linux-toradex.git/arch/um/kernel/um_arch.c, branch v6.7 Linux kernel for Apalis and Colibri modules x86/alternative: Rename apply_ibt_endbr() 2023-07-10T07:52:23+00:00 Peter Zijlstra peterz@infradead.org 2023-06-22T13:36:50+00:00 be0fffa5ca894a971a31c5e28aa77b633a97d1dc The current name doesn't reflect what it does very well. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Link: https://lkml.kernel.org/r/20230622144321.427441595%40infradead.org 
The current name doesn't reflect what it does very well.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lkml.kernel.org/r/20230622144321.427441595%40infradead.org
um/cpu: Switch to arch_cpu_finalize_init() 2023-06-16T08:16:00+00:00 Thomas Gleixner tglx@linutronix.de 2023-06-13T23:39:36+00:00 9349b5cd0908f8afe95529fc7a8cbb1417df9b0c check_bugs() is about to be phased out. Switch over to the new arch_cpu_finalize_init() implementation. No functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Richard Weinberger <richard@nod.at> Link: https://lore.kernel.org/r/20230613224545.493148694@linutronix.de 
check_bugs() is about to be phased out. Switch over to the new
arch_cpu_finalize_init() implementation.

No functional change.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Richard Weinberger <richard@nod.at>
Link: https://lore.kernel.org/r/20230613224545.493148694@linutronix.de
um: make stub data pages size tweakable 2023-04-20T21:08:43+00:00 Johannes Berg johannes.berg@intel.com 2023-04-14T13:46:39+00:00 6032aca0deb9c138df122192f8ef02de1fdccf25 There's a lot of code here that hard-codes that the data is a single page, and right now that seems to be sufficient, but to make it easier to change this in the future, add a new STUB_DATA_PAGES constant and use it throughout the code. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Richard Weinberger <richard@nod.at> 
There's a lot of code here that hard-codes that the
data is a single page, and right now that seems to
be sufficient, but to make it easier to change this
in the future, add a new STUB_DATA_PAGES constant
and use it throughout the code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
um: Make the definition of cpu_data more compatible 2023-02-10T20:36:58+00:00 Peter Foley pefoley2@pefoley.com 2023-01-13T04:49:07+00:00 2f2be5102480b1058182fa6c4b1e5c1732d6760c Match the x86 implementation to improve build errors. Noticed when building allyesconfig. e.g. ../arch/um/include/asm/processor-generic.h:94:19: error: called object is not a function or function pointer 94 | #define cpu_data (&boot_cpu_data) | ~^~~~~~~~~~~~~~~ ../drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:2157:16: note: in expansion of macro ‘cpu_data’ 2157 | return cpu_data(first_cpu_of_numa_node).apicid; Signed-off-by: Peter Foley <pefoley2@pefoley.com> Signed-off-by: Richard Weinberger <richard@nod.at> 
Match the x86 implementation to improve build errors.
Noticed when building allyesconfig.

e.g.
../arch/um/include/asm/processor-generic.h:94:19: error: called object is not a function or function pointer
   94 | #define cpu_data (&boot_cpu_data)
      |                  ~^~~~~~~~~~~~~~~
../drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:2157:16: note: in expansion of macro ‘cpu_data’
 2157 |         return cpu_data(first_cpu_of_numa_node).apicid;

Signed-off-by: Peter Foley <pefoley2@pefoley.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
x86/ibt: Implement FineIBT 2022-11-01T12:44:10+00:00 Peter Zijlstra peterz@infradead.org 2022-10-27T09:28:14+00:00 931ab63664f02b17d2213ef36b83e1e50190a0aa Implement an alternative CFI scheme that merges both the fine-grained nature of kCFI but also takes full advantage of the coarse grained hardware CFI as provided by IBT. To contrast: kCFI is a pure software CFI scheme and relies on being able to read text -- specifically the instruction *before* the target symbol, and does the hash validation *before* doing the call (otherwise control flow is compromised already). FineIBT is a software and hardware hybrid scheme; by ensuring every branch target starts with a hash validation it is possible to place the hash validation after the branch. This has several advantages: o the (hash) load is avoided; no memop; no RX requirement. o IBT WAIT-FOR-ENDBR state is a speculation stop; by placing the hash validation in the immediate instruction after the branch target there is a minimal speculation window and the whole is a viable defence against SpectreBHB. o Kees feels obliged to mention it is slightly more vulnerable when the attacker can write code. Obviously this patch relies on kCFI, but additionally it also relies on the padding from the call-depth-tracking patches. It uses this padding to place the hash-validation while the call-sites are re-written to modify the indirect target to be 16 bytes in front of the original target, thus hitting this new preamble. Notably, there is no hardware that needs call-depth-tracking (Skylake) and supports IBT (Tigerlake and onwards). Suggested-by: Joao Moreira (Intel) <joao@overdrivepizza.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20221027092842.634714496@infradead.org 
Implement an alternative CFI scheme that merges both the fine-grained
nature of kCFI but also takes full advantage of the coarse grained
hardware CFI as provided by IBT.

To contrast:

  kCFI is a pure software CFI scheme and relies on being able to read
text -- specifically the instruction *before* the target symbol, and
does the hash validation *before* doing the call (otherwise control
flow is compromised already).

  FineIBT is a software and hardware hybrid scheme; by ensuring every
branch target starts with a hash validation it is possible to place
the hash validation after the branch. This has several advantages:

   o the (hash) load is avoided; no memop; no RX requirement.

   o IBT WAIT-FOR-ENDBR state is a speculation stop; by placing
     the hash validation in the immediate instruction after
     the branch target there is a minimal speculation window
     and the whole is a viable defence against SpectreBHB.

   o Kees feels obliged to mention it is slightly more vulnerable
     when the attacker can write code.

Obviously this patch relies on kCFI, but additionally it also relies
on the padding from the call-depth-tracking patches. It uses this
padding to place the hash-validation while the call-sites are
re-written to modify the indirect target to be 16 bytes in front of
the original target, thus hitting this new preamble.

Notably, there is no hardware that needs call-depth-tracking (Skylake)
and supports IBT (Tigerlake and onwards).

Suggested-by: Joao Moreira (Intel) <joao@overdrivepizza.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221027092842.634714496@infradead.org
Merge tag 'for-linus-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux 2022-10-15T01:14:48+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-10-15T01:14:48+00:00 91080ab38f3eaa2a0af4888220d007698a2e7b03 Pull UML updates from Richard Weinberger: - Move to strscpy() - Improve panic notifiers - Fix NR_CPUS usage - Fixes for various comments - Fixes for virtio driver * tag 'for-linus-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux: uml: Remove the initialization of statics to 0 um: Do not initialise statics to 0. um: Fix comment typo um: Improve panic notifiers consistency and ordering um: remove unused reactivate_chan() declaration um: mmaper: add __exit annotations to module exit funcs um: virt-pci: add __init/__exit annotations to module init/exit funcs hostfs: move from strlcpy with unused retval to strscpy um: move from strlcpy with unused retval to strscpy um: increase default virtual physical memory to 64 MiB UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK um: read multiple msg from virtio slave request fd 
Pull UML updates from Richard Weinberger:

 - Move to strscpy()

 - Improve panic notifiers

 - Fix NR_CPUS usage

 - Fixes for various comments

 - Fixes for virtio driver

* tag 'for-linus-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux:
  uml: Remove the initialization of statics to 0
  um: Do not initialise statics to 0.
  um: Fix comment typo
  um: Improve panic notifiers consistency and ordering
  um: remove unused reactivate_chan() declaration
  um: mmaper: add __exit annotations to module exit funcs
  um: virt-pci: add __init/__exit annotations to module init/exit funcs
  hostfs: move from strlcpy with unused retval to strscpy
  um: move from strlcpy with unused retval to strscpy
  um: increase default virtual physical memory to 64 MiB
  UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
  um: read multiple msg from virtio slave request fd
um: Improve panic notifiers consistency and ordering 2022-09-19T21:04:54+00:00 Guilherme G. Piccoli gpiccoli@igalia.com 2022-08-19T22:17:24+00:00 758dfdb9185cf94160f20e85bbe05583e3cd4ff4 Currently the panic notifiers from user mode linux don't follow the convention for most of the other notifiers present in the kernel (indentation, priority setting, numeric return). More important, the priorities could be improved, since it's a special case (userspace), hence we could run the notifiers earlier; user mode linux shouldn't care much with other panic notifiers but the ordering among the mconsole and arch notifier is important, given that the arch one effectively triggers a core dump. Fix that by running the mconsole notifier as the first panic notifier, followed by the architecture one (that coredumps). Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Richard Weinberger <richard@nod.at> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com> V3: - No changes. V2: - Kept the notifier header to avoid implicit usage - thanks Johannes for the suggestion! Signed-off-by: Richard Weinberger <richard@nod.at> 
Currently the panic notifiers from user mode linux don't follow
the convention for most of the other notifiers present in the
kernel (indentation, priority setting, numeric return).
More important, the priorities could be improved, since it's a
special case (userspace), hence we could run the notifiers earlier;
user mode linux shouldn't care much with other panic notifiers but
the ordering among the mconsole and arch notifier is important,
given that the arch one effectively triggers a core dump.

Fix that by running the mconsole notifier as the first panic
notifier, followed by the architecture one (that coredumps).

Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Richard Weinberger <richard@nod.at>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>

V3:
- No changes.

V2:
- Kept the notifier header to avoid implicit usage - thanks
Johannes for the suggestion!

Signed-off-by: Richard Weinberger <richard@nod.at>
um: move from strlcpy with unused retval to strscpy 2022-09-19T20:45:24+00:00 Wolfram Sang wsa+renesas@sang-engineering.com 2022-08-18T20:59:51+00:00 e6e4d33f380fbfd85b909d16c9b639299e5c37a6 Follow the advice of the below link and prefer 'strscpy' in this subsystem. Conversion is 1:1 because the return value is not used. Generated by a coccinelle script. Link: https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/ Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Richard Weinberger <richard@nod.at> 
Follow the advice of the below link and prefer 'strscpy' in this
subsystem. Conversion is 1:1 because the return value is not used.
Generated by a coccinelle script.

Link: https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
um: increase default virtual physical memory to 64 MiB 2022-09-19T20:40:24+00:00 Christian Lamparter chunkeey@gmail.com 2022-08-06T19:52:23+00:00 0d644e918532f7eba2b02e0eaf60ee1a1b20a856 The current 32 MiB of RAM causes OOMs to appear shortly after booting in a minimal OpenWrt 22.03 configuration with a 5.10.134 kernel. Of course, passing a "mem=64M" (from the --help text) parameter works too, but it produces the following (info) message: | [ 0.000000] Unknown kernel command line parameters "mem=64M", will be passed to user space. That's why, I think it would be nicer, if this is working out of the box again :). Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Richard Weinberger <richard@nod.at> 
The current 32 MiB of RAM causes OOMs to appear shortly after
booting in a minimal OpenWrt 22.03 configuration with a
5.10.134 kernel.

Of course, passing a "mem=64M" (from the --help text) parameter
works too, but it produces the following (info) message:

| [    0.000000] Unknown kernel command line parameters "mem=64M", will be passed to user space.

That's why, I think it would be nicer, if this is working out
of the box again :).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
um: fix default console kernel parameter 2022-09-19T20:38:44+00:00 Christian Lamparter chunkeey@gmail.com 2022-08-06T19:52:22+00:00 782b1f70f8a8b28571949d2ba43fe88b96d75ec3 OpenWrt's UML with 5.15 was producing odd errors/warnings during preinit part of the early userspace portion: |[ 0.000000] Kernel command line: ubd0=root.img root=98:0 console=tty |[...] |[ 0.440000] random: jshn: uninitialized urandom read (4 bytes read) |[ 0.460000] random: jshn: uninitialized urandom read (4 bytes read) |/etc/preinit: line 47: can't create /dev/tty: No such device or address |/etc/preinit: line 48: can't create /dev/tty: No such device or address |/etc/preinit: line 58: can't open /dev/tty: No such device or address |[...] repeated many times That "/dev/tty" came from the command line (which is automatically added if no console= parameter was specified for the uml binary). The TLDP project tells the following about the /dev/tty: <https://tldp.org/HOWTO/Text-Terminal-HOWTO-7.html#ss7.3> | /dev/tty stands for the controlling terminal (if any) for the current | process.[...] | /dev/tty is something like a link to the actually terminal device[..] The "(if any)" is important here, since it's possible for processes to not have a controlling terminal. I think this was a simple typo and the author wanted tty0 there. CC: Thomas Meyer <thomas@m3y3r.de> Fixes: d7ffac33631b ("um: stdio_console: Make preferred console") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Richard Weinberger <richard@nod.at> 
OpenWrt's UML with 5.15 was producing odd errors/warnings during preinit
part of the early userspace portion:

|[    0.000000] Kernel command line: ubd0=root.img root=98:0 console=tty
|[...]
|[    0.440000] random: jshn: uninitialized urandom read (4 bytes read)
|[    0.460000] random: jshn: uninitialized urandom read (4 bytes read)
|/etc/preinit: line 47: can't create /dev/tty: No such device or address
|/etc/preinit: line 48: can't create /dev/tty: No such device or address
|/etc/preinit: line 58: can't open /dev/tty: No such device or address
|[...] repeated many times

That "/dev/tty" came from the command line (which is automatically
added if no console= parameter was specified for the uml binary).

The TLDP project tells the following about the /dev/tty:
<https://tldp.org/HOWTO/Text-Terminal-HOWTO-7.html#ss7.3>
| /dev/tty stands for the controlling terminal (if any) for the current
| process.[...]
| /dev/tty is something like a link to the actually terminal device[..]

The "(if any)" is important here, since it's possible for processes to
not have a controlling terminal.

I think this was a simple typo and the author wanted tty0 there.

CC: Thomas Meyer <thomas@m3y3r.de>
Fixes: d7ffac33631b ("um: stdio_console: Make preferred console")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>