes in comments found by "codespell":
      Hoever ==> However
      poiter ==> pointer
      representaion ==> representation
      uppon ==> upon
      independend ==> independent
      aquired ==> acquired
      mis-match ==> mismatch
      scrach ==> scratch
      struture ==> structure
      Analagous ==> Analogous
      interation ==> iteration
      
      And some were discovered manually by Joe Perches and Christoph Lameter:
      stroed ==> stored
      arch independent ==> an architecture independent
      A example structure for ==> Example structure for
      
      Link: https://lkml.kernel.org/r/20210609150027.14805-2-thunder.leizhen@huawei.comSigned-off-by: default avatarZhen Lei <thunder.leizhen@huawei.com>
      Cc: Christoph Lameter <cl@gentwo.de>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Dennis Zhou <dennis@kernel.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Joe Perches <joe@perches.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c23c8082
    • Zhen Lei's avatar
      lib: fix spelling mistakes · 9dbbc3b9
      Zhen Lei authored
      Fix some spelling mistakes in comments:
      permanentely ==> permanently
      wont ==> won't
      remaning ==> remaining
      succed ==> succeed
      shouldnt ==> shouldn't
      alpha-numeric ==> alphanumeric
      storeing ==> storing
      funtion ==> function
      documenation ==> documentation
      Determin ==> Determine
      intepreted ==> interpreted
      ammount ==> amount
      obious ==> obvious
      interupts ==> interrupts
      occured ==> occurred
      asssociated ==> associated
      taking into acount ==> taking into account
      squence ==> sequence
      stil ==> still
      contiguos ==> contiguous
      matchs ==> matches
      
      Link: https://lkml.kernel.org/r/20210607072555.12416-1-thunder.leizhen@huawei.comSigned-off-by: default avatarZhen Lei <thunder.leizhen@huawei.com>
      Reviewed-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9dbbc3b9
    • Zhen Lei's avatar
      lib/test: fix spelling mistakes · 53b0fe36
      Zhen Lei authored
      Fix some spelling mistakes in comments found by "codespell":
      thats ==> that's
      unitialized ==> uninitialized
      panicing ==> panicking
      sucess ==> success
      possitive ==> positive
      intepreted ==> interpreted
      
      Link: https://lkml.kernel.org/r/20210607133036.12525-2-thunder.leizhen@huawei.comSigned-off-by: default avatarZhen Lei <thunder.leizhen@huawei.com>
      Acked-by: Yonghong Song <yhs@fb.com>	[test_bfp.c]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      53b0fe36
  2. 07 Jul, 2021 6 commits
    • Linus Torvalds's avatar
      Merge tag 'modules-for-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · a931dd33
      Linus Torvalds authored
      Pull module updates from Jessica Yu:
      
       - Fix incorrect logic in module_kallsyms_on_each_symbol()
      
       - Fix for a Coccinelle warning
      
      * tag 'modules-for-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        module: correctly exit module_kallsyms_on_each_symbol when fn() != 0
        kernel/module: Use BUG_ON instead of if condition followed by BUG
      a931dd33
    • Linus Torvalds's avatar
      Merge tag 'x86-fpu-2021-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1423e266
      Linus Torvalds authored
      Pull x86 fpu updates from Thomas Gleixner:
       "Fixes and improvements for FPU handling on x86:
      
         - Prevent sigaltstack out of bounds writes.
      
           The kernel unconditionally writes the FPU state to the alternate
           stack without checking whether the stack is large enough to
           accomodate it.
      
           Check the alternate stack size before doing so and in case it's too
           small force a SIGSEGV instead of silently corrupting user space
           data.
      
         - MINSIGSTKZ and SIGSTKSZ are constants in signal.h and have never
           been updated despite the fact that the FPU state which is stored on
           the signal stack has grown over time which causes trouble in the
           field when AVX512 is available on a CPU. The kernel does not expose
           the minimum requirements for the alternate stack size depending on
           the available and enabled CPU features.
      
           ARM already added an aux vector AT_MINSIGSTKSZ for the same reason.
           Add it to x86 as well.
      
         - A major cleanup of the x86 FPU code. The recent discoveries of
           XSTATE related issues unearthed quite some inconsistencies,
           duplicated code and other issues.
      
           The fine granular overhaul addresses this, makes the code more
           robust and maintainable, which allows to integrate upcoming XSTATE
           related features in sane ways"
      
      * tag 'x86-fpu-2021-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (74 commits)
        x86/fpu/xstate: Clear xstate header in copy_xstate_to_uabi_buf() again
        x86/fpu/signal: Let xrstor handle the features to init
        x86/fpu/signal: Handle #PF in the direct restore path
        x86/fpu: Return proper error codes from user access functions
        x86/fpu/signal: Split out the direct restore code
        x86/fpu/signal: Sanitize copy_user_to_fpregs_zeroing()
        x86/fpu/signal: Sanitize the xstate check on sigframe
        x86/fpu/signal: Remove the legacy alignment check
        x86/fpu/signal: Move initial checks into fpu__restore_sig()
        x86/fpu: Mark init_fpstate __ro_after_init
        x86/pkru: Remove xstate fiddling from write_pkru()
        x86/fpu: Don't store PKRU in xstate in fpu_reset_fpstate()
        x86/fpu: Remove PKRU handling from switch_fpu_finish()
        x86/fpu: Mask PKRU from kernel XRSTOR[S] operations
        x86/fpu: Hook up PKRU into ptrace()
        x86/fpu: Add PKRU storage outside of task XSAVE buffer
        x86/fpu: Dont restore PKRU in fpregs_restore_userspace()
        x86/fpu: Rename xfeatures_mask_user() to xfeatures_mask_uabi()
        x86/fpu: Move FXSAVE_LEAK quirk info __copy_kernel_to_fpregs()
        x86/fpu: Rename __fpregs_load_activate() to fpregs_restore_userregs()
        ...
      1423e266
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 4ea90317
      Linus Torvalds authored
      Pull xen updates from Juergen Gross:
       "Only two minor patches this time: one cleanup patch and one patch
        refreshing a Xen header"
      
      * tag 'for-linus-5.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: sync include/xen/interface/io/ring.h with Xen's newest version
        xen: Use DEVICE_ATTR_*() macro
      4ea90317
    • Linus Torvalds's avatar
      Merge tag 'Wimplicit-fallthrough-clang-5.14-rc1' of... · 383df634
      Linus Torvalds authored
      Merge tag 'Wimplicit-fallthrough-clang-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull more fallthrough fixes from Gustavo Silva:
       "Fix maore fall-through warnings when building the kernel with clang
        and '-Wimplicit-fallthrough'"
      
      * tag 'Wimplicit-fallthrough-clang-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        Input: Fix fall-through warning for Clang
        scsi: aic94xx: Fix fall-through warning for Clang
        i3c: master: cdns: Fix fall-through warning for Clang
        net/mlx4: Fix fall-through warning for Clang
      383df634
    • Linus Torvalds's avatar
      Merge tag 'hwlock-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc · b5e6d126
      Linus Torvalds authored
      Pull hwspinlock updates from Bjorn Andersson:
       "This adds a driver for the hardware spinlock in Allwinner sun6i"
      
      * tag 'hwlock-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc:
        dt-bindings: hwlock: sun6i: Fix various warnings in binding
        hwspinlock: add sun6i hardware spinlock support
        dt-bindings: hwlock: add sun6i_hwspinlock
      b5e6d126
    • Linus Torvalds's avatar
      Merge tag 'rproc-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc · d0fe3f47
      Linus Torvalds authored
      Pull remoteproc updates from Bjorn Andersson:
       "This adds support for controlling the PRU and R5F clusters on the TI
        AM64x, the remote processor in i.MX7ULP, i.MX8MN/P and i.MX8ULP NXP
        and the audio, compute and modem remoteprocs in the Qualcomm SC8180x
        platform.
      
        It fixes improper ordering of cdev and device creation of the
        remoteproc control interface and it fixes resource leaks in the error
        handling path of rproc_add() and the Qualcomm modem and wifi
        remoteproc drivers.
      
        Lastly it fixes a few build warnings and replace the dummy parameter
        passed in the mailbox api of the stm32 driver to something not living
        on the stack"
      
      * tag 'rproc-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc: (32 commits)
        remoteproc: qcom: pas: Add SC8180X adsp, cdsp and mpss
        dt-bindings: remoteproc: qcom: pas: Add SC8180X adsp, cdsp and mpss
        remoteproc: imx_rproc: support i.MX8ULP
        dt-bindings: remoteproc: imx_rproc: support i.MX8ULP
        remoteproc: stm32: fix mbox_send_message call
        remoteproc: core: Cleanup device in case of failure
        remoteproc: core: Fix cdev remove and rproc del
        remoteproc: core: Move validate before device add
        remoteproc: core: Move cdev add before device add
        remoteproc: pru: Add support for various PRU cores on K3 AM64x SoCs
        dt-bindings: remoteproc: pru: Update bindings for K3 AM64x SoCs
        remoteproc: qcom_wcnss: Use devm_qcom_smem_state_get()
        remoteproc: qcom_q6v5: Use devm_qcom_smem_state_get() to fix missing put()
        soc: qcom: smem_state: Add devm_qcom_smem_state_get()
        dt-bindings: remoteproc: qcom: pas: Fix indentation warnings
        remoteproc: imx-rproc: Fix IMX_REMOTEPROC configuration
        remoteproc: imx_rproc: support i.MX8MN/P
        remoteproc: imx_rproc: support i.MX7ULP
        remoteproc: imx_rproc: make clk optional
        remoteproc: imx_rproc: initial support for mutilple start/stop method
        ...
      d0fe3f47
  3. 06 Jul, 2021 9 commits
    • Gustavo A. R. Silva's avatar
      Input: Fix fall-through warning for Clang · f1469e56
      Gustavo A. R. Silva authored
      In preparation to enable -Wimplicit-fallthrough for Clang, fix a
      warning by explicitly adding a fallthrough; statement.
      
      Notice that this seems to be a Duff device for performance[1]. So,
      although the code looks a bit _funny_, I didn't want to refactor
      or modify it beyond merely adding a fallthrough marking, which
      might be the least disruptive way to fix this issue.
      
      [1] https://www.drdobbs.com/a-reusable-duff-device/184406208
      
      Link: https://github.com/KSPP/linux/issues/115Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      f1469e56
    • Gustavo A. R. Silva's avatar
      scsi: aic94xx: Fix fall-through warning for Clang · 4e1c8c17
      Gustavo A. R. Silva authored
      In preparation to enable -Wimplicit-fallthrough for Clang, fix a
      warning by explicitly adding a fallthrough; statement.
      
      Notice that this seems to be a Duff device for performance[1]. So,
      although the code looks a bit _funny_, I didn't want to refactor
      or modify it beyond merely adding a fallthrough marking, which
      might be the least disruptive way to fix this issue.
      
      [1] https://www.drdobbs.com/a-reusable-duff-device/184406208
      
      Link: https://github.com/KSPP/linux/issues/115Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      4e1c8c17
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 77d34a46
      Linus Torvalds authored
      Pull ARM development updates from Russell King:
      
       - Make it clear __swp_entry_to_pte() uses PTE_TYPE_FAULT
      
       - Updates for setting vmalloc size via command line to resolve an issue
         with the 8MiB hole not properly being accounted for, and clean up the
         code.
      
       - ftrace support for module PLTs
      
       - Spelling fixes
      
       - kbuild updates for removing generated files and pattern rules for
         generating files
      
       - Clang/llvm updates
      
       - Change the way the kernel is mapped, placing it in vmalloc space
         instead.
      
       - Remove arm_pm_restart from arm and aarch64.
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: (29 commits)
        ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
        ARM: 9097/1: mmu: Declare section start/end correctly
        ARM: 9096/1: Remove arm_pm_restart()
        ARM: 9095/1: ARM64: Remove arm_pm_restart()
        ARM: 9094/1: Register with kernel restart handler
        ARM: 9093/1: drivers: firmwapsci: Register with kernel restart handler
        ARM: 9092/1: xen: Register with kernel restart handler
        ARM: 9091/1: Revert "mm: qsd8x50: Fix incorrect permission faults"
        ARM: 9090/1: Map the lowmem and kernel separately
        ARM: 9089/1: Define kernel physical section start and end
        ARM: 9088/1: Split KERNEL_OFFSET from PAGE_OFFSET
        ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
        ARM: 9086/1: syscalls: use pattern rules to generate syscall headers
        ARM: 9085/1: remove unneeded abi parameter to syscallnr.sh
        ARM: 9084/1: simplify the build rule of mach-types.h
        ARM: 9083/1: uncompress: atags_to_fdt: Spelling s/REturn/Return/
        ARM: 9082/1: [v2] mark prepare_page_table as __init
        ARM: 9079/1: ftrace: Add MODULE_PLTS support
        ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
        ARM: 9077/1: PLT: Move struct plt_entries definition to header
        ...
      77d34a46
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://github.com/openrisc/linux · 4c55e2ae
      Linus Torvalds authored
      Pull OpenRISC updates from Stafford Horne:
       "One change to simplify Litex CSR (MMIO register) access by limiting
        them to 32-bit offsets.
      
        Now that this is agreed on among Litex hardware and kernel developers
        it will allow us to start upstreaming other Litex peripheral drivers"
      
      * tag 'for-linus' of git://github.com/openrisc/linux:
        drivers/soc/litex: remove 8-bit subregister option
      4c55e2ae
    • Linus Torvalds's avatar
      Merge tag 'kgdb-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux · df8ba5f1
      Linus Torvalds authored
      Pull kgdb updates from Daniel Thompson:
       "This was a extremely quiet cycle for kgdb. This consists of two
        patches that between them address spelling errors and a switch
        fallthrough warning"
      
      * tag 'kgdb-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux:
        kgdb: Fix fall-through warning for Clang
        kgdb: Fix spelling mistakes
      df8ba5f1
    • Linus Torvalds's avatar
      Merge branch 'for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux · 76e2d16b
      Linus Torvalds authored
      Pull coccinelle updates from Julia Lawall:
       "There are two new semantic patches:
      
         - minmax: To use min and max instead of ? :
      
         - swap: To use swap when possible
      
        Some other semantic patches have been updated to better conform to
        Linux kernel developer expectations or to make the explanation message
        more clear.
      
        Finally, there is a fix for the coccicheck script"
      
      * 'for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
        coccinelle: api: remove kobj_to_dev.cocci script
        scripts: coccicheck: fix troubles on non-English builds
        coccinelle: misc: minmax: suppress patch generation for err returns
        drop unneeded *s
        coccinelle: irqf_oneshot: reduce the severity due to false positives
        coccinelle: misc: add swap script
        coccinelle: misc: update uninitialized_var.cocci documentation
        coccinelle: misc: restrict patch mode in flexible_array.cocci
        coccinelle: misc: add minmax script
      76e2d16b
    • Linus Torvalds's avatar
      Merge tag 'fuse-update-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 8e4f3e15
      Linus Torvalds authored
      Pull fuse updates from Miklos Szeredi:
      
       - Fixes for virtiofs submounts
      
       - Misc fixes and cleanups
      
      * tag 'fuse-update-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        virtiofs: Fix spelling mistakes
        fuse: use DIV_ROUND_UP helper macro for calculations
        fuse: fix illegal access to inode with reused nodeid
        fuse: allow fallocate(FALLOC_FL_ZERO_RANGE)
        fuse: Make fuse_fill_super_submount() static
        fuse: Switch to fc_mount() for submounts
        fuse: Call vfs_get_tree() for submounts
        fuse: add dedicated filesystem context ops for submounts
        virtiofs: propagate sync() to file server
        fuse: reject internal errno
        fuse: check connected before queueing on fpq->io
        fuse: ignore PG_workingset after stealing
        fuse: Fix infinite loop in sget_fc()
        fuse: Fix crash if superblock of submount gets killed early
        fuse: Fix crash in fuse_dentry_automount() error path
      8e4f3e15
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.14-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux · 729437e3
      Linus Torvalds authored
      Pull orangefs updates from Mike Marshall:
       "A read-ahead adjustment and a fix.
      
        The readahead adjustment was suggested by Matthew Wilcox and looks
        like how I should have written it in the first place... the "df fix"
        was suggested by Walt Ligon, some Orangefs users have been complaining
        about whacky df output..."
      
      * tag 'for-linus-5.14-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
        orangefs: fix orangefs df output.
        orangefs: readahead adjustment
      729437e3
    • Linus Torvalds's avatar
      Merge tag 'exfat-for-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat · 7a5e9a17
      Linus Torvalds authored
      Pull exfat updates from Namjae Jeon:
      
       - Improved compatibility issue with exfat from some camera vendors.
      
       - Do not need to release root inode on error path.
      
      * tag 'exfat-for-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
        exfat: handle wrong stream entry size in exfat_readdir()
        exfat: avoid incorrectly releasing for root inode
      7a5e9a17
  4. 05 Jul, 2021 1 commit
    • Linus Torvalds's avatar
      Merge tag 'usb-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 79160a60
      Linus Torvalds authored
      Pull USB / Thunderbolt updates from Greg KH:
       "Here is the big set of USB and Thunderbolt patches for 5.14-rc1.
      
        Nothing major here just lots of little changes for new hardware and
        features. Highlights are:
      
         - more USB 4 support added to the thunderbolt core
      
         - build warning fixes all over the place
      
         - usb-serial driver updates and new device support
      
         - mtu3 driver updates
      
         - gadget driver updates
      
         - dwc3 driver updates
      
         - dwc2 driver updates
      
         - isp1760 host driver updates
      
         - musb driver updates
      
         - lots of other tiny things.
      
        Full details are in the shortlog.
      
        All of these have been in linux-next for a while now with no reported
        issues"
      
      * tag 'usb-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (223 commits)
        phy: qcom-qusb2: Add configuration for SM4250 and SM6115
        dt-bindings: phy: qcom,qusb2: document sm4250/6115 compatible
        dt-bindings: usb: qcom,dwc3: Add bindings for sm6115/4250
        USB: cdc-acm: blacklist Heimann USB Appset device
        usb: xhci-mtk: allow multiple Start-Split in a microframe
        usb: ftdi-elan: remove redundant continue statement in a while-loop
        usb: class: cdc-wdm: return the correct errno code
        xhci: remove redundant continue statement
        usb: dwc3: Fix debugfs creation flow
        usb: gadget: hid: fix error return code in hid_bind()
        usb: gadget: eem: fix echo command packet response issue
        usb: gadget: f_hid: fix endianness issue with descriptors
        Revert "USB: misc: Add onboard_usb_hub driver"
        Revert "of/platform: Add stubs for of_platform_device_create/destroy()"
        Revert "usb: host: xhci-plat: Create platform device for onboard hubs in probe()"
        Revert "arm64: dts: qcom: sc7180-trogdor: Add nodes for onboard USB hub"
        xhci: solve a double free problem while doing s4
        xhci: handle failed buffer copy to URB sg list and fix a W=1 copiler warning
        xhci: Add adaptive interrupt rate for isoch TRBs with XHCI_AVOID_BEI quirk
        xhci: Remove unused defines for ERST_SIZE and ERST_ENTRIES
        ...
      79160a60