tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull more arm64 fixes from Will Deacon:

- fix application of read-only permissions to kernel section mappings

- sanitise reported ESR values for signals delivered on a kernel
address

- ensure tishift GCC helpers are exported to modules

- fix inline asm constraints for some LSE atomics

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Make sure permission updates happen for pmd/pud
arm64: fault: Don't leak data in ESR context for user fault on kernel VA
arm64: export tishift functions to modules
arm64: lse: Add early clobbers to some input/output asm operands

Linus Torvalds 62d18ecf b133ef6e

+83 -31
+12 -12
arch/arm64/include/asm/atomic_lse.h
··· 117 117 /* LSE atomics */ 118 118 " mvn %w[i], %w[i]\n" 119 119 " stclr %w[i], %[v]") 120 - : [i] "+r" (w0), [v] "+Q" (v->counter) 120 + : [i] "+&r" (w0), [v] "+Q" (v->counter) 121 121 : "r" (x1) 122 122 : __LL_SC_CLOBBERS); 123 123 } ··· 135 135 /* LSE atomics */ \ 136 136 " mvn %w[i], %w[i]\n" \ 137 137 " ldclr" #mb " %w[i], %w[i], %[v]") \ 138 - : [i] "+r" (w0), [v] "+Q" (v->counter) \ 138 + : [i] "+&r" (w0), [v] "+Q" (v->counter) \ 139 139 : "r" (x1) \ 140 140 : __LL_SC_CLOBBERS, ##cl); \ 141 141 \ ··· 161 161 /* LSE atomics */ 162 162 " neg %w[i], %w[i]\n" 163 163 " stadd %w[i], %[v]") 164 - : [i] "+r" (w0), [v] "+Q" (v->counter) 164 + : [i] "+&r" (w0), [v] "+Q" (v->counter) 165 165 : "r" (x1) 166 166 : __LL_SC_CLOBBERS); 167 167 } ··· 180 180 " neg %w[i], %w[i]\n" \ 181 181 " ldadd" #mb " %w[i], w30, %[v]\n" \ 182 182 " add %w[i], %w[i], w30") \ 183 - : [i] "+r" (w0), [v] "+Q" (v->counter) \ 183 + : [i] "+&r" (w0), [v] "+Q" (v->counter) \ 184 184 : "r" (x1) \ 185 185 : __LL_SC_CLOBBERS , ##cl); \ 186 186 \ ··· 207 207 /* LSE atomics */ \ 208 208 " neg %w[i], %w[i]\n" \ 209 209 " ldadd" #mb " %w[i], %w[i], %[v]") \ 210 - : [i] "+r" (w0), [v] "+Q" (v->counter) \ 210 + : [i] "+&r" (w0), [v] "+Q" (v->counter) \ 211 211 : "r" (x1) \ 212 212 : __LL_SC_CLOBBERS, ##cl); \ 213 213 \ ··· 314 314 /* LSE atomics */ 315 315 " mvn %[i], %[i]\n" 316 316 " stclr %[i], %[v]") 317 - : [i] "+r" (x0), [v] "+Q" (v->counter) 317 + : [i] "+&r" (x0), [v] "+Q" (v->counter) 318 318 : "r" (x1) 319 319 : __LL_SC_CLOBBERS); 320 320 } ··· 332 332 /* LSE atomics */ \ 333 333 " mvn %[i], %[i]\n" \ 334 334 " ldclr" #mb " %[i], %[i], %[v]") \ 335 - : [i] "+r" (x0), [v] "+Q" (v->counter) \ 335 + : [i] "+&r" (x0), [v] "+Q" (v->counter) \ 336 336 : "r" (x1) \ 337 337 : __LL_SC_CLOBBERS, ##cl); \ 338 338 \ ··· 358 358 /* LSE atomics */ 359 359 " neg %[i], %[i]\n" 360 360 " stadd %[i], %[v]") 361 - : [i] "+r" (x0), [v] "+Q" (v->counter) 361 + : [i] "+&r" (x0), [v] "+Q" (v->counter) 362 362 : "r" (x1) 363 363 : __LL_SC_CLOBBERS); 364 364 } ··· 377 377 " neg %[i], %[i]\n" \ 378 378 " ldadd" #mb " %[i], x30, %[v]\n" \ 379 379 " add %[i], %[i], x30") \ 380 - : [i] "+r" (x0), [v] "+Q" (v->counter) \ 380 + : [i] "+&r" (x0), [v] "+Q" (v->counter) \ 381 381 : "r" (x1) \ 382 382 : __LL_SC_CLOBBERS, ##cl); \ 383 383 \ ··· 404 404 /* LSE atomics */ \ 405 405 " neg %[i], %[i]\n" \ 406 406 " ldadd" #mb " %[i], %[i], %[v]") \ 407 - : [i] "+r" (x0), [v] "+Q" (v->counter) \ 407 + : [i] "+&r" (x0), [v] "+Q" (v->counter) \ 408 408 : "r" (x1) \ 409 409 : __LL_SC_CLOBBERS, ##cl); \ 410 410 \ ··· 435 435 " sub x30, x30, %[ret]\n" 436 436 " cbnz x30, 1b\n" 437 437 "2:") 438 - : [ret] "+r" (x0), [v] "+Q" (v->counter) 438 + : [ret] "+&r" (x0), [v] "+Q" (v->counter) 439 439 : 440 440 : __LL_SC_CLOBBERS, "cc", "memory"); 441 441 ··· 516 516 " eor %[old1], %[old1], %[oldval1]\n" \ 517 517 " eor %[old2], %[old2], %[oldval2]\n" \ 518 518 " orr %[old1], %[old1], %[old2]") \ 519 - : [old1] "+r" (x0), [old2] "+r" (x1), \ 519 + : [old1] "+&r" (x0), [old2] "+&r" (x1), \ 520 520 [v] "+Q" (*(unsigned long *)ptr) \ 521 521 : [new1] "r" (x2), [new2] "r" (x3), [ptr] "r" (x4), \ 522 522 [oldval1] "r" (oldval1), [oldval2] "r" (oldval2) \
+8
arch/arm64/kernel/arm64ksyms.c
··· 75 75 /* arm-smccc */ 76 76 EXPORT_SYMBOL(__arm_smccc_smc); 77 77 EXPORT_SYMBOL(__arm_smccc_hvc); 78 + 79 + /* tishift.S */ 80 + extern long long __ashlti3(long long a, int b); 81 + EXPORT_SYMBOL(__ashlti3); 82 + extern long long __ashrti3(long long a, int b); 83 + EXPORT_SYMBOL(__ashrti3); 84 + extern long long __lshrti3(long long a, int b); 85 + EXPORT_SYMBOL(__lshrti3);
+2 -13
arch/arm64/lib/tishift.S
··· 1 - /* 2 - * Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 1 + /* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) 3 2 * 4 - * This program is free software; you can redistribute it and/or modify 5 - * it under the terms of the GNU General Public License version 2 as 6 - * published by the Free Software Foundation. 7 - * 8 - * This program is distributed in the hope that it will be useful, 9 - * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 - * GNU General Public License for more details. 12 - * 13 - * You should have received a copy of the GNU General Public License 14 - * along with this program. If not, see <http://www.gnu.org/licenses/>. 3 + * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 15 4 */ 16 5 17 6 #include <linux/linkage.h>
+51
arch/arm64/mm/fault.c
··· 293 293 static void __do_user_fault(struct siginfo *info, unsigned int esr) 294 294 { 295 295 current->thread.fault_address = (unsigned long)info->si_addr; 296 + 297 + /* 298 + * If the faulting address is in the kernel, we must sanitize the ESR. 299 + * From userspace's point of view, kernel-only mappings don't exist 300 + * at all, so we report them as level 0 translation faults. 301 + * (This is not quite the way that "no mapping there at all" behaves: 302 + * an alignment fault not caused by the memory type would take 303 + * precedence over translation fault for a real access to empty 304 + * space. Unfortunately we can't easily distinguish "alignment fault 305 + * not caused by memory type" from "alignment fault caused by memory 306 + * type", so we ignore this wrinkle and just return the translation 307 + * fault.) 308 + */ 309 + if (current->thread.fault_address >= TASK_SIZE) { 310 + switch (ESR_ELx_EC(esr)) { 311 + case ESR_ELx_EC_DABT_LOW: 312 + /* 313 + * These bits provide only information about the 314 + * faulting instruction, which userspace knows already. 315 + * We explicitly clear bits which are architecturally 316 + * RES0 in case they are given meanings in future. 317 + * We always report the ESR as if the fault was taken 318 + * to EL1 and so ISV and the bits in ISS[23:14] are 319 + * clear. (In fact it always will be a fault to EL1.) 320 + */ 321 + esr &= ESR_ELx_EC_MASK | ESR_ELx_IL | 322 + ESR_ELx_CM | ESR_ELx_WNR; 323 + esr |= ESR_ELx_FSC_FAULT; 324 + break; 325 + case ESR_ELx_EC_IABT_LOW: 326 + /* 327 + * Claim a level 0 translation fault. 328 + * All other bits are architecturally RES0 for faults 329 + * reported with that DFSC value, so we clear them. 330 + */ 331 + esr &= ESR_ELx_EC_MASK | ESR_ELx_IL; 332 + esr |= ESR_ELx_FSC_FAULT; 333 + break; 334 + default: 335 + /* 336 + * This should never happen (entry.S only brings us 337 + * into this code for insn and data aborts from a lower 338 + * exception level). Fail safe by not providing an ESR 339 + * context record at all. 340 + */ 341 + WARN(1, "ESR 0x%x is not DABT or IABT from EL0\n", esr); 342 + esr = 0; 343 + break; 344 + } 345 + } 346 + 296 347 current->thread.fault_code = esr; 297 348 arm64_force_sig_info(info, esr_to_fault_info(esr)->name, current); 298 349 }
+10 -6
arch/arm64/mm/mmu.c
··· 933 933 { 934 934 pgprot_t sect_prot = __pgprot(PUD_TYPE_SECT | 935 935 pgprot_val(mk_sect_prot(prot))); 936 + pud_t new_pud = pfn_pud(__phys_to_pfn(phys), sect_prot); 936 937 937 - /* ioremap_page_range doesn't honour BBM */ 938 - if (pud_present(READ_ONCE(*pudp))) 938 + /* Only allow permission changes for now */ 939 + if (!pgattr_change_is_safe(READ_ONCE(pud_val(*pudp)), 940 + pud_val(new_pud))) 939 941 return 0; 940 942 941 943 BUG_ON(phys & ~PUD_MASK); 942 - set_pud(pudp, pfn_pud(__phys_to_pfn(phys), sect_prot)); 944 + set_pud(pudp, new_pud); 943 945 return 1; 944 946 } 945 947 ··· 949 947 { 950 948 pgprot_t sect_prot = __pgprot(PMD_TYPE_SECT | 951 949 pgprot_val(mk_sect_prot(prot))); 950 + pmd_t new_pmd = pfn_pmd(__phys_to_pfn(phys), sect_prot); 952 951 953 - /* ioremap_page_range doesn't honour BBM */ 954 - if (pmd_present(READ_ONCE(*pmdp))) 952 + /* Only allow permission changes for now */ 953 + if (!pgattr_change_is_safe(READ_ONCE(pmd_val(*pmdp)), 954 + pmd_val(new_pmd))) 955 955 return 0; 956 956 957 957 BUG_ON(phys & ~PMD_MASK); 958 - set_pmd(pmdp, pfn_pmd(__phys_to_pfn(phys), sect_prot)); 958 + set_pmd(pmdp, new_pmd); 959 959 return 1; 960 960 } 961 961