1. 17 May, 2022 3 commits
    • Kees Cook's avatar
      lkdtm/heap: Hide allocation size from -Warray-bounds · f260fd59
      Kees Cook authored
      With the kmalloc() size annotations, GCC is smart enough to realize that
      LKDTM is intentionally writing past the end of the buffer. This is on
      purpose, of course, so hide the buffer from the optimizer. Silences:
      
      ../drivers/misc/lkdtm/heap.c: In function 'lkdtm_SLAB_LINEAR_OVERFLOW':
      ../drivers/misc/lkdtm/heap.c:59:13: warning: array subscript 256 is outside array bounds of 'void[1020]' [-Warray-bounds]
         59 |         data[1024 / sizeof(u32)] = 0x12345678;
            |         ~~~~^~~~~~~~~~~~~~~~~~~~
      In file included from ../drivers/misc/lkdtm/heap.c:7:
      In function 'kmalloc',
          inlined from 'lkdtm_SLAB_LINEAR_OVERFLOW' at ../drivers/misc/lkdtm/heap.c:54:14:
      ../include/linux/slab.h:581:24: note: at offset 1024 into object of size 1020 allocated by 'kmem_cache_alloc_trace'
        581 |                 return kmem_cache_alloc_trace(
            |                        ^~~~~~~~~~~~~~~~~~~~~~~
        582 |                                 kmalloc_caches[kmalloc_type(flags)][index],
            |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        583 |                                 flags, size);
            |                                 ~~~~~~~~~~~~
      
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      f260fd59
    • Muhammad Usama Anjum's avatar
      selftests/lkdtm: Add configs for stackleak and "after free" tests · 38c84c99
      Muhammad Usama Anjum authored
      Add config options which are needed for LKDTM sub-tests:
      STACKLEAK_ERASING test needs GCC_PLUGIN_STACKLEAK config.
      READ_AFTER_FREE and READ_BUDDY_AFTER_FREE tests need
      INIT_ON_FREE_DEFAULT_ON config.
      Signed-off-by: default avatarMuhammad Usama Anjum <usama.anjum@collabora.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20220517132932.1484719-1-usama.anjum@collabora.com
      38c84c99
    • Kees Cook's avatar
      lkdtm/usercopy: Check vmalloc and >0-order folios · fc34eec6
      Kees Cook authored
      Add coverage for the recently added usercopy checks for vmalloc and
      folios, via USERCOPY_VMALLOC and USERCOPY_FOLIO respectively.
      
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      fc34eec6
  2. 12 May, 2022 1 commit
    • Kees Cook's avatar
      lkdtm/usercopy: Rename "heap" to "slab" · d2b8060f
      Kees Cook authored
      To more clearly distinguish between the various heap types, rename the
      slab tests to "slab".
      
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: linux-kselftest@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      d2b8060f
  3. 27 Apr, 2022 1 commit
  4. 16 Apr, 2022 1 commit
    • Kees Cook's avatar
      lkdtm: Add CFI_BACKWARD to test ROP mitigations · 2e53b877
      Kees Cook authored
      In order to test various backward-edge control flow integrity methods,
      add a test that manipulates the return address on the stack. Currently
      only arm64 Pointer Authentication and Shadow Call Stack is supported.
      
       $ echo CFI_BACKWARD | cat >/sys/kernel/debug/provoke-crash/DIRECT
      
      Under SCS, successful test of the mitigation is reported as:
      
       lkdtm: Performing direct entry CFI_BACKWARD
       lkdtm: Attempting unchecked stack return address redirection ...
       lkdtm: ok: redirected stack return address.
       lkdtm: Attempting checked stack return address redirection ...
       lkdtm: ok: control flow unchanged.
      
      Under PAC, successful test of the mitigation is reported by the PAC
      exception handler:
      
       lkdtm: Performing direct entry CFI_BACKWARD
       lkdtm: Attempting unchecked stack return address redirection ...
       lkdtm: ok: redirected stack return address.
       lkdtm: Attempting checked stack return address redirection ...
       Unable to handle kernel paging request at virtual address bfffffc0088d0514
       Mem abort info:
         ESR = 0x86000004
         EC = 0x21: IABT (current EL), IL = 32 bits
         SET = 0, FnV = 0
         EA = 0, S1PTW = 0
         FSC = 0x04: level 0 translation fault
       [bfffffc0088d0514] address between user and kernel address ranges
       ...
      
      If the CONFIGs are missing (or the mitigation isn't working), failure
      is reported as:
      
       lkdtm: Performing direct entry CFI_BACKWARD
       lkdtm: Attempting unchecked stack return address redirection ...
       lkdtm: ok: redirected stack return address.
       lkdtm: Attempting checked stack return address redirection ...
       lkdtm: FAIL: stack return address was redirected!
       lkdtm: This is probably expected, since this kernel was built *without* CONFIG_ARM64_PTR_AUTH_KERNEL=y nor CONFIG_SHADOW_CALL_STACK=y
      Co-developed-by: default avatarDan Li <ashimida@linux.alibaba.com>
      Signed-off-by: default avatarDan Li <ashimida@linux.alibaba.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/lkml/20220416001103.1524653-1-keescook@chromium.org
      2e53b877
  5. 12 Apr, 2022 5 commits
  6. 11 Apr, 2022 1 commit
  7. 10 Apr, 2022 13 commits
    • Linus Torvalds's avatar
      Merge tag 'tty-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 8b57b304
      Linus Torvalds authored
      Pull serial driver fix from Greg KH:
       "This is a single serial driver fix for a build issue that showed up
        due to changes that came in through the tty tree in 5.18-rc1 that were
        missed previously. It resolves a build error with the mpc52xx_uart
        driver.
      
        It has been in linux-next this week with no reported problems"
      
      * tag 'tty-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: serial: mpc52xx_uart: make rx/tx hooks return unsigned, part II.
      8b57b304
    • Linus Torvalds's avatar
      Merge tag 'staging-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 95aa17c3
      Linus Torvalds authored
      Pull staging driver fix from Greg KH:
       "Here is a single staging driver fix for 5.18-rc2 that resolves an
        endian issue for the r8188eu driver. It has been in linux-next all
        this week with no reported problems"
      
      * tag 'staging-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: r8188eu: Fix PPPoE tag insertion on little endian systems
      95aa17c3
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.18-rc2' of... · 33563138
      Linus Torvalds authored
      Merge tag 'driver-core-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core updates from Greg KH:
       "Here are two small driver core changes for 5.18-rc2.
      
        They are the final bits in the removal of the default_attrs field in
        struct kobj_type. I had to wait until after 5.18-rc1 for all of the
        changes to do this came in through different development trees, and
        then one new user snuck in. So this series has two changes:
      
         - removal of the default_attrs field in the powerpc/pseries/vas code.
      
           The change has been acked by the PPC maintainers to come through
           this tree
      
         - removal of default_attrs from struct kobj_type now that all
           in-kernel users are removed.
      
           This cleans up the kobject code a little bit and removes some
           duplicated functionality that confused people (now there is only
           one way to do default groups)
      
        Both of these have been in linux-next for all of this week with no
        reported problems"
      
      * tag 'driver-core-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kobject: kobj_type: remove default_attrs
        powerpc/pseries/vas: use default_groups in kobj_type
      33563138
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · f58d3410
      Linus Torvalds authored
      Pull char/misc driver fix from Greg KH:
       "A single driver fix. It resolves the build warning issue on 32bit
        systems in the habannalabs driver that came in during the 5.18-rc1
        merge cycle.
      
        It has been in linux-next for all this week with no reported problems"
      
      * tag 'char-misc-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        habanalabs: Fix test build failures
      f58d3410
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 4ea3c642
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix KVM "lost kick" race, where an attempt to pull a vcpu out of the
         guest could be lost (or delayed until the next guest exit).
      
       - Disable SCV (system call vectored) when PR KVM guests could be run.
      
       - Fix KVM PR guests using SCV, by disallowing AIL != 0 for KVM PR
         guests.
      
       - Add a new KVM CAP to indicate if AIL == 3 is supported.
      
       - Fix a regression when hotplugging a CPU to a memoryless/cpuless node.
      
       - Make virt_addr_valid() stricter for 64-bit Book3E & 32-bit, which
         fixes crashes seen due to hardened usercopy.
      
       - Revert a change to max_mapnr which broke HIGHMEM.
      
      Thanks to Christophe Leroy, Fabiano Rosas, Kefeng Wang, Nicholas Piggin,
      and Srikar Dronamraju.
      
      * tag 'powerpc-5.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        Revert "powerpc: Set max_mapnr correctly"
        powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
        KVM: PPC: Move kvmhv_on_pseries() into kvm_ppc.h
        powerpc/numa: Handle partially initialized numa nodes
        powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S
        KVM: PPC: Use KVM_CAP_PPC_AIL_MODE_3
        KVM: PPC: Book3S PR: Disallow AIL != 0
        KVM: PPC: Book3S PR: Disable SCV when AIL could be disabled
        KVM: PPC: Book3S HV P9: Fix "lost kick" race
      4ea3c642
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2022-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1519610b
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of interrupt chip driver fixes:
      
         - A fix for a long standing bug in the ARM GICv3 redistributor
           polling which uses the wrong bit number to test.
      
         - Prevent translation of bogus ACPI table entries which map device
           interrupts into the IPI space on ARM GICs.
      
         - Don't write into the pending register of ARM GICV4 before the scan
           in hardware has completed.
      
         - A set of build and correctness fixes for the Qualcomm MPM driver"
      
      * tag 'irq-urgent-2022-04-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic, gic-v3: Prevent GSI to SGI translations
        irqchip/gic-v3: Fix GICR_CTLR.RWP polling
        irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling
        irqchip/irq-qcom-mpm: fix return value check in qcom_mpm_init()
        irq/qcom-mpm: Fix build error without MAILBOX
      1519610b
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9c6913b7
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - Fix the MSI message data struct definition
      
       - Use local labels in the exception table macros to avoid symbol
         conflicts with clang LTO builds
      
       - A couple of fixes to objtool checking of the relatively newly added
         SLS and IBT code
      
       - Rename a local var in the WARN* macro machinery to prevent shadowing
      
      * tag 'x86_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/msi: Fix msi message data shadow struct
        x86/extable: Prefer local labels in .set directives
        x86,bpf: Avoid IBT objtool warning
        objtool: Fix SLS validation for kcov tail-call replacement
        objtool: Fix IBT tail-call detection
        x86/bug: Prevent shadowing in __WARN_FLAGS
        x86/mm/tlb: Revert retpoline avoidance approach
      9c6913b7
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b51f86e9
      Linus Torvalds authored
      Pull perf fixes from Borislav Petkov:
      
       - A couple of fixes to cgroup-related handling of perf events
      
       - A couple of fixes to event encoding on Sapphire Rapids
      
       - Pass event caps of inherited events so that perf doesn't fail wrongly
         at fork()
      
       - Add support for a new Raptor Lake CPU
      
      * tag 'perf_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Always set cpuctx cgrp when enable cgroup event
        perf/core: Fix perf_cgroup_switch()
        perf/core: Use perf_cgroup_info->active to check if cgroup is active
        perf/core: Don't pass task around when ctx sched in
        perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids
        perf/x86/intel: Don't extend the pseudo-encoding to GP counters
        perf/core: Inherit event_caps
        perf/x86/uncore: Add Raptor Lake uncore support
        perf/x86/msr: Add Raptor Lake CPU support
        perf/x86/cstate: Add Raptor Lake support
        perf/x86: Add Intel Raptor Lake support
      b51f86e9
    • Linus Torvalds's avatar
      Merge tag 'locking_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 50c94de6
      Linus Torvalds authored
      Pull locking fixes from Borislav Petkov:
      
       - Allow the compiler to optimize away unused percpu accesses and change
         the local_lock_* macros back to inline functions
      
       - A couple of fixes to static call insn patching
      
      * tag 'locking_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        Revert "mm/page_alloc: mark pagesets as __maybe_unused"
        Revert "locking/local_lock: Make the empty local_lock_*() function a macro."
        x86/percpu: Remove volatile from arch_raw_cpu_ptr().
        static_call: Remove __DEFINE_STATIC_CALL macro
        static_call: Properly initialise DEFINE_STATIC_CALL_RET0()
        static_call: Don't make __static_call_return0 static
        x86,static_call: Fix __static_call_return0 for i386
      50c94de6
    • Linus Torvalds's avatar
      Merge tag 'sched_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7136849e
      Linus Torvalds authored
      Pull scheduler fixes from Borislav Petkov:
      
       - Use the correct static key checking primitive on the IRQ exit path
      
       - Two fixes for the new forceidle balancer
      
      * tag 'sched_urgent_for_v5.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        entry: Fix compile error in dynamic_irqentry_exit_cond_resched()
        sched: Teach the forced-newidle balancer about CPU affinity limitation.
        sched/core: Fix forceidle balancing
      7136849e
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.18-2022-04-09' of... · 1862a69c
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.18-2022-04-09' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix the clang command line option probing and remove some options to
         filter out, fixing the build with the latest clang versions
      
       - Fix 'perf bench' futex and epoll benchmarks to deal with machines
         with more than 1K CPUs
      
       - Fix 'perf test tsc' error message when not supported
      
       - Remap perf ring buffer if there is no space for event, fixing perf
         usage in 32-bit ChromeOS
      
       - Drop objdump stderr to avoid getting stuck waiting for stdout output
         in 'perf annotate'
      
       - Fix up garbled output by now showing unwind error messages when
         augmenting frame in best effort mode
      
       - Fix perf's libperf_print callback, use the va_args eprintf() variant
      
       - Sync vhost and arm64 cputype headers with the kernel sources
      
       - Fix 'perf report --mem-mode' with ARM SPE
      
       - Add missing external commands ('iiostat', etc) to 'perf --list-cmds'
      
      * tag 'perf-tools-fixes-for-v5.18-2022-04-09' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf annotate: Drop objdump stderr to avoid getting stuck waiting for stdout output
        perf tools: Add external commands to list-cmds
        perf docs: Add perf-iostat link to manpages
        perf session: Remap buf if there is no space for event
        perf bench: Fix epoll bench to correct usage of affinity for machines with #CPUs > 1K
        perf bench: Fix futex bench to correct usage of affinity for machines with #CPUs > 1K
        perf tools: Fix perf's libperf_print callback
        perf: arm-spe: Fix perf report --mem-mode
        perf unwind: Don't show unwind error messages when augmenting frame pointer stack
        tools headers arm64: Sync arm64's cputype.h with the kernel sources
        perf test tsc: Fix error message when not supported
        perf build: Don't use -ffat-lto-objects in the python feature test when building with clang-13
        perf python: Fix probing for some clang command line options
        tools build: Filter out options and warnings not supported by clang
        tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
        tools include UAPI: Sync linux/vhost.h with the kernel sources
      1862a69c
    • Linus Torvalds's avatar
      Merge tag 'cxl+nvdimm-for-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 94a4c2bb
      Linus Torvalds authored
      Pull cxl and nvdimm fixes from Dan Williams:
      
       - Fix a compile error in the nvdimm unit tests
      
       - Fix a shadowed variable warning in the CXL PCI driver
      
      * tag 'cxl+nvdimm-for-5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        cxl/pci: Drop shadowed variable
        tools/testing/nvdimm: Fix security_init() symbol collision
      94a4c2bb
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · fa3b895d
      Linus Torvalds authored
      Pull gpio fix from Bartosz Golaszewski:
      
       - fix a race condition with consumers accessing the fields of GPIO IRQ
         chips before they're fully initialized
      
      * tag 'gpio-fixes-for-v5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: Restrict usage of GPIO chip irq members before initialization
      fa3b895d
  8. 09 Apr, 2022 15 commits