| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: Iff1664f694da27ba209bf7c3febf2f3662c8b5cc
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
|
|
This reverts commit c25aae8a02c0e3132df581d1d12be1d6738a08d6.
I think we need to investigate this patch more and more.
Change-Id: Idb69b33334f53ddd414123f6e9ac432840b99857
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
|
|
Setting smack label on file (e.g. 'attr -S -s SMACK64 -V "test" test')
triggered following spew on the kernel with KASan applied:
==================================================================
BUG: AddressSanitizer: out of bounds access in strncpy+0x28/0x60 at addr ffff8800059ad064
=============================================================================
BUG kmalloc-8 (Not tainted): kasan error
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Slab 0xffffea0000166b40 objects=128 used=7 fp=0xffff8800059ad080 flags=0x4000000000000080
INFO: Object 0xffff8800059ad060 @offset=96 fp=0xffff8800059ad080
Bytes b4 ffff8800059ad050: a0 df 9a 05 00 88 ff ff 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
Object ffff8800059ad060: 74 65 73 74 6b 6b 6b a5 testkkk.
Redzone ffff8800059ad068: cc cc cc cc cc cc cc cc ........
Padding ffff8800059ad078: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 0 PID: 528 Comm: attr Tainted: G B 3.18.0-rc1-mm1+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
0000000000000000 ffff8800059ad064 ffffffff81534cf2 ffff880005a5bc40
ffffffff8112fe1a 0000000100800006 0000000f059ad060 ffff880006000f90
0000000000000296 ffffea0000166b40 ffffffff8107ca97 ffff880005891060
Call Trace:
? dump_stack (lib/dump_stack.c:52)
? kasan_report_error (mm/kasan/report.c:102 mm/kasan/report.c:178)
? preempt_count_sub (kernel/sched/core.c:2651)
? __asan_load1 (mm/kasan/kasan.h:50 mm/kasan/kasan.c:248 mm/kasan/kasan.c:358)
? strncpy (lib/string.c:121)
? strncpy (lib/string.c:121)
? smk_parse_smack (security/smack/smack_access.c:457)
? setxattr (fs/xattr.c:343)
? smk_import_entry (security/smack/smack_access.c:514)
? smack_inode_setxattr (security/smack/smack_lsm.c:1093 (discriminator 1))
? security_inode_setxattr (security/security.c:602)
? vfs_setxattr (fs/xattr.c:134)
? setxattr (fs/xattr.c:343)
? setxattr (fs/xattr.c:360)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __percpu_counter_add (arch/x86/include/asm/preempt.h:98 lib/percpu_counter.c:90)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __mnt_want_write (arch/x86/include/asm/preempt.h:98 fs/namespace.c:359)
? path_setxattr (fs/xattr.c:380)
? SyS_lsetxattr (fs/xattr.c:397)
? system_call_fastpath (arch/x86/kernel/entry_64.S:423)
Read of size 1 by task attr:
Memory state around the buggy address:
ffff8800059ace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800059ad000: 00 fc fc fc 00 fc fc fc 05 fc fc fc 04 fc fc fc
^
ffff8800059ad080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
strncpy() copies one byte more than the source string has.
Fix this by passing the correct length to strncpy().
Now we can remove initialization of the last byte in 'smack' string
because kzalloc() already did this for us.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Change-Id: I7bb84eed3c348711312434d98d6cc13cbe8f5d76
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
I'm working on address sanitizer project for kernel. Recently we
started experiments with stack instrumentation, to detect out-of-bounds
read/write bugs on stack.
Just after booting I've hit out-of-bounds read on stack in idr_for_each
(and in __idr_remove_all as well):
struct idr_layer **paa = &pa[0];
while (id >= 0 && id <= max) {
...
while (n < fls(id)) {
n += IDR_BITS;
p = *--paa; <--- here we are reading pa[-1] value.
}
}
Despite the fact that after this dereference we are exiting out of loop
and never use p, such behaviour is undefined and should be avoided.
Fix this by moving pointer derference to the beggining of the loop,
right before we will use it.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Reviewed-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Alexey Preobrazhensky <preobr@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: Id151fc7e874e3cff64da43eb3359f022de7e6cae
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
When there are unconsumed pending events, the events are
destroyed by calling destroy callback, but the events list
are remained, because there is no list_del().
It is possible that the page flip request is handled after
drm_events_release() is called and before drm_fb_release().
In this case a drm_pending_event is remained not freed.
So exynos driver checks again to remove it in its post
close routine. But the file_priv->event_list contains
undeleted ones, this can make oops for accessing invalid
memory.
Signed-off-by: YoungJun Cho <yj44.cho@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Change-Id: I25a471f4f4929150542eb6273c7673b9f44936b6
[back-ported from mainline to fix use after free issue]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
task_cgroup_path_from_hierarchy() was added for the planned new users
and none of the currently planned users wants to know about multiple
hierarchies. This patch drops the multiple hierarchy part and makes
it always return the path in the first non-dummy hierarchy.
As unified hierarchy will always have id 1, this is guaranteed to
return the path for the unified hierarchy if mounted; otherwise, it
will return the path from the hierarchy which happens to occupy the
lowest hierarchy id, which will usually be the first hierarchy mounted
after boot.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Jan Kaluža <jkaluza@redhat.com>
Change-Id: Iaa199f7332f01a03f791def776b5403f6fa459b3
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=913ffdb54366f94eec65c656cae8c6e00e1ab1b0
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
kdbus folks want a sane way to determine the cgroup path that a given
task belongs to on a given hierarchy, which is a reasonble thing to
expect from cgroup core.
Implement task_cgroup_path_from_hierarchy().
v2: Dropped unnecessary NULL check on the return value of
task_cgroup_from_root() as suggested by Li Zefan.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Greg Kroah-Hartman <greg@kroah.com>
Acked-by: Li Zefan <lizefan@huawei.com>
Cc: Kay Sievers <kay@vrfy.org>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <daniel@zonque.org>
Change-Id: Ifd630e09163b8272627c2ef8be1866c5e9dc05f9
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=857a2beb09ab83e9a8185821ae16db7dfbe8b837
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
We want to be able to lookup a hierarchy from its id and cyclic
allocation is a whole lot simpler with idr. Convert to idr and use
idr_alloc_cyclc().
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Change-Id: Ibd20ebe71ddb452178302cf86a22572b18cd82df
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1a574231669f8c3065c83974e9557fcbbd94b8a6
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Now that hierarchy_id alloc / free are protected by the cgroup
mutexes, there's no need for this separate lock. Drop it.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Change-Id: I03fbc8bba08a785c6082a9b5bb1087c53c506c60
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e7b4eb15fc4354d5ada5469e3db4a220ddb3ed
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
We're planning to converting hierarchy_ida to an idr and use it to
look up hierarchy from its id. As we want the mapping to happen
atomically with cgroupfs_root registration, this patch refactors
hierarchy_id init / exit so that ida operations happen inside
cgroup_[root_]mutex.
* s/init_root_id()/cgroup_init_root_id()/ and make it return 0 or
-errno like a normal function.
* Move hierarchy_id initialization from cgroup_root_from_opts() into
cgroup_mount() block where the root is confirmed to be used and
being registered while holding both mutexes.
* Split cgroup_drop_id() into cgroup_exit_root_id() and
cgroup_free_root(), so that ID release can happen before dropping
the mutexes in cgroup_kill_sb(). The latter expects hierarchy_id to
be exited before being invoked.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Change-Id: Ie1433632bcde96c359fd1d488a81cc3255ee92e6
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa3ca07e96185aa1496b405472399a2a2a336a17
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Files created with __shmem_file_stup() appear to have somewhat fake
dentries which make them look like root directories and not get
the label the current process or ("*") star meant for tmpfs files.
Change-Id: If0e2e3ceddeff55d5121e76e85dbea60414b786a
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
Remove the dependence on x86 to run the memfd test. Verfied on 32-bit powerpc.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Change-Id: I4e3a0d311842f5d0327abdb6bb8ce3ba1460f902
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6a144a0d01c6628496e4c0d18fbf3a0362cc67
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
The new header file memfd.h from commit 9183df25fe7b ("shm: add
memfd_create() syscall") should be exported.
Signed-off-by: David Drysdale <drysdale@google.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: Ibcd915aad320ddedcfcca0b7a098e03cc883fd88
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b01d072065b6f36550f486fe77f05b092225ba1b
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Add a missing path argument buf to printf()
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Change-Id: Ie4d1f23fc07a397971ee94c0fdd164fb7145771d
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ed36928373cc3dfb20a4d17042e9a6e05538e41
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
This test currently fails on 32-bit systems since we use u64 type to pass the
flags to fcntl.
This commit changes this to use 'unsigned int' type for flags to fcntl making it
work on 32-bit systems.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Change-Id: I80190741a7cfaf9517cf220a58bcc36177139993
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57e67900d4c7949ad646a5f43a8ca5180170d2a0
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Commit 9183df25fe7b ("shm: add memfd_create() syscall") added a new
system call (memfd_create) but didn't update the asm-generic unistd
header.
This patch adds the new system call to the asm-generic version of
unistd.h so that it can be used by architectures such as arm64.
Cc: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Change-Id: I7fff684716a86ad9f10e19755480c32ce9eeb861
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=503e6636b6f96056210062be703356f4253b6db9
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
arch/arm/ just grew support for the new memfd_create and getrandom
syscalls, so add them to our compat layer too.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a97a42c47608d0bb6f2dfc2e162cc84a27beb43a
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
getrandom isn't wired.
Change-Id: I0bfb09e924d839ede0f998a73a4b9a395359a1b6
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Add the memfd_create syscall to ARM.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e57e41931134e09fc6c03c8d4eb19d516cc6e59b
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Adjusted __NR_syscalls as in commit
eb6452537b280652eee66801ec97cc369e27e5d8.
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Change-Id: I8bcbec0d5fb6241cbb5c13f142552dbfe5307c9e
|
|
If we set SEAL_WRITE on a file, we must make sure there cannot be any
ongoing write-operations on the file. For write() calls, we simply lock
the inode mutex, for mmap() we simply verify there're no writable
mappings. However, there might be pages pinned by AIO, Direct-IO and
similar operations via GUP. We must make sure those do not write to the
memfd file after we set SEAL_WRITE.
As there is no way to notify GUP users to drop pages or to wait for them
to be done, we implement the wait ourself: When setting SEAL_WRITE, we
check all pages for their ref-count. If it's bigger than 1, we know
there's some user of the page. We then mark the page and wait for up to
150ms for those ref-counts to be dropped. If the ref-counts are not
dropped in time, we refuse the seal operation.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I952289df3c4261be68ab4dc590890fe20b0906a4
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05f65b5c70909ef686f865f0a85406d74d75f70f
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Setting SEAL_WRITE is not possible if there're pending GUP users. This
commit adds selftests for memfd+sealing that use FUSE to create pending
page-references. FUSE is very helpful here in that it allows us to delay
direct-IO operations for an arbitrary amount of time. This way, we can
force the kernel to pin pages and then run our normal selftests.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: Ideaf47a24b3522183cbe5ae10c320f7d38e31931
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=87b2d44026e0e315a7401551e95b189ac4b28217
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Some basic tests to verify sealing on memfds works as expected and
guarantees the advertised semantics.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I9a6bfd2205aa868f327fdb04788a1f6bae23eb17
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f5ce5e8d7e2da3c714df8a7fa42edb9f992fc52
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
memfd_create() is similar to mmap(MAP_ANON), but returns a file-descriptor
that you can pass to mmap(). It can support sealing and avoids any
connection to user-visible mount-points. Thus, it's not subject to quotas
on mounted file-systems, but can be used like malloc()'ed memory, but with
a file-descriptor to it.
memfd_create() returns the raw shmem file, so calls like ftruncate() can
be used to modify the underlying inode. Also calls like fstat() will
return proper information and mark the file as regular file. If you want
sealing, you can specify MFD_ALLOW_SEALING. Otherwise, sealing is not
supported (like on all other regular files).
Compared to O_TMPFILE, it does not require a tmpfs mount-point and is not
subject to a filesystem size limit. It is still properly accounted to
memcg limits, though, and to the same overcommit or no-overcommit
accounting as all user memory.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I2ac7e2b47a1d68d4b83680f4527e5ed2aa9a420c
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9183df25fe7b194563db3fec6dc3202a5855839c
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
If two processes share a common memory region, they usually want some
guarantees to allow safe access. This often includes:
- one side cannot overwrite data while the other reads it
- one side cannot shrink the buffer while the other accesses it
- one side cannot grow the buffer beyond previously set boundaries
If there is a trust-relationship between both parties, there is no need
for policy enforcement. However, if there's no trust relationship (eg.,
for general-purpose IPC) sharing memory-regions is highly fragile and
often not possible without local copies. Look at the following two
use-cases:
1) A graphics client wants to share its rendering-buffer with a
graphics-server. The memory-region is allocated by the client for
read/write access and a second FD is passed to the server. While
scanning out from the memory region, the server has no guarantee that
the client doesn't shrink the buffer at any time, requiring rather
cumbersome SIGBUS handling.
2) A process wants to perform an RPC on another process. To avoid huge
bandwidth consumption, zero-copy is preferred. After a message is
assembled in-memory and a FD is passed to the remote side, both sides
want to be sure that neither modifies this shared copy, anymore. The
source may have put sensible data into the message without a separate
copy and the target may want to parse the message inline, to avoid a
local copy.
While SIGBUS handling, POSIX mandatory locking and MAP_DENYWRITE provide
ways to achieve most of this, the first one is unproportionally ugly to
use in libraries and the latter two are broken/racy or even disabled due
to denial of service attacks.
This patch introduces the concept of SEALING. If you seal a file, a
specific set of operations is blocked on that file forever. Unlike locks,
seals can only be set, never removed. Hence, once you verified a specific
set of seals is set, you're guaranteed that no-one can perform the blocked
operations on this file, anymore.
An initial set of SEALS is introduced by this patch:
- SHRINK: If SEAL_SHRINK is set, the file in question cannot be reduced
in size. This affects ftruncate() and open(O_TRUNC).
- GROW: If SEAL_GROW is set, the file in question cannot be increased
in size. This affects ftruncate(), fallocate() and write().
- WRITE: If SEAL_WRITE is set, no write operations (besides resizing)
are possible. This affects fallocate(PUNCH_HOLE), mmap() and
write().
- SEAL: If SEAL_SEAL is set, no further seals can be added to a file.
This basically prevents the F_ADD_SEAL operation on a file and
can be set to prevent others from adding further seals that you
don't want.
The described use-cases can easily use these seals to provide safe use
without any trust-relationship:
1) The graphics server can verify that a passed file-descriptor has
SEAL_SHRINK set. This allows safe scanout, while the client is
allowed to increase buffer size for window-resizing on-the-fly.
Concurrent writes are explicitly allowed.
2) For general-purpose IPC, both processes can verify that SEAL_SHRINK,
SEAL_GROW and SEAL_WRITE are set. This guarantees that neither
process can modify the data while the other side parses it.
Furthermore, it guarantees that even with writable FDs passed to the
peer, it cannot increase the size to hit memory-limits of the source
process (in case the file-storage is accounted to the source).
The new API is an extension to fcntl(), adding two new commands:
F_GET_SEALS: Return a bitset describing the seals on the file. This
can be called on any FD if the underlying file supports
sealing.
F_ADD_SEALS: Change the seals of a given file. This requires WRITE
access to the file and F_SEAL_SEAL may not already be set.
Furthermore, the underlying file must support sealing and
there may not be any existing shared mapping of that file.
Otherwise, EBADF/EPERM is returned.
The given seals are _added_ to the existing set of seals
on the file. You cannot remove seals again.
The fcntl() handler is currently specific to shmem and disabled on all
files. A file needs to explicitly support sealing for this interface to
work. A separate syscall is added in a follow-up, which creates files that
support sealing. There is no intention to support this on other
file-systems. Semantics are unclear for non-volatile files and we lack any
use-case right now. Therefore, the implementation is specific to shmem.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I58642ae2db7fef5d952b22beada3525526dd3a20
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=40e041a2c858b3caefc757e26cb85bfceae5062b
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
This patch (of 6):
The i_mmap_writable field counts existing writable mappings of an
address_space. To allow drivers to prevent new writable mappings, make
this counter signed and prevent new writable mappings if it is negative.
This is modelled after i_writecount and DENYWRITE.
This will be required by the shmem-sealing infrastructure to prevent any
new writable mappings after the WRITE seal has been set. In case there
exists a writable mapping, this operation will fail with EBUSY.
Note that we rely on the fact that iff you already own a writable mapping,
you can increase the counter without using the helpers. This is the same
that we do for i_writecount.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: If33fdcedbcf202ab177c4e21afc7eec261088a8b
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4bb5f5d9395bc112d93a134d8f5b05611eddc9c0
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
correct_wcount and inode in mmap_region() just complicate the code. This
boolean was needed previously, when deny_write_access() was called before
vma_merge(), now we can simply check VM_DENYWRITE and do
allow_write_access() if it is set.
allow_write_access() checks file != NULL, so this is safe even if it was
possible to use VM_DENYWRITE && !file. Just we need to ensure we use the
same file which was deny_write_access()'ed, so the patch also moves "file
= vma->vm_file" down after allow_write_access().
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Colin Cross <ccross@android.com>
Cc: David Rientjes <rientjes@google.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I05df8842b7c4b7e3e29b35d914f297ce37af1685
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e86867720e617774b560dfbc169b7f3d0d490950
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
This is intended for use in loops which read data protected by RCU and may
have a large number of iterations. Such an example is dumping the list of
connections known to IPVS: ip_vs_conn_array() and ip_vs_conn_seq_next().
The benefits are for CONFIG_PREEMPT_RCU=y where we save CPU cycles
by moving rcu_read_lock and rcu_read_unlock out of large loops
but still allowing the current task to be preempted after every
loop iteration for the CONFIG_PREEMPT_RCU=n case.
The call to cond_resched() is not needed when CONFIG_PREEMPT_RCU=y.
Thanks to Paul E. McKenney for explaining this and for the
final version that checks the context with CONFIG_DEBUG_ATOMIC_SLEEP=y
for all possible configurations.
The function can be empty in the CONFIG_PREEMPT_RCU case,
rcu_read_lock and rcu_read_unlock are not needed in this case
because the task can be preempted on indication from scheduler.
Thanks to Peter Zijlstra for catching this and for his help
in trying a solution that changes __might_sleep.
Initial cond_resched_rcu_lock() function suggested by Eric Dumazet.
Tested-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Change-Id: I5f36f86484198f9064725d424c3d91d5fac8e1d4
Origin: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f6f3c437d09e2f62533034e67bfb4385191e992c
Backported-by: Maciej Wereski <m.wereski@partner.samsung.com>
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
|
|
Use chipid[27:20] bits to identify the EXYNOS family while setting
up the serial port during the uncompression setup. This uses four
additional bits of chipid to identify the EXYNOS family since this
is required for identifying EXYNOS5420 SoC.
Change-Id: Ic7cc14e68d16ae3da2a7d2177b40e40b0295d9a8
Signed-off-by: Chander Kashyap <chander.kashyap@linaro.org>
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
This patch adds support secondary core bootup in big.LITTLE processor
for platsmp. Just core id cannot be used for identification, because
there is a pair of the cores which have same core id. Cluster id have
to be included for their identification. This patch makes cpu index
using cluster id and core id for the calculation of their register
address and the identification. But there is a problem to use cluster id
for core index creation. That is, cluster id does not start from 0 in
old processors which do not have more than one cluster. For example,
Exynos4412's cluster id for its 4 core is 0xa. So I makes all cluster id
to 0 when they are bigger than 1. Normally big.LITTLE processor does not
use platsmp. But at this moment, just for the minimal functionality of
big.LITTLE, this patch adds support for it. This patch can be reverted
after another CPU management method is adopted.
Change-Id: Ifa2d62545dd4174998f962c9608fd6d9b6034c16
Signed-off-by: Hyungwon Hwang <human.hwang@samsung.com>
|
|
The compatible string with exynos5 causes to get wrong configuration
data with recently updated hdmi driver. So this patch fixes to bind
hdmi with exynos4 family compatible strings.
Change-Id: I0c6cae24ad49197de47ce3ca047bd62bf190f8a4
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds exynos_firmware_init function for early init.
Change-Id: Ibe8136ea9a08b422945acc7d3a36b3cfc0838602
Signed-off-by: Hyungwon Hwang <human.hwang@samsung.com>
|
|
The exynos5 SoCs using A15+A7 can boot to A15 or A7. If it boots using
A7, it can't detect right UART physical address only the part number of
CP15. It's possible to solve as checking Cluster ID additionally.
Change-Id: I1a227bf1186a988f7a8429ee3b5251528d0ee32a
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
|
|
Now, pinctrl is being used to control gpio of Exynos5420. So this
patch is needed not to try to use gpio driver for Exynos5420, and fail
making meaningless error log in boot process.
Change-Id: I41b2575229e6c3f571800f07e775b5a6a11e456a
Signed-off-by: Hyungwon Hwang <human.hwang@samsung.com>
|
|
Exynos5800 is an octa core SoC which is based on the 5420
platform. This patch adds the basic support for it in the
mach-exynos.
Signed-off-by: Arun Kumar K <arun.kk@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
EXYNOS5420 is new SoC in Samsung's Exynos5 SoC series. Add
initial support for this new SoC.
Signed-off-by: Chander Kashyap <chander.kashyap@linaro.org>
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Adds the mfc node to exynos5800 which uses MFCv8.
Signed-off-by: Arun Kumar K <arun.kk@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Most of the nodes of exynos5420 remains same for exynos5800.
So the exynos5420.dtsi is included in exynos5800 and the changed
node properties will be overriden.
Signed-off-by: Arun Kumar K <arun.kk@samsung.com>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Acked-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Adds the PWM nodes to 5420 pinctrl dtsi file.
Signed-off-by: Arun Kumar K <arun.kk@samsung.com>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Fixed samaung -> samsung in property name.
Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Add pin state information for DP HPD support that requires pin configuration
support using pinctrl interface.
Signed-off-by: Vikas Sajjan <vikas.sajjan@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Add the required pin configuration support to EXYNOS5420
using pinctrl interface.
Signed-off-by: Leela Krishna Amudala <l.krishna@samsung.com>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Acked-by: Tomasz Figa <t.figa@samsung.com>
Tested-by : Sunil Joshi <joshi@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
This was caused by commit 5a8da524049c ("ARM: dts: exynos5420: add dsi
node"), which conflicted with d51cad7df871 ("ARM: dts: remove display
power domain for exynos5420").
The DTS addition should never have been merged through the DRM tree in
the first place, and it lacked an ack from the platform maintainer
(who would have known that the disp_pd reference got removed).
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Olof Johansson <olof@lixom.net>
|
|
This patch adds common part of dsi node.
Signed-off-by: YoungJun Cho <yj44.cho@samsung.com>
Acked-by: Inki Dae <inki.dae@samsung.com>
Acked-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
This patch adds mipi-phy node for MIPI DSI device.
Signed-off-by: YoungJun Cho <yj44.cho@samsung.com>
Acked-by: Inki Dae <inki.dae@samsung.com>
Acked-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
This patch extends nodes of PMU system controller on Exynos4210, 4x12,
5250 and 5420 SoCs with newly defined properties used by Exynos CLKOUT
driver.
Signed-off-by: Tomasz Figa <t.figa@samsung.com>
|
|
Display domain is removed due to instability issues. Explaining
the problem below:
exynos_init_late triggers the pm_genpd_poweroff_unused which powers
off the unused power domains. This call hits before the trigger to
deferred probes.
DRM DP Panel defers the probe due to supply get failure. By the time,
deferred probe is scheduled again, Display Power Domain is powered
off by pm_genpd_poweroff_unused.
FIMD and DP drivers are accessing registers during Probe and Bind
callbacks. If display domain is enabled/disabled around register
accesses, display domain gets unstable and we are getting Power Domain
Disable fail notification. Increasing the Timeout also didn't help.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Adding the optional clock property for the mfc_pd for
handling the re-parenting while pd on/off.
Signed-off-by: Arun Kumar K <arun.kk@samsung.com>
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Reviewed-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Currently CLK_FOUT_EPLL was set as one of the parents of AUDSS mux.
As per the user manual, it should be CLK_MAU_EPLL.
The problem surfaced when the bootloader in Peach-pit board set
the EPLL clock as the parent of AUDSS mux. While booting the kernel,
we used to get a system hang during late boot if CLK_MAU_EPLL was
disabled.
Signed-off-by: Tushar Behera <tushar.b@samsung.com>
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Reported-by: Kevin Hilman <khilman@linaro.org>
Tested-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Tested-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Add PMU syscon handle to HDMI dt node for controlling
PHY Enable/Disable bit.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
sss module device node missed clock macro.
This patch replace magic number with macro in clock
binding for exynos5420.
Signed-off-by: Beomho Seo <beomho.seo@samsung.com>
Reviewed-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
Add required device node for ehci and ohci controllers to
enable USB 2.0 support.
Signed-off-by: Vivek Gautam <gautam.vivek@samsung.com>
Signed-off-by: Vikas Sajjan <vikas.sajjan@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
