linux.git/arch/xtensa/kernel/entry.S, branch v4.19 Linux kernel source tree Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables 2018-06-14T03:21:18+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-06-14T03:21:18+00:00 050e9baa9dc9fbd9ce2b27f0056990fc9e0a08a0 The changes to automatically test for working stack protector compiler support in the Kconfig files removed the special STACKPROTECTOR_AUTO option that picked the strongest stack protector that the compiler supported. That was all a nice cleanup - it makes no sense to have the AUTO case now that the Kconfig phase can just determine the compiler support directly. HOWEVER. It also meant that doing "make oldconfig" would now _disable_ the strong stackprotector if you had AUTO enabled, because in a legacy config file, the sane stack protector configuration would look like CONFIG_HAVE_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_NONE is not set # CONFIG_CC_STACKPROTECTOR_REGULAR is not set # CONFIG_CC_STACKPROTECTOR_STRONG is not set CONFIG_CC_STACKPROTECTOR_AUTO=y and when you ran this through "make oldconfig" with the Kbuild changes, it would ask you about the regular CONFIG_CC_STACKPROTECTOR (that had been renamed from CONFIG_CC_STACKPROTECTOR_REGULAR to just CONFIG_CC_STACKPROTECTOR), but it would think that the STRONG version used to be disabled (because it was really enabled by AUTO), and would disable it in the new config, resulting in: CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_STRONG is not set CONFIG_CC_HAS_SANE_STACKPROTECTOR=y That's dangerously subtle - people could suddenly find themselves with the weaker stack protector setup without even realizing. The solution here is to just rename not just the old RECULAR stack protector option, but also the strong one. This does that by just removing the CC_ prefix entirely for the user choices, because it really is not about the compiler support (the compiler support now instead automatially impacts _visibility_ of the options to users). This results in "make oldconfig" actually asking the user for their choice, so that we don't have any silent subtle security model changes. The end result would generally look like this: CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y CONFIG_CC_HAS_SANE_STACKPROTECTOR=y where the "CC_" versions really are about internal compiler infrastructure, not the user selections. Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The changes to automatically test for working stack protector compiler
support in the Kconfig files removed the special STACKPROTECTOR_AUTO
option that picked the strongest stack protector that the compiler
supported.

That was all a nice cleanup - it makes no sense to have the AUTO case
now that the Kconfig phase can just determine the compiler support
directly.

HOWEVER.

It also meant that doing "make oldconfig" would now _disable_ the strong
stackprotector if you had AUTO enabled, because in a legacy config file,
the sane stack protector configuration would look like

  CONFIG_HAVE_CC_STACKPROTECTOR=y
  # CONFIG_CC_STACKPROTECTOR_NONE is not set
  # CONFIG_CC_STACKPROTECTOR_REGULAR is not set
  # CONFIG_CC_STACKPROTECTOR_STRONG is not set
  CONFIG_CC_STACKPROTECTOR_AUTO=y

and when you ran this through "make oldconfig" with the Kbuild changes,
it would ask you about the regular CONFIG_CC_STACKPROTECTOR (that had
been renamed from CONFIG_CC_STACKPROTECTOR_REGULAR to just
CONFIG_CC_STACKPROTECTOR), but it would think that the STRONG version
used to be disabled (because it was really enabled by AUTO), and would
disable it in the new config, resulting in:

  CONFIG_HAVE_CC_STACKPROTECTOR=y
  CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
  CONFIG_CC_STACKPROTECTOR=y
  # CONFIG_CC_STACKPROTECTOR_STRONG is not set
  CONFIG_CC_HAS_SANE_STACKPROTECTOR=y

That's dangerously subtle - people could suddenly find themselves with
the weaker stack protector setup without even realizing.

The solution here is to just rename not just the old RECULAR stack
protector option, but also the strong one.  This does that by just
removing the CC_ prefix entirely for the user choices, because it really
is not about the compiler support (the compiler support now instead
automatially impacts _visibility_ of the options to users).

This results in "make oldconfig" actually asking the user for their
choice, so that we don't have any silent subtle security model changes.
The end result would generally look like this:

  CONFIG_HAVE_CC_STACKPROTECTOR=y
  CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
  CONFIG_STACKPROTECTOR=y
  CONFIG_STACKPROTECTOR_STRONG=y
  CONFIG_CC_HAS_SANE_STACKPROTECTOR=y

where the "CC_" versions really are about internal compiler
infrastructure, not the user selections.

Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
xtensa: enable stack protector 2017-12-17T06:37:07+00:00 Max Filippov jcmvbkbc@gmail.com 2017-03-27T09:44:47+00:00 40d1a07b333ef1f7fce11ee20b8f4281d1a75fb9 The implementation is adopted from the ARM arch. GCC 7.3, 8 or newer is required for building the xtensa kernel with SSP. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
The implementation is adopted from the ARM arch. GCC 7.3, 8 or newer is
required for building the xtensa kernel with SSP.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: clean up fixups in assembly code 2017-12-10T22:48:53+00:00 Max Filippov jcmvbkbc@gmail.com 2017-12-10T05:18:47+00:00 0013aceb307482ba83a5b6a29f6ba1791be0d32b Remove duplicate definitions of EX() and similar TRY/CATCH and SRC/DST macros from assembly sources and put single definition into asm/asmmacro.h Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Remove duplicate definitions of EX() and similar TRY/CATCH and SRC/DST
macros from assembly sources and put single definition into asm/asmmacro.h

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: use call instead of callx in assembly code 2017-12-10T22:48:52+00:00 Max Filippov jcmvbkbc@gmail.com 2017-12-10T02:44:11+00:00 2da03d4114b2587f0e8e45f4862074e34daee64e Now that xtensa assembly sources are compiled with -mlongcalls let the assembler and linker relax call instructions into l32r + callx where needed. This change makes the code cleaner and potentially a bit faster. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Now that xtensa assembly sources are compiled with -mlongcalls let the
assembler and linker relax call instructions into l32r + callx where
needed. This change makes the code cleaner and potentially a bit faster.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: build kernel with text-section-literals 2017-12-10T22:48:51+00:00 Max Filippov jcmvbkbc@gmail.com 2017-12-04T04:55:35+00:00 f8f02ca73cd8d1e2ac61ea1e5f0574a8c1f472fa vmlinux.lds.S doesn't do anything special with literals, so instead of keeping them separate put them into the corresponding text sections. Drop explicit .literal sections from the vmlinux.lds.S, use standard section macros. Mark literal pool locations in the assembly sources. Unfortunately assembler doesn't put literals into .init sections and external libgcc may still have .literal sections, so sed transformation to the linker script is still needed. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
vmlinux.lds.S doesn't do anything special with literals, so instead of
keeping them separate put them into the corresponding text sections.
Drop explicit .literal sections from the vmlinux.lds.S, use standard
section macros. Mark literal pool locations in the assembly sources.
Unfortunately assembler doesn't put literals into .init sections and
external libgcc may still have .literal sections, so sed transformation
to the linker script is still needed.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: use generic tracehooks 2017-05-01T14:00:10+00:00 Max Filippov jcmvbkbc@gmail.com 2015-03-16T11:40:14+00:00 f984409a00e7d9aa40af64d7c9619e5de3d980bf Use tracehook_report_syscall_{entry,exit} instead of a local copy of it in do_syscall_trace. Allow tracehook to cancel syscall by returning invalid syscall number to the system_call function. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Use tracehook_report_syscall_{entry,exit} instead of a local copy of it
in do_syscall_trace. Allow tracehook to cancel syscall by returning
invalid syscall number to the system_call function.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-12T06:38:39+00:00 Linus Torvalds torvalds@linux-foundation.org 2016-10-12T06:38:39+00:00 4cdf8dbe2d4b3891a9abd9f9ec32acbe58de0cf6 Pull uaccess.h prepwork from Al Viro: "Preparations to tree-wide switch to use of linux/uaccess.h (which, obviously, will allow to start unifying stuff for real). The last step there, ie PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>' sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \ `git grep -l "$PATT"|grep -v ^include/linux/uaccess.h` is not taken here - I would prefer to do it once just before or just after -rc1. However, everything should be ready for it" * 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: remove a stray reference to asm/uaccess.h in docs sparc64: separate extable_64.h, switch elf_64.h to it score: separate extable.h, switch module.h to it mips: separate extable.h, switch module.h to it x86: separate extable.h, switch sections.h to it remove stray include of asm/uaccess.h from cacheflush.h mn10300: remove a bogus processor.h->uaccess.h include xtensa: split uaccess.h into C and asm sides bonding: quit messing with IOCTL kill __kernel_ds_p off mn10300: finish verify_area() off frv: move HAVE_ARCH_UNMAPPED_AREA to pgtable.h exceptions: detritus removal 
Pull uaccess.h prepwork from Al Viro:
 "Preparations to tree-wide switch to use of linux/uaccess.h (which,
  obviously, will allow to start unifying stuff for real). The last step
  there, ie

    PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
    sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
            `git grep -l "$PATT"|grep -v ^include/linux/uaccess.h`

  is not taken here - I would prefer to do it once just before or just
  after -rc1.  However, everything should be ready for it"

* 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  remove a stray reference to asm/uaccess.h in docs
  sparc64: separate extable_64.h, switch elf_64.h to it
  score: separate extable.h, switch module.h to it
  mips: separate extable.h, switch module.h to it
  x86: separate extable.h, switch sections.h to it
  remove stray include of asm/uaccess.h from cacheflush.h
  mn10300: remove a bogus processor.h->uaccess.h include
  xtensa: split uaccess.h into C and asm sides
  bonding: quit messing with IOCTL
  kill __kernel_ds_p off
  mn10300: finish verify_area() off
  frv: move HAVE_ARCH_UNMAPPED_AREA to pgtable.h
  exceptions: detritus removal
xtensa: split uaccess.h into C and asm sides 2016-09-28T01:15:21+00:00 Al Viro viro@zeniv.linux.org.uk 2016-09-04T18:26:36+00:00 76580237d13fbfcd55acbc8fdd6726be7080a275 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
xtensa: cleanup MMU setup and kernel layout macros 2016-07-24T03:33:58+00:00 Max Filippov jcmvbkbc@gmail.com 2016-04-13T02:20:02+00:00 a9f2fc628e3a26a829fd79aff74eb49839d1e74b Make kernel load address explicit, independent of the selected MMU configuration and configurable from Kconfig. Do not restrict it to the first 512MB of the physical address space. Cleanup kernel memory layout macros: - rename VECBASE_RESET_VADDR to VECBASE_VADDR, XC_VADDR to VECTOR_VADDR; - drop VIRTUAL_MEMORY_ADDRESS and LOAD_MEMORY_ADDRESS; - introduce PHYS_OFFSET and use it in __va and __pa definitions; - synchronize MMU/noMMU vectors, drop unused NMI vector; - replace hardcoded vectors offset of 0x3000 with Kconfig symbol. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Make kernel load address explicit, independent of the selected MMU
configuration and configurable from Kconfig. Do not restrict it to the
first 512MB of the physical address space.

Cleanup kernel memory layout macros:

- rename VECBASE_RESET_VADDR to VECBASE_VADDR, XC_VADDR to VECTOR_VADDR;
- drop VIRTUAL_MEMORY_ADDRESS and LOAD_MEMORY_ADDRESS;
- introduce PHYS_OFFSET and use it in __va and __pa definitions;
- synchronize MMU/noMMU vectors, drop unused NMI vector;
- replace hardcoded vectors offset of 0x3000 with Kconfig symbol.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
xtensa: support hardware breakpoints/watchpoints 2016-03-11T08:53:32+00:00 Max Filippov jcmvbkbc@gmail.com 2016-01-24T07:32:10+00:00 c91e02bd9702f2c00c6a6dc82dec1b2d5bb9f039 Use perf framework to manage hardware instruction and data breakpoints. Add two new ptrace calls: PTRACE_GETHBPREGS and PTRACE_SETHBPREGS to query and set instruction and data breakpoints. Address bit 0 choose instruction (0) or data (1) break register, bits 31..1 are the register number. Both calls transfer two 32-bit words: address (0) and control (1). Instruction breakpoint contorl word is 0 to clear breakpoint, 1 to set. Data breakpoint control word bit 31 is 'trigger on store', bit 30 is 'trigger on load, bits 29..0 are length. Length 0 is used to clear a breakpoint. To set a breakpoint length must be a power of 2 in the range 1..64 and the address must be length-aligned. Introduce new thread_info flag: TIF_DB_DISABLED. Set it if debug exception is raised by the kernel code accessing watched userspace address and disable corresponding data breakpoint. On exit to userspace check that flag and, if set, restore all data breakpoints. Handle debug exceptions raised with PS.EXCM set. This may happen when window overflow/underflow handler or fast exception handler hits data breakpoint, in which case save and disable all data breakpoints, single-step faulting instruction and restore data breakpoints. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> 
Use perf framework to manage hardware instruction and data breakpoints.
Add two new ptrace calls: PTRACE_GETHBPREGS and PTRACE_SETHBPREGS to
query and set instruction and data breakpoints.
Address bit 0 choose instruction (0) or data (1) break register, bits
31..1 are the register number.
Both calls transfer two 32-bit words: address (0) and control (1).
Instruction breakpoint contorl word is 0 to clear breakpoint, 1 to set.
Data breakpoint control word bit 31 is 'trigger on store', bit 30 is
'trigger on load, bits 29..0 are length. Length 0 is used to clear a
breakpoint. To set a breakpoint length must be a power of 2 in the range
1..64 and the address must be length-aligned.

Introduce new thread_info flag: TIF_DB_DISABLED. Set it if debug
exception is raised by the kernel code accessing watched userspace
address and disable corresponding data breakpoint. On exit to userspace
check that flag and, if set, restore all data breakpoints.

Handle debug exceptions raised with PS.EXCM set. This may happen when
window overflow/underflow handler or fast exception handler hits data
breakpoint, in which case save and disable all data breakpoints,
single-step faulting instruction and restore data breakpoints.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>