Provide seccomp internals with the details to calculate which syscall
table the running kernel is expecting to deal with. This allows for
efficient architecture pinning and paves the way for constant-action
bitmaps.
Co-developed-by: YiFei Zhu <yifeifz2@illinois.edu>
Signed-off-by: YiFei Zhu <yifeifz2@illinois.edu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/da58c3733d95c4f2115dd94225dfbe2573ba4d87.1602431034.git.yifeifz2@illinois.edu
(cherry picked from commit 25db91209a)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: I48a434063e401b27834e4ba37b88a852da51300b
Bug: 176068146
SECCOMP_CACHE will only operate on syscalls that do not access
any syscall arguments or instruction pointer. To facilitate
this we need a static analyser to know whether a filter will
return allow regardless of syscall arguments for a given
architecture number / syscall number pair. This is implemented
here with a pseudo-emulator, and stored in a per-filter bitmap.
In order to build this bitmap at filter attach time, each filter is
emulated for every syscall (under each possible architecture), and
checked for any accesses of struct seccomp_data that are not the "arch"
nor "nr" (syscall) members. If only "arch" and "nr" are examined, and
the program returns allow, then we can be sure that the filter must
return allow independent from syscall arguments.
Nearly all seccomp filters are built from these cBPF instructions:
BPF_LD | BPF_W | BPF_ABS
BPF_JMP | BPF_JEQ | BPF_K
BPF_JMP | BPF_JGE | BPF_K
BPF_JMP | BPF_JGT | BPF_K
BPF_JMP | BPF_JSET | BPF_K
BPF_JMP | BPF_JA
BPF_RET | BPF_K
BPF_ALU | BPF_AND | BPF_K
Each of these instructions are emulated. Any weirdness or loading
from a syscall argument will cause the emulator to bail.
The emulation is also halted if it reaches a return. In that case,
if it returns an SECCOMP_RET_ALLOW, the syscall is marked as good.
Emulator structure and comments are from Kees [1] and Jann [2].
Emulation is done at attach time. If a filter depends on more
filters, and if the dependee does not guarantee to allow the
syscall, then we skip the emulation of this syscall.
[1] https://lore.kernel.org/lkml/20200923232923.3142503-5-keescook@chromium.org/
[2] https://lore.kernel.org/lkml/CAG48ez1p=dR_2ikKq=xVxkoGg0fYpTBpkhJSv1w-6BG=76PAvw@mail.gmail.com/
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: YiFei Zhu <yifeifz2@illinois.edu>
Reviewed-by: Jann Horn <jannh@google.com>
Co-developed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/71c7be2db5ee08905f41c3be5c1ad6e2601ce88f.1602431034.git.yifeifz2@illinois.edu
(cherry picked from commit 8e01b51a31)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: I5047f7f0d6502e5de6c047743f1053fda3025a6e
Bug: 176068146
The overhead of running Seccomp filters has been part of some past
discussions [1][2][3]. Oftentimes, the filters have a large number
of instructions that check syscall numbers one by one and jump based
on that. Some users chain BPF filters which further enlarge the
overhead. A recent work [6] comprehensively measures the Seccomp
overhead and shows that the overhead is non-negligible and has a
non-trivial impact on application performance.
We observed some common filters, such as docker's [4] or
systemd's [5], will make most decisions based only on the syscall
numbers, and as past discussions considered, a bitmap where each bit
represents a syscall makes most sense for these filters.
The fast (common) path for seccomp should be that the filter permits
the syscall to pass through, and failing seccomp is expected to be
an exceptional case; it is not expected for userspace to call a
denylisted syscall over and over.
When it can be concluded that an allow must occur for the given
architecture and syscall pair (this determination is introduced in
the next commit), seccomp will immediately allow the syscall,
bypassing further BPF execution.
Each architecture number has its own bitmap. The architecture
number in seccomp_data is checked against the defined architecture
number constant before proceeding to test the bit against the
bitmap with the syscall number as the index of the bit in the
bitmap, and if the bit is set, seccomp returns allow. The bitmaps
are all clear in this patch and will be initialized in the next
commit.
When only one architecture exists, the check against architecture
number is skipped, suggested by Kees Cook [7].
[1] https://lore.kernel.org/linux-security-module/c22a6c3cefc2412cad00ae14c1371711@huawei.com/T/
[2] https://lore.kernel.org/lkml/202005181120.971232B7B@keescook/T/
[3] https://github.com/seccomp/libseccomp/issues/116
[4] ae0ef82b90/profiles/seccomp/default.json
[5] 6743a1caf4/src/shared/seccomp-util.c (L270)
[6] Draco: Architectural and Operating System Support for System Call Security
https://tianyin.github.io/pub/draco.pdf, MICRO-53, Oct. 2020
[7] https://lore.kernel.org/bpf/202010091614.8BB0EB64@keescook/
Co-developed-by: Dimitrios Skarlatos <dskarlat@cs.cmu.edu>
Signed-off-by: Dimitrios Skarlatos <dskarlat@cs.cmu.edu>
Signed-off-by: YiFei Zhu <yifeifz2@illinois.edu>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/10f91a367ec4fcdea7fc3f086de3f5f13a4a7436.1602431034.git.yifeifz2@illinois.edu
(cherry picked from commit f9d480b6ff)A
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: I50b6682e17dc6e91b5e92017361200d722282825
Bug: 176068146
Export hrtimer_expire_entry/exit tracepoints, so that vendor modules
can register probes for these tracepoints.
Bug: 175936268
Change-Id: I739f369d3b56e09f8e9061fefdf25830e37e987e
Signed-off-by: Changki Kim <changki.kim@samsung.com>
Export workqueue_execute_start/end tracepoints, so that vendor modules
can register probes for these tracepoints.
Bug: 175936268
Change-Id: Ib4c8f39ff8305a1d52fbca9d06b5e792396a3a2d
Signed-off-by: Changki Kim <changki.kim@samsung.com>
Export irq_handle_exit tracepoint, so that vendor modules
can register probes for this tracepoint.
Bug: 175936268
Change-Id: I8e1eaffb7dd2f257e9c09412aad54ecca62bf019
Signed-off-by: Changki Kim <changki.kim@samsung.com>
Add a restricted vendor hook to check whether a set of tasks can
move to other cgorup.
Bug: 175808144
Signed-off-by: Choonghoon Park <choong.park@samsung.com>
Change-Id: If7bac83e0d2d1069b1436331989c3926645eab19
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/glbEACgkQONu9yGCS
aT7X0A//aM0PEYyJOrHCOnwQXb9Kbb4HEPvWp3KWM4lOe7o4kiec+DKr1Lsqekg9
XG6PWuNpFjf7kJ+ZD4Q1J9OY4Jo6dzjFAuUd3evyn9M9RX8ijZEqt1VQJa+AFuGK
xSMDeTEUmuSDfwU7cmvY2FhU7v9zUNnBxkKbHk7/zWvrxWi1F2ezmLRuhxROkMn4
urhsQvmkb1IZwSKVwqVKx5cY6InO5bJJJ649NvPnxr+ju24AHCojPC6p/BEbxnvw
ztnbvJlVGz3jelbL91OmVnMU6TzwGridD2JQUMuhHoFbJVbvmyvWxoXNXnDi4wkc
hLCbZWGi5V1shC9NWmwPfQCkRP9vF9fXq19J1fvASYXl9/HXxM2pnZrVOzF3b6LA
DL8sdQXyY3EjIAhQkcZARAyjR8ViiI/Eyb4cowUaPthgGG9SRG2giMMVHyyEepIr
6XuIxDeYoUDrKx89goecV+0P5D07Lw5Jao/46rcD3fj9RjUcJoC49nWAtjFq2Ko6
VpFYGvY2sS4zTOxclOMFBovQdITQHxkvWPrwDZFSPB8vTMNTtOspPW0CtLmzZuKV
Hp1asp00eA2WnpI/lgGAWfiPb8HxyoyNdIifbhb805SlQYC1cvk0MWy5nFwfL8fb
CVWccpCanSac8+rtwhS7Rf+oX0qNG1Iw/Siqx+iywLlhUv/IVlE=
=JRdI
-----END PGP SIGNATURE-----
Merge 5.10.2 into android-5.10
Changes in 5.10.2
ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
ktest.pl: If size of log is too big to email, email error message
ktest.pl: Fix the logic for truncating the size of the log file for email
USB: legotower: fix logical error in recent commit
USB: dummy-hcd: Fix uninitialized array use in init()
USB: add RESET_RESUME quirk for Snapscan 1212
ALSA: usb-audio: Fix potential out-of-bounds shift
ALSA: usb-audio: Fix control 'access overflow' errors from chmap
xhci: Give USB2 ports time to enter U3 in bus suspend
usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK
xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP
xhci-pci: Allow host runtime PM as default for Intel Maple Ridge xHCI
USB: UAS: introduce a quirk to set no_write_same
USB: sisusbvga: Make console support depend on BROKEN
ALSA: pcm: oss: Fix potential out-of-bounds shift
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
Linux 5.10.2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0dfd41a3ba5b102699ef78641fbe48ed16957a0f
commit d96f04d347 upstream.
It has been observed that once per 300-1300 port openings the first
transmitted byte is being corrupted on AM3352 ("v" written to FIFO appeared
as "e" on the wire). It only happened if single byte has been transmitted
right after port open, which means, DMA is not used for this transfer and
the corruption never happened afterwards.
Therefore I've carefully re-read the MDR1 errata (link below), which says
"when accessing the MDR1 registers that causes a dummy under-run condition
that will freeze the UART in IrDA transmission. In UART mode, this may
corrupt the transferred data". Strictly speaking,
omap_8250_mdr1_errataset() performs a read access and if the value is the
same as should be written, exits without errata-recommended FIFO reset.
A brief check of the serial_omap_mdr1_errataset() from the competing
omap-serial driver showed it has no read access of MDR1. After removing the
read access from omap_8250_mdr1_errataset() the data corruption never
happened any more.
Link: https://www.ti.com/lit/er/sprz360i/sprz360i.pdf
Fixes: 61929cf016 ("tty: serial: Add 8250-core based omap driver")
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Link: https://lore.kernel.org/r/20201210055257.1053028-1-alexander.sverdlin@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 175b8d89fe upstream.
syzbot spotted a potential out-of-bounds shift in the PCM OSS layer
where it calculates the buffer size with the arbitrary shift value
given via an ioctl.
Add a range check for avoiding the undefined behavior.
As the value can be treated by a signed integer, the max shift should
be 30.
Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201209084552.17109-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 862ee699fe upstream.
The console part of sisusbvga is broken vs. printk(). It uses in_atomic()
to detect contexts in which it cannot sleep despite the big fat comment in
preempt.h which says: Do not use in_atomic() in driver code.
in_atomic() does not work on kernels with CONFIG_PREEMPT_COUNT=n which
means that spin/rw_lock held regions are not detected by it.
There is no way to make this work by handing context information through to
the driver and this only can be solved once the core printk infrastructure
supports sleepable console drivers.
Make it depend on BROKEN for now.
Fixes: 1bbb4f2035 ("[PATCH] USB: sisusb[vga] update")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Winischhofer <thomas@winischhofer.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-usb@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201019101109.603244207@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8010622c86 upstream.
UAS does not share the pessimistic assumption storage is making that
devices cannot deal with WRITE_SAME. A few devices supported by UAS,
are reported to not deal well with WRITE_SAME. Those need a quirk.
Add it to the device that needs it.
Reported-by: David C. Partridge <david.partridge@perdrix.co.uk>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201209152639.9195-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5a8e3229ac upstream.
Intel Maple Ridge is successor of Titan Ridge Thunderbolt controller. As
Titan Ridge this one also includes xHCI host controller. In order to
safe energy we should put it to low power state by default when idle.
For this reason allow host runtime PM for Maple Ridge.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20201208092912.1773650-5-mathias.nyman@linux.intel.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c4d1ca05b8 upstream.
The xHCI controller on Alpine Ridge LP keeps the whole Thunderbolt
controller awake if the host controller is not allowed to sleep.
This is the case even if no USB devices are connected to the host.
Add the Intel Alpine Ridge LP product-id to the list of product-ids
for which we allow runtime PM by default.
Fixes: 2815ef7fe4 ("xhci-pci: allow host runtime PM as default for Intel Alpine and Titan Ridge")
Cc: <stable@vger.kernel.org>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20201208092912.1773650-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bac1ec5514 upstream.
This commit uses the private data passed by parent device
to set the quirk for Synopsys xHC. This patch fixes the
SNPS xHC hang issue when the data is scattered across
small buffers which does not make atleast MPS size for
given TRB cache size of SNPS xHC.
Signed-off-by: Tejas Joglekar <joglekar@synopsys.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20201208092912.1773650-2-mathias.nyman@linux.intel.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c1373f1047 upstream.
If a USB2 device wakeup is not enabled/supported the link state may
still be in U0 in xhci_bus_suspend(), where it's then manually put
to suspended U3 state.
Just as with selective suspend the device needs time to enter U3
suspend before continuing with further suspend operations
(e.g. system suspend), otherwise we may enter system suspend with link
state in U0.
[commit message rewording -Mathias]
Cc: <stable@vger.kernel.org>
Signed-off-by: Li Jun <jun.li@nxp.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20201208092912.1773650-6-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c6dde8ffd0 upstream.
The current channel-map control implementation in USB-audio driver may
lead to an error message like
"control 3:0:0:Playback Channel Map:0: access overflow"
when CONFIG_SND_CTL_VALIDATION is set. It's because the chmap get
callback clears the whole array no matter which count is set, and
rather the false-positive detection.
This patch fixes the problem by clearing only the needed array range
at usb_chmap_ctl_get().
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201211130048.6358-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 08a02f954b upstream.
I got reports that some models of this old scanner need
this when using runtime PM.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201207130323.23857-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e90cfa813d upstream.
This error path
err_add_pdata:
for (i = 0; i < mod_data.num; i++)
kfree(dum[i]);
can be triggered when not all dum's elements are initialized.
Fix this by initializing all dum's elements to NULL.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Link: https://lore.kernel.org/r/1607063090-3426-1-git-send-email-minhquangbui99@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 170f4869e6 upstream.
The logic for truncating the log file for emailing based on the
MAIL_MAX_SIZE option is confusing and incorrect. Simplify it and have the
tail of the log file truncated to the max size specified in the config.
Cc: stable@vger.kernel.org
Fixes: 855d8abd2e ("ktest.pl: Change the logic to control the size of the log file emailed")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8cd6bc0359 upstream.
If the size of the error log is too big to send via email, and the sending
fails, it wont email any result. This can be confusing for the user who is
waiting for an email on the completion of the tests.
If it fails to send email, then try again without the log file stating that
it failed to send an email. Obviously this will not be of use if the sending
of email failed for some other reasons, but it will at least give the user
some information when it fails for the most common reason.
Cc: stable@vger.kernel.org
Fixes: c2d84ddb33 ("ktest.pl: Add MAIL_COMMAND option to define how to send email")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0032ce0f85 upstream.
ptrace_get_syscall_info() is potentially copying uninitialized stack
memory to userspace, since the compiler may leave a 3-byte hole near the
beginning of `info`. Fix it by adding a padding field to `struct
ptrace_syscall_info`.
Fixes: 201766a20e ("ptrace: add PTRACE_GET_SYSCALL_INFO request")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200801152044.230416-1-yepeilin.cs@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Individual cpus may not support 32 bit apps in a mixed 32/64 bit
system. Enable the ASSYMETRIC_AARCH32 config option for arm64
in GKI, to support mixed architectures.
Bug: 175831712
Change-Id: Idae5b4ca869c39ad903f620a2e14f7b04e3a7686
Signed-off-by: Stephen Dickey <dickey@codeaurora.org>
On architectures that support the preservation of memblock metadata
after __init, allow drivers to call memblock_free() to free a
reservation made by early arch code. This is a hack to support the
freeing of bootsplash reservations passed to Linux by the bootloader.
(This should be reworked in future versions of Android; do not
cherry-pick this patch forward.)
Bug: 139653858
Bug: 174620135
Change-Id: I32c0ee70c33c94deff70aa548896caa9978396fb
Signed-off-by: Alistair Delva <adelva@google.com>
Export the per-cpu thermal_pressure symbol so that vendor
module can use arch_scale_thermal_pressure() API.
Bug: 175847109
Change-Id: I33a6994ac62cab883b788a5b4d57ac7a6b736971
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Export irq_handle_entry tracepoint, so that vendor modules
can register probes for this tracepoint.
Bug: 175806230
Change-Id: Iacc331f923d27f1a17065d6c0315c0c054af313e
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
This reverts commit db102bc6be ("ANDROID: GKI: Enable
CONFIG_USB_XHCI_HCD") until vendor code which contrbutes to these
drivers is removed.
Bug: 175625342
Bug: 175743419
Change-Id: I74f33dd54a8f4c498f0311990faa4f2b3524b37b
Signed-off-by: Elliot Berman <eberman@codeaurora.org>
Add a per-transaction flag to indicate that the buffer
must be cleared when the transaction is complete to
prevent copies of sensitive data from being preserved
in memory.
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20201120233743.3617529-1-tkjos@google.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 171501513
Change-Id: Ic9338c85cbe3b11ab6f2bda55dce9964bb48447a
(cherry picked from commit 0f966cba95)
Signed-off-by: Todd Kjos <tkjos@google.com>
This reverts commit b3fd6681f2 ("ANDROID: db845c_gki.fragment: Drop
CONFIG_USB_DWC3 from config frament") until vendor code which
contributes to these drivers is removed.
Bug: 175625342
Bug: 175742587
Change-Id: Ie5029527ed9b55d99d1aa0cde6e7928d124079ea
Signed-off-by: Elliot Berman <eberman@codeaurora.org>
This reverts commit 42d1d3ffd7 ("ANDROID: GKI: enable CONFIG_USB_DWC3
to be build in") until vendor code which contributes to these drivers is
removed.
Bug: 175625342
Bug: 175742587
Change-Id: Id4d0edcbefced412dc2718c4936b5ba0cf0b2211
Signed-off-by: Elliot Berman <eberman@codeaurora.org>
Every Qcom Adreno GPU has an embedded SMMU for its own use. These
devices depend on unique features such as split pagetables,
different stall/halt requirements and other settings. Identify them
with a compatible string so that they can be identified in the
arm-smmu implementation specific code.
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Rob Herring <robh@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20201109184728.2463097-4-jcrouse@codeaurora.org
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 171993060
(cherry picked from commit a29bbb0861
git: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git)
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I50456cab994091857a20d410bf6e6e29343fc488
Add a special implementation for the SMMU attached to most Adreno GPU
target triggered from the qcom,adreno-smmu compatible string.
The new Adreno SMMU implementation will enable split pagetables
(TTBR1) for the domain attached to the GPU device (SID 0) and
hard code it context bank 0 so the GPU hardware can implement
per-instance pagetables.
Co-developed-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20201109184728.2463097-2-jcrouse@codeaurora.org
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 171993060
(cherry picked from commit 5c7469c66f
git: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git)
[required manual merging in arm-smmu-qcom.c]
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I02e24165f5131d5b6becaf749b2583e2d5a2d5db
So downstream boards can select it. It is needed by some virtio drivers
like virtio-gpu. We can't put this in init/Kconfig.gki because we don't
want to enable VIRTIO options in GKI if they can be tristate.
Bug: 175707513
Change-Id: Ic8f7b0aa0ed6e9c74cda08d96eb30507d6886275
Signed-off-by: Alistair Delva <adelva@google.com>
With LTO, upstream prefers to generate __mcount_loc sections with
objtool, which depends on libelf-dev that's not available in the CI.
Disable DYNAMIC_FTRACE from allmodconfig builds temporarily to work
around the problem.
Bug: 140224784
Bug: 145210207
Change-Id: I42ae99ab0a32ca3e7dcec6eae5a3e5df4b23f0d3
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Pass code model and stack alignment to the linker as these are not
stored in LLVM bitcode, and allow CONFIG_LTO_CLANG* to be enabled.
Bug: 145210207
Change-Id: I50055b0be4fdf9f93b770d8b651f8c54dbda584e
Link: https://lore.kernel.org/lkml/20201013003203.4168817-26-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Disable LTO for the vDSO. Note that while we could use Clang's LTO
for the 64-bit vDSO, it won't add noticeable benefit for the small
amount of C code.
Bug: 145210207
Change-Id: I97df448374c6ee44920c92db361551728562178a
Link: https://lore.kernel.org/lkml/20201013003203.4168817-24-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
With LTO, LLVM bitcode won't be compiled into native code until
modpost_link, or modfinal for modules. This change postpones calls
to objtool until after these steps, and moves objtool_args to
Makefile.lib, so the arguments can be reused in Makefile.modfinal.
As we didn't have objects to process earlier, we use --duplicate
when processing vmlinux.o. This change also disables unreachable
instruction warnings with LTO to avoid warnings about the int3
padding between functions.
Bug: 145210207
Change-Id: I72615f7062d218bf612a5d929f2efb75a18538dd
Link: https://lore.kernel.org/lkml/20201013003203.4168817-12-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
This change adds a --noinstr flag to objtool to allow us to specify
that we're processing vmlinux.o without also enabling noinstr
validation. This is needed to avoid false positives with LTO when we
run objtool on vmlinux.o without CONFIG_DEBUG_ENTRY.
Bug: 145210207
Change-Id: I479c72d2733844d2059253035391a0c6e8ad7771
Link: https://lore.kernel.org/lkml/20201013003203.4168817-11-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Select HAVE_OBJTOOL_MCOUNT if STACK_VALIDATION is selected to use
objtool to generate __mcount_loc sections for dynamic ftrace with
Clang and gcc <5 (later versions of gcc use -mrecord-mcount).
Bug: 145210207
Change-Id: I73f2ead54f21d5f32346c33071fce2d2d87f39fa
Link: https://lore.kernel.org/lkml/20201013003203.4168817-7-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
With LTO, we run objtool on vmlinux.o, but don't want noinstr
validation. This change requires --vmlinux to be passed to objtool
explicitly.
Bug: 145210207
Change-Id: Ibfd814126df6b3d1a52f5461f2e5aac1377b02c9
Link: https://lore.kernel.org/lkml/20201013003203.4168817-4-samitolvanen@google.com/
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
When objtool generates relocations for the __mcount_loc section, it
tries to reference __fentry__ calls by their section symbol offset.
However, this fails with Clang's integrated assembler as it may not
generate section symbols for every section. This patch looks up a
function symbol instead if the section symbol is missing, similarly
to commit e81e072443 ("objtool: Support Clang non-section symbols
in ORC generation").
Bug: 145210207
Change-Id: I1069c45a81a3b60eb8f8333581c379701145982f
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Add the --mcount option for generating __mcount_loc sections
needed for dynamic ftrace. Using this pass requires the kernel to
be compiled with -mfentry and CC_USING_NOP_MCOUNT to be defined
in Makefile.
Bug: 145210207
Change-Id: I34eeeb00c184bf265391549094fc15525536886b
Link: https://lore.kernel.org/lkml/20200625200235.GQ4781@hirez.programming.kicks-ass.net/
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
[Sami: rebased, dropped config changes, fixed to actually use --mcount,
and wrote a commit message.]
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
DYNAMIC_FTRACE_WITH_REGS uses -fpatchable-function-entry, which makes
running recordmcount unnecessary as there are no mcount calls in object
files, and __mcount_loc doesn't need to be generated.
While there's normally no harm in running recordmcount even when it's
not strictly needed, this won't work with LTO as we have LLVM bitcode
instead of ELF objects.
This change selects FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY, which
disables recordmcount when patchable function entries are used instead.
Bug: 145210207
Change-Id: Ifd57e2dabc70de5f202abd4b84e06e283657bd1d
Link: https://lore.kernel.org/lkml/20201211184633.3213045-16-samitolvanen@google.com/
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Will Deacon <will@kernel.org>
