linux-stable.git/arch/xtensa/kernel, branch v5.13.2 Linux kernel stable tree sched/core: Initialize the idle task with preemption disabled 2021-07-14T15:06:21+00:00 Valentin Schneider valentin.schneider@arm.com 2021-05-12T09:46:36+00:00 24c79a7e54ccfa29fb8cbf7ed8d1e48ff1ec6e3d [ Upstream commit f1a0a376ca0c4ef1fc3d24e3e502acbb5b795674 ] As pointed out by commit de9b8f5dcbd9 ("sched: Fix crash trying to dequeue/enqueue the idle thread") init_idle() can and will be invoked more than once on the same idle task. At boot time, it is invoked for the boot CPU thread by sched_init(). Then smp_init() creates the threads for all the secondary CPUs and invokes init_idle() on them. As the hotplug machinery brings the secondaries to life, it will issue calls to idle_thread_get(), which itself invokes init_idle() yet again. In this case it's invoked twice more per secondary: at _cpu_up(), and at bringup_cpu(). Given smp_init() already initializes the idle tasks for all *possible* CPUs, no further initialization should be required. Now, removing init_idle() from idle_thread_get() exposes some interesting expectations with regards to the idle task's preempt_count: the secondary startup always issues a preempt_disable(), requiring some reset of the preempt count to 0 between hot-unplug and hotplug, which is currently served by idle_thread_get() -> idle_init(). Given the idle task is supposed to have preemption disabled once and never see it re-enabled, it seems that what we actually want is to initialize its preempt_count to PREEMPT_DISABLED and leave it there. Do that, and remove init_idle() from idle_thread_get(). Secondary startups were patched via coccinelle: @begone@ @@ -preempt_disable(); ... cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); Signed-off-by: Valentin Schneider <valentin.schneider@arm.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra <peterz@infradead.org> Link: https://lore.kernel.org/r/20210512094636.2958515-1-valentin.schneider@arm.com Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit f1a0a376ca0c4ef1fc3d24e3e502acbb5b795674 ]

As pointed out by commit

  de9b8f5dcbd9 ("sched: Fix crash trying to dequeue/enqueue the idle thread")

init_idle() can and will be invoked more than once on the same idle
task. At boot time, it is invoked for the boot CPU thread by
sched_init(). Then smp_init() creates the threads for all the secondary
CPUs and invokes init_idle() on them.

As the hotplug machinery brings the secondaries to life, it will issue
calls to idle_thread_get(), which itself invokes init_idle() yet again.
In this case it's invoked twice more per secondary: at _cpu_up(), and at
bringup_cpu().

Given smp_init() already initializes the idle tasks for all *possible*
CPUs, no further initialization should be required. Now, removing
init_idle() from idle_thread_get() exposes some interesting expectations
with regards to the idle task's preempt_count: the secondary startup always
issues a preempt_disable(), requiring some reset of the preempt count to 0
between hot-unplug and hotplug, which is currently served by
idle_thread_get() -> idle_init().

Given the idle task is supposed to have preemption disabled once and never
see it re-enabled, it seems that what we actually want is to initialize its
preempt_count to PREEMPT_DISABLED and leave it there. Do that, and remove
init_idle() from idle_thread_get().

Secondary startups were patched via coccinelle:

  @begone@
  @@

  -preempt_disable();
  ...
  cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);

Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20210512094636.2958515-1-valentin.schneider@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
quota: Disable quotactl_path syscall 2021-05-17T12:39:56+00:00 Jan Kara jack@suse.cz 2021-05-17T12:39:56+00:00 5b9fedb31e476693c90d8ee040e7d4c51b3e7cc4 In commit fa8b90070a80 ("quota: wire up quotactl_path") we have wired up new quotactl_path syscall. However some people in LWN discussion have objected that the path based syscall is missing dirfd and flags argument which is mostly standard for contemporary path based syscalls. Indeed they have a point and after a discussion with Christian Brauner and Sascha Hauer I've decided to disable the syscall for now and update its API. Since there is no userspace currently using that syscall and it hasn't been released in any major release, we should be fine. CC: Christian Brauner <christian.brauner@ubuntu.com> CC: Sascha Hauer <s.hauer@pengutronix.de> Link: https://lore.kernel.org/lkml/20210512153621.n5u43jsytbik4yze@wittgenstein Signed-off-by: Jan Kara <jack@suse.cz> 
In commit fa8b90070a80 ("quota: wire up quotactl_path") we have wired up
new quotactl_path syscall. However some people in LWN discussion have
objected that the path based syscall is missing dirfd and flags argument
which is mostly standard for contemporary path based syscalls. Indeed
they have a point and after a discussion with Christian Brauner and
Sascha Hauer I've decided to disable the syscall for now and update its
API. Since there is no userspace currently using that syscall and it
hasn't been released in any major release, we should be fine.

CC: Christian Brauner <christian.brauner@ubuntu.com>
CC: Sascha Hauer <s.hauer@pengutronix.de>
Link: https://lore.kernel.org/lkml/20210512153621.n5u43jsytbik4yze@wittgenstein
Signed-off-by: Jan Kara <jack@suse.cz>
Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2021-05-02T01:50:44+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-05-02T01:50:44+00:00 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 Pull Landlock LSM from James Morris: "Add Landlock, a new LSM from Mickaël Salaün. Briefly, Landlock provides for unprivileged application sandboxing. From Mickaël's cover letter: "The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]" The cover letter and v34 posting is here: https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/ See also: https://landlock.io/ This code has had extensive design discussion and review over several years" Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1] Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2] * tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: landlock: Enable user space to infer supported features landlock: Add user and kernel documentation samples/landlock: Add a sandbox manager example selftests/landlock: Add user space tests landlock: Add syscall implementations arch: Wire up Landlock syscalls fs,security: Add sb_delete hook landlock: Support filesystem access-control LSM: Infrastructure management of the superblock landlock: Add ptrace restrictions landlock: Set up the security framework and manage credentials landlock: Add ruleset and domain management landlock: Add object management 
Pull Landlock LSM from James Morris:
 "Add Landlock, a new LSM from Mickaël Salaün.

  Briefly, Landlock provides for unprivileged application sandboxing.

  From Mickaël's cover letter:
    "The goal of Landlock is to enable to restrict ambient rights (e.g.
     global filesystem access) for a set of processes. Because Landlock
     is a stackable LSM [1], it makes possible to create safe security
     sandboxes as new security layers in addition to the existing
     system-wide access-controls. This kind of sandbox is expected to
     help mitigate the security impact of bugs or unexpected/malicious
     behaviors in user-space applications. Landlock empowers any
     process, including unprivileged ones, to securely restrict
     themselves.

     Landlock is inspired by seccomp-bpf but instead of filtering
     syscalls and their raw arguments, a Landlock rule can restrict the
     use of kernel objects like file hierarchies, according to the
     kernel semantic. Landlock also takes inspiration from other OS
     sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
     Pledge/Unveil.

     In this current form, Landlock misses some access-control features.
     This enables to minimize this patch series and ease review. This
     series still addresses multiple use cases, especially with the
     combined use of seccomp-bpf: applications with built-in sandboxing,
     init systems, security sandbox tools and security-oriented APIs [2]"

  The cover letter and v34 posting is here:

      https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/

  See also:

      https://landlock.io/

  This code has had extensive design discussion and review over several
  years"

Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]

* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  landlock: Enable user space to infer supported features
  landlock: Add user and kernel documentation
  samples/landlock: Add a sandbox manager example
  selftests/landlock: Add user space tests
  landlock: Add syscall implementations
  arch: Wire up Landlock syscalls
  fs,security: Add sb_delete hook
  landlock: Support filesystem access-control
  LSM: Infrastructure management of the superblock
  landlock: Add ptrace restrictions
  landlock: Set up the security framework and manage credentials
  landlock: Add ruleset and domain management
  landlock: Add object management
Merge tag 'xtensa-20210429' of git://github.com/jcmvbkbc/linux-xtensa 2021-04-30T19:09:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-04-30T19:09:28+00:00 437d1a5b66ca60f209e25f469b395741cc10b731 Pull Xtensa updates from Max Filippov: - switch to generic syscall generation scripts - new GDBIO implementation for xtensa semihosting interface - various small code fixes and cleanups - a few typo fixes in comments and Kconfig help text * tag 'xtensa-20210429' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: ISS: add GDBIO implementation to semihosting interface xtensa: ISS: split simcall implementation from semihosting interface xtensa: simcall.h: Change compitible to compatible xtensa: Couple of typo fixes xtensa: drop extraneous register load from initialize_mmu xtensa: fix pgprot_noncached assumptions xtensa: simplify coherent_kvaddr logic xtensa: syscalls: switch to generic syscallhdr.sh xtensa: syscalls: switch to generic syscalltbl.sh xtensa: stop filling syscall array with sys_ni_syscall xtensa: remove unneeded export in boot-elf/Makefile xtensa: move CONFIG_CPU_*_ENDIAN defines to Kconfig xtensa: fix warning comparing pointer to 0 xtensa: fix spelling mistake in Kconfig "wont" -> "won't" 
Pull Xtensa updates from Max Filippov:

 - switch to generic syscall generation scripts

 - new GDBIO implementation for xtensa semihosting interface

 - various small code fixes and cleanups

 - a few typo fixes in comments and Kconfig help text

* tag 'xtensa-20210429' of git://github.com/jcmvbkbc/linux-xtensa:
  xtensa: ISS: add GDBIO implementation to semihosting interface
  xtensa: ISS: split simcall implementation from semihosting interface
  xtensa: simcall.h: Change compitible to compatible
  xtensa: Couple of typo fixes
  xtensa: drop extraneous register load from initialize_mmu
  xtensa: fix pgprot_noncached assumptions
  xtensa: simplify coherent_kvaddr logic
  xtensa: syscalls: switch to generic syscallhdr.sh
  xtensa: syscalls: switch to generic syscalltbl.sh
  xtensa: stop filling syscall array with sys_ni_syscall
  xtensa: remove unneeded export in boot-elf/Makefile
  xtensa: move CONFIG_CPU_*_ENDIAN defines to Kconfig
  xtensa: fix warning comparing pointer to 0
  xtensa: fix spelling mistake in Kconfig "wont" -> "won't"
Merge tag 'for_v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2021-04-29T17:51:29+00:00 Linus Torvalds torvalds@linux-foundation.org 2021-04-29T17:51:29+00:00 767fcbc80f63d7f08ff6c0858fe33583e6fdd327 Pull quota, ext2, reiserfs updates from Jan Kara: - support for path (instead of device) based quotactl syscall (quotactl_path(2)) - ext2 conversion to kmap_local() - other minor cleanups & fixes * tag 'for_v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fs/reiserfs/journal.c: delete useless variables fs/ext2: Replace kmap() with kmap_local_page() ext2: Match up ext2_put_page() with ext2_dotdot() and ext2_find_entry() fs/ext2/: fix misspellings using codespell tool quota: report warning limits for realtime space quotas quota: wire up quotactl_path quota: Add mountpath based quota support 
Pull quota, ext2, reiserfs updates from Jan Kara:

 - support for path (instead of device) based quotactl syscall
   (quotactl_path(2))

 - ext2 conversion to kmap_local()

 - other minor cleanups & fixes

* tag 'for_v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fs/reiserfs/journal.c: delete useless variables
  fs/ext2: Replace kmap() with kmap_local_page()
  ext2: Match up ext2_put_page() with ext2_dotdot() and ext2_find_entry()
  fs/ext2/: fix misspellings using codespell tool
  quota: report warning limits for realtime space quotas
  quota: wire up quotactl_path
  quota: Add mountpath based quota support
arch: Wire up Landlock syscalls 2021-04-22T19:22:11+00:00 Mickaël Salaün mic@linux.microsoft.com 2021-04-22T15:41:19+00:00 a49f4f81cb48925e8d7cbd9e59068f516e984144 Wire up the following system calls for all architectures: * landlock_create_ruleset(2) * landlock_add_rule(2) * landlock_restrict_self(2) Cc: Arnd Bergmann <arnd@arndb.de> Cc: James Morris <jmorris@namei.org> Cc: Jann Horn <jannh@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Link: https://lore.kernel.org/r/20210422154123.13086-10-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com> 
Wire up the following system calls for all architectures:
* landlock_create_ruleset(2)
* landlock_add_rule(2)
* landlock_restrict_self(2)

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210422154123.13086-10-mic@digikod.net
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
xtensa: Couple of typo fixes 2021-04-04T22:39:04+00:00 Bhaskar Chowdhury unixbhaskar@gmail.com 2021-03-25T04:08:32+00:00 e1532777cae340517f64d13a83138f6b8ad9f8b9 s/contans/contains/ s/desination/destination/ Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> Message-Id: <20210325040832.26018-1-unixbhaskar@gmail.com> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
s/contans/contains/
s/desination/destination/

Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Message-Id: <20210325040832.26018-1-unixbhaskar@gmail.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: syscalls: switch to generic syscallhdr.sh 2021-04-04T22:39:03+00:00 Masahiro Yamada masahiroy@kernel.org 2021-03-01T15:36:56+00:00 2da7559452504f8f8d9950708f293b636e483b21 Many architectures duplicate similar shell scripts. This commit converts xtensa to use scripts/syscallhdr.sh. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Message-Id: <20210301153656.363839-3-masahiroy@kernel.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Many architectures duplicate similar shell scripts.

This commit converts xtensa to use scripts/syscallhdr.sh.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Message-Id: <20210301153656.363839-3-masahiroy@kernel.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: syscalls: switch to generic syscalltbl.sh 2021-04-04T22:39:03+00:00 Masahiro Yamada masahiroy@kernel.org 2021-03-01T15:36:55+00:00 daf2618002356ee1bd2bd0231e251b3a1bffbb8f Many architectures duplicate similar shell scripts. This commit converts xtensa to use scripts/syscalltbl.sh. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Message-Id: <20210301153656.363839-2-masahiroy@kernel.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Many architectures duplicate similar shell scripts.

This commit converts xtensa to use scripts/syscalltbl.sh.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Message-Id: <20210301153656.363839-2-masahiroy@kernel.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: stop filling syscall array with sys_ni_syscall 2021-04-04T22:39:02+00:00 Masahiro Yamada masahiroy@kernel.org 2021-03-01T15:36:54+00:00 8d949ae25bd0c18038c51e291cb4053dff5f0297 arch/xtensa/kernel/syscalls/syscalltbl.sh fills missing syscall numbers with sys_ni_syscall. So, the generated arch/xtensa/include/generated/asm/syscall_table.h has no hole. Hence, the line: [0 ... __NR_syscalls - 1] = (syscall_t)&sys_ni_syscall, is meaningless. The number of generated __SYSCALL() macros is the same as __NR_syscalls (this is 442 as of v5.11). Hence, the array size, [__NR_syscalls] is unneeded. The designated initializer, '[nr] =', is also unneeded. This file does not need to know __NR_syscalls. Drop the unneeded <asm/unistd.h> include directive. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Message-Id: <20210301153656.363839-1-masahiroy@kernel.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
arch/xtensa/kernel/syscalls/syscalltbl.sh fills missing syscall numbers
with sys_ni_syscall.

So, the generated arch/xtensa/include/generated/asm/syscall_table.h
has no hole.

Hence, the line:

  [0 ... __NR_syscalls - 1] = (syscall_t)&sys_ni_syscall,

is meaningless.

The number of generated __SYSCALL() macros is the same as __NR_syscalls
(this is 442 as of v5.11).

Hence, the array size, [__NR_syscalls] is unneeded.

The designated initializer, '[nr] =', is also unneeded.

This file does not need to know __NR_syscalls. Drop the unneeded
<asm/unistd.h> include directive.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Message-Id: <20210301153656.363839-1-masahiroy@kernel.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>