kernel/arch/arm/include/asm/ptrace.h, branch linux-rolling-stable

ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement

2024-04-18T11:10:46Z

With LPAE enabled, privileged no-access cannot be enforced using CPU domains as such feature is not available. This patch implements PAN by disabling TTBR0 page table walks while in kernel mode. The ARM architecture allows page table walks to be split between TTBR0 and TTBR1. With LPAE enabled, the split is defined by a combination of TTBCR T0SZ and T1SZ bits. Currently, an LPAE-enabled kernel uses TTBR0 for user addresses and TTBR1 for kernel addresses with the VMSPLIT_2G and VMSPLIT_3G configurations. The main advantage for the 3:1 split is that TTBR1 is reduced to 2 levels, so potentially faster TLB refill (though usually the first level entries are already cached in the TLB). The PAN support on LPAE-enabled kernels uses TTBR0 when running in user space or in kernel space during user access routines (TTBCR T0SZ and T1SZ are both 0). When running user accesses are disabled in kernel mode, TTBR0 page table walks are disabled by setting TTBCR.EPD0. TTBR1 is used for kernel accesses (including loadable modules; anything covered by swapper_pg_dir) by reducing the TTBCR.T0SZ to the minimum (2^(32-7) = 32MB). To avoid user accesses potentially hitting stale TLB entries, the ASID is switched to 0 (reserved) by setting TTBCR.A1 and using the ASID value in TTBR1. The difference from a non-PAN kernel is that with the 3:1 memory split, TTBR1 always uses 3 levels of page tables. As part of the change we are using preprocessor elif definied() clauses so balance these clauses by converting relevant precedingt ifdef clauses to if defined() clauses. Signed-off-by: Catalin Marinas Reviewed-by: Kees Cook Tested-by: Florian Fainelli Signed-off-by: Linus Walleij Signed-off-by: Russell King (Oracle)

ARM: 9354/1: ptrace: Use bitfield helpers

2024-03-11T15:48:10Z

The isa_mode() macro extracts two fields, and recombines them into a single value. Make this more obvious by using the FIELD_GET() helper, and shifting the result into its final resting place. Signed-off-by: Geert Uytterhoeven Reviewed-by: Oleg Nesterov Signed-off-by: Russell King (Oracle)

ARM: 9304/1: add prototype for function called only from asm

2023-06-19T08:35:52Z

When building with 'make W=1', the compiler warns about any function definition that does not come with a prototype in a header, to ensure it matches what the caller expects. This includes functions that are only ever caller from assembly code and don't technically need a declaration: arch/arm/kernel/ftrace.c:227:6: error: no previous prototype for 'prepare_ftrace_return' arch/arm/kernel/ptrace.c:850:16: error: no previous prototype for 'syscall_trace_enter' arch/arm/kernel/ptrace.c:878:17: error: no previous prototype for 'syscall_trace_exit' arch/arm/kernel/signal.c:601:1: error: no previous prototype for 'do_work_pending' arch/arm/kernel/signal.c:672:17: error: no previous prototype for 'do_rseq_syscall' arch/arm/kernel/suspend.c:75:6: error: no previous prototype for '__cpu_suspend_save' arch/arm/kernel/traps.c:451:17: error: no previous prototype for 'do_undefinstr' arch/arm/kernel/traps.c:516:39: error: no previous prototype for 'handle_fiq_as_nmi' arch/arm/kernel/traps.c:535:17: error: no previous prototype for 'bad_mode' arch/arm/kernel/traps.c:608:16: error: no previous prototype for 'arm_syscall' arch/arm/kernel/traps.c:734:1: error: no previous prototype for 'baddataabort' arch/arm/kernel/traps.c:774:17: error: no previous prototype for '__div0' arch/arm/kernel/traps.c:97:6: error: no previous prototype for 'dump_backtrace_stm' arch/arm/kernel/unwind.c:40:6: error: no previous prototype for '__aeabi_unwind_cpp_pr0' arch/arm/kernel/unwind.c:45:6: error: no previous prototype for '__aeabi_unwind_cpp_pr1' arch/arm/kernel/unwind.c:50:6: error: no previous prototype for '__aeabi_unwind_cpp_pr2' arch/arm/mm/fault.c:554:1: error: no previous prototype for 'do_DataAbort' arch/arm/mm/fault.c:584:1: error: no previous prototype for 'do_PrefetchAbort' arch/arm/mm/proc-v7-bugs.c:280:6: error: no previous prototype for 'cpu_v7_ca8_ibe' arch/arm/mm/proc-v7-bugs.c:293:6: error: no previous prototype for 'cpu_v7_bugs_init' arch/arm/vdso/vgettimeofday.c:36:6: error: no previous prototype for '__aeabi_unwind_cpp_pr0' arch/arm/vdso/vgettimeofday.c:40:6: error: no previous prototype for '__aeabi_unwind_cpp_pr1' arch/arm/vdso/vgettimeofday.c:44:6: error: no previous prototype for '__aeabi_unwind_cpp_pr2' arch/arm/vfp/vfpmodule.c:323:6: error: no previous prototype for 'VFP_bounce' Add the prototypes anyway, to allow enabling this warning by default in the future. Reviewed-by: Kees Cook Signed-off-by: Arnd Bergmann Signed-off-by: Russell King (Oracle)

ARM: 9279/1: support function error injection

2022-12-07T14:08:38Z

This enables HAVE_FUNCTION_ERROR_INJECTION by adding necessary regs_set_return_value() and override_function_with_return(). Simply tested according to Documentation/fault-injection/fault-injection.rst. Signed-off-by: Kefeng Wang Signed-off-by: Russell King (Oracle)

ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction

2022-07-06T21:44:49Z

After emulating a misaligned load or store issued in Thumb mode, we have to advance the IT state by hand, or it will get out of sync with the actual instruction stream, which means we'll end up applying the wrong condition code to subsequent instructions. This might corrupt the program state rather catastrophically. So borrow the it_advance() helper from the probing code, and use it on CPSR if the emulated instruction is Thumb. Cc: Reviewed-by: Linus Walleij Signed-off-by: Ard Biesheuvel Signed-off-by: Russell King (Oracle)

ARM: 9113/1: uaccess: remove set_fs() implementation

2021-08-20T10:39:27Z

There are no remaining callers of set_fs(), so just remove it along with all associated code that operates on thread_info->addr_limit. There are still further optimizations that can be done: - In get_user(), the address check could be moved entirely into the out of line code, rather than passing a constant as an argument, - I assume the DACR handling can be simplified as we now only change it during user access when CONFIG_CPU_SW_DOMAIN_PAN is set, but not during set_fs(). Acked-by: Christoph Hellwig Signed-off-by: Arnd Bergmann Signed-off-by: Russell King (Oracle)

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19T15:09:55Z

Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner Reviewed-by: Enrico Weigelt Reviewed-by: Kate Stewart Reviewed-by: Allison Randal Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman

linux/compiler.h: Split into compiler.h and compiler_types.h

2017-10-24T11:17:32Z

linux/compiler.h is included indirectly by linux/types.h via uapi/linux/types.h -> uapi/linux/posix_types.h -> linux/stddef.h -> uapi/linux/stddef.h and is needed to provide a proper definition of offsetof. Unfortunately, compiler.h requires a definition of smp_read_barrier_depends() for defining lockless_dereference() and soon for defining READ_ONCE(), which means that all users of READ_ONCE() will need to include asm/barrier.h to avoid splats such as: In file included from include/uapi/linux/stddef.h:1:0, from include/linux/stddef.h:4, from arch/h8300/kernel/asm-offsets.c:11: include/linux/list.h: In function 'list_empty': >> include/linux/compiler.h:343:2: error: implicit declaration of function 'smp_read_barrier_depends' [-Werror=implicit-function-declaration] smp_read_barrier_depends(); /* Enforce dependency ordering from x */ \ ^ A better alternative is to include asm/barrier.h in linux/compiler.h, but this requires a type definition for "bool" on some architectures (e.g. x86), which is defined later by linux/types.h. Type "bool" is also used directly in linux/compiler.h, so the whole thing is pretty fragile. This patch splits compiler.h in two: compiler_types.h contains type annotations, definitions and the compiler-specific parts, whereas compiler.h #includes compiler-types.h and additionally defines macros such as {READ,WRITE.ACCESS}_ONCE(). uapi/linux/stddef.h and linux/linkage.h are then moved over to include linux/compiler_types.h, which fixes the build for h8 and blackfin. Signed-off-by: Will Deacon Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1508840570-22169-2-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar

ARM: save and reset the address limit when entering an exception

2016-07-07T15:01:01Z

When we enter an exception, the current address limit should not apply to the exception context: if the exception context wishes to access kernel space via the user accessors (eg, perf code), it must explicitly request such access. Acked-by: Will Deacon Signed-off-by: Russell King

ARM: get rid of horrible (unsigned int )(regs + 1)

2016-06-22T18:55:05Z

Get rid of the horrible "*(unsigned int *)(regs + 1)" to get at the parent context domain access register value, instead using the newly introduced svc_pt_regs structure. Acked-by: Will Deacon Signed-off-by: Russell King